Privacy Policy

Last Updated: August 1, 2024 Who Are We Bill Gosling Outsourcing Corp. and its subsidiaries and affiliates (the “Company”, “we”, “our”), provides accounts receivable and contact center management services for a variety of commercial and consumer market segments. If you have any questions or comments about our Privacy Policy or our practices, or if you would like to correct, complete, or supplement any of your information we maintain, please contact us as follows: Via mail – Canadian Office: Bill Gosling Outsourcing Attention: Privacy Commissioner Amanda Faris (Director, Compliance) 55 Mulcaster Street, Suite 600 Barrie, ON, Canada L4M 0J4 Via mail – United States Office: Bill Gosling Outsourcing Attention: Privacy Commissioner 4410 E. Claiborne Square Suite 235, Hampton, VA 23666 Via mail or email – United Kingdom Office: Attention: Data Protection Officer Bill Gosling Outsourcing Limited Anderston House 389 Argyle Street Glasgow G2 8LR Email: uk.compliance@billgosling.com Via email (all other branches excluding United Kingdom): legal@billgosling.comOur Commitment

We are committed to respecting the personal privacy of the individuals we deal with. We will comply with relevant federal, provincial and state legislation as it relates to the processing of your information.

This Privacy Policy describes the Company’s policies and practices regarding its collection, use, maintenance, and disclosure of your personal data, and sets forth your privacy rights. This Privacy Policy applies both to the Company’s online information gathering and dissemination practices for Company’s web applications including this website (the “Site”), and information collected or received offline, whether directly from you or from other sources.

If you have arrived at this Privacy Policy by clicking through a link on our Site, or by searching for or clicking on a link directing you to any page of our Site, then this Privacy Policy applies to you. When you use the Site, you consent to the use of your information in the manner specified in this Privacy Policy. This policy may change periodically, as we undertake new personal data practices or adopt new privacy policies, so please check back from time to time for updates to the policy posted here. Updates become effective immediately upon posting unless otherwise stated. By your continued use of the Site, you consent to the terms of the most recently revised and posted policy.

Use of our Site is strictly limited to persons who are of legal age in the jurisdictions in which they reside. You must be at least eighteen (18) years of age to use our Site. If you are not at least 18 years of age, please do not use or provide any information through this Site. Please also review our Terms & Conditions governing the use of this site.Why We Collect Personal Information

We collect personal information to identify you and to confirm facts about you related to employment or our services. We will only collect, use and disclose personal information to assist in addressing your inquiry or to communicate in general about employment-related matters or matters related to the services we provide, or as otherwise permitted or required by law.Personal Information We Collect

Nonpublic personal information is information about you that is generally not publically available and that we obtain in connection with providing a financial product or service to you. We collect public and nonpublic Personal Information from the following sources:

•Information you submit to us voluntarily including identifying information such as name, address, telephone numbers, e-mail address and social security number, information provided when inquiring about our services and/or establishing a contractual relationship between us, including card payment and checking account information needed to process a payment. That information – whether submitted or disclosed to us through the Site, by mail, e-mail, SMS text, telephone, or other channel, and whether the purpose for your submission is to inquire about or discuss your account or our services or authenticate your identity – is governed by this Privacy Policy.

•Information from third parties acting on your behalf, who voluntarily submit Personal Information (e.g., name, address, email address, telephone number, date of birth, social security number, account information, financial information, attorney information, court records, etc.) contained in communications with someone other than you, such as your spouse, power of attorney, attorney, or other authorized representative.

•Information from data/service providers and consumer reporting agencies such as credit history, credit scores, updated contact information, criminal background, bankruptcy activity, death or probate status, etc. We will use this information to fulfill our responsibilities to our clients and assess eligibility for employment if you are a job applicant.

•Information Automatically Collected by your use of this Site. You may use this Site without disclosing to us any personally identifiable information. We do not automatically collect any personally identifiable information from you (e.g., name, address, telephone number, email address, social security number, account numbers, or financial information) when you use the Site. The Site can only collect such information if it is affirmatively provided by you.

