Acorn Performance Group, Inc., dba Acorn Systems Inc. and its subsidiaries (collectively we, our, us or “Company”) respects the individual privacy and protects the personal data provided to Company by its clients, employees and others. The Company develops, markets, licenses, implements, and supports decision-support software that utilizes activity-based costing information to provide its customers with profit-enhancement opportunities.

In accordance with the data protection principles developed by the United States Department of Commerce in collaboration with the European Commission, this Privacy Policy describes our general policy and practices implementing these principles, including the measures we take to protect an individual’s Personal Information, how we use Personal Information, the choices affected individuals have regarding their Personal Information, ability to access or correct Personal Information and how to contact us.

Safe Harbor
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles (the “Safe Harbor Principles”) and frequently asked questions to enable U.S. companies to satisfy the requirement under EU law that adequate protection be given to Personal Information transferred from the European Economic Area to the United States (collectively, the “Safe Harbor”). The European Economic Area (“EEA”) has recognized the Safe Harbor as providing adequate data protection. Consistent with its commitment to protect personal privacy, Company adheres to the principles set forth in the Safe Harbor. If there is any conflict between this Policy and the Safe Harbor Principles, the Safe Harbor Principles will govern.

Definitions
For purposes of this Policy, the following definitions apply:

“Agent” means any third party that collects or uses Personal Information under the instructions of, and solely for, Company or to which Company discloses Personal Information for use on Company’s behalf.

“Personal Information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to, a specific individual; and (4) can be linked to that individual. Personal Information does not include information that pertains to a specific individual, but from which that individual could not reasonably be identified.

“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, medical or health conditions, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns sex life of the individual. In addition, Company will treat as Sensitive Personal Information any information received from a third party where that third party treats and identifies the information as sensitive.

Scope of the Policy
This Privacy Policy applies only to personal data received from the European Union (EU). Pursuant to Frequently Asked Question #3 of the Safe Harbor. This Policy is not applicable to data or information provided to Company by its clients or customers where Company is acting as a mere conduit for data provided, transmitted and stored by or on behalf of a third party.

Types of Data Collected and Where
The information we collect may include your personal information, such as your name, contact information, IP addresses, work process and time you spent to perform certain tasks for your employer, financial accounts numbers, telephone conversations, product and service selections and orders or other information that indentify you individually.

We may collection information about you in the following manners:
• You may provide your personal information to us via interview, email or other written correspondence, telephone calls, web based forms, or other means;
• We use automated technical means to collect information about all website visitors;
• Via third party providers; or
• Via your employers for projects that they have engaged us to do on their behalf.

Much of the data processed and hosted by Company or its hosting service provider does not constitute personal data as that term is defined above. However, personal data will, on occasion, enter into the possession of Company and/or stored at the Company’s servers located at its hosting service provider location.

Web Visit
You may visit our Websites in any of the following ways:

• By using your browser to navigate to our Websites including (but not limited to) www.acornsys.com; blog.acornsys.com
• By viewing an advertisement displayed on a third party website that is served content by our web server;
• By viewing an email that is served content by our or a third party web server

When you visit our Website and register to download any of our controlled access Resources (e.g. white papers), our server logs your IP address (unique network addresses), the time and duration of your visit, and the time and duration of the pages on our website you view. If you arrive at our website by clicking a paid advertisement (including a paid search engine result) or a link in an email, then we will capture information that tracks your visit from that link. If you arrive at our Website by clicking a non-paid source, such as link in a non-paid search engine result or an unsponsored link on another website, we may capture information that tracks your visit from that source, to the extent we are able to be do so. We may also capture information about your computer system, such as your browser type and operating system.

We will likely place a cookie on your hard drive during the web visit. A cookie is a unique alphanumeric identifier that we use to help us identify the number of unique visitors to our Website, whether or not those visitors are repeat visitors, and the source of the visits. Cookies cannot be executed as code or used to deliver a virus. Other servers cannot read them and personal information cannot be gathered from them. They are simply an identifier shared between you and us to allow us to improve the services we offer to you through our Website. If you do not wish cookies to be place on your computer, then they can be disabled in your web browser, The option to do so is normally found in your browser’s “security setting” section. However, please note, permanently disabling cookies in your browser may hinder your use of our Website as well as other websites and interactive services.

A web beacon, also known as a web bug, is a small graphic (usually 1 pixel x 1 pixel), that is embedded in a web advertisement, email, or page on our web site, but is invisible to you. When you view a page on our web site, an email or an advertisement, your web browser will request the web beacon from a web server, which in turn will set a cookie in your web browser containing a unique identifier. This unique identifier will be linked to log information that is used to track your movements on our web site in order to determine the effectiveness of content and advertising campaigns.

We do not collect personal information about you as part of a web visit, but web visit information may be tied to other information (including personal information) we collect from you via web forms, and the other means we describe in this Privacy Statement. Our advertising agencies may also use web beacons and cookies to track your activity on our website originating from the advertisement or from downloading any of our controlled access Resources. However, we will not provide your personal information to our advertising agencies. Our advertising agencies maintain their own privacy policies, and you also review those.

Links to non-Acorn Websites
We may provide links to third-party websites for your convenience and information. The privacy practices of those sites may differ from Acorn practices and are not controlled by Acorn and covered by this Privacy Statement. We do not make any representations about third-party websites. We encourage you to review their privacy policies before submitting your personal data.

Personal Information received from the EU

• When Acorn is a data controller – Safe Harbor compliance
Acorn adheres to the Safe Harbor Principles as described in this Privacy Statement, with respect to the personal data we collect from EU data subjects or received from our customers or third party service providers located in the EU, such as information regarding service requests, service orders, handling orders, and delivering services; and have certified our compliance with the Safe Harbor Framework to the United States Department of Commerce. Acorn Safe Harbor certification can be found at www.acornsys.com/privacypolicy.aspx

• When Acorn is a data processor
Acorn’s obligations with respect to personal data which Acorn is solely a data processor, such as personal data that Acorn’s customers store or transfer using Acorn’s hosting services provided directly by Acorn or by a third party service provider contracted by Acorn to provide such services, are defined in its agreements with its customers and are not included in this Privacy Statement. In those circumstances, Acorn receives personal data from the EU as an agent of the customer merely for processing and is not required to apply Safe Harbor principles to that information. The customer will remain responsible for the personal data that it collects and processes and for the compliance with applicable protection laws.

Safe Harbor Principles

1. Notice

Where Company collects Personal Information directly from individuals in the EEA, we will inform them about the purposes for which Company collects and uses Personal Information about them, the types of non-agent third parties to which Company discloses that information, the choices and means, if any, Company offers individuals for limiting the use and disclosure of Personal Information about them, and how to contact Company. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Company, or as soon as practicable thereafter, and in any event before Company uses the information for a purposes other than that for which is was originally collected. To the extent permitted by the Safe Harbor, Company reserves the right to process Personal Information in the course of providing professional services to our clients without knowledge of the individuals involved.

What do we use this information for?

Personal Information
We may use your information to process service requests by you or your employer, communicate with you about your or your employer’s service requests, provide access to secure areas of the Website and to enable third parties to carry out technical, logistical or other functions on our behalf.

Contact Information
We use visitor information to send information about our company to visitors and to get in touch with them when necessary. We also use the information we collect to improve the content of our websites. Visitors are given the choice at the point when we request their information.

Web Visit Information
We use web visit information to measure interest and develop our web pages and marketing plans and administer our Website.

We may release the information we collect to third parties, where the information is provide to enable such third party to provide services to us, provided that the third party has agreed to use at least the same level of privacy protections described in this Privacy Statement, and is permitted to use the information only for the purpose of providing services to us.

2. Choice

Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, Company will give individuals the opportunity to affirmatively and explicitly (opt in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless opt in consent is not required pursuant to Frequently Asked Question #1 of the Safe Harbor. Company will provide individuals with reasonable notice and mechanisms to exercise their choice to opt out of having their personal data so disclosed.

3. Onward Transfer (Transfer to Third Parties)

Prior to transferring data, Company will utilize the notice and choice principles noted above. Company will obtain assurances from its agents that they will safeguard Personal Information consistently with this Policy. Company will require its agents to either: (a) subscribe to the Safe Harbor, the EU Data Protection Directive or another adequacy finding or is otherwise subject to law providing the same level of privacy protection as required by the Safe Harbor; or (b) enter into a written agreement with Company requiring them to provide the same level of protection as Company. Where Company has knowledge that an agent is using or disclosing Personal Information in a manner that is contrary to this Policy, Company will take reasonable steps to prevent or stop the use of disclosure.

Company will not disclose Personal Information to non-agent third parties, except under one or more of the following conditions:

• Company has the individual’s consent to make the disclosure;
• The disclosure is required by law , legal process, or professional standards;
• The disclosure is reasonably related to the sale or disposition of all or part of our business;
• The information in question is publicly available and is not combined with other non-public Personal Information; or
• The disclosure is reasonably necessary for the establishment or defense of legal claims.

4. Data Security

Company will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Company limits access to Personal Information to those employees or agents that have a specific business purpose for maintaining and processing such information.

5. Data Integrity

Company will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Company will take reasonable efforts to strive to ensure that Personal Information is relevant for its intended use, accurate, complete and current.

6. Access

Upon request and where appropriate to do so, Company will allow individuals reasonable access to the Personal Information Company holds about them. In addition, Company will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. An individual may utilize the contact information below to request access or correction of his or her Personal Information. Company reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.

7. Enforcement

Company will conduct annual compliance audits of its relevant privacy practices to verify adherence to this Policy. Company uses a self-assessment approach to confirm compliance with this Policy and the Safe Harbor and to confirm that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible. Any employee that Company determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

8. Dispute Resolution

Any questions or concerns regarding the use or disclosure of Personal Information should be directed to Chief Financial Officer at the address below. Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to the principles contained in this Policy. For complaints that cannot be resolved between Company and the complainant, the complaint may be submitted for dispute resolution to European Data Protection Authorities. Company agrees to cooperate with the dispute resolution system set forth above.

Limitation on Application of Principles
Adherence by Company to the Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligation; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

Amendment of This Privacy Notice
We may amend, change or update all or portions of this Privacy Policy from time to time, consistent with the requirements of the Safe Harbor, by posting a revised policy on our web site



Questions or comments regarding this Policy should be submitted to Company Chief Financial Officer by mails as follows:

Chief Financial Officer
Acorn Performance Group, DBA Acorn Systems, Inc.
3050 Post Oak Blvd., Suite 800
Houston, Texas 77056