1. Purpose

This Privacy Policy (the “Policy”) outlines how Remotus (“Remotus,” “we,” “us,” or “our”) collects, uses, discloses, and protects the personal information of our employees, customers, and other individuals whose data we process. This Policy is designed to ensure compliance with applicable privacy laws and regulations, including the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and SOC 2 standards, and to maintain the trust and confidence of those who entrust us with their data.

2. Scope

This Policy applies to all employees, contractors, consultants, and other personnel of Remotus who collect, process, use, or have access to personal information. It covers all personal information processed by Remotus, regardless of the format or media on which it is stored. This policy applies to all business operations and systems used by Remotus.

3. Policy

Remotus is committed to protecting the privacy of personal information in accordance with GDPR, HIPAA, and other applicable data protection laws. Our policy statements regarding privacy requirements are as follows:

• Data Subject Rights: Individuals have the right to access, rectify, erase, restrict processing of, and object to the processing of their personal information. Remotus will provide mechanisms for individuals to exercise these rights, including responding to requests within the legally required timeframes. Specific procedures for exercising these rights are outlined in our Data Subject Rights Request Procedure document.

• Openness: Remotus will be transparent about its data processing activities and will provide individuals with clear and concise information about how their personal information is collected, used, and disclosed. This information will be readily available through this Privacy Policy and other relevant documentation.

• Transparency: We are committed to transparency in our data processing practices. We will provide clear and accessible information about the purposes for which we collect personal data, the types of data we collect, how we use it, and with whom we share it. We will also provide information about our data security measures and how individuals can exercise their rights.

• Data Protection Officer: Remotus has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection compliance. The DPO can be contacted at dpo@getremotus.com for any privacy-related inquiries or concerns.

• Right to be Forgotten: Individuals have the right to request the erasure of their personal information under certain circumstances. Remotus will comply with such requests where legally required and will take reasonable steps to ensure that the data is permanently deleted from our systems.

• Data Minimization: Remotus will only collect and process personal information that is necessary for the specified purposes. We will regularly review our data collection practices to ensure that we are not collecting excessive or unnecessary data.

• Purpose Limitation: Personal information will only be used for the purposes for which it was collected, unless we obtain consent for a new purpose or are required to do so by law.

• Data Security: Remotus will implement appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, regular security assessments, and employee training.

• Data Breach Notification: In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, Remotus will notify the relevant supervisory authorities and affected individuals in accordance with applicable data protection laws with a target of 72 hours upon discovery.

• Third-Party Processors: When we use third-party processors to process personal information on our behalf, we will ensure that they have appropriate data protection safeguards in place and that they comply with our data protection policies.

• International Data Transfers: If we transfer personal information outside of the European Economic Area (EEA) or other jurisdictions with equivalent data protection laws, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or Binding Corporate Rules.

4. Compliance

Remotus is committed to complying with SOC 2, GDPR, and HIPAA requirements. We will regularly monitor and audit our data processing activities to ensure compliance with these regulations. We will also provide training to our employees on data protection requirements and best practices.

5. Enforcement

Any employee who violates this Privacy Policy will be subject to disciplinary action, up to and including termination of employment. Remotus will also take appropriate legal action against any individual or entity that violates this Policy. To report a violation, contact security@getremotus.com.

6. Policy Review and Modification

This Privacy Policy will be reviewed and updated at least annually, or more frequently as needed to reflect changes in our data processing practices or applicable laws. Any changes to this Policy will be communicated to all employees and posted on our website.

This document shall be stored in a secure and accessible location and made available to all employees of Remotus. It is to be referenced in conjunction with other established Remotus policies and procedures.