Phoenix Connect Privacy Statement

This privacy statement applies to the D.R. Systems Inc. ("DRS") Phoenix Connect Application, both on the web and on the mobile app. It describes the information that Phoenix Connect collects, uses, shares, and stores.

Collection of Personal and Business Information

As defined in British Columbia's Personal Information Protection Act (PIPA), Personal Information means information about an identifiable individual, but does not include contact information; Contact information is information that would enable an individual to be contacted at a place of business, and includes name, position name or title, business telephone number, business address, business email or business fax number.

Phoenix Connect collects and processes information that may incidentally identify you; this information includes location data and photos.

Phoenix Connect collects business contact information including name, title, business phone number, and business email address, as well as business data related to the application's functionality.

The collection of this data is necessary to fulfill the following purposes:

• To open and manage an account as part of an organization
• To deliver the contracted services
• To meet regulatory requirements

Consent

Phoenix Connect is for use by agents of organizations which have entered into a Software as a Service (SaaS) agreement with DRS, or by prospective agents for demo purposes. By using Phoenix Connect in conjunction with the SaaS agreement, or when demoing the application using credentials provided by DRS, you are providing consent to DRS for the collection and processing of information as described in this privacy statement.

DRS may collect, use or disclose personal information without the customer's knowledge or consent in the following limited circumstances:

• When the collection, use or disclosure of personal information is permitted or required by law;
• In an emergency that threatens an individual's life, health, or personal security;
• When the personal information is available from a public source (e.g., a telephone directory);
• When we require legal advice from a lawyer;
• For the purposes of collecting a debt;
• To protect ourselves from fraud;
• To investigate an anticipated breach of an agreement or a contravention of law

Use and disclosure of Information

Apart from the aforementioned limited circumstances, DRS will only use or disclose personal information where necessary to fulfill the functionality of the Phoenix Connect application. We will not use or disclose personal information for any additional purpose unless we obtain the consent to do so. DRS will not sell personal information to other parties.

Retention of Information

DRS Retains information collected as long as necessary to fulfill the functionality of the application in accordance with the SaaS agreement between DRS and an organization. Personal information collected by the Phoenix Connect application by an agent - location and photos - becomes the property of the agent's organization. Upon termination of the SaaS agreement, all related data is deleted from the cloud in accordance with that agreement. Any data collected as part of a demo is deleted upon the conclusion of the demo.

Ensuring Accuracy of, Access to, and Deletion of Information

Since personal information collected by the Phoenix Connect application - location and photos - becomes the property of the agent's organization, DRS transfers all responsibility for the accuracy of information to that organization and its agents. Access to the information is by way of authorized agents of the organization. In addition, arrangements for deletion of personal information in the Phoenix Connect application can be made by contacting the appropriate authorized agent within the organization.

Securing Information

We are committed to ensuring the security of customer information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.

DRS maintains an information security management system which implements many measures and controls to ensure that customer information is appropriately protected, including:

• Access controls (user, password, and encryption management)
• Network controls (segregation, ACLs, firewalls)
• Supplier management controls

DRS continually reviews and updates its security policies and controls as technology changes to ensure ongoing information security.

Questions and Complaints

The DRS Privacy Officer is responsible for ensuring DRS' compliance with this policy and the Personal Information Protection Act.

Customers should direct any complaints, concerns or questions regarding DRS' compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the customer may also write to the Information and Privacy Commissioner of British Columbia.

DRS's Privacy Officer can be contacted at: privacy@drsystemsinc.com