Updated April 28, 2023

This policy covers how Qurium Solutions, Inc. and its affiliate “Supplier.io”, “CVM”, “CVM Solutions”), (collectively referred to as “Qurium Solutions”, “we”, “us” or “our”) treat data and information collected and received through our websites (“Sites”) and products and services (“Services”) (the Sites and Services are sometimes collectively referred to as “Online Services” for simplicity.

Scope of this Policy

This policy applies only to information collected and received by us through access and use of the Online Services and does not apply to any other information collected by us through other means.

It is your responsibility to read and understand this policy. By using our Online Services, you are agreeing and consenting to the practices described in this policy. If you do not agree to all of this policy and do not wish to be bound by it, you should not use our Online Services.

Please read the following to learn more about how we collect, use and safeguard the information you may provide to us via this site. This Privacy Policy may be revised from time to time, so please revisit this page often to remain fully informed of our policies.

What Information Does Qurium Solutions Collect from you?

Via our website, Qurium Solutions collects from you:

· certain personally identifiable (i.e. non-business) information, certain business information

· technical and other information

· Personally Identifiable Information

General Site Visitors – When you browse the non-password protected portions of our site, we collect information on you, which includes when you engage in the following activities:

· request information;

· participate in a survey;

· interact with our social media pages;

· apply for employment, internship or other volunteer opportunities;

· subscribe to one of our newsletters;

· post content where permitted on the Site or our other online locations.

This information consists of your name, email address, your usage data, location information, interests, and page views.

We use third-party advertising and analytics services (“Service Providers”) to better understand your online activity and serve you targeted advertisements. The Service Providers collect similar information and/or we provide them such information in order to assist in this process. We and our Service Providers use this information to, among other things, analyze and track data, determine the popularity of content, and deliver advertisements targeted to your interest on our Services, as well as to provide advertising-related services to us such as reporting, attribution, analytics, and market research.

By visiting our Sites or using our Services you consent to such sharing and use. You have rights and options, including to opt-out of having your web browsing information used for targeted advertising purposes. Please see links below to exercise such rights or contact us directly for more details.

Contacting Us – Our site permits you to contact us via email. Whenever you send an email via our site, you will be providing us with your name, title, email address, phone number and any information you choose to include in the text of your message. For example, you may choose to provide your mailing address or other information necessary or helpful for us to address your query or other concern.

Business Information

Registered Customers and Suppliers – At the time you become a registered customer of Qurium Solutions or you register as a supplier on the site, we request that you provide us with certain business information (including your business name, Federal Employer ID Number, address, web domain, and financial and insurance information regarding your business).

Technical and Other Information

All Site Users – Qurium Solutions uses commonly-used automated information gathering tools. While you are browsing our site, we automatically log your IP address (a number assigned to your computer when you use the Internet that provides general location information), general data (including your domain name, and the name of the web page from which you entered our site, and your activity while using our site.

How Do We Collect Information from You?

We collect, retain and use personally identifiable and business information from you on this site (i) by expressly requesting it from you (a) when you request information from us via email and (b) at the time you become a registered customer of Qurium Solutions or you register as a supplier on the site and (ii) when you provide us with such information in connection with the various services offered by Qurium Solutions or when you contact us via email.

In order to personalize and enhance your experience on our site, we and our third-party advertising partners may also collect information through “cookies.” Cookies are small strings of text that are sent by our site to your browser and then stored by your browser on your computer’s hard drive. We and our third-party advertising partners use cookies to help diagnose problems with our servers, administer our site, and advertise. We also use cookies to gather broad demographic information and to help identify you in respect to visits to our site so that we may improve your user experience, and to determine whether you visited our site from a particular Internet link or advertisement. The type of cookies dropped will vary depending on the advertising partner. Please email us directly with any specific questions as it relates to our advertising partners. Qurium Solutions may also use small bits of code called “one-pixel gifs,” “clear gifs,” or “web beacons” embedded in web pages to gather certain website information. Most web browsers automatically accept cookies, but it is possible to change your browser setup so that it does not accept cookies. However, rejecting cookies may prevent you from taking advantage of certain portions of our site.

The major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium (“W3C”) in their latest releases. As this standard has not been finalized, our site is not compatible with DNT.

How is Your Information Used?

