Peloton Security Addendum

Last Updated: 2026-03-19

This Security Addendum (“Security Addendum”) is incorporated into and forms part of the written agreement between Peloton and the Customer that references this Security Addendum. This Security Addendum describes the technical and organizational security measures implemented by Peloton in connection with the Peloton Platform and related services (the “Services”) to protect Customer Data and support Customer's security and compliance efforts in relation to applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This Security Addendum applies solely to the security practices described herein.

The security measures described in this Security Addendum reflect Peloton’s current security practices and are intended to describe its information security program. Except where expressly stated in the Agreement, these descriptions do not constitute guarantees, warranties, or binding service level commitments. Peloton does not represent or warrant that the Services will be free from vulnerabilities or security incidents. The measures are designed to support industry-standard security practices and to assist Customer's security and compliance efforts in relation to applicable data protection laws, but do not ensure Customer's compliance with any specific legal or regulatory requirements.

1. Information Security Program

Peloton maintains a formal, documented information security program designed to protect the confidentiality, integrity, and availability of Customer Data and support the secure delivery of the Services. The program includes administrative, technical, and physical safeguards addressing data protection, access management, system monitoring, incident response, vulnerability management, and risk mitigation. The program is periodically reviewed to ensure alignment with organizational objectives, regulatory requirements, and evolving security risks. Employees receive security awareness training upon hire and at least annually thereafter.

2. Audits and Certifications

Peloton’s information security program and supporting controls are assessed annually by independent third-party auditors. Third-party assessments include:

• SOC 2 Type II — Security, Availability, and Confidentiality
• SOC 1 Type II — Controls relevant to financial reporting

Audit reports are made available to customers upon written request and subject to confidentiality obligations, including execution of a non-disclosure agreement where applicable.

3. Customer Audit Rights

Peloton’s SOC 2 Type II report serves as the primary mechanism for demonstrating Peloton’s compliance with its security obligations. Upon written request, Peloton may provide documentation reasonably necessary to verify its security practices, which may include SOC reports, security program documentation, or penetration testing summaries.

If additional verification is reasonably required, any audit must be mutually agreed in advance with respect to scope, timing, and confidentiality protections and must be conducted in accordance with the audit procedures described in the Agreement.

5. Data Hosting, Residency, and Architecture

5.1 Hosting of Customer Data

Peloton hosts Customer Data within cloud infrastructure operated by third-party cloud services providers in a multi-tenant application with logically separated environments.

Customer Data is hosted in the region selected by the Customer during the deployment from Peloton’s available hosting locations.

Peloton maintains and publishes an up-to-date list of its sub-processors, affiliates, and hosting locations on its Sub-Processors and Affiliates page.

Customer authorizes Peloton to process and store Customer Data in the hosting regions and jurisdictions associated with Peloton’s service infrastructure as described on that page. Peloton will provide thirty (30) days advance notice of material changes to hosting locations consistent with its published sub-processor notification process.

Peloton will not relocate Customer Data in violation of applicable law and will provide at least thirty (30) days advance notice prior to materially relocating Customer Data to a different country unless such relocation is required to address urgent security, availability, or legal compliance requirements.

5.2 Multi-Zone Availability Architecture

Peloton offers an optional architecture enabling replication of critical services across multiple Azure locations to provide enhanced redundancy and resilience. This optional architecture is not part of Peloton’s standard Business Continuity and Disaster Recovery response unless expressly subscribed to by the Customer.

6. Third-Party Service Providers

Peloton conducts security and risk assessments prior to onboarding vendors or sub-processors that may process Customer Data and requires such vendors to maintain appropriate security and confidentiality safeguards commensurate with the nature of the services provided. Critical vendors may be subject to periodic reassessment as part of Peloton’s vendor risk management program.

7. Risk Management Program

Peloton maintains a documented risk management process as part of its information security program to identify, assess, and mitigate risks that could impact the security, confidentiality, or availability of the Services. These processes are evaluated as part of Peloton’s independent SOC 2 Type II assessments.

8. Network and Infrastructure Security

Peloton implements layered network and infrastructure security controls designed to protect the Services and Customer Data from unauthorized access.

8.1 Firewall Configuration

Firewall controls are deployed at the application gateway and production network layers to restrict unnecessary ports, protocols, and services. Network traffic is restricted to authorized sources and destinations.

8.2 Network Segmentation

Production environments are segregated from development and testing environments. Peloton maintains separation between corporate systems and the Peloton Platform, including tenant-level separation between internal and customer production environments.

8.3 Endpoint Protection

Devices used to access corporate systems are managed through centralized device management controls and must maintain:

• Disk encryption
• Firewall protections
• Anti-malware safeguards

Administrative access to production environments is restricted to authorized personnel.

8.4 Monitoring and Event Logging

Peloton maintains centralized logging, monitoring, and threat detection capabilities intended to support the identification and investigation of security events in production environments. Security-relevant events, including administrative actions, are logged and monitored as part of Peloton's security operations process to support detection, investigation, and incident response.

8.5 Vulnerability Management

Peloton conducts regular vulnerability assessments of its production environment and periodically engages independent third parties to conduct penetration testing. A summary of penetration testing results may be provided to Customer upon written request, subject to confidentiality obligations. Additional information regarding Peloton’s security controls is available in Peloton’s SOC 2 Type II report.

Customer shall not perform or authorize penetration testing, vulnerability scanning, or other security testing of the Services without Peloton’s prior written approval.

9. Data Protection Controls

9.1 Encryption Key Management

Peloton implements encryption technologies designed to protect Customer Data in transit and at rest in accordance with industry standards. Encryption keys are managed through secure key management services with access restricted to authorized personnel.

9.2 Data Backup

Peloton performs automated backups of Customer Data. Backups are encrypted and stored in geo-redundant storage and are retained in accordance with Peloton's operational policies. Data export, retention, and deletion obligations are government by the Agreement.

10. Business Continuity and Disaster Recovery

Peloton maintains documented Business Continuity and Disaster Recovery plans designed to ensure service resilience during significant disruptions. Peloton tests and reviews its BC/DR measures periodically in accordance with internal policies and operational requirements.

11. Access Control and Physical Security

11.1 Logical Access Controls

Access to Peloton Platform infrastructure is granted based on the principle of least privilege and business need. Access is provisioned through role-based or function-based access controls, and privileged access is restricted to authorized personnel and subject to additional safeguards including strong authentication and periodic review.

