DATA PRIVACY STATEMENT

for the Safety io Website including the Safety io Career Portal

Safety io, LLC (“Safety io”, also “we”) owns this website and its subpages (hereinafter collectively referred to as “Website”). As an MSA Safety Inc. company, safety is in our DNA. We help you make informed decisions, reinforce best practices and pursue a safety-first, injury- free workforce. As well as this, safeguarding your privacy is very important to us. We take the protection and safety of your personal data seriously and are committed to maintaining its confidentiality, availability and integrity as part of our business process. We strive to ensure that personal data collected during your use of the Website is processed by us strictly in accordance with applicable law.

Objective and Scope

This Data Privacy Statement provides transparency about any personal data that maybe processed through this Website (material scope) and the respective safeguards provided to applicants that reside in the European Union (personal scope), in line with Art. 13 of the EU General Data Protection Regulation¹ (GDPR), as well as local law based on the EU ePrivacy Directive² and the Cookie Directive³.

Definitions

The terms used in this Data Privacy Statement correspond to the definitions in the GDPR, article 4.

Controller

Safety io with the headquarter located in Franz-Ehrlich-Straße 9, 12489 Berlin, Germany, as owner and service provider of this Website, is the controller of the data processing. Gregory Lee Martin and Heiko Will are the controller's representatives.

Data Protection Officer

Safety io has appointed a Data Protection Officer (DPO). If you are an EU resident with questions or comments on how Safety io processes personal data, please feel free to contact the DPO via e-mail: GDPR@msasafety.com.

Data Processing

In General

Every time this Website is accessed, it collects various general data and information. This general data and information are stored in the log files of the server. The data collected may include the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system has reached our Website (known as a referrer), (4) the sub-sites on our Website which are accessed via an accessing system, (5) the date and time of an access to the Website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information aimed at risk prevention in the case of attacks on our IT systems.

When using this data, we do not draw any conclusions as to the user as the data subject. Instead, this information is required (1) to correctly display the content of our Website, (2) to optimise the content of our Website as well as the advertisements for these, (3) to ensure the ongoing functionality of our IT systems and the technology relating to our Website and (4) to provide the necessary information to law enforcement authorities to bring criminal proceedings in the event of a cyber-attack. On the one hand, we therefore analyze this data and information for statistical purposes and, on the other, for purposes of increasing data protection and data security in our company in order to ultimately ensure the best possible level of protection for personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

The personal data is erased as soon as it is no longer required for the purposes for which it was collected. If data is collected for purposes of providing access to the Website, this is the case when the respective session has ended. IP addresses of the accessing systems are stored on the web server for a period of seven days. In the backups the IP addresses of accessing systems are stored for four weeks.

“Stay informed”

You have the possibility to submit for our information service under "Stay informed". If required, we will send a demo of the Safety io grid services by using this contact data to you. If the you have permitted it, we use the contact data to ask you how we can improve our grid services.

Career Portal

Part of the Website is the Safety io Career Portal. The main purpose of the Career Portal is to support the recruitment and hiring; it is possible to apply to us via this portal. Regarding this, personal data collected during the application will be used exclusively for employment-related purposes.

Position-related Application

Personal data specifically considering you for potential employment with Safety io will be used for the position for which you apply.

In the application process that is operated via the Careers Portal we collect, process and use the data provided by you, such as contact details, content of cover letters, CV, proof of qualifications and past experience, in order to implement the application process. The data is kept confidential. Safety io will not use the information that you provide for any other purpose. Your personal data will be stored exclusively for recruitment and hiring purposes in Safety io’s applicant tracking system behind this Career Portal, and the company will evaluate your credentials for the job opportunity available at the company or for a specific job opportunity selected by you. In conducting this evaluation, your personal data may be transferred to, stored and/or processed by Safety io, its affiliates abroad, and/or third-party partners on their behalf, in countries outside of the European Union, but always under obligations of confidentiality, availability and integrity.

If you are offered a job, the data is transferred to the personnel file and subsequently erased from the application system. If you are turned down, the data is erased from the application system six months later.

Other Positions, affiliated Companies and unsolicited Application - Consent

You may want us to use your application for other positions or for positions in other affiliated companies, or you may want us to send you an unsolicited application. In these cases, we will obtain your consent for the processing and use of the data regardless of a specific position.

If you have given us your consent, the data is also used for other relevant job postings and passed on the respective company within the MSA Safety Inc. group in accordance with the consent declaration. The data is only used for the period to which the consent relates. If you are hired, the data is transferred to the personnel file and subsequently erased from the application system. If the application does not result in a job offer, the data is erased after expiry of the period to which the consent relates.

