Ceridian employs a Privacy Officer who is charged with ensuring that Ceridian complies with all privacy-related obligations imposed by statute or contract. Any questions regarding the collection, use, access, disclosure, retention or destruction of Confidential Information should be directed to the Privacy Officer.

The Company headquarters is located at 103 JFK Parkway, Short Hills, New Jersey 07078, USA and grants Performance RSUs to employees of the Company and its subsidiaries and affiliates, at its sole discretion. If the Participant would like to participate in the Plan, please review the following information about the Company’s data processing practices and declare the Participant’s consent.

Compliance with Data Privacy Laws. The Company and its subsidiaries are in material compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and, to the extent applicable to the Company and its subsidiaries, the Company and its subsidiaries are in material compliance with the GDPR (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take steps designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company represents that neither it nor any subsidiary: # has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws; # is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or # is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Privacy: Describe [[Organization A:Organization]]’s privacy and security policies; indicate if they are in writing; and whether they are compatible with [[Bank of America:Organization]]’s policies.

If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact a member of our Privacy Team at ​.

transfer, disposal, or any other processing (collectively “Process” or “Processing”) of Personal Data, including without limitation HIPAA, the California Consumer Privacy Act, and the European Union General Data Protection Regulation (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take all appropriate steps necessary to ensure compliance in all material respects with their policies and procedures relating to data privacy and security, and the Processing of Personal Data and Confidential Data (the “Privacy Statements”). The Company and its subsidiaries have, except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, at all times since inception provided accurate notice of its Privacy Statements then in effect to its customers, employees, third party vendors and representatives. None of such disclosures made or contained in any Privacy Statements have been materially inaccurate, misleading, incomplete, or in material violation of any Privacy Laws. The Company further certifies that neither it nor any of its subsidiaries # has received notice of any actual or potential claim, complaint, proceeding, regulatory proceeding or liability under or relating to, or actual or potential violation of, any of the Privacy Laws, contracts related to the Processing of Personal Data or Confidential Data, or Privacy Statements, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice, # is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law or contract, or # is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy Notice

Data Privacy. This section replaces [Section 16] of the Agreement:

Data Privacy. The following provision supplements Section 16 of the Award:

subject to [Section 10.2.1(b)], changes to the Program Privacy Policy;