Employee Privacy Policy

Last Updated: March 1, 2021

Purpose

This Employee Privacy Policy (“Policy”) discloses the privacy practices of EverCommerce Solutions Inc. (“EverCommerce,” “our,” “we” or “us”) as well as any of our subsidiaries, affiliates, and related entities (together, the “Company”) related to the data collected about you as a job applicant (“Applicant”) or as a current or former employee (“Employee”).

Policy Statement

EverCommerce will conduct its business ethically and in full compliance with all applicable U.S. laws and regulations related to Privacy of personal information. Compliance is critical to the company’s continued success and our ability to maintain our reputation for good corporate citizenship.

Applicability

The Employee Privacy Policy applies to all EverCommerce employees, job applicants, affiliate companies, partners, and contractors, and any other person about whom EverCommerce collects or stores personally identifiable information for employment related purposes.

Standards

This Policy covers the Personal Data (as defined below) we collect about you, how the Personal Data will be used and shared (if at all), how the Personal Data will be stored, and your rights in relation to the collection of your Personal Data during, before, or after your employment with the Company. It also describes how you can access, modify, and if needed, request deletion of your Personal Data. This Privacy Policy also covers how your Personal Data is handled by our third-party data processors.

Definitions

For the purpose of this Policy:

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Employee” means all individuals who seek to be, are, or were employed by the Company, including interns and contingent workers.

“Applicant” means a current or former applicant for employment with the Company.

“Personal Data” means information that we obtain from you in connection with your potential, current, or past employment with us that can identify you. For the purposes of this Policy, Personal Data, including Sensitive Data, is any information about an identifiable Employee or Applicant that seeks to be, is, or was employed by the Company. Personal Data does not mean any data that is anonymized or that does not identify you in any way.

“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.

“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

Collection of Personal Data

The Company collects certain Personal Data from its Employees and Applicants, including without limitation the items listed below, collectively referred to hereafter as “HR Data.”

  • Gender, date of birth, general contact information (address, phone number, email, etc.)
  • Marital status and/or dependent status, for the purpose of ascertaining and distributingbenefits such as health insurance
  • Resumes that you provide and/or application(s) that you fill out and provide to us
  • Background check and drug screening information
  • Your start date, job title, location of your workplace
  • Any training or education programs you undertake through us
  • Professional or personal references
  • Company policies and employment forms signed by you
  • Payroll Information: This includes, but is not limited to, current or previously provided taxforms such as a W9, state tax forms, 1099’s, your social security number, bank accountinformation, additional direct deposit Information, and your photo ID.
  • Forms that contain any information relating to your personal employee benefits, health careplans, insurance policies and the like
  • Beneficiary information
  • The contact information of the individual that you list to be first notified in the event of anemergency. This includes phone numbers, addresses, and any other personally identifyinginformation for that individual.
  • IP address, system-generated logs, other meta-data, and content of emails or other communications
  • Assessments, evaluations, performance reviews, training completion rates, and training scores
  • Any monetary raises, bonuses, stock information, 401k or pension plan information, commissions, overtime rate, salaried rate and/or regular hourly rate
  • Any requested time off, accrued paid time off, tardiness, or requests to leave before the scheduled end of your workday
  • Grievances, including complaints made by fellow employees or clients or customers, corrective action plans for inappropriate behavior and write-ups
  • Facts reported through any Company reporting channels
  • Evidence gathered in the course of the investigation, report of the investigation andoutcome of the report
  • Letter of resignation or termination, as applicable
  • Other personal details you voluntarily provide to us or are collected in the ordinary course

Use of HR Data

The Company processes HR Data relating to its Employees and Applicants for recruitment and HR management purposes at a global level, including:

