Hydra Host, Inc. (“Hydra”) is committed to processing your personal information in a fair and lawful manner. We have developed this Privacy Statement to inform you about how we handle personal information and about our privacy practices including for our website and any other Hydra websites that direct you to this Privacy Statement (the “Covered Sites”) and our other Hydra products and services (the “Covered Products and Services”).

A. WHAT INFORMATION WE GATHER AND FROM WHOM

We may collect, use, store and transfer different kinds of personal information about you. We collect personal information directly from you and indirectly about you as described below. We may collect the following types of personal information from or about you, which we have grouped into categories as follows:

• Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.

• Contact Data includes email addresses.

• Financial Data includes bank account and payment card details.

• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

• Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.

• Profile Data includes your username and password.

• Usage Data includes information about how you use the Covered Sites, and/or our products and services.

• Marketing and Communications Data includes your communication preferences in receiving marketing from us and third parties.

• Sensitive Personal Information. Occasionally we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. We may collect the categories of personal information described above either directly or indirectly from different sources, including the following:

• Our business partners.

• Our customers.

• You, when you interact with us through the Covered Sites or in connection with Covered Products and Services.

• Internet cookies, analytics programs, pixels, web beacons, and other technologies that help our Covered Sites operate effectively and efficiently.

Please note that our Covered Sites may contain links to other unaffiliated third-party websites. Hydra is not responsible for the privacy practices, privacy statements, or content contained in or regarding these other unaffiliated third-party websites that do not include this Privacy Statement. You should consult the privacy statements associated with these unaffiliated third-party websites should you decide to visit them.

B. HOW WE USE PERSONAL INFORMATION

We will only use your personal information in a manner that is consistent with applicable laws. Most commonly, we will use the categories of personal information identified above for the following business purposes:

• For the provision of our Covered Products and Services or the operation of our business or a third party’s business. Personal information may be made available to Hydra businesses around the world for the provision of our Covered Products and Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.

• Where we need to perform a contract that we have entered into with you, or in order to take steps at your request prior to entering into a contract.

• To protect the security and integrity of our business, our Covered Products and services, or Covered Sites.

• Where we need to protect your interests (or someone else's interests).

• Where it is needed in the public interest or for official purposes.

• In connection with the sale, merger, acquisition, or other reorganization of our business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Hydra's practice to seek appropriate protection for information in these types of transactions.

• For compliance with legal obligations and protection of Hydra and others. Specifically, we may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, and as we otherwise believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce or apply our contractual rights; and (iv) to otherwise protect our rights, privacy, safety, or property, or those of other persons.

California residents, please review Section III for additional disclosures about how we may use your personal information.

We will only use your personal information for the purposes for which we collected it, including where we reasonably consider that we need to use it for a reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you as required by law.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

C. WHEN, WHY, AND WITH WHOM WE SHARE PERSONAL INFORMATION

We may disclose the following categories of personal information to entities other than Hydra for any the business purposes set out in above. When we disclose personal information, we do so in accordance with our data privacy and security requirements.

• Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.

• Contact Data includes billing address, delivery address, email address, and telephone numbers.

• Financial Data includes bank account and payment card details.

• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us or our business partners.

• Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.

• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Hydra representative at an event.

• Usage Data includes information about how you use the Covered Sites, and/or our products and services.

• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

• Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed hometown and current city, profile photos, personal description, and “likes.”

• Sensitive Personal Information. Occasionally we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person's sex life or sexual orientation. For example, we may collect certain information made available through Social Media Applications. This information may contain sensitive personal information if you have made that information available on your Social Media profile. In addition, the information that you submit in blog forums (or otherwise) on our Covered Sites or when interacting with our Covered Products and Services may include sensitive personal information.

Below are the categories of entities to whom we may disclose personal information and why.

• Business partners. We may provide your personal information to a Hydra business partner. Please be assured that these Hydra business partners have agreed to ensure the privacy and security of any transferred information and may only use the shared information to send you information about products or services about which you asked, or for sending updates or providing services on our behalf.

• Service providers. We partner with, and are supported by, service providers around the world. Personal information will be made available to these parties only when necessary to fulfill the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; order fulfillment and delivery; and services to assist us in managing and responding to consumer privacy and other requests. Our service providers are not permitted to share or use personal information we make available to them for any purpose other than to provide services to us.

