EU — US AND SWISS — US PRIVACY SHIELD

EU—US AND SWISS—US PRIVACY SHIELD FRAMEWORKS

Rosetta Stone Ltd. (the "Company") participates in the EU-US and Swiss-US Privacy Shield Frameworks (the "Frameworks"). Company's participation in the Frameworks applies to personal data received in the United States from the European Union and Switzerland (collectively, "Europe") about employees/contractors/job applicants ("European Human Resources Data"), corporate customer contacts and consumers ("European Customer Data"), and corporate customer's end-users ("European End User Data") (collectively, "European Personal Data"). We are committed to subjecting such European Personal Data to the Frameworks, including its Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Frameworks, visit the US Department of Commerce's Privacy Shield here.

European Personal Data Collection, Use, and Disclosure

European Customer Data: The types of European Customer Data that we collect, the purposes for which we collect and use such data, and the types of third parties to which we disclose such data and the purposes of such disclosures, are the same as specified in our Website Privacy Policy

European End User Data: We operate as a processor acting on behalf of our corporate customers regarding the collection, use, and disclosure of European End User Data. If you are an end user of one of our corporate customers, please consult the privacy policies of that entity for information about its privacy practices.

European Human Resources Data: We provide notice to European employees and other covered individuals about the collection, use, and disclosure of their European Human Resources Data through internal company policies.

Rights of European Data Subjects

If you are a European data subject, you have the right to access your own European Personal Data subject to certain limitations, such as where the legitimate rights of other persons would be infringed or where the burden or expense of providing access would be disproportionate. If you wish to exercise such rights, please contact us as described below. Please note that because Company personnel may have limited ability to access European End User Data our corporate customers provide to us as part of our services to them, if you are a European End User and wish to request access, to limit use, or to limit disclosure of your European End User Data, please contact us as described below and provide the name of the corporate customer who submitted your data to us. We will refer your request to that corporate customer, and will support them as needed in responding to your request.

Choices of European Data

Corporate customer contacts and individual consumers have the right to exercise choice (opt-out) from our use of their European Customer Data for direct marketing purposes. To exercise this right, please follow the instructions in any direct marketing message you may have received or contact us at privacyofficer@rosettastone.com. We do not otherwise use or disclose European Customer Data and European End User Data in a manner that is subject to choice requirements under the Frameworks. We describe the choices for European Human Resources Data through internal company policies

Recourse, Enforcement, and Liability

Please contact us as specified below if you have any questions, need access to your European Personal Data, or otherwise need assistance. We remain responsible for our collection, use and disclosure of European Personal Data in accordance with the Frameworks. We also are responsible for third party agents that are processing such data on our behalf, unless we prove that we are not responsible for the event giving rise to the damage. In certain situations, we may be required to disclose European Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

If you have an unresolved concern about European Personal Data that we have not addressed satisfactorily, we have committed to cooperate with the panels established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to serve as our independent dispute resolution bodies for the Frameworks. We are also subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the Frameworks. In addition, under certain conditions, more fully described on the Privacy website, European residents may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted.

Contact Us

Please contact us at privacyofficer@rosettastone.com if you have any questions, wish to exercise your rights of access, or seek other assistance as described above.