Authentication mechanisms include:

• Single Sign-On (SSO)
• Multi-Factor Authentication (MFA)

11.2 Remote Access

Administrative remote access to production environments is restricted to secure connection methods and controlled network paths.

11.3 Physical Security

Physical security of the underlying cloud infrastructure is managed by Peloton's cloud infrastructure providers.

12. Secure Software Development and Change Management

Peloton development practices align with industry-recognized secure coding standards and incorporate security-by-design principles into software development and change management practices. Changes to applications and services are documented, tested, and approved prior to deployment.

13. Incident Management and Breach Notification

Peloton maintains documented incident response procedures requiring security incidents to be logged, investigated, contained, and remediated. If Peloton becomes aware of a Security Incident affecting Customer Data, Peloton will notify affected customers without undue delay and in accordance with applicable law and terms of the Agreement after becoming aware of the Security Incident and provide available information regarding the nature of the incident and mitigation steps.

14. Security Reporting Contact

Customers may report suspected security incidents, vulnerabilities, or other security concerns related to the Services through Peloton Support channels, as described in Peloton’s Support Policy on the Peloton Help Center. Peloton Support serves as the primary intake point for such reports and escalates them internally to Peloton’s security and incident response teams in accordance with Peloton’s documented incident management procedures.

15. Administrative and Personnel Controls

Peloton conducts background checks where permitted by applicable law. Employees must sign confidentiality agreements and complete security awareness training upon hire and annually thereafter.

16. Privacy and Data Protection

Customer is responsible for its use of the Services, including configuration decisions, implementation of appropriate security controls within its environment to the extent within Customer's control, and the accuracy and legality of the instructions it provides to Peloton.

Peloton process Customer Data in accordance with the Agreement and any applicable Data Processing Agreement and remains responsible for the security of the Services as described in this Security Addendum.

Processing of personal data, including it's return, retention, and deletion, is governed by the applicable Data Processing Agreement and related privacy documentation.

17. Updates to this Security Addendum

Peloton may update this Security Addendum from time to time to reflect improvements to its security program, changes in operational practices, or evolving industry standards. Any such updates will not materially reduce, as reasonably determined by Peloton, the overall security protections provided for Customer Data during the term of the Agreement.

Updated versions will be posted to Peloton’s website. Peloton will provide reasonable notice of any material changes to this Security Addendum.

Peloton Anti-Bribery Compliance Policy

 Last Updated: 2026-03-19 

Overview

Peloton and its subsidiaries (the “Company”) shall conduct business worldwide in an honest and ethical manner reflecting the highest standards of integrity and in compliance with all applicable laws and regulations. It is the intent of the Company that these standards remain embedded as core values across the organization.

The Company does not seek to achieve any improper influence nor will it tolerate even the appearance of impropriety in the actions of its directors, officers, employees, agents, consultants and contractors (each, a “Representative”).

1. Purpose

The purpose of this Anti-Bribery Compliance Policy (the “Policy”) is to confirm with every Representative of the Company that they will adhere to the Company’s commitment to conducting business with honesty and integrity, and that they understand and comply with the specific requirements and prohibitions of Canadian and foreign laws that reinforce and police this commitment, regardless of the jurisdiction in which the Representative operates.

Bribery is a crime and penalties can be severe including prison sentences and large financial penalties. Depending on the circumstances, these penalties can be applied to a company and its directors and officers or employees and business associates or a combination of any of them. In certain jurisdictions, a company can also be punished for failing to prevent acts of bribery by those working on its behalf. To protect against these potential threats to its reputation and its business, the Company must put in place adequate procedures designed to prevent bribery by those acting on its behalf.

Representatives involved in the Company’s international business must familiarize themselves with this Policy and any relevant legislation to ensure they do not knowingly or unknowingly compromise the Company's corporate values or violate any applicable law.

2. Scope

2.1 This Policy applies to all Representatives of the Company. It contains the Company’s mandatory global standards and is aligned with applicable laws. In some countries, local laws and regulations may be more stringent than the principles set out in this Policy, in which case the more stringent rules apply.

2.2 This policy enters into force on April 5, 2016 and shall be implemented by all subsidiaries (taking into account local legal considerations).

3. Compliance Officer

3.1 The Chief Financial Officer of Peloton (the “Compliance Officer”) shall be responsible for ensuring the Company’s compliance with this Policy and with the applicable laws.

3.2 The Compliance Officer shall, including by carrying out periodic risk assessments and compliance audits, ensure that:

1. this Policy remains up-to-date and reflects changes to the Company’s business activities and risks and to any applicable laws and regulations in any region where the Company operates;
2. all Representatives are aware of and trained in compliance with this Policy in accordance with their respective responsibilities, and are familiar with the Red Flag Due Diligence Items set out in Appendix A to this Policy;
3. the Company’s sales documents and other agreements contain provisions to mitigate the risk of third parties committing acts of bribery that may implicate Peloton;
4. prior to entering into any acquisition, merger, joint venture or partnership, the Company shall conduct pre-signing due diligence with respect to corruption-related risks and compliance procedures of the counterparty;
5. all Representatives have access to support and advice when confronted with situations involving potential risk; and
6. this Policy is enforced by way of appropriate discipline.

3.3 The Compliance Officer shall maintain records in relation to compliance with this Policy and the Company’s related internal controls, in order to support the Company’s defence in the event of a charge or complaint.

3.4 The Compliance Officer shall report to the Board of Directors on the Company’s compliance with this Policy at each Annual General Meeting.