• Third parties for legal reasons. We will share personal information where we believe it is required: (i) in order to comply with our legal and contractual obligations; (ii) to protect Hydra and others; and (iii) in the context of a business transition, such as a merger or acquisition.

• Government entities. We will share personal information for information sharing and other security purposes.

We currently do not sell personal information to third parties. During the preceding 12 months Hydra offered an Internet Profile Service, which gathered and sold information from public websites to provide customers intelligence about .com and .net domain names. We no longer offer this service.

California residents, please review Section 3 for additional disclosures about how we may disclose your personal information.

D. USE OF COOKIES, OTHER TRACKING TECHNOLOGIES AND GATHERING OF STATISTICAL DATA

In addition to the personal information identified above, we use "cookies" and other statistical and tracking technologies as described in this Section in connection with the operation of our Covered Sites. A cookie is a piece of information that our Covered Sites send to your browser, which then stores the cookie information on your system. Other statistical and tracking technologies, such as web beacons, clear gifs, HTTP headers, also work in ways that collect information about your visit and use of our Covered Sites. We may use both temporary and persistent cookies based on the cookie’s purpose. Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor to our Covered Sites.

We use these technologies in four ways:

• To provide a product or service: When you enable their use, a cookie may be used to provide you with a specific product or service. For instance, if you request our Covered Sites to remember your login password or remember your profile in a response to a blog post, we deposit a cookie on your computer to facilitate that request. If you are logging into an access-controlled section of our Covered Sites, we set a temporary session cookie to establish that you have been authenticated. The information contained in these cookies consists of random data that is used by our server to authenticate the browser requests to the server for that particular session. These cookies do not include any type of personal information. This bit of information is erased when you close your current browser window. If you choose not to accept a temporary cookie, you will not be able to navigate in these online applications. We also use a cookie when you visit our Covered Sites and request documentation or a response from us. When you are filling out a form, you may be given the option of having our Covered Sites deliver a cookie to your local hard drive. You might choose to receive this type of cookie in order to save time in filling out forms and/or revisiting our Covered Sites. We only send this type of cookie to your browser when you have enabled cookies and clicked on the box labeled "Please remember my information" or another box with an equivalent content when submitting information or communicating with us.

• To facilitate website use: If you enable functional cookies, our Covered Sites will be able to remember information about your preferences and movement either until you exit your current browser window (if the cookie is temporary) or until you disable or delete the cookie. For instance, we may deposit a cookie to remember which of Hydra’s regional Covered Sites you have selected to access or to save your password if you create an account. Many users prefer to use cookies in order to help them navigate a website as seamlessly as possible. If you are accessing our services through one of our online applications, our web server may automatically send your browser a temporary cookie, which is used to help your browser navigate our Covered Sites. The information contained in these temporary cookies is a direction value that lets our software determine which page to display when you hit the back button in your browser. This bit of information is erased when you close your current browser window.

• Analytic cookies also allow us to track traffic patterns on our Covered Sites. Analysis of the collected information by our tracking technologies allows us to improve our Covered Sites and the user experience. If you choose not to accept a persistent cookie, you will still be able to use our Covered Sites. Even if you choose to receive this type of cookie, you can always set your browser to notify you when you receive any cookie, giving you the chance to decide whether to accept it in each situation in which one is sent. We may supplement this unidentified user data with other data to better understand our users. For instance, we may relate a user’s IP address to the company to which it relates to better understand our visitors’ interests.

Do Not Track

We do not respond to Do Not Track signals.

E. OUR SECURITY PROCEDURES

We consider the protection of all personal information we receive offline and online from our Covered Sites’ visitors and subscribers as critical to our corporate mission. We have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the internet, however, there is always some element of risk involved in sending personal information.

Our security procedures are subject to at least an annual SOC Type II audit by an internationally recognized accounting firm.

F. CHANGES TO THIS PRIVACY STATEMENT

It is important that you check back often for updates to this Privacy Statement. If a material change is made to this Privacy Statement and/or the way we use our customers' personal information, we will post a prominent notice on the Covered Sites and/or by means of other methods of contact such as email.

G. CONTACT HYDRA

If you have questions about this Privacy Statement, you may contact us in the following ways:

• You may email us at . Please specify "Privacy Statement" in the subject line of your email.

