Data Privacy

EFFECTIVE: May 21, 2018



1.1 Virtek Vision International[1] (“the Company”) will follow the principles in this Policy regarding the collection, use, storage, transfer, and destruction of “Personal Information” by the Company or its agents (as defined below). The Company will adhere to legal and contractual requirements for protecting Personal Information.


2.1 This Policy applies to Virtek Vision International as well as all of its operating companies, employees, agents and contractors working on its behalf worldwide. The Company will extend this Policy to third parties that access and/or process Personal Information on its behalf.

2.2 For Personal Information collected in the European Union (“EU), this Policy is intended to address compliance with the EU’s General Data Protection Regulation (“GDPR”), effective May 25, 2018.

2.3 In accordance with the law of the State of California, U.S.A., California residents may request and obtain information (if any) that the Company shared within the prior calendar year with other businesses for direct marketing use (as defined by California’s “Shine the Light Law”), using the contact information provided in this Policy.

2.4 In accordance with Connecticut, U.S.A. law, Virtek Vision International protects the confidentiality of, prohibits the unlawful disclosure of, and limits access to Social Security numbers (“SSNs”). The Company does not intentionally communicate SSNs to the general public, print SSNs on any document required for an individual to access products or services, require an individual to transmit SSNs over an unencrypted electronic connection, or require an individual to use SSNs to access a Virtek Vision International Internet or Intranet web site unless a password or other unique identifier is also required.


3.1 "Agent" means any third party that controls or processes Personal Information to perform tasks on behalf of and under the instructions of Virtek Vision International.

3.2 “Data Breach(es)” is any set of circumstances that involves actual or a reasonable possibility of unauthorized access to or possession of, or the loss or destruction of Personal Information. The circumstances contributing to a breach may be unintentional or accidental and the access, loss, or destruction may be confirmed or only suspected. Personal Information can be lost or destroyed in many ways, such as by stolen computer hardware (e.g., laptops), physical destruction or compromise due to natural disaster or accidents (e.g., flood of an office, destroying the only copy of certain records); and inability to access the only copy of data on a server if there is no anticipated resolution or the inability to access lasts for more than a week. Data Breaches can include unauthorized access, possession or denial of service at a third party.

3.3 “Personal Information” means information relating to an identified or identifiable natural person, regardless of the medium in which the information is collected, processed, or transferred. The term includes Sensitive Personal Information. The term includes information about a Virtek Vision International director, employee, contractor, contract laborer, customer, supplier, or other third parties. Anonymous, pseudonymized, or aggregate information used for statistical, historic, and scientific or other purposes is excluded. The term includes information collected, processed, and/or transferred in any format, including but not limited to hard copy, electronic, video recording, and audio recording.

3.4 “Sensitive Personal Information” is a subset of Personal Information and means information relating to an identified or identifiable person that involves racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; health; sexual preference; sex life; or the commission or alleged commission of any crime.


4.1. Compliance with Laws and Regulations: Virtek Vision International complies with laws and regulations applicable to its operating units worldwide that relate to the protection of Personal Information. Local laws, regulations, and other pertinent restrictions will apply to the extent of any conflicts with this Policy. The GDPR shall govern in the event of any conflict with this Policy.

4.2 Collection, Use, and Retention of Personal Information:

4.2.1 Virtek Vision International collects, uses, and retains Personal Information only as necessary and appropriate for legitimate business and legal purposes, ensuring that the collection, processing, and transfer of Personal Information are adequate, relevant, and not excessive in relation to the purpose or purposes for which the information is processed.

4.2.2 Collection and uses by the Company of the Personal Information of directors, employees and third parties include the collection and use of Personal Information described in detail in Exhibit 1. In some cases, such as with human resources data, the data are necessary in order for Virtek Vision International to manage employment relationships and contractual agreements regarding pay and benefits.

