GDPR STATEMENT

SUNREE is committed to protecting personal data of our EU customers, and vendors, regardless of where that data is processed. We have a robust security program and an established series of internal policies, processes, and practices across our organization to ensure that personal data of EU individuals is processed appropriately and protected in our information systems.

When processing the personal data of EU individuals we:

• Ensure there is a legitimate business reason to collect the data
• Ensure we have consent to collect and use the data (where required)
• Limit collection, storage and usage of the data only to the extent for which there is a business reason and consent

Below are some highlights of how SUNREE is ensuring compliance with GDPR:

• Data Breach Response Plan: In the event of a data breach that may impact the security of employee, customer, or vendor personal data, we will take steps within 72 hours of discovery of the incident.
• Data Privacy Impact Assessment: When initiating new projects or products, implementing new software, or onboarding new vendors that may process personal data of EU individuals, we will assess data privacy impact in order to ensure that personal data is adequately protected in any systems or processes controlled by SUNREE.
• Data Subject Rights: We understand that anyone doing business with us may have questions about the types of personal data SUNREE processes about them.

If you have questions about SUNREE and GDPR, please refer to our FAQ or contact [email protected]