4. Definitions

Agent	Means a person or organization that is retained by the Company to represent, further or develop its business interests in a foreign country. This includes consultants and entities that lobby or deal with foreign governments, their agencies, politicians or employees to obtain, retain or develop business on the Company's behalf.
Bribe or Bribery	Means the giving, offering or promising to give to anyone, anywhere in the world, whether directly or indirectly, anything of value, in order to obtain or retain business or gain an advantage for the Company. “Anything of value” includes but is not limited to: cash payments of any amount; loans, gifts and favours; phony jobs or “consulting” arrangements; charitable contributions or political donations; benefits granted to third parties; and in certain circumstances, business expenditures such as entertainment, travel, training, and other forms of non‐cash perquisites or incentives.
Contractor	Means a person or an entity who supplies materials, labour or services to the Company.
Employee	Means a temporary, permanent or contract employee of the Company.
Extortion	Means obtaining or attempting to obtain something of value by force, threats or persistent demands.
Foreign Joint Venture Partner	Means a resident or national of a foreign country, an entity incorporated or established in a foreign country, a foreign subsidiary of an entity incorporated or established in Canada, a foreign government, or any agency of a foreign government that has been proposed as, or may become, a joint venture partner of the Company in a foreign country.
Foreign Public Official	Includes but may not be limited to: any person holding a legislative, administrative or judicial office of a foreign country, whether they are appointed or elected; any person exercising a public function for a foreign country, paid or unpaid, including a person employed by a board, commission, company or other body or authority that is established to perform a duty or function on behalf of the foreign state; any official or agent of a public international organization (e.g. International Monetary Fund, United Nations, World Bank); a political party, an official of a political party, or a candidate for political office aboriginal or traditional leaders; an immediate family member, such as a parent, spouse, sibling, or child of a person described above.
Improper Payment	Means a Bribe, Kickback, or any other provision of a gift or benefit that is contrary to this Policy.
Kickback	Means the payment of a portion of contract consideration to another contracting party. This includes the improper or secretive use of sub-contracts, purchase orders, consulting agreements or gifts in order to channel payments to principals, employees or other representatives of another contracting party, or to their relatives or business associates.
Representative	Means all directors, officers, employees, agents, consultants and contractors of Peloton or its subsidiaries or affiliates, anywhere in the world.

5. Special rules for foreign public officials

While Representatives are prohibited from offering, promising or giving bribes to anyone, the risks of bribery are particularly serious when dealing with Foreign Public Officials. As a result, this Policy contains special rules for dealings with Foreign Public Officials.

As a general matter, prior to entering into foreign business relationships including with Agents and Contractors, the Company shall conduct due diligence with respect to the government ties possessed by prospective foreign business partners. The proposed business relationship shall be assessed with reference to this Policy. This assessment process shall be integrated into the Company’s existing due diligence procedures for foreign business relationships.

6. Bribes

6.1 The Company and its Representatives shall not, directly or indirectly, offer or give a Bribe to any person or organization. Any demands for Bribes shall be rejected and immediately reported to the Compliance Officer.

6.2 The Company and its Representatives shall not, directly or indirectly, request or accept a Bribe from any person or organization. Any offers of Bribes shall be rejected and immediately reported to the Compliance Officer.

7. Kickbacks

Except where such arrangements are expressly legal in the relevant jurisdiction, the Company and its Representatives shall not kick back any portion of a contract payment to employees of another contracting party, or utilize any other techniques, such as subcontracts, purchase orders or consulting agreements, so as to improperly channel payments to a recipient or to the relatives or business associates of a recipient in order to obtain a business advantage. Any demands for a Kickback shall be rejected and immediately reported to the Compliance Officer.

8. Extortion

The Company and its Representatives shall not, directly or indirectly, demand or accept anything of value from a party doing business with the Company where the purpose of the exchange is the improper or secretive advancement of the Company's business interests. Any attempts at or instances of Extortion shall be immediately reported to the Compliance Officer.

9. Gifts, Hospitality and entertainment

Building long-term relationships based on trust and mutual respect is at the core of the Company’s business model, and the Company recognizes that accepting and providing hospitality and small gifts can be a normal part of business. This Policy does not prohibit these kinds of exchanges, subject to the following rules. As a general matter, Representatives must be extremely cautious in giving gifts and hospitality to Foreign Public Officials, since what may be acceptable in the private sector may not be acceptable when dealing with Foreign Public Officials.

9.1 Small gifts or mementos and basic hospitality and entertainment may be given or accepted on the Company's behalf if they are infrequent, of small value (less than $100CDN in value), are given in a direct and transparent manner, are appropriate in the circumstances, are permissible under local law and the recipient’s policies and are accurately recorded in the Company’s books and records.

9.2 Gifts, hospitality and entertainment must not be intended or appear to be intended to influence any act or decision within the recipient’s official capacity so as to provide a benefit to the Company. Put otherwise, gifts, hospitality or entertainment must not be given in exchange for a benefit of any kind or so as to create a sense of obligation on the part of the recipient.

9.3 Cash or cash equivalents (e.g. gift cards or vouchers) are not permissible as gifts.

9.4 Representatives shall not provide gifts, entertainment or hospitality to persons who accompany Foreign Public Officials to Company business meetings, congresses or comparable events where the attendance of such persons does not have a legitimate business purpose.

9.5 If there is any doubt about the appropriateness of a particular gift or memento, the giving or receipt of such items must be reviewed and approved in advance by the Compliance Officer.

10. Payment of Expenses

10.1 The Company may pay or reimburse reasonable expenses that are incurred in good faith by or on behalf of a Foreign Public Official or a private party if:

1. there is a clear an justifiable purpose for such expenses which is directly related to the demonstration or performance of Company products or services;
2. the payment of such expenses is legal under the laws of the country of the receiving party and considered customary in such country; and
3. the expenses are properly recorded in the Company’s books and records in reasonable detail such that they accurately and transparently reflect the true nature and amount of the transaction.

10.2 Examples of reimbursable expenses include reasonable expenses incurred to attend demonstrations of the Company’s products or facilities, or training relating to the Company’s products. Expenses for “side trips” shall not be reimbursed by the Company.

10.3 Travel expenses must not be paid twice; i.e., the Company will either pay the expenses directly or provide a per diem that is reasonable under the circumstances, but not both.

10.4 Travel expenses of spouses, children, companions, or friends of Foreign Public Officials or private parties shall not be paid or reimbursed.

11. Political contributions, grants and donations

11.1 As a general policy, the Company and its Representatives (while acting on behalf of the Company) shall not make political contributions including money, assets, property or other things of value.

11.2 Also as a general policy, the Company and its Representatives shall not give grants or donations at the request of or for the benefit of any Foreign Public Official who may be in a position to provide a benefit to the Company.

11.3 All expenditures referred to in sections 12.1 and 12.2 shall be approved in advance by the Compliance Officer and shall only be made in accordance with applicable law, and all requirements for public disclosure of such contributions shall be fully complied with.

