September 19, 2021

Intra-Group Personal Data Protection Statement

RED Atlas Inc. and affiliates (“RED Atlas”) are committed to compliance with their data protection obligations throughout the world. This Intra-Group Personal Data Protection Statement (“Statement”) sets out the privacy principles RED Atlas follows with respect to personal information that it transfers from the European Union, European Economic Area, and Switzerland (collectively, “EU”) or the United Kingdom (“UK”), in accordance with the EU General Data Protection Regulation (“GDPR”) and UK GDPR.

RED Atlas has implemented robust processes and protections to meet the requirements of transferring personal information to third countries in accordance with applicable data protection laws. Accordingly, the relevant RED Atlas companies have entered into Intra-Group Personal Data Protection Agreements (“IGAs”) to ensure that personal information transferred from the EU or UK is subject to appropriate safeguards, and to clearly identify the Bloomberg companies responsible for transfers of personal information from the EU or UK.

The IGAs incorporate unchanged EU Commission Standard Contractual Clauses (“SCCs”), which include specific obligations and rights around transfers of personal information and ensure that any personal information leaving the EU and/ or UK will be transferred by RED Atlas in compliance with applicable EU and UK data protection laws. The IGAs include the operational procedures and security measures we use to maintain the accuracy and integrity of personal information and protect personal information.

We regularly review and update our governance framework, including roles and responsibilities of personnel, and maintain a working group to oversee data protection regulation compliance and document results and decisions as they relate to personal information management.

We map the personal data life cycle and maintain a personal data map inventory, including documenting personal data flows within RED Atlas’s systems and any disclosures to third-party systems.

We invest in and maintain organizational, technical, and physical safeguards intended to ensure the protection of personal information. We engage in ongoing monitoring and testing of the efficacy of these safeguards. Our data centers are dedicated solely to our products, services, and operations, and have secure and monitored access controls.

We integrate personal data mapping and accountability into our product design processes and build personal data security into our development and product life cycles.

We regularly review and update our policies, procedures, and controls to address our data protection obligations. We conduct data protection executive education and tailored training programs for data protection compliance.

The RED Atlas companies involved in personal information transfer and management are identified in the IGAs as Data Exporter(s) or Data Importer(s). RED Atlas is an independent Data Controller unless otherwise specified. With respect to specific products and services where RED Atlas acts as a Data Processor to our customers, we make available to our customers additional data processing terms, including unchanged EU-Commission approved Controller-to-Processor SCCs.

CONTACT INFORMATION

Questions or comments regarding this Statement should be submitted to RED Atlas’s privacy team at the following address:

  • RED Atlas General Counsel
  • T-Mobile Center
  • B7 Cll Tabonuco Suite 1108
  • Guaynabo, 00968
  • Puerto Rico

Or by emailing privacy@atlas.red

This Statement may be amended from time to time, consistent with the requirements of applicable law, and will be effective immediately.