Platform
Sign in

Privacy Policy

Privacy policy

Last Updated: May 1, 2025

Thank you for your interest in Vault, an affiliate of Infobase Holdings, Inc. (referred to as “Vault”, “we”, “us” or “our”). Your privacy is important to us, and this Privacy Policy describes how we process personal information as part of our business operations, including the types of personal information that we collect, the purposes for which we use it, the types of third parties to whom we share it, and the rights and responsibilities you may have with respect to such personal information. This Privacy Policy applies to the personal information you provide to us through any type of engagement or interaction, such as when you access or use our Site or any of our Services. For purposes of this Privacy Policy, the Site and Services are collectively referred to as the “Online Services”. By accessing or using the Online Services or by otherwise providing us with personal information, you are consenting and agreeing to the terms and conditions set forth in this Privacy Policy.

DISCLAIMER. by using THE ONLINE services you may have the ability to provide your RESUME AND OTHER personal information to THIRD PARTY alumni mentors, unaffiliated advisors, AND EMPLOYEE RECRUITERS AND we are not responsible for how SUCH A THIRD PARTY MAY collect, use, or process your personal information. IF YOU RETAINED THESE SERVICES THROUGH A THIRD PARTY, SUCH AS YOUR EMPLOYER OR UNIVERSITY, PLEASE CONTACT THE APPLICABLE THIRD PARTY DIRECTLY ABOUT EXERCISING YOUR DATA PRIVACY RIGHTS.

  1. Definitions

 For purposes of this Privacy Policy, the term “personal information “ refers to any information that, either alone or in conjunction with other data, can be used to distinguish or identify a particular individual, household, or device, and that is subject to, or otherwise afforded protection under, a law, statute, or regulation governing data privacy or security.

 Any capitalized term that is not otherwise defined herein, shall be ascribed the meaning set forth in the Terms of Service.

 

 

  1. The Types Of Personal Information We Collect

 The type and categories of personal information that Vault collects varies based on the nature and scope of our business activities. However, when you do not provide personal information that Vault requests, we may not be able to provide you our services or complete a transaction, and you agree that Vault will not be liable or otherwise responsible for any damages or loss arising from such circumstances. Generally, we collect the following types and categories of personal information from users of our Online Services or as part of our business operations:

 The Personal Information We Collect

Category

Description

Identity and Contact Data

Basic data that is used to identify or contact an individual, such as your name, title, email address, telephone and fax numbers, physical address (including street, city, state, postal code, and/or country), and date of birth.

Resume Data

Your resume, curriculum vitae, or similar information related to your professional experiences, which may include your Identity Data; current and former employment/employer; Education Data (see below); awards and recognitions; language proficiency; memberships and associations; references; publications; volunteer work; career goals; and, professional skills and similar types of data.

Education Data

Information pertaining to your education, including level of education completed; schools and universities attended; degrees and certifications obtained; dates of graduation or completion; grades and grade point average; transcripts; attendance records; courses taken; sanctions or other disciplinary record; awards and honors; and, similar types of data.

Users Accounts

When you set up an account within our Online Services, you may create a profile (“Profile”) that will include your username and password, and the personal information you upload to it, such as any Resume Data and Education Data

Advisor Data

Professional and biographical information about the Advisors who agree to provide career counseling and similar services to Advisees.

Business Contact Data

Information related to other employees, owners, directors, officers, or contractors of a third party organization with whom we may conduct, or possibly conduct, business activities.

Marketing Data

Data about your marketing and communications preferences.

Transaction Data

Data about the Services you have purchased from us, including your specific orders; details of payments made to and from you; and your purchase history and preferences. Vault uses a third party service provider to collect and process all payment card data and Vault does NOT collect or store any payment card numbers.

Feedback

Your feedback about the Online Services and any of our other products or offerings, which include data gathered from questionnaires in which you voluntarily complete.

Survey Data

Your responses to the surveys in which you participate. In the event you participate in our professional and employer surveys, some questions therein may be mandatory and you cannot complete the survey without furnishing some personal information.

Correspondence Data

Records and copies of your correspondence with us.

Demographic and Sensitive Information

We may collect demographic details, including special categories of data, such as data related to gender and race. Vault uses this demographic information to analyze the survey participants and, at times, to compare results among different groups of participants. All demographic questions are purely voluntary, and participants will not be penalized for not answering such questions.

Technical Data

See below.

 

Technical Data

 In addition to the foregoing, when you use the Online Services, we collect and use additional data and tools, including usage data, metadata, location data, and cookies and tracking technologies (collectively, “Technical Data”), which is described below.  The Online Services collect Technical Data on a consistent and reoccurring basis, unless your device settings are updated to prevent such collection. We use this Technical Data in accordance with the terms and disclosures set forth in this Privacy Policy.

Usage Data. When you access and use the Online Services, we may automatically collect details of your access to and use of the Online Services, including traffic data, usage logs, and other communication data, and the resources that you access and use on or through the Online Services (e.g., browsing history, search history). We may also collect information about your device and internet connection, including the device’s unique device identifier (e.g., device type, IMEI, Wi-Fi MAC, IP address), operating system, browser type, and mobile network information. The Online Services may collect diagnostic-related data related to your use of the Online Services, such as crash data and logs, performance data (e.g., launch time, hang rate, or energy use), and any other data collected for the purposes of measuring technical diagnostics.

 Metadata and Device Access. The Online Services may access metadata and other information associated with files stored on your device, such as photographs, audio and video clips, personal contacts, and address book information.

 Location Data. When you access and use the Online Services, we may collect information and data identifying the precise, real-time location of the device that is used to access or use the Online Services. You can choose whether or not to allow the Online Services to collect and use information about your device’s location. If you block the use of location information, some parts of the Online Services may become inaccessible or not function properly.

 Cookies and Tracking Technologies. We use cookies and other tracking technologies within the Online Services. A cookie is a small file placed on your smartphone or other device. It may be possible to refuse to accept cookies by activating the appropriate setting on your smartphone or device. However, if you select this setting, some parts of the Online Services may become inaccessible or not function properly. In addition, the Online Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us to analyze data on the users of the Online Services (e.g., recording the popularity of certain content and verifying system and server integrity). The Online Services may collect data about the advertisements you have seen or engaged. For more information, see our Cookies Policy.