4.2.3 The Company does not keep Personal Information for longer than needed for the purpose(s) for which it was collected, unless otherwise required by law or with the data subject's consent;

4.3. Notices:

4.3.1 When Virtek Vision International collects Personal Information directly from individuals, it informs them about the purposes for which it collects and uses Personal Information about them, the types of agents to which the Company discloses that information, and the choices and means it offers for limiting its use and disclosure. The Company identifies the purposes for which it is collecting Personal Information and does not process the Personal Information for any incompatible purpose(s) unless supported by the consent of the individual data subject, a legal obligation, a threat of physical harm, or another legitimate interest recognized by law.

4.3.2 Notice is provided in clear and conspicuous language when individuals are first asked to provide such information to Virtek Vision International, or as soon as practicable thereafter, and in any event before the Company uses the information for a purpose other than that for which it was originally collected. Privacy notices shall be accessible to data subjects and posted online, whenever practicable;

4.3.3 Virtek Vision International provides appropriate notices regarding individuals’ rights of access, correction, and updating. The Company ensures that an individual is given the chance to discuss the results of any automated decision-making (such as employee background checks) before any negative action is taken based on that decision-making;

4.3.4 Virtek Vision International sees the Internet and the use of other technologies as valuable tools for communicating and interacting with employees, customers, business partners, and others. The Company recognizes the importance of maintaining the privacy of information collected online and has created specific Internet privacy policies for its websites, which govern the treatment of Personal Information collected through web sites that it operates. With respect to Personal Information that is transferred from the EEA, each website privacy policy is subordinate to this Privacy Policy. The Company ensures that each of its online websites (both external/www. and internal/intranet) that collect Personal Information provides a privacy notice. The privacy notice identifies:

  1. The Personal Information that is collected;
  2. The purpose(s) for which that Personal Information is collected;
  3. The ways that Virtek Vision International uses Personal Information;
  4. Use of “cookies” or other tracking devices by external-facing websites and, if used, how to reconfigure the browser to decline the cookies;
  5. Third parties with whom Virtek Vision International shares the information;
  6. The choices provided to individuals, the means for limiting collection, use, and disclosure of Personal Information, and the consequences of those choices; and
  7. How to contact Gerber with questions or complaints about privacy matters concerning the website or to correct/update Personal Information already provided.

4.3.5 Each privacy notice is reviewed by the system owner at least once every three years to ensure that it is current and accurate. Where required by law, Virtek Vision International ensures that Sensitive Personal Information is collected online only with an individual’s explicit consent, via a meaningful opt-in approach, and is appropriately protected against improper use.

4.4 Consent:

4.4.1 Depending on the location in which the data subject lives, local laws may require that the data subject give specific consent for the collection, use and disclosure of Personal Information for some of the purposes described in Exhibit 1. Individuals who opt-in are notified of the process to follow in exercising this choice.

4.4.2 Where required, Virtek Vision International asks for consent by appropriate and permitted means. The Company offers individuals the opportunity to opt-out of providing Personal Information if it is to be (1) disclosed to an Agent, or (2) used for a purpose other than the purpose for which it was originally collected or subsequently authorized. It may occasionally inform individuals of offers available from selected non-agent third parties. For Sensitive Personal Information, it gives individuals the opportunity to affirmatively and explicitly opt-in prior to (1) disclosing the information to a non-agent third party, or (2) using the information for a purpose other than the purpose for which it was originally collected or subsequently authorized. The Company offers appropriate opportunities to opt-out when using Personal Information for direct marketing;

4.5 Access & Correction:

4.5.1 Virtek Vision International takes reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.

4.5.2 As described in Exhibit 2, Virtek Vision International grants individuals reasonable access to their Personal Information. In addition, the Company takes reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. In addition, the data subject has the right to object to data processing as well as the right to data portability. If explicit consent has been provided for the processing of data, then the data subject has the right to withdraw that consent at any time.

4.6 Data Security:

4.6.1 Virtek Vision International takes reasonable precautions to protect Personal Information in its possession from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. The Company’s computer networks and systems, including Internet and Intranet-based applications, are designed to protect Personal Information from unauthorized access, loss, disclosure, or use. Personal Information is made available within the Company only to those persons who possess a business need-to-know.

