Website Privacy Policy

Last modified: May 31, 2024

RNG Agency, LLC, a Tennessee limited liability company (the “Company”, “We”, or “Us”) respect your

privacy and are committed to protecting it through our compliance with this website privacy policy (the

“Privacy Policy”).

This Privacy Policy describes the types of information that we may collect from you or that you may

provide when you visit the website: https://rngagency.com/home (our “Website”) and our practices for

collecting, using, maintaining, transmitting, protecting, and disclosing such information.

This Privacy Policy applies to information we collect:

• in email, text, and other electronic messages between you and the Company or through links to

the Website; and

• through social media pages controlled by us or that we interact with; and

This Privacy Policy shall not apply to information collected by:

• Us offline or through any other means including, without limitation, on any other website

operated by Company or any third party; or

• Any third party, including information collected by any third party through any application or

content that may link to or be accessible from or on the Website.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND OUR POLICIES

AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. IF

YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, YOU DO NOT HAVE OUR

PERMISSION TO USE OUR WEBSITE. BY ACCESSING OR USING THIS WEBSITE, YOU

AGREE TO THIS PRIVACY POLICY. WE MAY UPDATE, REVISE OR MODIFY ALL OR A

PORTION OF THIS PRIVACY POLICY FROM TIME TO TIME (SEE CHANGES TO OUR

PRIVACY POLICY). YOUR CONTINUED USE OF THIS WEBSITE AFTER WE MAKE SUCH

UPDATES, REVISIONS OR MODIFICATIONS IS DEEMED TO BE ACCEPTANCE OF SUCH

UPDATES, REVISIONS OR MODIFICATIONS; SO, IT IS IMPERATIVE THAT YOU

CONSULT THE PRIVACY POLICY PERIODICALLY FOR UPDATES.

• This privacy policy explains:

• Websites Covered by This Privacy Policy

• Changes to Our Privacy Policy

• Contact Information

• Types of Information We Collect

• How We Use Your Information and Who We May Share It With

• Third-Party Links & Content

• Security and Data Location

• WHAT ARE YOUR PRIVACY RIGHTS?

• Websites Covered by This Privacy Policy.

• Our Website may from time-to-time link to third-party websites for your convenience and

to provide easy access to additional useful information. Should you select such a link you will leave the

Website. We do not control those sites nor their privacy practices, which may differ from our practices

and policies. Any personal data you choose to provide to or that is collected by such third parties is not in

any way covered by this Privacy Policy. We recommend that you read over such website’s privacy policy

before providing any personal information. A link to another website from Us does not constitute an

endorsement or representation about the value, quality, or usefulness of anything found on that third-party

website.

• Throughout this policy, when we refer to “Websites,” we mean all Company affiliated or

controlled websites and any other microsites or mobile websites we operate or use. “Social Media Pages”

are the official social media pages we operate on Facebook, X (formerly known as Twitter), Instagram,

LinkedIn, and other social media platforms.

• PLEASE BE AWARE THAT IF YOU ELECT TO HAVE US SHARE YOUR

INFORMATION WITH THIRD PARTIES, THOSE ELECTIONS TO HAVE YOUR

INFORMATION SHARED WILL SUPERSEDE ANYTHING TO THE CONTRARY IN THIS

PRIVACY POLICY.

• Changes to Our Privacy Policy.

• We reserve the right to amend this privacy notice at our discretion and at any time. It is

our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy

Policy has been updated on the Website home page. The date the Privacy Policy was last revised is

identified at the top of the page. Your continued use of our Website following the posting of changes

constitutes your acceptance of such changes.

• PLEASE NOTE THAT FOR CALIFORNIA RESIDENTS THE CALIFORNIA

CONSUMER PRIVACY ACT OF 2018, AS REVISED BY THE CALIFORNIA PRIVACY

RIGHTS ACT OF 2020 (“CCPA”) WILL GOVERN OUR USE AND YOUR RIGHTS WITH

REGARD TO YOUR PERSONAL INFORMATION.

• Types of Information We Collect.

• When you access our Website, we collect several types of information from and about

users of our Website, depending on the context of your interactions with Us and the Website (“Personal

Information”), including information:

• by which you may be personally identified, such as: name, e-mail address,

telephone number, ZIP code/postal code, or other additional information supplied

by you, by which you may be contacted online or offline.

• aggregated information about people who visit and interact with our Social

Media Pages. “Aggregated” means information that regards you but does not

include your personal information or otherwise is specifically associated with

you.

• If you call, email, text, or chat with our customer service agents, we may keep

records of those conversations.

• We collect this information:

• directly from you when you provide it to us;

• automatically as you navigate through the site, or use our services. Information

collected automatically may include usage details, IP addresses, and information

collected through cookies.

• Information You Provide to Us.

• The information we collect on or through our Website may include, but is not limited to:

• information that you provide by filling in forms on our Website. This includes

information provided at the time of registering to use our Website, and services

requested; and

• records and copies of your correspondence (including email addresses and related

contact information) if you contact us;

• We may take your personal information and de-identify it so as to make it non-personally

identifiable, either by combining it with information about other individuals and/or by hashing the

information or otherwise removing characteristics that make the information personally identifiable

directly to you. We will treat de-identified information as non-personal to the fullest extent allowed by

applicable law.

• Social Networking Features.

