Privacy Policy

ECI PRIVACY POLICY

Effective Date: June 30, 2025

1.0 Purpose

This Privacy Policy outlines how ECI (“we,” “us,” “our”) collects, uses, stores, protects, and shares personal information while operating our manufacturing business. We are committed to protecting the privacy and data of employees, customers, suppliers, contractors, and other stakeholders in compliance with Massachusetts regulations, including 201 CMR 17.00, and applicable federal laws.

2.0 Scope

This policy applies all personal information handled by ECI in any form; electronic, paper, or verbal; and covers all employees. Human Resources is accountable for the implementation of this policy. Any issues or questions regarding this policy should be directed to Human Resources.

3.0 Definition of Personal Information

· In accordance with 201 CMR 17.02, Personal Information (PI) is defined as a Massachusetts resident’s first name (or first initial) and last name, in combination with any one or more of the following: (a) Social Security Number; (b) driver’s license number or state-issued identification card number; or (c) financial account number or credit/debit card number.

· “Personally Identifiable Information (PII)” refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other identifying information. Examples of PII are name, address, telephone number, date of birth, passport, driver’s license, government issued ID, Social Security Number, and/or credit or debit card number.

· “Personal Health Information (PHI)” is information about an identifiable individual that relates to the physical or mental health of the individual, the provision of health care to the individual, the individual’s entitlement to payment for health care, the individual’s health card number, the identity of providers of health care to the individual or the identity of substitute decision-makers on behalf of the individual.

· “Third parties” are individuals or organizations other than the subject of the records or representatives of ECI that require access to the personal information. Note that in certain circumstances, the Company may be entitled to provide personal information to an external party acting as an agent of ECI.

4.0 Collection and Use of Information

· ECI collects personal information to fulfill legal or regulatory obligations; to manage Human Resources and payroll operations; to meet compliance with OSHA, export control and supply chain regulations; and to monitor facility access and security. We are committed to protecting the privacy of our employees, customers and confidential business information.

· Employees are obligated to ensure that personal information, to which they may have access remains confidential, is only used for the purposes for which it was collected, is not disclosed without authorization or used for personal gain.

· An employee who is found to be in breach of this policy will be subject to disciplinary actions up to and including discharge for cause.

5.0 Responsibilities

· Employees with access to personal information must be careful to protect it and to report any breaches of the security of personal information.

· Management is responsible for ensuring adherence to policies and procedures regarding collection, use and disclosure of personal information.

6.0 Data Security

In compliance with 201 CMR 17.00, ECI has implemented a Written Information Security Program (WISP). If you access or handle personal information, a copy of the WISP will be distributed to you, and you may be required to attend training on privacy and data security.

7.0 Individual Rights

· Employees may request access to review documents in their file such as application, promotion, disciplinary action, and transfer as well as policy sign-off forms and training records by contacting Human Resources and scheduling an appointment.

· Employees may provide a written notice of correction to Human Resources related to any data contained in the employee’s file.

· Employees may obtain a copy of any document in their file which they have signed previously. No material contained in an employee file may be removed from the file. A representative of Human Resources will be present during viewing of the file.

8.0 Retention of your Personal Information

ECI will retain personal information only for as long as necessary for operational, legal, or compliance reasons. When no longer needed, data shall be securely deleted or destroyed.

9.0 Breach Notification

In accordance with Massachusetts General Law Chapter 93H, we will notify affected individuals, the Massachusetts Attorney General, and the Office of Consumer Affairs and Business Regulation (OCABR) in the event of a data breach involving personal information.

10.0 Policy Review and Updates

This policy is reviewed annually or as needed based on changes in technology, operations, or law. Updated versions are distributed to employees and available upon request.

11.0 Contact Information

For any questions regarding this policy or your personal data, please contact:

ECI Human Resources Director

Janet.dineno@quanticeci.com

53 Mainline Drive,

Westfield, MA 01085-3313