KADO NETWORKS INC.

PRIVACY POLICY

Effective Date: Apr 1, 2025

This Privacy Notice explains how Kado Networks, Inc. (“Kado”, “we”, “us” or “our”) collects, uses, discloses, and otherwise processes Personal Information (as defined below) in connection with our website (the “Site”) and the related content, platform, services, mobile and web applications, product demonstrations, and other functionality offered on or through the online services (collectively, the “Services”). It does not address our privacy practices relating to Kado job applicants, employees and other personnel.

What is Personal Information?

When we use the term “Personal Information” in this Privacy Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.

Our Collection of Personal Information

Sometimes we collect Personal Information automatically when an individual interacts with our Services and sometimes we collect Personal Information directly from an individual. At times, we may collect Personal Information about an individual from other sources and third parties, even before our first direct interaction.

Personal Information Collected from Individuals Directly

We collect the following Personal Information submitted to us by visitors to our Site, by individuals through our product demonstrations and by account holders:

• Contact Information, including name, email address, country/region, phone number and communication preferences.

• Demographic Information, including age.

• Account Information, including name, company name, employer, job title, job promotion status, email address, phone number, business address, website, username and password, profile information, profile image, address book information, team information, department information, payment and purchase history information, and any other information you provide to us, such as your interests and education history. Please note we utilize a third-party provider to process payments on our behalf and do not accept payment directly through our Services.

• Interaction Notes Information, including subject matter of the interaction, date of the interaction, location of the interaction, quotes, call details, meeting notes, and other information you provide in the notes of an interaction.

• Inquiry Information, including information provided in custom messages sent through the forms or contact information provided on our Site.

• Demonstration and Networking Information, including contact information, job title, company name, number of employees at your company, and video conferencing details.

• Survey Information, including information provided in any questions submitted through surveys, or content of any testimonials.

• Subscription Information, including your subscriber ID, account contact information and transaction-related information.

Personal Information Automatically Collected

As is true of most digital platforms, we and our third-party providers may also collect Personal Information from an individual’s device, browsing actions and site usage patterns automatically when visiting or interacting with our Services, which may include log data (such as internet protocol (IP) address, operating system, browser type, browser id, the URL entered and the referring page/campaign, date/time of visit, the time spent on our Services and any errors that may occur during the visit to our Services), analytics data (such as the electronic path taken to our Services, through our Services and when exiting our Services, as well as usage and activity on our Services) and location data (such as general geographic location based on the log data we or our third-party providers collect).  

We and our third-party providers may use (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”) to automatically collect this Personal Information. For example, our Services uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”), and the Meta Pixel, a web tracking technology provided by Meta Platforms, Inc. ("Meta" or "Facebook"), to collect and view reports about the traffic and interactions on our Services. These tools help us understand user behavior and optimize our marketing efforts, including retargeting users with relevant advertisements on Facebook, Instagram, and other sites within the Meta network. More information about the use of Google Analytics for these analytical and advertising purposes can be obtained by visiting Google’s privacy policy here and Google’s currently available opt-out options are available here. Users may also control how Facebook collects and uses information for advertising purposes by visiting Facebook Ad Preferences or through the Digital Advertising Alliance's consumer choice tools.

To manage cookies, an individual may change their browser settings to: (i) notify them when they receive a cookie, so the individual can choose whether or not to accept it; (ii) disable existing cookies; or (iii) automatically reject cookies.  Please note that doing so may negatively impact an individual’s experience using our Services, as some features and offerings may not work properly or at all.  Depending on an individual’s device and operating system, the individual may not be able to delete or block all cookies. In addition, if an individual wants to reject cookies across all browsers and devices, the individual will need to do so on each browser on each device they actively use. An individual may also set their email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether they have accessed our email and performed certain functions with it. Users may also control how Facebook collects and uses information for advertising purposes by visiting the Facebook Ad Preferences page or through the Digital Advertising Alliance's consumer choice tools.

Personal Information from Third Parties

We also obtain Personal Information from third parties; which we often combine with Personal Information we collect either automatically or directly from an individual.

