We at Gebeya, Inc. (together with our subsidiaries, “Gebeya”, “we”, “us”, “Our”) respect your privacy, which is very important to us. Accordingly, we have developed this Privacy Policy in order for you to understand how we collect, use, communicate and, subject to your consent and/or requirements under applicable law, disclose personal information. This Privacy Policy covers our personal data collection practices and describes your rights to access, correct, or restrict our use of your personal data. We are committed to conducting our business in accordance with these principles in order to ensure that the privacy of personal information is protected and maintained. Unless we state otherwise, this Privacy Policy applies when you visit or use the Gebeya website, our Talent Cloud SaaS platform and any related Gebeya platform or services or related services (collectively, the “Services”). By using the Services, you agree to the terms of this Privacy Policy. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, YOU ARE NOT PERMITTED TO USE OUR SERVICES.

1. Our Responsibilities

It is the policy of the Gebeya to maintain an environment that promotes ethical and responsible conduct in all online network activities by our users' talentsusers talents. Gebeya recognizes its legal and ethical obligation to provide a safe online environment and to protect your personal information in that regard. To this end, Gebeya reserves the right and recognizes its obligation to:

• log network use and to monitor file server space utilization by users;
• remove a user account on the network;
• monitor the use of online activities. This may include real-time monitoring of network activity and/or maintaining a log of Internet activity for later review;
• provide internal and external controls as appropriate and feasible including the right to determine who will have access to Gebeya owned equipment and, specifically, to exclude those who do not abide by this Privacy Policy or our Terms of Service.
• restrict online destinations through software or other means.

2. Data Collection

We may collect certain data from you directly, like information you enter yourself, data about your participation in our Talent Cloud offerings, and data from third party platforms you connect with the Services for our legitimate business purposes. We may also use third party analytics to collect some data, like information about your device.

We may collect different data from or about you depending on how you use the Services. When you create an account and use the Services, including through a third party platform, we collect personal information, which means any information about you from which you can be identified. Personal data does not include data where the identity has been removed (e.g., anonymized or aggregated data). The categories of personal information about you that we may collect, use, store or transfer (subject to your consent and/requirements under applicable law) may include the following, some of which constitute personal information only when combined with other personal identifiers:

• Identity Data: Information we use to identify you, authenticate you as an authorized user of the Services, communicate with you, and record any transactions you make. This includes information such as first name, maiden name, last name, login/user ID and password details, marital status, title, date of birth, gender, and the user’s profile picture.
• Contact Data: Includes billing address, postal address, email address and telephone number.
• Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.
• Usage Data: Includes information about how you use our Services.
• Transaction Data: Includes details of the Services for which you have previously registered and/or in which you have been enrolled.
• Assessment Data: Information on your aptitude in certain technology-based subject areas and your performance on capabilities and learning needs assessments.
• Profile Data: Includes information such as your interests, preferences, website browsing history, demographic information such as age, gender, work experience, certifications, education level, feedback and survey responses.
• Marketing, Communications and Support Data: Includes your preferences with respect to receiving marketing from us and/or our third party partners and your communication preferences. If you contact us for support or to report a problem or concern (regardless of whether you have created an account), we collect and store your contact information, messages, and other data about you like your name, email address, location, operating system, IP address, and any other data you provide or that we collect through automated means (which we cover below). We use this data to respond to you and research your question or concern, in accordance with this Privacy Policy.

3. How We Get Data About You

We may use tools like cookies, web beacons, analytical services to analyze trends and administer the Services, track users’ movement around our websites and to gather data referenced above.

4. Purpose of Information

Before or at the time of collecting personal information, we will identify the purposes for which information is being collected. These include but are not limited to:

• identify the user/user account and give the user access to complete the registration process on the portal and access our Services;
• enable and deliver the Services;
• to manage our relationship with you;
• promptly inform the user of any updates or changes to our policies and services;
• furnish the user with feedback on their participation and performance in the use of our Services;
• assess and mark the users’ coursework and examinations;
• grant the user access to the Services, to enable the user to complete and submit reviews and/or submit completed questionnaires/surveys;
• make the Services and related content available to the user and also continue to modify, maintain and enhance the user’s experience;
• intermittently upgrade the user experience and functionality of the Services while providing related customer services;
• manage and protect the Services (including troubleshooting, data analysis, testing, system review); and
• endeavor to respond to users’ queries/enquiries and forward information requested by users via electronic mail, SMS or other communications channels.