4.6.2 Virtek Vision International maintains systems and procedures to assure the security and integrity of Personal Information, whether provided by employees, generated by the Company and its operating companies or otherwise provided by agents or third parties. These measures include reasonable restrictions upon physical access to hard copy records containing Personal information and the storage of such records in locked facilities, storage areas, or containers.

4.6.3 The security program identifies and assesses reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any records containing personal information, and evaluates and improves, where necessary, the effectiveness of the current safeguards for limiting such risks. The program includes:

  • Ongoing employee (including temporary and contract employee) training;
  • Means of ensuring employee compliance with security program policies and procedures;
  • Means for detecting and preventing security program failures;
  • Security policies for employees relating to the storage, access, and transportation of records containing personal information outside of business systems or premises;
  • Disciplinary measures for violations of security program rules;
  • Means of preventing terminated employees from accessing records;
  • Regular monitoring to ensure that the security program is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of Personal information, and upgrading information safeguards as necessary to limit risks;
  • Annual reviews of the scope of security rules and more often when there is a material change in business practices that may reasonably implicate the security or integrity of Personal Information;
  • Documentation of responsive actions taken in connection with any incident involving a breach of security, and mandatory post-incident review of events and actions taken, if any, to make changes in business practices relating to the protection of personal information; and
  • Procedures for sanitization and destruction of storage or other media removed from service, prior to disposal.

4.6.4 Virtek Vision International periodically reevaluates these measures to ensure they remain current, reasonable, and appropriate.

4.6.5 Virtek Vision International does not transfer Personal Information from one country to another or from one legal entity to another unless properly supported by law and under appropriate security measures for the data while in transit and in storage;

4.6.6 Virtek Vision International ensures that handling of employees’ and third parties’ Personal Information is consistent with the relevant Privacy Notice for the information in question, subject to local supplement or amendment to ensure compliance with local law.

4.6.7 Virtek Vision International takes proper care of personal government-issued identification numbers by protecting the confidentiality, limiting collection, ensuring access on a need-to-know basis, implementing appropriate safeguards, including but not limited to encryption, and ensuring proper disposal in accordance with Virtek Vision International’s document and data retention policies and practices;

4.7 Data Breaches:

4.7.1 Virtek Vision International maintains and implements a Data Breach response plan to respond to and remediate any actual data breaches, and discloses breaches involving Personal Information, as appropriate and as legally required.

4.8 Transfers of Personal Information To Third Parties:

4.8.1 Personal Information is used by and shared among Virtek Vision International entities, agents (e.g., IT and other professional and nonprofessional services, benefit plan sponsors and administrators, etc.), applicable government organizations and agencies, and third parties as permitted or required by law, regulation, or court order. Virtek Vision International shares Personal Information with companies Virtek Vision International acquires and transfers and to effect the divestiture of companies Virtek Vision International divests.

4.8.2 If services by a third party to Virtek Vision International involve access to Personal Information, third parties are selected and managed so that they are capable of maintaining appropriate security measures to protect such information, and are required by contract to implement and maintain appropriate security measures. Virtek Vision International enters into a written agreement obligating third parties that collect, process, access, or possess Personal Information on behalf of Virtek Vision International to follow this Policy or equivalent requirements. Virtek Vision International obtains assurances from the transferee(s) that they will safeguard Personal Information consistently with this Privacy Policy. Examples of appropriate assurances include: a contract, agreement, or relevant provision obligating the agent to provide at least the same level of protection as is required by the relevant the Company’s security standards; EU/US Privacy Shield certification by the agent; or being subject to an adequacy finding by the EEA/European Commission.

4.8.3 Virtek Vision International and its operating units execute and maintain the model clauses (also called the standard contractual clauses) adopted by the European Commission as an authorization for the transfer of Personal Information from the EEA to the U.S. Virtek Vision International and its operating units comply with the requirements of the model clauses for intra-company transfers.

4.8.4 Where Virtek Vision International has knowledge that a transferee is using or disclosing Personal Information in a manner contrary to this Policy, Virtek Vision International takes reasonable steps to prevent or stop the use or disclosure, up to and including termination of our contractual or other business relationship with the agent.