•Like most websites, however, the Site automatically collects certain non-personally identifiable information during a user’s visit. That information may include the internet protocol (IP) address of your device, the location where the device is accessing the internet, browser type and language, internet service provider, type of computer/operating system, date/time stamps, user interface interaction data (e.g., mouse clicks or navigation through the Site), and other information about the usage of the Site, including a history of pages viewed and or uniform resource locator (URL) information (showing where you came from or where you go to next). We use this information to improve the Site’s design, estimate user volume and usage patterns, speed up searches, and improve the user experience. We may also use this information to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.•More specifically:

I. IP Address – Each time a user visits the Site, we may automatically collect an internet protocol (IP) address and the web page from which the user was directed to the Site. In order to administer and optimize the Site and to diagnose and resolve potential issues or security threats to our Site or to the Company, we may use an IP address to help identify users and to gather broad demographic information about them.

II. Cookies, Pixel Tags, And Web Beacons – Cookies are small files that a site or its service provider transfers to a user’s device through the web browser (if you allow) that enables the site’s or service provider’s systems to recognize the browser and capture and remember certain information. We use cookies to optimize Site functionality and improve a user’s experience while navigating through the Site. Most or all browsers permit you to disable or reject cookies. You can do this by adjusting your preferences in the browser.

Our Site may incorporate “pixel tags,” “web beacons,” or similar tracking technologies (collectively, “pixel tags”) that track the actions of Site users. Pixel tags are used to collect information, such as the internet service provider, IP address, the type of browser software and operating system being used, the date and time the Site is accessed, the website address, if any, from which a user linked directly to the Site and/or the website address, if any, to which the user travels from the Site and other similar traffic-related information. We may aggregate information collected from Site visits by various users to help us improve the Site and the services that we provide through the Site.

III. Do Not Track – Our Site tracks when visitors enter through a marketing landing page. The Site also keeps a record of third-party websites accessed when a user is on our Site and clicks on a hyperlink. But we do not track users to subsequent sites and do not serve targeted advertising to them.

IV. Analytics Information – Web servers for the Site may gather anonymous navigational information about where visitors go on our Site and information about the technical efficiencies of our Site and services. Anonymous information does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual. Examples of anonymous information may include certain information about the internet browser, domain type, service provider and IP address information collected through tracking technologies and aggregated or de-identified data. We use anonymous analytics information to operate, maintain, and provide to you the features and functionality of the Site, improve our services, analyze trends and administer our web applications.Limiting Use, Disclosure and Retention

We will not use or disclose personal information for purposes other than those for which it was collected, except with your consent or as required by law. Personal information cannot be used or passed on in a manner inconsistent with the identified purpose.

We may share your personal information with third parties, such as our service providers, for the purpose of acting as a service provider to our clients. We undertake efforts to see that these parties are under a contractual obligation to use the personal information solely for the purposes for which the information was disclosed by us. Despite these efforts, we exercise no control over these parties and we are not responsible for their conduct, actions, omissions or information handling or dissemination practices.

We may also share personal information with regulatory agencies and auditors or as required by law. We do not sell personal information to third parties for their independent use.

We may share your personal information with our clients pursuant to a written contract through which we act as a service provider. We may also share your Personal Information with third parties to whom you or your agents authorize us in advance to intentionally disclose to or allow to use your Personal Information in connection with the services that we provide.

Some of our employees may be given access to personal information collected by us insofar as their duties require access for the purposes outlined. Our employees are governed by a non-disclosure agreement prohibiting disclosure or use of any confidential or personal information for any purposes other than the stated purpose.

Personal information that is no longer required will be destroyed or erased. We retain personal information only for as long as it is required for our business purposes or as required by federal, provincial and state laws.Protecting Personal Information

Safeguarding personal information is important to us. Bill Gosling Outsourcing is certified as being in conformity with the requirements of the Information Security Management Standard ISO/IEC 27001:2013 by Intercert, excluding our Trinidad & Tobago location. Our India branches are certified by Intercert as being in conformity with the requirements of the Information Security Management Standard ISO/IEC 27001:2022. We have implemented physical, electronic and procedural security safeguards to protect against the unauthorized release of or access to personal information. We provide training to educate our personnel about the meaning and requirements of our Privacy Policy. Personal information is accessible only by appropriate personnel who have a business need for the information. We may leverage artificial intelligence, language models and other machine learning tools that may process personally identifiable information about you that you submit to us. Such tools will only be used to assist us in improving the efficiency or accuracy of our company processes. We do not use any such tools to make automated decisions about you or the information you submit to us.Accuracy

We take reasonable steps to ensure that the personal information under its control is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

We will not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected. We will take reasonable steps to ensure that personal information that is used on an ongoing basis, including personal information that is disclosed to third parties, is accurate and up to date.Rights to Access

You have a general right to access the information about you that we have in our records. To obtain a copy of the information we have about you, please forward a request via one of the contact methods identified under the “Who We Are” section of this policy.

