PURPOSE:

Strohl Systems ("Strohl") understands that it has particular obligations to its Customers under various laws including the UK Data Protection Act of 1998 ("the Act"), which seeks to protect individuals from misuse of their data by third parties; the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") which was designed to protect the transfer of information relating to the transport of health insurance coverage for workers and their families when they change or lose their jobs; or other Acts that are now, or may come, into existence. It is Strohl's desire to meet its obligations under these laws. With respect to all Customer information Strohl certifies that that it adheres to the Safe Harbor Principles.

This Policy shall be posted on www.Strohlsystems.com.

COMPLIANCE WITH SAFE HARBOR PRINCIPLES:

Notice:

Notice is a key element of any privacy policy. Strohl Systems requests information from its Customers in order to enable Strohl to enhance its Customer's visits to the Strohl web site. A Customer's participation or submission of information is completely optional and within the Customer's control. For example, Strohl Systems requests information from a Customer when the Customer:

1. Submits an inquiry requesting information
2. Responds to an online survey
3. Submits an order for products and/or services
4. Subscribes to a newsletter or a mailing list
5. Participates in a contest

In each instance, Strohl asks for personal information: including name, company, title, e-mail address, business mailing address, business telephone number and fax number. When a Customer places an order, Strohl also needs to know order information: credit or debit card number and expiration date, and billing and delivery address. This allows Strohl to process and complete the Customer's order and to notify the Customer of its order status. A customer may access his or her personal information to review and/or correct it.

Strohl uses return email addresses to answer the email it receives. Such addresses are not used for any other purpose and are not shared with third parties. The information provided is kept confidential and used to support the customer relationship with Strohl. Information regarding a Customer or its order and the products it purchases is not given or sold to any third party organization. Strohl also monitors customer traffic patterns and Site usage to help it to improve the design and layout of the Site. Strohl may also use the information it collects to notify a Customer about important changes to the Site, new Strohl Systems products and services, and special offers.

Strohl's Web site is designed to protect the privacy of its Customer's credit card information, name, address, e-mail, and any other information provided. Strohl offers industry standard security measures available through a browser with SSL encryption. If at any time a Customer would like to make a purchase, but would rather give credit card or purchase order information over the telephone, the Customer may speak with a Strohl sales representative at 1-800-634-2016/610-768-4120.

Choice: An organization must offer individuals the opportunity to choose (opt out) whether their personal information is (a) to be disclosed to a third party or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals must be provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice.

Choice ensures that consumers have choices regarding the collection of their personal data. Customers who do not wish that their data be used as described in the privacy policy can choose not to:

(1) have their data shared,
(2) have complimentary goods and services marketed to them,
(3) have their data sold to third parties or used in other ways.

Customers can access all personally identifiable information that Strohl collects online and maintains by visiting the "User Profile" page in the secured My Strohl portion of Strohl's Web Site. Strohl uses this procedure to better safeguard Customer information. Customers can correct and submit factual errors in a Customer's personally identifiable information via the "User Profile Update Form" or by sending Strohl a request that credibly shows errors. To protect the Customer's privacy and security, Strohl will also take reasonable steps to verify a Customer's identity before granting access or making corrections.

Strohl never uses or shares the personally identifiable information provided to it online in ways unrelated to the ones described above without also providing Customer an opportunity to opt-out or otherwise prohibit such unrelated uses.

Safe Harbor Sensitive Information Principle: For sensitive information (i.e. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), they must be given affirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt in choice. In any case, an organization should treat as sensitive any information received from a third party where the third party treats and identifies it as sensitive.

For sensitive information, affirmative or explicit (opt in) choice is given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.

