AUTHOR PRIVACY POLICY 1. Introduction Harlequin Books SA

AUTHOR PRIVACY POLICY

1. Introduction

Harlequin Books S.A. (the “Company”, “we”, or “us”) are committed to protecting your privacy. This Policy explains how we collect, use and disclose the Personal Data of our contracted authors. “Personal Data” means any information relating to an identified or identifiable person. This Policy is intended to supplement, and not supersede, any contractual provisions to which you may have agreed regarding the collection, use and/or disclosure of Personal Data. If any additional uses or disclosures of Personal Data are anticipated, the Company will communicate those changes to you. Separate notice may be provided in connection with specific processing of Personal Data.

2. Personal Data We Collect About You and Why

In the course of your relationship with us, the Company will collect Personal Data about you in order to efficiently manage our contractual relationship. We collect Personal Data to complete our agreements and to comply with legal obligations, such as transmitting Personal Data within the Company and its affiliates for internal administrative purposes and to ensure network and information security. For more specific information regarding what Personal Data we collect and the purposes for which we collect and use Personal Data, please see the Annex to this Policy.

The legal basis for obtaining and processing your data is the voluntary supply and execution of the contract that you have with us. Your decision to provide Personal Data to the Company is voluntary. However, if you do not provide certain information, the Company may not be able to accomplish some of the purposes outlined in this Policy which may pose problems in fulfilling the terms of our contract(s).

3. How We Share Personal Data

Due to the global nature of our operations, the Company may disclose and transfer Personal Data to personnel and other departments throughout the Company and its affiliates to fulfill the purposes described in this Policy. A current list of our affiliated companies is available at http://newscorp.com/about/our-businesses/). Access to, processing and use of Personal Data within the Company and its affiliates will be limited to those individuals who have a need to know the information and may include your contract manager, legal group, advertising and marketing employees, accounting or other employees involved in the payment of royalties, and any other employees required to meet our obligations under our contract(s) with you.

From time to time, the Company or certain of its affiliates may need to make Personal Data available to other parties, such as legal and regulatory authorities; accountants, auditors, lawyers and other outside professional advisors; and to companies that provide products and services to the Company and its affiliates located wherever they operate. Some of these services will be provided from countries outside of the jurisdiction where you reside. If these services are provided in a country outside the European Economic Area, the provisions of point 4 of this Policy will apply.

The Company and its affiliates require service providers to protect the confidentiality and security of Personal Data, and to ensure that Personal Data is processed only for the provision of the services on behalf of the Company and its affiliates and in compliance with applicable law. Service providers are not authorized to use or disclose the Personal Data, except as necessary to perform services on our behalf or to comply with legal requirements.

Please see the Annex to this Policy for more details on third parties with which we may share Personal Data.

4. Data Transfers

Your Personal Data may be transferred to, stored or accessed by other Company affiliates worldwide, including their service providers, for contract administration purposes. This may include transferring Personal Data to countries other than the country where you are located. We will implement appropriate safeguards to ensure that your Personal Data remains protected in any such transfers. If personal data are transferred (or accessed) to a country outside the European Economic Area for which the European Commission has decided that an adequate level of protection is not ensured, we will implement appropriate means of protection to ensure that your personal data remain safe. These measures include data transfer agreements incorporating the standard contract clauses of the European Commission. You can get a copy of these agreements by contacting us as indicated in the "Contact Us" section below.

5. Security

We have implemented technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, access, unauthorized disclosure or access. We make reasonable efforts to ensure a level of security appropriate to the risk of the processing, taking into account the costs of implementation and nature of the processing of Personal Data. When the Company retains a third-party service provider, that provider will be required to implement appropriate measures to protect the confidentiality and security of Personal Data.

6. Data Integrity and Retention

The Company takes reasonable steps consistent with applicable laws to ensure that Personal Data we process is reliable for its intended use, accurate, and complete as necessary to carry out the purposes described in this Policy. In addition, Personal Data will be retained for the duration of your contractual relationship, including a reasonable period after the termination of any such contracts in accordance with applicable law.

Page 2 of 4

7. Your Rights

You may request to access, rectify or erase your Personal Data. You have the right to object to the processing of your Personal Data, restrict the processing of your Personal Data and exercise your right to data portability. Please note that the right of opposition, deletion, limitation of processing and data portability exists only under certain legal conditions. Where you have given us your consent for our use of your Personal Data, you have the right to withdraw your consent at any time and we will apply your preferences for the future. We will respond to your questions or complaints relating to the processing of your Personal Data. If you are not satisfied with our responses, you have the right to lodge a complaint with an applicable authority.

8. Contact Us

The person responsible for the collection and processing of your personal data is:

Harlequin Books S.A. Route de Chantemerle 58 1763 Granges-Paccot Switzerland

If you have any questions or concerns about how we process Personal Data, or if you wish to exercise your rights, please contact us as follows: by e-mail at [email protected]

You may also write to:

Harlequin Enterprises Limited Bay Adelaide Centre, East Tower 22 Adelaide Street West, 41st Floor Toronto, ON, M5H 4E3 Canada

You may also contact our Business Unit Privacy Leader Shirley Komosa at Shirley.Komosa@harpercollins.com.

Page 3 of 4

ANNEX Types of Personal Data we collect include: 1. Personal Details: Your name, any pen names or pseudonyms, contact information including address, email and phone number. 2. Author Promotional Information: Biographical descriptions, social media account details, photographs or headshots and lists of previous publications. 3. Contract Related Details: Your agent(s) name and contact particulars, information about your corporation (if applicable), contract details, advances, payment preferences, royalty rates, historical sales and performance, geographic performance. 4. Payment Information: payment amounts, banking information, tax related information, beneficiary particulars (if provided by author). The purposes for which we collect, use and transfer Personal Data include: 1. Contract Administration: Administering your contract, ensuring payment terms are met, storing details of contract terms. 2. Internal Sales Analysis: Preparing, analyzing and reporting sales data for authors by region or publication. 3. Promotional Efforts: Promoting, marketing and advertising publications and authors pursuant to any contractual obligations or other agreements. 4. Royalty Payments: Preparing, analyzing, reporting and paying royalties including to estates or beneficiaries. 5. Legal Compliance: Complying with any legal requirements or processes.

The categories of unaffiliated third parties with which Company may share Personal Data: 1. Professional Advisors: Accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors in all of the countries in which the Company operates. 2. Service Providers: Companies that provide products and services to the Company such as banking, information security, IT, third party payment processing, financial institutions, marketers or promoters, and other service providers. 3. Your Agent: If an agent is designated to us. 4. Public and Governmental Authorities: Entities that regulate or have jurisdiction over the Company such as regulatory authorities, law enforcement, public bodies, and judicial bodies; 5. Corporate Transaction: A third party in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the Company’s business, assets or stock (including in connection with any bankruptcy or similar proceedings).

Page 4 of 4