Connexions Loyalty, Inc.

Privacy Policy For Information Received From Our European Affiliates, Clients, and Employees

We at Connexions Loyalty, Inc. (referred to as "Connexions” "We," "Us," or "Our") recognize the importance of protecting the privacy of certain Personal Information (as defined herein) that We may receive from (i) Our current and former European affiliates and clients about their customers or clients and (ii) our European employees (together with such customers and clients, referred to as "You" or "Your"). This Privacy Policy discloses the purposes for which We receive and use Your Personal Information, how We use it, how to contact Us with any inquiries or complaints, and how to correct, change, or delete it. At Connexions, it is Our intention to give You a complete and accurate understanding about how We receive Your information and the use We make of it in the course of Our business. You can be assured that Connexions will not disclose Your Personal Information to third parties without Your consent, except as may be noted in this Privacy Policy.

Compliance with Safe Harbor Principles

Connexions complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Connexions has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Connexions’ certification, please visit http:www.export.gov/safeharbor/.

What Does Connexions Treat as Personal Information?

"Personal Information" is any information or data about You that in itself, or as part of a unique combination of information, specifically recognizes You by unique descriptors and/or identifiers. Examples of Personal Information are name, address, credit card number, bank or financial account number, and social security number. Personal Information does not, however, include publicly available information. Connexions recognizes that You have an expectation about how Your Personal Information will be used and safeguarded. Connexions takes very seriously its commitment to ensure that such expectations are reasonably met, including the implementation of sound policies and business practices designed to diminish the unauthorized use of Personal Information for purposes such as the falsification of identity, unauthorized transactions in Your name, and/or the sale of Personal Information to third parties such as telemarketing firms. As a general rule, Connexions will not (within the scope of the European Directive 95/46/EC (the “Directive”)) disclose any specific Personal Information that We receive about You from our current and former European affiliates and clients or our European employees (collectively referred to as “Disclosing Parties”) in a manner that connects You with the Personal Information.

How Does Connexions Receive Your Personal Information?

Connexions acts as a data processor for its current and former European affiliates and clients and supports their business offerings purely as a data processor as defined in the Directive. In doing so, We act at the specific direction of, and in accordance with written instructions provided by, the relevant affiliate outlining the authority granted to Connexions as the data processor. The data that we receive from such Disclosing Parties includes customer data (such as Your Personal Information) housed in the databases of such affiliate, which data is transmitted by the affiliate, via a secured link (like a Virtual Private Network) using appropriate encryption mechanisms, to Our database servers or transmitted by You to Us in connection with our services as a service provider to such Disclosing Parties. Although it is ultimately the responsibility of the affiliate to ensure the integrity of the data it transmits to Us, We take reasonable steps to ensure that the data remains reliable, accurate, complete, and current, and that it is used solely for the intended purposes for which it was collected. We also act as a data controller for Personal Information we receive directly from our European employees. The data that we receive is housed in secure databases and processed solely for the intended purposes for which it was collected.

Onward Transmission:

As a general rule, Connexions will not disclose any specific Personal Information about You that We receive from the Disclosing Parties or You, except when We have Your permission or under certain circumstances as described below. We receive and use Personal Information for Our business purposes only, and as specifically instructed by the Disclosing Parties. The following describes some of the ways that Your Personal Information may be disclosed by Connexions:

Third Party Contractors:

We disclose Your Personal Information to third party contractors who are acting as Our agents for the purposes of fulfilling Our data processing obligations to the Disclosing Parties and in connection with the provision of Our services to them. In such cases, We shall enter into a written agreement with such third party contractors requiring that they provide at least the same level of privacy protection as is required by the Safe Harbor Principles.

Others:

Connexions may also disclose Personal Information in special cases when We have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with any of Connexions’ rights or property, other customers or clients of Connexions, or anyone else. Connexions may disclose Personal Information when We believe in good faith that the law requires it and/or as otherwise permitted by the Safe Harbor Principles. If We become involved in a merger, acquisition, or any form of sale of some or all of Our assets, any Personal Information about you involved in such transactions will upon effectiveness of such transaction, remain subject to the privacy policy that your Personal Information is subject to immediately prior to the transaction.

How Can You Control the Usage Of Your Personal Information?

Given that Connexions is only acting as a data processor on behalf of, and at the specific direction and instruction of, its current and former European affiliates and clients, we are not entitled to modify, change, amend or otherwise alter Your Personal Information unless otherwise instructed directly by such Disclosing Parties. Where we act as a data controller with respect to employee data, we may use the data for legitimate business purposes including but not limited to staff administration, maintaining relevant records for HR purposes and other personnel matters in relation to staff. Accordingly, We will promptly forward to the relevant affiliate from which We received Your Personal Information any request We may receive from You to correct, update or delete such Personal Information. We will coordinate any responses and/or inquiries that We may receive from such Disclosing Parties in response to Your requests, and will promptly comply with any related instructions We may receive from such Disclosing Parties relating to the processing of Your Personal Information (including any corrections, updates or deletions to such Personal Information). We will also reasonably cooperate with the applicable European and Swiss Data Protection Supervisory Authority in the course of any inquiries it may have, and will reasonably comply with the advice of such Supervisory Authority, with regard to Our processing of Your Personal Information. If, at any time, You wish to update, change, limit, or delete Your Personal Information, You may contact Connexions’ Information Protection Officer, Brian Fisher, at (203) 956-1000 (telephone), (203) 956-8789 (fax), or bfisher@affiniongroup.com, who will forward Your request to the relevant affiliate.

Data Security

The security of all Personal Information associated with Our clients, customers and employees is an important concern to Us. We take reasonable industry-standard precautions to safeguard the confidentiality of Your Personal Information, and to protect Your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We exercise care, as a data recipient, in ensuring a secure transmission of Your Personal Information from the Disclosing Parties to Our servers. We require that such transmissions be made via a secured link (like a Virtual Private Network ("VPN")) using appropriate encryption mechanisms. Unfortunately, no data transmission over a VPN can be guaranteed to be 100% secure. As a result, while We strive to protect Your Personal Information, Connexions and Connexions-affiliates cannot guarantee or warrant the security of any such Personal Information.

Enforcement

Connexions has instituted a self-regulatory and assessment program for ensuring verification and adherence to the Safe Harbor Privacy Principles. This may consist of regular information protection reviews by us or certain Disclosing Parties, including privacy information reviews, physical security reviews, disaster recovery planning, testing and reviews, internal and external audits of Connexions’ security, and onsite and survey reviews by certain Disclosing Parties. Vulnerability reviews by Connexions or Our designated third party agents are also performed periodically. Connexions’ privacy policies and practices are in accordance with the aforementioned program and the Safe Harbor Principles. If You wish to file a complaint or have any objections about the way We use or disclose Your Personal Information, please follow Our Dispute Resolution process below.

Dispute Resolution

In addition to the establishment of internal controls and dispute resolution procedures for ensuring compliance with the Safe Harbor Principles, Connexions has implemented an independent recourse mechanism whereby Your complaints and disputes can be investigated and resolved. To that end, Connexions has committed to cooperate with data protection authorities located in the European Union and the Swiss Federal Data Protection and Information Commissioner, or their authorized representatives. If You wish to file a complaint or have any objections about the way We use or disclose Your Personal Information, You may contact Connexions' Information Protection Officer, Brian Fisher, at (203) 956-1000 (telephone), (203) 956-8789 (fax), or bfisher@affiniongroup.com. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve Your complaint where necessary.