Your privacy is important to us. This privacy statement explains what data Academic Therapy Publications, Inc., High Noon Books, and ATP Assessments ("ATP", "we", "us", or "our") collects from qualified clinicians, therapists, examiners, and other professionals ("Customer(s)", "Practitioner(s)", "you", "your") with access to personal data about their clients, students, or patients ("Examinee(s)") through our interactions with you and through your use of our products. It also explains how we use that data and what choices you have to control the use of that data. ATP offers a wide range of products and services. Please be sure to read the product-specific details in this privacy statement, which provide additional information about select products. This statement applies to ATP's interactions with you as well as any products that display this statement.

ATP collects data necessary to operate effectively and provide you the best experiences with our products and services. You provide some of this data directly, such as when you create an ATP Online account, purchase and utilize ATP products for your Examinees, sign up for and participate in research studies, submit your contact information at an industry tradeshow or ATP event, and contact us for support. We collect some of this data by recording how you interact with our products by, for example, using technologies like cookies, and receiving error reports or usage data from ATP products. You have choices about the data we collect and when you are asked to provide personal data, you may decline. But if you choose to withhold data that is necessary for us to provide a product or feature, you may not be able to use that product or feature.

The data we collect can include the following:

Name and contact data. We collect first and last name, email address, postal address, phone number, and other similar contact data.

Credentials. We collect passwords, user IDs, and similar security information used for authentication and account access.

Qualifications. We collect data necessary to determine a Practitioner's qualification level for access to select ATP products and services. This includes professional licenses or certifications and educational information.

Payment data. We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), billing address information, and the security code associated with your payment instrument.

Device and usage data. We collect data about your device and how you and your device interact with ATP and our products. For example, we collect:

• Product use data. We collect data about the features you use, the items you purchase, and the web pages you visit. This data includes your text search queries or navigation selections. This also includes the settings you select and the product and services that you use most.
• Device, connectivity and configuration data. We collect data about your device and the network you use to connect to our products. It includes data about the operating systems and browser version used to connect to our products. It also includes IP address, device identifiers, regional and language settings. In addition, we collect location data about your device derived from your IP address that may indicate where you are located by city or region.
• Error reports and performance data. We collect data about the performance of the products and any problems you experience with them. This data helps us to diagnose problems in the products you use, and to improve our products and provide solutions.
• Troubleshooting and Help Data. When you engage ATP for troubleshooting and help, we may collect additional data about you and your hardware, software, and other details required to help us resolve the issue. Such data may include contact or authentication data, the content of your communications with ATP, data about the condition of your device and software applications relevant to the fault that occurred and during diagnostics, and information about software installations and hardware configurations.

Examinee data. ATP collects data provided by Practitioners about their Examinees in order to fulfill the product or service requested by the Practitioner. ATP may also have occasion to collect data about an Examinee that is provided directly by a parent or legal guardian of the Examinee. Examples of data collected about Examinees include name, age, gender, demographic information, disability or medical conditions, educational records, name of district or school, or geographic location.

Customer Survey and Marketing Information ATP solicits information from our customers to help us understand how to direct relevant marketing information and to guide the development of our products. This information includes professional profile information and descriptions of the student populations you serve, including ages and grade levels. We don't ask for information about individual students on our survey and marketing forms.

ATP uses the data we collect to operate our business and provide you the products we offer, which includes using data to improve our products and personalize your experiences. We also may use the data to communicate with you, for example, informing you about your account, privacy and security updates, and product information. We do not use information about your Examinees to target ads to you. We never target ads to your Examinees.

Providing and improving our products. We use data to provide and improve the products we offer and to perform essential business operations. This includes operating the products, maintaining and improving the performance of the products, developing new features, conducting research, and providing customer support. Examples of such uses include the following:

• Providing the products. We use data to carry out your transactions with us and to provide our products to you. We also determine your level of access to our products based on the data we collect about your professional qualifications.
• Customer support. We use data to diagnose product problems and provide other customer care and support services.
• Product improvement. We use data to continually improve our products, including adding new features or capabilities. For example, we use error reports to improve security features, search queries and clicks to improve the relevance of the search results, and usage data to determine what new features to prioritize.
• Security, safety and dispute resolution. We use data to protect the security and safety of our products and our customers, to detect and prevent fraud, to confirm the validity of access to products and services, to resolve disputes, and enforce our agreements.
• Business operations. We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.