We will respond to your request to access your personal information within a reasonable time, and not later than 30 days after receipt of the request or in accordance with applicable legislation. For your protection, we will take steps to confirm your identity before providing you with this information. If information about you in our records is incomplete or inaccurate, you may ask us to make corrections to it. We will update our records as necessary upon verification.Normal Website Usage

Cookies are small text files which are transferred from our websites, applications or services and stored on your device. We use cookies to help us provide you with a personalized service, and to help make our websites, applications and services better for you. You can visit our Site to read company information or our educational or informational tools, without telling us who you are and without revealing any personal information.

Under Data Protection Regulations, visitors to our website must consent to being tracked. This means, when you visit our website you will be given a Cookies Notification that will explain that our site uses cookies and giving you the opportunity to opt in to us collecting your data. If you do not chose to opt in, our website will not collect or store your data. Information on what we do with the data we collect and how long we retain this data can be found above. Online Collection of Personally Identifiable Information

There are instances where we request personally identifiable information to provide the website visitor a service or correspondence, such as facilitating a payment or responding to a query or complaint. This information, such as name, mailing address, e-mail address, type of request, and possibly additional information, is collected and stored in a manner appropriate to the nature of the request as determined by us and is used to fulfill your request. This information may also be provided to our affiliates or authorized third parties for use on our behalf in accordance with our Privacy Policy.

During the course of your visit, you may move to our related websites. In addition, this site may provide links to third party sites not controlled by us. It is recommended that you check the specific privacy statements of any site, including those whose links are provided, before providing any personally identifiable information, so that you can understand how those sites collect, use and share your information. We are not responsible for the privacy statements, content or data handling practices on other websites.Our Internet Services

In order to use certain Internet services, we require personally identifying information we can use to verify you as our customer. We use this to identify and access data in the existing relationship we have with you to provide you with the requested services. Providing your e-mail/text address is optional, except when you request an Internet delivered service, then it is necessary for us to have in order to honor your request and we will require specific permission from you to communicate with you via e-mail/text.How to Register a Privacy-Related Complaint We will investigate all complaints and we will take appropriate measures, including amending policies and procedures if required. You may register a privacy-related complaint by contacting our Compliance team at: Canadian Office: Bill Gosling Outsourcing Attention: Compliance Department 55 Mulcaster Street, Suite 600 Barrie, ON, Canada L4M 0J4 na.compliance@billgosling.com Or 1-877-451-2594 United States Office: Bill Gosling Outsourcing Attention: Privacy Commissioner 4410 E. Claiborne Square Suite 235, Hampton, VA 23666 na.compliance@billgosling.com Or 1-877-451-2594 United Kingdom Office: Attention: Privacy Commissioner Bill Gosling Outsourcing Limited Anderston House 389 Argyle Street Glasgow G2 8LR uk.compliance@billgosling.com0141 457 7000

We are committed to working with you to obtain a fair and rapid resolution of any complaints or disputes about privacy and the handling of your personal information. If after contacting our Compliance team, you still have unresolved concerns with respect to our handling of your personal information, please write to our Privacy Commissioner at:Canadian Office: Bill Gosling Outsourcing Attention: Privacy Commissioner 55 Mulcaster Street, Suite 600 Barrie, ON, Canada L4M 0J4 United States Office: Bill Gosling Outsourcing Attention: Privacy Commissioner 4410 E. Claiborne Square Suite 235, Hampton, VA 23666 United Kingdom Office: Attention: Data Protection Officer Bill Gosling Outsourcing Limited Anderston House 389 Argyle Street Glasgow G2 8LR Changes

We reserve the right to change this Privacy Policy at any time and without notice. A revised Privacy Policy may only apply to data collected subsequent to its effective date. This Privacy Policy is reviewed at a minimum annually, or where changes to regulatory requirements are identified.**THE INFORMATION BELOW APPLIES TO CALIFORNIA RESIDENTS**Rights Under The California Consumer Privacy Act.A. The CCPA And Personal Information.

