The Rough Notes Privacy Policy

The Rough Notes Company, Inc.
Privacy Policy
Effective Date: June 11, 2018


The Rough Notes Company (“Rough Notes,” “we,” “us,” “our”) respects your privacy, and takes
the responsibility of protecting the personal information that you provide to us via our website (the
“Site”) very seriously. The following Privacy Policy describes how we collect, use, and disclose
information we receive from users of the Site, including users in the European Economic Area
(“EEA”) (collectively, “you” or “users”). For the purposes of compliance with the EU General
Data Protection Regulation (“GDPR”), we are the “controller” of Personal Data (defined below)
we receive from you via the Site.


Scope


The Privacy Policy applies to the Site, which includes www.roughnotes.com, its subdomains, and
all of the websites and internet properties owned or operated by us, regardless of the medium in
which the Site is accessed by a user (e.g., via a web or mobile browser).


The Information We Collect


We collect three types of information from users of the Site:


Personal Data means any information relating to an identified or identifiable natural person.
Examples of Personal Data we collect from users include first and last names, company names,
email addresses, telephone numbers, usernames and passwords for accessing Rough Notes
products and services, and IP addresses.


Usage Data means any non-personally identifiable information that is automatically collected
anytime you visit a Rough Notes webpage, including information such as browser type and
referring websites.


Financial Data means any information needed to facilitate the purchase of items or services on
the Site, including credit card information.


Users may be referred to as Data Subjects in the Privacy Policy. Data Subjects means an identified
or identifiable natural person as set forth in the GDPR.


Children Under the Age of 13


The Site is not intended for children under 13 years of age. We do not market to and do not
knowingly collect any Personal Data from or about a child under the age of 13 without the consent
of the child’s parent or legal guardian. If we discover that we have inadvertently collected
information from a child under 13 years of age, we will promptly take all reasonable measures to
delete such information from our systems.

How We Collect Information


We collect Personal Data when you voluntarily provide such information through the Site or other
communications. For example, we receive Personal Data when you visit the Site, create an online
user account, subscribe to our blog, submit various online forms, complete online purchases, and
contact us via telephone, mail, or email.


We automatically record Usage Data on our server logs that your browser transmits when you use
the Site. We also collect Usage Data about how you access and interact with the Site through the
use of automated tracking technology, such as cookies. Please find more information about our
use of cookies below.


We collect Financial Data when you voluntarily provide such information through the Site to
complete online purchases of items and services we offer.


How We Use and Disclose Information


General Uses and Disclosures. We use and share the information we collect from users for the
purposes described below. To perform the following tasks, Rough Notes may transfer your data
to countries outside the United States and EEA using appropriate safeguards when necessary.
When necessary, we will obtain your consent before using your data for these purposes:

  • Provision of Services to Website Users. If you use the Site, we will use your information
    to process and respond to your requests, comments, inquiries, and other forms you submit
    through the Site.
  • Process Online Purchases. We use your Financial Data to process any purchases made
    on the Site, including disclosure of your Financial Data to third party payment processors.
  • Improving our Services. We use your information to enhance our understanding of our
    users’ preferences and optimize the performance of the Site.
  • Disclosures to Service Providers. We share your information with third-party service
    providers that assist us with hosting and maintaining the Site, processing credit card
    information, analyzing online activity on the Site, marketing our services, and managing
    our daily business operations and delivery of the Site. We share only the minimum amount
    of Personal Data with these service providers that they need to perform their tasks. We
    also enter into contracts with these service providers that require them to protect Personal
    Data.
  • Compliance with Legal Obligations. We will share your information with law
    enforcement, government officials, regulatory agencies, or other parties when we are
    required to do so by applicable law. We will also disclose your information to comply with
    a judicial proceeding, court order, subpoena, or legal process.
  • Protection of Individual’s Vital Interests. In emergency situations, we will use or share
    your information when doing so is necessary to protect an interest that is essential for an
    individual’s life.
  • Other Legitimate Interests. We will use and disclose your information when necessary
    for Rough Notes’ legitimate interests, as long as such interests are not overridden by our
    users’ interests, rights, and freedoms with respect to their Personal Data.

How to Withdraw Your Consent


At any time, Data Subjects from the EEA may withdraw consent you have provided to us for using,
disclosing, or otherwise processing your Personal Data. You may withdraw your consent by
emailing Rough Notes at rnc@roughnotes.com, and following the instructions in our
communication to you.

