TIBCO Software Inc. ("TIBCO") has reviewed the privacy and security requirements related to the protection and processing of individual personal data (collectively, the "Protected Data") as implemented by various international (the United States and elsewhere in the world) acts, legislation, laws and directives and has developed policies and procedures to ensure that TIBCO is compliant to the extent TIBCO is exposed to customer Protected Data during the provision of services by TIBCO related to the TIBCO Software products. These policies and procedures are in place to ensure the protection of the integrity and confidentiality of any Protected Data, beyond that which TIBCO would normally have in place to meets its obligation of confidentiality with respect to safeguarding customer confidential information.

During the normal course of operations, TIBCO does not maintain, process or utilize active customer Protected Data during the provision of services related to the TIBCO Software and only accesses such customer Protected Data while on customer premises via the customers own networks and systems during the provision of consulting services.

Maintenance Services: TIBCO may take possession of customer Protected Data in the course of providing maintenance services to its customers, where a problem report related to the TIBCO Software is submitted by the customer as part of a service request to the TIBCO Technical Assistance Center. In such cases the Protected Data is either immediately de-identified, or is stored in a secured and safe location. TIBCO has acceptable levels of encryption and passwords to protect email and its own internal systems.

Consulting Services: In cases where TIBCO is exposed to customer Protected Data while on-site performing consulting services related to the TIBCO Software, such TIBCO personnel are not authorized to retain Protected Data in whole or part, or in any form (printed paper, an electronic file on a TIBCO laptop, for example), to disclose Protected Data to third parties or allow Protected Data to leave the customer premises, systems or networks either physically or electronically.

Remote access by TIBCO personnel to networks or systems of customers who maintain, process or utilize active Protected Data in connection with their implementation of TIBCO Software is strictly prohibited unless the customer can guarantee such access will not include inadvertent exposure or the introduction of customer Protected Data into TIBCO's networks or systems.

All TIBCO personnel are required to sign a confidentiality agreement, assuring that customer confidential information will not be disclosed and is otherwise treated in as protective or restrictive a manner as TIBCO's own most sensitive and trade secret information and data. TIBCO has a form Business Associate Agreement which complies with the requirements defined as defined in the Health Insurance Portability and Accountability Act (HIPAA) for use in Healthcare or related industries for the protection of PHI during the provision of Maintenance Services. TIBCO ensures that its contractors or other third party vendors and suppliers who may be exposed or have access to customer Protected Data during the provisions of services to TIBCO agree to terms and conditions as protective of customer Protected Data as those set forth in this Customer Privacy and Security Statement.