The California Consumer Privacy Act (“CCPA”), effective January 1, 2020, as clarified by the Regulations issued by the California Attorney General, grants privacy rights to California consumers in connection with their Personal Information.

Personal Information or “PI” is “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” PI, as defined in the CCPA, does not include personal information that is already subject to sector-specific privacy laws, including the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a federal law that imposes requirements on financial institutions to protect consumer data. A consumer has rights regarding his/her PI, including: i. A right to know what PI is collected, used, shared or sold by the business; ii. A right to access PI collected and retained by the business; iii. A right to require businesses and, by extension, their service providers, to delete PI, subject to certain exceptions; iv. A right to opt-out of the business’ sale of PI; and v. A right to non-discrimination in terms of pricing or service for choosing to exercise a privacy right under the CCPA. B. Consumer Right To Know.

A covered business must disclose in its privacy policy the PI it has collected, sold, or disclosed for a business purpose in the past 12 months. A business must disclose the following in response to a verifiable request to know: i. The categories of PI the business has collected about the consumer; ii. The categories of sources from which that PI was collected; iii. The business or commercial purpose for collecting or selling PI; iv. The categories of third parties with which the business shares PI; v. The categories of PI the business sold and categories of third parties to which it was sold; vi. The categories of PI the business disclosed for a business purpose and associated categories of third parties to whom those categories were disclosed; and vii. If requested, the specific pieces of PI the business has collected. C. Consumer Right To Delete.

A California consumer has the right to request that a covered business delete his/her PI, subject to certain exceptions. Once a request is reasonably verified by the business, the PI requested to be deleted must be removed from the records held by that business and the business must direct its Service Providers with whom the information was shared to also delete the information, unless it is subject to an exception. A request to delete may be denied if retaining the information is necessary to:

i. Complete the transaction for which it collected the PI, provide a good or service requested by the consumer, take action reasonably anticipated within the context of the ongoing business relationship with the consumer, or otherwise perform a contract with the consumer.

ii. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

iii. Debug products to identify and repair errors that impair existing intended functionality.

iv. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

v. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

vi. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

vii. Enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer’s relationship with the business.

viii. Comply with a legal obligation.

ix. Make other internal and lawful uses of the information that are compatible with the context in which the consumer provided it.D. Consumer Right To Non-Discrimination.

A business must not discriminate against a consumer who exercises CCPA rights. A business may charge different prices or provide a different quality of goods or services, but only if the difference is reasonably related to the value provided to the consumer by the consumer’s data. A business may offer financial incentives to a consumer for the collection, sale, or deletion of personal information on a prior, opt-in consent basis.E. Consumer Right To Opt-Out.

A business that sells PI to third parties must provide notice to consumers, clearly inform them of the right to opt out of the sale, and provide a “Do Not Sell My Personal Information” link on its website that enables the consumer to opt out of future sales.

A business is prohibited from selling the PI of a consumer the business knows is less than 16 years of age, unless (for a child between 13 and 16 years of age) the child has affirmatively authorized the sale or (for a child less than 13 years of age) the child’s parent or guardian has affirmatively authorized the sale.F. Privacy Policy Requirements.

A business must include the following in its privacy policy, to be updated every 12 months: i. A description of consumer CCPA rights, including the right to opt out of the sale of PI and a separate link to a “Do Not Sell My Personal Information” internet webpage if the business sells PI; ii. The method(s) by which a CCPA request can be submitted; and iii. A list of the categories of PI the business has collected, sold, or disclosed for a business purpose in the preceding 12 months.G. How Do I Exercise My CCPA Rights? Instructions For Submitting A CCPA Consumer Rights Request To Us If you are a California resident and wish to submit a CCPA Request to the Company, you may use one of the following methods: Via our website: Submit an Inquiry to us Via mail: Bill Gosling Outsourcing Attention: Privacy Commissioner 55 Mulcaster Street, Suite 600 Barrie, ON, Canada L4M 0J4 Via email: na.compliance@billgosling.com

Please be advised that we are only required to respond to your request to know or access twice in any 12-month period. We are required to keep a record of your CCPA request for at least 24 months, including any assigned reference number, the request date and nature of the request, the manner in which the request was made, the date and nature of our response, and the basis for any full or partial denial.H. Verification Of The Person Making A Request.

