Privacy Statement and Practices

Terms used herein but not otherwise defined shall have the meanings ascribed to them in Section 19 of this Privacy Statement.

At Digital Edge, we value your privacy. Regardless of whether you are our customer, a visitor to one of our Websites or Facilities, or someone we deal with in the ordinary course of our business, protecting your privacy is important to us and is a responsibility that we take seriously. We understand the importance of ensuring that we collect, use, store, share and dispose of (collectively “Process”) Personal Data in a fair, ethical, transparent, secure, and lawful way.

This Privacy Statement describes the Privacy Practices we have adopted to protect your Personal Data and to be compliant with regulations pertaining to privacy and data protection. In certain jurisdictions around the world, we have additional requirements that apply to how we Process your Personal Data. Please see the applicable privacy riders for these locations in the links below.

1. Privacy Statement

This Privacy Statement applies to Digital Edge and is addressed to individuals outside our organization with whom we interact with in respect of our business, including our customers, prospective customers, job applicants, users of our Websites or Facilities, and other third parties who provide information to us through various other channels (together, “you”).

By using our Websites or Services, or otherwise providing information to us, you agree that your Personal Data will be handled as described in this Privacy Statement. Your use of our Websites is also subject to our Terms of Use, which sets forth important information about your use of our Websites.

This Privacy Statement may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data. We encourage you to read this Privacy Statement carefully, and to regularly check this page to review any changes we might make to the same. If you have any questions about how we Process your Personal Data, or would like to lodge a complaint, please contact us at privacy@digitaledgedc.com.

2.Collection of Personal Data

Summary: We collect or obtain Personal Data from you from different sources, including automatically as you use our Websites or Services; when you contact us or request information; during the course of our relationship with you (or your employer); when you make Personal Data public; when you register to use any of our Services; or when you interact with our third party content or advertising partners on their websites. We may also receive Personal Data about you from third parties (e.g., law enforcement authorities, research providers, and financial institutions).

PLEASE NOTE: We do not ask about or collect sensitive or special category Personal Data about you, e.g., information relating to your health, genetic information, religion, political beliefs, union membership, race, or sexual orientation. We ask that you do not send or provide this information to us under any circumstances.

How we collect and Process Personal Data can vary based on how and why you interact with us. Namely, we Process Personal Data as follows:

v Information We Collect Directly from You. When you communicate or do business with us, we collect information from you, and this may include personal information. For example, we collect information from you when you buy our Services, create an online account with us, request information from us, download information from our Website, submit a trouble ticket, access our Facilities, participate in a contest or survey given by us, attend any of our customer or marketing events, or otherwise engage with us in relation to a Service.

v Information We Collect Automatically. We automatically collect information about your use of our Websites or online Services through cookies, web beacons, log files and other technologies (including geotagging). We may use this information in aggregated form, or we may associate it with your username and other personal information that we collect about you. We may also combine information collected about you on one of our Websites with information collected through other means for the same purposes as we would use such information in non-combined form. Please see the section “Our Use of Cookies and other Tracking Mechanisms” below for more information.

v Information About Your Use of Our Services. Where permitted, we also collect information about your use of our Services, Facilities and Websites, including power utilization, capacity usage, traffic data, CCTV images, security data, and your access rights and privileges (e.g., credentials supplied, biometric data, etc.).

v Information We Collect from Third Parties. In addition, we may collect or obtain your Personal Data directly from third parties. These third parties typically consist of research service providers, credit agencies, and law enforcement agencies. Where permitted, we may combine this data with information that we already maintain about you.

You can choose not to provide Personal Data to us in certain circumstances. However, please note that if you decline to provide us with your Relevant Personal Data and such information is necessary for us to provide Services to you, or for you to access our Websites or Facilities, or to perform administrative functions in respect of the same (e.g., billing, customer support, etc.), we may be unable to do these things for you.

3.Type and Categories of Personal Data

Summary: The type and categories of Personal Data we collect and Process may include, but is not limited to: your personal details (e.g., your name, age, and gender); demographic data (e.g., your location and language preferences); your contact details (e.g., your telephone number and email address); records of your consents; work order details; information about our Websites (e.g., the type of device you are using); details of your employer; information about your interactions with our content or advertising; and any views or opinions you provide to us.

PLEASE NOTE: We do not process personal information or data on behalf of our customers, and we do not have access to (nor monitor) our customers’ data which (i) is stored or processed by them on their servers or systems within our Facilities or (ii) otherwise transits over or through our Network Services.

