1.             Scope and Introduction for all Website Visitors

This Privacy Statement (“Statement”) explains how personal data is collected, used and disclosed by Toptech Systems, Inc., its subsidiaries and affiliated companies such as Toptech Systems NV, (please see Annex https://www.idexcorp.com/affiliates-list/ for all legal entities), (collectively, “Toptech”, “Company”, “we”, “us” or “our”) when users access and use the services and features offered on our website (www.toptech.com) and any of our other websites that link to this policy (the “Sites”). Toptech respects your privacy, and this statement covers Toptech’s processing, protection, transfer and use of information collected from you through the Site.

This privacy statement refers only to the processing of personal data of visitors to our websites. It is supplemented by the Toptech Business Contact Privacy Notice, Toptech SaaS Privacy Notice and the Toptech Job Applicant Privacy Notice applicable to the European Toptech businesses which specifically relate to the processing of personal data of business contacts or applicants, respectively.

Users from different countries and states may visit the Sites. Sections 1 to 6 of this Statement applies to all users. Depending on your place of residence, further sections may apply to you which is then stated for the respective section.

2.             Collection of Information

We collect the following information on our website:

2.1          Information We Collect Automatically:

When you access or use our Sites, we automatically collect the following information, which is stored separate from other data that you may provide to us. We use this information to provide the Sites to you, deduce statistical and anonymous information about the users of the Sites and for the technical administration and the security of the Sites:

• Log Information – We log information about each session and the use of the Sites, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Sites.
• Device Information – We collect information about the computer or mobile device you use to access our Sites, including the hardware model, operating system and version and mobile network information.
• Information Collected by Cookies and Other Tracking Technologies – We use various technologies to collect information, specifically cookies and web beacons. Cookies are small text files that a website or its service provider transfers to your devices, such as mobile devices or computers, through your web browser (if allowed by you), that enables the websites or service providers’ systems to recognize your browser and capture and remember certain information. We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction. Your browser may provide you with the ability to not accept cookies, as well as the ability to delete already-existing cookies. If you refuse, or delete previously existing, cookies, you may not be able to enjoy some features of the Site or functionality of any Software. Please see our Toptech Cookie Notice for more information on our use of cookies.

2.2          Information You Provide to Us:

We also collect information you provide directly to us. For example, when you visit the Sites, we collect information when you send us an e-mail, subscribe to our newsletter, message us via LinkedIn, participate in any interactive features of the Sites (e.g. contact us through our website or provide general feedback). The types of information we may collect include your full name, company name, email address and any other information you choose to provide. We collect this information for offering the function that you use, respectively.

3.             Use of Information

We may use information about you for various purposes, including:

• Providing our Sites to the users;
• Maintaining and improving our Sites;
• Providing and improving our customer service, including responding to your comments, questions and requests (e.g. product queries or technical questions);
• Analyzing and managing our business;
• Establishing and managing our business relationship, e.g. when you as a customer contact us via one of the Sites and we connect this request to your business account;
• Improving our IT security;
• Defending our legal interests, e.g. when claiming remedies of attacks on our website;
• Communicating with you about services, offers, promotions, rewards, and events offered by IDEX Group and Affiliates; and
• Carrying out any other purpose described to you at the time the information was collected.

4.             Recipients and Categories of Recipients of Personal Data

We may share information about you as follows or as otherwise described in this Website Privacy Statement and in each case only in accordance with applicable law. Possible recipients or categories of recipients of your personal data are:

• Other IDEX Group and Affiliates if such a transfer of personal data is required for the specific purpose (you can find a list of the IDEX Group and Affiliates here
• Vendors and channel partners such as distributors and sales representatives for the Company’s products;
• Service providers who process personal data on our behalf but have to follow our instructions on such processing; these service providers will not be allowed to use your personal data for other purposes than the purposes defined by us;
• Authorities, who we are obliged to provide your personal data to, e.g., tax authorities or healthcare authorities;
• Auditors or similar external consultants like lawyers or tax advisers;
• Authorized third parties in response to a request for information if disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
• External investigators, consultants or authorities as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of the terms of our agreements, or as otherwise required by law;
• Potential purchasers and their advisors in the context of mergers and acquisitions, to whom we may transfer your personal data subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of our business; and
• To other recipients with your consent or at your direction, including if we notify you through our Sites that the information you provide will be shared in a particular manner with particular people and you provide such information.

5.             Social Sharing Features

On our Sites, you can interact with social networks operated by third parties as set out below in section 9.1 of this Statement. Regarding the professional social media platform Linkedin, please see their privacy policy here: LinkedIn.

6.             Security

Toptech takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

If you have any questions about this privacy policy, the data processing practices of Toptech, or our Sites, you can contact us at privacy@IDEXcorp.com.

7.             Information to Residents in the USA

7.1          International Data Transfers

As Toptech operates internationally, we may need to make your information available to companies and/or branches within our group, which may be located outside of the U.S., including in countries which may not provide the same level of protection of your information as in your home jurisdiction.

By accessing or using the Sites or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and to other countries.

7.2          Your Choices

(a)           General

You may at any time review or ask for the rectification or removal of your information by contacting us at privacy@IDEXcorp.com However, note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.