• Functionality on the Website may permit interactions between the Website and a third-

party service such as Facebook, X (formerly known as Twitter), Instagram, LinkedIn, and other social

media platforms (“Social Networking Features”). Examples of Social Networking Features include

enabling you to “like” or “share” content from the Website or to “like” or “share” our page on a third-

party service; to automatically or selectively show your social media posts on the Website; and to

otherwise connect the Website to a third-party service. If you choose to share content or to otherwise post

information through the Website to a third-party service, or vice versa, that information may be publicly

displayed. Similarly, if you post information on a third-party service that references us (for example, by

using a hashtag associated with us in your post), your post may be published on the Website or otherwise

in accordance with the terms of that third party. Also, both we and the third party may have access to

certain information about you and your use of the Website and the third-party service. These third-party

social networking companies may collect information about your visit to a Platform through the Social

Networking Features we have integrated into the Platform, and - if you are signed into your account with

such a third-party social networking company – it may collect additional information in accordance with

the terms of your agreement with that company. In addition, we may receive information about you if

other users of a third-party service give us access to their profiles and you are one of their “connections”

or information about you is otherwise accessible through your profile or similar page on a social

networking or other third-party service. The information we collect in connection with Social

Networking Features is subject to this Privacy Policy. The information collected and stored by the third

party remains subject to the third party’s privacy practices, including whether the third party continues to

share information with us, the types of information shared, and your choices with regard to what is visible

to others on that third-party service.

• All personal information that you provide to us must be true, complete, and accurate, and

you must notify us of any changes to such personal information.

• Information We Collect Through Automatic Data Collection Technologies.

• As you navigate through and interact with our Website, we may use automatic data

collection technologies to collect certain information about your equipment, browsing actions, and

patterns, including:

• details of your visits to our Website, including traffic data, location data, logs,

and other communication data, and the resources that you access and use on the

Website; and

• information about your device and internet connection, including your IP address,

operating system, and browser type.

• The information we collect automatically is only statistical data and does not include

personal information, but we may maintain it or associate it with the personal information that we collect

in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and

more personalized service, including by enabling us to:

• estimate our audience size and usage patterns; and

• to protect our Services. We may use your information as part of our efforts to

keep our Website safe and secure (e.g., for fraud monitoring and prevention).

• The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive

of your computer. You may refuse to accept browser cookies by activating the

appropriate setting on your browser. However, if you select this setting, you may

be unable to access certain parts of our Website. Unless you have adjusted your

browser setting so that it will refuse cookies, our system will issue cookies when

you direct your browser to our Website. These technologies are able to store a

unique identifier for a device to allow a certain Internet site to recognize the

device whenever the device is used to visit the site. These technologies may be

used for many purposes by us and our third-party service providers, such as

automatically collecting Usage Information, enabling features, remembering your

preferences, and providing you with targeted advertising elsewhere online. If

you do not want to accept cookies, you can block them by adjusting the settings

on your Internet browser. You can find more information about cookies and how

they work at www.allaboutcookies.org.

• Flash Cookies. Certain features of our Website may use local stored objects (or

Flash cookies) to collect and store information about your preferences and

navigation to, from, and on our Website. Flash cookies are not managed by the

same browser settings as are used for browser cookies. For information about

managing your privacy and security settings for Flash cookies, see Choices

About How We Use and Disclose Your Information.

• Web Beacons. Pages of our Website may contain small electronic files known as

web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that

permit the Company, for example, to count users who have visited those pages

and for other related website statistics (for example, recording the popularity of

certain website content and verifying system and server integrity).

• Web Browsers. Certain browsers, or browser add-ons, may provide additional

local data storage mechanisms that are used in a manner similar to cookies, and

some of the content included on our Platforms may make use of this local storage.

If you choose to disable cookies, or to otherwise restrict local storage, some

features of the Platforms may not function properly, including the shopping cart

and ordering processes.

• Embedded Scripts. An embedded script is programming code that is designed to

collect information about your interactions with the Platforms, such as the links

you click on. The code is temporarily downloaded onto your device from our

server or a third-party service provider, is active only while you are connected to

a Platform and is deactivated or deleted thereafter.

We do not collect personal information automatically, but we may tie this information to personal

information about you that we collect from other sources, or you provide to us.

• What Categories of Personal Information Do We Collect?

• We have collected the following categories of personal information in the past twelve

(12) months:

• Identifiers. Contact details, such as real name, alias, postal address, telephone or

mobile contact number, unique personal identifier, online identifier, device

identifier, date of birth (or partial DOB such as birth day and month), Internet

Protocol address, email address and account name; or other similar identifiers.

• Internet or Other Similar Network Activities. This includes browsing history,

search history, online behavior, interest data, and interactions with our and other

websites, applications, systems, and advertisements. This category includes: the

hardware model, browser, and operating system you are using; the URL or

advertisement that referred you to the Website you are visiting; all of the areas

within the Website that you visit; devices you have used to access the Website;

your time zone; location information based off your IP address; and mobile

network (if applicable).

• Geolocation data. This includes device location, Physical location, or

movements that we can collect through your use of our Website.

• Inferences Drawn From Other Personal Information. Inferences drawn from any

of the collected personal information listed above to create a profile or summary

about, for example, an individual’s preferences and characteristics, psychological

trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitude.

• Personal information does not include: Publicly available information from government

records, deidentified or aggregated consumer information.

• We may also collect other personal information outside of the specified categories in

instances where you interact with us in-person, online, or by phone or mail in the context of facilitation in

the delivery of our Services and to respond to your inquiries.

• How We Use Your Information.

• General Use.

• The information We collect about you or that you provide to us, including any

personal information, is used to comprehensively understand your needs and

interests, and permit Us to deliver a more consistent and personalized experience.

