Legal

Privacy Policy

This Privacy Policy (the "Policy") sets forth Covisint Corporation's ("Covisint") policies regarding the collection and use of information relating to the Covisint Web site (the "Web Site") and the Covisint Exchange (the "Exchange"). The Exchange is only accessible by registered Members of the Exchange ("Members") and their authorized users ("Authorized Users"); the Web Site is generally accessible by all others who visit the Web Site ("Visitors"). With respect to Members and their Authorized Users, the applicable Product Agreement or Product Addenda may specify certain additional rights and obligations regarding the collection of data. Certain capitalized terms used herein may be defined in the Glossary.

INFORMATION COLLECTION AND USE

General
Visitors, Members and Authorized Users understand and agree that Covisint may collect, maintain, and process information provided by such parties to Covisint, and information collected by Covisint concerning such Visitors, Members and Authorized Users, on and through the Web Site and the Exchange. Visitors, Members and Authorized Users represent and warrant that all information they provide to Covisint is true, accurate, current, non-misleading, and consistent and relevant for the purpose for which such information is provided. Members and Authorized Users also represent and warrant that they have the authority to provide the information submitted to and through the Exchange, and understand and agree that Covisint may from time to time verify such authority.

Public Areas of the Web Site
Visitors may visit the public (non-Exchange) areas of the Web Site without disclosing any personally identifiable information about themselves. However, Visitors will have the opportunity to request information from Covisint, in which case an e-mail or other address may be required in order to allow Covisint to comply with the request, and for other purposes as may be disclosed at the time the request is made ("Special Purpose Collection"). Visitors may elect to opt-out from receiving communications other than those relating to the Special Purpose Collection by (a) following the instructions in the section titled OPT-OUT CHOICES, below, (b) checking appropriate opt-in or opt-out boxes which may be provided on the collection form, or (c) as set forth in the communication sent from Covisint. Covisint will not request more information than is reasonably necessary to provide requested information or services.

Exchange

Registration Information
In order to participate in the Exchange, Covisint requires Members and Authorized Users to register with the Exchange by, among other things, providing contact information including Password and User ID, name, title, department, business address, business telephone number, business e-mail address and other contact information ("Registration Information"). Such information will typically be provided to Covisint by the Member's Administrator. Certain portions of the Registration Information concerning the Member (and not an individual Authorized User) will be used for evaluating qualifications for participation in the Exchange. Registration Information concerning individual Authorized Users may be made available to other Members, in the form of contact directories maintained on the Exchange, in order to facilitate the operation of the Exchange. Covisint may also use Registration Information to communicate with Members and Authorized Users regarding available transactions, changes in Exchange functionality, features, billing, help desk and other activities relating to the operation of the Exchange. Covisint may also use Registration Information to send Members and Authorized Users information about products or services available on or through the Exchange and offers made available by Covisint's business partners, which may be sent by Covisint or the Covisint business partner making the offer. Instructions on how to request that Covisint not send future communications (except for communications necessary for the operation of the Exchange) or that Covisint not share Registration Information with Other Members or third parties, are set forth in the section titled OPT-OUT CHOICES below and, for Covisint-transmitted material which is unrelated to the operation of the Exchange, in each communication.

Usage Data
Covisint will record and collect information about how Visitors, Members and Authorized Users use the Web Site, and in the case of Members and Authorized Users, the Exchange. This data may include, a Visitor's, Member's or Authorized User's domain name, language, type of browser and operating system, Internet Service Provider, Internet protocol (IP) address, the Web site from which Visitors, Members or Authorized Users arrived at the Web Site or the Exchange, and the amount of time spent on the Web Site or using the Exchange (collectively, "Usage Data"). Covisint may monitor and use Usage Data in aggregated form to measure the Web Site's performance and Exchange activity and improve the Web Site's or Exchange's design and functionality. Covisint may also use Usage Data in aggregated form to develop and distribute to third parties statistical and general information about how the Web Site and Exchange are used and for other marketing purposes. Covisint may also use Usage Data in unaggregated form to investigate and prosecute security violations or to identify a particular Authorized User who engaged in a particular transaction on behalf of a Member in the event there is a repudiation of such transaction by such Member.

Cookies
Covisint may use "cookies" to make transactions and other activities through the Web Site and the Exchange more convenient and efficient for Visitors, Members and Authorized Users. For these purposes, Covisint may use "session cookies," which consist of information stored in a browser's memory and passed back to the applicable server whenever a request for a new page on the Web Site or the Exchange is made. The session cookie is never saved nor written to disk, and the information contained in the session cookie is only valid for that one particular session. The session cookie is discarded when the browser is closed or, in the case of a Member or Authorized User, upon logging out of the Exchange. Most Web browsers automatically accept session cookies, and most may also be configured to provide notice of when a session cookie is about to be placed on the browser. No information is saved in such session cookies other than an identification number associated with the particular session.

Forums
Covisint may make available certain public forums such as bulletin boards or chat rooms (collectively, "Forums") on the Web Site or the Exchange. Use of any Forum is subject to Covisint's Exchange Rules, Terms of Use, and any other notice or policy applicable to a particular Forum or all Forums collectively. Any and all information posted on or through a Forum will be generally accessible for viewing by others. Accordingly, participants are encouraged to exercise discretion when using Forums.

OPT-OUT CHOICES
To "opt-out" of (1) receiving communications from Covisint (except for communications necessary for the operation of the Web Site or the Exchange), (2) having contact information disclosed to third parties (except as necessary for Covisint to operate the Web Site and Exchange, or as otherwise permitted under this Policy), or (3) any other consent previously granted for a specific purpose concerning your personally identifiable information, send an e-mail to Covisint at leads@covisint.com.

REVIEW/CHANGE CONTACT INFORMATION
Requests to review or change information previously provided on or through the Web Site or the Exchange may be made to Covisint by sending an e-mail to the Covisint Data Controller. Requests for changes to the Registration Information should be made by Authorized Users directly to their Administrators.

LINKED SITES/THIRD PARTY SITES
Web sites ("Linked Sites") from the Web Site or the Exchange. Linked Sites are not reviewed, controlled or examined by Covisint in any way and Covisint is not responsible for the privacy policies and practices of any such Linked Sites, or any additional links contained therein. These links do not imply Covisint's endorsement of or association with the Linked Sites. Visitors, Members and Authorized Users should refer to the policies posted by such Linked Sites regarding data collection, privacy and other topics before accesing them. Covisint may refer to or list third parties on the Web Site or the Exchange who maintain separate web sites. Visitors, Members and Authorized Users should refer to the policies posted by such third parties on their web sites regarding data collection, privacy and other topics before accesing them.

DISCLOSURE PURSUANT TO LAW
Covisint may make information concerning Visitors, Members, Authorized Users, the Web Site and the Exchange, and the uses thereof, available to law enforcement personnel and agencies as required by law. Where permitted by law, Covisint may also disclose such information to law enforcement personnel and agencies, or use such information as part of legal process, in order to protect its property or in furtherance of an investigation regarding a breach of the Web Site or Exchange's rules and policies, or any unauthorized access to or use of the Web Site or the Exchange, or any illegal activities concerning a particular Visitor, Member or Authorized User.

CONSENT TO PROCESSING
By using or providing information to the Web Site and the Exchange, Members and Visitors understand and unambiguously consent to the collection, processing and use of such information in the United States and other countries and territories, for the purposes set forth in this Policy and, for Members and Authorized Users, as further set forth in their applicable Product Agreement or Product Addenda. As required to comply with privacy laws applicable to Member and/or its Authorized Users, Member agrees that it has obtained, or prior to disclosure to Covisint will obtain, consent from each of its Authorized Users to: (a) permit Member to transfer personally-identifiable information regarding the Authorized Users to Covisint; (b) the terms of this Policy; and (c) permit Covisint to collect, process and disclose such personally-identifiable information regarding the Authorized Users: (i) in order to provide the Services and perform its obligations as described in the any applicable Product Agreements or Product Addenda entered into by Member, (ii) to operate the Exchange (including but not limited to disclosure to other Members of the Exchange in the normal course of such operation) or (iii) as otherwise permitted under this Policy, including but not limited to the transfer of such personally-identifiable information between Covisint's subsidiaries and affiliates for the foregoing objectives. For further certainty, any consent relating to a right to transfer information referred to in the foregoing shall be deemed to include the consent of Authorized Users to the transfer of the applicable personally identifiable information to a jurisdiction which may have a different level of privacy protection than that applicable in the Authorized User's country.

SERVICES PROVIDERS
Covisint may utilize third parties to provide or perform certain services and functions on the Web Site and the Exchange. For example, Covisint may use a Web site tracking evaluation firm to analyze Visitors', Members' and Authorized Users' use of the Web Site and the Exchange, as applicable. Covisint may use third party suppliers to directly provide certain functionality provided on the Exchange (through a browser re-direction to systems operated by such third party suppliers). Covisint may also outsource certain fulfillment or communication functions, such as transaction clearing, shipping, and electronic correspondence, to third parties. Covisint will make information concerning Visitors, Members and Authorized Users and their use of the Web Site and Exchange available to these service providers, as necessary, to perform these functions. Any access to such information will be limited to the purpose for which such information was provided to the service provider. The service providers may be located throughout the world. Accordingly, information relating to Visitors, Members and Authorized Users may be sent worldwide to countries which have a different level of privacy protection than the US or a Visitor's, Member's or Authorized User's country of residence.

TRANSFER OF INFORMATION
In the event of a sale, merger, liquidation, dissolution, or sale or transfer of the substantial assets of Covisint, information collected about Visitors, Members and Authorized Users may be sold, assigned, or transferred to a party acquiring all or substantially all of the equity and/or assets of Covisint in order to permit such party to continue the operation of the Web Site or the Exchange. Covisint may also transfer information collected about Visitors, Members and Authorized Users to its subsidiaries and affiliates, including the Covisint Group (as applicable), that are directly involved in the operation of the Exchange.

SECURITY
Covisint takes seriously the security of the information it collects. Covisint has therefore implemented technology and security policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to, such information, reasonably appropriate to the level of the data concerned.

UPDATES TO THE PRIVACY POLICY
Covisint may, in its sole discretion, update this Policy at any time and from time to time, by posting the amended Policy on the Web Site and the Exchange. Such amended Policy shall be effective upon posting. Visitors, Members and Authorized Users are therefore encouraged to refer back to this page regularly. This Policy may not be otherwise amended without the written consent of Covisint.