We Process the following type and categories of Personal Data:

v Personal Details: given name(s), preferred name, age, and gender.

v Demographic Information: salutation, job title, and language preferences.

v Contact Details: correspondence and business address, telephone number, email address, details of personal/executive assistants (where applicable), messenger application preference, online messaging details, and social media details.

v Consent Records: records of any consents you have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent (i.e., for credit checks, background checks, etc.).

v Access Records: dates, times and locations of access to our Websites or Facilities; access credentials, including any location data or biometric data you choose or consent to provide to us.

v Work Order Details: records of work orders placed on our Customer Portal.

v Data Relating to Our Websites: your device type, operating system, browser type, browser settings, IP address, language settings, date and time of connecting to a Site, usage data, and aggregate statistical information; as well as your Customer Portal usage statistics (including settings, dates and times of connecting to the Customer Portal and other technical communications information such as username, password, security login details).

v Employer Details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer.

v Content and Advertising Data: records of your interactions with our online advertising and content, records of advertising and content displayed on pages, and any interaction you may have had with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part) and any touchscreen interactions.

v Job Applicants: education details, job and salary history and other information gathered during the interview process.

4.Purposes of Processing and Legal Basis

Summary: We Process Personal Data for various reasons, including but not limited to providing you with access to our Websites, Customer Portal, and Services; communicate with you; manage our IT systems in connection with our business; ensuring health and safety of all our customers, employees, and allow access to our Facilities.

Subject to applicable laws, we Process Personal Data for the following purposes:

v To provide our Services to you, to communicate with you about your use of our Services, and to fulfil your orders for additional Services (including via email, telephone, audio or video conference, text message, social media, post or in person).

v To provide secure access to our Facilities, including by means of secure access systems which processes your Personal Data, including any access credentials and any biometric data you may choose to provide for these purposes.

v For the purpose for which you specifically provided the Personal Data to us, including, to respond to your inquiries, provide information that you requested, address trouble tickets, and provide you with support in respect of your Services.

v To deliver customized content to you, offer location based, personalized help and instructions, and otherwise personalize your experience while using our Websites or our Services.

v To better understand how users’ access and use our Websites and Services, both on an aggregated and individualized basis, to administer, monitor, and improve our Websites and Services, for our internal purposes, and for other research and analytical purposes.

v For marketing and promotional purposes (e.g., we may use your Personal Data to contact you with newsletters, special offers and promotions, or to otherwise about products or information we think may interest you, as well as to track the success of our marketing and advertising campaigns).

v To assist us in advertising our products and services in various mediums including, without limitation, sending promotional emails, advertising our services on third party Websites and social media platforms, direct mail, and by telemarketing.

v To undertake health and safety assessments and related compliance activities (including record keeping) in order to ensure a safe and secure environment to all individuals working or present at our Facilities.

v To protect our customers, employees, or property, including management, monitoring and operation of our IT and security systems — for instance, to investigate fraud, harassment or other types of unlawful activities involving third parties that we do business with, and to enforce this Privacy Statement, as well as our Terms of Use.

v For our recruitment activities, including interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.

The legal basis on which we Process Personal Data depends on the type and context in which we obtained the information from you, and can include:

v Having a legitimate interest in providing our Services to you (to the extent that such legitimate interest is not overridden by your fundamental rights or freedoms),

v Having obtained your prior consent (but only for the scope and purposes of that consent), or

v Having an obligation or duty (i) to protect the vital interests of any person or (ii) to comply with a legal or regulatory obligation.

5.Disclosure of Personal Data to Third Parties

Summary: We may disclose Personal Data to third parties, including but not limited to, legal and regulatory authorities, our external advisors, our Processors, and any third-party that as necessary in connection with: the provision of our Services to you, legal proceedings where the Personal Data may be relevant, and for investigating, detecting, or preventing criminal offences.

PLEASE NOTE: We do not sell Personal Data to third parties.