Web Analytics and Cookies

Safety io uses web analytics, cookies and tracking pixels to enhance your browsing experience. These tools are may be required for certain functionality of the site and are used to collect statistical information about the use of the site and to save preferences for your convenience. Some of these tools may also be temporarily used to serve you content regarding relevant marketing campaigns. In general, the used tools and its purpose are:

Functional (or required) tools:

▪ Remember your country and language selection
▪ Remember your login information
▪ Maintain your logged in session

Tracking tools:

▪ Collect anonymous information about the usage of our Website help us make improvements to our Website based on how our visitors interact with it

Targeting tools:

▪ Display our campaigns to you on other websites

You can prevent the storage of cookies and tracking via tracking pixels. You can prevent the storage of cookies by a corresponding setting of your browser software. Should you choose to disable or delete tools using your preferred browser's settings, please be aware that some pages or functions may not perform as intended. Please use the "Help" feature in your browser for more information.

Google Analytics

We have the Google Analytics component (with anonymization function) integrated on this Website. Google Analytics is a web-analytics service. Web analytics is the collection, compilation and analysis of data about the behavior of visitors to websites. A web-analysis service collects, among other things, data about the website from which a data subject finds its way onto a website (known as a referrer), which sub-sites of the website are accessed or how often and for which length of time a sub-site has been viewed. A web analysis is primarily used to optimize an internet page and to carry out a cost-benefit analysis of internet advertising.

The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For the web analysis via Google Analytics, Safety io uses the suffix "_gat._anonymizeIp". By means of this suffix, the IP address of the internet connection of the data subject is truncated and anonymized if our Website is accessed from a member state of the European Union or from another country which is a signatory to the Agreement on the European Economic Area.

The purpose of the Google-Analytics component is the analysis of the flow of visitors on our Website. Google uses the collected data and information, among other things, to analyse the use of our Website, in order to compile online reports for us, which show the activities taking place on our Website, and to provide other services connected to the use of our Website.

Google Analytics places a cookie on the IT system of the data subject. The nature of cookies has already been described above. By placing cookies, Google can analyse the use of our Website. Each time one of the individual pages of this Website – which is operated by the controller responsible for the processing and on which a Google-Analytics component has been integrated – is accessed, the internet browser on the IT system of the data subject is automatically induced, by the respective Google-Analytics component, to transmit data to Google for purposes of online analysis. In the context of this technical process, Google will gain access to personal data such as the IP address of the data subject, which Google uses, among other things, to trace the origin of the visitors and clicks and to subsequently allow commissions to be calculated.

Personal information such as the time of access, the place from which the site was accessed and the number of times the data subject has visited our Website is stored via the cookie. Each time our Website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States. This personal data is stored by Google in the United States. Google may pass this personal data, which is collected via the technical process, on to third parties.

As has already been set out above, the data subject may, at any time, prevent our Website placing any cookies by making a corresponding adjustment to the settings of the internet browser used, and thereby object to the placing of cookies once and for all. Such an adjustment of the internet browser used would also prevent Google placing a cookie IT system of the data subject. In addition, a cookie that has already been placed by Google Analytics can be deleted at any time via the internet browser or other software programs.

Besides, the data subject has the option of objecting to the collection of the data produced by Google Analytics and related to the use of this Website, as well as objecting to the processing of this data by Google and preventing such processing. In order to do this, the data subject needs to download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics via JavaScript that no data and information about the visits of websites may be transmitted to Google Analytics. Google considers the installation of the browser add-on to be an objection. If the IT system of the data subject is deleted, formatted or reinstalled later, the data subject must reinstall the browser add- on again in order to disable Google Analytics. If the browser add-on is deinstalled or deactivated by data subject or any other person who is attributed to the data subject’s sphere of control, there is an option of reinstalling or reactivating the browser add-on.

For more information and the applicable data protection provisions of Google, please refer to https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html.

You can find a more detailed description of Google Analytics under this link https://www.google.com/intl/de_de/analytics/.

LinkedIn Marketing Solutions - Conversion Tracking

We have the LinkedIn Marketing Solution component Conversion Tracking integrated on this Website. This should help to capture generated leads from the Safety io career campaigns, to determine the return of invests (ROI) of the career campaigns and to optimize the application processes intelligently. To find out more, please use the following link: https://www.linkedin.com/help/linkedin/answer/87080/linkedin-marketing-solutions-and-the- general-data-protection-regulation-gdpr-?lang=en

Marketo Lead Management - Marketo Revenue Cycle Analytics

We have the Marketo Lead Management component Marketo Revenue Cycle Analytics integrated on this Website. We use the services of the company Marketo EMEA Limited to collect statistical data on the use of our web site and to optimize our offerings accordingly, as well as to operate e-mail marketing. Processing of personal data upon registration If you register for an event, request the newsletter or other information, or otherwise provide us with personal information through a registration form, the registration form will ask you to consent to the processing of your personal information. Marketo also uses cookies and tracking pixels. To find out more about Marketo and the GDPR compliance, please use the following link: https://www.marketo.com/company/trust/gdpr/

Recipients and Third Country Data Transfer

Safety io’s directors, officer, employees, agents, representatives and IT administrators of the data center provider may have access to personal data on a need-to-know basis if they need to carry out legitimate tasks.

Since the parent company MSA Safety Inc. is based in the USA and the applications may also be processed by employees of this company, data can also be transferred to the USA.