4.9 Privacy Risk Assessment:

4.9.1 Virtek Vision International maintains an effective privacy risk assessment process to evaluate Company-wide risks and to develop appropriate mitigation plans. The Privacy Risk Assessment process reviews Virtek Vision International’s overall collection, processing (including storage and destruction), and transfer of Personal Information and is updated as needed.

4.9.2 Whenever Virtek Vision International or an operating unit seeks to implement a new or modified system, or use a new or modify the use of a third party to collect, process, or transfer Personal Information, a written Privacy Impact Assessment is completed before adoption of the new or modified process or new or modified use of the third party. A Privacy Impact Assessment must be completed only for systems or service providers that collect, process, or transfer Personal Information and for the launch of a new system or service provider or substantial modification of a system or use of the service provider involving Personal Information.

4.10 Governance & Training:

4.10.1 Virtek Vision International ensures that individuals who in any material way are involved in the collection, use, and storage of Personal Information, including designing, modifying, or managing automated systems, are trained to identify privacy concerns, to receive privacy complaints, and to forward both to the appropriate resources for review and resolution. Virtek Vision International's privacy compliance governance is exercised as described in Exhibit 3.

4.10.2Virtek Vision International ensures that all professional staff and employees who handle Personal Information as an integral part of their responsibilities receive periodic training on data privacy and security.

4.10.3Education and training are provided to all employees on the proper use of the computer security systems and the importance of information security, e.g., limiting collection and storage of unneeded information; use of encryption; restricting access to drives, folders, and files; recognizing risks to information security posed by file sharing programs.

4.10.4 Virtek Vision International has a strategic communications plan to raise awareness and educate employees and third parties, as appropriate, regarding data privacy and security.

4.10.5Virtek Vision International conducts internal self-assessments and has a hotline in place for the receipt of confidential reports of violations of this Privacy Policy. This is to verify adherence to this Policy.

4.10.6Virtek Vision International enforces this Policy and any implementing procedures. Failure to adhere to this Policy or its implementing procedures may lead to disciplinary action for employees, up to and including dismissal, and termination of its contractual relationship with Virtek Vision International for third parties.


5.1 Questions or concerns from persons regarding a particular website or system should be addressed to the contact listed in the privacy notice provided on that website or system.

5.2 Requests for access or correction from employees should be addressed to their local Human Resources representative, in accordance with Exhibit 2.

5.3 Complaints or questions regarding compliance with this Policy should be directed to:

  • By mail:

SVP, Global Human Resources
Virtek Vision International, LLC
24 Industrial Park Road West
Tolland, CT 06084 USA

  • Telephone: +1.860.870-2804
  • Via Virtek Vision International’s EthicsPoint hotline @ 1-866-384-4277 or submitted electronically through the secure, encrypted internet connection at
  • Via email to
  • Within the EU, you may also contact Manuela Salgado, Director of Resources – EMEA at , by phone at +351 22 6197 878, or by mail at Gerber Scientific International, Sistemas Computorizados Lda. Rua 28 de Janeiro, 350-Edifício C - Fracção 3-4400-335 Vila Nova de Gaia, Porto- Portugal.
  • Information requested under the California “Shine the Light” law should be requested via email to with “California Shine the Light Privacy Request” in the subject line as well as in the body of the message.


  1. 1. Virtek Vision International amends this Policy as needed to conform to changes in pertinent laws or regulations. Appropriate notice of amendments is provided.


Exhibit 1 - Types of Personal Information We Collect & Use

The types of Personal Information Virtek Vision International collects and shares depend on the nature of the individual’s relationship with Virtek Vision International (e.g., officer, employee, applicant for employment, website visitor, customer, supplier, other third parties) and the provisions/restrictions of applicable laws. Examples of this information and its uses include:

  • Management and employee communications and notices;
  • Maintenance of employee biographies, curriculum vitae, and similar information;
  • Emergency contacts;
  • Global enterprise headcount and demographics;
  • Career development, performance feedback, and progression;
  • Succession planning;
  • Compensation and benefits;
  • Establishment and administration of employee benefits and benefit plans;
  • Rewards and recognition;
  • Travel and expense reimbursement, including travel and/or credit card administration;
  • Training;
  • Relocation;
  • Tax reporting and withholdings;
  • Payroll administration, including deductions, contributions, etc.;
  • Enterprise Resource Planning (ERP) systems;
  • Planning and provision of health services, including drug screening, processing of workers’ compensation or similar health and safety programs;
  • Personal security, including access controls and security for computer and other systems;
  • Reporting and statistical analyses;
  • Personnel transactions, including tenure with the Company, hire/start date of employment, termination date, and other transaction dates such as promotion, salary increase, etc.;
  • Legal and regulatory reporting and other requirements, including right-to-work screening, workplace environment, health and safety reporting, and administration;
  • Visas, licenses and other right-to-work authorizations;
  • Management of litigation and related discovery/e-discovery issues;
  • Import, export, and other trade compliance controls, including automated information technology controls;
  • Sanctions screening, including screening of the U.S. Entity List, Specially Designated Nationals and Blocked Persons List, Denied Persons List, and the Unverified List, and similar lists maintained by the U.S. and other countries;
  • Internal and external investigations, including management reviews and audits of the status of Virtek Vision International’s compliance with laws and regulations in all the places in which we do business; audits and reviews of the status of employee’s compliance with laws, Virtek Vision International’s Code of Ethics and Business Conduct and Company policies; online and telephonic contacts with Virtek Vision International’s reporting hotline;
  • Internet, intranet, e-mail, social media, and other electronic screening;
  • Law enforcement and other government inquiries;
  • Business planning, including the prosecution of mergers, acquisitions, and divestitures, including the acquisition of Personal Information from an acquired company and transfers of Personal Information to a divested company;
  • Identification of persons via photographs or other likenesses, including facial recognition;
  • Location tracking, duration, and other telematics of certain Virtek Vision International assets;
  • Time collection and allocation;
  • Data mining for internal Company management purposes;
  • Biometrics;
  • Data supplied to vendors providing benefits;
  • Physical and information technology security monitoring;
  • Data backup and recovery; and
  • Automated information technology threat assessments and response;
  • Given and Family names, including suffixes;
  • Middle name(s);
  • Preferred name;
  • Country of birth;
  • Citizenships held (past and present);
  • U.S. and another country permanent resident and/or asylee status;
  • SMTP address;
  • Place of work, including street mailing address and other pertinent contact information;
  • Home address and other pertinent contact information;
  • Supervisor identifier;
  • Job-related information such as title, department, job function, title, etc.;
  • Other data to support human resources applications;
  • Management reports and data mining (usually anonymized and not containing individually identifying data);
  • Computer asset location & billing data, including computer location;
  • For third parties resident in Virtek Vision International business locations, identification of persons via photographs or other likenesses, including facial recognition; location tracking, duration, and other telematics; biometric data; forensics analysis; physical and information technology security monitoring; sanctions screening and automated information technology threat assessments and response;
  • E-mail message content (end-user controlled);
  • Message attachments (end-user controlled);
  • Public folder content (local administrator supplies folder permissions);
  • Web page address;
  • Instant Messaging address;
  • Authorizing, granting, administering, monitoring and terminating access to or use of Virtek Vision International systems, facilities, records, property, and infrastructure;
  • Administration of customer and supplier contracts and agreements, joint ventures, and other business combinations;
  • Support of marketing efforts;
  • Budget planning and administration;
  • Invoice processing and payment-related purposes;
  • Training and certification of customer and supplier personnel;
  • Data collected as part of job application and hiring processes;
  • Background checks and sanctions screening;
  • Problem resolution, internal investigations, auditing, compliance, risk management, and security;
  • Conflict of interest reporting;
  • On-site injury and illness evaluation and reporting, for those who access Virtek Vision International facilities;
  • Monitoring and surveillance for industrial hygiene, public health, and safety;
  • Legal proceedings and government investigations, including preservation of relevant data;
  • As required or expressly authorized by laws or regulations applicable to our business globally or by government agencies that oversee our business globally;
  • Personal data (e.g., date of birth, day or year of birth, citizenship(s), preferred language);
  • Biographies, curriculum vitae, and similar information;
  • Organizational and institutional affiliations;
  • Professional credentials;
  • Agreements, programs, and activities in which the data subject participates(d);
  • Agreements entered into with Virtek Vision International;
  • Payment-related information, including social security number or tax identification number and bank information;
  • Communications preferences;
  • Education and training;
  • Industrial hygiene exposure assessment and monitoring information;
  • Computer or facilities access and authentication information (e.g., identification codes, passwords, address lists, etc.);
  • Photographs and other visual images of the data subject;
  • Provide investor services;
  • Communicate with you about products, services, and events relating to Virtek Vision International;
  • Improve our products, services, and websites;
  • Evaluate interest in and/or allow persons to apply for employment with Virtek Vision International;
  • Verify identity to ensure security for one of the other purposes listed here;
  • Ensure or enhance the security of Virtek Vision International’s electronic systems;
  • Protect against fraud;
  • Screen against sanctions and antiterrorism lists as required by law;
  • Respond to a legitimate legal request from law enforcement authorities or other government regulators;
  • Investigate suspected or actual illegal activity;
  • Prevent physical harm or financial loss; and
  • Support the sale or transfer of all or a portion of our business or assets (including through bankruptcy).