During the course of providing consulting services for Customers, and as Customers experience problems with one or more of the databases contained within any of Strohl's BCP business recovery software packages supplied to Customer by Strohl, Strohl may provide Customer with consulting, technical support and maintenance services to diagnose problems and fix the database(s) (“Services”). Those Services may require Strohl's access to Customer databases that may contain sensitive information. In those instances:

Strohl agrees and warrants:

a. to process the Information only on behalf of the Customer and in compliance with the Customer's instructions. If Strohl cannot provide such compliance for whatever reason, Strohl will promptly inform the Customer of Strohl's inability to comply in which case the Customer may suspend the provision of the Information to Strohl and/or request the immediate return of some or all of the Information;

b. that Strohl will keep the Information secure from third party access or disclosure by means of appropriate technical and organizational security measures;

c. that Strohl will promptly notify the Customer about (i) any legally binding request for disclosure of the Information by a law enforcement authority unless otherwise prohibited (such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation) and (ii) any accidental or unauthorized access by or disclosure to a third party;

d. to deal promptly and properly with any inquiries by the Customer relating to Strohl's processing of the Information (including the submission of Strohl's processing activities for an audit in respect of the measures taken at clause (b) above);

e. that Strohl will indemnify the Customer for any costs, charges, damages, expenses or loss the Customer may incur as a result of any violation by Strohl (including by your employees) of any of Strohl's obligations under this Policy;

f. that Strohl will not sub-contract any of the Services under this Policy without first obtaining the Customer's prior written consent;

g. that unless otherwise instructed by the Customer, Strohl will on completion of the Services return all the Information to the Customer (including any copies thereof) or on the instruction of the Customer destroy the Information and certify to the Customer that Strohl have done so; and

In addition, Strohl agrees to abide by the following terms of confidentiality:

Strohl may receive certain Confidential Information (as defined below) relating to the Customer's business. It is acknowledged that the Customer desires to protect the confidentiality of that information.

In consideration of the Customer granting Strohl the use Customer's database(s) in accordance with the terms of the Services, Strohl hereby covenants and agrees as follows:

1. The “Confidential Information” covered by this undertaking includes:

(i) all copyright materials, operations, procedures, methods, know-how, plans, techniques and processes involved in or relating to the Customer and its business; and

(ii) all other information (including information relating to the Customer's markets, or any securities which are traded on those markets) relating to the Customer's services, systems, users, employees, strategic plans, clients, financial or contractual arrangements or other dealings, transactions or affairs, reports, documents or recommendations.

2. Strohl shall keep the Confidential Information strictly secret and confidential at all times and shall not disclose or divulge any of the Confidential Information directly or indirectly to any person, firm or company whatsoever (other than those of its employees who will be directly involved in the Services, but only on a need-to-know basis) without the Customer's prior written consent. Strohl shall not make any copies of the Confidential Information or otherwise disseminate any of the Confidential Information without the Customer's prior written consent.

3. The protection to be accorded to the Confidential Information hereunder does not and shall not extend to any Confidential Information which it can be proved by documentary evidence produced by the receiving party upon the written request of the disclosing party:

(i) is already known to it or in its possession before the disclosure hereunder free of any obligation to keep it confidential;

(ii) is or becomes publicly known through no wrongful act or default of it;

(iii) is received from a third party without similar obligations of confidence and without breach of this Undertaking;

(iv) is already possessed or independently developed by it;

(v) is disclosed to a third party by the disclosing party without similar restrictions on the third party's rights; or

(vi) is approved for release by written authorization of the disclosing party.

4. Strohl shall only use the Confidential Information for the purpose of the Services, and shall advise all relevant employees of their obligations of trust and confidence with respect to the Confidential Information and to take all necessary steps to ensure compliance by such employees.

5. No license, trademark, patent, copyright or other intellectual property rights, is either granted or implied by disclosure of Confidential Information under this Confidentiality Undertaking.

6. Strohl shall, whenever asked to do so by the Customer, return to the Customer promptly all Confidential Information, and any copies of it (in whatever form).