• You may call us at

• You may write to us at:

II. THE GENERAL DATA PROTECTION REGULATION (GDPR) PRACTICES

Where we collect, process, use or disclose personal information that is subject to the General Data Protection Regulation (GDPR), we are committed to processing your personal information in a fair and lawful manner. This section describes our privacy practices specific to personal information covered by the GDPR and your rights in relation to your personal information.

A. THE INFORMATION WE GATHER

The information that we collect and process is described in Section I.A above. Pursuant to GDPR, we will explain the legal basis which allows us to do so.

We will only collect or process sensitive personal information on the basis that: (i) it has manifestly been made public by you; or (ii) the processing is necessary: (a) in relation to legal claims; (b) for reasons of substantial public interest; or (c) where we need to carry out certain legal obligations and/or exercise certain rights relating either to or you. We do not collect any information about criminal convictions and offenses.

B. PURPOSES FOR WHICH WE MAY USE YOUR PERSONAL INFORMATION

An explanation of how we may use your personal information is described in Section I.B above. If you are located in the EU, you have the right to know what legal basis we rely upon to process your personal information. The chart below describes all the ways in which we plan to use your personal information and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal information for more than one lawful purpose depending on the specific business purpose for which we are using your information. Please contact us (using the contact details above) if you need details about the specific legal ground we are relying on to process your personal information.

C. HOW LONG WE KEEP PERSONAL INFORMATION

We will only retain your personal information in identifiable form for as long as needed for the purposes for which it is gathered and processed. In determining retention periods, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer need personal information, we either anonymize, securely delete, or destroy it.

D. YOUR GDPR RIGHTS

We respect the rights that you have in relation to your personal information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.

Access to personal information. We will give you access to your personal information upon written request, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing information to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. Except where it is not permissible under applicable law, we may also charge you a fee for providing you with a copy of your data.

Correction and deletion. You have the right to correct or amend your personal information if it is inaccurate or requires updating. You have the right to request deletion of your personal information; however, this is not always possible due to legal requirements and other obligations and factors.

Data portability. You may have the right to (i) obtain personal information concerning you, which you have provided to Hydra, and (ii) transmit such information to another data controller. The information may be transmitted directly from Hydra to the other data controller where feasible.

Direct marketing. We may send you marketing communications as set out above. Where your personal information is processed for direct marketing purposes, you have the right to object at any time to such processing, which includes profiling to the extent that it is related to such direct marketing. All of Hydra’s direct marketing communications include an “unsubscribe” link to enable you to easily opt-out of future communications.

Withdrawal of consent. Where Hydra is processing your personal information on the basis that you have consented to such processing, you have the right to withdraw that consent at any time. Once we have received written notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Objection to and/or restriction of processing of personal information. You have the right to: (i) restrict the processing of your personal information in certain circumstances (e.g., where you contest the accuracy of your personal information); and (ii) object to certain types of processing of personal information.

Lodging a complaint. If you are not satisfied with how Hydra manages your personal information, you have the right to lodge a complaint to a data protection regulator. A list of National Data Protection Authorities (“DPA”) can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Before filing a complaint with a DPA, we ask that you contact us to provide us with an opportunity to resolve your complaint.

E. COOKIES

If you are in the EU, you may opt-out of certain third-party cookies that we and other websites may use for targeting through http://www.youronlinechoices.eu or www.aboutads.info. Opting out of one or more ad networks only means that those particular members no longer will deliver targeted content or ads to you. It does not mean you will stop receiving any targeted content or ads on our Covered Sites or other third-party websites. If your browser is configured to reject cookies when you visit one of the above referenced opt-out pages, and you later erase your cookies, use a different computer or change web browsers, your preference may no longer be active. Since all of these cookies are managed by third parties, you should refer to the third parties' own website privacy notifications and policies for further information.

Can I withdraw my consent?

If you wish to withdraw your consent at any time, you will need to delete your cookies using your internet browser settings, and disable cookies. Please note that disabling cookies will affect the functionality of our Covered Sites, and may prevent you from being able to access certain features on our Covered Sites.

F. DATA TRANSFER

Hydra is a global organization, and your personal information may be stored and processed outside of your home country. We take steps to ensure that the information we collect is processed according to this Privacy Statement and the requirements of applicable law wherever the data is located.

