Hangar 13 Event Participation Data Protection Notice

I. INTRODUCTION

This Data Protection Notice (“Notice”) describes the manner by Hangar 13 UK Limited (the “Company”) collects, uses, and otherwise processes certain individually identifiable information about participants at its events (“Participant Data”)the , as described in more detail below.

II. CATEGORIES OF PARTICIPANT DATA

Company may collect and process all or some of the following categories of Participant Data:

  • Personal and contact information, including name, title, email address, telephone number, screen name, social network identification, place of work and age.
  • Cookies and similar technology information, including cookies, web beacons, Internet log files, and similar tracking technologies.

III. PURPOSES OF PROCESSING OF PARTICIPANT DATA

The Company collects, uses, and otherwise processes Participant Data for the following purposes: conducting and promoting the event (including Company’s and third parties’ participation in the event); compliance with legal and regulatory requirements; monitoring and enforcing compliance with applicable policies and procedures; providing physical and/or network access and IT support and services; and protecting the security of Participant Data as well as Company systems and premises.

If participants do not provide the Participant Data that the Company requires for the purposes described above, the Company may not be able to fully permit participants to participate in the event or publish information from such events with such participants.

The Company will retain Participant Data no longer than is necessary to carry out the purposes listed in this Notice, to fulfil any reasonably anticipated future engagement and/or as required by applicable law.

The Company processes Participant Data as necessary to fulfil the relationship. The Company also processes Participant Data with consent (e.g. when participants are specifically asked), as required by law (e.g. for legal compliance and reporting purposes), and where it is in the Company’s (or a third- party’s) legitimate interests and those interests are not overridden by privacy and data protection rights (such as to protect the security of facilities or systems).

IV. DISCLOSURES OF PARTICIPANT DATA

As part of normal business operations, the Company may disclose Participant Data to third-party service providers in connection with the purposes described in Section III. The Company will (i) exercise appropriate due diligence in the selection of such third party service providers, and (ii) require via appropriate contractual measures that such third party service providers maintain adequate technical and organizational security measures to safeguard the Participant Data, and process the Participant Data only as instructed by the Company and for no other purposes.

The Company may also disclose Participant Data to external advisors (e.g., lawyers, accountants, and auditors) and, to the extent required or permitted by applicable legal obligations, to governmental agencies and regulators (e.g., tax authorities), courts and other tribunals, and government authorities (including authorities located in the United States, such as the Securities and Exchange Commission or the Department of Justice). Participant Data may also be shared with Take-Two Interactive Software, Inc. and its subsidiaries and affiliates in the United States, United Kingdom and Europe (collectively, “Take- Two ”) where necessary for legitimate business purposes.

V. INTERNATIONAL TRANSFERS OF PARTICIPANT DATA

As necessary in connection with the purposes described in this Notice, limited members of the human resources, finance, legal, and the IT departments and Take-Two or affiliated company points of contact (i.e., persons with assigned responsibility for the services performed by a participant) may access and otherwise process Participant Data in the United States in connection with their job responsibilities.

Participant Data may also be shared with service providers, affiliates, other members of the Take-Two company group, and other third-parties located countries that do not have equivalent data protection legislation to the EU. The Company takes appropriate steps to ensure that any transfers to such countries are subject to appropriate safeguards, including through the use of European Commission-approved Standard Contractual Clauses. For more information on how the Company transfers Participant Data, please contact [javascript protected email address].

VI. DATA SECURITY AND DATA INTEGRITY

The Company and Take-Two maintain all reasonable physical, technical, and organizational security measures to safeguard Participant Data from loss, misuse, or unauthorized access, disclosure, alteration, or destruction. The Company and Take-Two also maintain reasonable procedures to help ensure that such data is reliable for its intended use, accurate, complete, and current.

VII. DATA PROTECTION RIGHTS

Participants have the right to access, review, correct, or request the deletion or portability of their Participant Data in accordance with applicable law. Participant may also object to the processing of Participant Data in some circumstances, and where processing relies on consent, the participant may withdraw it at any time. These rights may be limited in some circumstances, for example if a participant requests the deletion of Participant Data that the Company is required by law to keep. Participants also have the right to complain to the relevant data protection authority. Also, participants are responsible for informing the Company if there are any changes or inaccuracies to their Participant Data. Participants should transmit any requests for access or updates to, or corrections or deletions of their own Participant Data to the Company as specified below in Section VIII.

VIII. QUESTIONS ABOUT PROCESSING OF PARTICIPANT DATA

Participants who have any questions about this Notice or wish to exercise any of the rights here described, should contact [javascript protected email address].