12. Agents

12.1 Agents as defined in section 3 above should only be used where necessary. Where the Company deems it necessary to retain an Agent,

1. the reputation, background and past performance of the Agent, including any relationship to Foreign Public Officials, shall be properly researched and documented with reference to this Policy; and
2. the Agent will be retained pursuant to a written agreement which specifically defines the Agent’s duties and authority and provides for, at a minimum:
   1. an acknowledgement that the Agent understands the provisions of this Policy and agrees to comply with any applicable terms as well as any provisions of applicable law;
   2. an acknowledgement that the Agent is not authorized under any circumstances to pay or offer to pay an Improper Payment;
   3. the Company’s right to audit expenditures made on behalf of the Company by the Agent;
   4. immediate termination of the agreement for payment of a Bribe or Kickback; and
   5. other risk-based provisions to guard against violation of this Policy and applicable laws.

12.2 The Company shall require, wherever possible, all agents to sign an Agent Certification as set out in Appendix B to this Policy.

13. Foreign Joint Venture Partners

13.1 Prior to entering into any joint venture with a Foreign Joint Venture Partner, the Company shall carry out due diligence on and an approval of such party similar to retaining an Agent as described above and with reference to this Policy.

13.2 All contracts entered into with a Foreign Joint Venture Partner shall contain provisions to ensure that there is no breach of applicable anti-corruption laws by any party to the joint venture. The Company shall retain sufficient management control of, and transparency into, any such joint venture arrangement to ensure that its business practices are in compliance with such laws, or at a minimum, that the joint venture has proper controls in place to ensure compliance with such laws.

14. Contractors

All Contractors shall be made aware of this Policy, and the Company shall not enter into any agreement with a Contractor that contravenes this Policy. The Company shall include risk-based provisions in its Contractor agreements prohibiting the Contractor from violating this Policy and applicable laws.

15. Employment of Foreign Public Officials and related parties

15.1 Foreign Public Officials may only be employed by the Company if:

1. such employment is required by foreign government regulations or contractual provisions with a foreign government, or is specifically requested in writing by a foreign government;
2. such employment and the terms of employment are legal under local laws;
3. the services to be rendered to the Company do not conflict in any manner with the governmental duties of such person; and
4. the Compliance Officer has reviewed and approved such employment.

15.2 As a general policy the Company will not employ family members, employees or close associates of Foreign Public Officials. Any such employment arrangement shall be subject to the prior approval of the Compliance Officer, shall be compliant with all applicable laws, and must not be intended or appear to be intended to influence the actions of the Foreign Public Official in his or her official capacity.

16. Businesses of foreign public officials

16.1 Representatives shall not enter into a contract or agreement on behalf of the Company with any business in which a Foreign Public Official or his or her relative holds a significant direct or indirect interest unless:

1. such business arrangement is required by foreign government regulations or contractual provisions with a foreign government, or is formally requested in writing by a foreign government;
2. such business arrangement is legal under local law;
3. the services to be rendered to the Company do not conflict in any manner with the governmental duties of such person; and
4. the Compliance Officer has reviewed and approved such employment.

17. Books and Records

17.1 The purpose of this provision is to prevent the concealment of bribes and to discourage fraudulent accounting practices.

17.2 The Company and its Representatives shall ensure that the Company’s books and records accurately reflect the Company’s transactions, and that such transactions are recorded with sufficient detail so that knowledgeable third parties can understand the purpose and amount of any transaction.

17.3 “Off-the-books” accounts and false or deceptive entries in the books and records are strictly prohibited. Secret accounts or unmonitored “slush funds” and any documents which do not accurately record transactions, including the objects of liabilities to which they relate, are strictly prohibited.

17.4 Key contract documents and approvals are to be retained, either in hardcopy or in secure electronic format, in line with the Company’s regional and local record retention policies.

17.5 As a matter of practice, Representatives should retain a record and copies of all communications with Foreign Public Officials.

18. Compliance Training

18.1 The Compliance Officer or his or her delegate shall implement annual mandatory anti-bribery compliance training or recertification for all Representatives and shall ensure that all new Representatives receive such training as part of the onboarding process.

18.2 Compliance training shall be tailored so as to be relevant to the respective position and responsibility of Representatives.

19. Compliance and Reporting of Violations: "Whistleblowing"

The collective success and reputation of the Company hinges on the personal commitment of Representatives to adhere to this Policy. It is the responsibility of each Representative to promptly report any suspected contraventions of this Policy.

19.1 No Representative will suffer demotion, penalty or other adverse employment consequence for complying with this Policy even if such compliance may result in the Company losing business.

19.2 Any Representative who becomes aware of a prior or potential violation of this Policy is required to contact the Compliance Officer or a member of the Board of Directors. Any Representative making a good faith report of an alleged violation shall be fully protected and indemnified by the Company.

19.3 Representatives can report a concern by visiting our website https://www.peloton.com/legal and following the instructions.

19.4 The Company shall take appropriate disciplinary action, including dismissal, against

1. any Representative found to be in violation of this Policy;
2. any Representative who has direct knowledge of potential violations of this Policy but fails to report such potential violations; and
3. any Representative who misleads or hinders investigators inquiring into potential violations of this Policy.

 

Schedule A

“Red Flag” Due Diligence Items

All Representatives who are responsible for developing business, entering into transactions or otherwise dealing with Foreign Public Officials on behalf of the Company must be familiar with the following “red flags,” which indicate an increased risk of violation of the Corporate Policy on Corrupt Practices and applicable anti-corruption laws.

In general, business transactions should be scrutinized carefully where they occur in countries with widespread corruption or a history of bribery violations, or where the local government or government officials are heavily involved in the local economy. Up-to-date and country-by-country analysis of corruption levels is available in the Transparency International Corruption Perceptions Index at www.transparency.org/research/cpi

Transaction Red Flags

Transactions that raise particular concern are those where an agent, consultant or other intermediary (who may or may not be a Foreign Public Official) is retained by the Company to conduct or facilitate a transaction with a foreign public official or government entity or to obtain necessary permits and authorizations on behalf of the Company. The following red flags signal a need for further due diligence:

• The agent refuses to confirm in writing that it will abide by applicable bribery laws, or is ignorant of or indifferent to local laws and regulations.
• Family or business ties between an agent and a government official.
• The agent has a bad reputation or is the subject of credible rumors or media reports of inappropriate payments.
• The agent requires that its identity or its relationship with the Company or a Foreign Public Official not be disclosed.
• A Foreign Public Official recommends the agent. This could suggest a coordinated scheme to divide a payoff.
• The agent lacks appropriate facilities or qualified staff, or appears to be in significant financial difficulty.
• The agent uses shell companies that obscure ownership without a credible explanation, or refuses to disclose owners, partners or principals.
• There are misrepresentations or inconsistencies in the agent’s representations.
• The agent provides a business reference who declines to respond to questions or who provides an evasive response.
• Any other odd request by an agent that arouses suspicion.