Please note that your withdrawal of consent to process certain Personal Data about you (1) may
limit our ability to deliver services to you and (2) does not affect the lawfulness of our processing
activities based on your consent before its withdrawal.


Use of Cookies and Other Technology


To enhance your experience with the Site, many of our pages use “cookies.” Cookies are text
files that are placed on your computer to store your preferences or for other record-keeping
purposes. Cookies and other user tracking mechanisms (e.g., local shared objects), by
themselves, do not tell us your email address or other personally identifiable information unless
you choose to provide this information to us by, for example, registering at the Site. However,
once you choose to furnish us with personally identifiable information, this information may be
linked to the data stored in the cookie or other tracking mechanisms. We may use cookies and
other user tracking mechanisms, including “persistent cookies”, which will remain on your
computer even after you close your browser, to understand website usage and to improve the
content and offerings on the Site. For example, we may use cookies to personalize your
experience at the Site and to save your password in password-protected areas. We also may use
cookies to offer you products, programs, or services. While most browsers are set to accept
cookies and other tracking devices by default, you can set yours to refuse tracking devices or to
alert you before accepting them. However, by disabling tracking devices, you may not have
access to the entire set of features of the Site. Your browser manufacturer has information on
changing the default setting for your specific browser.


Rough Notes also uses standard internet technology, such as web beacons and similar
technologies, to track your use of the Site or to track your response to email messages that we
send you in connection with the Site. Web beacons (sometimes called transparent GIFs, clear
GIFs, or web bugs) are small strings of code that provide a way for us to deliver a small graphic
image on a web page or in an email. Web beacons can recognize certain types of information on
your computer such as cookies, the time and date a page is viewed, and a description of the page
where the web beacon is placed. We may use web beacons to improve your experience with the
Site, including to provide you with content customized to your interests and to understand
whether users read email messages and click on links contained within those messages so that
the Site can deliver relevant content. Our web beacons may collect some contact information
(for example, the email address associated with an email message that contains a web beacon).


You can choose to accept or decline cookies. Most web browsers automatically accept cookies,
but you can usually modify your browser setting to decline cookies if you prefer. Please be
aware that declining cookies may prevent you from taking full advantage of the Site.

Your Rights


Data Subjects from the EEA have the following rights under the GDPR:

  • To access the Personal Data we maintain about you;
  • To be provided with information about how we process your Personal Data;
  • To correct your Personal Data;
  • To have your Personal Data erased;
  • To object to or restrict how we process your Personal Data; and
  • To request your Personal Data to be transferred to a third party.

To exercise the above rights, please contact us at the information provided below. We will
consider and process your request within a reasonable period of time. Please be aware that under
certain circumstances, the GDPR may limit your exercise of these rights.


Retention of Personal Data


We will retain your Personal Data only as long as necessary to process request or other submission,
fulfill the terms of our service contract with you, and comply with applicable law.


External Links


The Site may contain links to other websites. We do not endorse or make any representations or
warranties concerning, and will not in any way be liable for, any informational content, products,
services, software, or other materials available on an external website, even if one or more pages
of the external website are framed within a page of this Site. Please be aware that we are not
responsible for the privacy practices or policies of such other websites.


Security of Personal Data


Unfortunately, no data transmitted over or accessible through the internet can be guaranteed to be
secure. As a result, while we attempt to protect all Personal Data, we cannot ensure or warrant
that Personal Data will be completely secure from misappropriation by hackers or from other
nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a
telecommunications network. In accordance with applicable law(s), we will notify you in the event
we become aware of a security breach involving your Personal Data stored by or for us.


How to File a Complaint


You may file a complaint regarding the Privacy Policy or our privacy practices by contacting us
at the information we provide below. Additionally, Data Subjects from the EEA may file a
complaint with EU data protection authorities (DPAs). A list of DPAs from the European
Commission may be found here:
http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061.


You may also contact us to be directed to the appropriate DPA contact(s).

Contact Information


If you would like to contact us with questions or comments, you can reach us at:


Attn: Charlene Taylor, Corporate VP/CFO
The Rough Notes Company, Inc.
11690 Technology Drive
Carmel, Indiana 46032
Phone: (317) 582-1600
E-mail: rnc@roughnotes.com
Fax: (800) 321-1909


Updates to the Privacy Policy


We may periodically revise the Privacy Policy in our sole and absolute discretion to reflect changes
in the law or our business practices. If we revise the Privacy Policy, we will post the updated
Privacy Policy on the Site. Changes to the Privacy Policy will become effective and will apply to
the information collected starting on the date we post the revised Privacy Policy.


I\13209641.1