Data Privacy Framework

This Data Privacy Framework Notice (this "Notice") sets forth the privacy principles Zorya Analytics LLC ("Zorya Analytics," "we," "our," or "us") follows when processing personal information transferred from the European Economic Area (the "EEA"), the United Kingdom, or Switzerland to the United States.

Zorya Analytics is the provider of cloud-based analytics, data integration, and AI services specifically designed for the equipment rental industry (the "Services"). We provide analytics platforms, data transformation services, artificial intelligence solutions, and related support, consulting, implementation, and other professional services to our customers.

This Notice supplements our Privacy Policy. In case of conflict between our Privacy Policy and this Notice, this Notice prevails for personal information covered under the Data Privacy Framework.

Scope of This Notice

This Notice applies to EEA, United Kingdom, and Swiss personal information that we obtain and process in the following capacities:

• As a Data Controller: When we collect personal information directly from individuals for our own business purposes, such as customer account information, contact details, and website usage data.
• As a Data Processor: When we process personal information on behalf of our customers who use our analytics services, including equipment rental data, operational information, and customer business data.

Zorya Analytics commits to implementing privacy protections consistent with Data Privacy Framework Principles for all personal information received from the EEA, the United Kingdom, and Switzerland.

Data Privacy Framework Principles

Types of Personal Information

When Acting as a Data Controller

The categories of personal information we collect as a data controller are described in our Privacy Policy. These categories may include:

• Name, company, and contact information (email, phone, address)
• Professional title and role information
• Account credentials and authentication information
• Website usage and interaction data
• Communication preferences and marketing consents

When Acting as a Data Processor

When processing personal information as a data processor in the context of our Services, our customers determine the categories of data they upload into our platform. This may include:

• Equipment rental customer information
• Operational and business performance data
• Financial and transaction information
• Usage analytics and system logs

Our customers are responsible for providing appropriate notice to individuals whose personal information they collect and process through our Services.

Use of Personal Information

Data Controller Activities

When we process personal information as a data controller, we use it for the purposes indicated in our Privacy Policy, including:

• Providing and improving our Services
• Customer relationship management
• Technical support and customer service
• Marketing and communications (with appropriate consent)
• Legal compliance and business operations

Data Processor Activities

When we process personal information as a data processor, we do so solely:

• To provide our analytics and data processing Services
• As authorized by our customer agreements
• To provide technical support and professional services
• To address technical or security issues
• To comply with customer instructions and contractual requirements

Information Sharing and Third-Party Access

We work with a limited number of third-party service providers to assist us in providing our Services, including:

• Cloud infrastructure and hosting providers
• Technical support and monitoring services
• Professional services partners
• Security and compliance vendors

We require all our software vendors and service providers to maintain appropriate privacy and security standards, including Data Privacy Framework compliance where applicable. We maintain contracts with these third parties that restrict their access, use, and disclosure of personal information in compliance with our Data Privacy Framework obligations. We remain liable for any failure by these third parties to meet their obligations under our agreements.

We may also share personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Individual Rights and Access

Access and Correction Rights

Where appropriate, Zorya Analytics provides individuals with:

• Access to personal information we maintain about them
• The ability to correct, amend, or delete inaccurate information
• Information about how their data is processed
• The right to limit use or disclosure of their personal information

We will review requests in accordance with the Data Privacy Framework Principles and may limit or deny access where providing such access is unreasonably burdensome or expensive, or as otherwise permitted by the Principles.

Requests Related to Customer Data

When we process personal information as a data processor, our customers control how the information they upload to our Services is disclosed, used, and modified. If you wish to request access, correction, or deletion of personal information that one of our customers has uploaded to our Services, please contact the customer directly. If you provide us with the name of our customer that is processing your personal information, we will refer your request to that customer and support them as needed in responding to your request.

Dispute Resolution

In compliance with the Data Privacy Framework, Zorya Analytics commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact us using the information provided below.

For unresolved privacy complaints under the Data Privacy Framework Principles, we have committed to refer such complaints to an independent dispute resolution mechanism. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint to your satisfaction, you may contact our designated dispute resolution provider:

JAMS (Judicial Arbitration and Mediation Services)
Website: https://www.jamsadr.com/dpf-dispute-resolution

The services of JAMS are provided at no cost to you. Under certain circumstances, individuals may have the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I of the Data Privacy Framework Principles.

Regulatory Oversight

The U.S. Federal Trade Commission (FTC) has jurisdiction over Zorya Analytics' compliance with the Data Privacy Framework. Zorya Analytics is subject to the investigatory and enforcement powers of the FTC.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. When acting as a data processor, we retain personal information in accordance with our customer agreements and their instructions.

Security Measures

Zorya Analytics implements comprehensive security measures to protect personal information, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Employee training on data protection practices
• Incident response and breach notification procedures
• Vendor security requirements and assessments

International Data Transfers

When transferring personal information from the EEA, UK, or Switzerland to the United States or other countries, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) where applicable
• Adequacy decisions by relevant data protection authorities
• Implementation of privacy protections consistent with Data Privacy Framework principles
• Other legally recognized transfer mechanisms as appropriate

Updates to This Notice

This Notice may be updated from time to time to reflect changes in our practices or legal requirements, consistent with the Data Privacy Framework requirements. You can determine when this Notice was last revised by referring to the "Last Updated" date at the top of this Notice.

We will provide appropriate notice of material changes to this Notice, including by posting the updated version on our website and, where required, by direct communication to affected individuals.

Contact Information

Commitment to Privacy

Zorya Analytics is committed to protecting the privacy and security of personal information entrusted to us by our customers and users. This Data Privacy Framework Notice demonstrates our ongoing commitment to maintaining the highest standards of data protection and privacy, particularly for international data transfers.

We regularly review and update our privacy practices to ensure continued compliance with applicable laws and regulations, including the Data Privacy Framework Principles. Our commitment extends beyond mere compliance to fostering trust and transparency in all our data processing activities.

---

This Data Privacy Framework Notice is effective as of the date stated above and applies to all personal information processed under the Data Privacy Framework. For comprehensive information about our data practices, please also review our Privacy Policy and Terms of Service.