For example, We may use your information:

• To present our Website and its contents to you;

• To provide you with information or services that you request from us;

• To carry out our obligations and enforce our rights arising from any

contracts entered into between you and us;

• To notify you about changes to our Website or any services we offer or

provide though it;

• To allow you to participate in interactive features on our Website;

• To provide personalized promotional offers and select content to be

communicated to you;

• To detect, prevent and remediate fraud or other potentially prohibited or

illegal activities; and/or

• For any other purposes with your consent.

• We may use the information we collect for the following business purposes:

• Understanding You. Analyzing your activity with us (including your interactions

with our affiliated websites, emails or other forms of communication) and

monitoring the effectiveness of our advertising and communications.

• Personalization. Using your preferences and other collected information to

personalize our relationship with you, including presenting customized

communication, advertising, emails, and ads on Social Media.

• Communications. Communicating with you, including responding to your

requests or other messages.

• Your Experience. Serving content on our Website, developing our services,

better understanding your needs and preferences, and constantly improving your

experience.

• Credit Cards/Electronic Payments. Credit card and electronic payment information is

used solely for payment processing and fraud prevention efforts. Credit card information, and other

sensitive personal information required to process a credit decision, is not used for any other purposes by

us or our financial services providers, and will not be retained any longer than necessary to provide your

services.

• With Whom We Share Your Data and How It is Used.

• Consent. We may process your data if you have given us specific consent to use your

personal information for a specific purpose.

• Legitimate Interests. We may process your data when it is reasonably necessary to

achieve our legitimate business interests.

• Performance of a Contract. Where we have entered into a contract with you, we may

process your personal information to fulfill the terms of our contract.

• Legal Obligations. We may disclose your information where we are legally required to

do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or

legal process, such as in response to a court order or a subpoena (including in response to public

authorities to meet national security or law enforcement requirements).

• Vital Interests. We may disclose your information where we believe it is necessary to

investigate, prevent, or take action regarding potential violations of our policies, suspected fraud,

situations involving potential threats to the safety of any person and illegal activities, or as evidence in

litigation in which we are involved.

• More specifically, we may need to process your data or share your personal information

in the following situations:

• Business Transfers. We may share or transfer your information in connection

with, or during negotiations of, any merger, sale of company assets, financing, or

acquisition of all or a portion of our business to another company.

• Consultants and Other Third-Party Service Providers. We partner with third

parties to assist with many aspects of our business, including fulfilling

advertising, analyzing your interests and activity on our Website, and helping us

communicate with customers. We may share your data with third-party service

providers, contractors or agents who perform services for us or on our behalf and

require access to such information to do that work. Examples include: payment

processing, data analysis, email delivery, customer service, and marketing efforts.

We may allow selected third parties to use tracking technology on the Website,

which will enable them to collect data on our behalf about how you interact with

our Website over time. This information may be used to, among other things,

analyze and track data, determine the popularity of certain content, pages, or

features, and better understand online activity. Unless described in this notice,

we do not share, sell, rent, or trade any of your information with third parties for

their promotional purposes. We may also receive information collected by these

third parties and combine it with the information we have collected. Some of

these third parties may be located outside the United States. Your information

may also be collected and processed by third parties, such as the payment

providers you select, who will process your information independently in

accordance with their own privacy notices.

• Other Third Parties. We will disclose information about you, including to

government bodies or law enforcement agencies, when we believe it to be

necessary for compliance with the law or to protect the users of our Websites and

Apps, our Websites and Apps, or the public.

• Security and Data Location.

• Security Measures.

• We have implemented appropriate technical and organizational security measures

designed to protect and secure your Personal Information from accidental loss

and from unauthorized access, use, alteration, and disclosure. All information

you provide to us is stored on our secure servers behind firewalls.

• However, despite our safeguards and efforts to secure your information, no

electronic transmission over the Internet or information storage technology can

be guaranteed to be 100% secure. Although we do our best to protect your

Personal Information, we cannot guarantee that hackers, cybercriminals, or other

unauthorized third parties will not be able to defeat our security, and improperly

collect, access, steal, or modify your information transmitted to our Website.

Although we will do our best to protect your personal information, any

transmission of Personal Information is at your own risk. We are not responsible

for circumvention of any privacy settings or security measures contained on the

Website. You should only access the Website within a secure environment.

• Cookies. To facilitate and customize your experience with the Website, we may store

cookies on your computer. A cookie is a small text file that is stored on a User’s computer for record-

keeping purposes which contains information about that User. We use cookies to save you time while

using the Website, remind us who you are, and track and target User interests in order to provide a

customized experience. Cookies also allow us to collect information from you, like which pages you

visited and what links you clicked on. Use of this information helps us to create a more user-friendly

experience for all visitors. In addition, we may use third party advertising companies to display

advertisements on our services. As part of their service, they may place separate cookies on your

computer. We also contract with third party advertising or analytics companies to serve you online ads on

other websites. These companies use cookies or similar technologies to collect information about your

interactions with our Platforms and interactions with other websites. These advertising companies may

use and share the information gathered to deliver ads more tailored to your interests. We receive

aggregate information from these third parties to understand our advertising effectiveness. Any

information collected by us or by third parties through the use of cookies or similar technologies may be

linked with other information we collect about you. We have no access to or control over these cookies.

This Privacy Policy covers the use of cookies by our Website only and does not cover the use of cookies

by any advertiser or other third party. Most browsers automatically accept cookies by default, but, if you

prefer, you may be able to modify your browser settings to remove cookies and to reject cookies. Users

may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If you

choose to remove cookies or reject cookies, this could affect certain features or services of our Website.

