Your privacy is important to Executive Personal Computers (EPC), Inc., and its global affiliates (collectively “EPC” or “we” or “our”). This Policy explains what Personal Data we collect from you, why we collect and process your personal data, when and with whom your personal data is shared, and your rights with respect to your Personal Data.

This policy applies to all EPC employees and employees of the EPC global
solutions affiliates.

In this Policy the term “Personal Data” means data that identifies or may be used to identify an individual person, including, but not limited to, a person’s name, date of birth, job title, address, email, phone number, or employer. In order to provide outstanding service, we must collect, maintain and process certain Personal Data about our customers, suppliers and other business contacts. We recognize and respect your privacy concerns and expectations about how we use this information. We want you to know about our privacy policies and practices, and what we do to protect your Personal Data.

Personal Data We Collect on our Website
In general, you can visit EPC websites without telling us who you are and without giving any personal data about yourself. There are times, however, when we may need information from you. When you select the “Contact EPC” button, we will ask you to read and agree to this Privacy Policy before you submit your Personal Data to us.

If you apply for a job through our websites, we may collect and process Personal Data you submit to us such as name, address, references, and employment history in order to evaluate your qualifications for a job and contact your references. We will retain your information until the position is filled and for up to six months after the position is filled in case other positions become available.

In all cases in which you submit personal information over our websites, you may tell us that you do not want us to use this information to make further contact with you beyond fulfilling your requests, and we will respect your wishes. If you give us personal information about someone else, such as a spouse, a reference, or a work colleague, we will assume that you have that person’s permission to do so. In any case, we will only retain your personal data for as long as we have a legitimate and lawful reason to do so.

When you visit our websites, EPC may collect certain non-personal data by various means, one of which is “cookies.” Cookies tell website operators to recognize your computer when you revisit a site. Cookies help to improve the use of the website. Cookies also allow Web sites to analyze aggregate traffic on the site, in order to streamline navigation and keep the content fresh for all visitors. You can configure your browser to reject cookies. Cookies do not contain personal data, nor can they read or transmit any data on your computer’s hard drive. Regardless of cookies, all web-browsers transmit the IP address of the computer on which they are running. For most users accessing our websites from an Internet Service Provider (ISP), the IP address will be different every time you log on. IP addresses may be used for various purposes, including to: (1) diagnose service or technology problems reported by our users or engineers that are associated with the IP addresses controlled by a specific Web company or ISP, (2) develop the most appropriate advertising based on geographic area or information derived from IP addresses, (3) estimate the total number of users visiting EPC from specific countries or regions of the world, (4) assist EPC to track visits to our Web site, and (5) help determine which users have access privileges to certain EPC Web site content.

Personal Data We Collect from Customers and Suppliers
In order to carry out our business and to fulfill our contractual obligations, EPC must collect and process Personal Data of prospective and existing customers or suppliers. Examples of the types of Personal Data that EPC may collect from its customers, suppliers and other business contacts are:

• Name, title, address, email, and telephone number
• Proof of address such as copies of utility bills
• Copies of passports or other government issued identification
• Tax identification numbers
• Signatures on legal contracts
• Payment information
• Financial statements or other financial information

Why We Collect Personal Data
EPC only collects Personal Data for lawful purposes. These include:

• To provide customers with IT Asset Disposition products or services
• To facilitate the approval of transactions
• To obtain financing in connection with our products or services
• To respond to requests from the customer, financier, or supplier
• To detect or prevent fraud
• To assess or manage risk
• To perform internal audits
• To comply with anti-terrorism, anti-bribery, or anti-money laundering laws or other laws
• To comply with legal process, subpoenas, or other requests from government bodies
• As part of a sale, merger, acquisition, or similar change of control
• To ensure data security

Specific Rights regarding Personal Data of European Citizens
If you are a citizen of Europe residing within the European Economic Area, you may have the following rights under the General Data Protection Regulation:

• to be informed of this Policy and how EPC uses and processes your Personal Data;
• to request a copy of the Personal Data we have collected;
• to request that we correct any Personal Data that is inaccurate or incomplete;
• to request that we to delete or transfer to your possession such Personal Data for which we no longer have lawful reason to keep;
• to object to the processing of your Personal Data and to lodge a complaint with the relevant data protection authority.

