Confidentiality and Data Protection POLICY

1. Purpose

LIVE Industries, LLC (“the Company”) is entrusted with confidential, proprietary, and personal information belonging to its clients, partners, vendors, and personnel. This policy establishes expectations and requirements for safeguarding such information during the course of employment or engagement, including while touring, traveling, or working at third-party venues worldwide.

2. Scope

This policy applies to all:

• Employees

• Independent contractors

• Representatives and agents

• Temporary, freelance, or touring personnel

Regardless of:

• Employment classification

• Location of work

• Device ownership (company-provided or personal)

3. Definition of Confidential Information

Confidential Information includes, but is not limited to:

a. Business & Proprietary Information

• Client identities, contracts, riders, and tour itineraries

• Procurement processes, pricing, quotes, and vendor terms

• Technical drawings, stage plots, system designs, signal flow, and show files

• Research, development, and operational methodologies

• Financial data, budgets, forecasts, and internal communications

• Business plans, anticipated business, and strategic discussions

b. Personal Data

• Names, contact details, identification numbers

• Travel itineraries and passport or visa information

• Payroll, tax, banking, or per-diem records

• Health or emergency contact information

• Any data that identifies or could reasonably identify an individual

Personal data may be subject to applicable data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR), UK GDPR, and similar international frameworks.

4. Confidentiality Obligations

All personnel are required to:

• Use confidential information solely for legitimate business purposes

• Limit access to confidential information to authorized individuals only

• Exercise reasonable care to prevent unauthorized disclosure, access, or loss

• Refrain from discussing confidential matters in public or unsecured settings

• Protect confidential information during Design, Build, Execution, travel, and Wrap Up.

These obligations apply during and after employment or engagement with the Company.

5. Data Security Expectations

Personnel must take reasonable and appropriate measures to protect data, including:

a. Devices & Access

• Use strong passwords, passcodes, or biometric protections where available

• Lock devices when unattended

• Avoid shared logins or credential reuse

• Immediately report lost, stolen, or compromised devices

b. Email & Communications

• Verify recipients before sending emails containing confidential or personal data

• Use secure file-sharing platforms when provided

• Avoid transmitting sensitive data via unsecured or public networks when possible

• Treat misdirected emails in accordance with Company guidance

c. Physical Security

• Secure paperwork, badges, credentials, and storage media

• Avoid leaving sensitive materials unattended in venues, vehicles, hotels, or public spaces

6. International & Touring Considerations

Given the nature of international touring and cross-border operations:

• Personnel must comply with local laws and venue policies where applicable

• Confidential and personal data must be handled consistently, regardless of country

• Extra care should be taken when working in shared production offices, FOH positions, or temporary workspaces

• Data should not be transferred, copied, or stored unnecessarily

7. Third-Party & Vendor Interactions

Confidential information may only be shared with third parties when:

• There is a legitimate business need

• The recipient is authorized

• Appropriate safeguards are in place

Personnel must not disclose Company or client information to media, competitors, or unauthorized parties without prior written approval.

8. Data Breaches & Incidents

A data breach or security incident includes any:

• Loss, theft, or unauthorized access to confidential information

• Accidental disclosure (e.g., misdirected email)

• Suspected compromise of credentials or systems

All suspected or actual incidents must be reported immediately to Company management. Prompt reporting is essential to meet legal, contractual, and operational obligations.

9. Return and Destruction of Information

Upon termination of employment or engagement, or upon request, personnel must:

• Return all Company property and information

• Permanently delete Company data from personal devices and accounts

• Cease use or retention of confidential information in any form

10. Enforcement & Disciplinary Action

Failure to comply with this policy may result in:

• Disciplinary action, up to and including termination

• Termination of contract or engagement

• Legal action where appropriate

Nothing in this policy limits the Company’s right to seek remedies for misuse or disclosure of confidential information.

11. Questions & Reporting

Questions regarding this policy or data protection practices should be directed to Company management or an authorized representative.

Acknowledgement

Compliance with this policy is a condition of employment or engagement with LIVE Industries, LLC.