Our Use of Information – We collect, retain, and use the information we collect via our site for legitimate business purposes only as described herein. Information collected from our registered customers is used to:

(1) perform normal business operations including billing, collection and supplier management;

(2) provide customers with the services contracted for and as otherwise requested; and in an aggregated non-identifiable manner along with business information collected from our other registered customers to provide generalized risk assessments and trends to Qurium Solutions’s customers. Information collected from suppliers registered on our site, whether collected directly or through any services provided to customers, is used to provide Qurium Solutions customers information on the suppliers’ business for evaluation purposes in connection with awarding contracts.

(3) correspond and provide information to such users regarding our site and/or services and developments in our company or with our services that we believe may be of interest;

(4) personalize the Qurium Solutions website;

(5) monitor site visitor traffic patterns and site usage;

(6) advertise;

(7) comply with applicable laws;

(8) enforce our Terms of Use;

(9) and protect the rights, property, or safety of Qurium Solutions, our users and others.

How do we disclose the information we receive?

–We only share or distribute information with Service Providers as provided in this Privacy Policy. We share your personally identifiable information with our affiliates and subsidiaries in order to provide you with our services. In addition, we may share in aggregate, statistical form non-personal information regarding the visitors to our site, traffic patterns and site usage with our partners or affiliates. We will disclose information we maintain, including personally identifiable information, when required to do so by law or regulation, or in response to a request from a law enforcement or governmental agency or authority.

Retention of Information – Customer-identifiable information will be retained by Qurium Solutions for so long as customer remains a customer of Qurium Solutions. Supplier information will be retained indefinitely and used to improve our Services. Qurium Solutions may maintain some or all of this data in its archives even after it has been removed from the Site.

Modifications

We strive to maintain the accuracy of any personally identifiable or business information that may be collected from you, and will use our commercially reasonable efforts to respond promptly to update our database when you tell us the information in our database is not accurate. It is your responsibility to ensure that such information is accurate, complete and up-to-date. You may obtain from us by email the information in our records and/or files. If you wish to make any changes to any personally identifiable or business information you have provided to us, you may do so at any time by contacting us at [email protected].

Opt Out

You may opt out of receiving targeted advertisements and marketing communications from us and our partners/affiliates or opt out of providing personally identifiable information by following the opt-out link provided in any email received from us or by emailing us at [email protected].

Consequences of Not Providing Information

You may choose not to provide us with your personally identifiable information or business information. However, choosing not to provide certain requested information may prevent you from accessing and taking advantage of certain services offered by Qurium Solutions.

Third Party Websites

Qurium Solutions may reference or provide links to third party websites. We are not responsible for the third party websites, and you should review the privacy policies posted on such sites. This privacy policy applies only to Supplier.io and not to other websites accessible fromSupplier.io. Please be aware that Qurium Solutions does not control, nor are we responsible for, the privacy policies or information practices of third parties or their websites.

Suppliers should note that our “Customer Branded Sites,” through which they may register and/or provide information, are provided jointly with the applicable customers. The use of information collected by Qurium Solutions though these Customer Branded Sites is subject to this Privacy Policy.

Transfer Of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Qurium Solutions will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Protecting Your Personally Identifiable Information

Qurium Solutions employs physical, electronic and managerial safeguards to protect the information we receive from you from unauthorized disclosure. This includes our requirement for usernames and Member IDs to access our data and our use of industry-standard SSL encryption to protect data transmissions. You should not share your password with anyone. In addition, if you suspect unauthorized access to your information, it is your responsibility to contact Qurium Solutions immediately. Qurium Solutions personnel will never ask you to divulge your password in written or electronic communications. We will only ask you for your password when you contact us and only in cases where you request customer service to correct a service problem which requires your password. Please be aware that Internet data transmission is not always secure and we cannot warrant that information you transmit utilizing this site is secure. Because security is important to both Qurium Solutions and you, we will always make reasonable efforts to ensure the security of our systems.

Business Transfer

Qurium Solutions may, in the future, sell or otherwise transfer some or all of its assets to a third party. Your personally identifiable information, business information and/or technical information we obtain from you via this site may be disclosed to any potential or actual third party purchasers of such assets and/or may be among those assets transferred.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Your California Consumer Privacy Rights

Section 1798.83 of the CA Civil Code known as the ‘Shine the Light’ Law, requires any operator of a website to permit its California-resident customers to request and obtain from the operator a list of what personal information the operator disclosed to third parties for direct marketing purposes, for the preceding calendar year; and the addresses and names of such third parties. Qurium Solutions does not share any personal information collected from this site with third parties for their direct marketing purposes.