Communications. We use data we collect to communicate with you and personalize our communications with you. For example, we may contact you by phone or email or other means to inform you when a product deadline or expiration is approaching, discuss your account, let you know when updates are available, remind you about items left in your online shopping cart, update you or inquire about a support request, invite you to participate in a survey, or tell you that you need to take action to activate or keep your account active. Additionally, you can choose whether you wish to receive product information from ATP by email and physical mail. For information about managing your communication preferences, please visit the Product-specific Details section of this privacy statement.

Advertising. ATP does not use ATP Online data or information about your purchases on our ATP Assessments and High Noon Books websites to target ads to you unless you have given us explicit consent to do so. We do not share your data with any third parties for advertising purposes.

We may share your personal data in order to complete a transaction with an external vendor (such as our payment processing company, Authorize.net) or to provide specific functionality within our products and service offerings (such as calculating shipping rates). We may also share your personal data when required by law or to respond to the legal process, to protect our customers, to protect lives, to maintain the security of our products, and to protect the rights or property of ATP.

Practitioner data. You can view and edit your personal data online by signing into select ATP products. How you can access or control your personal data will depend on which products you use. You can also make choices about ATP's collection and use of your data. You can always choose whether you wish to receive promotional email, SMS messages, telephone calls, and postal mail from ATP.

Examinee data. Our Practitioners have primary responsibility for fulfilling Examinee access, amendment, and export requests. In most cases, our Practitioners can fulfill these requests using the built-in functionality of ATP Online. Where this functionality is not available or the customer cannot otherwise fulfill the request on their own, we will provide reasonable assistance in accordance with our policies, agreements, contracts, and applicable law.

If you have a question about accessing or controlling personal data for one of our products, please contact the ATP Privacy and Security Officer. We will respond to questions or concerns within 30 days.

Cookies are small files stored on a computer that contain data from a website. ATP uses cookies and similar technologies to enhance your experience with our websites and online services and to help us identify people who use our products. Cookies allow us, among other things, to store your preferences and settings; enable you to sign-in; combat fraud; and analyze how our websites and online services are performing.

Sign-in and authentication. When you sign into ATP Online, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page.

Security. ATP uses cookies to detect fraud and abuse of our websites and services.

Performance. ATP uses a cookie named ATP_SRVID for load balancing to ensure that ATP Online remains up and running.

Session management. ATP Online uses a cookie named JSESSIONID for session management. The ATP Assessments and High Noon Books websites use a cookie named ATPWebSessionID for session management and for tracking cart and order information.

Cookie consent notice. ATP Online uses a cookie named ATP_COOKIE_CONSENT to track your acknowledgement of the use of cookies by ATP Online.

How to control cookies. Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. Instructions for blocking or deleting cookies is available in each browser's privacy or help documentation.
Please be aware that ATP Online, the ATP Assessments website, and the High Noon Books website require the use of cookies. If you choose to block cookies, you will not be able use any ATP Online products and services that require a sign-in or that use cookies for other features such as saving to a shopping cart or ordering products.

ATP Online Accounts

With an ATP Online account, Practitioners may purchase and use select ATP products and services that match their professional qualifications.

Creating your ATP Online account. When you create a new ATP Online account for your private practice or on behalf of your employer or school, you must initially provide a first name, last name, and valid email address. You will then receive an account activation link via email. Clicking the activation link will prompt you to create a user ID and password, and complete the new account setup process. The information we collect about your organization and account preferences during new account setup is your account profile, and ATP Online assigns a unique ID number to identify your account.