  1. Video Teleconferencing

 Vault hosts and uses video teleconferencing (“VTC”) platforms to facilitate certain aspects of our Services (e.g., mentoring sessions, career fairs), and to host conferences, meetings, training events. These VTC platforms may be owned and administered by a third party service provider (e.g., Zoom, WebEx, Skype for Business). Please be aware that the VTC platforms may record the content, conversations, and discussions thereon, and such records may be stored or retained by our third party service providers. By participating in the VTC platforms, you hereby consent to the collection and retention of any information and content provided therein, and hereby consent to the recording of such activities. Notwithstanding the foregoing, each Advisor hereby acknowledges and agrees that Advisor (i) shall not record mentoring sessions or any content therein, or retain any communications or content therefrom, unless Advisor obtains advanced written approval and consent of each and every party, including the Advisee, participating in the mentoring session  and (ii) that the foregoing approval and consent is completely voluntarily and Advisor shall not alter or change the mentoring session in the event such approval and consent is withheld.

  1. How We Collect Personal Information/SOURCES

 Vault obtains your personal information directly from you when you provide it to us (i.e., direct collection) and from third parties (i.e., indirect collection), which includes the following:

 Direct Collection. We often collect personal information directly from you when you undertake the following activities: use or access our Services; complete one of our web forms; contact our customer service centers or request information from us in any other way; visit one of our locations or premises; submit an order or make a purchase with us; provide us contact information via a business card or through similar communications; complete a survey or otherwise provide us feedback; report product/service issues; communicate with us via social networking websites, third party applications, or similar technologies; and/or visit, one of our trade counters at an exhibition.

Indirect Collection. We may collect personal information about you from third parties, which we may combine with other information we already retain in order to provide the Online Services or promote our legal or business interests.  For example, Institutions that partner with Vault may provide personal information to us so we can create user accounts for their students. In addition, employers may provide us with personal information and other background data on their job applicants so we can assist with their employment recruitment process.  If you provide personal information about a third party, then you expressly represent and warrant to Vault that you have the full right and lawful authority to provide Vault with the information.

  1. How We Use Your Information

 We use, process and retain your personal information to provide the Online Services, and to promote and defend our business interests. This includes:

 Providing and administering the Online Services, including executing transactions and enabling you to access the services therein.

  • Delivering to you notice about job opportunities and communications from potential employers.
  • Analyzing your use of the Online Services to personalize them to you (e.g., suggest employers to you based on your Resume Data).
  • Contacting you directly and providing you information about the Online Services or on our other products or offerings and answering service requests.
  • Tracking and updating your orders and invoices.
  • Furnishing you technical notices and security alerts, and support and administrative messages.
  • Performing analyses that help us to develop and improve the quality of our Online Services, and other products, and offerings.
  • Furnishing you questionnaires and conducting research and analysis to help us better understand your purchasing preferences, identify the products and services that best meet your requirements, measuring the effectiveness of our advertising and marketing, or to otherwise improve our business.
  • Enforcing security and legal requirements, such as detecting, preventing and responding to fraud, intellectual property infringement, violations of our Terms of Service, violations of law or other misuse of our Online Services, products, or facilities.
  • Administering and protecting our business and our Online Services, including system maintenance, support, reporting and hosting of data.
  • Protecting the health and safety of our employees, contractors, customers, and others in our community.
  • Promoting, defending or protecting our legal, regulatory, or business interests, including enforcing contracts and other agreements.
  • In any other way with your consent.

 Survey Data

In important part of our Services is to undertake professional surveys to better understand employer and employee needs, capabilities, and business models and develop ratings for certain types of categories related thereto.  In the event you participate in such a survey, we will use the information derived therefrom for the following purposes:

Employer Profiles. As part of our Employer Profile surveys, you have an opportunity to provide us feedback about your workplace experience with a particular employer. Our editors consolidate, review, and analyze your feedback (and the survey results of other participants) and write a summary of these experiences within an Employer Profile on our Site. Vault editors may also select quotes from within your survey feedback to include as part of an Employer Profile. Please be aware that Employer Profiles, including your feedback therein, may be published to the general public and therefore you should avoid including in your feedback any personal information or other details that might compromise your own anonymity or that of any other individual.

Employee/Intern Reviews. For our Employee/Intern Review surveys, you have an opportunity to provide us feedback about your workplace experience with a particular employer and your feedback may be published within an Employer Review on our Site. Your feedback may be posted without any editorial review by us. In addition, you may register with Vault in order to submit reviews, insights, and opinions about your current or former employers or schools. In either case, while your name is not associated with a quotation or review, the review may be accompanied by general identifiers, where provided, such as office location, position/level, department, or year in which the survey was conducted. The review also identifies whether you are a “verified employee” or “verified intern” to indicate that the comment was collected through Vault’s survey process and distinguish it from other user-generated reviews.

Blog Posts, Career Advice, and Other Forums. Vault may use anonymous comments and/or aggregated scores provided to our surveys for the purposes of publishing blog posts or articles; making presentations; or participating in public or private forums or other discussions on employee satisfaction, perceptions of employers, and industry trends.

Research Reports. Vault may use aggregated and de-identified data from our surveys for the purposes of client research, to help employers benchmark employers against the industry and their peers and/or to gauge relative levels of satisfaction among their own employees. In the event these research reports include the survey’s text feedback, Vault reviews and edits, as necessary, such feedback to seek to minimize the personal information associated with your comments. However, you should be aware that their comments may be published or used for research and avoid including details that might compromise their anonymity.