Supplemental Privacy Notice for California Residents

This Supplemental Privacy Notice supplements the information in our Privacy Policy above, and except as provided herein, applies solely to California residents. It applies to personal information we collect on or through the Online Services and through other means (such as information collected offline, in person, and over the telephone). It does not apply to personal information we collect from our employees and job applicants in their capacity as employees and job applicants. It also does not apply to personal information we process as a service provider.

Summary of Information We Collect

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” and “sensitive personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Throughout our Privacy Policy, we describe the specific pieces of personal information and sensitive personal information we collect, the sources of that information, and how we disclose it. Under the CCPA, we also have to provide you with the “categories” of personal information we collect and disclose for “business purposes” (as those terms are defined by applicable law). Those categories are identifiers (such as name, address, email address, phone number, other account information, and cookies); commercial information (such as transaction data); financial data (such as credit card and other financial account information); internet or other network or device activity (such as IP address or service usage); geolocation information (general location); inference data about you; sensory information (such as audio recordings if you call customer service); professional or employment related data; education data; insurance (including health insurance) information; medical information; physical characteristics or description; legally protected classifications (such as gender); other information that identifies or can be

reasonably associated with you. The categories of sensitive personal information are account log-in, financial account information, and password or other credentials allowing access to your account.

We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Online Services; (3) affiliates; and (4) third parties such as social networks.

We or our Service Providers may collect and disclose the above categories of information for the purposes described in our Privacy Policy. This includes the following business or commercial purposes (as those terms are defined in applicable law):

(1) perform normal business operations including billing, collection and supplier management;

(2) provide customers with the services contracted for and as otherwise requested; and in an aggregated non-identifiable manner along with business information collected from our other registered customers to provide generalized risk assessments and trends to Qurium Solutions’s customers. Information collected from suppliers registered on our site, whether collected directly or through any services provided to customers, is used to provide Qurium Solutions customers information on the suppliers’ business for evaluation purposes in connection with awarding contracts;

(3) correspond and provide information to such users regarding our site and/or services and developments in our company or with our services that we believe may be of interest;

(4) personalize the Qurium Solutions website;

(5) monitor site visitor traffic patterns and site usage;

(6) advertise;

(7) comply with applicable laws;

(8) enforce our Terms of Use;

(9) and protect the rights, property, or safety of Qurium Solutions, our users and others.

We may also use the above categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.

We describe our information disclosure practices in our Privacy Policy. We may disclose certain categories of personal information with third parties (as defined by the CCPA) for the business purposes described above. For example, we may disclose identifiers and other information that identifies or can reasonably be associated with you with counterparties to your agreements. We may disclose identifiers with our marketing partners, and we may also disclose any of the categories described above with our subsidiaries and affiliates. If you connect your account with social media services or interact with social media plugins or links on the Online Service, we may disclose identifiers, commercial information, internet or other network or device activity, or general location with those social media services.

Consumer Rights

If you are a California resident, you may have certain rights. a law may permit you to request that we:

· Provide you the categories of personal information we have collected or disclosed about you; the categories of sources of such information; the business or commercial purpose for

“collecting,” “selling,” or “sharing” your personal information; the categories of third parties to whom we disclose or “sell,” or with whom we “share,” personal information; and the categories of personal information we “sell.”

· Provide access to and/or a copy of certain information we hold about you.

· Delete certain information we have about you.

· Correct inaccurate personal information that we maintain about you.

· Limit our use and disclosure of sensitive personal information.

You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Online Services to you. If you ask us to delete it, you may no longer be able to access or use the Online Services.

In instances where we process personal information on behalf of our customer, rights requests should be directed to the relevant customer. Any request sent directly to us that pertains to information collected on behalf of a customer will be forwarded on to that customer.

If you would like to exercise any of these rights, you can submit a request at [email protected] or call 800-536-6046. You will be required to verify your identity before we fulfill your request. To do so, you will need to provide information to match with our existing records to verify your identity, depending on the nature of the request and the sensitivity of the information sought. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

“Sale” of Personal Information

California residents may opt out of the “sale” of their personal information. The CCPA broadly defines “sale” in a way that may include allowing third parties to receive certain information such as cookie identifiers, IP addresses and/or browsing behavior to add to a profile about your device, browser or you. Such profiles may enable delivery of interest-based advertising by such third parties within their platform or on other sites.

