• Consent: In some cases, GGTEATIME processes personal data based on the consent you expressly grant to it at the time it collects such data (which you may withdraw at any time after giving it, as described in this policy). This includes:

• Processing your personal data to send you marketing communications, in cases where you have consented to such use, including sending you email communications to market and sell the Services, including to co-market, co- promote and cross sell GGTEATIME Services.
• Collecting your personal data through the use of advertising or tracking cookies based on your prior consent and use your personal data for showing you advertisements, including interest-based or online behavioral advertising.
• Collecting your personal data (including sensitive personal data) for identification verification purposes as described in this privacy policy.
• Learning how you use and interact with one or more of our Services for the purposes of improving the Services, including testing, research, internal analytics and product development (when such processing is performed with cookies or otherwise in a manner requiring consent).
• To measure our progress towards corporate goals and key performance indicators, including gathering commercial data related to our subscription Services (when such processing is performed with cookies or otherwise in a manner requiring consent).

When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection. You have the right to withdraw your consent at any time. We refer to the EEA and UK Resident Rights section below for further information.

• Legal Obligation: GGTEATIME processes your personal data where necessary to fulfill its legal obligations under applicable law, regulation, court order or other legal processing (e.g. subpoenas or warrants). This includes for the purposes of:

• Fraud protection, security and debugging.
• Responding to data subject requests under applicable privacy laws.
• Preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
• Data retention and administration obligations.
• Complying with requests of competent supervisory authorities and legal agencies.

• Other Processing Grounds: From time to time, GGTEATIME may also need to process personal data if it is necessary to protect the vital interests of you or others, or if it is necessary for a task carried out in the public interest.

EEA and UK Resident Rights

• Access: You have the right to confirmation as to whether or not we process personal data concerning you, and request access to and/or a copy of the personal data we hold about you.
• Rectification: If you believe that any personal data we hold about you is incorrect or incomplete, you can request that we correct or supplement such data. You may correct some of this information directly by logging on to your account.
• Erasure: You can request that we erase some or all of your personal data from our systems. Under the GDPR and the UK GDPR, this right is subject to certain exceptions. Please see the Data Retention section on the purposes for which we retain limited personal data.
• Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time with effect for future processing operations. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
• Portability: You can ask for your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
• Restriction of Processing: You can ask us to restrict further processing of your personal data.

Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes, such as for direct marketing purposes

Please note that these rights can often be exercised only under specific conditions set out in the GDPR and UK GDPR as applicable. Furthermore , we may not be able to fully comply with your request in circumstances where doing so is manifestly unfounded or excessive, or if it is not permitted by law. In those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

Complaints

You have the right to lodge a complaint about our practices with respect to your personal data before a supervisory data protection authority.

• If you are in the UK, the data protection authority is the UK Information Commissioner's Office available at https://ico.org.uk/.

Government ID

To the extent we collect any government ID (such as driver's license, photo card, etc), we recognise that government ID is a special category of personal information that is subject to a higher standard of privacy protection compared to other types of personal data. Notwithstanding any other part of this policy, to the extent that we collect any such government ID from you, we will only collect, use and disclose such data strictly for the identity verification purpose set out in this privacy policy or for a purpose permitted under APP 9. We will not handle your government ID in any other manner or for any other purpose. Subject to any retention requirements under law or otherwise specified in this privacy policy, we will destroy or de-identify any record of your government ID stored in our systems when we no longer need to use it.

How To Access, Correct, Update, or Delete Your Personal Data

You can request to access, correct, update or delete your personal data by contacting us using the contact details provided under the Contact us section in Part One.

You can request access to any personal data we hold about you at any time. However please be aware that from time to time we may need to reject your request to access personal data we hold about you, if we believe such rejection to be necessary and to the extent allowed by law.

If we do not provide you with access to any of your personal data, or do not correct any of your personal data, we will provide you with our reasons. If you are not satisfied with our reasons, you may make a complaint as set out below under the Complaints section.

Complaints

We take your privacy concerns seriously. If you have a complaint regarding our handling of your personal data or concerning our privacy practices, you may file a complaint with our Privacy Officer using the contact provided under the Contact us section in Part One. Our Compliance team will confirm receipt of your complaint and review it with our legal team. If we believe an investigation is necessary, we will open an investigation into your complaint. We may need to contact you to request further details of your complaint. If an investigation has been opened following a complaint made by you, we will contact you with the result of that complaint as soon as possible.

If you are not satisfied with the outcome of your complaint, you may refer your complaint to the Office of the Australian Information Commissioner by contacting 1300 363 992 or by visiting the website www.oaic.gov.au. Further information about the APA and the APPs is also available from the Office of the Australian Information Commissioner.

