Protect Personal Data Mimecast is committed to the lawful and secure collection, processing, and storage of What is personal data? personal data that is entrusted to us by our customers, applicants, and our employees, as is required by the EU General Data Protection Regulation and other applicable data Any information relating to an privacy regulations worldwide. identified or identifiable person such When handling personal data as part of our responsibilities with Mimecast, we must as a name, telephone number, email ensure that we are following the appropriate safeguards that Mimecast has address, or IP address. It can also include more sensitive information implemented to ensure the protection of such data. such as a social security number or Mimecasters must not collect or otherwise process personal data unless required by national ID, banking information, employment record, sexual our individual roles and there is a valid legal basis to do so, including but not limited to orientation, race, or family status. appropriate consent. We must maintain the confidentiality of personal data that is processed, accessed, or used and must not share it with any other individuals that do not have the appropriate authorization. Questions? We must use personal data for only for the purpose for which it was initially collected, Contact: Compliance Office as disclosed in our contractual terms, and/or as permitted by applicable law. NOTE: professional secrecy obligation under German Law During the performance of our work, Mimecasters may process confidential information subject to professional secrecy under Sec. 203 of the German Criminal Code (Strafgesetzbuch -