Payment Red Flags

The following red flags may indicate that the intermediary is paying or intends to pay bribes or kickbacks in order to accomplish the tasks requested by the Company:

• Excessive or unusually high compensation. The appropriate compensation will vary depending upon the extent of the agent’s obligations and expertise, the risk that the agent will incur, whether it is committing its own capital to the venture, or if it is incurring high documented expenses.
• Requests for unusual bonuses or extraordinary payments.
• Requests for an unorthodox or substantial up-front payment, a request that invoices be backdated or altered, or requests for unorthodox payment methods.
• Requests that cheques be made out to “cash” or “bearer,” that payments be made in cash, or that invoices be paid in some other anonymous form or to unknown third parties.
• Over-invoicing (e.g., the agent asks you to cut a cheque for more than the actual amount of approved expenses).
• Requests for an unusually large credit line for a new customer.
• Requests for increase in compensation during the contract term.
• Requests for payments to a bank account in a country other than the agent’s country of residence or the country of the business activity, into a numbered account or to third parties or their bank account.

 

SCHEDULE B

Agent Certification Template

I [NAME OF PARTY] certify to [Peloton entity] (“Peloton”) that:

1. I have not been convicted of, pleaded guilty to any offense involving fraud, corruption, tax evasion, theft or larceny, securities violations, or breach of contract in any jurisdiction.
2. I have reviewed the current version of Peloton Anti-Bribery Policy (the “Policy”) and I understand Peloton prohibitions against Bribery and Kickbacks (“Improper Payments”) to officials or employees of a government or of any political party (“Public Officials”), or to private parties.
3. I understand and acknowledge that I am not authorized by the Corporation to (i) make or offer to make an Improper Payment or permit such a payment to be made; (ii) assist or encourage any Improper Payment; or (iii) take any other action that would cause Peloton to violate any applicable law.
4. I will seek authorization from [NAME] prior to providing any gifts to or paying any expenses of Public Officials on behalf of Peloton.
5. I am not a Public Official as defined in the Policy. If I become a Public Official during the life of this agreement I will advise Peloton .
6. I have disclosed to Peloton the names and positions of all family members or business associates who are Public Officials.
7. All payments received by me directly or indirectly from Peloton will be received in a currency agreed with Peloton at my usual place of business or by bank transfer [TO BE DETERMINED IN THE CIRCUMSTANCES]. I will issue a receipt in a standard form for all such payments I receive from Peloton .

 

Certified on the ____ day of ________________, _________ in the City of _________________, country of _________________.

Authorized Signature:

____________________________________________

 

 

SCHEDULE “C”

Sample Integrity Clause for Agent Contracts

This clause is a sample only and should be modified to fit the particular application. A definition of “Public Officials” should be included in the Agent contract.

Integrity

Agent hereby agrees that Agent shall perform all work in relation to this Agreement in a manner consistent with all applicable laws and regulations, including all applicable anti-bribery and antitrust laws. Agent has not made, provided or promised and will not make, provide or promise, any payment or other benefit, directly or indirectly, to Public Officials, customers, business partners, or any other person in order to secure an improper benefit or unfair business advantage, affect private or official decision-making, or induce someone to breach professional duties or standards.

Agent represents that it, and its owners, officers, employees and representatives, are not, and during the life of this contract will not become Public Officials. Agent further agrees that it will immediately disclose any such appointment to Company and that any such appointment will entitle Company to immediately terminate this agreement.

Prior to the commencement of work under the Agreement, or from time to time as requested by Peloton, Agent shall review the current version of Peloton Anti-Bribery Compliance Policy (the “Policy”), which is hereby incorporated into this Agreement, and shall execute the Agent Certification attached hereto as Schedule “C” on behalf of itself and its officers, directors, employees, and agents.

Agent will immediately report to Peloton in writing any suspected or detected violation of the above principles or the Policy in connection with Peloton business and, in any such case, will cooperate fully with Peloton in reviewing the matter. In the event that Peloton believes, in good faith, that Agent has violated any of the above principles; Peloton shall have the unilateral right to terminate the contractual relationship with immediate effect.

During the term of the Agreement and for the one (1) year period following the termination or expiration of the Agreement, Peloton or its duly authorized third-party auditor, upon reasonable advance notice to Agent and at Peloton sole expense, shall have the right during normal business hours to examine and copy such books, records, and other documents and materials, except individual salary information, for the sole purpose of verifying whether Agent has complied with the obligations stated herein and in Schedule “C”.

Peloton Code of Conduct

Last Updated: 2026-03-19

1.0 Purpose

Peloton is committed to maintaining a professional, ethical, and respectful work environment. This policy outlines the standards of behavior expected from all employees, contractors, and representatives of Peloton.

1.1 Mission Statement

To provide energy data management solutions that enable our customers to maximize productivity, while pursuing relentless improvement in our products and services.

1.2 Vision Statement

The Peloton Platform will be the world’s Energy Data Management system.

2.0 Scope

This policy applies to all directors, officers, employees, agents, consultants, contractors, subcontractors, vendors, and other workers at Peloton (collectively referred to as “representatives” in this policy).

3.0 Our Values

• Ownership: We take full ownership of our work—our tickets, projects, products, and accounts. We deliver as promised and are forthcoming when we fall short. We trust our teammates to do the same and hold ourselves accountable for continuous improvement.
• Teamwork: We treat everyone with kindness and foster collaboration. We embrace diversity, support team cohesiveness, and value open dialogue and constructive feedback as a path to better decisions. We celebrate wins together and communicate with empathy and clarity.
• Boldness: We challenge the status quo with courage. We ask analytical questions to uncover the true problem before acting, and we embrace innovation and brave thinking to drive meaningful progress.
• Integrity: We are loyal to our team and transparent in our interactions. We communicate openly, own and fix our mistakes, and commit fully to decisions. Trust and credibility are built through honesty and consistency.
• Mindful Growth: We pursue improvement with intention. We consider the impact of every decision and feature—not just for growth’s sake, but to deliver meaningful value to our customers and our team.

