Data Collection and Use Asset Snap collects asset data from our clients using AI image recognition software and Excel. The primary purpose of collecting this data is to create and maintain an accurate asset register for our clients. Our data collection practices are transparent, and we use the data exclusively for the purposes outlined in our service agreements. The data will not be used for any other purposes without obtaining explicit consent from our clients. Types of Data Collected: Asset information (e.g., descriptions, images, and identifiers) Metadata associated with assets (e.g., timestamps, locations) Purpose of Data Collection: To create an asset register To maintain and update asset information To provide detailed asset management reports and analytics

Data Processing Methods We process the collected asset data using the following methods: AI Image Recognition: Our advanced AI algorithms analyze and process images to extract relevant asset information efficiently and accurately. Excel: We use Excel for organizing, storing, and managing the processed asset data in a structured manner.

Data Security To protect client data from unauthorized access, disclosure, alteration, or destruction, we implement a multi-layered security approach, including: Encryption: All data is encrypted during transmission and storage to ensure confidentiality and integrity. Regular Security Assessments: We conduct regular security assessments and audits to identify potential vulnerabilities and address them promptly. Access Controls: Strict access controls and authentication mechanisms are in place to ensure that only authorized personnel have access to client data. Data Anonymization: When appropriate, we anonymize data to further protect client privacy and reduce the risk of re-identification. A separate security document is available

Data Retention We retain client data only as long as necessary to fulfil the purposes for which it was collected and in accordance with our data retention policy. Asset data is retained to train our model further and holds no client information. The retention period is determined by the nature of the data, the purpose for its use, and any legal or regulatory requirements and is agreed on start of our contract with the client. Retention Policy: Data is retained for the duration of the service agreement. Upon termination of the service agreement, client specific data will be securely deleted or anonymized within the agreed timeframe unless otherwise required by law.

Client Rights We respect and uphold the rights of our clients concerning their data. Clients have the following rights: Right to Access: Clients can request a copy of the data we hold about them at any time. Right to Rectification: Clients can request corrections to any inaccuracies or incomplete information in their data. Right to Deletion: Clients can request the deletion of their data, subject to certain conditions and legal requirements. Right to Withdraw Consent: Clients can withdraw their consent for data processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Data Breach Response In the event of a data breach, Asset Snap will act swiftly and decisively to minimize any potential harm. Our data breach response plan includes: Immediate Notification: Prompt notification to affected clients and relevant authorities as required by law. Containment Measures: Immediate steps to contain the breach and prevent further unauthorized access. Impact Assessment: Assessment of the breach's impact on client data and determination of necessary remedial actions. Preventive Measures: Implementation of additional security measures to prevent future breaches.

Compliance and Accountability Asset Snap complies with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are committed to maintaining the highest standards of data protection and have appointed a Data Protection Officer (DPO) to oversee our data protection practices and ensure compliance. Responsibilities of the DPO: Monitoring compliance with data protection regulations Providing guidance and training to staff on data protection matters Conducting regular audits and assessments of data protection practices Serving as the point of contact for clients and regulatory authorities on data protection issues

Transparency and Consent Transparency is at the core of our data protection practices. We ensure that our clients are fully informed about how their data is collected, processed, and stored. Our practices include: Clear Communication: Providing clear and concise information about data collection and use in our service agreements and privacy notices. Informed Consent: Obtaining explicit consent from our clients before collecting and using their data. Regular Updates: Keeping clients informed of any changes to our data protection practices or policies.