Data Protection

One of Bondholder Communications Group’s top priorities is ensuring that all of the data that we receive and process for our clients is protected by the highest industry privacy and data protection standards. Bondholder Communications Group’s services are provided in accordance with applicable law and Bondholder Communications Group has adequate policies, procedures and controls in place to protect the security of our customers’ confidential information acquired or maintained by us in connection with our services.

• At all times, Bondholder Communications Group maintains all client data (of whatever nature) in a secure manner according to industry best practices and all relevant privacy acts including U.S. Government client data privacy protection laws and regulations.

• As part of Bondholder Communications Group’s services, Bondholder Communications Group may obtain or have access to “non-public personal information,” as that term is defined in Title V of the Gramm-Leach-Bliley Financial Services Modernization Act of 2000 and the regulations issued thereunder, including without limitation Regulation P of the Board of Governors of the Federal Reserve. Bondholder Communications Group agrees that any such nonpublic personal information is confidential information. Bondholder Communications Group protects the confidentiality and integrity of its clients’ confidential information using the same degree of care that it uses to protect its own similar information, and in no event less than reasonable care. Bondholder Communications Group holds and maintains confidentially electronic backup files of data. Bondholder Communications Group keeps confidential, and does not, without the prior written consent of its clients, disclose to any third party any of its clients’ confidential information, unless to the extent necessary to perform its service obligations. Accordingly, Bondholder Communications Group may disclose its clients’ confidential information only to (i) the issuer of the relevant securities, including the issuers of securities underlying deposit receipt instruments; (ii) the trustee for the relevant securities and (iii) any relevant advisor authorized by the issuer or the trustee.

• Bondholder Communications Group returns in confidence unprocessed any data which in the opinion of Bondholder Communications Group would result in contravening any relevant regulations or statutes.

U.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework

Bondholder Communications Group complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Bondholder Communications Group has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Bondholder Communications Group’s certification, please visit http://www.export.gov/safeharbor/

We self-certify compliance with:

https://safeharbor.export.gov/list.aspx http://www.export.gov/safeharbor

If you have any questions relating to privacy or the protection of personal information, please contact Bondholder Communications Group by email at info@bondcom.com, by phone at +1 212 809 2663, or by mail at 30 Broad St – 46th fl, New York, NY 10004, United States.

Registered with the Information Commissioner’s Office (ICO) under the Data Protection Act 1998

Bondholder Communications Group LLC is registered as a Data Controller with the Information Commissioner’s Office (ICO) under the Data Protection Act 1998 and complies with the principles set forth in the Act. For more information on the Data Protection Act 1998 or to view Bondholder Communications Group LLC’s entry on the ICO’s public register of Data Controllers, please visit http://www.ico.gov.uk/.

  Information Security and Disposal Standards

Bondholder Communications Group has in place and follows a comprehensive written information and data security program, Information Security Measures, which include appropriate administrative, technical, physical, and disaster recovery safeguards, subject to Bondholder Communications Group’s applicable industry standards, including, but not limited to Interagency Guidelines Establishing Standards for Safeguarding Customer Information (12 C.F.R. 30, et. seq.), Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act, as each may be amended from time to time, in order to (i) ensure the security and confidentiality of confidential information, (ii) identify potential threats or hazards to the security or integrity of confidential information and protect against any anticipated threats or hazards, (iii) protect against unauthorized access to or use of our customers’ confidential information, (iv) notify our customers promptly upon a breach of Information Security Measures or unauthorized access to the customers’ confidential information, and (v) ensure secure disposal of the customers’ confidential information. Bondholder Communications Group’s Information Security Measures provide for (i) continual assessment and re-assessment of the risks to the security of customers’ confidential information acquired or maintained Bondholder Communications Group in connection with the Services, including but not limited to (X) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of customers’ confidential information and systems used by Bondholder Communications Group, (Y) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such customers’ confidential information, and (Z) assessment of the sufficiency of policies, procedures, information systems of Bondholder Communications Group, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. Bondholder Communications Group regularly tests key controls, systems and procedures relating to the Information Security Measures. The frequency and nature of such tests is determined by Bondholder Communications Group’s risk assessment. Upon request, Bondholder Communications Group is pleased to provide its customers with the results of all such tests and any other audits, reviews or examinations relating to its Information Security Measures. Bondholder Communications Group maintains appropriate and complete documentation describing its Information Security Measures and will provide such documentation to its customers upon request. Bondholder Communications Group continuously monitors, evaluates, and adjusts its Information Security Measures in response to relevant changes in technology or internal and external threats to security.

• Utilizes a commercially available antiviral screening program in connection with the Bondholder Communications Group and services. Bondholder Communications Group has not designed or programmed the Bondholder Communications Group to contain any computer viruses, worms, Trojan horses, back doors, trap doors, time bombs, salamis and other malicious code.

• Bondholder Communications Group implements tools and processes to prevent (i) the transmission of attacks on its customers via the network connections between itself and its customers; and (ii) unauthorized access to its customers’ systems via its networks and access codes.

• Bondholder Communications Group maintains a written security and disaster recovery plan consistent with best industry standards and practices.

   Payment Card Industry Data Security Standards

To the extent applicable, Bondholder Communications Group follows industry standards, including, but not limited to, the PCI Standards, including (i) the Payment Card Industry Data Security Standards, (ii) PIN Security Requirements, (iii) PIN Entry Device Security Requirements, (iv) Encrypting PIN PAD (EPP) Security Requirements, and (v) Payment Application Data Security Standard (PA-DSS), as the same may be revised from time to time, as a means to protect any information concerning consumers and to prevent any compromise of its information systems, computer networks or data files by unauthorized users, viruses, or malicious computer programs.

Premium Services

• One of the many ways in which Bondholder Communications Group maintains its premium service levels is to continue to provide 100% of our services in-house. Bondholder Communications Group uses no contractors, so our clients can rest assured knowing that their data is received and processed by one firm only.

• The Bondholder Communications Group operates continuously and is available for use at least 99% of each month, excepting for scheduled downtime, as required. “Available” means that end users are able to access and use the Bondholder Communications Group and all functionality and content therein, and the Bondholder Communications Group is functioning correctly and accurately.

• Bondholder Communications Group provides its customers with technical support including access to help desks located in New York and London in addition to training on an ongoing basis as necessary to assist them to employ the Bondholder Communications Group.