  • Carrying out and supporting Company human resources functions and activities
  • Carrying out Company obligations related to employment arrangements, employmentcontracts or employment and benefits laws
  • Analyzing Employee and Applicant qualifications and references
  • Managing workplace safety and health
  • Administering Employee participation in benefits, compensation, stock options, PeopleOperations and training plans and programs
  • Processing payroll
  • Managing Employee performance
  • Implementing compliance and discipline procedures, and investigating and reporting onEmployee compliance and discipline
  • Complying with Company legal obligations and internal policies
  • Managing internal complaints or claims and litigation
  • Implementing and operating an ethics and compliance hotline
  • Managing and conducting Company business activities
  • Operating IT and communication systems and monitoring Employee email and Internetusage
  • Managing the online employee portal and conducting background and other pre-employment checks as applicable

We process your Personal Data where we are permitted by law or required to do so by law as your employer, for legitimate business purposes or to protect your interests or the Company’s interest (especially where we are attempting to prevent any improper activity or fraud, ensure the security of our business, or other reasons). This may include the processing of Personal Data for your employment or potential employment with us. In certain instances, we will obtain your consent to process your Personal Data; however, occasionally we may also be required to process your Personal Data without your consent or knowledge where permitted by law to do so.

Special Categories of Personal Data

We do not collect any Sensitive Data from European Union or United Kingdom-based employees or potential employees. However, please be advised that certain types of data may be considered sensitive under applicable law and if you are asked for any of these categories of data, you may request the purpose for which the data is required and refuse to provide it, if desired.

Notwithstanding the above, background checks by government entities and other third parties may be performed and utilized where applicable.

For individuals located in the EU, European Economic Area and/or United Kingdom, please refer to the “EU-U.S. PRIVACY SHIELD” section below for more information regarding your rights as they pertain to Sensitive Data.

Data Sharing

We may disclose HR Data relating to Employees and Applicants to:

  • Fulfill our responsibilities within the employment or job applicant relationship;
  • To our subsidiaries and affiliates;
  • To contractors, business partners and service providers that perform services on our behalf;
  • In the event the Company participates in a reorganization, merger, sale or other similartransaction;
  • If permitted or required to do so by law or legal process;
  • In response to lawful requests from public authorities.

Data Storage and Security

We store HR Data for as long as it is necessary for providing you with the benefits and protections that employment with us entails or until you cease your employment with us and request deletion of your data. Notwithstanding the foregoing, we store Applicant information (regardless of whether you ultimately become an Employee) for as long as a business need exists, which may be indefinitely, or until you request that we delete it. We may also store your Personal Data and HR Data for any applicable legal record-keeping, including after the termination of your employment or for other legitimate business purposes.

We employ organizational and commercially reasonable technical security measures to protect your Personal Data. We take steps to protect your Personal Data from unauthorized access, disclosure, or destruction by utilizing practices that are consistent with standards in the industry to protect your privacy.

Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will comply with applicable law in the event of a data breach.

Your Access & Choice Rights

Our Company systems and systems provided by our third-party service providers enable direct access for employees to view and/or modify certain HR Data and Employees may use those systems to do so. You may also contact [email protected] with additional questions or requests related to your HR Data.

Subject to applicable law, Employees and Applicants may have the right to request access to your Personal Data and to correct, amend, or delete it if it is inaccurate or has been processed in violation of this Policy, except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to your privacy, or where the rights of other people would be violated. To exercise any of these rights, you can contact us using the information provided in the “Contact Information” section below.

The Company may disclose HR Data of Employees and Applicants without offering an opportunity to opt out, and may be required to disclose the HR Data (i) to third-party Processors that the Company has retained to perform services on its behalf and pursuant to its instructions, (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.

The Company also reserves the right to transfer or disclose HR Data in the event of an audit, business transaction or other similar event.

For individuals located in the EU, European Economic Area and/or United Kingdom, please refer to the “EU-U.S. PRIVACY SHIELD” section below for more information regarding your rights as they pertain to your choice rights.