We will collect and use personal information solely with the objective of fulfilling those purposes specified above by us.

5. Information Sharing and Disclosure

Depending on your specific usage of the Services, we may share certain data about you with certain Gebeya talent, trainers, students, companies performing services for us or hiring talent from us, our business partners, analytics and data enrichment providers, your social media providers, companies helping us run promotions and surveys, and advertising companies who help us promote our Services. We may also share your data as needed for security, legal compliance, or as part of a corporate restructuring. We can also share data in other ways if it is de-identified or if we get your consent. We may share your data with third parties under the following circumstances or as otherwise described in this Privacy Policy:

• With Gebeya Talent: We may share personal data about you or your company with Gebeya Talent retained for your engagement or retained to deliver projects for which you have sought our technical intervention.
• With Our Customers: We may share personal data that we have about you with our customers that are seeking to engage Gebeya Talent with your specific competence or skill set.
• With Your Instructors: We may share personal data that we have about you with instructors or teaching assistants for courses you enroll in or request information about, so they can improve their courses for you and other students. This data may include things like your city, country, browser language, operating system, and device settings, as well as other personal data relevant for this purpose.
• With Service Providers, Contractors, and Agents: We may share your personal data with third party companies who perform services on our behalf, like data analysis, marketing and advertising services (including retargeted advertising), email and hosting services. These service providers may access your personal data and are required to use it solely as we direct, to provide our requested service.
• With Business Partners: We have agreements with other websites and platforms to distribute our Services and drive traffic to Gebeya.
• With Analytics and Data Enrichment Services: As part of our use of third party analytics, we share certain contact information and other personal data (as detailed in Section 1), or de-identified data as needed. De-identified data means data where we have removed things like your name and email address and replaced it with a token ID, such that that data cannot be used to identify you. This allows these providers to provide analytics services or match your data with publicly-available database information (including contact and social information from other sources). We do this to communicate with you in a more effective and customized manner.
• To Power Social Media Features: The social media features in the Services (like the Facebook Like button) may allow the third party social media provider to collect things like your IP address and which page of the Services you’re visiting, and to set a cookie to enable the feature. Your interactions with these features are governed by the third party company’s privacy policy. In this regard and to the full extent permitted by law, Gebeya shall have no obligation or liability of any kind, including without limitation transfers, omissions, or disclosure, with respect to the third party’s access to or use of your data.
• To Administer Promotions and Surveys: we may share your personal data as necessary to administer, market, or sponsor promotions and surveys you choose to participate in, as required by applicable law (like to provide a winners list or make required filings), or in accordance with the rules of the applicable promotion or survey.
• For Advertising: If we decide to offer advertising in the future, we may use and share certain personal data with third party advertisers and networks to show general demographic and preference information among our users.
• For Security and Legal Compliance: We may disclose your personal data to third parties if we (in our sole discretion) in good faith believe that the disclosure is:
• Permitted or required by law;
• Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
• Reasonably necessary as part of a valid subpoena, warrant, or other legally valid request;
• Reasonably necessary to enforce our Terms of Service, this Privacy Policy, and other legal agreements;
• Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or
• Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of Gebeya, our users, employees, members of the public, or our Services.
• We may also disclose personal data about you to our auditors and legal advisors in order to assess our disclosure obligations and rights under our Terms of Service or this Privacy Policy.
• In Connection With a Change in Control: If Gebeya undergoes a business transaction like a merger, acquisition, corporate divestiture, or dissolution (including bankruptcy), or a sale of all or some of its assets, we may share, disclose, or transfer all of your personal data to the successor organization during such transition or in contemplation of a transition (including during due diligence).
• After Aggregation/De-identification: We can disclose or use aggregate or de-identified data that is not personal data for any lawful purpose.
• With Your Permission: With your consent, we may share personal data with third parties outside the scope of this Privacy Policy.