Consequences If We Can't Collect Your Personal Data

If you do not provide us with the personal data we need, we may not be able to provide appropriate services, targeted content or relevant information to you, and in some cases you may not be able to use our Services.

PART TWO: PRODUCT SPECIFIC PRIVACY DETAILS

This Part Two describes the privacy practices specific to a GGTEATIME business and one or more of its Services indicated in that section. Please click on the applicable link below for details.

Tracking Tools, Advertising and Your Choices

GGTEATIME and our third-party providers collect information in the Services through tracking technologies, including but not limited to, cookies (small pieces of information or text files that a website sends to your computer for record-keeping purposes and is stored in a file on your computer's hard drive), web beacons (also known as "tracking pixels"), embedded scripts, location-identifying technologies, fingerprinting, device recognition technologies, in-app tracking methods and other tracking technologies now and hereafter developed ("Tracking Technologies"). Further details about the Tracking Technologies we use (including the purpose for using them), interest-based advertising, your choices and how to manage cookies and do-not-track signals are below, and can also be found in each Service's respective Cookie Policy, linked in each Service's Part Two section of this Privacy Policy.

Advertising

We may serve ads on our Services or on external services and engage and work with Service Providers and other third parties to serve advertisements on the Services and/or on Third-Party Services. Some of these ads may be tailored to your interests based on your browsing, across time, of the Services and elsewhere on the Internet, which may include use of data from cross-device usage, sometimes referred to as "interest-based advertising" and "online behavioral advertising" ("Interest- based Advertising"), which may include sending you an ad on a third-party service after you have left the Services (i.e., "retargeting"). Our advertisers' and ad networks' use of Tracking Technologies are governed by their own privacy policies. Further details about interest-based advertising, your choices and how to manage related cookies can also be found in each Service's respective Cookie Policy.

Your Cookies and Tracking Technologies Choices

We may use Tracking Technologies to collect information about interactions with the Services, including information about your browsing and purchasing behavior. Tracking Technologies make Web-surfing and browsing easier for you by saving your preferences so that we can use the saved information to facilitate and improve your use of the Services.

• Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. Also, tools from commercial browsers may not be effective with regard to some Tracking Technologies, such as HTML5 cookies. Please be aware that if you disable or remove these technologies, some parts of the Services may not work and that when you revisit the Services your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.
• Some App-related Tracking Technologies in connection with non- browser usage (e.g., most functionality of a mobile app) can only be disabled by uninstalling the app. To uninstall an app, follow the instructions from your operating system or handset manufacturer. Apple and Google mobile device settings have settings to limit ad tracking, and other tracking, but these may not be completely effective.
• Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no consensus among industry participants as to what "Do Not Track" means in this context. Like many online services, we currently do not alter our practices when we receive a "Do Not Track" signal from a visitor's browser.
• Many advertisers and service providers that perform advertising- related services for us and third parties participate in voluntary programs that provide tools to opt-out of such interest-based advertising such as the Digital Advertising Alliance's ("DAA") Self- Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding interest- based advertising for DAA members, visit https://youradchoices.com/ and http://www.aboutads.info/appchoices for information on the DAA's opt-out program for mobile apps. Some of these companies also are members of the Network Advertising Initiative ("NAI"). To learn more about the NAI and your opt-out options for their members.
• Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected, participating members should no longer deliver certain interest- based advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non- browser-based method of access (e.g., mobile app), your browser- based opt-out may not, or may no longer, be effective.
• In addition, we may serve ads on third-party services that are targeted to reach people on those third-party services that are also identified on one or more of our databases ("Matched List Ads"). This is done by using Tracking Technologies, or by matching common factors between our databases and the databases of the third-party services. We are not responsible for these third-party services, including without limitation their security of the data. We are not responsible for such third parties' failure to comply with your or our opt-out instructions as they may not give us notice of opt- outs to our ads that you give to them, and they may change their options without notice to us or you. For more information, please see the selling and sharing sections of the applicable State-Specific Rights section.
• If you are located in the EEA, UK or Canada, you can manage your cookie consent choices using the consent management platform on the applicable Service. If you do not wish to accept non-Essential Cookies in connection with your use of the Services or wish to withdraw your consent, you can opt out by selecting “Reject All” or by selecting "Customize" (or similarly phrased options) and changing your Cookies Preferences