  1. Sharing Your Personal Information With Others

 We do not sell, lease, or rent your personal information to a third party for profit or other valuable consideration. We may, however, share your personal information with selected third parties for our business purposes, including as set forth in this Privacy Policy. In addition, we may also share your personal information as follows:

Corporate Group Sharing. We share personal information to our parent company, Infobase Holdings Inc., and among our affiliates and subsidiaries who act for Vault or on behalf of our parent company and these recipients may use your personal information in accordance with the terms and conditions of this Privacy Policy (e.g., marketing, surveys) or their own data privacy representations. In addition to the foregoing, Vault may leverage computer networks and systems of our parent company, affiliates, and subsidiaries and the personal information may be transmitted or retained thereon. For information about our parent company, visit https://www.infobase.com/about/.

 Service Providers. We share information, including personal information, with our third party service providers that assist us in providing our Online Services, application development, service delivery, backup, storage, payment processing, analytics, and other services for us. These third party service providers may have access to or process your personal information for the purpose of providing these services for us. We may collect, and we may engage third party analytics providers to collect, metrics and information regarding your use of the Online Services to improve existing features or inform sales and marketing strategies, based on our legitimate interest to improve the Online Services.

Advisors and Third Party Employers. As part of the Services, we may share your personal information with advisors and employers with whom you may seek to engage for advice and consultation or we believe satisfy your employment or consulting needs or requirements.

Business Partners. In addition, we may share data with trusted partners to contact you based on your request to receive such communications, help us perform statistical analysis, or provide customer support. We may partner with trusted third parties to provide you with co-marketing content that we think may be relevant to you. We may also share your personal information with our third party professional advisors and consultants (e.g., outside counsel, tax advisors).

 Corporate Restructuring. If we (or our assets) are acquired by another legal entity, whether by merger, acquisition, bankruptcy or otherwise, that legal entity would receive all information gathered by Vault via the Online Services, including your personal information retained thereon. To the extent practicable, we will notify you of any such change in corporate ownership by posting a notice on the Site or taking similar actions.

Compelled Disclosure. We will use or disclose your personal information if required by law, statute, or regulation, or judicial or administrative order or decree, or any other demand submitted by a government, regulatory, or judicial entity that has the force and effect of law.

Business Interests. We reserve the right to use and disclose your personal information to a third party if we reasonably believe that use or disclosure will protect our rights or your safety or the safety of others.

 Privacy Policy. This Privacy Policy may describe other circumstances in which Vault shares personal information with third parties, and such descriptions shall not limit the categories of sharing set forth in this Section 6 of the Privacy Policy and the personal information descriptions set forth in this Section 6 shall not limit Vault’s ability to share personal information as set forth elsewhere in this Privacy Policy.

 In the event that you facilitate a transaction with Vault, or request information from, or otherwise engage with us, and such activities require Vault (in our sole judgment) to share your personal information with a service provider or other third party, you hereby consent to the same and acknowledge and agree that any such third party information sharing is being undertaken at your direction.

  1. Third Party Links, Single Sign On (SSO)

Vault may include in the Online Services certain links to other websites, including websites operated by unaffiliated third parties. Each such third party website has its own privacy policies and practices, which may be different than the policies and practices described herein; we urge you to read any privacy policy posted on a third party website carefully as such third party privacy policy (and not this Privacy Policy) controls with respect to the collection, use, and processing of your personal information thereon. Additionally, to the extent that you follow a link to a website operated by an independent third party, please be aware that Vault exercises no authority or control over that third party and we cannot be, and are not, responsible for any information that you may submit at that website or how it is used.

 You may log into our Online Services through or from a third party social media or authentication service (e.g., Facebook, LinkedIn, Google). These sign-on services will authenticate your identity and provide you access to our Services, provide you with the option to share certain personal information (e.g., name, email address, profile picture, location) with us, and pre-populate our forms or other parts of our Services with the personal information already retained by the third party. You should verify your privacy settings on these third party services to understand and determine the types of personal information sent to us.

  1. Third Party Collection and Tracking

When you access the Online Services, certain third parties may use automatic information collection technologies to collect information about you or your device that is used to access the Online Services. These third parties may include advertisers, ad networks, and ad servers; analytics companies; your mobile device manufacturer, and your mobile service provider. They may collect personal information about your online activities over time and across different websites, apps, and other websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control the tracking technologies employed by third parties or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

  1. Data Retention and Localization

 The time period in which Vault retains your personal information varies depending on the purpose for the data processing. For example, we retain personal information needed to provide you with products and services, to facilitate transactions you have requested, or to engage in marketing activities, and for so long as necessary to comply with applicable laws and regulations (including tax law) and defend our legal or business interests. In all other cases, we retain your personal information for as long as is needed to fulfill the purposes outlined in this Privacy Policy.

Vault is based in the United States and the personal information that we (and our third party service providers) collect and process is retained and stored in the United States. Please be aware that (i) the United States may not provide the same level of protection of personal information as in your country, state, or jurisdiction of residence or nationality, (ii) the European Union and other foreign authorities have determined that, in some circumstances, the United States does not provide an adequate level of protection for personal information, and (iii) when transferred to the United States, your personal information may be accessible by, or otherwise made available to, government authorities and officials pursuant to regulatory, judicial, and/or administrative orders, decrees, and demands, and/or other domestic laws, statutes, and regulations, applicable in the United States. In addition, we (and our third party service providers) may retain personal information in other jurisdiction that we (or our services providers) operate. You hereby consent to your personal information being transferred to, and stored in, the United States and the other jurisdictions where we (and our service providers) operate.

Generally, we retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods are determined by:

  1. Purpose Compliance
    • o   Data is deleted/anonymized when no longer needed for its original processing purpose (e.g., customer account data deleted 3 years after last activity).
  2. Legal Obligations
    • o   Extended retention where required by EU/Member State laws (e.g., 7 years for financial records under tax legislation).
  3. Ongoing Relationships
    • o   Active user accounts: Retained while active + 2 years post-inactivity.
  4. Dispute Resolution
    • o   Data relevant to litigation or regulatory investigations may be preserved until resolution.

User profile data will be retained for 36 months after account closure to comply with consumer protection regulations. Website analytics cookies are automatically purged after 14 months unless refreshed consent is obtained.