(b)           Cookies

Most web browsers are set to accept cookies by default. You can block cookies by activating the setting on your web browser that allows you to refuse the setting of all or some cookies. These settings are usually found in the ‘options’ or ‘preferences’ menu of your web browser. In order to understand these settings or get further information, refer to the documentation provided by the provider of the web browser you are using. For further information about deleting or blocking cookies, please visit: www.allaboutcookies.org. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Sites or perform certain functionalities of the Sites. For additional details about the cookies used in our Sites, please visit our Toptech Cookie Notice.

(c)           Promotional Communications

You may opt out of receiving promotional emails or messages from Toptech by following the instructions in those emails or messages or by using other tools we may make available or by emailing us at tlu-marketing@idexcorp.com. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing service relationship.

8.             Information to Residents in the European Economic Area

This section 8 applies to residents of United Kingdom and the European Economic Area, i.e. the European Union plus Iceland, Norway and Lichtenstein.

The data controller pursuant to Art. 4 No. 7 General Data Protection Regulation (Regulation (EU) 2016/679 “GDPR”) is Toptech Systems, Inc., a company with its principal place of business at 1124 Florida Central Parkway, Longwood, Florida 32750

If you have any questions about this privacy policy, the data processing practices of Toptech, or our Sites, you can contact us at:

Toptech Systems, Inc.

1124 Florida Central Pkwy

Longwood, Florida 32750

+1 (407) 332-1774

privacy@IDEXcorp.com

Our Data Protection Officer can be contacted here:

privacy@IDEXcorp.com

8.1          Data Processing

As described in sections 2 and 3 of this Statement we process personal data for different purposes. The legal bases according to the GDPR for such processing are listed below (Please see our separate Toptech Cookie Notice for information about processing of data derived from cookies):

8.2          Retention Periods

We delete or anonymize your personal data as soon as it is no longer required for the purpose for which we processed it.

In general, we store your personal data for the duration of the usage or the contractual relationship via the website plus a period of 90 days for IT security purposes. We store general web log files for a period of one year and for analytical information, we store the data for three years.

In the event that you have given us your consent to process your data (e.g. for marketing purposes including the associated profiling), we will store your data until you revoke your consent or the processing purpose does not apply anymore.

For the retention period of cookies and other tracking, please refer to the details in our Toptech Cookie Notice.

After these periods have expired, the data will be erased unless this data is required for a longer period due to legal retention periods, alternative purposes or for criminal prosecution. Beyond these retention periods, we may retain the data for the purposes of legal defense and law enforcement for as long as is necessary for the preparation or execution of a possible legal dispute (usually up to four years, whereby the legal dispute itself may inhibit the course of this period). If data can be stored for these reasons, it will be blocked. The data will then no longer be available for further use.

8.3          Transfer of Personal Data Outside the EU/EEA

In general, all data collected on the Sites is processed by Toptech Systems, Inc or its parent company IDEX, i.e. a company located outside the EU/EEA. If and when transferring your personal data to which the GDPR applies onwards outside the EU/EEA, we will do so using one of the following safeguards:

• the transfer is to a non-EU/EEA country which has an adequacy decision by the EU Commission;
• the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EU/EEA;
• the transfer is to an organization which has Binding Corporate Rules approved by an EU data protection authority; or
• the transfer is covered by other approved safeguards in order to protect your personal data in a degree that equals the level of data protection in the European Union.

International transfers within IDEX Group and Affiliates are governed by safeguards according to Art. 44 ff GDPR, namely EU Commission approved Standard Contractual Clauses for Controllers (as defined under the GDPR) and, where relevant, for Processors (as defined under the GDPR), extended by additional safeguards according to the European Court of Justice findings in Schrems-II. You may receive a copy of these data protection safeguards by contacting us at the contact details given above.

You may request a copy of the standard contractual clauses or other applicable safeguards by contacting privacy@IDEXcorp.com

8.4          Your Rights

The applicable data protection law, especially the GDPR, provides you with certain rights in relation to the processing of your personal data. These rights are subject to various conditions under applicable data protection and privacy legislation.

All such requests may be sent to privacy@IDEXcorp.com

Those rights include

• Request access to personal data about you (commonly known as a “data subject access re-quest”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
• Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request personal data provided by you to be transferred in machine-readable format (“data portability”).
• Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no valid reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
• Withdraw your consent. You may withdraw your consent at any time by sending an email request to privacy@IDEXcorp.com. You may also disable some types of cookies of our website directly through this site’s Advanced Cookie Settings control panel. Click the following link to access the control panel: Advanced settings. The withdrawal does not affect the lawfulness of the prior processing.
• Lodge a complaint with a supervisory authority. You have the right to make a complaint with a data protection authority.

RIGHT OF OBJECTION. YOU HAVE THE RIGHT; FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA ON THE BASIS OF ART. 6 (1) (e) OR (f) OF THE GDPR. WE WILL STOP PROCESSING YOUR PERSONAL DATA UNLESS WE CAN PROVE COMPELLING REASONS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

8.5          Obligation to Provide Personal Data

You are under no contractual or statutory obligation to provide personal data. However, if you do not provide the personal data we require to process your request (e.g. when you contact us with questions about our products), we may not be able to respond to such request.

8.6          Automated Decision-Making

No automated decision-making as referred to in Art. 22 GDPR occurs on the Sites.