Polk E.U. Safe Harbor Privacy Policy

1. Overview - Polk pledges to conduct its business according to the European Union (EU) Safe Harbor Principles and the Frequently Asked Questions (FAQ's) issued by the US Department of Commerce on July 21, 2000
(see http://www.export.gov/safeharbor). Polk serves as a processor of certain human resources personal information stored on behalf of Polk subsidiaries located in the member states of the EU. Polk does not own or control any of the information it processes on behalf of its subsidiaries. All such information is owned and controlled by such Polk subsidiaries. Polk receives information transferred from the EU to the US merely as a processor on behalf of such companies.

Polk has designated its Human Resources Business Partner as the primary person who is responsible for Polk's compliance with and enforcement of this Policy. With the cooperation and assistance of appropriate staff and operating people, the Human Resources Business Partner will oversee Polk's compliance with this Privacy Statement, including the adoption of supporting policies and monitoring and reporting systems, and will provide reports as appropriate to management. Polk is committed to educating its employees in the US about the issues, guidelines, and laws surrounding compliance with EU Safe Harbor. Polk's internal Corporate Legal Department is available to any employee who may have questions concerning Polk's EU Safe Harbor Policy or data security practices. Relevant contact information is provided herein.

2. Polk as a Processor on Behalf of Polk Subsidiaries - On behalf of the Polk subsidiaries located in the member states of the EU ("Polk Subsidiaries") Polk processes non-public personal information collected in connection with the employment relationship between a current or former employee or job applicant and a Polk Subsidiary ("HR Data"). The Polk Subsidiaries collect and use HR Data in compliance with the applicable EU Member State Data Protection Law and in connection with legitimate employment and business related purposes, including but not limited to, time reporting and attendance, job information, internal cost assessments, appraisal management, and training and development. The Polk Subsidiaries do not request or gather information regarding political opinions, religious or philosophical beliefs, trade union membership, or sexual preference. To the extent the Polk Subsidiaries collect and maintain information that is "Sensitive Data" under the EU Member State Data Protection Law, Polk, as the processor, will protect, secure and use that information in a manner consistent with this Policy. The Polk Subsidiaries are the sole owners and data controllers of HR Data. The Polk Subsidiaries create both electronic data records and hard copy HR information for each of their respective employees. The Polk Subsidiaries will have access to and use of such HR Data at all times. Polk serves as a processor of HR Data on behalf of the Polk Subsidiaries because it will provide (a) computer system support to the Polk Subsidiaries and will therefore have access to any information stored in the central computer system serving the Polk Subsidiaries, and (b) statistical and analytical services to the Polk Subsidiaries in an effort to assist the Polk Subsidiaries make legitimate employment and business related decisions. Polk shall only process and use HR Data for the benefit of the applicable Polk Subsidiary in connection with such company's legitimate employment and business related purposes. HR Data will be processed by Polk at its corporate offices in Southfield, Michigan. For disaster recover or other data security purposes, a copy of all HR data maintained in an electronic format will be maintained at a non-affiliated third party facility under contract with Polk, which contract contains terms and conditions consistent with this Policy.

Any HR Data processed by Polk will not be further disclosed to third parties except where permitted by the Polk Subsidiaries, the EU Safe Harbor and this Policy, or the applicable EU Member State Data Protection Law. Polk has in place measures to protect HR Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

3. Notice - Prior to the transfer of any HR Data from the EU to the US, Polk requires each Polk Subsidiary, as data controller, to certify that the HR Data has been provided to Polk in accordance with the applicable EU Member State Data Protection Law. This ensures that the data subjects have been provided with proper Notice regarding how their personal data will be used

4. Choice - Prior to the transfer of any HR Data from the EU to the US, Polk requires each Polk Subsidiary, as data controller, to certify that the HR Data has been collected in accordance with applicable EU Member State Data Protection Law. This ensures that the data subjects have been provided, if required, with the proper Choice regarding how their personal data may be used