4.0 Commitment to Ethics

• Open-Door Policy: Peloton maintains an open-door policy to encourage open communication, feedback, and discussion on any matter of importance. Representatives are encouraged to raise concerns about conflicts of interest, harassment, discrimination, bribery, workplace violence, or any code of conduct violations with any manager, including executive management, at any time.
• Fair Treatment: Treat everyone fairly and with mutual respect. Avoid unethical practices.
• Legal Compliance: Comply with all legal regulations and standards. Maintain confidentiality.

5.0 Raising Issues and Concerns

Peloton representatives have a responsibility to report concerns related to harassment, discrimination, anti-bribery, anti-corruption, and workplace violence. Representatives are required to adhere to Peloton's Code of Conduct policy and report any violations to Human Resources or the Compliance Officer immediately upon becoming aware of such violations. Peloton will not retaliate against anyone who, in good faith, reports violations or suspected violations, or assists in an investigation of a reported violation.

Please provide detailed information about your complaint or concern, as Peloton's investigation depends on the quality and details of the information provided. All properly reported violations will be promptly investigated, and violators may face disciplinary action, including termination. Legal violations will be reported to law enforcement authorities. Peloton will maintain confidentiality in good faith reports and take reasonable steps to protect anonymity, subject to applicable laws.

To report a concern, please contact Human Resources or reach out to Peloton's Compliance Officer.

Human Resources

• Email: hr@peloton.com
• Mail or In-person: HR Manager; 3300, 525 8th Ave SW, Calgary, AB T2P 1G1

Compliance Officer

• Email: compliance@peloton.com
• Mail or In-person: Compliance Officer; 3300, 525 8th Ave SW, Calgary, AB T2P 1G1

6.0 Ensuring a Safe and Respectful Workplace

Creating a safe and supportive environment is extremely important to us. Everyone is entitled to work in an inclusive environment that is free from unlawful discrimination, harassment, and violence.

Peloton has zero tolerance for discrimination, harassment, or violence from any source internal or external. Representatives should report any inappropriate situations to their supervisor, Human Resources, Compliance Officer or executive management.

Equal Opportunity Employment: Peloton is an equal opportunity employer. We prohibit unlawful discrimination in employment based on gender, race, color, creed, religion, age, citizenship, sexual orientation, gender identity, gender expression, genetic information, marital status, pregnancy, national origin, ancestry, physical or mental disability, military or veteran status, or any other protected class under applicable laws. Discrimination based on perceived characteristics or associations are prohibited.

Harassment: Peloton is committed to maintaining a respectful workplace, free from all forms of harassment.

• Harassment includes unwelcome conduct based on a person’s protected characteristic that affects their employment opportunities, work performance, or creates an intimidating, hostile, or offensive working environment. Examples include slurs, negative stereotyping, threatening acts, pranks, jokes, and hostile written or graphic material.

• Sexual harassment includes unwelcome sexual advances, requests for sexual favors, and other conduct of a sexual nature, such as displaying sexually suggestive material, unwelcome flirtations, suggestive comments, verbal abuse of a sexual nature, sexually-oriented jokes, crude or vulgar language or gestures, graphic or verbal commentaries about an individual’s body, display or distribution of obscene materials, physical contact such as patting, pinching, or brushing against someone’s body, or physical assault of a sexual nature.

Respectful Communications: Peloton representatives are expected to communicate and interact with each other respectfully, regardless of differences in opinions. Be mindful of remarks on culture, politics, religion, health, and sexual orientation, as these topics are sensitive and can easily have negative or unintended effects on people. Do not call out or shame people for their lawful, personal beliefs, activities, or statements on moral, political, or social issues. Peloton representatives are expected to comply with this Code of Conduct policy during their interactions with peers, management, clients, customers, Peloton’s business contacts, and on Peloton’s community forums like Slack, Teams, and Zoom.

This policy also extends to public statements that relate to or impact Peloton, its reputation, or its representatives, including social media posts using personal accounts. It is everyone’s responsibility to create a healthy and inclusive workplace environment, where all communication and interactions are marked by dignity and respect.

7.0 Health & Safety

Peloton strives to provide a safe, healthy, and sanitary work environment. Representatives are responsible for helping to maintain a safe and healthy workplace for everyone by following safety and health rules and practices when sick, and promptly reporting accidents, injuries, and unsafe equipment, practices, or conditions. This responsibility extends to customer sites, where our Peloton representatives will follow all applicable Health and Safety guidelines.

Maintaining a physically safe environment may involve on-site video surveillance, access card protocols, vigilance against tailgating, reporting suspicious behavior to law enforcement, and aiding law enforcement during investigations.

Representatives should also be alert to early warning signs of violence, such as intimidating behavior, physical assault, destruction of property, and threats, and take appropriate actions, including notifying Human Resources and contacting law enforcement when necessary.

Our Peloton representatives will follow the Health and Safety guidelines when on customer sites.

8.0 Drugs & Alcohol

Peloton is committed to maintaining a safe and healthy work environment. Substance abuse is strictly prohibited as it is incompatible with the health and safety of our representatives. While alcohol may be available at our offices and corporate events, representatives are expected to use good judgment. Consumption of alcohol should never lead to impaired performance, inappropriate behavior, endangerment of oneself or others, or violation of the law.

Representatives must always behave appropriately, promoting Peloton’s interests and reputation. Alcohol consumption should be moderate to avoid intoxication that could lead to abusive, harassing, improper, or illegal conduct.

Driving a vehicle on Peloton business, including transporting other representatives, while under the influence of alcohol, cannabis, non-medical or illegal drugs, or other controlled substances is strictly prohibited. Peloton has a zero-tolerance policy for driving under the influence.

No representative should feel pressured to consume alcohol at any event. To ensure safety, Peloton may monitor alcohol consumption at events and provide taxi chits or online vouchers such as Uber Vouchers for safe transportation home. If a representative appears to be excessively intoxicated and may drive, Peloton may take steps such as preventing the representative from driving, calling a family member, removing vehicle keys, or contacting the police.

If a representative is impaired, they should not return to work activities. The general rule is that if a representative feels they cannot drive, they should not return to work.

Illegal and non-medical legal drugs in our offices or at sponsored events are strictly prohibited.

9.0 Confidential Information and Intellectual Property

• Confidential Information: Protect all confidential information belonging to Peloton, its customers, and third-party vendors. Only share confidential information with those who need it for their job.
• Intellectual Property: Safeguard Peloton’s intellectual property and avoid inappropriate or unauthorized disclosures. Report any security incidents immediately.