Session Replay Tools

On certain pages of certain GGTEATIME Services, we use session replay tools provided by third party service providers, including Microsoft. Session replay tools are a necessary tool for GGTEATIME to provide our Services. These tools allow GGTEATIME to understand user activity and content performance to help deliver and optimize our Services, find and fix performance issues, continuously improve our user's experience, and to investigate and prevent fraud and abuse. Depending on how you use our Services, our session replay tools may automatically collect the following information:

• Device-dependent data collected by your computer and web browser
• IP address
• E-mail address including your first and last name, insofar as you have provided it to us via our Services
• Screen size of your terminal
• Device browser information and identifiers
• Geographical data (country only)
• Language for displaying our website
• User interactions
• Mouse commands (movement, position and clicks)
• Date and time of access
• Keystrokes (not for sensitive fields like passwords or credit card information)

Our session replay tools service providers use this information to evaluate your use of our Services, to compile reports on usage and to provide us similar services for evaluating our website. Our session replay service providers themselves also use third-party services (e.g. Google) to provide these services, who may store or otherwise process information that your browser transmits when you visit our certain Services (including, under certain circumstances, your IP address).

How We Share Your Personal Data

Sharing with Third-Parties

We share your personal data with the following categories of third-parties and for the following purposes:

• With Service Providers that help us operate our Services. These third parties help us provide the Services or perform business functions on our behalf. They include:

• Hosting, technology and communication providers
• Security and fraud prevention consultants
• Analytics providers that provide analytics on web traffic or usage of our Services (e.g. tools that track user clicks or how visitors found our Services)
• Support and customer service vendors
• Payment processors, including those listed in the applicable Part Two section for each Service. They collect your payment information necessary to process your payment and share limited payment information with us necessary to operate our Services
• Marketing services providers
• Identification verification service providers

• With Advertising Service Providers and Partners to Show You Ads. These third parties help us market our services and provide you with other offers that may be of interest to you. They include:

• Ad networks (including social media ad networks)

• With Parties You Authorize, Access or Authenticate When Using Our Services

• Third-party log-in services
• Third-party services you choose to integrate with through the Services.

• To Fulfill our Legal Obligations. Third parties that carry out the activities set forth under Meeting Legal Requirements and Enforcing Legal Terms in the How We Use Your Personal Data section above.
• Business Transfers. If we undergo a merger, acquisition, bankruptcy or other transaction in which a third party assumes control of our business (in whole or in part), your personal data may be transferred to that third party. Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Details of the categories of personal data and the third parties with whom we share your personal data that we have collected over the past 12 months may be found in the relevant Part Two section for each Service below.

Sharing With Government Authorities and Law Enforcement

When you use our Services, we may access and share the personal data described in the applicable Part Two section with regulators, law enforcement, or other government agencies as required by applicable law or if we have a good-faith belief that we must do so to comply with court orders or government requests supported with legal process. We may also do so for the purposes of detecting, investigating and preventing fraud or illegal activity on our Services, and to protect the rights and safety of our users. If we share your personal information with government or law enforcement to comply with a court order or other legal process, we will notify you of that disclosure unless we are legally obligated not to do so.

Marketing Communications

When you register an account or subscribe to a Service, you will receive marketing communications related to GGTEATIME's learning and productivity services as well as transactional and account-related communications, by email and as permitted by applicable law. We will collect your email address as well as other information you provide on a voluntary basis to help tailor communications to you. In any marketing communication from a GGTEATIME Service, you can unsubscribe at any time by clicking the "unsubscribe" link included at the bottom of each email. You may also opt-out of receiving marketing communications at any time either through your account settings or by contacting us (see Contact Us section above). Please note that you will continue to receive transactional or account-related communications.

Data Security

We take commercially reasonable steps to protect your personal data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of personal data and how we are processing that data.

Examples of data security measures we implement include regular security vulnerability scanning of our Services in order to make your visit to or use of our Services as safe as possible; maintaining personal data behind secured networks that are only accessible by a limited number of persons with special access rights to such systems and who are under obligation to keep the information confidential; and implementing a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal data.

You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

Data Retention

We will retain your personal data as described in the applicable section for the relevant Service you are using.

Changes To This Privacy Policy

We are constantly working to grow our business and improve our Services, offer new Services and features to you, and keep up with applicable laws. For these reasons we may need to change this privacy policy from time to time. When we make material changes, we will provide you with a reasonable form of online notice of the updated policy.

Complaints

If you have an unresolved privacy concern that we have not addressed satisfactorily, you may appeal any decision to us by contacting GGTEATIME. You can find the contact details for GGTEATIME and the relevant Service in the Service in the Contact Us and Contact Information for Specific GGTEATIME Services sections above. Otherwise, please refer to your state's process for filing a complaint with the appropriate agency. Truste Website Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.