RVM Enterprises Incorporated
EU Safe Harbor Privacy Policy

RVM Enterprises Incorporated (“RVM”), is committed to complying with all laws and regulations enacted for the protection of the privacy of individuals who are RVM’s customers and clients or are customers or clients of third parties for whom RVM is providing services.  RVM pledges to implement, maintain and monitor compliant security protocols for the benefit of those who entrust us with their personal information.  RVM’s employees, agents, contractors, affiliates and all RVM customers and clients dealing with information subject to the rules and requirements of the European Union (“EU”), Safe Harbor Privacy Policy trust and expect RVM to protect and safeguard their personal information in a manner  consistent with the standards set forth in the Safe Harbor Privacy Policy. RVM is committed to compliance with the Safe Harbor Agreement between the United States and the EU, with respect to Personal Data collected and processed in the ordinary course of engagements with RVM’s customers and clients.   RVM’s EU Safe Harbor Privacy Policy (the “Policy”) will govern the privacy principles, procedures and protocols that RVM has committed to follow with respect to the transfer of Personal Data from the EU to the United States.

SAFE HARBOR

The United States Department of Commerce and the EU’s European Commission have agreed on a set of data protection principles that enable U.S. companies who comply to satisfy the EU’s privacy law requirement that personal information transferred from the EU to the United States be adequately protected from wrongful disclosure and use.  As allowed by the agreed data protection principles, RVM has self-certified that it is compliant with the U.S. Department of Commerce’s Safe Harbor Framework pursuant to the EU Directive 95/46/EC on Data Protection.  That directive applies to all personal data transferred outside the 27 European Member Nations.  See the chart below for a current list of EU and the European Economic Area (“EEA”) member states to which the Directive applies.

SCOPE

At RVM, we deploy data security protocols designed to comply with both US and EU privacy laws, rules and regulations to ensure that all personal data is treated with the utmost care.  RVM understands and respects the individual’s rights to privacy and has modified or adopted internal policies and procedures to incorporate the principles set forth by the EU Safe Harbor Privacy Policy.

DEFINITIONS

Agent: The term “Agent” means any third party that comes into contact or possession or uses any personal information provided to the Agent by RVM necessary for the Agent to perform a task for the benefit of an RVM customer or client while under the instructions and supervision of RVM.

Personal Information: The term “Personal Information” means any information that comes into the possession of RVM during any customer or client engagement that can be used to identify a person (“data subject”) or that can be reasonably used to identify an individual (also a “data subject”).  Personal data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

Sensitive Personal Information: The term “Sensitive Personal Information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life.  Such information will be treated as Sensitive Personal Information when RVM receives it from a third party who or that treats and identifies the information as Sensitive Personal Information.

Processor: The term “Processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Controller: The term “Controller” means the natural legal person, public authority, agency or any other body which or who alone, or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the Controller or the specific criteria for his nomination may be designated by national or community law.

RVM SAFE HARBOR PRIVACY PRINCIPLES

NOTICE: RVM will, when required by the US Safe Harbor Privacy Policy and the EU Directive 95/46/EC on Data Protection (“the EU directive”), inform individuals about the purpose for which RVM will collect and use personal data, the type of non-agent third parties, if any, to which RVM will disclose the information.  The individuals will also be provided with information about the Safe Harbor Policy and the EU Directive choices and means offered by RVM for limiting the use or disclosure of the personal data.   With respect to the “Data Directives” as that term is defined under the EU Directive and when RVM is acting as a Data Processor, we, as authorized by the EU Directive, reserve the right to process personal information on behalf of and under the direction of our client or customer without providing notice to individuals.    Should RVM have to collect personal data in the EU under the direction of an RVM client or customer, RVM will only collect personal data that is relevant to the engagement.  In addition, when required by the US Safe Harbor Privacy Policy and the EU Directive, RVM will notify the individual from whom the personal data is being collected with the type of personal data being collected and the purpose of its intended use.

CHOICE: RVM will, when required by the US Safe Harbor Privacy Policy and the EU Directive, offer an individual the opportunity to choose to opt out and stop personal data from: (i) being shared with a non-agent third party; or (ii) used for the purpose other than that for which the personal data were originally collected or subsequently authorized by the individual.

In all cases, RVM will give an individual about whom Sensitive Personal Information is being collected under any engagement an affirmative choice to “opt in” and allow Sensitive Personal Information being collected to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual.

RVM is committed to provide individuals with reasonable methods in order to exercise their choices.

TRANSFER AND DISCLOSURE: RVM will not transfer or disclose an individual’s Personal Data to a third party without the consent of RVM’s clients or customers unless: (i) the individual about whom the Personal Information is being collected has consented to the transfer or disclosure; (ii) the Personal Data is already publicly available; or (iii) the proposed transferee is already certified compliant with the US Safe Harbor Privacy Policy and the EU Directive.

ACCESS AND CORRECTION: RVM will, when required by the US Safe Harbor Privacy Policy and the EU Directive, provide individuals, about whom Personal Data is being collected, access to their Personal Data for the purpose of correcting, amending or deleting inaccurate information.  RVM will take reasonable steps to delete Personal Information that is deemed to be inaccurate or incomplete.  Any such individual’s access to Personal Data being collected to monitor its accuracy will be governed by the same standards applicable to RVM under the US Safe Harbor Privacy Policy and the EU Directive.

SECURITY: RVM will take reasonable precautions to protect Personal Date from loss, misuse and unauthorized access, disclosure, alteration and destruction.  In addition, RVM has adopted and implemented an array of security protocols to safeguard any and all Sensitive Personal Information and Personal Data that we possess and/or collect.

DATA INTERGRITY: RVM will use Personal Data in ways that are compatible with the purpose for which the data was collected or subsequently authorized by the individual or customer/client,  as the case may be.  RVM will take reasonable steps to ensure Personal Data is relevant to its intended use, accurate, complete and current.

ENFORCEMENT AND DISPUTE RESOLUTION:  As authorized by the US Safe Harbor Privacy Policy and the EU Directive, RVM will allow individuals and/or customers/clients, as the case may be, the opportunity to directly audit RVM’s procedures and protocols used when collecting and handling their Personal Data.   Such audit requests must be in writing and sent to the Corporate Privacy Officer at the address indicated below.  We will review all audit requests submitted in writing for the purpose of determining whether or not our procedures and protocols being used are consistent with the US Safe Harbor Privacy Policy and the EU Directive.  It is RVM’s policy to routinely monitor and check compliance procedures and protocols. Should RVM determine inconsistency with any such procedures or protocol, RVM will take necessary steps to address and correct the inconsistency.  If we are unable to resolve the conflict with the individual or customer/client filing the complaint, RVM will mediate such said conflict in front of a panel of the American Arbitration Association.  RVM will submit self certification letters to the Department of Commerce for the purpose of renewing our Safe Harbor Privacy Policy on an annual basis to confirm its continued commitment to the protection and privacy of Personal Data.

CONTACT INFORMATION

If you have any questions about the way RVM safeguards Personal Data and/or concerns regarding this RVM’s procedures and protocols as stated on our web site, please send your inquiry to RVM’s Corporate Privacy Officer by mail or email as follows:

RVM

Attn: Corporate Privacy Officer

40 Rector Street, 17th Floor

New York, NY 10006

Email: privacyofficer@rvminc.com

AMENDMENTS TO THIS POLICY

This policy may be amended from time to time, consistent with the requirements of the US Safe Harbor Privacy Policy and the EU Directive.  RVM will provide an appropriate public announcement about any such amendments  via its web site at www.rvminc.com .

EFFECTIVE DATE: July 21, 2010