To opt-out of interest-based advertising by advertisers on our Website visit

http://www.aboutads.info/choices/.

• Analytics. Visitors to this Website who have JavaScript enabled are tracked using

Google Analytics. Google Analytics may collect some or all of the following types of information from

you: type of user agent (web browser) used, software manufacture and version number; type of operating

system; color processing ability of your screen; JavaScript support; Flash version; screen resolution;

network location; IP address; country, city, state, region, county, or any other geographic data; hostname;

bandwidth (internet connection speed); time of visit; pages visited; time spent on each page of the

Website; referring site statistics; the website URL you came through in order to arrive at the Website; or

search engine query used to find the Website. This data is primarily used to optimize our Website for our

visitors and for internal marketing purposes.

• Other Tracking Devices. We may use other industry standard technologies like pixel tags

and web beacons to track your use of our Website pages and promotions, or we may allow our third-party

service providers to use these devices on our behalf. Pixel tags and web beacons are tiny graphic images

placed on certain pages on our Website, or in our emails that allow us to determine whether you have

performed a specific action. When you access these pages or open or click an email, pixel tags, and web

beacons generate a notice of that action. Pixel tags allow us to measure and improve our understanding of

visitor traffic and behavior on our Website, as well as give us a way to measure our promotions and

performance. We may also utilize pixel tags and web beacons provided by our affiliates and/or partners

for the same purposes.

• Timing.

• We will only keep your personal information for as long as it is necessary for the

purposes set out in this privacy notice, unless a longer retention period is required

or permitted by law (such as tax, accounting, or other legal requirements). No

purpose in this notice will require us keeping your personal information for

longer than six (6) months past the termination of the user’s account.

• When we have no ongoing legitimate business need to process your personal

information, we will either delete or anonymize such information, or, if this is not

possible (for example, because your personal information has been stored in

backup archives), then we will securely store your personal information and

isolate it from any further processing until deletion is possible.

• Additional US State Privacy Rights.

• Some states in the US have passed state-specific privacy laws. This section

supplements our privacy policy by explaining your privacy rights if you are a resident in one of

these states, provides certain mandated disclosures about our treatment of personal information,

and includes:

• Colorado, Connecticut, Utah and Virginia specific disclosures and rights;

• California specific disclosures and rights;

• Opt-outs for sale or sharing of personal information; and

• Metrics on consumers exercising their rights.

• Colorado, Connecticut, Utah, and Virginia.

• If you are a resident of Colorado, Connecticut, Utah, or Virginia, we have

certain obligations, and you have certain rights with respect to your

personal information, including:

• Right to confirm whether the controller is processing the

consumer’s personal information and the right to access such

information;

• Right to correct inaccuracies in personal information;

• Right to delete personal information;

• Right of data portability;

• Right to opt out from targeted advertising; and

• Right to opt out from the sale of personal information.

• In certain states, you also have the right to opt out from profiling in

furtherance of decisions that produce legal or similarly significant effects

on the consumer (such as Virginia, Colorado, and Connecticut) and appeal

a decision regarding a request to exercise your rights.

• If you wish to exercise one or more of these rights, please review the

“What rights do I have regarding my personal information?” section above.

If you would like to opt out of targeted advertising or the selling or sharing

of personal information, please see the instructions below.

• California.

• The California Consumer Privacy Act of 2018 (“CCPA”), as amended by

the California Privacy Rights Act of 2021 (“CPRA”) requires us to

provide California consumers with some additional information related to

how we collect, use, retain, and disclose personal information as well as

describe additional rights. If you are a resident of the State of California,

please see our California Privacy Rights Notice annexed hereto as Exhibit

A, regarding additional rights you have, including how to exercise your

rights.

• What Are Your Other Privacy Rights If Located Outside the United States?

• If you are using our U.S.-based Platforms while located outside the United States, that

this privacy policy may apply to you. Any information we collect from you could be stored on servers

and shared with third parties located in the United States or other countries. The rules and laws that apply

to the collection and use of personal data in the United States or other countries may differ from those in

your country.

• If you are a resident of the European Union (“EU”), United Kingdom,

Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data

Protection Regulation (the “GDPR”) with respect to your personal information, as outlined

below.

• Annexed hereto as Exhibit B is our EU Privacy Rights Notice which

summarizes the additional rights you have, including how to exercise such

rights.

• If there are any conflicts between the attached EU Privacy Rights Notice

and this Privacy Policy, the policy or portion that is more protective of

personal information shall control to the extent of such conflict. Note that

we may also process personal information of our customers’ end users or

employees in connection with our provision of certain services to

customers, in which case we are the processor of personal information. If

we are the processor of your personal information (i.e., not the controller),

please contact the controller party in the first instance to address your

rights with respect to such data.

• If you have questions or comments about your privacy rights, you may email us at

[email protected].

• Account Information.

• If you would at any time like to review or change the information in your account or

terminate your account, you can contact us using the contact information provided.

• Upon your request to terminate your account, we will deactivate or delete your account

and information from our active databases. However, we may retain some information in our files to

prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or

comply with applicable legal requirements.

• Your Privacy Choices.

• You can control the information we collect and use in the following ways:

• Location Information. You can disable location-based services on your mobile

device or web browser by adjusting the settings on your device or browser. This

will prevent our Website from accessing your location information.