Exhibit 2 - Accessing & Correcting Your Personal Data

For Virtek Vision International employees and third parties who are subject to the European Union’s General Data Protection Regulation, normally within one month (subject to certain exceptions) after receipt from you (or from a competent legal representative you designate), Virtek Vision International is committed to providing you with the following:

  • Confirmation of whether, and where, Virtek Vision International is processing your personal data;
  • Information about the purposes of the processing;
  • Information about the categories of your data that are being processed;
  • Information about the categories of recipients with whom the data may be shared;
  • Information about the period for which the data will be stored (or the criteria used to determine that period);
  • Information about your rights to erasure, to rectification, to restriction of processing and to object to processing;
  • Information about your right to complain to the relevant EU data protection authority;
  • Where the data were not collected directly from you, information as to the source of the data; and
  • Information about the existence and an explanation of how automated processing is being used to process your data and/or make decisions regarding you or your data solely on the basis of automated processing.

You may request a copy of your personal data that are being processed. Copies will be provided in a structured, commonly used, machine-readable format that supports reasonable re-use in commonly-available IT systems and applications. Upon a reasonable request, Virtek Vision International will transfer your personal data from one data controller to another, store your personal data for further personal use on a private device, and/or have your personal data transmitted directly from Virtek Vision International to another controller without hindrance. This is not applicable to personal data you did not provide to Virtek Vision International directly, and Virtek Vision International is not obligated to retain your personal data for longer than is otherwise necessary or if no longer legally available.

Normally, Virtek Vision International does not charge any costs or fees for the above. However, as provided by law, we reserve the right to charge a reasonable fee for repetitive, excessive, or unfounded requests, and for additional copies.

Virtek Vision International takes all reasonable measures to ensure that inaccurate or incomplete personal data are erased or rectified. You have the right to inform Virtek Vision International of any discrepancies or inaccuracies and to rectification of inaccurate personal data.

You have the right to restrict the continued processing of your personal data if:

  • You contest the accuracy of your data (and only for as long as it takes to verify and correct the accuracy of your data);
  • The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
  • Virtek Vision International no longer needs the data for its original purpose, but the data are still required by Virtek Vision International to establish, exercise or defend its legal rights; or
  • If you have validly requested erasure or destruction of your data, but Virtek Vision International is evaluating other overriding grounds for retaining and processing your data.
  • Virtek Vision International will erase or otherwise render inaccessible your personal data when:
  • Your data are no longer needed for their original purpose (and no new lawful purpose exists);
  • The legal basis for the processing is your consent, you withdraw that consent, and no other lawful ground exists;
  • You exercise your right to object to Virtek Vision International’s continued processing of your data and the Company has no overriding grounds for continuing the processing;
  • Your data have been processed unlawfully; or
  • Erasure is necessary for compliance with EU law or the law of the relevant Member State of the EU to which you are subject.

