FY22 IMPACT REPORT OVERVIEW ENERGY & MATERIALS HEALTH & RESILIENCE WORK & PROSPERITY GOVERNANCE APPENDIX 69 Autodesk Privacy Principles Data security ● Be transparent about our actions and intent. The Autodesk security framework was designed around industry standards to ensure ● Present individuals with clear and actionable choices. consistent security practices, enabling us to build secure, run secure, and stay secure. Privacy and ● Practice purposeful collection, use, and retention of data. Autodesk implements security policies based on industry best practices. We regularly ● Use data for the purposes for which it was collected. conduct internal and external audits, attestations, and third-party security assessments to ● Share data with third parties only in limited and approved ways. monitor changes in the environment, test our policies and procedures, and identify new data security ● Be accountable for enforcement of these Privacy Principles. and emerging risks. We meet our obligations under the General Data Protection Regulation and the California Consumer Privacy Act. Read FAQs. Autodesk privacy statements We continuously monitor the environment for threats and take detective, corrective, and The privacy and security of our customers’ protective measures to ensure a swift response when incidents do occur. Autodesk Security data is critically important to Autodesk. We are ● The Autodesk Privacy Statement explains how we handle personal data, how such responds to any security incidents or vulnerabilities detected internally or reported through committed to incorporating the core principles data can be accessed and updated, and how we protect this data when interacting external parties, and we publish security bulletins and advisories regarding vulnerabilities with third parties. that could adversely affect Autodesk products or services. Our systems are designed to be and requirements of applicable global laws into ● The Cookie Statement describes the way we use cookies, tags, and pixels in our scalable and resilient, to ensure availability to customers. our global privacy and data protection program. applications. It contains a link to a tool for users to set their cookie preferences. We have selected industry standard attestations and certifications for our products— ● The Children’s Privacy Statement addresses how we collect, process, store, and delete SSAE-16 AT 101 SOC 2 attestation, ISO 27001, ISO 27017, and ISO 27018 certifications. Privacy children’s personal data. ● The Candidate Privacy Statement describes how we collect, process, store, and delete See a detailed summary of attestations and certifications associated with Autodesk products and services. We build privacy into our products, services, culture, and personal data about job applicants and prospective candidates. processes to keep pace with evolving regulations and customer expectations. We believe our customers should have choices Build secure regarding their data and we are committed to being transparent Protecting consumer privacy and about what data we collect, and how it’s used, shared, and stored. Embedding security into our products is a critical part of securing our customers’ We follow Privacy by Design principles that govern the treatment fostering emerging technologies investment in Autodesk products and services. of data owned by Autodesk or under our control. These are applied We support technology policies that enhance consumer trust, enable innovation, and We build security into our products and services from the ground up. worldwide and reflected across the company in development plans, promote global trade in technology products and services. This includes enacting a strong business plans, and day-to-day operations. federal privacy law in the United States that gives consumers better information about, We follow Autodesk’s Privacy Principles (see box) and perform and control over, how their personal data is collected and used, enhances obligations on Run secure privacy impact assessments where personal data is collected or companies handling this data, and raises standards and provides consistent protections Securing our infrastructure is another critical way that we protect the confidentiality, used. Our employees and contingent workers are required to comply for consumers throughout the country. integrity, and availability of our customers’ information. with our privacy policies, standards and guidelines. We alsoprovide We are a member of BSA | The Software Alliance and Information Technology Industry We also build security directly into our products and deployment infrastructure. our workforce with general and role-specific privacy training. Council (ITIC) and support their work advocating for public policies that improve The Autodesk Transparency Report explains our policy on privacy protections. responding to requests for customer data by government agencies Stay secure for law enforcement purposes, and provides statistics on the Learn more types of requests we receive and our responses. Gaining visibility into our environment offers us valuable insight into persistent suspicious activity, active security incidents, and ongoing exploits impacting Autodesk and our customers. We take proactive steps to defend against these threats with the appropriate incident response.

