Front Data Privacy Framework Certification Notice

Effective as of October 10, 2023

FrontApp, Inc. (“Front”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Front has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the collection, use and retention of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the collection, use and retention of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the relevant Principles shall govern. You can learn more about the Data Privacy Framework (DPF) program at www.dataprivacyframework.gov, and view our certification here.

Front is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. This Front Data Privacy Framework Notice supplements the Front Privacy Notice for personal data Front collects, uses or discloses as a controller:

• Personal Data Processed. Please review the section of the Front Privacy Notice entitled Types of Personal Data We Collect for details on the types of personal data we collect for processing as a controller.
• Purposes of Personal Data Processing. Please review the section of the Front Privacy Notice entitled How We Use Your Personal Data for details on the purposes of processing personal data where Front is a controller.
• Third Parties Who May Receive Personal Data. Please review the section of the Front Privacy Notice entitled To Whom We Disclose Your Personal Data for details on the third parties who may receive personal data where Front is a controller and the purposes for which we disclose it to them.
• Rights to Access, Limit Use, and to Limit Disclosure of Personal Data. Please review the section of the Front Privacy Notice entitled Your Data Protection Rights on rights to access, limit use, and limit disclosure of personal data where Front is a controller.

Front is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. Front provides a customer operations platform that our business customers use to streamline communication and provide customer service. In providing this platform, Front processes personal data that our customers submit to our services on their behalf:

• Personal Data Processed. Front customers decide what data to submit, but it may include personal data pertaining to customers’ own customers and customer personnel, including first and last name, title, position, employer, company email, phone, physical business address), and message content.
• Purposes of Personal Data Processing. Front processes personal data that customers submit to our services for processing on their behalf to provide services to our customers and to comply with their processing instructions.
• Third Parties Who May Receive Personal Data. Front uses third party service providers to assist us in providing our services to customers, including to provide customer support to our customers, perform database monitoring and other technical operations, facilitate the drafting and/or transmission of communications, provide data hosting and storage services, enable search features, provide content delivery network services, and enable artificial intelligence functionality. These third parties may access, process, or store personal data while providing their services. Front maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and Front remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
• Rights to Access, Limit Use, and to Limit Disclosure of Personal Data. Individuals in the European Union, United Kingdom (and Gibraltar) and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Data Privacy Framework self-certification, Front has committed to respect those rights. Because Front personnel have limited ability to access data our customers submit to our services, if you wish to request access to, limit use of, or to limit disclosure of your personal data, please provide the name of the Front customer who submitted your data to our services. We will refer your request to that customer and will support them as needed in responding to your request.

EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Front at: [email protected]. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please contact JAMS, an alternative dispute resolution provider based in the United States, at https://www.jamsadr.com/ for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Front nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.

Front’s commitments under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Front may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.