6. Data Retention

Gebeya retains personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include the length of time we have an ongoing business relationship with you, when we have legal obligation to which we are subject, or as advisable in light of legal requirements. We may retain personal data for longer than the duration of our business relationship with you should we need to retain it to protect ourselves against legal claims, use it for analysis or historical record-keeping, comply with our information management policies and schedules, or to comply with applicable laws. If you request that we delete your personal data, Gebeya will make reasonable attempts to delete all instances of the information in their entirety. For requests for access, corrections, or deletion of your personal data, please refer to the “Your Choices and Rights” section of this Privacy Policy.

7. Security of Information

Gebeya has implemented generally accepted standards of technology and operational security to protect personal data from loss or theft, unauthorized access, disclosure, copying, use or modification, alteration, or destruction. Only authorized Gebeya personnel and necessary third party service providers are provided access to personal data, and these employees and service providers are required to treat this information as confidential. All access to our Services is encrypted using industry-standard transport layer security technology (“TLS”). When you enter sensitive information, we encrypt the transmission of that information using secure socket layer technology (“SSL”). We also use HTTP strict transport security to add an additional layer of protection. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

         8.Your Choices And Rights

• Where granted by local law, you may have the right to request access to the personal data that we have collected about you for the purposes of reviewing, modifying, or requesting deletion of the data. You may also have the right to request a copy of the personal data that we have collected about you and to have any inaccuracies in that data corrected. In certain circumstances, you may also request that we cease processing your personal data.
• If you would like to make a request to access, review, or correct the personal data we have collected about you, or to discuss how we process your personal data, please contact us at info@gebeya.com. To help protect your privacy and security, we will take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Different laws may prevent us from providing access to your personal data or otherwise fully complying with your request depending upon the circumstances and the request, such as for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or deny your requests where they may be manifestly unfounded, and/or excessive, or otherwise objectionable or unwarranted under applicable law.
• In addition, and where granted by local law, you have the legal right to lodge a complaint with a competent data protection authority.
• You may also unsubscribe from mailing lists or any registrations with any of the Services. To do so, please contact us at the email address provided at the bottom of this Privacy Policy.
• Right to be forgotten: If you are located in the European Economic Area (“EEA”) or other applicable jurisdictions, in addition to the rights described above, you may contact us at the contact information provided below to:

                       (1) request a restriction on the processing of your personal information;

                       (2) object to the processing of your personal information;

                       (3) exercise your rights to be forgotten; or

                       (4) exercise other rights with respect to your personal information.

9. International Transfers of Your Personal Data

Information collected from you may be stored and processed in Ethiopia, Kenya,  the EEA, the United States, or any other country in which we or agents or contractors maintain facilities, and by accessing our sites and using our services, you consent to any such transfer of information outside of your country. Such countries may have laws which are different, and potentially not as protective, as the laws of your own country. If you reside in the EEA or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal data to other jurisdictions in which we operate. By providing your personal data, you consent to any transfer and processing in accordance with this Privacy Policy.

10. Policy for Children

The Services are not intended for children under 13 years of age. We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

11. Sensitive Information

You may not send us any sensitive personal information (e.g., government identification number, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise.

12. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will revise this Privacy Policy accordingly.

13. Changes To Our Privacy Policy

By using our Services, you consent to the collection, use, and storage of your personal data by us in the manner described in this Privacy Policy. We reserve the right to make changes to this Privacy Policy from time to time. We will alert you to any such changes by updating this Privacy Policy. If we make material changes to this Privacy Policy that increase our rights to use personal data that we have previously collected about you, we will obtain your consent either through an email to your registered email address or by prominently posting information about the changes on our site. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Services after the date such revised Privacy Policy is posted.

14. Contact Information

If you have any questions about our Privacy Policy, please contact us at: info@gebeya.com.