Key Retention Provisions
Right to Erasure: We honor deletion requests within 30 days unless conflicting legal obligations exist (Art. 17(3) GDPR).
Anonymization: Non-essential data may be irreversibly anonymized for statistical/archival purposes.
System Coverage: Retention rules apply to all storage locations, including backups and third-party processors.
Review Cycle: Retention periods are reassessed annually or when regulatory requirements change.

  1. Information Security

We are committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. However, no information system can be fully secure, so we cannot guarantee the absolute security of your personal information. Moreover, we are not responsible for the security of information you transmit to the Online Services over networks that we do not control, including the Internet and wireless networks, and you provide us with any information and data at your own risk. To the extent permitted by law, Vault shall not be liable or otherwise responsible for any data incident that compromises OR MAY COMPROMISE the confidentiality, SECURITY, integrity, or AVAILABILITY of your personal information. The safety and security of your personal information also depends on you. Where we have given you (or where you have chosen) a username and password to access the Online Services, you are responsible for maintaining the security and confidentiality of those credentials and not revealing them to others. You must contact us immediately if you have reason to believe that your username or password to our Online Services have been compromised.

  1. No Personal Information Collected from Children

 Our Online Services are not directed at, nor intended for use by, children under the age of thirteen. As a result, we will not knowingly collect information from children under thirteen years of age with or without consent from their parents or guardians. If you are under the age of thirteen, you are hereby prohibited from using our Online Services or with providing us with your personal information. If you are a customer who provides us with general information about children, you hereby represent and warrant that you have the right and authority to provide us with such data.

  1. Your Responsibilities AND WARRANTIES

You are permitted, and hereby agree, to only provide personal information to Vault if such personal information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon any individual’s data privacy rights or privileges. If you provide Vault with ANY personal information about yourself or a third party, you expressly represent and warrant to Vault that (I) you have the full right and authority to DISCLOSE SUCH personal information to Vault, (II) THE COMPANY CAN USE SUCH PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY, and (III) YOU are in compliance with the requirements set forth HEREIN. You also agree to fully reimburse Vault for any damages, losses, or expenses that arise based on your violation of your representations, warranties and responsibilities set forth in this Privacy Policy.

  1. Marketing; Shine the Light law (California Privacy)

You have the right to opt-out of receiving electronic direct marketing communications from us. All electronic direct marketing communications that you may receive from us, such as e-mail messages, will give you an “unsubscribe” option of not receiving such communications from us in the future. California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties with whom we have reason to believe use such information for their own direct marketing purposes.

  1. California Privacy Rights (California Consumer Privacy Act)

Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), California residents may have additional data privacy rights, such as the right to be notified about what personal information is collected about them, and our intended use and purpose for collecting your personal information. California residents have the right to know and access the categories or specific pieces of personal information we have collected, used, disclosed, or sold about them over the past twelve (12) months; the categories of sources from which the personal information is collected; and, the business or commercial purpose for which the personal information was collected, used, disclosed, or sold. In addition, certain California residents have the right to request Vault transfer, to the extent feasible, personal information in certain forms and formats. California residents have the right to request that we (and any applicable service provider) delete/erase their personal information under certain circumstances. California residents have the right to opt-out of the sale of their personal information and Vault does not sell your personal information to third parties for profit or other valuable consideration. California residents have the right not to be subject to discrimination for asserting their rights under the CCPA.  The categories of personal information we have collected about California residents in the preceding twelve (12) months, the categories of sources from which the personal information is collected, and the business or commercial purpose for collecting such personal information is set forth in this Privacy Policy.

 

You, or your authorized agency, may submit a CCPA data privacy rights request to Vault by contacting us in accordance with the details set forth below. If you make, or an authorized agent on your behalf makes, any request related to your personal information under the CCPA, Vault will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required under the law before addressing your request. Vault may require you to verify your request via email and match at least two or three pieces of personal information we have previously collected from you before granting you access to, or erasing, specific pieces, or categories of, personal information, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein.

California Users. To the extent that the California Consumer Privacy Act of 2018, as amended (“CCPA”) applies to your use of the Online Services, this clause shall apply. Unless defined elsewhere in these Terms, each capitalized term that is used, but not defined, in this clause shall be ascribed the meaning set forth in the CCPA. Each party acknowledges and agrees that you shall be considered a Business and Vault shall, in its role of providing the Online Services, be considered a Service Provider for purposes of the CCPA. Each party further acknowledges and agrees that the collection and disclosure of Personal Information submitted and transmitted to the Online Services (i) does not constitute, and is not the intent of either party for such disclosure to constitute, a Sale of Personal Information under the CCPA, and (ii) if valuable consideration, monetary or otherwise, is being provided by you to Vault, such valuable consideration, monetary or otherwise, is so being provided for use of the Online Services and not for the disclosure of Personal Information. You hereby represent to Vault that you shall only disclose Personal Information to Vault and the Online Services for a permissible Business Purpose and you have the consent or other lawful basis to so furnish such Personal Information to Vault and the Online Services. Vault shall only Process your Personal Information in accordance with these Terms, unless otherwise required by law, or judicial or administrative order or rule. Without limiting the foregoing, Vault shall not retain, use, or disclose your Personal Information for any purpose other than for the specific purpose of performing the Online Services, or as otherwise permitted by law or these Terms, including retaining, using, or disclosing your Personal Information for a Commercial Purpose other than providing the Online Services. For the avoidance of doubt, Vault shall not Sell your Personal Information or authorize or otherwise permit any third party subcontractor to undertake the same.  Upon written request from you, Vault shall promptly provide you access to, and/or delete, your Personal Information in Vault’s custody or control, or in the custody or control of a third party acting on Vault’s behalf, or otherwise provide you the technical controls necessary to satisfy the same. In the event Vault is unable to delete your Personal Information for reasons permitted under law, Vault shall (i) promptly inform you of the reason(s) therefor, (ii) continue to protect the privacy, confidentiality, and security of such Personal Information in accordance with these Terms, and (iii) delete such Personal Information promptly as soon as reasonably practicable.

