What is the GDPR?

Effective Date: May 25, 2018

The GDPR is a new European Union (“EU") regulation that imposes obligations on companies that collect, store, or process the personal data of EU residents. Any company that holds personal data of EU residents is covered by the GDPR, regardless of the company’s physical location. At ACS Group, we’re a firm supporter of the strong data privacy and security principles the GDPR highlights, and we will comply with applicable GDPR
regulations when they take effect on May 25, 2018.

What is personal data?

The definition of “personal data" under the GDPR is very broad and effectively covers any information that may identify an individual.

ACS Group’s Commitment: What are we doing to protect you?

We take our data privacy and protection responsibilities very seriously and are committed to ensuring the security and protection of the personal data that we process or control to provide a compliant and consistent approach to data protection. As such, to achieve compliance with the GDPR, we have amended our existing policies and procedures and implemented some new ones. These changes are in areas including, but are not limited to, data processing, information security, data transfer, third party processors, data protection, and breach notification. We have made changes to our privacy notice and require all ACS Group employees who handle personal data to complete additional data privacy and security training that is GDPR-focused. We also have implemented appropriate technical and security processes to ensure that we comply with our GDPR obligations.

What are your rights?

Your rights under the GDPR include the right to see a copy of any information we hold about you, and also the right to request that such information be fully deleted from our systems (although we may be required to keep some records to ensure that you are not contacted in the future or to comply with our legal obligations).

How can you contact us about GDPR-related questions?

We welcome your questions or comments about the GDPR, this Commitment Statement, and our privacy or security practices. Feel free to contact us at dataprivacy@acsicorp.com.

Changes to this Statement

ACS Group will update this Commitment Statement as appropriate with additional information relating to further developments concerning our GDPR
compliance program.