Baynote Service Privacy Policy (“BSPP”)

UPDATED – January 1, 2014

This notice describes the privacy policy and practices of Baynote, Inc. (“Baynote”) and describes how Baynote collects
and leverages user information collected from our corporate client’s website(s) and applications. The BSPP is
designed to assist Baynote clients in understanding how we collect and use the website and user information clients
provide to Baynote related to the provisioning of the Baynote service. Baynote’s clients have their own websites,
mobile sites, applications, touch points and their own privacy policies. Baynote is not responsible for the privacy
practices or the content of client websites, applications or touch points. The BSPP applies solely to the information
collected by the Baynote Service when website users visit our client’s website(s) and applications.

Baynote is a technology company that personalizes consumer experiences for users on our client’s websites and other
digitally enabled touch points (the “Service”). Baynote collects information about users as they visit our client’s websites
enabling the client to deliver engaging experiences on their websites, emails, text messages, mobile sites, mobile
applications, tablet sites, tablet applications, and in other digitally enabled touch points such as kiosks, chat, or call center interactions.

Baynote leverages website user information to deliver personalized and relevant product and content
recommendations, to reorder onsite search results, and to deliver client specific offers. These personalized interactions
make it easier for website users to find what they are looking for, discover new and interesting products and generally are
valuable for website users. Baynote supports SSL encryption for all external communications to ensure information
security and integrity.

Information Baynote collects

The Baynote Service may collect any or all of the following information from website users on our client’s touch points:
1. The search terms and keywords used to find the client website. (Typically entered into a search engine like Google,
Bing or Yahoo);
2. The search terms or keywords used while on the client website. (Typically entered into the website search box
located on the client website);
3. The client’s product or content items clicked on and viewed on the client website along with other client website
navigation data, including following links from the client website to URLs within and outside of the client website,
and any browser action that can be triggered by clicking on a link, including script activations, email actions and
form posting;
4. The client’s product or content items placed in groups such as favorites, wish lists or registries;
5. The client’s product placed in shopping carts or purchases;
6. Additional information is collected by Baynote that is automatically provided to the website user’s computer browser
including the IP address, date and time of a user session and browser type;
7. Various browser and server dates and times including page load, recommendation request, link click, page exit and
durations computable from the collected dates and times.
8. Baynote may leverage website user’s IP address, or some other device specific enabled location service, to provide
the website user’s approximate location; and,
9. Where our client’s privacy policy allows the sharing of such information, Baynote’s clients may also provide known
user or anonymous user information such as purchase history, segment membership, location or other related

Baynote does not collect or store any sensitive or personally identifiable information such as the website user’s
name, email address, home address, phone number, credit card numbers or social security numbers.

Cookies and Image Tags

The Baynote Service uses industry standard cookies and image tags to collect website user information on our client’s
websites. These standard technologies allow for the exchange of information between the website user’s browser and the
Baynote Service. The Baynote Service allows our clients to use first-party cookies instead of third-party cookies, helping
make the website user comfortable about avoiding browser-level information integrity issues.

Persistent and Session Cookies

The Baynote Service uses two kinds of cookies called session cookies and persistent cookies. A session cookie is
created when a website user arrives on a client website and expires when the website user closes their browser after
viewing the client website. A persistent cookie is also stored on the website user’s hard drive for a period of time. The
Baynote Service may store information about the website user’s browsing history while on the client website or other
client website information in a persistent cookie.

Disabling or Removing Cookies (“Do Not Track”)

Website users can disable or delete the Baynote Service cookies from their computer by following the directions in the
help area of the website user’s browser. While the Baynote Service may use cookies to help personalize the website
user’s experience on the client website, the Baynote Service is still able to personalize the website user’s experience
without cookies. When cookies are disabled or deleted, the Baynote Service uses different personalization approaches
that do not require a cookie.

How the Baynote Service leverages website user information

The Baynote Service uses anonymous website user information collected to personalize our client’s website user
experience and to apply that collective intelligence to personalize the client website experiences for other client
website users. The Baynote Service may associate the client’s website user information with an anonymous user
identifier. This identifier is also associated with the persistent cookie that is placed in the website user’s browser on
their computer. Website user information that is collected and stored as part of provisioning the Baynote Service is
shared only with the related Baynote client whose site or application the website user visited.

Website user information is observed by the Baynote Service’s analytics technology to help identify useful patterns of
behavior or connections. Patterns are formed when many website users exhibit the same types of behavior. The
Baynote Service’s analytic technology recognizes these patterns and uses recognition techniques to personalize
website user experiences including the following:

1. To show relevant client product or content recommendations on the client’s website, in email, chat or other digitally
enabled touch points;
2. To deliver relevant client offers;
3. To reorder client onsite search results to make them more relevant to client website users;
4. To create segments of visitors and to identify visitors as members of existing client segments or Baynote derived
segments that may be used to drive marketing or other client initiatives outside the Baynote Service.
5. To inform the client’s advertising partners about relevant client products or content that client website visitors may
be interested in; and,
6. To research and develop new website user personalization products, techniques, or technologies.

How long does Baynote keep website user information?

Baynote adheres to existing laws regarding information retention. Unless prevented by law, the Baynote Service
retains the anonymous website user information collected for as long it is relevant and meaningful to our clients in
delivering enhanced website experiences to their website users. Baynote will retain collected information as long as is
required to meet service agreements with our clients and as required by law or to protect Baynote’s rights or property.

How does the Baynote Service deliver personalized emails if the Service does not track website user email addresses?

The Baynote is not an email company or email service provider. Baynote clients have their own email applications or
service providers. The Baynote Service integrates with our client’s email systems and/or service providers. Baynote’s
clients maintain email addresses and systems. The Baynote Service delivers client recommendations or offers to the
email system or provider and the email system or service provider sends the emails.

How Baynote Protects your Information

Baynote takes reasonable measures to protect systems and information from unauthorized access or alteration,
disclosure, or destruction. Baynote’s production environment is located in a secure co-location facility, with accesscontrolled via two factor biometric authentication. Additionally, our network is protected in line with industry defense-indepth
best practices. Baynote also routinely performs security audits and reviews. No security system is 100% secure,
however. While Baynote has taken reasonable precautions to safeguard the information that we collect, we cannot
guarantee that it will not be accessed or disclosed either through the unauthorized acts of users of Baynote systems.

Information Sharing

Unless provided for in this Privacy Policy, Baynote does not sell, trade, rent or share any personal information about client
website users with third parties.

Advertising Partners

Baynote is not an advertising company. Baynote does not create, distribute, or deliver advertisements. We do, however,
work with partners who are advertising companies who create and deliver ads. We do not share any client website user
information with client’s advertising partners. Instead, the Baynote Service is able, at the client’s option, to share
recommended client products or content that website users are likely to be interested in. Client advertising partners use
this information to create and deliver relevant, targeted ads to website users. Any information about those website users
that is used to target the ads is part of client partner systems and is subject to their privacy policies.

Law Enforcement

The website user information that Baynote collects may be requested by law enforcement in connection with a legal
investigation. Baynote will comply with relevant laws, regulations, subpoenas or warrants. Baynote will protect and defend the rights and safety of Baynote, Baynote employees, clients, or other persons.

Anonymous Information

Baynote may share anonymous website information, aggregated across many users, or outputs of Baynote analytics
technology with clients, investors, prospective investors, business partners, marketing partners, or other third parties. This anonymous information includes how users of Baynote systems interacted with Baynote recommendations, offers and other services. This information does not identify any user or their responses to content or offers and cannot be used to identify a user or contact a user.