Account manager and invited practitioners. When you create a new ATP Online account on behalf of yourself, a business entity, and/or other organization and complete the new account setup process, your user ID will, by default, become the account owner ("Account Manager") and your User ID will have the ability to configure account-level settings such as locations and inventory, and you may, optionally, invite other Practitioners to join the account. When inviting other Practitioners to an ATP Online account, the Account Manager will be asked to provide certain personal data about other Practitioners such as full name and email. Subsequently each Practitioner will receive an email invitation with the opportunity to setup their own unique user ID and password and to provide their own qualification information such as title, profession, certifications/licenses, education, and training. All Practitioner information (including Account Manager information) is subject to review by ATP and will determine the Practitioner's qualification level for access to select ATP products and services. The information we collect about Practitioners is saved to a Practitioner profile, and ATP Online assigns a unique ID number to identify each Practitioner.

Signing in and using ATP Online. When you sign into your ATP Online account, we create a record of your sign-in, which includes the date and time, a unique identifier assigned to your device, your IP address, your operating system, and your browser version. ATP Online also tracks your usage of the application. We use this information for auditing changes to data, for troubleshooting, and for improving ATP Online. For example, we track which products you purchase and use, and what records you add, view, or change.

Using organizational accounts. If you sign into ATP Online using an account setup by your organization (employer, school, private practice, etc.), the Account Manager may control and administer your access including your ability to sign in, your access to Examinee data, or product inventory available for your use. In addition, your use of ATP Online products and services may also be subject to your organization's data privacy and security policies, if any. ATP is not responsible for the privacy or security practices of your organization, which may differ from those of ATP. If your organization is administering your use of ATP Online, please direct your privacy inquiries to your Account Manager.

Security of personal data. ATP is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. All data being submitted to and received from ATP Online (such as credit card data, passwords, and client data) is transmitted securely using encryption.

Customer responsibility in securing personal data. Although we have taken numerous steps to ensure the privacy and security of personal data, your use of ATP Online must also be in accordance with prevailing security practices. These practices include, but are not necessarily limited to (i) securely configuring your accounts using strong and unique passwords and not sharing your authentication information, (ii) avoiding the upload of unnecessary personal data into ATP Online, (iii) exercising oversight to ensure your Practitioners are using ATP Online appropriately, (iv) training and educating your Practitioners on the importance of privacy and security; and (v) limiting information sharing by allowing Practitioners to access only the information that they need.

Where we store and process personal data. Personal data collected by ATP Online is stored and processed in the United States where ATP or its service providers maintain facilities. ATP maintains multiple data centers that are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.

Our Retention of personal data. ATP retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The criteria used to determine the retention periods include:

• How long does the personal data need to be retained in order to provide our products and operate our business? This includes such things as maintaining and improving the performance of those products, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.
• Do customers provide, create, or maintain the data with the expectation we will retain it indefinitely until they request for the data be destroyed or removed? In such cases, we maintain the data until we receive a request to delete it.
• Is the personal data of a sensitive type? If so, can we 1) reduce the retention time where feasible or 2) de-identify the data for the remainder of the retention period?
• Is ATP subject to a legal, contractual, or similar obligation to retain the data? Examples can include compliance with industry regulations such as HIPAA, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.
• Has consent been given for a longer retention period? If so, we will retain data in accordance with the consent we receive. This includes, for example, data collected for product research and development.

De-identified and aggregate Data. We may use properly de-identified or aggregate data to improve existing products, develop new products, communicate product effectiveness and outcomes, and for other related purposes. Our methods for de-identification are informed by guidance from the National Institute of Standards and Technology (NIST), the U.S. Department of Education's Privacy Technical Assistance Center, and the Department of Health and Human Services. Unless required to do so by law, we will not attempt to re-identify data that has been de-identified and, where feasible and appropriate, we will not transfer de-identified data to a third party unless they also agree not to attempt re-identification.

Breach notification. In the event of a security incident affecting our systems that involves personal data, we will take prompt steps to mitigate the breach, evaluate and respond to the incident, and notify the appropriate parties as required by applicable law.

Changes to this privacy statement. We will update this privacy statement when necessary to reflect customer feedback and changes in our products. When we post changes to this statement, we will revise the "last updated" date at the top of the statement. If there are material changes to the statement or in how ATP will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how ATP is protecting your information.

How to contact us. If you have a technical or support question, please visit the ATP Technical Support page. If you have a privacy concern, complaint, or a question please contact the ATP Privacy and Security Officer. We will respond to questions or concerns within 30 days.