  1. Other State-Specific Privacy Rights

In addition to the rights provided under the California Consumer Privacy Act (CCPA), residents of certain U.S. states may have additional privacy rights. These include, but are not necessarily limited to:

  • Colorado Residents
    • o   The Colorado Privacy Act (CPA) provides Colorado residents with the following rights:
      • Access their personal data;
      • Correct inaccuracies in their personal data;
      • Delete their personal data;
      • Obtain their personal data in a portable format;
      • Opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling.
    • If we refuse to take action on your request, you may have the right to appeal our decision. Instructions on how to appeal will be included in our response to your request.
  • Connecticut Residents
    • o   Under the Connecticut Data Privacy Act (CTDPA), Connecticut residents have the right to:
      • Access their personal data;
      • Correct inaccuracies in their personal data;
      • Delete their personal data;
      • Obtain a copy of their personal data in a portable format;
      • Opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling.
    • If we refuse to take action on your request, you may have the right to appeal our decision. Instructions on how to appeal will be included in our response to your request.
  • Florida Residents
    • o   Under the Florida Digital Bill of Rights (FDBR), Florida residents have the right to:
      • Access their personal data;
      • Correct inaccuracies in their personal data;
      • Delete their personal data;
      • Opt out of the sale or sharing of their personal data;
      • Opt out of targeted advertising.
  • Iowa Residents
    • Iowa residents have the following rights regarding their personal data:
      • Right to access;
      • Right to delete;
      • Right to data portability;
      • Right to opt-out of targeted advertising, sale of personal data, and profiling.
  • Maryland Residents
    • Maryland residents have the following rights regarding their personal data:
      • Right to access;
      • Right to delete;
      • Right to data portability;
      • Right to opt-out of targeted advertising and sale of personal data.
  • Minnesota Residents
    • Minnesota residents have the following rights regarding their personal data:
      • Right to access;
      • Right to delete;
      • Right to data portability;
      • Right to opt-out of targeted advertising and sale of personal data.
  • Montana Residents
    • Montana residents have the following rights regarding their personal data:
      • Right to access;
      • Right to delete;
      • Right to data portability;
      • Right to opt-out of targeted advertising and sale of personal data.
  • New Hampshire Residents
  • o   New Hampshire residents have the following rights:
  • Access, correction, deletion, and portability of their personal data;
  • Opt-out of targeted advertising, sale of personal data, or profiling.
  • Nebraska Residents
    • Nebraska residents have the right to:
      • Access their personal data;
      • Correct inaccuracies;
      • Delete their personal data;
      • Opt-out of targeted advertising, sale of personal data, and profiling.
  • New Jersey Residents
    • New Jersey residents have the following rights under the NJDPA:
      • Right to access personal data;
      • Right to correct inaccuracies;
      • Right to delete personal data;
      • Right to data portability;
      • Right to opt-out of targeted advertising, sale of personal data, and certain profiling.
  • Oregon Residents
  • o   Oregon residents have the following rights regarding their personal data:
      • Right to access;
      • Right to delete;
      • Right to correct inaccuracies;
      • Right to data portability;
      • Right to opt-out of targeted advertising, sale of personal data, and certain profiling.
      • Right to Obtain List of Third Parties (Effective July 1, 2025): You will have the right to obtain a list of the specific third parties, other than processors, to whom the controller has disclosed the consumer’s personal data.
  • Texas Residents
  • o   Texas residents have the following rights regarding their personal data:
      • Right to access;
      • Right to delete;
      • Right to correct inaccuracies;
      • Right to data portability;
      • Right to opt-out of targeted advertising, sale of personal data, and certain profiling.
  • Utah Residents
    • o   The Utah Consumer Privacy Act (UCPA) provides Utah residents with the following rights:
      • Access their personal data;
      • Delete their personal data;
      • Obtain their personal data in a portable format;
      • Opt out of the sale of their personal data or the processing of personal data for targeted advertising.
  • Virginia Residents
    • o   Under the Virginia Consumer Data Protection Act (VCDPA), Virginia residents have the right to:
      • Access their personal data;
      • Correct inaccuracies in their personal data;
      • Delete their personal data;
      • Obtain a copy of their personal data in a portable format;
      • Opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling.
    • If we refuse to take action on your request, you may have the right to appeal our decision. Instructions on how to appeal will be included in our response to your request.

 

  1. European, SWISS, UK Data Protection Rights

 If you are located in the European Economic Area, Switzerland, or the United Kingdom (UK), you may have additional rights with respect to the personal information we have about you. To the extent permitted by the European Union (EU) General Data Protection Regulation (GDPR), or applicable data protection laws in EU member states, Switzerland, or the UK, you may request the following: access to the personal information we hold about you; that inaccurate, outdated, or no longer necessary information be corrected, erased, or restricted; and, we provide your personal information in a format that allows you to transfer it to another entity. You also may withdraw your consent at any time if, and only if, we are solely relying on your consent for the processing of your personal information. You may object to our processing of your personal information where that processing is based on our legitimate interest. For purposes of clarity, we do not engage in any activity that subjects our survey participants, customers, or others to a decision based solely on automated processing, including profiling, which produces legal effects, or similarly significant results, impacting them. You may submit a data privacy rights request to Vault by contacting us in accordance with the details set forth below.

 We process your personal information in accordance with the legal bases set forth in the GDPR. For example, our processing of personal information (as described herein) is justified based on the following GDPR provisions and which may overlap: (1) processing is based on your consent; (2) processing is necessary for our legitimate interests as set out herein; (3) processing is necessary for the performance of a contract to which you are a party; and (4) processing is required to comply with a legal or statutory obligation. You have the right to lodge a complaint with your competent data protection authority. If you wish to exercise any of these rights, please contact us in accordance with the instructions provided below in the “Contact Us” section. We may need to collect and process information about you solely for the purpose of responding and satisfying any data right request you may have.