To the extent permitted by law, we may share your information as follows:

v Affiliates. We may disclose the information we collect from you to our affiliated companies. Our affiliates may use your information for the purposes indicated in this Privacy Statement, including to market their products and services to you.

v Marketing Partners. We may jointly offer a product or service, such as data and internet communications products and services, with third parties who are system integrators, resellers, solution partners, network partners and affinity organizations. If we do so, we may share your information, such as your email address, phone number, or mailing address, with these third parties to assist in providing and marketing that product or service to you, as well as to enable the third parties to market their own products and services to you.

v Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf, including but not limited to entities that provide website hosting, service/order fulfilment, customer service, and credit card processing. These third parties are sometimes necessary for us to provide our Services to you or to fulfil your requests or orders. We take steps to ensure that third party contracts contain appropriate data protection and security language.

v Business Transfers. If we are acquired by or merge with another company, or if substantially all our assets are transferred to another company, we may transfer the Personal Data we have collected from you to the other company.

v In Response to Legal Process. We may disclose Personal Data we collect from you in order to comply with applicable law, judicial proceedings, court orders, or other legal process or proceedings.

v To Protect Us and Others. We may disclose Personal Data we collect from you where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Privacy Statement, or as evidence in litigation in which we are involved.

v Other Purposes for Which We May Seek Your Consent: From time to time, we may seek your consent to use your Personal Data for a purpose not described in this Privacy Statement, which may include the consent to share such Personal Data with third parties.

v Aggregate and De-Identified Information. We may share aggregate or de-identified information about users with third parties for marketing, advertising, research, or similar purposes.

The complete list of processors to whom we disclose Personal Data and the associated purposes can be found at the following link.

If we engage a third-party “Processor” to Process your Personal Data, we will ensure the contract between us and the third-party Processor contains adequate provisions to (i) restrict their ability to Process the Personal Data only in accordance with our prior written instructions, and (ii) ensure adequate measures to protect the confidentiality and security of the Personal Data.

6.Communications and Marketing

Where permitted by applicable law, we may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail. Please note that it may take several days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you e-mails about your account or any Services you have requested or received from us

7.Cross Border Transfers of Personal Data

Digital Edge may transfer Personal Data across national borders for Processing, but only if permitted by local law. The countries to which we transfer Personal Data are Hong Kong, Singapore, Australia and such other locations as may be specifically referenced in a particular county specific rider (if any). Where we transfer your Personal Data to recipients located outside the country in which the Personal Data was collected, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses by contacting us in accordance with the ‘How To Contact Us’ section below.

8.Third-Party Links

Our Websites may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Statement but is instead governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Our Websites may also include social media plugins such as “like” and “share” buttons. By clicking on such a plugin, the data you want to “like” or “share” will be provided to the relevant social media site. We are not responsible for the practices of such third-party social media sites once you have clicked on any such button. We will not collect any data about you from social media sites.

9.Data Security

We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law.

Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk, and you are responsible for ensuring that any Personal Data that you send to us are sent securely.

10.Data Accuracy

We take every reasonable step to ensure that the Personal Data that we collect about or from you is accurate and, where necessary, kept up to date. If any of your Personal Data is inaccurate (having regard to the purposes for which it was collected and Processed), we take necessary steps as is required to ensure that such inaccurate data is erased or rectified without delay.

From time-to-time, we may ask you to confirm the accuracy of your Personal Data.

11.Data Minimization

We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Notice.

12.Data Retention

We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Privacy Statement. The criteria for determining the duration for which we will retain your Personal Data are as follows:

We will retain Personal Data in a form that permits identification only for as long as:

v We maintain an ongoing relationship with you; or

v Your Personal Data are necessary in connection with the lawful purposes set out in this Privacy Statement, for which we have a valid legal basis, plus

v The duration of (i) any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and (ii) an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim); and

v If any relevant legal claims are brought against us by you, we will continue to Process Personal Data for such additional periods as are necessary in connection with that claim.

During the periods noted in the last 2 paragraphs above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, that data, except to the extent required to defend or prosecute a claim involving that Personal Data.

Once the foregoing retention period expires, we will either (i) permanently delete or destroy the relevant Personal Data; or (ii) anonymize the relevant Personal Data so that it is no longer considered Personal Data under relevant laws.