Specific Rights regarding Personal Data of Residents of California
If you are a resident of the state of California you may have the following rights under the California Consumer Privacy Act “CCPA”:

• to be informed of your rights under the CCPA and how EPC uses and processes your Personal Data;
• to request a copy of the Personal Data we have collected;
• to request disclosure of Personal Data processed for a business purpose;
• to request that we delete or transfer to your possession such Personal Data for which we no longer have lawful reason to keep;
• and to be free of discrimination for exercising your rights under the CCPA.

Our Data Protection Principles:
EPC will treat your Personal Data as confidential. We respect your right to privacy. In all cases in which we collect your Personal Data according to this Policy, we will abide by the following principles:

• We will only collect your Personal Data with your full knowledge
• We will only collect and keep your Personal Data for a lawful purpose
• We will only keep that Personal Data which is necessary for the lawful purpose
• We will only keep your Personal Data for as long as the lawful purpose exists
• We will keep your Personal Data accurate to the extent it is reasonably practicable to do so
• We will store your Personal Data securely to prevent unauthorized or unnecessary disclosure
• We will process your Personal Data in accordance with your rights under the relevant data protection laws
• We will not transfer your Personal Data outside of its country of origin unless adequate protections are in place

Transfer or Sharing of Your Personal Data
Subject to the above Data Protection Principles and the terms of any valid and fully-executed non-disclosure agreement, EPC may transfer or share your personal data in the following circumstances:

1. Among our affiliates, including our sole shareholder, CSI Leasing, Inc. and it’s sole shareholder, Tokyo Century Corporation for the lawful purposes described in this Policy;
2. To third parties such as our banks, financiers, couriers and suppliers in order to deliver our services or to fulfill or enforce a contract;
3. To our attorneys, auditors, IT professionals or other third party service providers for the lawful purposes described in this Policy;
4. To government, regulatory, judicial or law enforcement bodies in response to official requests.

EPC may also utilize cloud based customer relationship management or IT service providers to store and process personal data. In all cases EPC will take reasonable steps to ensure that adequate technical and organizational measures are in place so that the transfer and storage of your personal data is secure from unauthorized disclosure, alteration or deletion.
EPC does not sell, rent, or share Personal Data we collect directly from you or about you from third parties with third party Advertisers for their own marketing purposes.

Case Studies
EPC websites may contain “case studies” describing scenarios when EPC customers benefited from EPC’s services and expertise. Because no two customers are alike, these case studies should only serve as examples of other customers’ experiences, and thus may differ from your experience.

Anti-Spam Policy
EPC does not tolerate spam and is committed to proper Web practices and full compliance with the CANSPAM Act of 2003 (15 U.S.C. §7701.) We do not sell or rent e-mail addresses to any unauthorized third party. This does not mean that we can prevent all spam from happening on the internet. If you believe that you have received an unsolicited e-mail from us, please contact EPC at privacy@epcusa.com and we will investigate.

Children
EPC websites are not intended for visitors under 18 years of age. We do not knowingly solicit or collect personal data from or about children, nor do we knowingly market our products or services to children.

Notices and Revisions
EPC may revise this privacy policy from time to time. You should periodically check the revision date at the top of this Web page to learn of any revisions.

Contact EPC, Inc.
To “opt out” or make other choices about your Personal Data or to exercise your rights, please email privacy@epcusa.com.

IM02A Quality Policy
(ISO 9001:2015, Clause 5.2)
We have established this quality policy to be consistent with the purpose and context of our organisation. It provides a framework for the setting and review of objectives in addition to our commitment to satisfy applicable customers’, regulatory and legislative requirements as well as our commitment to continually improve our management system.
Customer focus: As an organisation, we have made a commitment to understand our current and future customers’ needs; meet their requirements and strive to exceed their expectations.
Leadership: Our Top Management have committed to creating and maintaining a working environment in which people become fully involved in achieving our objectives.
Engagement of people: As an organisation, we recognise that people are the essence of any good business and that their full involvement enables their abilities to be used for our benefit.
Process approach: As an organisation, we understand that a desired result is achieved more efficiently when activities and related resources are managed as a process or series of interconnected processes.
Improvement: We have committed to achieving continual improvement across all aspects of our quality management system; it is one of our main annual objectives.
Evidence-based decision making: As an organisation, we have committed to only make decisions relating to our QMS following an analysis of relevant data and information.
Relationship management: We recognise that an organisation and the relationship it has with its external providers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.
Our policy is also to meet the requirements of other interested parties and to address our social, environmental, charitable, regulatory and legislative responsibilities.
We have produced quality objectives which relate to this policy and they can be found in document R15 IMS Objectives.
This policy is available to all interested parties as well as being made available to the wider community through publication on our Company Noticeboard.
Authorized by: Position: Managing Director
Date Approved: 09.09.2022 Review Date: 09.09.2023

