EU-US Privacy Shield Privacy Policy

This Privacy Shield Policy (this “Policy”) describes how Boart Longyear and its subsidiaries and affiliates in the United States (“US”) collect, use, and disclose certain personally identifiable information that we receive in the US from the European Union. This Policy supplements our Privacy Policy located at http://www.boartlongyear.com/company/legal.Boart Longyear recognizes that the EU has established strict protections regarding the handling of personal data, including requirements to provide adequate protection for personal data transferred outside of the EU. To provide adequate protection for certain personal data about employees, corporate customers, clients, suppliers, and business partners received in the US, Boart Longyear has elected to selfcertify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (“Privacy Shield”). Boart Longyear adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the provisions in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.For purposes of enforcing compliance with the Privacy Shield, Boart Longyear is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review Boart Longyear’s certification to the Privacy Shield, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.

Definitions

For the purposes of this Policy, the following definitions shall apply:“Boart Longyear”, “we” or “us” means Boart Longyear Company as well as its affiliates, subsidiaries, divisions and groups in the United States listed as “Covered Entities” on Boart Longyear’s Privacy Shield certification.“European Union” or “EU” means, for the purposes of this Policy, all countries within the European Economic Area (EEA).“Personal data” and “personal information” means data about an identified or identifiable individual that is within the scope of the Privacy Shield, received by Boart Longyear in the US from the EU, and recorded in any form. It does not include personal information that has been anonymized or that is publicly available, that has not been combined with non-public personal information.“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health or sexual orientation. In addition, Boart Longyear will treat as sensitive, any information received from a third party where that third party treats and identifies the information as sensitive.

Privacy Principles

The privacy principles in this Policy are in accordance with the Privacy Shield Principles set out in the Privacy Shield.

Notice

Where Boart Longyear collects personal information directly from individuals in the EU, it will inform them about the purposes for which it collects and uses personal information about them, the types of nonagent third parties to which Boart Longyear discloses that information, and the choices and means, if any, that we offer individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Boart Longyear, or as soon as practical thereafter, and in any event before we use the information for a purpose other than that for which it was originally collected.Where Boart Longyear receives personal information from its subsidiaries, affiliates or other entities in the EU, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.During the conduct of its operations, Boart Longyear may collect and process the following types of personal information:

  1. Boart Longyear keeps contact information, account numbers and information relating to billing, together with other information which may be necessary for the daily operation of Boart Longyear’s services including conducting customer, product and service surveys, direct marketing of products and services, handling customer complaints and inquiries, making disclosure under the requirements of any applicable law and any other directly related matters.
  2. Human resources data such as contact information, residential address, date of birth, gender, government identification number, account information, qualifications and training records, performance reviews, which is processed to support Boart Longyear’s human resources functions and activities including the administration of employee benefits, compensation, management of employee performance, business planning, disciplinary procedures including the investigation and reporting of complaints and for compliance with legal obligations, policies and procedures.
  3. Prospective users of Boart Longyear applications and websites who make inquiries regarding Boart Longyear’s products and services may be asked to provide personal information in order to provide the requested information, products or services. Personal information provided may be used for the processing of requested transactions, improving the quality of our products and services, sending communications about our products and services, enabling our business partners and service providers to perform certain activities on our behalf and complying with our legal obligations, policies and procedures.

Boart Longyear may use the personal information it collects to comply with its legal obligations, policies and procedures and for internal administrative purposes.

Choice

Boart Longyear offers individuals the opportunity to choose (opt out) whether their personal information is (i) to be disclosed to a third party, or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by such individuals. Individuals will be provided with clear, conspicuous, and readily available mechanisms to exercise their choice.For sensitive information, Boart Longyear will obtain affirmative express consent (opt in) from individuals if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. In addition, Boart Longyear will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

Accountability for Onward Transfer

Boart Longyear recognizes potential liability in cases of onward transfers to third parties. We will not transfer any personal information to a third party without first ensuring that the third party adheres to the Privacy Shield Principles. Boart Longyear does not transfer personal information to unrelated third parties, unless lawfully directed, or in certain limited or exceptional circumstances, in accordance with the Privacy Shield. For example, such circumstances would include disclosures of personal information required by law or legal process, or disclosures made in the vital interest of an identifiable person such as those involving life, health or safety.In the event that Boart Longyear is requested to transfer personal information to an unrelated third party, we will ensure that such party is either subject to the Privacy Shield, subject to similar laws providing an adequate and equivalent level of privacy protection, or will enter into a written agreement with the third party requiring them to provide protections consistent with the Privacy Shield and this Policy. Should Boart Longyear learn that an unrelated third party to which personal information has been transferred by us is using or disclosing such personal information in a manner contrary to this Policy, we will take reasonable steps to prevent or stop the use or disclosure.Personal information is accessible only by those Boart Longyear employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of Boart Longyear’s employees and consultants have entered into strict confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of personal information.

Security

Boart Longyear takes reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation

Boart Longyear uses personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We take reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete, and current. Boart Longyear will only collect and store personal information that is relevant to fulfil the desired purpose and will retain such information no longer than appropriate to fulfil such purpose.

Access and Correction

Upon request, Boart Longyear will grant individuals reasonable access to the personal information we hold about them. In addition, Boart Longyear will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or has been processed in violation of the Privacy Shield Principles.

Verification

Boart Longyear assures compliance with this Policy by utilizing the self-assessment approach as specified by the U.S. Department of Commerce. The assessment is conducted on an annual basis to ensure that all of Boart Longyear’s relevant privacy practices are being followed in conformance with this Policy and the Privacy. Any employee that Boart Longyear determines is in violation of these policies will be subject to discipline, up to and including termination of employment and/or criminal prosecution.

Recourse, Enforcement and Liability

Any complaints or concerns regarding the use or disclosure of personal information transferred from the EU to the US should, in the first instance, be directed to the Boart Longyear Privacy Officer or the Confidential Compliance Helpline at the address given below. Boart Longyear will investigate and attempt to resolve complaints in accordance with the Privacy Shield Principles within 45 days of receiving a complaint. Complaints that cannot be resolved internally will be referred to the applicable EU Data Protection Authorities to address complaints and provide appropriate recourse, which will be provided free of charge to the individual. Boart Longyear is committed to following the determination and advice of these authorities. Under certain circumstances, an individual may choose to invoke binding arbitration to resolve any disputes that have not been resolved by other means.Boart Longyear complies with the Privacy Shield Principles and is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Limitation on Scope of Principles

Adherence by Boart Longyear to the Privacy Shield Principles may be limited (a) to the extent we are required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.

Changes to this Policy

This Policy may be amended from time to time, consistent with the requirements of applicable laws and regulations. The revisions will take effect on the date of publication of the amended Policy, as stated. Notice of any such amendment will be posted on http://www.boartlongyear.com/company/legal.

Contact Information

Questions, complaints or comments related to this Policy, data processing or data collection should be submitted to the Boart Longyear Privacy Officer or the Confidential Compliance Helpline as follows:

Daniel Anderson Director, Global Benefits & Mobility 2570 N 1700 W Salt Lake City, Utah 84101 Daniel.anderson@boartlongyear.com

Confidential Compliance Helpline Via the internet: www.convercent.com/report Via telephone: + 1 720 514 4400 (collect call/reverse charge call) Via mail: Boart Longyear Confidential Compliance Helpline 2570 N 1700 W Salt Lake City, UT 84101