Regarding the data transfer to Google, please see “The Use of Google Analytics”. Google has submitted to the EU-US Privacy Shield framework:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Regarding the data transfer to Marketo EMEA Limited, a data transfer to Marketo, Inc., San Mateo, California, USA, and its affiliates and therefore to countries outside the EU can take place.

Regarding the data transfer to LinkedIn, a data transfer to the headquarter in Sunnyvale, California, USA and to the parent company, the Microsoft Corp. and its affiliates and therefore to countries outside the EU can take place. LinkedIn has submitted to the EU-U.S. Privacy Shield framework:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Legal Basis for Processing

We will only process your personal data:

• if you have given your consent to the processing of your personal data for one or more specific purposes;
• if and to the extent the processing is necessary for the performance of a contract to which you are party or in order to take steps at your specific request prior to entering into a contract;
• if and to the extent the processing is necessary for compliance with a legal obligation to which we are subject;
• if and to the extent the processing is necessary in order to protect your vital interests or of another natural person;
• if and to the extent the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
• if and to the extent the processing is necessary for the safeguard or pursuit of legitimate interests pursued by us or by a third party except where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data, in particular where the data subject is a minor.

We only process cookies subject to and in compliance with the above-named conditions based on the GDPR and with the local law based on the Cookie Directive.

Data Security

Safety io uses technical and organizational security measures to protect the data supplied by you and managed by us to ensure its confidentiality, availability and integrity. These security measures protect your data against manipulation, loss, destruction and access by unauthorized third parties. The Website security is continually being improved in line with developing technology.

Data Subject Rights

As a data subject, you have the right to request from Safety io whether and what personal data of yours has been stored by us. If you are registered as a user, we also enable you to view the data yourself and, if applicable, to delete or amend it. If incorrect information is stored, despite our efforts to ensure that data is accurate and up to date, we will correct it at your request. Safety io will respond to any such requests for information, deletion, or amendment in writing and as soon as reasonably possible.

If you have given us your consent, you can revoke it at any time with effect for the future.

To make a request about your personal data, or if you have any questions about the processing of your personal data, you can contact our Data Protection Officer (DPO) via GDPR@msasafety.com.

We appreciate your interest in our company, products and services, and we hope you find your visit to the Website worthwhile

¹ REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

² Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

³ DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.

Grid and FireGrid Terms of Service

These Safety io Terms of Service (the “Terms”) govern Your use of any Safety io (“Provider”) application by any authorized user with a Safety io account (“You”). Any rights and obligations afforded to You hereunder shall equally extend to Your Organization. Provider agrees to provide You with access to the Services strictly in accordance with the terms and conditions set forth in these Terms.


1. Definitions

All capitalized terms not otherwise defined in this Terms shall have the meanings set forth below in this Section 1 or in the cover page of this Terms: 1.1 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. 1.2 “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity. 1.3 “Anonymized Statistics” means data and information related to Your use of the Services and used by Provider in an anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services to, among other uses, enhance the Services or product offerings of Provider or its Affiliates. 1.4 “Authorized User” means You’s employees and contractors (i) who are authorized by You to access and use the Services under the rights granted to You pursuant to this Terms and (ii) for whom access to the Services has been purchased hereunder. 1.5 “You Data” means, other than Anonymized Statistics, information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of You or an Authorized User through the Services. 1.6 “You Personal Information” means any information about a natural person provided by You to Provider incidental to the performance of this Terms and that could be used to identify that person, including a name, address, email address, photograph, voice sample, or any other similar data. 1.7 “Documentation” means any and all user guides, instructions, handbooks, or manuals relating to the Services provided by Provider to You either electronically or in hard copy form, including any online technical assistance provided through Provider’s website. 1.8 “Effective Date” shall mean the date that You signs this Terms, whether via electronic signature or otherwise. 1.9 “Harmful Code” means any software, hardware, or other technology, device, or means, including any virus, worm, malware, Trojan Horse, time bomb, corrupted file, or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data Processed thereby; or (b) prevent You or any Authorized User from accessing or using the Services or Provider’s systems as intended by this Terms. 1.10 “Provider IP” means the Services, the Documentation, and any and all intellectual property provided to You or any Authorized User in connection with the foregoing. For the avoidance of doubt, Provider IP includes Anonymized Statistics and any information, data, or other content derived from Provider’s monitoring of You’s access to or use of the Services, but does not include You Data. 1.11 “Services” means the software-as-a-service offering described in the Estimate. 1.12 “Third-Party Products” means any non-Provider platforms or applications, including software or updates in object code form, including documentation such as user manuals, handbooks and guides from a third party, that are provided with, or incorporated into the Services. 1.13 “Third-Party Systems” means any product, application, or service that enable or assist You to access or use the Services but is not owned or controlled by Provider, including any hardware, cellular network or device, Bluetooth® product or tool, web platform, product, application, software, connection, system, or similar system.

