Privacy Shield Statement

Policy Statement

PlanGrid Inc. (“PlanGrid”), including its wholly-owned subsidiaries, complies with the U.S.-EU Privacy Shield Framework, including the Supplemental Principles, and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (collectively, the “Principles”). PlanGrid has certified that it adheres to the Principles with respect to its services and the collection, use, and retention of certain Personal Data (as defined below) transferred from the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”) to PlanGrid in the United States (“U.S.”). This Policy sets forth the standards under which PlanGrid will treat such Personal Data. To learn more about the Principles and to view PlanGrid’s certifications, please visit: https://www.privacyshield.gov/.

U.S. Federal Trade Commission Jurisdiction

PlanGrid’s commitments under the Principles are subject to the jurisdiction and enforcement and investigatory authority of the United States Federal Trade Commission.

Third Party Transfers

PlanGrid may share personal data with third parties under certain circumstances described in our Privacy Statement. PlanGrid’s obligations under Privacy Shield extend to third parties acting as agents who help us run our business and provide your services, and PlanGrid remains liable should a third party acting as our agent process personal data subject to this policy in a manner inconsistent the with this policy, except where PlanGrid is not responsible for the event giving rise to the damage.

We may also disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Recourse Mechanism

Inquiries and complaints relating to PlanGrid’s treatment of Personal Data and its compliance with the Principles may be directed to privacy@plangrid.com

PlanGrid will respond to any such inquiries or complaints within forty-five (45) days. In the event that PlanGrid fails to respond or its response is insufficient or does not address the concern, PlanGrid has registered with JAMS to provide independent third party dispute resolution at no cost to the complaining party. Contact JAMS and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint here. Complaining parties may also, in absence of a resolution by PlanGrid and JAMS, seek to engage in binding arbitration through the Privacy Shield Panel.

PlanGrid will cooperate with the United States Federal Trade Commission and any data protection authorities of the EU Member States (“DPAs”), the Swiss Federal Data Protection and Information Commissioner (“Swiss Commissioner”), and/or the UK Information Commissioner’s Office (“ICO”) in the investigation and resolution of complaints that cannot be resolved between PlanGrid and the complainant that are brought to a relevant DPA.

PlanGrid also commits to periodically reviewing and verifying the accuracy of this Policy and the company’s compliance with the Principles, and remedying issues identified. All employees of PlanGrid that have access to Personal Data covered by this Policy in the U.S. are responsible for conducting themselves in accordance with this Policy. Failure of an PlanGrid employee to comply with this Policy may result in disciplinary action up to and including termination.