European, Swiss, and UK Users.  You acknowledge and agree to notify Vault of any intent you have to submit or transmit personally identifiable information to Vault and the Online Service that is subject to, or otherwise afforded protection under, European Union (EU), Swiss, or United Kingdom (UK) data protection laws. In the event you are permitted by Vault to submit or transmit such personally identifiable information to the Online Services, each party shall comply with its obligations and responsibilities set forth in Exhibit 1 (Data Processing Addendum). Notwithstanding any other provision within this Agreement, to the extent Vault collects and processes, on your behalf, any personally identifiable information that is subject to, or otherwise afforded protection under, EU, Swiss, or UK data protections laws, such collection and processing shall be subject to Exhibit 1 only (and not the Privacy Policy). In the event of a conflict between these Terms and Exhibit 1, the terms and conditions set forth in Exhibit 1 shall supersede and control with respect to such conflict. For the avoidance of doubt, each party understands and agrees that Vault’s collection and use of business contact data of your employees, personnel, or third parties involved in performance or use of the Online Services does not constitute processing on your behalf for purposes of Exhibit 1 and in the event Vault collects and processes such business contact data, it shall comply with its Privacy Policy. You shall immediately, and within ten (10) days after execution of these Terms, provide written notice to Vault with respect to the supervisory authority responsible for ensuring your compliance with, as applicable, EU, Swiss, or UK data protections laws and such supervisory authority(ies) shall be incorporated into the Standard Contractual Clauses (as defined in Exhibit 1), including at Clause 13 and Annex I.

  1. Do Not Track Signals

Some web browsers may transmit “Do Not Track” signals to our Online Services. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not, unless otherwise required by law, take action in response to these signals.

  1. . Non-Discrimination.

We will not discriminate against you for exercising your privacy rights. This means we will not deny you goods or services, charge you different prices or rates, or provide you with a different level or quality of goods or services just because you exercised your rights under these state privacy laws.

  1. Universal Opt-Out Mechanisms

Effective January 1, 2025, we will honor user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer's choice to opt out of the sale and sharing of their personal information.

  1. Automated Decision-Making and Profiling

We may use automated decision-making and profiling in certain circumstances. You have the right to:

  • Obtain human intervention
  • Express your point of view
  • Obtain an explanation of the decision reached
  • Challenge such decisions
  1. Data Security Measures

We implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information we collect and process. These measures include:

  • Encryption of personal data at rest and in transit
  • Regular security assessments and penetration testing
  • Employee training on data protection and security best practices
  • Access controls and authentication mechanisms
  • Incident response and data breach notification procedures
  1. Targeted Advertising Opt-Out

You have the right to opt out of the processing of your personal data for targeted advertising purposes. To exercise this right, please visit our "Do Not Sell or Share My Personal Information" page or use the following link: [Insert link].

  1. Data Protection Impact Assessments

We conduct data protection impact assessments for processing activities that are likely to result in a high risk to individuals' rights and freedoms. These assessments help us identify and minimize data protection risks.

  1. Persons with Disabilities

 Vault strives to ensure that every person has access to information related to our products and services, including this Privacy Policy. Please contact us if you would like this Privacy Policy provided in an alternative format and we will seek to meet your needs.

  1. Aggregated Data

Vault collects and retains de-identified, and aggregated data relating to the use of our Online Services (“Aggregated Data”), and we use such Aggregated Data for our own business purposes, such as to analyze customers and to develop, improve, and market our services. For the avoidance of doubt, we may use Aggregated Data for any purpose and such Aggregated Data is not subject to this Privacy Policy.

  1. Communications Data

For the avoidance of doubt, in the event you provide Vault with a telephone number as part of your registration to the Online Services or as part of a purchase or transaction with us, you hereby consent and agree that Vault (or our service providers) may contact said telephone number by any means (including SMS/text message) for service and transactions purposes.

  1. Changes to the Privacy policy

At any time, we reserve the right to add to, modify or remove portions of our Privacy Policy. The effective date of our Privacy Policy will be included at the beginning of the Privacy Policy and will serve as a notice of when changes have been implemented to the Privacy Policy. It is your responsibility to review this Privacy Policy to determine if any revisions have been made to it. Your continued use of our Online Services after any revisions have been made to this Privacy Policy will indicate your acknowledgement of such changes and agreement to be bound by the updated terms and conditions set forth herein.

  1. Contact Us

If you have questions regarding this Privacy Policy, would like to request more information from us, or would like to exercise a data privacy right or privilege, please contact us at any of the following: (address) Vault, 8 The Green, Suite 19225, Dover, DE 19901, (telephone) 1.800.322.8755, and (email) support@vault.com.

 

 

Exhibit 1

Data Processing Addendum

 

  1. DEFINITIONS

 

1.1         In this Data Processing Addendum (“DPA”), capitalized terms shall have the following meanings, unless defined in Vault’s Terms of Service and Privacy Policy or otherwise required given the context:

 

“Applicable Data Protection Laws”

means the GDPR and all applicable European Union (EU) Member State legislation implementing the same; the Switzerland Federal Act on Data Protection of June 19, 1992 and all of its ordinances, including the Ordinance to the Federal Act on Data Protection; and, to the extent applicable, the UK Data Protection Act 2018;

 

Data Controller”

means you;

 

“Data Processor”

means Vault;

 

GDPR

means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (EU), and all EU Member State legislation implementing the same;

 

“Standard Contractual Clauses”

means the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council;

 

“Subprocessor”

means any Processor engaged by the Data Processor (or by any other Subprocessor of the Data Processor) to Process Personal Data on behalf of the Data Controller in accordance with its Instructions and the terms of the written subcontract.

 

 

The terms “Personal Data,” “Personal Data Breach,” “Process/Processing,” “Special Categories of Data” and “Supervisory Authority,” shall each have the meaning ascribed to it in the Applicable Data Protection Laws.

 

    

1.2         The captions and section headings used are for the purposes of reference and convenience only, are not a part of this DPA, and shall not be used in construing this DPA. References in this DPA to “writing” or “written” includes e-mails and certified mail.

  1. SCOPE AND APPLICATION OF THIS DPA

 2.1         This DPA only supplements the provisions of the Terms in relation to the Online Services provided by the Data Processor to the Data Controller pursuant to the Terms.

