Privacy & Data Protection Policy

The Video Surveillance, Monitoring, and Biometrics Policy defines how GridColo uses cameras, sensors, and biometric systems to secure its facilities and protect the safety of customers, vendors, and staff. Video surveillance and biometric authentication are critical tools in modern data centers, providing layered verification and irrefutable records of activity. These tools, however, also involve collection of personal data; their use must therefore be transparent, narrowly focused on security, and subject to strict safeguards. The objective of this policy is to clearly state what monitoring GridColo employs, what it is used for, how data is protected, and what individuals consent to by entering or using the facility.

This policy applies to all persons entering or working within GridColo facilities — customers, vendors, contractors, delivery personnel, auditors, and visitors — at all Security Levels (1–4). It covers video cameras, access control logs, interlocked door sensors, alarm monitoring, and biometric systems such as fingerprint readers or facial recognition devices.

GridColo uses video surveillance, monitoring, and biometric systems exclusively for facility security and operational integrity. These systems help deter unauthorized access, provide real-time awareness of site conditions, and enable post-event investigation. All individuals entering a GridColo facility are deemed to consent to being recorded by video surveillance systems and, where applicable, to the use of biometric authentication systems. GridColo will not use these recordings or biometric identifiers for marketing, employment, or any purpose unrelated to facility security.

GridColo facilities are equipped with closed-circuit television (CCTV) cameras in strategic locations, including:

• Facility perimeters and entrances.
• Lobbies, corridors, and mantraps.
• Loading docks and staging rooms.
• Data halls, aisles, and cage perimeters.
• Mechanical and electrical rooms.
• Roofs and exterior plant yards.

Cameras may be visible or concealed, are monitored by GridColo security staff, and record continuously. Camera placement is designed to maximize coverage of critical areas without unreasonably intruding into private spaces such as restrooms or designated break rooms.

Video and access control systems operate 24 hours a day, 7 days a week. Recordings are securely stored for a retention period defined by GridColo (typically 90 days, unless otherwise required by law, regulation, or customer contract). Data is retained only for security and investigative purposes and then securely deleted or overwritten. Authorized security staff may review recordings in real time or retrospectively in the event of an incident.

Certain GridColo facilities employ biometric systems — such as fingerprint readers or facial recognition — as part of access control at mantraps, interlocked doors, or cage entrances. These systems are used solely to confirm identity and prevent credential sharing or unauthorized access. Enrollment in biometric systems is limited to authorized personnel who require unescorted access. Alternative authentication methods may be offered where legally required, but biometric authentication remains the preferred standard for security-sensitive zones.

By entering a GridColo facility, all individuals acknowledge and consent to:

• Being recorded by video surveillance systems.
• Having their movements logged by access control and monitoring systems.
• Where applicable, being authenticated by biometric systems such as facial recognition or fingerprint scanning.

Consent is a condition of entry. Individuals who do not wish to be monitored may not enter GridColo facilities.

Video, monitoring, and biometric data will not be used for any purpose other than facility security, incident investigation, regulatory compliance, and law enforcement cooperation when legally required. GridColo does not use biometric or video data for profiling, employment evaluation, marketing, or unrelated analytics. Access to monitoring data is strictly limited to authorized security personnel and, where necessary, executive management.

Monitoring data is stored on secure systems with encryption at rest and in transit. Access is logged, audited, and subject to role-based permissions. Biometric templates are stored as encrypted mathematical representations, not raw images, and cannot be reverse-engineered into the original biometric trait. Data is never sold or shared with third parties except as legally required by subpoena, warrant, or lawful request from regulatory authorities.

Customers may request access to video footage or monitoring data relevant to incidents involving their own equipment or personnel. Requests must be submitted in writing and will be reviewed by GridColo Security. GridColo reserves the right to redact or restrict portions of recordings that show other tenants' equipment or personnel, in order to preserve privacy.

Video surveillance and biometric systems are integrated with GridColo's broader access control and alarm monitoring platforms. This integration allows real-time alerts if unauthorized access is attempted, if a door is forced, or if a person attempts to bypass biometric authentication. Interlocked doors may be linked to video and biometric verification to prevent tailgating.

Video and biometric records are retained only as long as necessary for their security purpose. Standard retention is 90 days for video, with longer storage permitted where required by law or by contractual obligation to customers. Biometric templates are retained only for as long as the individual maintains an active access role, and are deleted upon revocation of credentials. Data is securely deleted in accordance with GridColo's data retention and destruction protocols.

• Individuals must comply with monitoring systems and may not attempt to disable, obscure, or tamper with cameras, sensors, or biometric devices.
• Customers are responsible for informing their personnel and contractors that entry constitutes consent to monitoring and biometric use.
• GridColo is responsible for maintaining secure systems, protecting data, and ensuring it is used only for security purposes.

Tampering with or attempting to bypass monitoring or biometric systems is a serious violation of this policy. Offenders may be removed from the facility, have their credentials revoked, or face contractual penalties. Serious violations may be referred to law enforcement.

This policy is effective upon publication and remains in force until replaced. GridColo may amend this policy to reflect evolving technology, legal requirements, or industry best practices. Customers will be notified of material changes through the customer portal and official notices.