Onsite Privacy Policy Last modified: 03/02/2022 Introduction Onsite, Inc. ("Company" or "we") respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide to the Company’s mobile application, tablet application, technology platform, and website including any content, functionality, and services offered on or through such application, website, or platform (collectively, "Onsite") and our practices for collecting, using, maintaining, protecting, and disclosing that information. This policy applies to information we collect: On any Onsite platform; In email, text, and other electronic messages between you and Onsite; Through automated services such as cookies. It does not apply to information collected by: Us offline or through any other means, including on any other website, application, platform, etc. operated by Company or any third party; or Any third party, including through any application or content (including advertising) that may link to or be accessible from or on Onsite. Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. This Privacy Policy is incorporated within our Terms & Conditions. By checking your acceptance of our Terms & Conditions, you accept this Privacy Policy. If you do not agree with our policies and practices, your choice is not to use Onsite. Information Covered by this Privacy Policy This Privacy Policy only applies to personal information (as defined below). This policy excludes the following categories of information: Publicly available information from government records. Deidentified or aggregate consumer information. Personal Information We Collect About You and How We Collect It We collect several types of information from and about Onsite users, including information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be directly linked with a particular consumer, household, or device ("personal information"). In particular, Onsite may collect the following categories of personal information (note: some information may overlap in multiple categories) CATEGORY EXAMPLES Identifiers A real name, unique personal identifier, online identifier, email address, postal address, account name Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, telephone or mobile number, address, credit card number, debit card number, or any other financial information; Protected classification characteristics under California or federal law Age and date of birth Geolocation data Physical location Internet or other similar network activity Browsing type; time spent viewing web pages; pages visited; network location and IP address Inferences drawn from other personal information Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes We collect the information detailed above: Directly from you when you provide it to us or with your consent e.g. when you create an account with us and answer questions pursuant to our quizzes. Automatically as you navigate through Onsite including traffic data, location data, and other communication data. Information collected automatically may also include usage details, details of your visit to Onsite, IP addresses, and information collected through cookies and other tracking technologies. The technologies we use for this automatic data collection may include: Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of Onsite. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to Onsite. Flash Cookies. Certain features of Onsite may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on Onsite. Flash cookies are not managed by the same browser settings as are used for browser cookies. Web Beacons. Pages on Onsite and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). By using Onsite, you consent to our use of automatic data collection and tracking technologies. The types of technologies we may use include cookies and Google Analytics. In addition to our uses of cookies described above, we also use cookies to: track our your visits and source; track web pages viewed; store your preferences such as preferred language (if applicable); gather statistics on the number of users, the location of users, and usage habits or patterns; tailor your Onsite experience and advertisements; or analyze parts of Onsite in order to improve its speed, functionality, or performance. You can choose to not accept or delete (“flush”) cookies by adjusting your browser settings or Onsite settings in the applicable application. However, if you do so, you may be unable to access certain parts of Onsite or lose some of the functionality. Unless you have set your browser not to accept cookies, Onsite will issue cookies when you are using Onsite. Opting-Out and Managing Cookies: When you visit Onsite, you can change the settings in your browser or device to alter the cookie preferences, including not accepting cookies. We have provided links below to further information on how to manage cookies depending on the browser or device you use: [Identify Cookies and links to lookes] Google Analytics: We use Google Analytics, a web analytics service provided by Google Inc. (“Google”), which uses cookies to help analyze Onsite. The information generated by cookies about your use of Onsite will be anonymous, but may be sent to Google and stored by Google. Google will use this information to evaluate your use of Onsite, compile reports on activity on both, and provide us with other Internet-related services. Also, Google may transfer this information to third parties if required by law or if third parties process the information on Google’s behalf. By using Onsite, you consent to the processing of data about you by Google in the manner described and for the aforementioned purpose. More information about Google Analytics can be found at the following URLs: https://marketingplatform.google.com/about/analytics/#?modal_active=none You can also choose to opt-out of Google Analytics if you wish. To learn more about this, you may visit the following link: https://tools.google.com/dlpage/gaoptout. Third-Party Use of Cookies and Other Tracking Technologies: Some content or applications on Onsite may be served by third-parties. These third parties may use cookies alone or together with other tracking technologies to collect information about you when you use Onsite. The information they collect may be associated with your personal information or they may collect information about your online activities over time and across different websites and other online services. By using Onsite you consent to these third parties’ use of cookies, but please note that we do not control these third parties’ tracking technologies or how they may be used. If you have any questions about them, you should contact the responsible provider directly. How We Use Your Personal Information We may use, or disclose the personal information we collect for one or more of the following purposes: To create user profiles and user analytics so we can make our recommendations for courses and learning institutions. To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about Onsite, we will use that personal information to respond to your inquiry. To provide, support, personalize, and develop Onsite. To process your requests, purchases, transactions, and payments and prevent transactional fraud. To create, maintain, customize, and secure your account with us. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses. To personalize the Onsite experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and through Onsite and via email or text message (with your consent, where required by law). To help maintain the safety, security, and integrity of Onsite. For testing, research, analysis, and product development, including to develop and improve Onsite. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. Disclosures, Sharing, and the (Non)Sale of Your Personal Information We may share your personal information by disclosing it to our contractors, service providers, and other third parties for a business purpose as described below: Type of Personal information Business Purpose Disclosures to Third Parties Identifiers Identity verification; facilitate payment processing; data analytics; marketing purposes; fulfill transaction (e.g. bookings, reservations); support for Onsite Personal information defined by Cal. Civ. Code § 1798.80(e). Identity verification; facilitate payment processing; data analytics; marketing purposes; fulfill transaction (e.g. bookings, reservations); support for Onsite Protected Classification Identity verification; facilitate payment processing; data analytics; marketing purposes; fulfill transaction (e.g. bookings, reservations); support for Onsite Geolocation data Support for Onsite Internet or other similar network activity Support for Onsite Inferences drawn from other personal information Support for Onsite We may also disclose your personal information: for any other purpose disclosed by us when you provide the information. with your consent. to comply with any court order, law, or legal process, including to respond to any government or regulatory request. to a buyer or other successor-in-interest to our Company in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about the users of Onsite is among the assets transferred. to enforce our Terms and Conditions and other agreements, including for billing and collection purposes; if in our reasonable judgment we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our Company, our employees or customers, or others, including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. We do not sell personal information. For California Citizens – Your Rights and Choices The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. PLEASE NOTE THAT THE EXERCISE OF YOUR RIGHTS DEPENDS ON WHETHER WE ARE A “COVERED BUSINESS” UNDER THE CCPA. CURRENTLY WE ARE NOT A COVERED BUSINESS. WE WILL HONOR YOUR RIGHTS BELOW WHEN WE BECOME A COVERED BUSINESS. CA’s Right to Know and Data Portability You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity, we will disclose to you: The categories of personal information we collected about you. The categories of sources for the personal information we collected about you. Our business or commercial purpose for collecting or selling that personal information. The specific pieces of personal information we collected about you (also called a data portability request). CA’s Right to Delete You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. Debug products to identify and repair errors that impair existing intended functionality. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.). Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us. Comply with a legal obligation. Make other internal and lawful uses of that information that are compatible with the context in which you provided it. Exercising Your CA’s Right to Know and Delete To exercise your rights to know or delete described above, please submit a request by either: Calling us at 1 (844) 200-8332. Emailing us at info@onsiteplanning.com Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. You may also make a request to know or delete on behalf of your child. You (or your guardian acting on your behalf) may only submit a request to know twice within a 12-month period. The request to know or delete must: Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include your or your parent’s legally authorized driver’s license or passport. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to submit a request to know or delete. We will only use personal information provided in the request to verify the requestor's identity or authority to make it. Response Timing and Format We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact info@onsiteplanning.com. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. You can review and change your personal information by logging into Onsite and visiting your account profile page. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of Onsite, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to Onsite. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Onsite. No Discrimination for Exercising CA Rights We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: Deny you goods or services. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. Provide you a different level or quality of goods or services. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. ChangesT o our Privacy Policy It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users' personal information, we will notify you. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting Onsite and this privacy policy to check for any changes. Contact Information To ask questions or comment about this privacy policy and our privacy practices, contact us at: info@onsiteplanning.com.