IM02B Environmental Policy

We have established this environmental policy to be consistent with the purpose and context of our organisation. It provides a framework for the setting and review of environmental objectives in addition to our commitment towards the following:
protecting the environment, including the prevention of pollution;
ensuring sustainable resource use, climate change mitigation, protection of biodiversity and ecosystems;
conforming to applicable legislative, regulatory and compliance obligations;
continually improving our environmental management system and to enhance environmental performance.
We have produced environmental objectives which relate to this policy and they can be found in document R15 IMS Objectives.
This policy is communicated to all interested parties as well as being made available to the wider community through publication on our Company Noticeboard
Authorised by:
Position: Managing Director
Date Approved: 09.09.2022
Review Date: 09.09.2023

IM02C OH&S Policy
(ISO45001: 2018; Clause 5.2)
We have established this Occupational Health and Safety policy to be consistent with the
purpose and context of our organisation. It provides a framework for the setting and review
of objectives in addition to our commitment to satisfy applicable regulatory, legislative and
other requirements as well as our commitment to continually improve our management
system.
We are committed to safeguarding the Health, Safety and Welfare of all its employees by
providing a safe and healthy environment for all persons affected by the Company’s
operations. As a responsible employer we believe that effective health and safety practices
contribute directly to the better performance of the Company as a whole. Our aims are not
simply to comply with Health and Safety legislation but to attain higher standards through
the adoption of recognised good practices and to provide industry leadership through our
Health and Safety performance. The Board of Directors is fully committed to achieving this
through a programme of continuous improvement, positively promoting a proactive
approach to accident and ill-health prevention.
The Board of Directors has the ultimate responsibility for the Health & Safety Policy and has
appointed a safety officer with particular responsibility for advising and informing the Board
on Health and Safety matters. The Board recognises that the principal means for adequate
accident prevention is the development of a safe system of work. The Company has
therefore produced systems and procedures for designing safe systems of work for all
aspects of its principal activities which have been identified as high risk. All levels of
management and operational staff are required to comply with the Company’s safety rules
and procedures and to contribute to their further development
The Board also recognises that co-operation and consultation at all levels is essential in
promoting a positive Health and Safety culture and the Company has developed systems for
a HSE communication on matrix on Health and Safety matters. In order to achieve the
above principles the Company has put in place the resources and developed in-house
systems to achieve the following aims:
1. To execute Company operations without harm to personnel, equipment or the
environment.
2. To monitor new developments and existing compliance with all relevant legislation
approved codes of practice and the Safety Policy as a minimum and to continually
improve the performance standards specified.
3. To make Health and Safety an integral part of the management of the Company
4. To provide premises, plant, substances at work and places of work that are safe and
without risk to health and safety, and without risks to the welfare of all the
Company’s employees.
DocuSign Envelope ID: 88F76D85-60EE-49AB-AE2C-C5076C02D930
Date: 09.09.2022 IM02C Issue 02
Classification: Public
5. To carry out our operations with due regard for the health and safety of nonemployees,
and to provide them with prescribed information regarding those
operations which may affect their health and safety.
6. To ensure employees take reasonable care for their own and others’ safety; are
competent; and appropriately trained to meet individual responsibilities and needs
7. To involve and consult with employees and where appropriate their
representatives to effectively communicate with them on health and safety
matters.
8. To sustain and develop this Policy by the implementation of an accredited health
and safety management system.
9. To review the Safety Policy on an annual basis and implement appropriate
improvements.
10. To bring changes to the Safety Policy to the attention of all employees and
interested parties.
11. We are committed to comply with applicable legal requirements and with other
requirements to which the organisation subscribes that relate to its OH&S hazards.
12. Consulting and participating with workers, and where they exist, workers
representatives on OHS&S issues
This policy is available to all interested parties as well as being made available to the wider
community through publication on our Company Noticeboard.
Authorised by:
Position: Managing Director
Date Approved: 09.09.2022
Review Date: 09.09.2023