Trust center

How we collect your personal information

We collect personal information about individuals in the following ways:

• Provided by you

• Obtained from third parties (where permitted under local laws), such as:

• former employers

• employment agencies

• professional references

• credit reference agencies

• other background check agencies

• international sanctions lists from governments and monitoring agencies

• insurance agencies

• social security funds

• third-party service providers (such as payroll providers, medical providers, leasing companies, telecom operators, other)

• public records sources

• Provided by recruiters or individuals who refer an individual for a job

• Provided from your managers and peers

• Provided to us by public authorities, courts or tribunals

• Provided to us by our personnel regarding dependents and beneficiaries

• Created or observed by us in the course of job-related activities during your employment/engagement with us.

If you fail to provide certain personal information when requested, we may not be able to hire you, perform all our legal or contractual obligations or carry out all activities regarding your employment or engagement such as payroll, benefits, tax and insurance and to ensure health and safety. It is important that the personal information that we hold about you is accurate and up-to-date. You should keep us informed if your personal information changes and wherever possible update your records on the self-service systems available to you.

How we use your Personal Information

We may use your personal data for the following purposes:

Human resources management

We use personal data for purposes of human resources management, including recruitment, establishment, maintenance and termination of employment relationship, career development, training, education, talent management, performance management, appraisals and disciplinary and grievance management, management forecasts and planning changes in our group structure, and providing information and references to potential or actual future employers.

Conducting employment-related checks

We use personal data to conduct employment-related checks, such as background checks, credit checks, anti-fraud checks, checks to prevent fraud and money laundering, and drug tests, in all cases to the extent permitted under applicable local law.

Staff administration and operational purposes

We use personal information for staff administration and operational purposes, such as managing absences, pay, benefits, compensation, stock administration, business travel, maintaining employee directories, birthday and employment anniversary celebrations, and administering corporate expenses and reimbursements (including reviewing details of transactions made using corporate credit cards, corporate travel, and expenses submitted for reimbursement).

IT administration and security

We use personal information to administer and provide security for our IT assets, for instance controlling and enabling access to our systems and resources, managing authorization controls and user access, ensuring the security of our systems and resources, maintaining internal networks and IT systems, providing IT support, IT security monitoring, and incident response).

Physical security management

We use personal information to administer and manage physical security, including controlling and enabling access to our premises and physical assets.

Maintaining business records

We use personal information in connection with maintaining business records, including by storing staff communications, records, and work products, including as necessary or appropriate to operate our business.

Monitoring

We use personal information in connection with our monitoring activities, such as where we monitor for compliance with our policies provided to you and to take action against personnel who violated these policies, including through monitoring of IT and telephony usage and communications, checking which apps and files you use and which websites you visit and checking email addresses to which emails are sent and the content of the email (as permitted by local law), as well as how long you spend on different tasks online and monitoring of the physical premises (e.g., via CCTV or badge access data) solely to the extent permitted by applicable law, for purposes including to ensure that our systems and premises are used primarily for business purposes, have sufficient capacity for the needs of the business and are protected against cybersecurity threats such as malware and to efficiently manage our staff and their working time to ensure adherence to attendance rules and to

facilitate performance improvement.

Emergency management

We use personal information in managing and responding to emergencies, including by contacting emergency contacts, family members, dependents, or other individuals in the event of an emergency.

Complying with our legal obligations or where necessary for exercising, establishing or defending legal claims

We use personal information to comply with our legal obligations and to exercise, establish, or defend legal claims. This may include the disclosure of your personal data to third parties in connection with proceedings or investigations anywhere in the world, such to public authorities, law enforcement agencies, regulators and third party litigants.

When changing our business structure

We may use personal information when changing our business structure, such as in the event of a business sale or corporate restructuring, where we may disclose your personal data to any potential acquirer of, or investor in, any part of our business (and to their legal advisors and consultants) for the purpose of that acquisition or investment. If required by applicable laws, we will obtain your express consent prior to disclosing your personal information to any such third party.

Surveys and marketing activities

We may use personal data in connection with carrying out employee surveys, developing and carrying out marketing activities for products and services of the company (including introducing client referral programs), subject to our obtaining your consent where we are required to do so by applicable laws.

Marketing and public relations

We may use your image in photographs / video footage, in newsletters, on websites, in social media and intranet posts, in promotional materials sent electronically or in print, obtaining your consent where we are required to do so by applicable laws.

How long do we use your personal information

We will use your personal information for as long as necessary based on the purpose we collected it for. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

You can contact us for details of the retention periods applicable to your personal information. In general terms, we will retain your personal information for the duration of the recruitment process and/or your contract with us, and as long as necessary to comply with our legal, regulatory, accounting, and reporting requirements and to defend against legal claims. There are also certain types of information which are required to be retained for a certain period by law.

When personal information is no longer needed, we will destroy or remove information that makes it personally identifiable in accordance with applicable law and our data retention policies.