2.  Access and Use; Authority

2.1 Provision of Access
Subject to and conditioned on Your compliance with these Terms, Provider hereby grants You a non-exclusive, non-transferrable license to access and use the Services and Documentation during the Term in connection with the operation of MSA Safety products.

2.2. Use Restrictions
You shall not use the Services for any unlawful purpose or any purpose beyond the scope of the access granted in these Terms. You shall not at any time, directly or indirectly: (i) copy, modify, or create derivative works of the Services or Documentation, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services or Documentation, except as authorized in writing by Provider; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Services, in whole or in part; (iv) remove any proprietary notices from the Services or Documentation; (v) use the Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law; (vi) input, upload, transmit or otherwise activate any Harmful Code into the Provider’s systems; (vii) access or use the Services for purposes of competitive analysis; or (viii) access or use the Services in a way that circumvents or exceeds Service account limitations or requirements. You shall comply with all applicable local, state, regional, federal, and foreign laws, treaties, regulations, and conventions in connection with this Terms, including without limitation those related to privacy and electronic communications. You shall not use the Services or register an account with Provider if You are under the age of 13 years old.

2.3. Suspension
Notwithstanding anything to the contrary in this Terms, Provider may temporarily suspend Your access to any portion or all of the Services if: (i) Provider reasonably determines that (A) there is a cyber threat or attack on any of the Provider IP; (B) Your use of the Services disrupts or poses a security risk (e.g., due to input or upload of Harmful Code) to the Provider, the Provider IP or to any other You or vendor of Provider; (C) You are using the Services for fraudulent or illegal activities; (D) You are not permitted to use the Services by applicable law or order; or (F) You have the Use Restrictions set forth herein; (ii) any vendor of Provider has suspended or terminated Provider’s access to or use of any Third-Party Systems; or (iii) in accordance with any other right of Provider described herein (any such suspension described in subclause (i), (ii), or (iii), a “Service Suspension”). Provider shall use commercially reasonable efforts to provide written notice of any Service Suspension to You and to provide updates regarding resumption of access to the Services following any Service Suspension. Provider, in its discretion, may resume providing access to the Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Provider will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that You may incur as a result of a Service Suspension under this Section 2.3.

2.4. Changes
As part of its ongoing mission to improve the Provider IP, Documentation and/or Services and Your use of the Services, Provider reserves the right, in its sole discretion, to hereinafter make any changes to the Services, Provider IP, and/or Documentation that it deems necessary or useful. Such changes may include, but are not limited to, updates to functionality, user interface, training and education tools, usability and Documentation.

2.5. Anonymized Statistics
Notwithstanding anything to the contrary in this Terms, Provider may monitor You use of the Services and collect and compile Anonymized Statistics, which will include and incorporate the You Data. As between Provider and You, all right, title, and interest in Anonymized Statistics, and all intellectual property rights therein, belong to and are retained solely by Provider. You acknowledges that Provider may compile Anonymized Statistics based on You Data input into the Services. You agrees that Provider may (i) make Anonymized Statistics publicly available in compliance with applicable law, and (ii) use Anonymized Statistics to the extent and in the manner permitted under applicable law; provided that such Anonymized Statistics do not identify You or Your Confidential Information unless Provider has obtained You prior written consent, not to be unreasonably withheld.

2.6. Services Support
The Services include Provider’s standard You support services (“Support Services”), which can be accessed using the following URL: https://status.safetyio.com or any successor website address (“Support Terms and Conditions”). Provider may amend the Support Terms and Conditions from time to time in its sole discretion.

2.7. Service Availability
Provider will use commercially reasonable efforts to make the Services available in accordance with industry standards, excluding unavailability resulting from: (a) any act or omission by You or use of the Services by You or Your access credentials, that do not strictly comply with this Terms and the instructions given by Provider; (b) Your failure to comply with these Terms; (c) Your internet, mobile, or Bluetooth® connectivity; (d) Force Majeure Event; (e) failure, interruption, outage, or other problem with any software, hardware, system, device, network, facility, or other matter not supplied by Provider as part of this Terms; (f) scheduled downtime or outages; (g) unavailability due to Third-Party Products or Third-Party Systems; or (h) disabling, suspension, or termination of the Services pursuant to the Terms.

2.8. Data Backup and Continuity
Provider shall make reasonable efforts to restore any of Your Data that has been lost, destroyed, or corrupted while using the Services; however, these efforts shall not replace the need for You to obtain data backups or redundant data archives. Notwithstanding anything written above, PROVIDER HAS NO OBLIGATION OR LIABILITY FOR ANY LOSS, ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION, OR RECOVERY OF YOU DATA.

2.9. Due Authority
You represent that, by using the Services, You accept these Terms on behalf of Your employer and/or the organization benefiting from the Services (“Organization”), and You represent thatYou have the authority to do so and to so legally bind such party.