We may receive the same categories of Personal Information as described above from the following third parties:

• Your Employer / Company: If your employer or company (including representatives of your employer and/or company and administrator account holders) engages in our Services, we may receive your information from them. If another user has been provided access to your account through the delegate or assistant mode, we may receive your information from them. We also may receive your information from your company team members and department colleagues.
• Other Users of our Services: If you share your information with a user of our Services, such as through a QR code, Kado-generated link or physical business card, we may receive your information from them. We also may receive your information from a user of our Services who manually enters your information into the Services, including any information entered or shared in interaction notes, or who connects their address book.
• Third Party Platforms: When an individual connects a third-party platform account to our Services, we may receive some information about individuals that they permit the third-party platform to share with third parties. For example, if you or the administrator account holder connects your Google, Outlook or Salesforce account to our Services, we may receive your information such as contact information, employment information, meeting data, your address book and calendar data.
• Social Media: When an individual interacts with our Services through various social media networks, such as when someone “Likes” us on Facebook or follows us or shares our content on Google, Facebook, Twitter, or other social networks, we may receive some information about individuals that they permit the social network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social network. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services.
• Service Providers: Our service providers that perform services solely on our behalf, such as survey and marketing providers, collect Personal Information and often share some or all of this information with us.
• Information Providers: We may from time to time obtain information from third-party information providers to correct or supplement Personal Information we collect. For example, we may obtain updated contact information from third-party information providers to reconnect with an individual.
• Publicly Available Sources: We collect Personal Information about individuals that we do not otherwise have, such as contact information, news source information, employment-related information, and interest-in-services information, from publicly available sources. We may combine this information with the information we collect from an individual directly. We use this information to contact individuals, to update users about their contacts in the news, to send advertising or promotional materials or to personalize our Services and to better understand the demographics of the individuals with whom we interact.

Data Storage and Security

We prioritize the security and safe storage of your personal information. Our robust measures include physical, administrative, and technical safeguards to prevent unauthorized access, theft, loss, or misuse of your data. Your information is securely stored on restricted-access servers and transmitted with encryption for enhanced protection. Our security practices undergo regular review to align with the latest standards. It's important to note that while we make every effort to safeguard your data, no method of transmission or storage over the internet can guarantee absolute security. For more information around our Security Information page.

KADO securely stores your data in Amazon Web Services (Ohio-East) and we make sure to apply all security standards and available tools to keep your data secure.

• Data transport: All data is encrypted on transit with encryption keys managed via Amazon KMS, no data is transferred using insecure protocols.
• Data storage: Database instances are encrypted at rest and in transit as well, so data is always secure. All our backups and static data is encrypted, and databases are segregated and not accessible from the outside of the kubernetes cluster. Kubernetes cluster doesn’t offer SSH access or similar so the only way to interact with the data is via hitting the rest endpoints offered. Machines are also behind an Amazon ALB so they are not directly exposed as well and another layer of access security gets added.
• Data retention: Once data is released by a customer, data becomes immediately unavailable upon deletion, and completely wiped out after the 7 day grace period that we allow for “undoing the deletion” in case it’s decided to actually continue using our service. You may request copies of your data at any point in time and request full data deletion at any point in time.
• Other Data Protection: We have put in place state-of-the-art measures to ensure the confidentiality and integrity of the data (including backups, archives, possible replicas). We encrypt personal data and data classified as confidential. Personal data is anonymized in development, integration, testing, acceptance, and pre-production cloud environments. Additionally, we have daily backups of all our databases that get encrypted and stored securely on a different zone than the database one so both can’t suffer a failure at the same time.

Our Use of Personal Information

We use Personal Information we collect to:

• Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to deliver the Services you have requested and to process transactions;
• Manage our organization and its day-to-day operations (i.e.: onboarding clients, business development, managing existing customer base, customer service, sending product updates)
• Communicate with individuals, including via email, text message, social media and/or telephone calls for purposes such as the ones stated in the prior point;
• Request individuals to complete surveys about our organization, organizations we partner with, and Services;
• Facilitate and provide our Services and product demonstrations (i.e.: providing digital business cards to the users and companies that use or pay for our services, managing our Customers’ contact management services, delivering appropriate customer service…)
• Market our Services to individuals, including through email, direct mail, phone or text message, especially when delivering new product updates we believe users should be aware of;
• Administer, improve and personalize our Services, including by recognizing an individual and remembering their information when they return to our Services (for example, we require to know when individuals have completed our onboarding tutorial);
• Process payment for our Services;
• Facilitate client benefits and services, including customer support through our command center services;
• Identify and analyze how individuals use our Site and Services;
• Conduct research and analytics on our client base and our Services;  
• Improve and customize our Services to address the needs and interests of our client base and other individuals we interact with;
• Test, enhance, update and monitor the Services, or diagnose or fix technology problems;
• Help maintain the safety, security and integrity of our property and Services, technology assets and business;
• Defend, protect or enforce our rights or applicable contracts and agreements;
• Prevent, investigate or provide notice of fraud or unlawful or criminal activity; and
• Comply with legal obligations.

Where an individual chooses to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide additional privacy disclosures where the scope of the inquiry/request and/or Personal Information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy disclosures will govern how we may process the information provided at that time.

Legal Basis for Processing Personal Information (EEA and UK visitors only)

If you are a website visitor located in the European Economic Area ("EEA") or United Kingdom ("UK"), KADO’s Data Controller and Protection Officer can be contacted by emailing dpo@kadonetworks.com.

As a company, we are dedicated to safeguarding the personal data of our customers and employees. In accordance with this commitment, we comply with the principles of the General Data Protection Regulation (GDPR) when collecting, utilizing, and handling personal data. This includes adherence to principles of legality, fairness, and transparency; limiting data collection to specific purposes; minimizing the amount of data collected; ensuring accuracy; limiting data storage; maintaining integrity and confidentiality; and being accountable for data protection.

Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

Our Disclosure of Personal Information

We disclose Personal Information in the following ways:

• Affiliates. We may share Personal Information with other companies owned or controlled by Kado, and other companies owned by or under common ownership as Kado, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns, particularly when we collaborate in providing the Services.
• Your Employer / Company: If your employer or company (including representatives of your employer and/or company and administrator account holders) engages in our Services, we may disclose your information to them. If an individual has been provided access to your account through the assistant mode, we may disclose your information to them. We also may disclose your information to your company team members and department colleagues.
• Other Users of our Services: If you share your information with a user of our Services, such as through a QR code, Kado-generated link or physical business card, we may disclose your information to them. We also may disclose your information to a user of our Services who is provided your information from other users of the Services, such as any information entered or shared in interaction notes.
• Survey Providers: We share Personal Information with third parties who assist us in delivering our survey offerings and processing the responses.
• Marketing Providers: We coordinate and share Personal Information with our marketing providers in order to communicate with individuals about the Services we make available.
• Customer Service and Communication Providers: We share Personal Information with third parties who assist us in providing our customer services and facilitating our communications with individuals that submit inquiries.
• Other Service Providers: In addition to the third parties identified above, we engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, analytics services, administrative services.
• Other Business As Needed To Provide Services: We may share Personal Information with third parties that an individual engages with through our Services or as needed to fulfill a request or transaction including, for example, payment processing services.
• Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose Personal Information to a third party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal Information may also be disclosed in the event of insolvency, bankruptcy or receivership.  
• Legal Obligations and Rights: We may disclose Personal Information to third parties, such as legal advisors and law enforcement:

• in connection with the establishment, exercise, or defense of legal claims;
• to comply with laws or to respond to lawful requests and legal process;
• to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
• to detect, suppress, or prevent fraud;
• to protect the health and safety of us and others; or
• as otherwise required by applicable law.

• Otherwise With Consent or Direction: We may disclose Personal Information about an individual to certain other third parties or publicly with their consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our Site or service-related publications.

If you are a resident of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not currently sell covered information, please contact us at privacy-us@kadonetworks.com to submit such a request.

How We Transfer Data We Collect Internationally

International Transfers Within the KADO group

To facilitate our global operations, we may transfer information to other KADO Affiliates where we have operations for the purposes described in this policy, in particular KADO Networks SP, SLU (Spain). 

This Privacy Policy will apply even if we transfer Personal Data to other countries. We have taken appropriate safeguards to require that your Personal Data will remain protected wherever it is transferred. When we share Personal Data of individuals in the European Economic Area ("EEA"), Switzerland or the United Kingdom ("UK") within and among KADO’s Affiliates, we make use of the Standard Contractual Clauses (which have been approved by the European Commission) and the UK Addendum (as defined within our Data Processing Agreement) as well as additional safeguards where appropriate.

International Transfers to Third Parties

Some of the third parties described in this Privacy Policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share Personal Data of individuals in the EEA, Switzerland or UK with third parties, we make use of a variety of legal mechanisms to safeguard the transfer including the European Commission-approved standard contractual clauses, as well as additional safeguards where appropriate. For transfers to or from the United Kingdom, we make use of the UK Addendum.

Children’s Personal Information

The Children's Online Privacy Protection Act ("COPPA") protects the online privacy of children under 13 years of age. We do not knowingly collect or maintain Personally-Identifying Information from anyone under the age of 13, unless or except as permitted by law. Any person who provides Personally-Identifying Information through the Website represents to us that he or she is 13 years of age or older. If we learn that Personally-Identifying Information has been collected from a user under 13 years of age on or through the Website, then we will take the appropriate steps to cause this information to be deleted.

If you are the parent or legal guardian of a child under 13 who has become a member of the Website or has otherwise transferred Personally-Identifying Information to the Website, please contact the Company using our contact information below to have that child's account terminated and information deleted.

How to Access and Control your Personal Information

Reviewing, Correcting and Removing your Personal information

You have the following data protection rights:

• You can request access, correction, updates or deletion of your Personal Information.
• You can object to our processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data.
• If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your Personal Data. Contact details for data protection authorities in the EEA are available here).

To exercise any of these rights, please email privacy@kadonetworks.com

We will respond to your request to change, correct, or delete your data within a reasonable timeframe and notify you of the action we have taken.

If you are a customer, prospect, or otherwise interact with a KADO customer that uses our Subscription Service and would like to access, correct, amend or delete your data controlled by the customer, please contact the relevant customer directly. KADO acts as a processor for our customers and will work with our customers to fulfill these requests when applicable.

California Privacy Rights

Applicability

fs This section applies only to California consumers. For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act (“CCPA”). It describes how we collect, use, and share California consumers' Personal Information in our role as a business, and the rights applicable to such residents. The California Consumer Privacy Act ("CCPA") requires businesses to disclose whether they sell Personal Information. KADO is a business and does not sell Personal Information. We may share Personal Information with third parties if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Information. 

If you are unable to access this Privacy Policy due to a disability or any physical or mental impairment, please contact us and we will arrange to supply you with the information you need in an alternative format that you can access.

How we Collect, Use and Share Personal Information

We have collected the following statutory categories of Personal Information in the past twelve (12) months:

• Identifiers and contact information, such as name, e-mail address, mailing address, phone number, age and communication preferences. We collect this information directly from you or from third party sources. 
• Account information, such as subscription records. We collect this information directly from you. This includes name, company name, employer, job title, job promotion status, email address, phone number, business address, website, username and password, profile information, profile image, address book information, team information, department information, payment and purchase history information, and any other information you provide to us, such as your interests and education history. Please note we utilize a third-party provider to process payments on our behalf and do not accept payment directly through our Services.
• Interaction Notes Information, including subject matter of the interaction, date of the interaction, location of the interaction, quotes, call details, meeting notes, and other information you provide in the notes of an interaction.
• Inquiry Information, including information provided in custom messages sent through the forms or contact information provided on our Site.
• Demonstration and Networking Information, including contact information, job title, company name, number of employees at your company, and video conferencing details.
• Internet or network information, such as browsing and search history. We collect this information directly from your device. 
• Geolocation data, such as IP address. We collect this information from your device.
• Other Personal Information, in instances when you interact with us online, by phone or mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests; or in providing the Subscription Service. 

The business and commercial purposes for which we collect this information are described in the Section called “Our Use of Personal Information” of this Privacy Policy. The categories of third parties to whom we "disclose" this information for a business purpose are described in Section “Our Disclosure of Personal Information” of this Privacy Policy. 

Your California Rights

You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.

The right of access means that you have the right to request that we disclose what Personal Information we have collected, used and disclosed about you in the past 12 months. 

The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions. 

The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights. 

KADO does not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).

How to Exercise your California Rights

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information. 

Please use the contact details below, if you would like to: 

• - Access this policy in an alternative format;
• - Exercise your rights;
• - Learn more about your rights or our privacy practices; or
• - Designate an authorized agent to make a request on your behalf

Links to Third-Party Websites or Services

Our Site and Services may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any Personal Information practices of third-party websites and online services or the practices of other third parties. To learn about the Personal Information practices of third parties, please visit their respective privacy notices.

Updates to This Privacy Notice

We will update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on this Site or our Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

Contact Us

If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to privacy@kadonetworks.com or to dpo@kadonetworks.com.

Alternatively, inquiries may be addressed to:

Kado Networks, Inc.

115 Broadway

New York, NY 10006

United States

Article 27 Representatives

1. EU Representative: Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.  

Adam Brogden

contact@gdprlocal.com  

Tel +35315549700  

INSTANT EU GDPR REPRESENTATIVE LTD  Office 2,  

12A Lower Main Street, Lucan Co. Dublin  

K78 X5P8  

Ireland  

2. UK representative: Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:

GDPR Local Ltd.

Adam Brogden

contact@gdprlocal.com

Tel +44 1772 217800

1st Floor Front Suite 27-29 North Street, Brighton

England

BN1 1EB

Appendix D - GDPR Breach Procedures for Personally

Identifiable Information (PII) of EU Residents

Notification to Data Subjects

In the event that a personal data breach is likely to result in a high risk to the rights and

freedoms of natural persons, Kado Networks Inc., as Data Controller, shall communicate the

personal data breach to the data subject without undue delay.

The communication to the data subject shall describe in clear and plain language the nature of

the personal data breach and contain at least the following information:

(a) communicate the name and contact details of the data protection officer or other contact

point where more information can be obtained;

(b) describe the likely consequences of the personal data breach;

(c) describe the measures taken or proposed to be taken by Kado Networks Inc. to address the

personal data breach, including, where appropriate, measures to mitigate its possible adverse

effects.

Notification to Supervisory Authorities

In the case of a personal data breach, the Kado Networks Inc., as Data Controller, shall without

undue delay and, where feasible, not later than 72 hours after having become aware of it, notify

the personal data breach to the Supervisory Authority, unless the personal data breach is

unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification

to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for

the delay.

Notification to Data Controllers (i.e. Customers)

Kado Networks Inc. as a Data Processor shall notify the customer, as Data Controller, without

undue delay after becoming aware of a personal data breach. The notification shall:

(a) describe the nature of the personal data breach including where possible, the categories and

approximate number of data subjects concerned and the categories and approximate number of

personal data records concerned;

(b) communicate the name and contact details of the data protection officer or other contact

point where more information can be obtained;

(c) describe the likely consequences of the personal data breach;

(d) describe the measures taken or proposed to be taken by the controller to address the

personal data breach, including, where appropriate, measures to mitigate its possible adverse

effects.

Where, and in so far as, it is not possible to provide the information at the same time, the

information may be provided in phases without undue further delay.

Kado Networks Inc. shall document any personal data breaches, comprising the facts relating to

the personal data breach, its effects and the remedial action taken.

Exceptions to the Breach Reporting Requirements

Communication to the data subject shall not be required if any of the following conditions are

met:

(a) technical controls, such as encryption, render the personal data unintelligible to any person

who is not authorised to access it

(b) the breach will not result in a high risk to the rights and freedoms of data subjects

(c) it would involve disproportionate effort. In such a case, there shall instead be a public

communication or similar measure whereby the data subjects are informed in an equally

effective manner representative: Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:

GDPR Local Ltd.

Adam Brogden