Who we share your personal information with

We may share your personal information for any of the following for purposes, consistent with this HR Privacy Statement, and to the extent required or permitted by law:

• any third party where we are required by law to do so (such as tax authorities and similar government authorities)

• credit reference agencies

• customers or potential customers, as part of the normal operation of our business

• other employees in staff directories

• fraud protection and risk management agencies

• identification and information verification agencies

• third party vendors engaged to host, manage, maintain and develop our IT systems;

• our professional advisers, including lawyers and auditors

• any third party that you have given us permission to use including healthcare providers

• vendors we use to supply services in connection with the management of HR operations, including the administration of staff payroll, benefits, or otherwise in connection with our engagement with you

• social media providers for the publishing of your image in photographs / video footage on social media accounts

• potential buyers, transferees or merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Gloo’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it (subject to our obtaining your consent where we are required to do so by applicable laws)

Your rights and choices

In some jurisdictions under applicable laws may provide certain rights to individuals regarding their personal information, such as:

• Access. You may ask us if we are holding or processing your personal data and, if so, for a copy of the personal data we hold about you.

• Correction. If any personal data we hold about you is incomplete or inaccurate, you can request that we correct it, though we may need to verify the accuracy of the new data you provide to us.

• Deletion. You may ask us to delete or remove personal data where permitted.

• Restriction. You may ask us to suspend our use of your personal data in certain scenarios provided by law.

To submit a request to exercise any such rights, if applicable, please use our Data Subject Rights request form. You may also send us an email at the email listed below. We may not be required to honor your request in all circumstances, and we will provide you with an explanation if we do not grant your request.

Protecting your personal information

We have implemented measures intended to protect your personal information from unauthorized access, use, or disclosure. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. In the event that we are required by law to inform you of a breach to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

The safety and security of your information also depends on you. You are responsible for keeping your account information and password secure and you should notify us of any unauthorized use of your account promptly.

Complaints

If you have a complaint about our handling of your personal information, you may contact us at the information listed below. Please provide details about your concern or complaint so that our data protection officer can investigate it. We will take appropriate action in response to your complaint, which may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint.

CHANGES TO THIS PRIVACY STATEMENT

We may update this HR Privacy Statement from time to time to reflect changes to our practices, technology, legal requirements, and other factors. When changes are made to this HR Privacy Statement, they will become effective immediately upon posting. You can check the date at the bottom of this page to see when this HR Privacy Statement was last revised. We encourage you to review this HR Privacy Statement periodically for the latest information on our information processing practices.

To the extent that our HR Privacy Statement changes in a material way, the HR Privacy Statement that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent (express or implied) to the new HR Privacy Statement where and as required by applicable law.

CONTACT INFORMATION

If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.

Data Protection Officer

Gloo, LLC

831 Pearl Street

Boulder, CO 80305

privacy@gloo.us

Effective Date: February 7, 2025

Last Revised Date: February 7, 2025

Addendum - HR Privacy Notice for California Employees, Contractors and Candidates

Effective Date: February 7, 2025

California law requires that we provide you with this notice about the collection and use of your personal information. We encourage you to read it carefully.

This notice (“Notice”) describes the categories of personal information that Gloo, LLC (“Company”, “we”, “us” and “our”) collects about our employees, contractors, and/or candidates who are California residents, and the purposes for which we use that information in connection with our HR operations. For purposes of this Notice, “personal information” has the meaning given in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the “CCPA”) but excludes information exempted from the CCPA’s scope. This Notice does not create or form part of any employment contract. If you have questions about this Notice, please contact us at privacy@gloo.com. The information below summarizes our collection, use and sharing of Personal Information during the last 12 months.

Categories of personal information we collect

• For a description of personal information collected, see our HR Privacy Statement above.

• In certain cases we may ask you for additional information for purposes of monitoring equal opportunity and/or complying with applicable laws. We may also inquire about criminal records. We will do so only where permitted by applicable law.

Sources of personal information

• For a description of sources of personal information, see our HR Privacy Statement above

 Purposes for which we use personal information

• For a description of data used, see our HR Privacy Statement above.

Sharing personal information

• For a description of sharing of data, see our HR Privacy Statement above.

Your California privacy rights

If you are a California resident, you have the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by the CPRA.

• Information.You can request the following information about how we have collected and used your Personal Information for the applicable period of time.

• Access. You can request a copy of the Personal Information that we maintain about you.

• Correction. You can ask us to correct inaccurate Personal Information that we maintain about you.

• Deletion. You can ask us to delete the Personal Information that we maintain about you.

• Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as by denying you goods or services, increasing the price/rate of goods or services, decreasing the service quality, or suggesting that we may penalize you as described above for exercising your rights.

How to exercise your California privacy rights

If you are a California resident, you may exercise your access, correction, and deletion rights by submitting a request via our Data Subject Rights request form

Your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

If you are a California resident, a person authorized to act on your behalf may make a verifiable request related to your personal information. If you designate an authorized person to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent permission to make a request on your behalf.

Sale or Sharing of Personal Information for cross-context behavioral advertising

We have not sold or shared, as those terms are defined in the CCPA, your Personal Information in the past 12 months.

Other information about this Notice

Third parties

This Notice does not address, and we are not responsible for, the practices of any third parties, which have their own rules for how they collect and use your personal information. Our links to third party websites or services are not endorsements.

Changes to this Notice

We reserve the right to change this Notice at any time. The “Effective Date” heading at the top of this Notice indicates when it was last revised. Any changes will become effective when we post the revised notice on our intranet or website.

Your obligations

It is your responsibility to ensure that information you submit does not violate any third party’s rights. You should keep your personal information on file with the Company up to date and inform us of any significant changes to it.