Your Responsibilities

2.10. General
You acknowledge and agree that You are solely responsible for Your use of the Services and Documentation and for establishing and following appropriate policies and procedures concerning any MSA Safety devices in Your possession, including any instructions in the Documentation. You further acknowledges and agrees that You are solely responsible to maintain any such device(s) in accordance with manufacturer instructions. Nothing in this Terms shall be construed to make Provider responsible in any way for the use or functionality of such devices or for Your safety and health program, and Provider disclaims all liability in this regard. You shall remain liable for all uses of the Services and Documentation, whether such access or use is permitted by or in violation of this Terms.

2.11. Systems and Cooperation
You shall at all times during the Term: (a) set up, maintain, and operate its systems and equipment in good repair and in accordance the requirements for which the Services are to be accessed or used; and (b) provide all cooperation and assistance as Provider may reasonably request to enable Provider to exercise its rights and perform its obligations under and in connection with this Terms. You expressly acknowledge that Provider has no control over or responsibility for any Third-Party Systems.

2.12. Effect of Failure or Delay
Provider is not responsible for any delay or failure of performance caused in whole or in part by Your Data, Third-Party Systems or Third-Party Products, and Your delay in performing, or failure to perform, any of its obligations under this Terms or Provider instructions in the Documentation.

2.13. Third-Party Products
Any Third-Party Products made available to You are subject to their own terms and conditions. If You do not agree to abide by the applicable terms for any such Third-Party Products, then You should not install or use such Third-Party Products. Provider is not responsible for any aspect of such Third Party Products.

2.14. Notification
You are solely responsible for the content, storage, and security of any telephonic or electronic communications while using the Services and hereby acknowledges that the timing and delivery of any such communications are dependent on Third-Party Systems. You shall use commercially reasonable efforts to prevent unauthorized access to or use of Service and promptly notify Provider of unauthorized access or use and any loss or theft or unauthorized use of any password or username.

3. Confidential Information

3.1 Confidential Information
From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information (collectively, “Confidential Information”). The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except (i) as contemplated to provide the Services or otherwise explicitly authorized under this Terms; or (ii) to the receiving Party’s affiliates and its and their employees or representatives who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (x) where legally permissible, in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law or regulation, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (y) to establish a Party’s rights under this Terms, including to make required court filings. No You Data embedded in the Anonymized Statistics shall be considered Confidential Information of You.

3.2 Exclusions
Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain through no fault of the receiving Party; (b) known to the receiving Party at the time of disclosure on a non-confidential basis; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party.

3.3 Personal Information
Provider is not a creator, user, or recipient of individually identifiable health information or of any other information that qualifies as “Protected Health Information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and therefore is not a “business associate” under HIPAA. Neither Party to this Terms contemplates or intends that Provider will be exposed to any Protected Health Information in connection with any of the Services.

3.4 Your Responsibility
Without prejudice to anything else contained herein, You and Your OrganizationYou are responsible for (a) security vulnerabilities from Your data or content and (c) any use by You in a manner that is inconsistent with the terms of this Terms. To the extent You discloses or transmits any Data or information to a third party, Provider is no longer responsible for the security, integrity, or confidentiality of such content outside of Provider’s control.

4. Intellectual Property Ownership

4.1 Provider IP
You acknowledge that Provider owns all right, title, and interest, including all intellectual property rights, in and to the Provider IP. If You suggest or recommend any changes to the Provider IP, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like (“Feedback”), You hereby assign to Provider a worldwide, royalty-free, perpetual, irrevocable, transferable right to use, modify, incorporate, and distribute such Feedback, without attribution and for any purpose whatsoever. Any rights in the Services or Provider’s IP not expressly granted herein by Provider are reserved by Provider.

4.2 Consent to Use Data
Following the expiration or termination of the Terms, Provider may deactivate Your account(s) and delete any data therein. Notwithstanding the above, Provider and its Affiliates shall continue to be entitled to reproduce, distribute, modify, and otherwise use and display any Your Data incorporated within the Anonymized Statistics or for other purposes stated herein.Notwithstanding anything else contained herein, You hereby irrevocably grants all such rights and permissions in or relating to Your Data as are necessary or useful to Provider, its Affiliates, its Subcontractors, and the Provider Personnel (i) to provide the Services hereunder, (ii) enforce this Terms and legal rights; (iii) for business and internal evaluation purposes (e.g., marketing); and (iv) to comply with legal obligations (e.g., court-ordered subpoena requests).

5. Limited Warranty and Warranty Disclaimer

5.1 Limited Express Warranty
Provider warrants that during the subscription term, the Services will conform in all material respects as described in any Documentation and that Provider will not materially decrease the functionality described in the Documentation during the then-current subscription term.

5.2 Remedies
If the Services are not performed in accordance with the warranty set out in Section 7.1(ii) above, You shall promptly notify Provider in writing with a description of Your claim. As Your sole and exclusive remedy for any claim under this warranty and provided that such claim is determined by Provider to be Provider's responsibility, Provider shall, within 30 days of its receipt of You's written notice, (i) re-perform the affected Services so that they are conforming; (ii) provide You with a plan reasonably acceptable to You for re-performing the affected Services; or (iii) if neither (i) nor (ii) can be accomplished with reasonable commercial efforts from Provider, then Provider or You may terminate the affected Service, and You will be entitled to a refund of the pre-paid but unused portion of any fees paid for the affected Service. The preceding remedy shall constitute Provider's entire liability and Your exclusive remedy for breach of the warranty set forth herein. If You elects not to terminate the Services or continues to use the Services, You waive all rights for the applicable warranty cure set forth herein.

5.3 Exclusions
Provider is not responsible for any claimed breach of any warranty set forth in section 8.1 caused by: (i) modifications made to the Services by anyone other than Provider; (ii) the combination, operation or use of the Services with any items not authorized by Provider; (iii) Provider's adherence to Your specifications or instructions; (iv) errors caused by or related to Third-Party Products or Third-Party Systems, including but not limited to internet or platform connections, cellular service, or Bluetooth® connectivity, (v) Your software or IT systems or networks, including but not limited to network security systems (e.g., ports or firewalls), (vi) Your deviating from the Services operating procedures described in the Documentation; or (vii) Your failure to maintain MSA Safety devices or instruments in accordance with manufacturer’s instructions.

5.4 Third-Party Products and Third-Party Systems
You acknowledge that certain modules or platforms of the Services may involve or depend upon Third-Party Products or Third-Party Systems. Provider may add and/or substitute functionally equivalent products or services at any time in the event of product unavailability, end-of-life, or changes to software requirements. Your use of such Third-Party Products or Third-Party Systems shall be subject to, and You shall comply with this Terms and any applicable Third Party EULAs (End User License Terms). PROVIDER MAKES NO WARRANTY WITH RESPECT TO ANY THIRD-PARTY PRODUCTS OR THIRD-PARTY SYSTEMS. Your sole remedy with respect to such Third-Party Products or Third-Party Systems shall be pursuant to the original licensor's warranty, if any, to Provider, to the extent permitted by the original licensor. Third-Party Products and Third-Party Systems are made available on an "AS IS, AS AVAILABLE" basis.

5.5 Warranty Disclaimer
EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 6.1, THE PROVIDER IP, DOCUMENTATION AND SERVICES ARE PROVIDED “AS IS” AND PROVIDER HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. PROVIDER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 6.1, PROVIDER MAKES NO WARRANTY OF ANY KIND THAT THE PROVIDER IP, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET YOU’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE.

6. Indemnification

6.1 Indemnification
You shall indemnify, hold harmless, and, at Provider’s option, defend Provider from and against any claim, actions loss, expense, or cost resulting from any third-party claim that results or arises from Your use of the Services.

7. Limitations of Liability

7.1 Limitation of Liability
NOTWITHSTANDING ANYTHING ELSE CONTAINED HEREIN: (i) IN NO EVENT WILL PROVIDER BE LIABLE UNDER OR IN CONNECTION WITH THESE TERMS UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, INDEMNITY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER A PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND (ii) IN NO EVENT WILL PROVIDER’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS TERMS UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, INDEMNITY, OR OTHERWISE EXCEED THE LESSER OF (A) THE TOTAL AMOUNTS ACTUALLY PAID PER YEAR TO PROVIDER UNDER YOUR ACCOUNT IN THE 12 MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM OR (B) $1,000,000. Nothing contained in this Section (Limitation of Liability) shall aim to limit any liability to the extent prohibited by law.

8. Term and Termination

8.1 Term
This agreement commences on the Effective Date and shall continue until the expiration or termination of the subscription term stated herein. The Services shall commence on or after the Effective Date and continue for the term set forth in the Estimate, or if no Estimate exists, the Term shall automatically renew month-to-month unless terminated by one of the parties in accordance with these Terms (“Initial Subscription Term”). Where an Estimate exists, at the end of the Initial Subscription Term, the subscription will automatically renew for successive one-year periods (each, a “Renewal Term”), unless either Party gives the other written notice of non-renewal at least 60 days before the end of the Initial Term or any then current Renewal Term. The Initial Term, and any Renewal Terms, are collectively referred to as the “Term.”

8.2 Termination
In addition to any other express termination right set forth in this Terms:

(i) Provider may terminate these Terms, including Your access to the Services, effective on written notice to You, if You: (A) fail to pay any amount when due hereunder, and such failure continues more than thirty (30) days after Provider’s delivery of written notice thereof; or (B) breach any of Your obligations under Section 2 or Section 5;

(ii) either Party may terminate this Terms, effective on written notice to the other Party, if the other Party materially breaches these Terms, and such breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach; or

(iii) either Party may terminate these Terms, effective immediately upon written notice to the other Party, in the event of institution of bankruptcy, receivership, legal insolvency, reorganization, or other similar proceedings by or against Your or Your Organization under any section or chapter of the United States Bankruptcy Code, as amended, or under any similar laws or statutes of the United States or any state thereof, if such proceedings have not been dismissed or discharged within thirty (30) calendar days after they are instituted; or the legal insolvency or making of an assignment for the benefit of creditors or the admittance by either Party of any involuntary debts as they mature or the institution of any reorganization arrangement or other readjustment of debt plan of either Party not involving the United States Bankruptcy Code.

8.3 Effect of Expiration or Termination
Upon expiration or termination of this Terms, You shall immediately discontinue use of the Services. No expiration or termination will affect Your obligation to pay all Fees that may have become due before such expiration or termination, or entitle You to any refund.

8.4 Survival
Any terms by their nature intended to survive shall survive these Terms.

9. Miscellaneous

9.1 Force Majeure
In no event shall either Party be liable to the other Party, or be deemed to have breached this Terms, for any failure or delay in performing its obligations under this Terms, if and to the extent such failure or delay is caused by any circumstances beyond such Party’s reasonable control, including but not limited to acts of God, flood, fire, earthquake, explosion, war, terrorism, invasion, epidemic, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.

9.2 Severability
If any provision of these Terms is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Terms or invalidate or render unenforceable such term or provision in any other jurisdiction.

9.3 Governing Law; Submission to Jurisdiction
These Terms are governed by and construed in accordance with the laws of the Commonwealth of Pennsylvania without giving effect to any choice or conflict of law provisions. Any dispute in connection with this Terms shall be resolved in the State or Federal Courts of the Commonwealth of Pennsylvania, each Party submitting to the jurisdiction and venue of such court. Both parties waive any rights to remove any action to a court located outside of Allegheny County, Pennsylvania. The Parties agree that the Terms do not constitute a contract for the sale of goods and therefore, the Terms shall not be governed by any codification of Article 2 or 2A of the Uniform Commercial Code (“UCC”), or any codification of the Uniform Computer Information Technology Act (“UCITA”), and the United Nations Convention on Contracts for the Sale of Goods (“CISG”) shall not apply.

9.4 Export Regulation
The Services utilize software and technology that may be subject to U.S. export control laws, including the US Export Administration Act and its associated regulations. You shall not, directly or indirectly, export, re-export, or release the Services or the underlying software or technology to, or make the Services or the underlying software or technology accessible from, any jurisdiction, country, or person to which export, re-export, or release is prohibited by law, rule, or regulation. You shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, re-exporting, releasing, or otherwise making the Services or the underlying software or technology available outside the U.S. You shall not use these Services if You are named on any U.S. government list of persons or entities prohibited from receiving exports.

Safety io Applications and Services Data Privacy Statement

This Privacy Statement for Safety io Applications and Services (“Privacy Statement”) describes information that Safety io, LLC and its subsidiaries and affiliates (collectively, “Safety io”) applications collect, use, share, and store, including personal information (i.e., information that personally identifies a user, such as your name, email address or phone number, or other data that can be reasonably used to infer this information).

The purpose of this Privacy Statement is to assist our customers in their understanding of what data (including but not limited to personal data) is collecting through the Safety io Applications.

This Privacy Statement applies to the operation of Safety io applications, services, and mobile applications, all of which are listed in our Data Transparency Statement. In this Privacy Statement, the phrase “Safety io Applications” shall be deemed to include our subscription services and website and mobile applications.

For more details about how we collect and use personal information more generally, including from our website, please reference our Website Data Privacy Statement.

Objective and Scope

This Privacy Statement provides transparency about the data that may be processed by Safety io when customers or users access our Safety io Applications. This includes, where applicable, any safeguards for personal data provided to customers that reside in the European Union (personal scope), in line with Art. 13 of the EU General Data Protection Regulation (GDPR),[1] as well as local law based on the EU ePrivacy Directive[2] and the Cookie Directive.[3]

Collection and Processing

We will be transparent about the different types of information we collect and how we use them. Unless we obtain written permission or have a legal basis for processing, all data collected through Safety io Applications is anonymized.

If European data protection law applies to the processing of personal data when using Safety io Applications, we process personal data only pursuant to the terms of Safety io’s Data Processing Addendum.

International Data Transfers

Data processed through Safety io Applications, including personal data, may be collected, used and stored by Safety io or its service providers in the United States and other countries where our servers or systems, or the servers or systems of our third parties, reside. Please be aware that the privacy protections and legal requirements, including the rights of authorities to access personal information, may not be the same in such countries. By using the Safety io Applications, Customer agrees and consents to such transfers of data.

Safety io’s directors, officers, employees, agents, and representatives may have access to personal data on a need-to-know basis if they need to carry out legitimate tasks.

Data Security

Safety io Applications use technical and organizational security measures to protect the data supplied by customers and their authorized users, and managed by us with aim to ensure its confidentiality, availability and integrity. These security measures have protections against manipulation, loss, destruction, and access by third parties, and our security is continually being improved in line with developing technology. However, Safety io cannot guarantee complete security of collected data, including any personal data. Moreover, Safety io is not responsible for the security of any data stored or collected in networks or platforms that we do not control, such as wireless or cellular networks.

Right to information

Customers have the right to request from Safety io whether and what data has been stored by us, including for purposes of fulfilling a data subject access request. Customers are also free to view, delete, or amend the data they control at any time. If incorrect information is stored, despite our efforts to ensure that data is accurate and up to date, we will correct it at the request of any customer account administrator. Safety io will respond to any such requests for information, deletion, or amendment in writing and as soon as reasonably possible.

To make a request about personal data, or if you have any questions about the processing of personal data in Safety io Applications, please contact MSA’s German Data Protection Officer (DPO) via
dpo-de@msasafety.com.

What information do Safety io Applications collect?

Depending on which application or service is being used, Safety io Applications may collect:

• Data from device components
• Configuration changes to the device
• Device usage and performance information
• Technical information from device
• Device user data (e.g., worker name, etc.)
• Device geolocation data
• Network and connectivity information (e.g., IP address from computer accessing a Safety io Applications)

For a full list of data that Safety io Applications collect, please refer to the Safety io Data Transparency Statement.

In addition, we may receive information about devices and prospective Safety io users from companies that are owned or operated by our ultimate parent company, MSA Safety Incorporated, in accordance with MSA Safety’s global privacy policy.

In addition, Safety io may send data to Safety io GmbH and other affiliates of MSA Safety Incorporated for the purpose of marketing, facilitating or improving the Safety io Applications or MSA Safety Incorporated products.

What information is shared among multiple connected Safety io Applications?

If a user has multiple Safety io Applications interfacing with one another, the applications will share certain information with each other. For example, mobile applications may provide GPS location and other devices statuses to Safety io Applications, and Safety io Applications can push alerts and configuration changes to multiple devices via a mobile application or MSA device. This sharing may occur locally among connected devices, between Safety io Applications and a user's mobile device or application, or among Safety io’sservers.

How does my Safety io Application or account interact with third parties?

Safety io may use third parties when providing its applications and services to customers. Safety io is not responsible for such third parties. Customer data gathered from Safety io Applications is never shared with third-party marketers or spammers except in an anonymized and aggregated manner.

Any data that Safety io receives from third parties will be processed and stored by Safety io and will be treated in accordance with this Privacy Statement and applicable law.

How does Safety io use the information it collects?

Generally speaking, we use collected information to provide, develop, and improve Safety io Applications, including to make assessments and recommendations about products or safety. We may use one of your authorized user's contact details to send this information, or to ask an authorized user to participate in surveys about Safety io usage, and to send other communications from Safety io, when in accordance with applicable privacy law.

We may also use this information in an anonymized form for research purposes and to help us make product development, sales, marketing, and business decisions. We may use service providers to perform some of these functions. Those service providers are restricted from sharing this anonymized information for any purpose other than as described above.

We may use information collected to resolve technical issues a user may encounter, to respond to requests for assistance, to analyze crash information, and to repair and improve the Services.

In general for purposes of applicable law (e.g., GDPR or CCPA), Safety io is a “processor” or “service provider” of the information collected in connection with the Applications and Services.

In what circumstances does Safety io share my information?

Under no circumstance do we share personal information with third parties for any purpose unrelated to the activation and delivery of Safety io Applications and services without first obtaining consent or otherwise having a legal basis for processing. Safety io does not rent or sell our customer lists. The following are the limited situations where we may share personal information:

• With permission from a customer or user
• To third parties (e.g., vendors, service providers, technicians) that support the processing and storage of data necessary to provide our services, or who fix technical problems;
• In an anonymized way for marketing, research, or other advertising;
• For actual or potential sale or transfer of the Safety io business;
• For legal reasons, such as (i) complying with applicable law, regulation, or court order (ii) enforcing Safety io policies or contracts, (iii) detecting or preventing fraud, security, or technical issues, (iv) as reasonably necessary to protect or preserve the rights of Safety io, our users, or the public, or (v) as otherwise legally permissible.

What choices do I have and how can I delete my information?

Safety io Applications are intended for use by organizations, and the personal data they may generate is controlled by them.

Authorized users should direct any data privacy inquiry to the appropriate Safety io organizational customer (e.g., employer), who has responsibility and control over such data.

Use of the Safety io Application(s) are subject to the policies of the organizational customer that has purchased the Services. Safety io is not responsible for the privacy or security practices of such organizations, which may be different than this policy.

Safety io generally stores data generated from our Safety io Applications for as long as the customer has an active organizational account. In addition, Safety io may continue to store such information to resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements and comply with applicable laws.

As described above, some information is processed and stored directly on the MSA device or instrument. Any account administrator can delete the information on this instrument via the relevant Safety io application.

Customers with questions or concerns, or who would like to make a request regarding the access, amendment, or deletion of personal data, please contact support@safetyio.com.

Changes to Privacy Statement

Please note that this Privacy Statement is not an agreement and may change from time to time. We will provide notice of any changes by contacting active account administrators or through the Safety io website.

[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

[2] Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

[3] DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws

Safety io Applications and Services Data Transparency Statement

It is our responsibility to be transparent about the data we collect in each of our Applications. For information about how we use the data we collect, please see our Privacy Policy.

Below you will find a table that outlines this information: