• Account information including name, email address, last four digits of your social security number, address, phone number, employer, income, and pay frequency and dates. We may also collect information about your mobile device as noted below and/or request bank account information, a government ID such as a driver’s license, passport or state identification card accompanied with the imaging of which matches a real-time photograph of you, or other similar information (“Personal Information”). The aforementioned list is non-exhaustive, and we may require additional information from you before granting you an account or allowing ongoing access to your existing account;
• Service information such as your browsing and shopping history on our Website, and search history, which may or may not be used to identify you; and
• Automatically collected information including your IP address, the equipment you use to access our Website, mobile device information (device model, operating system version, device date and time, unique device identifiers, mobile network information) and usage details.

We collect Personal Information:

• About you when you provide it to us;
• Automatically as you navigate through the Website and use the Services; and
• From third parties, as described below.

Personal Information You Provide to Us

The Personal Information we collect when you use our Website and Services may include:

• Personal information that you provide by filling in forms on our Website and/or applying for or using our Services. This includes Personal Information provided at the time of registering for the Services and any Personal Information you provide while utilizing the Services. We may also collect personal information related to purchases and/or activity related to your account;
• Records and copies of your correspondence (including email address and other contact information);
• Your responses to surveys that we might ask you to complete for research purposes;
• Details of transactions through our Website and Services including the fulfillment of your orders. You may be required to provide additional personal information before placing an order through our Website and Services; and
• Your search queries and activity on the Website and Services.

Personal Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website and utilize the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website; and
• Information about your computer or mobile device and internet connection, including your IP address, operating system, and browser type; and
• Purchasing and search behavior to customize the products you see on the Website to optimize your shopping experience.

The information we collect automatically helps us to improve our Website, ensure better Website security, and to deliver more personalized Services, including by enabling us to:

• Estimate our audience size and usage patterns;
• Store information about your preferences, allowing us to customize our Website and/or Services according to your individual interests;
• Speed up your searches; and
• Recognize you when you return to our Website.

The technologies we use for automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website;
• Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity); and
• Google Analytics. We use Google Analytics and other third-party analytics providers on our Website and Services to collect usage data and to analyze how users are using the Website and Services. For more information about how to opt-out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.

Disabling certain technologies may create problems in functionality of our Website and result in your not being able to use some parts or all of it.

We may combine personal information about you that we collect from other sources such as Internet service providers, operating systems and platforms, credit reporting agencies, government entities, advertising networks and data analytics providers.

• To present our Website, Services and its contents to you;
• Fulfill and manage purchases, orders, payments, and returns;
• To provide you with information, products, or Services that you request from us, or to otherwise serve you;
• To fulfill any other purpose for which you provide it, including processing your application for Purchase Credit;
• To provide you with notices and other information about your account;
• To perform account management activities such as adjustments to Spending Limits and down payment percentages;
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
• To notify you about changes and other information about our Website or any products or Services we offer or provide though it;
• To allow you to participate in features on our Website and Services;
• To protect the security and integrity of our Website, prevent fraudulent transactions and otherwise protect our customers and our business;
• Assist law enforcement and respond to legal/regulatory inquiries;
• In any other way we may describe when you provide the information; and
• For any other purpose with your consent.

We may also use your information to contact you about goods and services that may be of interest to you.

We may disclose personal information that we collect or you provide as described in this Privacy Policy:

• To our subsidiaries and affiliates;
• To contractors and service providers we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
• To third parties such as Internet service providers, operating systems and platforms, credit reporting agencies, and analytics providers;
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Company about our Website and Services and associated users is among the assets transferred;
• To fulfill the purpose for which you provide it;
• For any other purpose disclosed by us when you provide the information; and
• With your consent and other lawful purposes.

We may also disclose your personal information:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• To enforce or apply our Terms of Use, Registration Agreement, any Retail Installment Contract, including for billing and collection purposes, and any other agreements between you and us; and
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, you and/or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this Website and/or Services may then be inaccessible or not function properly. We do not control the collection or use of your information by advertising channels we use. You may opt out through one of the advertising industry solutions as follows: In the United States, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page, at www.aboutads.info/choices/, as well as the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page at www.networkadvertising.org/choices/, for information about opting out of interest-based advertising.

  Opting out of one or more of ad networks only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Website or other sites. For example, you may continue to receive advertisements based on the particular site or page that you are viewing (also known as contextual advertising). If your browser is configured to reject cookies when you visit the opt-out page or you subsequently erase your cookies or change browsers, you may need to update your choices.

• Do Not Track. Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “do not track” signals.

Promotional Offers from the Company.

• Email. If you do not wish to have your email address used by the Company to promote our own or third parties’ products or services, you can opt-out by clicking un-subscribe at the bottom of any promotional email you’ve received from us or at any other time by sending us an email stating your request to privacy@zebit.com. This opt out does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience or other transactions.
• Text Messages. We may send text messages you have consented to receive. You can cancel text messages at any time by texting “STOP”. After you send “STOP”, we may send you an additional text message to confirm that you have been unsubscribed. You will no longer receive text messages from that number, but you may receive text messages if you are subscribed to other text lists.
• Push Notifications. You may opt-out from allowing Zebit to send you push notifications by adjusting the permissions in your mobile device. Uninstall a Target Mobile Application
• Uninstall mobile application. You can stop all further collection of information by a Zebit mobile application by uninstalling it. You may use the standard uninstall process available as part of your mobile device or via the mobile application marketplace or network.

California residents may have additional personal information rights and choices. Please see Your California Privacy Rights below for more information.

Purpose of Collection. In some instances, we may use third parties to collect to collect certain biometric identifiers and/or biometric information (collectively, “biometric data”). These third parties do not interact directly with you with respect to collection of your biometric data. Third parties may access, process, and store your biometric data for the purpose of verification services, fraud prevention, and/or long-term proof of inspection of your provided form of identification. Where required by law, we must obtain consent to collect or possess your biometric data. Neither Zebit nor any third parties retained by us will sell, lease, trade, or otherwise profit from your biometric data.

Retention of Biometric Data. BIPA provides that biometric data must be destroyed at the earliest of three years of the last interaction with you or when collection purpose has been met. Our vendors will, therefore, destroy your biometric data, if any, within the time required by law. We request vendors strive to retain your biometric data only for as long as necessary to detect fraud and will then seek to permanently destroy such data within approximately 90 days where no fraud had been detected.

privacy@zebit.com

Overview

The CCPA requires us to give you specific information about the categories of personal information we collect about you, the sources from which we have obtained that information, the purposes for which we collect it and the categories of entities with whom we share it. The information below sets out our relevant practices over the last 12 months as well as our current practices. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”).

Personal information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded from the CCPA’s scope, like:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

AS A COURTESY, THE FOLLOWING DISCLOSURES INCLUDE INFORMATION THAT IS EXEMPT FROM CCPA. THE COURTESY DISCLOSURES ARE MADE WITH A RESERVATION OF ALL RIGHTS THAT WE HAVE UNDER CCPA.

How We Obtain Your Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you. You enter or provide us with information, whether online or by email, phone, or document upload. For example, your contact information that you provide, your application for credit in order to shop with us, or documents you provide to verify your identity.
• From third-party data and data analytics providers, vendors, advertising and social networks, and other third-party service providers. For example, companies that work with us to market our products to you, credit reporting agencies from which we check your credit in connection with a submitted application, or other service providers, and vendors that provide data we use in underwriting or in protecting you and our products from fraud and identity theft.
• Directly and indirectly from you based upon website interaction. From submissions through our website or website usage details collected automatically.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following purposes:

1. To fulfill or meet the reason you provided the information, such as requests for credit, fulfill orders or requests for services, provide customer service, and service any Purchase Credit transactions you have with us.
2. To provide, personalize support, and develop our Website, products, and services and to deliver content and product and service offerings relevant to your interests, including targeted offers through our Website, and via email or other electronic messaging (with your consent, where required by law).
3. To create, maintain, customize, and secure your account with us.
4. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
5. To protect the safety, security, and integrity of our Website, products and services, technology assets, and business, and prevent fraud or any other illegal activity.
6. For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
7. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
8. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our consumers is among the assets transferred.

Personal Information We Collect

See the table below for the categories of personal information we collect and the business purposes (from the list above) for which they may be used.

How Long We Retain Your Personal Information:

The personal information we collect will be retained for as long as reasonably necessary for the purposes set out in this California Privacy Policy and consistent with our retention policies, in accordance with applicable laws. When determining these retention policies, we take into account the length of time personal information is required to be retained to provide the services; satisfy legal and compliance obligations and for audit purposes; address any complaints regarding the services; and satisfy our legal or contractual obligations. Sale of Personal Information:

We do not sell your information as that term is traditionally defined, though your information may be transferred as part of a sale of some or all of the assets or stock of Zebit to a purchaser. We do not knowingly collect, nor do we sell, the Personal Information of minors under 18 years of age.

Sharing of Personal Information:

In certain instances, we may disclose your personal information to a service provider or third party. We may share your information in the following ways:

• With Service Providers. We share certain personal information with third parties that perform services to support our core business functions and internal operations including: providing credit for purchases made on the Website, analyzing operation of our Website and improving its functionality, fulfilling orders, delivering packages, complying with your request for the shipment of products to or the provision of services by a third party intermediary, sending, e-mails and text messages, analyzing customer data, providing marketing assistance, supporting beacons, processing credit card and debit card payments, investigating fraudulent activity, and conducting customer surveys. Examples include payment processors, credit reporting agencies, fraud prevention services, marketing companies, software providers, data analytics providers, data providers;
• To Comply with the Law or Protect Ourselves. We may disclose personal information in when sharing is required by law, or to comply with relevant laws and regulations. We may also disclose information to protect the safety, property, or rights of our company, employees, customers, or for other purposes. Examples include: preventing fraudulent transactions, assisting law enforcement and responding to valid legal or regulatory inquiries;
• Business Transfers. We may share personal information with another company that buys some, or all, of the assets or stock of Zebit, and that company may use and disclose personal information for purposes similar to what is described in this policy. We may also share personal information with prospective purchasers to evaluate the proposed transaction; and
• For Other Reasons We May Describe to You. We may also share your information for other purposes as disclosed at the time you provide your information, or otherwise with your consent.

Right to Know:

You have the right to request that we disclose certain information to you about our collection, use, and disclosure of your personal information over the past 12 months (“Request to Know”). Once we receive and verify your Request to Know, we will disclose to you either:

• Categories of Personal Information Collected, Disclosed, Sold, and/or Shared
  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • If we disclosed your personal information to third parties, the corresponding categories of personal information.
  • If we sold or shared your personal information for cross-contextual behavioral advertising, the categories of personal information sold or shared.
• Specific Information
  • The specific pieces of personal information we collected about you.

Right to Delete:

You have the right to request that we delete your personal information (“Request to Delete”). Once we receive and verify your Request to Delete, we will delete your personal information from our records, unless an exemption or exception applies.

We may deny your Request to Delete if retaining the personal information is necessary for us or our service providers to:

• Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
• To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
• Comply with a legal obligation.
• Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

Additionally, we may deny your Request to Delete if we are unable to verify your identity or have reason to believe that the request is fraudulent.

Right to Correct:

You have the right to request that we correct your inaccurate personal information (“Request to Correct”). Once we receive and verify your Request to Correct, we will use commercially reasonable efforts to correct your inaccurate personal information in our records.

Right to Limit the Use of Sensitive Personal Information

You have the right to direct a business that collects your sensitive personal information to limit its use to uses which are necessary to perform the services or provide the goods reasonably expected. However, we only use Sensitive Personal Information to provide the goods and services requested by you; to prevent, detect, and investigate security incidents; to resist malicious, deceptive, fraudulent, or illegal actions and to prosecute those responsible for such actions; to ensure people’s physical safety; to perform services on our behalf; to verify or maintain the quality or safety of our products, services, and devices.

Right to Opt-Out:

The CCPA gives consumers the right to opt-out of 1) the sale of their personal information, 2) the sharing of their personal information for cross-context behavior advertising, or 2) for use in automated decision making.

The CCPA gives consumers the right to opt-out of the use of automated decision-making technology in connection with decisions about the consumer’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. However, we do not use automated decision-making technology for personal information that is not covered by FCRA, GLBA, and CalFIPA.

Right to Non-Discrimination:

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. When you submit a request, we will take steps to verify your request by requiring you to log into your account or by matching the information provided by you with the information we have in our records.

Requests must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Given the sensitivity of your personal information that we collect and retain, we will need to verify your identity with at least 3 separate pieces of information such as name, address, account number, date of birth, last 4 of your Social Security Number, phone number, etc.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Authorized Agents:

Before we can respond to a Request to Know, Request to Delete, or Request to Correct submitted by an authorized agent, we need to confirm not only that person or entity’s authority to act on behalf of a consumer and verify the identity of the authorized agent. If you are authorized to submit a request on behalf of a California resident, please email us at privacy@zebit.com and provide the following information:

1. To verify your authorization to request on behalf of a California resident, please attach a copy of one or more of the following to your request email:
   • written permission from the California resident, or
   • power of attorney
2. To verify your identity, please attach copies of the following to your request email:
   • Valid Government Issued ID (not expired) and
   • a Utility Bill, Bank Statement, or similar documentation to verify your name and address
3. You will also be required to verify the identity of the consumer for whom you are submitting the request.

Response Timing and Delivery Method:

We will acknowledge receipt of a Request to Know, Request to Delete, or Request to Correct within 10 business days and will respond within 45 days. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Z Rewards, provides Rewards Participants with points for their rewards-earning actions, including but not limited to purchases, on-time payments, continuous enrollment in automatic payments, and installation of the Zebit mobile app. Rewards Participants can subsequently redeem the points for coupon codes that they can apply to future orders with Zebit. In order to provide Rewards Participants with the incentives described above, we use personal information about Rewards Participants including account number, purchase history, payment history, etc. to identify them as a member of the program and provide them with relevant messaging, experiences and deals. Zebit does not generally assign monetary value to consumers’ personal information. Although Zebit does not collect additional information for joining the Z Rewards other than what is already collected in order for the customers to use and purchase from us, to the extent the CCPA requires that a value be assigned to such programs, we value the information as being equal to the value of the discounts we offer in Z Rewards through points redemption. We do not calculate the value of consumer data in our financial statements. We make this good faith estimate for California residents.

Categories of Personal Information used in Z Rewards:

• Identifiers (e.g., name, mailing address, email address, phone number)
• Birth year and month
• Commercial information (e.g., products or services purchased, purchase history, payment history)
• Internet or other electronic network activity (e.g., browse or search history)
• Inferences drawn from any of the above (e.g., preferences or characteristics)

You may opt in to Z Rewards online and you may opt out at any time by emailing help@zebit.com. Please put Z Rewards Opt Out in the subject line of the email and state that you wish to opt out of the program in body of the email.

Website: www.zebit.com/contact/
Email: privacy@zebit.com

Postal Address: