Qumu Corporation Safe Harbor Data Privacy Policy

Qumu Corporation (“Qumu”) is committed to protecting the privacy of sales prospect and customer, as well as their employees’, personal information (“Personal Information”) that is held by Qumu. Yet Qumu must collect and use Personal Information for legitimate business purposes and must sometimes pass the Personal Information on to third parties in connection with those business purposes. Personal information collected by Qumu may sometimes be transferred from within the European Union or Switzerland to the United States in connection with such purposes.

The European Union and Switzerland have laws protecting such Personal Information from inappropriate use or disclosure, but data protection laws are different in the United States, and such laws of the European Union and Switzerland generally do not apply to Qumu in the United States. Therefore, Qumu hereby presents assurance of its protection of European Personal Information through a method approved by the European Union and Switzerland.

Qumu achieves this assurance by adhering to the principles and 15 Frequently Asked Questions of the Safe Harbor Frameworks arranged between the U.S. Department of Commerce on the one hand and the European Union and Switzerland on the other hand, with regard to the protection of such Personal Information. Qumu has certified its compliance with the Safe Harbor principles and will certify its compliance every year.

This Policy sets out the scope of Qumu’s actions and the methods it uses for complying with the Safe Harbor principles regarding Personal Information received by Qumu in the United States from Qumu’s affiliates, employees or agents in the European Union or Switzerland, to the extent that such Personal Information concerns individuals who are in the European Union or Switzerland (“European Persons”). This Policy is available to any European Person who requests a copy from the contact listed below under “Access to and Correction of Personal Information” and is posted on Qumu’s website at www.qumu.com/safeharbordatapolicy.html. It may be amended, updated, or replaced, effective thirty (30) days after a clearly identified new version is posted. To learn more about the Safe Harbor program, and to view Qumu Corporation’s certification, please visit http://www.export.gov/safeharbor/

Safe Harbor Principles:

1. Notice. The Personal Information that Qumu collects or receives may include a European Person’s name, position, contact information, gender, history with Qumu, e-mail address, national identification number, and other information specific to the European Person and allowing identification of the European Person. The Personal Information may be used for business purposes, including but not limited to recordkeeping, sales, marketing, reporting as needed to government authorities, analysis of purchasing potential and authority, business planning, tax planning, business operations, and company administration. It is Qumu’s intention that European Persons are informed of these purposes before or shortly after the time of collection or use of their respective Personal Information. This policy, clarifying Qumu’s compliance with the Safe Harbor, demonstrates the inclusion of Qumu Corporation in the group of permitted transferees of Personal Information by the various Qumu employees and agents in Europe.

2. Choice. A European Person may choose (by opting out) not to permit Qumu to use their Personal Information for any purpose other than that for which it is later authorized by the European Person, or to disclose the European Person’s Personal Information to any third party for any such other purpose.

3. Onward Transfer. Qumu may transfer Personal Information to third parties, such as but not limited to marketing consultants or a related company, for performance of work for Qumu with respect to such data. However, Qumu will not transfer a European Person’s Personal Information to a third party unless the third party is subject to the European data privacy laws or certifies its adherence to the Safe Harbor principles, or the third party agrees by contract with Qumu to provide a level of privacy protection as high as that of the Safe Harbor principles, or the European Person gives his or her consent, or the reason for disclosure is permitted by the Safe Harbor principles, such as for mandatory compliance with laws.

4. Security of Personal Information. Personal Information received from the European Union by Qumu in the United States is delivered only to a small number of employees involved in the permitted use of Personal Information and is kept in locked drawers or maintained on computers subject to password protection; moreover, it is ordinarily received on or through secure servers and stored behind one or more firewalls. Qumu will take reasonable care to maintain the security and confidentiality of such data.

5. Data Integrity. Because Qumu, like its European employees and agents, has an interest in the integrity of the Personal Information, Qumu works with its affiliates, employees and agents in Europe to ensure that the Personal Information received by Qumu is accurate and current and that the data collected is relevant to the requirements and purposes for which it was collected.

6. Access to and Correction of Personal Information. Through Qumu marketing employees or agents, or the contact shown below, Qumu provides European Persons reasonable access to their Personal Information. Further, if a European Person demonstrates to Qumu’s reasonable satisfaction that any of such employee’s Personal Information is incorrect, or the European Person wishes to have the Personal Information deleted, Qumu will provide the European Person a reasonable opportunity to correct, replace, or remove such data. Any European Person wishing access to his or her Personal Information, or wanting his or her Personal Information deleted, may submit a written or oral request to a marketing employee or agent, or may directly contact: Arthur J. Glassman, Legal Counsel, Qumu Corporation, 510 1st Avenue North Suite #305, Minneapolis, MN 55403, email: arthur.glassman@qumu.com.

7. Enforcement. Qumu will conduct periodic, at least annually, internal audits of its compliance with the Safe Harbor principles. Any Qumu employee who Qumu determines has acted in violation of this Policy will be subject to disciplinary action, up to and including dismissal. If a European Person presents a complaint concerning Qumu’s processing of such European Person’s Personal Data, such complaint should be submitted to: Arthur J. Glassman, Legal Counsel, Qumu Corporation, 510 1st Avenue North Suite #305, Minneapolis, MN 55403, email: arthur.glassman@qumu.com, and Qumu will investigate the matter. If the dispute is not resolved or settled by Qumu and the European Person, the European Person may take the matter to the European Data Protection Authorities or the Swiss Federal Data Protection and Information Commissioner, as the case may be. Qumu confirms that it will cooperate with such authorities as needed.