Cataphora is committed to maintaining the privacy and confidentiality of "Personal Data" (as defined below) entrusted to Cataphora by our clients and their legal counsel. Accordingly, Cataphora adheres to and is certified as compliant with the Safe Harbor Privacy Framework between the United States Department of Commerce and the European Commission with respect to Personal Data that is transferred from the European economic area to the United States. For further information about the Safe Harbor Privacy Framework and the documents that comprise its requirements, see the U.S. Department of Commerce website at http://www.export.gov/safeharbor/.

Cataphora has a separate Privacy Policy that applies to the collection and use of personal information from visitors to the website and is accessible on our website at http://www.cataphora.com/privacy_policy.php.

Cataphora provides various services associated with data processing and collection and, in providing these services, Cataphora obtains two types of information from our clients:

• Cataphora's clients provide us with information in connection with contracting for our services. This information typically includes client contact details and other administrative information about the client. This information is used for Cataphora's business administration purposes such as the execution of contracts, invoicing, forecasting, budgeting, accounting, auditing, and financial reporting.
• Client Personal Data is information from equipment and networks owned, controlled or operated by our clients that is received by Cataphora for purposes of collection, processing, storage and analysis in accordance with the instructions of the clients and/or their legal advisors and in order to assist clients in meeting their legal or professional obligations, protecting their vital interests or carrying out other legitimate activities. Cataphora will not use Client Personal Data for any other purposes than for the purposes for which Cataphora's client provides such information.

Client Personal Data processed by Cataphora may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the Safe Harbor Agreement. At a minimum, however, Cataphora handles Client Personal Data in accordance with our Safe Harbor Privacy Policy, which is based upon the seven principles identified in the Safe Harbor Privacy Framework.

Consistent with the Safe Harbor Privacy Framework, various principles are limited when a client transfers custody of data to Cataphora for processing on the instructions of the client or the client's legal counsel. In those circumstances, Cataphora receives the Client Personal Data from the European Union as an agent of the client merely for processing and is not required to apply the Notice, Choice, Data Integrity and Access principles to that information. The client will remain responsible for the Client Personal Data and for compliance with applicable privacy laws and directives.

Notice
When Cataphora receives Client Personal Data for processing pursuant to instructions of clients or their legal counsel, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable EU law.

Choice
When Cataphora receives Client Personal Data from individuals in the European Union pursuant to instructions of clients or their legal counsel, we are acting as an agent for our client and do not provide choice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing choice, if and to the extent they believe such notice is necessary under applicable EU law.

Onward Transfer
Cataphora does not transfer Client Personal Data to unrelated third parties, unless lawfully directed by a client, or in certain limited or exceptional circumstances in accordance with the Safe Harbor Privacy Framework. For example, such circumstances would include disclosures of Client Personal Data required by law or legal process, or disclosures, made in the vital interest of an identifiable person, such as those involving life, health or safety.

In the event that Cataphora ever needs to transfer Client Personal Data to an unrelated third party, Cataphora will ensure that such party is either subject to the Safe Harbor Agreement, subject to similar laws providing an adequate and equivalent level of privacy protection, or will enter into a written agreement with the third party requiring them to provide protections consistent with the Safe Harbor Privacy Framework and Cataphora's Safe Harbor Privacy Policy. Should Cataphora learn that an unrelated third party to which Cataphora has transferred Personal Data is using or disclosing Personal Data in a manner contrary to this Policy, Cataphora will take reasonable steps to prevent or stop the use or disclosure.

Security
Cataphora is committed to the security of all personal data. Cataphora takes reasonable physical, electronic, and managerial precautions to protect Client Personal Data in its possession from unauthorized access, disclosure, alteration, destruction, tampering, loss or misuse.

Data Integrity
Cataphora does not modify or alter in any way Client Personal Data but preserves such data in its original form to the extent possible, consistent with any processing that is directed by clients or necessary to fulfill the services requested by clients or their legal counsel.

Access
Contract information and Client Personal Data are accessible only by those Cataphora employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into confidentiality agreements requiring that they maintain the confidentiality of Client Personal Data.

Due to the nature of the services Cataphora provides and security concerns, the burden, expense and security risks of providing individual access to Client Personal Data would be disproportionate with risks to the individual's privacy in the case in question. Such access would risk violating the rights of persons other than the individuals seeking access and would increase the security risks. Therefore Cataphora cannot provide individuals with access to Client Personal Data in order to correct, amend, or delete information that is demonstrated to be inaccurate.

Enforcement
Cataphora assures compliance with this Safe Harbor Privacy Policy and the Safe Harbor Privacy Framework by utilizing the self-assessment approach. The self-assessment is conducted on an annual basis to ensure that all of Cataphora's relevant privacy practices are being followed in conformance with this Safe Harbor Privacy Policy and the Safe Harbor Privacy Framework. Any employee that Cataphora determines is in violation of these policies will be subject to discipline, up to and including termination of employment.

Cataphora will also assure compliance with this Safe Harbor Privacy Policy and the Safe Harbor Privacy Framework by fully investigating and attempting to resolve any complaint or dispute regarding the use and disclosure of personal data in violation of this Privacy Policy.

For complaints that cannot be resolved by Cataphora and the complainant, Cataphora agrees to cooperate with data protection authorities located in the European Union (or their authorized representative) and to participate in dispute resolution procedures of those authorities, pursuant to the Safe Harbor Privacy Framework.

Clients or prospective clients of Cataphora with questions or concerns about Cataphora's compliance with this Safe Harbor Privacy Policy may contact us by email at with "privacy" in the subject line, or US Mail at:

Cataphora, Inc.
1200 Bridge Parkway
Redwood City, CA 94065-1159
USA
ATTN: PRIVACY

This Safe Harbor Privacy Policy may occasionally be updated. When material updates are made, the date of the last revision will be reflected at the end of the page. This page may be bookmarked to facilitate periodic review of this Safe Harbor Privacy Policy and to note recent updates.

Last Updated: April 10, 2008