  1. DATA PROCESSING OBLIGATIONS

 3.1         With respect to Personal Data uploaded to the Online Services, the Data Controller will be responsible for complying with all requirements that apply to it under Applicable Data Protection Laws. In particular but without prejudice to the generality of the foregoing, the Data Controller acknowledges and agrees that it will be solely responsible for the following: (i) the accuracy, quality, and legality of Personal Data uploaded to the Online Services; (ii) complying with all necessary transparency and lawfulness requirements under applicable law for the collection and use of the Personal Data, including obtaining any necessary consents and authorizations; (iii) ensuring the Data Controller has the right to transfer, or provide access to, the Personal Data to the Data Processor for Processing in accordance with the Terms (including this DPA); and (iv) ensuring that its Processing instructions comply with all Applicable Data Protection Laws. The Data Controller will not input into the Online Services, or otherwise provide the Data Processor, with any Special Categories of Personal Data, unless otherwise agreed to separately by the Data Controller. The Data Controller will inform the Data Processor, immediately and without undue delay, if Data Controller is not able to comply with its responsibilities set forth in this DPA.

 3.2         The Data Processor agrees to Process the Personal Data in accordance with the terms and conditions set out in this DPA, and in particular the Data Processor undertakes: (i) to Process the Personal Data only on behalf of the Data Controller and at all times in compliance with the Data Controller’s Instructions as defined in this DPA, and all Applicable Data Protection Laws; (ii) to ensure that any personnel entrusted with Processing the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and (iii) to implement and maintain commercially reasonable technical and organizational measures to appropriately protect Personal Data against a Personal Data Breach, and which shall include security requirements no less stringent than the ones the Data Processor implements and maintains to protect the confidentiality, integrity, and availability of its own proprietary information.

 3.3         The Data Processor agrees to promptly notify the Data Controller about (i) any legally binding request for disclosure of the Personal Data by a government authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a government investigation; (ii) any Personal Data Breach affecting the Personal Data Processed on behalf of the Data Controller, and (iii) any request received directly from the Data Subjects (including rights to access, rectification, deletion, objection, restriction, data transfer, and the right not to be subject to a decision based solely on automated Processing, including profiling). The Data Processor will not respond directly to that request, except to notify the Data Subject that it is acting on behalf of the Data Controller and to furnish the Data Subject with the contact information of the Data Controller. The Data Processor, taking into account the nature of the Processing, will assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the Data Subject’s rights.

 3.4         The Data Processor agrees to provide commercially reasonable cooperation to the Data Controller to assist the Data Controller comply with its own legal obligations related to Personal Data, such as: notification of a Personal Data Breach to the competent supervisory authority, communication of such Personal Data Breach to the Data Subjects affected and, where applicable, implementation of data protection impact assessments and prior consultations with supervisory authorities, taking into account the nature of the Processing and the information available to the Data Processor.

  1. INTERNATIONAL DATA TRANSFERS

 4.1         The Data Controller hereby acknowledges and agrees that the Data Processor is located in the United States of America and that it will Process Personal Data in the United States of America in order to perform the Online Services. The Data Controller will ensure it has all proper authorization to transfer Personal Data to the Data Processor and the Online Services. If the Data Controller is located outside of the European Economic Area, the parties shall apply the provisions of the Standard Contractual Clauses, provided that the Standard Contractual Clauses are legally required and sufficient to meet the requirements of the applicable data protection regulations for the transfer of Personal Data by the Data Controller to the Data Processor pursuant to the Terms.

 4.2         If the parties apply the Standard Contractual Clauses pursuant to Section 4.1 of this DPA, then the follow shall apply:

               4.2.1      The Standard Contractual Clauses shall be governed by the Module Two, Transfer controller to processor clauses in all applicable instances.

               4.2.2      For purposes of Clause 9(a) of the Standard Contractual Clauses, the parties agree that Option 2 shall apply as set forth in Section 7 of this DPA.

               4.2.3      For purposes of Clause 13(a) of the Standard Contractual Clauses, the applicable supervisory authority shall be the supervisory authority identified, in writing, by the Data Controller pursuant to the Terms (Data Protection)

              4.2.4      For purposes of Clause 17 of the Standard Contractual Clauses, the parties agree that Option 2 shall apply. In particular, the Standard Contractual Clauses shall be governed by the law of the EU Member State in which the Data Exporter is established. Where such law does not allow for third-party beneficiary rights, they shall be governed by the law of another EU Member State that does allow for third-party beneficiary rights, and this shall be the law of the Republic of Ireland .

              4.2.5      For purposes of Clause 18 of the Standard Contractual Clauses, the parties agree that any dispute arising from the Standard Contractual Clauses shall be resolved in accordance with the dispute resolution framework set forth in the Terms.  In the event, such dispute resolution framework is legally prohibited, then the parties agree that the Courts of the Republic of Ireland  shall resolve any such disputes.

               4.2.6      Annex I of the Standard Contractual Clauses shall be applied on the following basis: (A) (i) Data Exporter: Data Controller, (ii) Data Importer: Data Processor, (B) (i) Categories of Data Subjects: Any and all users of the Online Services, (ii) Categories of Personal Data transferred: Personal Data relating to the use of the Online Services owned, licensed, or managed by the Data Processor, including the Personal Data set forth in the Terms and Privacy Policy, (iii) Sensitive Data transferred: none anticipated and prohibited, unless otherwise agreed to in writing by both parties, (iv) The frequency of transfer: continuous and as often as the Data Subjects use the Online Services, (v) Nature of Processing: cloud storage and facilitate access and use of the Online Services, (vi) Purpose of the data transfer and further processing: to provide access and use of the Online Services, (vii) The period for which Personal data will be retained: For the duration of the Terms and for the termination and transition period thereafter, as set forth in the Terms, to conclude, and (viii) Subprocessor transfers: The relevant information is set forth in Section 7 of this DPA; (C) The competent supervisory authority is set forth in accordance with the Terms (“Data Protection” section).