Hydra has networks, databases, servers, systems, support, help desks, and offices located around the world, including outside the EU.

We use service providers located around the world, including outside the EU to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Hydra or to third parties in areas outside of your home country (including areas outside the EU).

We may transfer the personal information we collect about you to recipients in countries other than the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to recipients in other countries (such as the U.S.), we will protect that information as described in this Privacy Statement and will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries other than the one in which you provided the information.

III. CCPA NOTICES AND RIGHTS

This section only applies to California residents. Where we collect, process, use, or disclose personal information that is subject to the CCPA, we are committed to processing your personal information in a transparent and fair manner and in compliance with the CCPA. This section describes the rights California residents have in relation to your personal information and provides the notices required by the CCPA.

A. YOUR CCPA RIGHTS

The CCPA grants California residents the rights described below.

Right to Know General Collection and Use of Personal Information (Access Request). Under the CCPA, California residents have the right to request that Hydra disclose what information we have collected, used, disclosed, or sold over the past 12 months. Once we receive and confirm your verifiable consumer request for such information, we will disclose to you, based on your specific request:

• The categories of personal information we collected about you over the past 12 months;

• The categories of sources from which the personal information is collected over the past 12 months;

• The business or commercial purpose for collecting or selling that personal information over the past 12 months;

• The categories of third parties with whom we shared your personal information over the past 12 months;

• If we disclosed your personal information for a business purpose, the personal information categories that each category of recipients obtained; and/or

• If we sold your personal information for a business purpose, the personal information categories that each category of recipients purchased.

Right to Know Specific Pieces of Personal Information (Data Portability). Upon your verified request for such information, we will disclose to you certain specific pieces of personal information we have collected about you over the past 12 months.

Right to Request Deletion. You have the right to request that we delete any of your personal information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, and direct our service providers to do the same, unless an exception applies.

Some of the exceptions that would allow us to deny a request for deletion include if the information is necessary for us or our service provider(s) to do the following:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract we have with you.

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

• Debug products to identify and repair errors that impair existing intended functionality.

• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.

• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

• Comply with a legal obligation.

• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Opt-Out of Sale of Personal Information. You have the right to direct businesses that sell personal information to not sell your personal information (the "right to opt-out"). Hydra does not sell any personal information, including the personal information of California residents who are under 16 years of age with or without affirmative authorization.

Right to Non-Discrimination. You have the right not to be discriminated against for having exercised the rights established by the CCPA. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties.

• Provide you a different level or quality of goods or services.

• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

B. EXERCISING YOUR CCPA RIGHTS

This section of our Privacy Statement explains how a California resident can exercise their rights.

To exercise your right to know or your right to deletion, you or your authorized agent may submit a verifiable consumer request in one of the following ways:

• Call us toll free at .

• Fill out this form.

Upon receipt of your request to know or request for deletion, we will confirm receipt within 10 days. If we are able to verify your request, we will make our best effort to respond within forty-five (45) days of our receipt of your request. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.

Additional Information About Requests to Know

When responding to a request to know, we will not disclose information to you if we cannot verify your identity.

The CCPA allows a California resident to make a verifiable consumer request to know only twice within a 12-month period. Additionally, the verifiable consumer request must:

• 1. Provide sufficient information that allows us to reasonably verify you are: (i) the person about whom we collected personal information, or (ii) an authorized representative.

• 2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Additional Information About Requests to Delete

When responding to a request for deletion, we will specify the manner in which we have deleted your personal information, in accordance with the CCPA. We will not delete your information if we cannot verify your identity.

C. DESIGNATING AN AUTHORIZED AGENT

Only you as a California resident, or a person registered with the California Secretary of State that you authorize to act on your behalf (Authorized Agent), may make a verifiable request to know or a request for deletion. If you are using an Authorized Agent to exercise your CCPA rights, we require the Authorized Agent to provide us with written confirmation that you have authorized them to act on your behalf. We may also verify the identity of the Authorized Agent.

