Information Security Overview

We at Search Vision Media Ltd. (“Company”, “we” or “us”) take information security seriously and has created this overview of our information security policy (“Security Policy”) to provide with applicable information related to our practices in securing Personal Data (as defined under the EU General Data Protection Regulation (“GDPR”), processed by us while users are visiting our websites and using the services available therein (“Services”). We are taking the measures specified below, technical and organizational, to protect Personal Data from unauthorized disclosure or access, unlawful acts, alteration, loss or destruction.

Complying with GDPR guidelines, we share this Security Policy with you. This Security Policy summarizes our updated security mesures, up to the date indicated at the “Last Revised” below, and will be updated from time to time, to match and comply with applicable laws and our internal policies.

Data Access Control: Access to the Personal Data is restricted for employees on “need to know” basis and is password- protected. Personal Data is also secured and managed by access control policies. The Company uses high level security measures to ensure that the Personal Data will not be accessed, modified, copied, used, transferred or deleted without specific authorization. The Company monitors any and all access to the database and any authorized access is handled. Employees are able to perform actions related to the Personal Data only by permission, determined by the Company. Further, Company has ongoing review of employees’ authorizations, to assess whether access is still required. Company revokes access immediately upon termination of employment.

System Access Control: Solely specific positions within the Company are granted with direct access to the Company’s database.In addition, remote access is made solely by means of secured VPN.

Physical Access Control: The Company ensures it is engaged with third party who provides secured cloud services, in accordance with industry best standards. The Company ensures that solely authorized persons have access to its premises, as well as ensures that all visitors are accompanied.

Organizational and Operational Security: The Company’s employees are trained and educated, in order to raise awareness to risk and importance of privacy and protection with regards to any processing of Personal Data. Internal security testing is made on a regular basis. Hardware security is ensured anti-malware software on computers to protect against malicious use and malicious software as well as virus detection, use secured email transfer, etc.

Transfer Control: The purpose of transfer control is to ensure that Personal Data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of these data or during their transport or storage in the applicable data center. Thus, all data transfers between the servers, from client side to server side, according to industry standards.

Data Retention: Personal Data and raw data are all deleted as soon as not needed for the Company’s services or for the purpose it was initially collected for, in compliance with applicable laws and according to the Company’s retention period.

Job Control: Each of Company’s employee is subject to binding agreement which includes applicable data provisions and data security obligations. Employees are not provided access to the database prior to training, thus ensuring he or she are well educated and responsible to handle the Personal Data. Employees are bound to comply internal security policies and procedures and noncompliance shall result in disciplinary actions. The

Availability Control:All Company’s servers have an automated backup procedure es. Periodical checks are preformed to determine that the backup have occurred.

Company is ensuring all documents, including agreements and privacy policies are compliant with the GDPR. Our legal team is busy ensuring our legal documentation is updated to reflect any changes and to include the mandatory provisions required by the GDPR.

[Last Revised: August 6, 2018]