Onward Transfer: To disclose information to a third party, organizations must apply the Notice and Choice Principles. Where an organization wishes to transfer information to a third party that is acting as an agent, as described in the endnote, it may do so if it first either ascertains that the third party subscribes to the Principles or is subject to the Directive or another adequacy finding or enters into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant Principles. If the organization complies with these requirements, it shall not be held responsible (unless the organization agrees otherwise) when a third party to which it transfers such information processes it in a way contrary to any restrictions or representations, unless the organization knew or should have known the third party would process it in such a contrary way and the organization has not taken reasonable steps to prevent or stop such processing.

This principle is intended to assure that there is as little "leak-out" of data from Safe Harbor protections as possible.

Strohl Systems does not sell, trade or rent Customer personal information to others. Strohl is committed to protecting its Customers' privacy and will only use personal information provided by the Customer in support of its relationship with Strohl. From time to time, with a Customer's permission, Strohl may provide a Customer's personal information to third parties in the business continuity field.

Strohl never uses or shares the personally identifiable information provided to it online in ways unrelated to the ones described above without also providing Customer an opportunity to opt-out or otherwise prohibit such unrelated uses.

Security: Organizations creating, maintaining, using or disseminating personal information must take reasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction.

The principle of security applies to how an organization stores, processes, maintains and protects customer information. Organizations should take steps to secure personally identifiable information.

From time to time it is imperative for Strohl Systems to receive a database from a Customer in order to troubleshoot an issue. When Strohl agrees to accept a Customer's database(s) it requires the Customer to email the relevant portion of the database(s) password protected or encrypted to Strohl. It is understood that the database may contain a series of confidential personal data that may include, but not be limited to names, positions, contact numbers and residential addresses (“the Information”).

Strohl's internal policy assures that all databases received from Customers are only used in troubleshooting an issue known to the respective Customer. Once the issue has been resolved and/or within two (2) weeks of receiving the database all existing copies are destroyed.

Strohl maintains all personal information secure from third party access or disclosure by means of appropriate technical and organizational security measures

All Strohl employees are required to sign Confidentiality and Non-Disclosure Agreements upon hire.

Data Integrity: Consistent with the Principles, personal information must be relevant for the purposes for which it is to be used. An organization may not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, an organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.

The data integrity principle minimizes the risk that personal information would be misused or abused because the organization is collecting only relevant information, there is less opportunity to misuse and abuse personal information.

Strohl only uses personal information for the purpose of the Services, and advises all relevant employees of their obligations of trust and confidence with respect to the personal information and takes all necessary steps to ensure compliance by such employees.

Access:Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.

Customers are not only concerned about what data is being collected about them; they are also concerned that this information is correct and timely. Providing access to the data collected about an individual allows that person to check the stored information and ensure that it is up-to-date and correct, and that Strohl is doing what it says it is doing about collecting and retaining data.

Allowing Customers to access and correct information collected about them can greatly increase Customer's confidence by assuring users that they will only receive further information about other goods and services that are of interest to them or that their goods will be delivered promptly and properly. At the same time, Strohl benefits from having accurate customer information.

Strohl's Customers can access all personally identifiable information that Strohl collects online and maintains by visiting the "User Profile" page in the secured My Strohl portion of Strohl's Web Site. Strohl uses this procedure to better safeguard Customer information. Customers can correct and submit factual errors in a Customer's personally identifiable information via the "User Profile Update Form" or by sending Strohl a request that credibly shows errors. To protect the Customer's privacy and security, Strohl will also take reasonable steps to verify a Customer's identity before granting access or making corrections.

Enforcement: Effective privacy protection must include mechanisms for assuring compliance with the Principles, recourse for individuals to whom the data relate affected by non-compliance with the Principles, and consequences for the organization when the Principles are not followed. At a minimum, such mechanisms must include (a) readily available and affordable independent recourse mechanisms by which each individual's complaints and disputes are investigated and resolved by reference to the Principles and damages awarded where the applicable law or private sector initiatives so provide; (b) follow up procedures for verifying that the attestations and assertions businesses make about their privacy practices are true and that privacy practices have been implemented as presented; and (c) obligations to remedy problems arising out of failure to comply with the Principles by organizations announcing their adherence to them and consequences for such organizations. Sanctions must be sufficiently rigorous to ensure compliance by organizations.