10.0 Compliance with Law

• Legal Compliance: Understand and follow the laws and regulations that apply to your work. Deal honestly, ethically, and fairly with suppliers, customers, competitors, and representatives.
• Anti-Corruption: Never bribe anyone or accept bribes for any reason. Follow all applicable laws regarding gifts and entertainment.
• Modern Slavery: Never engage in or tolerate any form of modern slavery. Follow all applicable laws on modern slavery.

11.0 Training and Awareness

Peloton provides regular training to all representatives on respectful workplace behavior, including harassment and violence prevention. This includes onboarding and annual refreshers. Training is reviewed regularly to ensure effectiveness and compliance.

12.0 Enforcement

Any representative found to have violated this policy may be subject to disciplinary action, up to and including termination for just cause.

Peloton Modern Slavery Policy

 Last Updated: 2024-07-23 

1.0 Purpose

This policy establishes Peloton’s commitment to ethical practices and the prevention of modern slavery within our business and supply chains. It outlines our responsibilities and those of our representatives in observing and upholding our position on modern slavery and provides guidance on identifying and reporting related concerns.

2.0 Scope

This policy applies to directors, officers, employees, agents, consultants, contractors, subcontractors, vendors, and other workers at Peloton (collectively referred to as “Representatives” in this policy).

3.0 Policy

3.1 Definition and Commitment

Modern slavery is a crime and a violation of fundamental human rights. It takes various forms such as slavery, servitude, forced and compulsory labour, human trafficking, and child labour. All these forms have one thing in common: they involve the deprivation of a person's liberty by another in order to exploit them for personal or commercial gain. We are committed to acting ethically and with integrity in all our business dealings and relationships, and to implementing and enforcing effective systems and controls to prevent modern slavery in our business and supply chains.

3.2 Transparency and Supply Chain Standards

We commit to transparency in our business and in our approach to tackling modern slavery throughout our supply chains. We expect the same high standards from all our Representatives and, as part of our contracting processes, and we expect that our suppliers will hold their own suppliers to the same standards.

4.0 Policy Oversight and Management

• The Compliance Officer is responsible for ensuring this policy complies with our legal and ethical obligations, and that Representatives comply with it.
• The Compliance Officer has primary responsibility for implementing this policy, monitoring its use and effectiveness, addressing any queries about it, and auditing internal control systems and procedures to ensure they are effective in countering modern slavery.

5.0 Representative Responsibilities and How to Raise a Concern

Peloton Privacy Policy

Last Updated: 2022-12-15

1.0 Introduction

Peloton and its subsidiaries ("Peloton", “we”, “our” or “us”) is a technology company headquartered in Calgary, Alberta. It focuses on providing the world's best data management solutions for the oil and gas industry. For more information about our products and services, please refer to our website www.peloton.com.

This privacy policy (“Privacy Policy”) applies to our processing of personal information of (prospective) customers, suppliers and partners and individuals who:

• Visit peloton.com (“Website”)
• Use Peloton’s products and services
• Contact us
• Apply for a job with us.

Personal information is any information that directly or indirectly identifies you, for example your name, contact details, payment information and location data.

Our customers contract the use of Peloton's products and services and give access to their employees and other third parties, as solely decided by the customer, by creating user accounts who access the products and services with their email address and credentials. The customer administrators grant users roles, which result in different permissions and access rights to the information held in the customer environment. If you interact with our products and services using an account managed by your organization (as our customer), then your personal information may be subject to your organization’s privacy policies and processes. You should direct privacy inquiries to your organization.

2.0 Personal Information We Collect

2.1 Information You Choose to Provide to Us

WHEN

We may ask you to provide personal information when:

• You request a free trial or demo
• You refer a friend to us
• You connect with us directly via phone calls or video conferencing platforms
• You participate in a marketing/sales promotion
• You attend trade events and other industry networking events
• You register or attend a webinar or other event
• You participate in programs we may offer from time to time
• You participate in chats
• You pay for our products and services
• Apply for a job with us.

If you choose to provide us with a third party’s personal information (the person's name, email and company) when taking part in our referral program, you represent that you have the third party's permission to do so.

WHAT

The personal information we collect may include first and last name, email address, phone number, job title, country, and company name. When you pay for our products and services, we may collect personal information that is part of your payment details. As a job applicant, we may also collect your resume and cover letter, along with any other personal information you submit to us.

2.2 Information We Collect Automatically

WHEN

We collect information about your visits to the website and products and services when you land on any of our web pages through cookies and similar tracking technology.

For further information about the types of cookies we use, you can access our cookie settings from the bottom of our website www.peloton.com.

WHAT

The personal information collected is:

• access times
• the pages you view
• the links you click on
• the search terms you enter
• actions you take in connection with any of the visited pages
• your device information such as IP address, location, browser type and language
• the Uniform Resource Locator (URL) of the website that referred you to our website and
• the URL you browse away from our pages if you click on an external link

We may also collect personal information when you open email messages from us or click on links within those email messages.

3.0 How We Use Personal Information

We use your Personal Information to:

• Deliver training and support to individuals not using an account managed by an organization (as our customer)
• Respond to inquiries and comments
• Communicate with you directly through emails, calls, chats, video conferencing
• Process payments for products and services
• Send communications to you about:
  • new product features and upgrades
  • our services and offerings
  • event announcements
  • product notices and changes to our terms and policies
  • programs in which you have chosen to participate
  • promotional offers and surveys
  • scheduling demos and managing free trials
• Subject to our obligations under data protection laws, advertise and market our products and services, including delivering interest-based advertisements on our products, services and other sites or content syndication platforms and websites.
• Carry out market research to understand how to improve our products and services and their delivery
• Create and manage marketing campaigns
• Generate sales leads and increase our market share
• Analyze user clicks and usage of the products and website to improve user experience and maximize the use of our services
• Enforce our product and service terms and/or separate contracts (if applicable) with you
• Prevent fraud and other prohibited or illegal activities
• Protect the security or integrity of the products and our business
• Resolve disputes
• Troubleshoot problems

We may de-identify and aggregate personal information with other non-personal data to provide insights that are commercially valuable to Peloton, such as statistics of the use of the services; Otherwise, as disclosed to you at the point of collection; or as required or permitted by law.

Please note that sometimes we may record the video conferencing call in which you participate to analyze and improve our staff's communication skills. If we do so, we will be announcing it at the beginning of the conference call.

We do not sell your personal information.