If Virtek Vision International has disclosed your personal data to any third parties, and you subsequently exercise any of the rights described above, Virtek Vision International will notify those third parties unless it is impossible or would require a disproportionate effort. You may request the identity of those third parties. In exceptional cases where Virtek Vision International has made your data public, Virtek Vision International will take reasonable steps (taking costs into account) to inform relevant third parties.

Questions regarding the implementation of these requirements should be addressed as described elsewhere in this Policy.


EXHIBIT 3 - How We Manage Data Protection

The Information Security and Privacy Subcommittee of Virtek Vision International's Ethics & Compliance Committee is charged with evaluating Virtek Vision International's information security and privacy policies, procedures, and operations to set the strategic direction for the Company's information privacy and security programs. The subcommittee consists of senior executives from each of the following organizations: Information Technology, Human Resources, Finance, and Marketing, supported as needed by other subject matter experts when necessary.

The Subcommittee is responsible for:

  1. Assessing the inventory of Virtek Vision International's high‐risk information management programs and processes (paper and electronic) and coordinating plans to address information privacy and security weaknesses;
  2. Reviewing information security and privacy policies and standards and recommending improvements and revisions, as appropriate;
  3. Reviewing and responding to specific information security and data breaches;
  4. Serving as a resource for Company management on information security and privacy issues;
  5. Evaluating conflicts between management requirements and information security and privacy requirements;
  6. Evaluating information security and privacy staffing, training, and communication needs; and
  7. Coordinating efforts to make information security and privacy visible within the Company.

Virtek Vision International has elected not to appoint a Data Protection Officer ("DPO") having the duties and responsibilities delineated in Articles 37-39 of the GDPR. Virtek Vision International does not fall within the standards of the GDPR for mandatory appointment of a DPO. A privately-held company such as Virtek Vision International is not required under the GDPR to have a formal DPO. Our core business activities do not involve monitoring data subjects, do not infringe on those data subjects’ rights, and involve no collection or processing of "special category" personal information. We are neither a consumer products company nor one heavily reliant on the personal information collected from our employees, customers, or suppliers. We manage mainly internal employee data, mostly within the US and the EU, most of which are required for legal compliance reasons (e.g., tax, pensions, etc.). Data obtained from customers and suppliers is narrowly framed to support our business contacts and contractual relationships and not for intrusion into the personal details of third parties or other purposes not directly related to our business with our customers and suppliers. Therefore, after careful review, we determined that a DPO in Virtek Vision International would neither be gainfully occupied nor represent significant risk mitigation.

Questions regarding our program should be addressed as provided elsewhere in this Policy.


EXHIBIT 4 – Legal Entity Listing

AIP CF VI AIV Gerber (Cayman) LP

AG US Funding LLC

AG Holding (Cayman) LP

AIP G (Cayman) Ltd

Knife Holding Corporation

AG JV (Cayman) LP

AG Guarantor LLC

AG Finco LLC

AG UK Acquireco Ltd.

Gerber Scientific LLC

Gerber Technology NV

Virtek Vision International ULC

Gerber Technology SrL

Gerber Technology S.L.

Gerber Technology Sp.z.o.o.

Gerber Technology Pty Ltd.

Gerber Technology SAS

Gerber Technology LLC

Yunique Solution LLC

Gerber Scientific (Shanghai) Co Ltd.

Gerber Technology S. de R.L de C.V.

AG Holding Mexico LLC

Gerber Technology GmbH

Gerber Scientific International LDA

Gerber Coburn Optical UK

Gerber Scientific International Ltd.

Gerber Technology Ltd.

Gerber Scientific UK Ltd.

Gamma Computer Tech Co., Ltd.

Ultramark Adhesive Products Ltd.

Gerber Scientific International (Cambodia) Co. Ltd

Gerber Scientific International

Gerbertec Maroc SARL

Gerber Scientific International (Vietnam) Co., Ltd

Vector (Gerber) Lux 2, s.a.r.l.



[1] See Exhibit 4 for legal entity listing