The Safe Harbor private sector enforcement has three components: verification, dispute resolution, and remedy. Organizations are required to have procedures for verifying compliance, either independent or self-assessment, to have in place a dispute resolution system that will investigate and resolve individual complaints and disputes, and to remedy problems arising out of a failure to comply with the principles.

PERSONAL DATA FROM THE EUROPEAN UNION

Strohl Systems commits to employing effective mechanisms for assuring compliance with the Safe Harbor Principles and provides (a) recourse for individuals to whom the data relate, (b) follow up procedures for verifying that the attestations and assertions they have made about their privacy practices are true, and (c) obligations to remedy problems arising out of failure to comply with the Principles and consequences for such organizations.

Strohl Systems, in order to cooperate with the European Union Data Protection Authorities ("DPAs"),:

1. elects to satisfy the requirement in points (a) and (c) above by committing to cooperate with the DPAs;

2. will cooperate with the DPAs in the investigation and resolution of complaints brought under the safe harbor; and

3. will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Safe Harbor Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.

With respect to human resources data the independent recourse mechanism shall be the "European Union Data Protection Authorities."

COMPLAINTS

How to contact us. Customers are encouraged to raise any complaints they may have with Strohl before proceeding to independent recourse mechanisms. Notices should be sent to:

Strohl Systems
631 Park Avenue
King of Prussia, PA 19406
USA
Attn: Legal Affairs

Should you have other questions or concerns about these privacy policies, please call Steve Signore at +1-800-634-2016 or +1-610-768-4120 or send an email to ssignore@strohlsystems.com.

Mediation. The parties shall attempt in good faith to resolve any dispute arising relating to the performance hereunder promptly by negotiation between executives who have authority to settle the controversy. Any party may give the other party written notice of any dispute not resolved in the ordinary course of business. Within fifteen (15) days after delivery of the notice the party receiving the notice shall submit to the other a written response. The notice and the response shall include: 1) a statement of each party's position(s) regarding the matter(s) in dispute and a summary of arguments in support thereof and 2) the name and title of the executive who will represent that party and any other person who will accompany that executive. Within thirty (30) days after delivery of the notice, the designated executives shall meet via conference telephone or at a mutually acceptable time and place, and thereafter as often as they reasonably deem necessary, to attempt to resolve the dispute. All reasonable requests for information made by one party to the other shall be honored in a timely fashion. All negations conducted pursuant to this section (and any of the parties' submissions in contemplation hereof) shall be kept confidential by the parties and shall be treated by the parties and their respective representatives as compromise and settlement negotiations for purposes of the Federal Rules of Evidence and any similar state rules. In the event the parties are unable to resolve any disputes arising hereunder pursuant to this section within thirty (30) days following the executives meeting or such longer period of time as may be mutually agreed to prior to the commencement of any cause of action or other proceeding, either party (the "claimant") may give written notice to the other (hereinafter "respondent") of its intention to pursue legal and/or equitable relief. The terms of this section shall not prevent a party from initiating litigation in order to meet statutory deadlines which, if not met, would other preclude such litigation.

Arbitration. Any controversies among the parties arising out of the performance hereunder, that cannot be resolved pursuant to the Mediation section above shall be finally settled under the Commercial Rules of the American Arbitration Association, as then in effect, by a single arbitrator appointed in accordance with said Rules and sitting in Philadelphia, Pennsylvania. The arbitrator will render a decision not later than sixty (60) days after the matter has been submitted, and such decision shall be in writing and shall be final and binding on both parties. The decision of the arbitrator may be entered as a final decree or judgment in any court of competent jurisdiction. The arbitrator shall not have authority to take any action or fashion any remedy that is not consistent with this Agreement. The arbitration proceedings will be held in a location as may be agreed upon by the parties. Notwithstanding the foregoing, the parties may seek injunctive relief from a court having jurisdiction. The cost of the arbitration shall be borne equally by the parties. Pennsylvania law shall govern the arbitration.