              4.2.7      For purposes of Annex II of the Standard Contractual Clauses, the Data Processor shall implement and maintain the following technical and organizational security measures to protect Personal Data: (i) Measures of pseudonymization and encryption of Personal Data, (ii) Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services (iii) Measures for ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident, (iv) Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing, (v) Measures for user identification and authorization, (vi) Measures for the protection of data during transmission, (vii) Measures for the protection of data during storage, (viii) Measures for ensuring physical security of locations at which Personal Data are processed, (ix) measures for ensuring events logging, (x) Measures for ensuring system configuration, including default configuration, (xi) Measures for internal IT and IT security governance and management, (xii) Measures for certification/assurance of processes and products, (xiii) Measures for ensuring data minimization, (xiv), Measures for ensuring data quality, (xv) Measures for ensuring limited data retention, (xvi) Measures for ensuring accountability, (xvii) Measures for allowing data portability and ensuring erasure.  The Data Processor has undertaken commercially reasonable due diligence to ensure Subprocessors have implemented commercially reasonable technical and organizational security measures to protect Personal Data.

              4.2.8      For purposes of Annex III of the Standard Contractual Clauses, the list of Subprocessors is set forth in Section 7 of this DPA.

 4.3         If the Standard Contractual Clauses are applicable between the parties pursuant to Section 4.1 of this DPA, their provisions will be deemed incorporated by reference into this DPA. To the extent required by the applicable data protection regulations, the parties shall enter into and execute the Standard Contractual Clauses as a separate document.

  1. TERMINATION

5.1         This DPA will terminate automatically upon the later of termination or expiry of (a) the Terms or (b) of the Data Processor’s obligations in relation to the Processing. Where applicable, on termination of this DPA, the Data Processor shall return to the Data Controller or delete, at the Data Controller’s request, all the Data Controller’s Personal Data in its possession or under its control. Upon the request of the Data Controller, the Data Processor shall confirm compliance with such obligations in writing and delete all existing copies, unless applicable law requires storage or otherwise permits retention of the Personal Data.

 5.2         The Data Controller shall be entitled to terminate this DPA by notice in writing to the Data Processor if the Data Processor is in a material or persistent breach of this DPA which, in the case of a breach capable of remedy, shall not have been remedied within thirty (30) working days from the date of receipt by the Data Processor of a notice from the Data Controller identifying the breach and requiring its remedy.

5.3         The Data Processor shall be entitled to terminate this DPA by notice in writing to the Data Controller if the Data Controller is in a material or persistent breach of this DPA which, in the case of a breach capable of remedy, shall not have been remedied within thirty (30) working days from the date of receipt by the Data Controller of a notice from the Data Processor identifying the breach and requiring its remedy.

  1. AUDITS AND INFORMATION REQUESTS

 

6.1         The Data Processor agrees to make available to the Data Controller all information necessary to prove compliance with the obligations laid out in this DPA and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller as set forth in this Section 6. Within the limit of one (1) audit per year and subject to the notification by the Data Controller with a thirty (30) day prior notice, except in the case of an audit requested by a supervisory authority, the Data Controller may during regular business hours, without unreasonably interfering with Data Processor’s business operations, personally audit the Data Processor, or appoint a third-party auditor being subject to confidentiality obligations to carry out such audit.

6.2         The Data Processor shall cooperate in the case of an audit under this Section 6 and provide to the Data Controller all information necessary to carry out such audit. The Data Controller shall cover the costs and expense incurred by each party in relation to audits under this Section 6.

 7          APPOINTMENT OF SUBPROCESSORS

 7.1         The Data Controller authorizes the Data Processor to use of the following Subprocessors solely as required for the performance of the Online Services in connection with the Terms:

 Name of Subprocessor

Processing Function

Location

LinkedIn

For profile data import and SSO

LinkedIn data stored globally

Twilio

Int'l Telephone numbers, programmable voice conferences, VoIP, Video chat, real-time text chat


USA, Philippines, UK

Google

 Maps, Place Autocomplete, Geography Handling, Site Analytics (no PI data)

USA / Europe

Postmark

Transactional Emails

International

Cronofy

Calendar-sync for users

USA

Sentry.io

Front-end application error logging

USA / Europe (Google Data centers)

NeverBounce:

Automated email validation for large-user client imports

USA

Clearbit

API for pulling business icons for our Employer Database

USA / EU

Pendo

Traffic Analysis and User tips/ guidance

USA / Europe (Google Data centers)

LibLynx

COUNTER 5 reporting

USA

Stripe

Billing information for personal purchases and subscriptions

USA

 

7.2         The Data Controller authorizes the Data Processor to add and/or replace any of the aforementioned Subprocessors, provided the Data Processor informs the Data Controller in writing (which may include email or posting a clear and conspicuous notice on the Online Services) of any such intended changes at least ten (10) business days in advance, thereby giving the Data Controller sufficient time to be able to object to such changes prior to the addition and/or replacement of the Subprocessor(s). The Data Processor shall provide the Data Controller with the information necessary to enable the Data Controller to exercise its right to object to the addition and/or replacement of the Subprocessor(s). If the Data Controller objects to the change of Subprocessor(s), the Data Controller may, throughout the period of notice, terminate this DPA in writing. If the Data Controller does not terminate within the notice period, this formalizes the consent of the Data Controller to the notified change of Subprocessor(s).

7.3         Where the Data Processor uses the services of a Subprocessor, the Data Processor shall execute a written agreement with any such Subprocessor that contains, in substance, the same data protection obligations as those binding on the Data Processor under this DPA, including the terms of third-party beneficiary rights for Data Subjects (as set forth in the Standard Contractual Clauses). The Data Processor shall remain fully responsible to the Data Controller for the acts or omissions of its Subprocessors.

  1. MISCELLANEOUS PROVISIONS

 8.1         Amendments or additions to this DPA must be made in writing to be effective. Should any provision of this DPA be or become invalid, this shall not affect the validity of the remaining terms. In the event of invalidation of any provision of this DPA, the parties shall, in any case, endeavor, in good faith, to replace the invalidated provision by another one, enforceable, valid and legal, having to the greatest possible extent a legal impact equal or equivalent to the one of the initial provision.

 * * * * * * * * * *