DATA PRIVACY FRAMEWORK POLICY

Effective Date: October 05, 2023

Volt Athletics, Inc. (“Volt,” “our,” “we” or “us”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (together, "Data Privacy Framework"). Volt has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Volt has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

For purposes of enforcing compliance with the Data Privacy Framework, Volt is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Data Privacy Framework, see the US Department of Commerce’s Data Privacy Framework website located at: https://www.dataprivacyframework.gov/

1. Definitions

In this Data Privacy Framework Policy:

“Customer” means any individual or entity that purchases Services from Volt.

“Customer End User” means an individual whose information is stored on a Customer’s systems.

“EU Personal Data” means any information relating to a User that identifies or can be used to identify that User, either separately or in combination with other readily available data that is received by Volt in the U.S. from the EEA or Switzerland in connection with the Services.

“Sensitive Personal Data” means EU Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.

“Services” means a Volt website, mobile application, and related support services.

“Standard Contractual Clauses” means the standard data protection clauses for the transfer of EU Personal Data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.

“User” means an individual authorized by a Customer to access and use the Services or a Customer End User whose personal data is processed by the Services.

2. Scope

Volt commits to comply with the Data Privacy Framework Principles with respect to the EU Personal Data received from Customers and Users in connection with the use of the Services. This Data Privacy Framework Policy does not apply to EU Personal Data transferred under Standard Contractual Clauses or any approved derogation under EU data protection law.

3. Data Privacy Framework Principles

Volt commits to processing EU Personal Data in accordance with the Data Privacy Framework Principles as follows:

3.1. Notice

Volt’s Privacy Policy (the “Privacy Policy”) notifies Customers and Users covered by this Data Privacy Framework Policy about the categories of EU Personal Data that Volt collects and the purposes for collection and use of their EU Personal Data. Volt will only process EU Personal Data in ways that are compatible with the purpose for which Volt collected it or for purposes later authorized.

3.2. Choice

The EU Personal Data that Volt collects from Users depends on how the User uses the Services. Please see the Privacy Policy for more information on the EU Personal Data we collect and how we collect the EU Personal Data.

All EU Personal Data is collected to operate, send marketing, manage and improve the Services, and ensure the technical functionality and security of the Services. Before Volt uses EU Personal Data for a purpose that is materially different from the purpose for which Volt collected it or that was later authorized, Volt will provide Users with the opportunity to opt out.

Volt shares EU Personal Data collected through the Services with third parties that Volt engages to help us operate the Services, improve our business or the Services, to provide Services to us (such as web hosting, data storage and similar administrative services), and to market to current and prospective Customers.

When Volt collects Sensitive Personal Data, Volt will obtain opt-in consent if Data Privacy Framework requires, including before Sensitive Personal Data is used for a different purpose than that purpose for which it was collected or later authorized.

Please send requests to opt out of uses or disclosures of EU Personal Data to privacy@voltathletics.com

3.3. Accountability for Onward Transfer

If Volt transfers EU Personal Data covered by this Data Privacy Framework Policy to a third party, Volt takes reasonable and appropriate steps to ensure that each third party transferee processes EU Personal Data transferred in a manner consistent with Volt’s obligations under the Data Privacy Framework Principles. Volt will ensure that each transfer is consistent with any notice provided to Customers and Users and any consent they have given. Volt requires a written contract with any third party receiving EU Personal Data that ensures that the third party (i) processes the EU Personal Data for limited and specified purposes consistent with any consent provided by Customers and Users, (ii) provides at least the same level of protection as is required by the Data Privacy Framework Principles, (iii) notifies Volt if it cannot comply with Data Privacy Framework; and (iv) ceases processing EU Personal Data or takes other reasonable and appropriate steps to remediate.

Under certain circumstances, Volt may be required to disclose EU Personal Data in response to valid requests by public authorities, including for national security or law enforcement requirements.

Volt remains liable under the Data Privacy Framework Principles if an agent processes EU Personal Data covered by this Data Privacy Framework Policy in a manner inconsistent with the Data Privacy Framework Principles unless Volt is not responsible for the event giving rise to the damage.

3.4. Security

Volt takes reasonable and appropriate measures to protect EU Personal Data covered by this Data Privacy Framework Policy from loss, misuse and unauthorized access, disclosure, alteration and destruction. In determining these measures, Volt takes into account the risks involved in the processing and the nature of the EU Personal Data.

3.5. Data Integrity and Purpose Limitation

Volt takes reasonable steps to ensure that such EU Personal Data is reliable for its intended use, accurate, complete and current. Volt adheres to the Data Privacy Framework Principles for as long as it retains EU Personal Data in identifiable form. Volt takes reasonable and appropriate measures to comply with the requirement under the Data Privacy Framework to retain EU Personal Data in identifiable form only for as long as it serves a purpose of processing.

Volt limits the collection of EU Personal Data covered by this Data Privacy Framework Policy to information that is relevant for the purposes of processing. Volt does not process EU Personal Data in a way that is incompatible with the purpose for which it was collected or subsequently authorized by a Customer or User.

3.6. Access

A User whose EU Personal Data is covered by this Data Privacy Framework Policy has the right to access his or her EU Personal Data and to correct, amend or delete the EU Personal Data if the EU Personal Data is inaccurate or processed in violation of the Data Privacy Framework Principles. Volt is not required to grant the rights to access, correct, amend and delete EU Personal Data if the burden or expense of providing access, correction, amendment or deletion is disproportionate to the risks to the User’s privacy or if the rights of persons other than the User are or could be violated.

Please send requests for access, correction, amendment or deletion to privacy@voltathletics.com.

3.7. Recourse, Enforcement, and Liability

In compliance with the Data Privacy Framework Principles, Volt commits to resolve complaints about your privacy and our collection or use of your EU Personal Data. Please first contact Volt with inquiries or complaints regarding this Data Privacy Framework Policy at privacy@voltathletics.com.

Volt has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to the International Centre for Dispute Resolution, an independent dispute resolution mechanism operated by the American Arbitration Association. If your complaint is not satisfactorily addressed, please visit https://go.adr.org/dpf_irm for more information and to file a complaint. Please contact us at privacy@voltathletics.com to be directed to the relevant Data Protection Authority contacts.

Under certain conditions detailed in the Data Privacy Framework, a User may be able to invoke binding arbitration before the Data Privacy Framework Panel created by the U.S. Department of Commerce and the European Commission. To learn more, please see Data Privacy Framework Annex I: Arbitral Model at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

Volt commits to periodically review and verify its compliance with the Data Privacy Framework Principles and to remedy any issues arising out of failure to comply with the Data Privacy Framework Principles. Volt acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Data Privacy Framework participants.

4. Changes to this Data Privacy Framework Policy

Volt may amend this Data Privacy Framework Policy consistent with the requirements of the Data Privacy Framework, including notice about any amendment.

5. How to Contact Volt

If you have any questions about this Data Privacy Framework Policy or would like to request access to your EU Personal Data, please contact us by:

Email:      privacy@voltathletics.com

Mail:         Volt Athletics, Inc.

                    Attn: Data Protection Officer

                    1752 NW Market St., #4410

                    Seattle, WA 98107