5. Data Integrity - Polk requires that the Polk Subsidiaries take reasonable steps to assure that the information, which is transferred from the EU to the US, is reliable for its intended use, accurate, complete, and current. Polk will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Polk Subsidiaries

6. Onward Transfer - Polk complies with the notice and choice principles as described above for all data that is disclosed or transferred to a third party. In those situations where Polk uses data processors to perform processing tasks on behalf and under the instruction of Polk, Polk requires that its data processors either enter into a written agreement with Polk requiring them to provide the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Data Protection Directive, or seek EU Safe Harbor status itself. Where Polk has knowledge that any such third party is using or disclosing HR Data in a manner contrary to this Policy, Polk will take reasonable steps to prevent or stop the use or disclosure. Polk holds its third party vendors accountable for maintaining the trust our employees place in our company.

7. Security - Polk will take reasonable precautions to protect HR Data in its possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Polk uses physical and electronic security measures to protect HR Data. Polk limits access to HR Data to those persons in Polk's organization that have a specific business purpose for maintaining and processing the HR Data, or approved third party vendors that are involved in the processing of the HR Data. Individuals who have been granted access to HR Data will be made aware of their specific responsibilities to protect the security, confidentiality, and integrity of the HR Data, and will be provided training and instruction on how to do so. Polk's Chief Information Officer is responsible for conducting investigations into any alleged computer or network compromises, incidents or problems, and Polk's Human Resources Business Partner is responsible for ensuring the proper disciplinary action is taken against those who violate Polk's Safe Harbor Security Policy.
Individuals who or have questions regarding the security measures used by Polk should send a communication in English in writing to:

R. L. Polk & Co.
Safe Harbor Inquiry
ATTN: Human Resources
26533 Evergreen Road, Suite 900
Southfield, Michigan 48076 USA
(248) 728-7502 (fax)

8. Access - In order to verify the accuracy of information held on them, employees of the Polk Subsidiaries may make a request to their respective Human Resources Representative or Polk for access to the HR Data maintained and stored on them. The Polk Subsidiaries will certify to Polk that they will comply with local regulations to ensure that the EU employees have access to such information as is required by law in their home countries. Polk will cooperate in providing such access either directly or through the applicable Polk Subsidiary. If a request is made directly to Polk and a Polk Subsidiary notifies Polk that such access should be denied, Polk will require the Polk Subsidiary to provide such employee with an explanation of why it has made that determination and a contact point for further inquiries. To the extent access will be granted, access will be provided only to the extent Polk stores the information and such employee will not have access to the actual database, but will receive a disclosure from Polk on the information maintained on them.
Polk may charge a reasonable fee for access to the HR Data, and may set reasonable limits on the number of times within a given period that access requests from a particular individual will be met.
Individuals who wish to make a request for access to Polk must send such request in English in writing to:

R. L. Polk & Co.
Safe Harbor Inquiry
ATTN: Human Resources
26533 Evergreen Road, Suite 900
Southfield, Michigan 48076 USA
(248) 728-7502 (fax)

Subject to the limitations noted above, Polk agrees to process all reasonable requests for access with a reasonable time period, but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual's privacy or in the case of a vexatious or fraudulent request.

9. Enforcement - Polk will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy and the US Department of Commerce Safe Harbor Principles. Any employee that Polk determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

10. Inquiries and/or Dispute Resolution - Individuals who wish to file a complaint or make an inquiry regarding the use or disclosure of their HR Data should send such communication in writing in English to:

R. L. Polk & Co.
Safe Harbor Inquiry
Attn: Human Resources
26533 Evergreen Road, Suite 900
Southfield, Michigan 48076 USA

Polk will investigate and attempt to resolve complaints and disputes in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Polk and the complainant, Polk has agreed to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles. Polk is also subject to the jurisdiction of the US Federal Trade Commission.

11. Changes to This Safe Harbor Privacy Policy - The practices described in this Policy are current as of September 8, 2004. Polk reserves the right to modify or amend this Policy at any time consistent with the requirements of the Safe Harbor Principles. Appropriate notice will be given concerning such amendments.