We need to be reasonably sure that the person making the request about your PI is you, or a representative authorized to make a request on your behalf. We cannot comply with your request if we cannot verify your identity or your authority to make a request for another person. Accordingly, before we can provide you with any substantive response, we must ask for information such as your full name, mailing address, account number, or the last four digits of your social security number, to attempt to verify your identity and locate your records, if any.

To the extent possible, we will not ask you for new information to verify your identity, but instead will request information that we can cross-check against existing records. If we are unable to verify your request without new information, we will delete the new information as soon as practical after processing your CCPA request, except as may be required to comply with the CCPA’s record retention requirements.

We will never require you to create an account with us in order to verify your request, but if you already have an account we may use that information to assist with verification. We will only use information you provide to us during the verification process to try to verify your identity or your authority to make the request for another person.

Requests to access the specific pieces of information we may hold, and not just a list of the categories of information, require heightened verification procedures, and we will require you to submit a written declaration under penalty of perjury stating that you are the consumer whose PI is the subject of the request. In addition, certain pieces of information, such as a social security number, driver’s license number, government-issued identification number or financial account numbers, account passwords or account security questions and answers, will not be disclosed in response to a CCPA request.

If you wish to authorize someone else to act on your behalf in connection with your CCPA rights, we must receive proof that this person is authorized to do so. Proof can be provided by a consumer verifying his/her own identity directly with us and then providing written authority for a designated person to act on the consumer’s behalf, or through receipt of a power of attorney or other legal documentation of authority, or proof of registration with the California Secretary of State as a designated representative of another consumer. You may also make a verifiable consumer request on behalf of a minor child, which requires that you submit proof of your status as a parent or legal guardian.I. How and When Will We Respond?

Within 10 business days of receipt of your request, we will provide confirmation of your request and an associated reference number. This may be provided by letter, email, or at the conclusion of a web form submission or phone call during which you submit a request.

If you submit a Request to Delete, we may require you to re-confirm your choice to delete the information after verifying your request, but prior to any actual deletion that may be required. We will strive to provide a response within 45 days of receiving your request. If we need additional time, or cannot verify your request, we will let you know. We will send our response to your request by U.S. mail or email, at your option. Any information we provide will cover only the 12-month period preceding receipt of your request. If we cannot respond to or comply with your Request to Know or Request to Delete, or we otherwise deny your request, we will explain our reasoning and decision in our response. We may, for example, deny a CCPA request if: i. the request cannot be acted upon because the personal information that was collected and is maintained is solely in our role as a Service Provider, as that term is defined in the CCPA; ii. we cannot verify your identity; iii. we need to retain the information you seek to have deleted in order to complete the transaction for which it was collected, or; iv. the information we maintain for you is exempt from the CCPA, such as information collected, processed, sold or disclosed pursuant to the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

We do not charge a fee to process your request unless it is excessive, repetitive, or manifestly unfounded, and we have informed you in writing of the reasoning behind a charge and its estimated cost. We will provide a cost estimate before completing your request if we determine that a charge is warranted.J. Disclosure of Company’s Service Provider Status

Company is a “Service Provider” of its clients, as that term is defined in the CCPA. Any PI that Company collects, maintains or processes is at the direction of and/or within the scope of Company’s role as a Service Provider and in order to fulfill our contractual responsibilities for the business purpose established in our client contracts. We do not collect or use your PI for our own purposes or any commercial purpose that falls outside the scope of our client contracts. We do not share or disclose PI for any reason that falls outside the scope of our contractual business purpose.

When a Service Provider receives a request to know or a request to delete from a consumer, it shall either act on behalf of the business for which it serves as a Service Provider in responding to the request or inform the consumer that the request cannot be acted upon because the request has been sent to a Service Provider. Thus, we may respond to your request to know or request to delete by explaining that we have collected, maintained or processed your PI solely in Our role as a Service Provider of our client and, if feasible, we will provide you with contact information to submit a CCPA request to that client.