4.0 How We Share Personal Information

Service Providers

Third parties may process personal information on our behalf, for instance to process payments, host, manage and service our data, provide us with financial or legal advice and to distribute newsletters. They will have access to your personal information only as necessary to perform the contracted tasks on our behalf. We sign contractual agreements to obligate them to protect the personal information, to only use it to deliver the contracted services to us, to prohibit them from selling it and to not disclose it without our knowledge and permission.

Legal Disclosures

We may need to disclose personal information when required by law, subpoena, or other legal processes identified in the applicable legislation.

Change in Control

We can also share your personal data as part of a sale, merger, change in control, or preparation for any of these events.

Any other entity which buys us or part of our business will have the right to continue to use your data in the manner set out in this Privacy Policy unless you agree otherwise.

5.0 How We Secure Personal Information

We are committed to protecting the security of all of the personal information we collect and use.

We use various physical, administrative and technical safeguards designed to help protect it from unauthorized access, use and disclosure. We have implemented best-practice standards and controls in compliance with internationally recognized security frameworks. We use encryption technologies to protect data at rest and in transit.

6.0 Your Rights

We provide the same suite of services to all of our customers and users worldwide. We offer the following rights to all individuals regardless of their location or applicable privacy regulations.

For personal information we have about you, you can:

• Access your personal information or request a copy.

You have the right to obtain information about what personal information we process about you or obtain a copy of your personal information.

If you have provided personal information to us, you may contact us to obtain an outline of what information we have about you or a copy of the information.

If you are an End User of a product or service, you can log in to see the personal information in the account or approach your employer for more information.

• You have the right to be notified of what personal information we collect about you and how we use it, disclose it and protect it.

This Privacy Policy describes what personal information we collect and our privacy practices. We may also have additional privacy notices and statements available to you at the point of providing information to us directly.

• Change or correct your personal information.

You have the right to update/correct your personal information or ask us to do it on your behalf.

You can edit your information through the user account in the product or service or ask us to change or correct it by filling out this request form.

• Delete or erase your personal information.

You have the right to request the deletion of your personal information at any time. We will communicate back to you within reasonable timelines the result of your request. We may not delete or erase your personal information, but we will inform you of these reasons and any further actions available to you.

• Object to the processing of your personal information.

You have the right to object to our processing of your personal information for direct marketing purposes. This means that we will stop using your personal information for these purposes.

• Ask us to restrict the processing of your personal information.

You may have the right to ask us to limit the way that we use your personal information.

• Export your personal data.

You have the right to request that we export to you in a machine-readable format all of the personal information we have about you.

We do not process personal information through the use of automated means.

If you would like to exercise any of the rights described above, please fill out this request form.

To the extent available in your jurisdiction, you also have the right to lodge a complaint with the local organizations in charge of enforcing the privacy legislation applicable in your territory.

7.0 How Long We Keep Your Personal Information

We retain information as long as it is necessary for the purposes for which it was collected or otherwise obtained, subject to any legal obligations to retain such information further.

The information we retain will be handled in accordance with this Privacy Policy.

8.0 Other Important Information

We rely on legally provided mechanisms to lawfully transfer data across borders, such as contracts incorporating data protection and sharing obligations.

We will only collect and process your personal information where we have a lawful reason for its collection.

If you are a user of our products and services, your employer has control of the account and may upload and share additional personal information. Your employer's responsibility is to ensure the collection, use, and sharing of the personal information uploaded to the product and service complies with all applicable legislation.

Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time. If you have any questions about the lawful bases upon which we collect and use your personal data, please fill out this request form.

How to select your communications preferences

You may choose to receive or not receive marketing communications from us. Please click the "Unsubscribe" link in the email we sent you to stop receiving marketing communications.

You may choose which personal information we collect automatically from your device by controlling cookie settings on your browser or selecting your preferences through our cookie settings.

Even if you opt-out of receiving marketing communications, we may still communicate with you regarding security and privacy issues, servicing your account, fulfilling your requests, or administering any promotion or any program in which you have elected to participate.

9.0 Contact Information

You may contact us to exercise any of your rights or ask for more information about your personal information and our privacy practices by filling out this request form.

10.0 Minors Under Age 16

Our products and services are intended for business use, and we do not expect them to be of any interest to minors. We do not intentionally collect any personal information of persons below the age of 16.

11.0 Changes to this Policy

We are constantly trying to improve our website and products and services, so we may need to change this policy from time to time. We will alert you about material changes by, for example, placing a notice on our website and/or by sending you an email (if you have registered your e-mail with us) when we are required to do so by applicable law. You can see when this policy was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this policy.

Appendix

A.1 For Individuals Based in the European Union (EU), European Economic Area (EEA), United Kingdom (UK) and Switzerland

If you are based in one of these jurisdictions, Peloton E.U. B.V. is the controller of your personal information. The term 'personal information' in this privacy policy has the same meaning as 'personal data' as defined in the General Data Protection Regulation (GDPR).

We only process personal information if we have a lawful basis for doing so. The lawful bases applicable to our processing as controller are:

• Consent - We will ask for your consent when we collect your personal data on this legal basis. We use this legal basis for the following purposes: if you have chosen to receive our newsletter, if you have consented to our use of cookies on our website, if you participate in an event or when you refer a friend.
• Contractual basis - We process the personal information based on this legal basis as necessary to fulfill our contractual terms with you, for example when you are our contact person of your employer or business in relation to the purchase of our products and services or if you supply us with goods or services. We also process your personal information on this legal ground if you apply for a job with us.
• Legitimate interest - We process the names, contact details, job titles, companies of our existing and prospective customers for our marketing purposes (to the extent consent is not required for this), including market research and sales leads generation and for securing our business and data, combatting fraud and cyberattacks, improving our products and services as described in this Privacy Policy.
• Legal obligation - If we are required by law to process personal information, this is based on the legal ground ‘comply with a legal obligation’.
• In rare circumstances, we process personal information to protect your or someone else’s vital interests.

When transferring personal data to outside of the EEA, Switzerland or the United Kingdom, we use an appropriate transfer mechanism such as the standard contractual clauses.

You may contact us if you have any questions or complaints about the processing of your personal data by filling out this request form.

You may also lodge a complaint with your local supervisory authority, EU Data Protection Authorities (DPAs) or Swiss Federal Data Protection and Information Commissioner (FDPIC). See their contact details here National Data Protection Authorities.