Change History of BeyondTrust Privacy Notice

Added EU establishment addresses (Paris, Frankfurt) and UK establishment address (Manchester) to the privacy notice to improve transparency and comply with Data Privacy Framework inquiry requirements.

Added new 'Automated Decision-Making and Profiling" section to comply with GDPR Article 13(2)(f) disclosure requirements.

Added DPF Choice Principle disclosure (opt-out rights for non-agent third-party disclosure and materially different purpose use).

Added explicit statement confirming BeyondTrust Corporation as the sole U.S. entity certified under the Data Privacy Framework

Updated the "For Consumers in the USA" section to include Kentucky, Rhode Island, and Indiana privacy laws effective January 2026.

Added the right to correction and the right not to be subject to automated decision-making to the privacy rights disclosures.

Updated the supervisory authority complaint section to name the ICO (UK) and FDPIC (Switzerland).

Updated the data breach notification section to reference the 72-hour notification obligation under GDPR Article 33.

Updated the children's data age threshold from 13 to 16 to align with the GDPR default, with reference to lower thresholds under COPPA where applicable.

General improvements to transparency and readability throughout.

Updated the Privacy Notice to align with revised Dept of Commerce DPF wording.

Added the following processing activity to the Privacy Notice:

• "Customer and Market Research"

Updated reference to US privacy laws in the "For Consumers in the USA" section of the Privacy Notice.

Added the following data processing activities to the Privacy Notice:

• "BeyondTrust Community Platform"

Moved the information related to the use of cookies and other tracking technologies into a new Cookie Notice.

Added the following data processing activities to the Privacy Notice:

• "Use of Password Safe Plugin"

• "Call Recording and Transcript"

• "Visitor Registration"

• "Securing our Physical Offices"

Added references and links to our new:

• Candidate Privacy Notice

• Government & Law Enforcement Request Policy and Transparency Report

• Sub-processors list

• Do Not Sell or Share my Personal Information page

Implemented a general update of our Privacy Notice to improve transparency and readability. Among others, we:

• Introduced a table of contents to help navigation

• Renamed certain sections with clearer titles

• Merged the sections 'What information are we collecting and for what purpose' and 'How is your personal data collected' into the new 'What information we collect, how and why' section

• Included an explanation of the concepts of 'personal data', 'processing', and 'lawful grounds for processing'

• Re-organized the 'Your Privacy Rights' section

• Updated the 'International Data Transfer' section

• Introduced a new 'Consumers in the USA' section