D. HOW WE VERIFY CALIFORNIA RESIDENTS’ REQUESTS TO KNOW AND REQUESTS FOR DELETION

We will not respond to requests to know or requests for deletion unless we can verify your identity to a reasonable degree of certainty. To verify your identity, when feasible, we will use information about you that we already have; however, on occasion we may need to request additional information, which we will use only for the purposes of verification. We may also use a third-party identify verification service.

The information we need to verify your request will depend on the type of request, the sensitivity of the personal information requested, and/or the risk of harm to you. Upon receipt of your request, we will notify you if we need additional information from you to verify your request.

E. NOTICE AT COLLECTION OF PERSONAL INFORMATION (FOR CALIFORNIA RESIDENTS)

This Notice at Collection of Personal Information (“Notice at Collection”) is part of Hydra's Privacy Statement and includes details about the personal information we collect from California residents and the purposes for which that personal information will be used. This Notice at Collection applies solely to California residents ("California consumers" or "you"). We adopt this Notice at Collection in accordance with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice at Collection.

Personal Information We Collect About You

Hydra collects personal information, which the CCPA defines as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular California consumer or household. In particular, we may collect the following categories of personal information from or about you:

• Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.

• Contact Data includes billing address, delivery address, email address, and telephone numbers.

• Financial Data includes bank account and payment card details.

• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

• Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.

• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Hydra representative at an event.

• Usage Data includes information about how you use the Covered Sites, and/or our products and services.

• Marketing and Communications Data includes your communication preferences in receiving marketing from us and third parties.

• Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed hometown and current city, profile photos, personal description, and “likes.”

• Sensitive Personal Information. Occasionally we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person's sex life or sexual orientation. For example, we may collect certain information made available through Social Media Applications. This information may contain sensitive personal information if you have made that information available on your Social Media profile. In addition, the information that you submit in blog forums (or otherwise) on our Covered Sites or when interacting with our Covered Products and Services may include sensitive personal information.

How We Use Your Personal Information

We will only use your personal information in a manner that is consistent with applicable laws. Most commonly, we will use the categories of personal information identified above for the following business purposes:

• For the provision of our Covered Products and Services or the operation of our business or a third party’s business. Personal information may be made available to Hydra businesses around the world if necessary for the provision of our Covered Products and Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.

• Where we need to perform a contract that we have entered into with you or in order to take steps at your request prior to entering into a contract.

• To protect the security and integrity of our business, our Covered Products and Services, or Covered Sites.

• Where we need to protect your interests (or someone else's interests).

• Where it is needed in the public interest or for official purposes.

• In connection with the sale, merger, acquisition, or other reorganization of our business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Hydra's practice to seek appropriate protection for information in these types of transactions.

• For compliance with legal obligations and protection of Hydra and others. Specifically, we may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime, loss prevention, or fraud. We may also use personal information to meet our internal and external audit requirements, and as we otherwise believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce or apply our contractual rights; and (iv) to otherwise protect our rights, privacy, safety, or property, or those of other persons.

• For marketing purposes. Specifically, we may use your personal information (including cookies – for more information on how we use cookies, please see Section IX below) to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you (we call this marketing).

o Where it is necessary for the purposes of our legitimate interests or those of a third party (e.g., for the provision of our services or products, the operation of our business or a third party’s business, or the marketing of products or services by us to you in circumstances where you have already bought or subscribed for similar Hydra products or services) and your interests and fundamental rights and freedoms do not override our legitimate interests.

o You may receive marketing communications from us if you have purchased products or services from us, we have identified similar products or services that may be relevant for you and, in each case, you have not opted out of receiving that marketing.

o We will get your express opt-in consent before we market products or services to you that are not similar to products or services you have purchased from us before, or if we share your personal information with any company outside the Hydra group of companies for marketing purposes.

o You can ask us or third parties to stop sending you marketing messages at any time. If you receive a marketing communication from us, the communication will contain an option to opt out of further communications. If you receive a marketing communication from one of our business partners, or from social media providers, you should opt out with that entity directly. You can also contact us at any time to opt out using the details given at the end of this Privacy Statement.

• We may disclose your personal information to entities other than Hydra for business purposes. When we disclose personal information, we do so in accordance with our data privacy and security requirements. Please see Section I.C. for more information about these types of disclosures.

We will only use your personal information for the purposes for which we collected it, including where we reasonably consider that we need to use it for a reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you as required by law.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

Privacy Policy