13.Your Rights

Subject to applicable law, you may have the following rights regarding our Processing of your Personal Data:

v Right to be informed: you have a right to know what Relevant Personal Data we have about you, what we do with it, where we get it from, who we share it with, how long we keep it and why we need it.

v Right not to Provide. The right not to provide Personal Data to us, however, please note that as mentioned earlier, we may not be able to provide you with the full benefit of our Websites or Services if you elect not to provide us with your Personal Data).

v Right of Access. The right to request access to, or copies of, your Relevant Personal Data.

v Right of Rectification. The right to request rectification of any inaccuracies in your Relevant Personal Data.

v Right to be Forgotten. The right to request, on legitimate grounds:
- o Erasure of your Relevant Personal Data; or
- o Restriction of Processing of your Relevant Personal Data.

v Right to Data Portability. The right to have certain Relevant Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable and practicable.

v Right to Withdraw Consent. Where we Process your Relevant Personal Data on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal and does not prevent the Processing of your Relevant Personal Data in reliance upon any other available legal basis).

v Right to Complain. The right to lodge complaints regarding the Processing of your Relevant Personal Data with a Data Protection Authority.

v Right to Restrict Use: You have the right to limit the way we Process your Relevant Personal Data.

v Right to Challenge Automated Decisions: you have the right to query and review decisions made about you using purely automated means (i.e., without human involvement or intervention) based on your Relevant Personal Data.

The forgoing rights are not intended to limit your statutory rights. To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Privacy Statement, or about our Processing of your Relevant Personal Data, please send an email to privacy@digitaledgedc.com. Please note that in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights. In addition, where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request promptly, before deciding what action to take. In addition, where permitted under applicable law, we may charge you a reasonable fee to access your Relevant Personal Data, however, we will advise you of any fee in advance of providing you access.

14.Our Use of Cookies and other Tracking Mechanisms

When you visit our Websites, we will typically place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We Process Personal Data through Cookies and similar technologies, in accordance with our Cookie Policy.

15.Direct Marketing

We Process Personal Data to contact you via email, telephone, direct mail, or other communication formats to provide you with information regarding services that may be of interest to you. If we provide our services to you, we may send information to you regarding our services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us, subject always to obtaining your prior opt-in consent to the extent required under applicable law.

You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional email we send. After you unsubscribe, we will not send you further promotional emails, but in some circumstances, we will continue to contact you to the extent necessary for the purposes of any services you have requested.

16.Third-Party Ad Networks

We may use third parties such as network advertisers to display advertisements about Digital Edge on third party websites. Network advertisers display advertisements on third-party sites, based on your visits to our Websites as well as other websites. This enables us and these third parties to target advertisements by displaying ads for products and services in which you might be interested.

Third party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other technologies to measure the effectiveness of their ads, to personalize advertising content to you, and to track your movements on our Websites and on other third-party sites. These third-party cookies and other technologies are governed by each third party’s specific privacy policy, and not this one. We may provide these third-party advertisers with de-identified information about your usage of our Websites and our Services, as well as aggregate information about visitors to our Websites and users of our Services; however, we do not share your personal information with these third parties.

You may opt-out of many third-party ad networks. For more information regarding this practice, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by, please visit their respective websites.

17.Children's Privacy

We encourage parents and guardians to take an active role in their children’s online activities. We do not aim our Websites at children. If you believe that we may have collected Personal Data about someone who is under the applicable age of consent in your country without proper consent of the child’s parent or guardian, please contact us by sending an email to privacy@digitaledgedc.com.

18.Details of Controllers

For the purposes of this Privacy Statement, the relevant controllers are the affiliates of DEA TopCo LP and Digital Edge (Singapore) Holdings Pte Ltd.

Contact details: John Freeman ( privacy@digitaledgedc.com )

19.Definitions

“Cookie” means a small file that is placed on your device when you visit a website (including our Websites). In this Privacy Statement, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.

“Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.

“Customer Portal” means any online portal that provides information or interactive functionality.

“Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.

“Digital Edge”, “we”, “us”, “our” means DEA TopCo L.P., Digital Edge (Singapore) Holdings Pte Ltd., and their direct and indirect wholly owned and/or controlled subsidiaries.

“Facilities” means any of our offices and data centers and other property sites which we own, lease and/or operate in connection with our business.

“Network Services” means network connectivity services provided by us to our customers in connection with our data center services (e.g., cross connects, internet exchange and traditional voice, data and video connectivity services).

“Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

“Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).

“Relevant Personal Data” means Personal Data in respect of which we are the Controller.

“Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority.

“Websites” means any of the Digital Edge websites operated, or maintained, by us or on our behalf, including our Customer Portal (including any mobile version of such websites), whether operated under the Digital Edge brand or other name that we own.

“Services” means all products and services offered by Digital Edge, including Network Services, whether available online or offline.

Last updated: 17 November 2021