Data Intensity, LLC

Data Privacy Framework Certification

Last Updated: January 30, 2026

Data Intensity, LLC (hereinafter, “Data Intensity,” “we,” or “us”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Data Intensity has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Data Intensity has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. The EU-U.S. DPF Principles and Swiss-U.S. DPF Principles shall be referred to collectively as the “DPF Principles.” To learn more about the Data Privacy Framework (DPF) program and the DPF Principles, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Personal Data Processed by Data Intensity as a Controller

1. Purposes of Data Processing. As a data controller, Data Intensity processes personal data for the purpose of providing services to our customers and potential customers, providing administrative and security functions related to our services, recruitment, employment, and marketing, or for other purposes, which will be disclosed at the time we collect personal data.

2. Types of Personal Data. The Data Intensity Privacy Notice describes the types of personal data that we collect in our role as a data controller.

3. Third Parties Who May Receive Personal Data. As described in the Data Intensity Privacy Notice (Section 6. Third-Party Disclosures), Data Intensity uses a limited number of third-party service providers (i.e., subprocessors) to assist us process personal data. These subprocessors generally offer IT infrastructure and similar technical support, help protect security and monitor performance of our services, and assist us in our marketing programs. These third parties may access, process, or store personal data in the course of providing their services. Data Intensity maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our data protection obligations. See below, Accountability for Onward Transfer.

4. Rights to Access, Limit Use, and Limit Disclosure of Personal Data. Individuals in the European Union, United Kingdom (and Gibraltar), and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Data Privacy Framework self-certification, Data Intensity has committed to respect those rights. The Data Intensity Privacy Notice describes, in more detail, the data protection rights and responsibilities you may have and how you may exercise them. If you have questions regarding this Privacy Policy or our handling of your personal information, would like to request more information from us, or would like to exercise a data privacy right, please contact us at any of the following: (email) privacy@dataintensity.com or (mail) Data Intensity Inc., Attn: Privacy Department, 535 Madison Avenue, 4th Floor, Covington, KY 41011.

Personal Data Processed by Data Intensity as a Processor

1. Purposes of Data Processing. Data Intensity delivers world-class, expert-managed services for the complex lifecycle of our clients, Oracle-powered workloads. As a data processor, Data Intensity processes personal data concerning the customers or end-users of our own clients. In these circumstances, Data Intensity processes personal data in accordance with a data processing agreement, or similar data privacy contractual terms, with our client.

2. Types of Personal Data. As a data processor, Data Intensity processes personal data concerning the customers or end-users of our own customers, which may include their name, billing address, email, telephone number, account usernames and registration information, and payment card data.

3. Third Parties Who May Receive Personal Data. Data Intensity uses a limited number of subprocessors to assist us in providing our services to our customers, and these subprocessors are set forth in the data processing agreement or similar privacy contractual terms that we execute with our customers. These subprocessors offer IT infrastructure and similar technical support and help protect security and monitor performance of our services. These third parties may access, process, or store personal data in the course of providing their services. Data Intensity maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions. See below, Accountability for Onward Transfer.

4. Rights to Access, Limit Use, and Limit Disclosure of Personal Data. Individuals in the European Union, United Kingdom (and Gibraltar), and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Data Privacy Framework self-certification, Data Intensity has committed to respect those rights. Because Data Intensity personnel have limited ability to access personal data that our customers submit to our services, if you wish to request access to, or to limit use or to limit disclosure of, your personal data, please provide us with the name of the Data Intensity customer who submitted your personal data to our services. Thereafter, we will refer your request to that customer, and we will support them as needed in responding to your data privacy request.

Security

Data Intensity takes reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction. We will permit only authorized personnel who are trained in the proper handling of personal information to have access to that personal data. When we adopt and implement new data protection policies, we promptly notify our personnel and/or remind them about the importance we place on data privacy and information security, and what they can do to protect personal data. Employees who violate our security and privacy policies will be subject to our disciplinary process. We employ security measures to protect your information from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage.

Data Integrity and Purpose Limitation

Data Intensity will retain personal data for a reasonable period of time, taking into account legitimate business needs to capture and retain such data. Information will also be retained for a period of time necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with our records retention schedules or practices. We will not use personal data in a manner that is incompatible with the purpose for which it was originally collected without providing data subjects with notice and an opportunity to opt-out.

Accountability for Onward Transfer

Data Intensity may transfer personal data we collect and process to organizations acting as our subprocessors when we are serving as a data processor and, as otherwise set forth in the Data Intensity Privacy Notice (Section 6. Third-Party Disclosures) when we are serving as a data controller. More specifically, Data Intensity may share personal data with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of Data Intensity. Such third parties have access to personal data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. Data Intensity requires these third parties to undertake security measures consistent with the protections specified herein.

In the event Data Intensity transfers personal data to a third party acting as a controller, we will do so consistent with any notice provided to data subjects and any consent they have given (where applicable), and only to the extent we have assurances that the third party will (i) process the personal data for limited and specified purposes consistent with any consent provided, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so, and (iii) cease processing of the personal data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Data Intensity has knowledge that a third party acting as a controller is processing personal data in a manner inconsistent with the DPF Principles, Data Intensity will take reasonable steps to prevent or stop such processing. We may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

Inquiries and Dispute Resolution

In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, Data Intensity commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Data Intensity at: (email) privacy@dataintensity.com or (mail) Data Intensity Inc., Attn: Privacy Department, 535 Madison Avenue, 4th Floor, Covington, KY 41011.

For unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF, Data Intensity commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, you may file a complaint at no cost to you before your applicable DPA. A list of EU data protection authorities is available here, the contact details for the UK Information Commissioner’s Office is available here, and the contact for the Swiss Federal Data Protection and Information Commissioner here.

If neither of the mechanisms above resolve your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles, which is available at https://www.dataprivacyframework.gov/s/framework-text.

U.S. Federal Trade Commission Enforcement

The Federal Trade Commission has jurisdiction over Data Intensity’s compliance with the EU-U.S. DPF and the Swiss-U.S. DPF.

Compelled Disclosure

Data Intensity may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Contact Us

If you have questions regarding our DPF Certification or our handling of your personal information, would like to request more information from us, or would like to exercise a data privacy right, please contact us at any of the following:

Privacy and Data Protection Officer: Christopher Beatty

Phone Number: +1 833-746-8506

Email: privacy@dataintensity.com