Depending on how you use the Service, we may disclose the following categories of information for such interest-based advertising, which may be considered a “sale” as defined by the CCPA: identifiers (such as IP address, device identifiers, and cookies) and internet and device activity. To opt out of such “sales,” please submit a request to [email protected].

“Sharing” of Personal Information

California residents may opt out of the “sharing” of their personal information. The CCPA defines “sharing” as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites. We “share” information for these purposes to provide more relevant and tailored advertising to you regarding our Services. As part of this advertising, we may “share” identifiers (such as IP address, device identifiers, and cookies) and internet and device activity with advertising platforms and advertising networks. To opt out of such “sharing,” please submit a request to [email protected].

To submit a request, contact Qurium Solutions’ data protection officer at [email protected] or 800-536-6046.

To opt-out of Qurium Solutions’s sale of personal information to a third party, click here where you will be directed to where you can make that choice.

If you register in one our websites that we host on behalf of our customers or in any Qurium Solutions’s supplier database, the following information that you provide will be visible to all of our customers: your name, your email address, your contact information, your company, your title, and content you provide through social interaction features available on our sites.

Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. We use the following third-party Service Providers to monitor and analyze the use of our Service. The use of tracking technologies by our Service Providers or other third party assets (such as social media links) on the site is not covered by our Privacy Policy. We do not have access or control over these technologies.

Advertising. Our partners and affiliates, including Google Analytics,Google Search Console, Google Ads, Google Tag Manager and Google Optimize, WordPress, Meta (Facebook or Instagram), Hubspot, LinkedIn, Twitter, WordFence, and Hotjar (our “Service Providers”) may use cookies and web beacons to collect information about your activities on this and other websites to provide you targeted advertising based upon your interests. This means that these partners and affiliates may show our ads on sites across the Internet based upon your previous visits to our site. Together with our partners and affiliates, we may use these cookies and web beacons to report how your ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to your visits to our site.

Access to and accuracy of personal information

If you have any questions or concerns regarding our collection, use or disclosure of your personal information or if you wish to access, correct, or delete the personal information held by us, you should contact us in writing at [email protected]. As may be provided under applicable law, we will provide you with copies of your personal information. We are also obliged to request that you provide us with identification so that we can be certain that you are entitled to receive the requested data.

Please help us to keep our records of your personal information accurate and up-to-date. If you believe any information we’re holding about you is inaccurate, incomplete, or outdated, please contact us using the information below so that we may work with you to correct it.

Users in the European Economic Area (EEA), Switzerland, and UK

If you are a resident of the EEA, Switzerland, or the UK, the following information applies with respect to personal data collected through your use of our Sites and Services.

Purposes of processing and legal basis for processing: We process personal data consistent with our disclosures in this policy. We process personal data on the following legal bases:

(1) with your consent

(2) as necessary to perform our agreement to provide Services (such as when you register for an account to use the Services and accept our license agreement); and

(3) as necessary for our legitimate interests in providing the Sites and Services where those interests do not override your fundamental rights and freedoms related to data privacy.

Transfers: Personal data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or processors maintain facilities. We will ensure that transfers of personal data to a third country or an international organization are subject to appropriate safeguards.

Individual Rights: You are entitled to the rights under Chapter III of the EU General Data Protection Regulation or Section 2 of the Swiss Federal Act on Data Protection with respect to the processing of your personal data when we act as a data controller, which include the right to access and rectify your personal data and to request erasure of your personal data. To exercise these rights, contact us at [email protected]. Please note: In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you. You may also have the right to lodge a data protection complaint with your local Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Acceptance and Modifications to this Policy

This Privacy Policy is effective as of April 28, 2023.

We reserve the right, at any time, to modify, alter, or update this policy, and any such modifications, alterations, or updates will be effective upon posting. We will notify you about materials changes by prominently posting a notice on our web site. In the event we modify this Privacy Statement, your continued use of this site will signify your acceptance of the modified Privacy Statement.

Questions?

Qurium Solutions will happily address any concerns or disputes about our Privacy Policy or inaccuracies regarding your personal and business information. In the event that you have a concern or wish to see recent changes regarding our privacy policy, you can contact us directly at [email protected].

Qurium Solutions’s websites do not process any credit card or personal payment information.

Mailing address for other inquiries:

5 Westbrook Corporate Center, Suite 920
Westchester, IL 60154

Corporate Headquarters Address:

5 Westbrook Corporate Center, Suite 920
Westchester, IL 60154