• Emails. You can unsubscribe from our email list at any time by clicking on the

unsubscribe link in the emails that we send or by contacting us using the details

provided below. You will then be removed from the marketing email list —

however, we may still communicate with you, for example to send you service-

related emails that are necessary for the administration and use of your account,

to respond to service requests, or for other non-marketing purposes. To

otherwise opt-out, you may contact us using the contact information provided.

• Online Advertising. For information about opting out of third party advertising,

visit: NAI Opt-Out (http://www.aboutads.info/choices/) and DAA Opt-Out

(http://optout.networkadvertising.org/?c=1) (you will leave this Website for a

separately managed online site where you can specify your preference under

those programs). You can also click on the icon that may appear on some of our

advertising served through these technologies. We may use more than one third

party company for placing this advertising, which would require you to opt out of

each company.

• Controls For Do-Not-Track Features. Most web browsers and some mobile operating

systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to

signal your privacy preference not to have data about your online browsing activities monitored and

collected. At this stage no uniform technology standard for recognizing and implementing DNT signals

has been finalized. As such, we do not currently respond to DNT browser signals or any other

mechanism that automatically communicates your choice not to be tracked online. If a standard for

online tracking is adopted that we must follow in the future, we will inform you about that practice in a

revised version of this privacy notice.

• Based on the applicable laws of your country, you may have the right to request access to

the personal information we collect from you, change that information, or delete it in some circumstances.

To request to review, update, or delete your personal information, please email us at

[email protected].

• If you are a resident of the State of California, you can learn more about your privacy

rights below in our California Privacy Rights Notice annexed hereto as Exhibit A.

• If you are a resident of the EU, you can learn more about your privacy rights

below in our GDPR Consumer Privacy Rights Notice annexed hereto as Exhibit B

CALIFORNIA PRIVACY RIGHTS NOTICE

Additional Notice for California Residents

This Privacy Notice for California Residents supplements the information contained in the Privacy Policy,

and applies solely to all visitors, users, and others who reside in the State of California (“Consumers” or

“You”). We adopt this notice to comply with the California Consumer Privacy Act of 2018, as revised by

the California Privacy Rights Act of 2020 (“CCPA”) and any terms defined in the CCPA have the same

meaning when used in this Notice.

This Policy does not apply to workforce-related personal information collected from California-based

employees, job applicants, contractors, or similar individuals.

Where noted in this Policy, the CCPA temporarily exempts personal information reflecting a written or

verbal business-to-business communication (“B2B personal information”) from some its requirements.

The CCPA permits our users who are California residents to request and obtain from us, once a year and

free of charge, information about categories of personal information (if any) we disclosed to third parties

for direct marketing purposes and the names and addresses of all third parties with which we shared

personal information in the immediately preceding calendar year. If you are a California resident and

would like to make such a request, please submit your request in writing to us using the contact

information provided below.

• Definition of “Resident”.

• The California Code of Regulations defines a “Resident” as:

• every individual who is in the State of California for other than a temporary or

transitory purpose; and

• every individual who is domiciled in the State of California who is outside the

State of California for a temporary or transitory purpose.

• All other individuals are defined as “Non-Residents.”

• If this definition of “Resident” applies to you, we must adhere to certain rights and

obligations regarding your personal information.

• Sharing Personal Information.

• We may disclose your personal information to a third party for a business purpose. When

we disclose personal information for a business purpose, we require the recipient to both keep that

personal information confidential and not use it for any purpose except for use in connection with

performing the services on our behalf. The CCPA prohibits third parties who obtain the personal

information we hold from reselling it unless you have received explicit notice and an opportunity to opt-

out of further sales. We may disclose your personal information with our service providers pursuant to a

written contract between us and each service provider. Each service provider is a for-profit entity that

processes the information on our behalf.

• We may use your personal information for our own business purposes. This is not

considered to be “Selling” of your personal data.

• We may use or disclose the personal information we collect for one or more of our

business purposes in this Privacy Policy or as otherwise set forth in the CCPA. We will not collect

additional categories of personal information or use the personal information we collected for materially

different, unrelated, or incompatible purposes without providing you notice.

• The Company discloses the following categories of personal information for a business

purpose:

• Identifiers.

• California Customer Records

• Personal Information Categories.

• Commercial information.

• Internet or other Electronic Network Activity Information (i.e., browsing history

and information regarding a consumer’s interaction with our Website).

• Geolocation data.

• We disclose your personal information for a business purpose to the following categories

of third parties:

• Our affiliates;

• Service Recipients; and

• Third parties to whom you authorize us to disclose your personal information in

connection with the products or services we provide to you.

• CCPA Rights. The CCPA provides consumers who are California residents with specific rights

regarding their personal information. This section describes your CCPA rights and explains how to

exercise those rights:

• Access to Specific Information and Data Portability Rights. You have the right to request

that we disclose certain information to you about our collection and use of your personal information over

the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see

Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

• The categories of personal information we collected about you;

• The categories of sources for the personal information we collected about you;

• Our business or commercial purpose for collecting or selling that personal

information;

• The categories of third parties with whom we share that personal information;

• The specific pieces of personal information we collected about you (also called a

data portability request);

• If we sold or disclosed your personal information for a business purpose, two

separate lists disclosing:

• Sales. Identifying the personal information categories that each category

of recipient purchased; and

• Disclosures for a business purpose. Identifying the personal information

categories that each category of recipient obtained. We do not provide

these access and data portability rights for B2B personal information.