International Transfers

We are based in the United States, specifically in Denver, Colorado. This means your Personal Data may be transferred from the location in which you reside to our physical location in the United States. It may also be transferred to third parties, as described above, located in the United States. The risks of transferring data outside of your jurisdiction to the United States include the possibility of data breaches and loss. Before beginning employment, we ask you to specifically consent to the transference of your Personal Data and HR Data to the United States. We will continue to process your Personal Data and HR Data in the manner described herein, and if we change anything about the international transfer of your Personal Data and HR Data, we will seek your explicit consent again.

EU-U.S. Privacy Shield

This section only applies to Employees and Applicants that are located in EU, European Economic Area and/or United Kingdom at the time of data collection.

EverCommerce Solutions Inc. (DBA PaySimple, Inc.) complies with the EU-U.S. Privacy Shield Framework set forth by the United States Department of Commerce with respect to the collection, use and retention of Personal Data transferred from the EU/European Economic Area and/or United Kingdom to the United States. Due to the recent Schrems II ruling by the Court of Justice of the EU (CJEU) that finds EU-US Privacy Shield invalid for meeting the standard of protection guaranteed by the GDPR, EverCommerce has elected not to officially self-certify under EU-US Privacy Shield for HR Data. However, the company is committed to compliance with the Privacy Shield principles (“Principles”), and to ensuring a valid legal basis and adequate data protections under GDPR for all transfers of personal data from the EU/UK to the United States.

To learn more about the Privacy Shield Framework, please visit the Department of Commerce’s dedicated Privacy Shield website, located here.

EverCommerce complies with the Privacy Shield’s Principle regarding accountability for onward transfers. EverCommerce remains liable under the Principles if its onward transfer recipients process Personal Data in a manner inconsistent with the Principles, unless EverCommerce proves that it was not responsible for the event giving rise to the damage.

EverCommerce complies with the Privacy Shield’s Principle regarding choice and opt-out for sharing of Personal Data. If the Personal Data we collect, covered by this Policy, is to be used for any purpose materially different from the purpose described herein, or disclosed to a third party not acting as our agent, we will give you an opportunity to opt-out of this materially different use or disclosure.

EverCommerce uses HR Data only for purposes that are materially the same as those identified in this Policy. To the extent required by the Principles, we will obtain opt-in consent from Employees and/or Applicants for any disclosure of Sensitive Data to an unaffiliated third party or for any use of Sensitive Data for a purpose other than one materially the same as one outlined in this Policy.

EverCommerce commits to comply with the Principles with respect to the Personal Data and HR Data the company receives relating to its Employees and Applicants in the EU, United Kingdom, or EEA in connection with their employment with EverCommerce.

Employees and Applicants may file a complaint concerning the Company’s processing of their Personal Data to [email protected] or by regular mail at the address indicated in the “Contact Information” section below. We will take steps to remedy issues arising out of its alleged failure to comply with the Principles and will respond to inquiries and complaints within 45 days.

If an Employee or Job Applicant’s complaint cannot be resolved through our internal processes, Employees or Applicants have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data- protection/bodies/authorities/index_en.htm. EverCommerce commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of the employment relationship. EverCommerce is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Modifications and Revisions

We reserve the right to modify, revise, or otherwise amend this Policy at any time and in any manner. If we do so, however, we will notify Employees via the employee portal. Applicants and other non-employees may access the current Policy by emailing [email protected]. For changes to the Policy that will impact information collected prior to the date of the change, where required by law we will obtain your consent to use your previously collected data per the terms of the current policy.

Contact Information

The best way to contact us regarding any employment related concern, or if you need to update, change, or remove your information, is through our Chief People Officer at [email protected].

For specific questions regarding data handling and data privacy, you may contact our Data Protection Officer at [email protected].

You may also contact us by regular mail addressed to:

EverCommerce
3601 Walnut Street Suite 400
Denver, CO 80205

Alternatively, regular mail may also be directed to our United Kingdom-based subsidiary, EverCommerce UK Company Ltd., by addressing it to:

EverCommerce UK Company Ltd.
27 Old Gloucester Street, London, WC1N 3AX