• Deletion Request Rights. You have the right to request that we delete any of your

personal information that we collected from you and retained, subject to certain exceptions. Once we

receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and

Deletion Rights), we will delete (and direct our service providers to delete) your personal information

from our records, unless an exception applies. We may deny your deletion request if retaining the

information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the personal information,

provide a good or service that you requested, take actions reasonably anticipated

within the context of our ongoing business relationship with you, fulfill the terms

of a written warranty or product recall conducted in accordance with federal law,

or otherwise perform our contract with you;

• Detect security incidents, protect against malicious, deceptive, fraudulent, or

illegal activity, or prosecute those responsible for such activities;

• Debug products to identify and repair errors that impair existing intended

functionality;

• Exercise free speech, ensure the right of another consumer to exercise their free

speech rights, or exercise another right provided for by law;

• Comply with the California Electronic Communications Privacy Act (Cal. Penal

Code § 1546 seq.);

• Engage in public or peer-reviewed scientific, historical, or statistical research in

the public interest that adheres to all other applicable ethics and privacy laws,

when the information’s deletion may likely render impossible or seriously impair

the research’s achievement if you previously provided informed consent;

• Enable solely internal uses that are reasonably aligned with consumer

expectations based on your relationship with us;

• Comply with a legal obligation; and

• Make other internal and lawful uses of that information that are compatible with

the context in which you provided it.

• Exercising Access, Data Portability, and Deletion Rights.

• To exercise the access, data portability, and deletion rights described above, please

submit a verifiable consumer request to us by email at [email protected].

• Only you, or someone legally authorized to act on your behalf, may make a verifiable

consumer request related to your personal information. You may also make a verifiable consumer request

on behalf of your minor child. You may only make a verifiable consumer request for access or data

portability twice within a twelve (12) month period.

• The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the

person about whom we collected personal information or an authorized

representative.

• Describe your request with sufficient detail that allows us to properly understand,

evaluate, and respond to it. We cannot respond to your request or provide you

with personal information if we cannot verify your identity or authority to make

the request and confirm the personal information relates to you. You do not need

to create an account with us to submit a request to know or delete. However, we

do consider requests made through your password protected account sufficiently

verified when the request relates to personal information associated with that

specific account. We will only use personal information provided in the request

to verify the requestor’s identity or authority to make it. If, however, we cannot

verify your identity from the information already maintained by us, we may

request that you provide additional information for the purposes of verifying your

identity, and for security or fraud-prevention purposes. We will delete such

additionally provided information as soon as we finish verifying you. For

instructions on exercising your sale opt-out or opt-in rights, see Personal

Information Sales Opt-Out and Opt-In Rights.

• Response Timing and Format. We endeavor to respond to a verifiable consumer request

within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform

you of the reason and extension period in writing. If you have an account with us, we will deliver our

written response to that account. If you do not have an account with us, we will deliver our written

response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve

(12) month period preceding the verifiable consumer request’s receipt. The response we provide will also

explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will

select a format to provide your personal information that is readily useable and should allow you to

transmit the information from one entity to another entity without hindrance. We do not charge a fee to

process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly

unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision

and provide you with a cost estimate before completing your request.

• Personal Information Sales Opt-Out and Opt-In Rights. If you are sixteen (16) years of

age or older, you have the right to direct us not to sell your personal information at any time (the “Right to

Opt-Out”). We do not sell the personal information of consumers we actually know are less than sixteen

(16) years of age, unless we receive affirmative authorization (the “Right to Opt-In”) from either the

consumer who is at least thirteen (13) but not yet sixteen (16) years of age, or the parent or guardian of a

consumer less than thirteen (13) years of age. Consumers who opt-in to personal information sales may

opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized

representative) may submit a request to us by emailing us at [email protected]. Once you make

an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal

information sales. However, you may change your mind and opt back into personal information sales at

any time by amending your preferences here. You do not need to create an account with us to exercise

your opt-out rights. We will only use personal information provided in an opt-out request to review and

comply with the request.

• In accordance with applicable law, we are not obligated to provide or delete consumer

information that is de-identified in response to a consumer request or to re-identify individual data to

verify a consumer request.

• Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights. We will not

discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will

not:

• Deny you goods or services;

• Charge you different prices or rates for goods or services, including through

granting discounts or other benefits, or imposing penalties;

• Provide you a different level or quality of goods or services;

• Suggest that you may receive a different price or rate for goods or services or a

different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different

prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to

your personal information’s value and contain written terms that describe the program’s material aspects.

Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at

any time.

• CCPA Rights Request Metrics.

• Metrics regarding the consumer rights requests We received from California residents

from January 1, 2023 to December 31, 2023 appear in the following chart:

Request Type: [Right to Know, Right to Delete, Right to Opt-Out]

Received: [0]

Granted (in whole or in part) : [0]

Denied: [0]

Median Days to Respond: [0]

Requests to Know: [0]

Unverifiable: [0]

Not by a California resident: [0]

Called for information exempt

from disclosure: [0]

Denied on other grounds: [0]

Requests to Delete: [0]

Requests to Opt-Out

of Personal Information Sales: [0]

• Other California Privacy Rights. California’s “Shine the Light” law (Civil Code Section §

1798.83) permits users of our Website that are California residents to request certain information

regarding our disclosure of personal information to third parties for their direct marketing purposes. To

make such a request, please send an email to [email protected].

• Changes to Our Privacy Notice. We reserve the right to amend this privacy notice at our

discretion and at any time. When we make changes to this privacy notice, we will post the updated notice

on the Website and update the notice’s effective date. Your continued use of our Website following the

posting of changes constitutes your acceptance of such changes.

EXHIBIT B

GDPR CONSUMER PRIVACY RIGHTS NOTICE

Additional Notice for European Union (EU) Residents

This GDPR Consumer Privacy Rights Notice supplements the information contained in the Privacy

Policy of RNG Agency, LLC, a Tennessee limited liability company (“Company”, “We”, or “Us”) and

applies solely to all visitors, users, and others who reside in the European Union (“EU”) (“Consumers” or

“You”). We adopt this notice to comply with the General Data Protection Regulation (“GDPR”) and any

terms defined in the GDPR have the same meaning when used in this Notice.

This notice explains what information we collect about you, how that information is used, who receives

this information, the circumstances in which such information is shared and the steps taken to maintain

this information private and secure. If you are not resident of the EU, please refer to our privacy policy

included on the first page of this document.

• How We Collect and Use Personal Data.

• We collect Personal Data from natural persons who are residents of the EU as described

below.

• The types of Personal Data we collect:

• Identifiers: Contact details, such as real name, alias, postal address,

telephone or mobile contact number, unique personal identifier, online

identifier, device identifier, Internet Protocol address, email address and

account name; or other similar identifiers.

• Personal Data in Customer Records: Includes any information that

identifies, relates to, describes, or is capable of being associated with a

particular consumer or household, including, the “identifiers” listed in

(A), and the following: signature, physical characteristics or description,

or any other information when and to the extent that you provide it to us

directly or through third parties.

• Legally Protected Characteristics: Includes date of birth/age, gender,

race, color, national origin, citizenship, marital status, physical or mental

disability, and veteran or military status, when and to the extent that you

provide it to us directly or through third parties.

• Internet or Network Activity: Includes, but is not limited to, browsing

history on our websites, search history, information on a consumer’s

interaction with our websites or applications.

• Geolocation Data: Includes information such as physical location or

movements.

• Inferences from above used to Profile: Includes inferences drawn from

other Personal Data, such as profiles reflecting a person’s preferences,

behavior, attitudes, abilities, and aptitudes. The Company does not

operate a website directed towards children or has actual knowledge that

the bank is collecting or maintaining personal information from children

online.

• Sources from which we obtain your Personal Data:

• For each of these categories, we obtain your Personal Data from a variety of

sources, including from:

• our customers and consumers, with respect to both online and offline

interactions you may have with us or our service providers and other

entities with whom you transact;

• others with whom you maintain relationships who may deal with us on

your behalf;

• the devices you use to access our websites, mobile applications, and

online services;

• credit bureaus;

• identity verification and fraud prevention services;

• marketing and analytics providers;

• public databases;

• social media platforms; and

• other sources consistent with this Privacy Policy.

• Legal basis for processing:

• Depending on the purpose of the processing activity (see Section 2(d)), the legal

basis for the processing of your personal data will be one of the following:

• necessary for taking steps to enter into or executing a contract with you

for the services or products you request, or for carrying out our

obligations under such a contract, such as when we use your data for

some of the purposes in Section 2(d) (as well as certain of the data

disclosures described in Section 2(e));

• required to meet our legal or regulatory responsibilities, including when

we conduct the client on-boarding processes and make the disclosures to

authorities, regulators and government bodies;

• in some cases, necessary for the performance of a task carried out in the

public interest;

• necessary in order to protect the vital interests of the data subject or of

another natural person;

• in limited circumstances, processed with your consent which we obtain

from you from time to time (for instance, where required by laws other

than the GDPR), or processed with your explicit consent in the case of

special categories of Personal Data such as your medical information;

and

• necessary for the legitimate interests of the Company, without unduly

affecting your interests or fundamental rights and freedoms.

• Where the Personal Data we collect from you is needed to meet our legal or

regulatory obligations or enter into an agreement with you, if we cannot collect

this Personal Data, there is a possibility we may be unable to on-board you as a

client or provide products or services to you (in which case we will inform you

accordingly).

• How we use your Personal Data.

• At the time you submit Personal Data or make a request, the intended use of the

information you submit will be apparent in the context in which you submit it and/or because the

Company states the intended purpose. The Company needs to collect, process and use Personal Data for

a number of purposes. A primary purpose is to ensure we can provide customers with the products and

services we offer and which they have requested. We also need to use Personal Data for purposes of

carrying out our business operations, including confirming a person’s authority as a representative or

agent of a customer, maintaining business continuity plans and processes, undertaking internal

investigations and audits, handling legal claims, responding to requests form supervisory authorities, and

complying with applicable laws and regulations.

• We use the Personal Data we collect, as identified in the categories listed in Section 2(a)

above, for the business purposes listed below:

• Financial, Legal and Compliance Management: Audits, accounting, and

supporting our everyday operations, including to meet risk, legal, and compliance

requirements;

• Fraud Prevention: Reporting, evaluating and monitoring particular transactions

and interactions, including online interactions, you may have with us or others on

our behalf;

• Security: Detecting and protecting against security incidents, and malicious,

deceptive, fraudulent or illegal activity, and prosecuting the same;

• IT Operations: Debugging to identify and repair errors in our systems;

• Marketing/Prospecting: Short-term, transient use, including contextual

customization of ads; conducting marketing and surveys associated with our

products and services;

• Customer Services: Providing services on your or our behalf, or on behalf of

another, including maintaining or servicing accounts, providing customer service,

fulfilling transactions, verifying identity information, processing payments, and

other services;

• Research: Conducting internal research to develop and improve technology;

• Improving Products and Services: Conducting activity to verify, enhance, and

maintain the quality or safety of services or devices which we may own, control,

or provide;

• Operation of our Sites: Preparing statistics, analyzing traffic patterns and

performing analysis to support our operations; and

• Legal Proceedings: Receiving and responding to law enforcement requests, to

prepare for or in support of ongoing litigation and as required by applicable law,

court order, or governmental regulations.

• We may also use the Personal Data we collect for:

• other operational processes,

• purposes for which we provide you additional notice, or

• purposes compatible with the context in which the Personal Data was

collected.

• Sharing of Personal Data.

• When providing products or services to you, we will share Personal Data with other

Company subsidiaries in order to ensure a consistently high service standard across our group, and to

provide services and products to you.

• In some instances, we also share Personal Data with our service providers, which provide

services to us, such as IT and hosting providers, marketing providers, appraisers, adjusters, debt collectors

fraud prevention providers, credit reference agencies, and others. For more information on the service

providers with whom we share information, please see Reasons we can share your personal information.

Whenever we disclose Personal Data, we execute a contract that describes such purpose and require the

recipient to keep the Personal Data confidential and prohibit its use for any purpose other than to perform

the obligations under the contract. When we do so, the Company requires such recipients to comply with

appropriate measures designed to protect your Personal Data, including through contractual arrangements.

• If required from time to time, we disclose Personal Data to public authorities, regulators,

or governmental bodies, including when required by law or regulation, under a code of practice or

conduct, or when these authorities or bodies require us to do so.

• If our business or assets were sold to another party, Personal Data will be transferred as

part of the transaction. The Company may also share Personal Data with prospective purchasers during

the due diligence process related to the prospects of selling or transferring part of, or an entire business.

The Company requires such recipients to comply with confidentiality, privacy, and other legal

requirements and in response, follow security measures designed to protect your Personal Data.

• We will disclose Personal Data when legally required, to exercise or protect legal rights,

including ours and those of our employees or other stakeholders; or in response to requests from you or

your representatives.

• Transfer of Personal Data to Different Countries. We do business with service providers

around the world and, in some instances, may transfer Personal Data to such providers in the course of

doing business with them. These providers assist us with certain operations and activities. In those cases,

the Company requires such recipients to comply with appropriate measures designed to protect your

Personal Data, including through contractual arrangements.

• How We Secure Personal Data. We implement appropriate technical and organizational

measures to address the risks corresponding to our use of your Personal Data, including loss, alteration, or

unauthorized access to your Personal Data. We require our service providers to do the same through

contractual agreements.

• How Long We Keep your Personal Data. We will retain your Personal Data for as long as it is

needed or permitted in light of the purposes in Section 2(d). The criteria used to determine our retention

periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a

legal or regulatory obligation to which we are subject; and (iii) whether retention is advisable in light of

our legal or regulatory obligation (such as in regard to applicable statutes of limitations, litigation or

regulatory investigations).

• Your Data Protection Rights.

• Laws in the EU enable individuals to have appropriate control and oversight over what

organizations do with your Personal Data.

• The following are your Personal Data rights:

• The right to be informed about our processing of your Personal Data.

• The right of erasure (right to be forgotten), which allows you to ask us to destroy

your Personal Data if you believe we no longer need it, or we are using it

inappropriately. However, we may continue to retain your information if we are

entitled or required to retain it.

• The right to data portability, which includes the right to receive Personal Data

you have provided to us in a structured, commonly used, and machine-readable

format.

• The right of access to data that has been collected and that we process. You may

ask us for a description of the Personal Data we hold and the purposes for

holding it. You may ask for a paper or electronic copy of this information.

• The right to rectify or correct data if it is inaccurate, or to have incomplete data

completed.

• The right to restrict processing when you contest data accuracy, when you

believe our use is unlawful, or when you wish for us to keep but not use Personal

Data beyond our time limit for storage, for purposes as described above in

Section 2(d).

• The right to lodge complaints with a data protection authority regarding any

processing by us or on our behalf.

• The right to object extends to direct marketing when Personal Data is processed

for direct marketing purposes, including profiling to the extent it is related to

such marketing. You may object to direct marketing by clicking the “unsubscribe”

link in any of our emails to you or by emailing us at [email protected] at

any time.

• The Company will seek to obtain your consent where required by applicable law. We

may analyze users’ online activities, interests, and preferences in order to provide our services, such as to

configure our online channels and apps for a better experience, and/or for marketing purposes. Where we

process your Personal Data on the basis of your consent, you have the right to withdraw that consent at

any time subject to applicable legal obligations. Please also note that the withdrawal of consent shall not

affect the lawfulness of processing, based on consent before its withdrawal.

• How to Revoke Your Consent to Our Use of Your Personal Data and Submit Privacy

Related Inquiries.

• You can direct all requests relating to access, correction, and other legal rights regarding

Personal Data, or any questions regarding this Notice, by emailing us at [email protected].

• We try to respond to all authenticated requests in relation to your legal rights within one

month. Occasionally it may take us longer than a month to respond, if your request is particularly

complex or you have made a number of requests. In this case, we will notify you and keep you updated.

• You may also submit a general privacy related inquiry in accordance with applicable

laws and regulations. We will respond to such requests in accordance with applicable laws.

• Please issue such requests by sending a completed inquiry to us via email at

[email protected]. Please provide your name and contact information along with your inquiry.

• Changes to Our Privacy Notice. We reserve the right to amend this privacy notice at our

discretion and at any time. When we make changes to this privacy notice, we will post the updated notice

on the Website and update the notice’s effective date. Your continued use of our Website following the

posting of changes constitutes your acceptance of such changes.