IPOSTAL1 - GLOBAL PRIVACY POLICY

You may be asked to provide personal information anytime you are in contact with iP1. The iP1 corporate family of companies may share your personal information with each other and use it consistent with this Privacy Policy. For example, even if you do not reside in the United States (“USA”), your information may be shared with the appropriate company within the USZoom LLC corporate family which provides global support for all Services including technical infrastructure, product development, security, compliance, fraud prevention, and customer support.

4. THE PERSONAL INFORMATION WE COLLECT

Personal information is data that identifies an individual or relates to an identifiable individual. This includes information you provide to us or our service partners and information which is collected about you automatically

4.1. Information you provide to us

To establish an account and access our Services, we'll ask you to provide us with some important information about you. This information is either required by law (e.g. to verify your identity), necessary to provide the requested services (e.g. you will need to provide your bank account number if you'd like iP1 to perform check deposit services), or is relevant for certain specified purposes, described in greater detail below. As we add new features and Services, you may be asked to provide additional information.

Please be advised that we may not be able to serve you as effectively or offer you our Services if you choose not to share certain technically required information with us. Any information you provide to us that is not required is voluntary

We may collect the following types of information from you:

• Personal Identification Information: Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home and email addresses.
• Formal Identification Information: Government issued identity document such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under postal, financial, export or anti-money laundering laws and regulations.
• Institutional Information: Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.
• Financial Information: Bank account information, and/or tax identification.
• Transaction Information: Information about the transactions you make on our Services, such as the name and address of the recipient (in case of mail forwarding).
• Employment Information: Office location, job title, and/or description of role.
• Correspondence: Survey responses, information provided to our support team or user research team.

4.2. Information we collect from you automatically

We receive and store certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Please see our online cookie statement at https://ipostal1.com/cookie-statement.php

4.3. Information collected from third parties

From time to time, we may obtain information about you from third party sources as required or permitted by applicable law. These sources may include:

• Fraud Prevention Services & ID Verification Partners: We obtain information about you from fraud prevention services and ID verification partners such as Proof, Maxmind, and Jumio for purposes of preventing fraud and verifying your identity in accordance with applicable law. We obtain assessments and verifications comply with our legal obligations, such as postal, financial, export, and anti-money laundering laws. In some cases, we may process additional data about you to ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contractual obligations with you and others. Proof’s Privacy Policy is available at Privacy Policy, available at https://www.proof.com/legal/privacy-policy. Maxmind’s Privacy Policy is available at https://www.maxmind.com/en/privacy-policy#contact-for-additional-information-opting-outdata-access-and-correction-and-disputes and Jumio's Privacy Policy, is available at https://www.jumio.com/privacy-center/privacy-notices/online-services-notice/.
• Advertising Networks & Analytics Providers: We work with these providers to provide us with de-identified information about how you found our Sites and how you interact with the Sites and Services. This information may be collected prior to account creation.

4.4. Anonymized and aggregated data

Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated customer data (i.e. information about our customers that we combine together so that it no longer identifies or references an individual customer)

We may use anonymized or aggregate customer data for any business purpose, including to better understand customer needs and behaviours, improve our products and services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.

Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators.

5. HOW WE PROTECT AND STORE PERSONAL INFORMATION

iP1 maintains (and requires subcontractors and third parties it shares your information with to maintain) physical, technical and administrative safeguards to help protect the security and confidentiality of the personal information you entrust to us.

We may store, process and transfer all or part of your personal and transactional information in the USA and elsewhere in the world where our mail center facilities, or our service providers are located, including in but no limited to, Australia, Austria, Brazil, Curaçao, Czech Republic, Guatemala, Ireland, Israel, Italy, Lithuania, Netherlands, Portugal, Singapore, Slovakia, Spain, Switzerland, Taiwan, Ukraine, United Kingdom. For example, if you select a service location in a certain country the information that is received there on your behalf may be processed in that country and the country where our servers are located. Personal information processed and stored in another country may be subject to disclosure or access requests by the governments, courts or law enforcement or regulatory agencies in that country according to its laws.

By using our website and services or by providing us with personal information, you consent to any such transfer of information outside of your country. If you have any questions about our use of service providers outside of your country, you may contact us using the information below.

We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal information only for those employees, agents and contractors who require it to fulfil their job responsibilities. Full credit card data is securely transferred and hosted off-site by payment vendors Braintree. This credit card information is not accessible to iP1. For more information about how Braintree stores and uses your information, please see their Privacy Policy at https://www.paypal.com/us/legalhub/paypal/privacy-full.

However, no security measures can provide absolute protection, and we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in this Privacy Policy.

6. RETENTION OF PERSONAL INFORMATION

We store your personal information securely throughout the life of your iP1 account. We will retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below.

• Personal information collected to comply with our legal obligations under postal, financial, export, or anti-money laundering laws may be retained after account closure for as long as required under such laws
• Contact Information such as your name, email address and telephone number for internal marketing purposes is retained on an ongoing basis until you unsubscribe and retain such records for a reasonable time thereafter.
• Recording of our telephone calls with you may be kept for a reasonable time thereafter
• Information collected via technical means such as cookies; webpage counters and other analytics tools is kept for a reasonable period.

7. CHILDREN'S PERSONAL INFORMATION

We do not knowingly collect personal data from users deemed to be children under their respective national laws. iP1 will require parental consent when required to do so by the local law of the country from where the signup originates. If a user submitting personal information is suspected of being a legal minor and is unable to satisfy the parental consent requirement, iP1 will require such user to close the account and will not allow the user to continue using our Services. iP1 will also take steps to delete the information as soon as possible. Please notify us if you are the parent of an underage individual using our Services so we can take action to prevent access to our Services.

8. HOW YOUR PERSONAL INFORMATION IS USED

Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. We may use this information in the following ways:

8.1. To maintain legal and regulatory compliance

Most of our core Services are subject to laws and regulations requiring us to collect, use, and store your personal information in certain ways. For example, iP1 must identify and verify customers using our Services to comply with postal, financial, export and anti-money laundering laws across certain jurisdictions. For example, in the USA, this includes collection of a signed and notarized form PS 1583 and storage of your identification documents. In other jurisdictions, we may use third party service to verify your identity by comparing the personal information you provide against third-party databases and public records. When you seek to link a bank account to your iP1 Account to deposit a check, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. If you do not provide or update your personal information as required by law or tother applicable competent authority, we will have to close youraccount.

8.2. To enforce our terms in our user agreement and other agreements

iP1 handles items that may contain sensitive information, such as your scanned mail, identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, enforce our agreements with our sales partners / subcontractors fulfilling the Services, and/or prevent and detect violations of our posted user agreement or agreements for other Services. In addition, we need to charge fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. We may use any of your personal information collected for these purposes. The consequences of not processing your personal information for such purposes is the termination of your account.

8.3. To detect and prevent fraud and/or funds loss

We process your personal information to help detect, prevent, and mitigate fraud and abuse of our Services and to protect your account from compromise or funds loss.

8.4. To provide iP1's Services

We process your personal information to provide the Services to you. For example, when you want to subscribe to the Services or deposit checks on our platform, we require certain information such as your identification, contact information, and payment information. We cannot provide you with Services without such information.

8.5. To provide Service communications

We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services.

8.6. To provide customer service

We process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

8.7. To ensure quality control

We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions.

8.8. To help ensure network and information security

We process your personal information to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services.

8.9. For research and development purposes

We process your personal information to better understand the way you use and interact with iP1's Services. In addition, we use such information to customise, measure, and improve iP1's Services and the content and layout of our website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services.

8.10. To facilitate corporate acquisitions, mergers, or transactions

We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.

8.11. To engage in marketing activities

Based on your communication preferences, we may send you marketing communications (e.g. emails or mobile notifications) to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable law.

8.12. Consent based usage

Your personal information, any use or disclosure of your personal information is subject to your consent. We will not use or disclose your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time, and as required under the applicable law, we may request your permission to allow us to share your personal information with third parties. You may opt out of or withhold consent having your personal information shared with third parties or allowing us to use your personal information for any purpose. If you choose to so limit the use of your personal information, certain features or iP1's Services may not be available to you if these services are reliant on your personal information.

9. EEA DATA SUBJECTS

Under the EU General Data Protection Regulation (“GDPR”) the entity that determines the means and purposes of processing your personal identifiable information (“PII”) is referred to as a “Data Controller”, whereas a processor that doesn’t determine the means and purposes of processing your PII are referred to as a “Data Processor”. For PII provided to iP1 upon opening an account, iP1 is the Data Controller. Commercial Mail Receiving Agents ("CMRA”) or mail centers that receive such PII from us do not control the means and purpose of the processing this PII and are only Data Processors

However, any PII you disclose directly to your CMRA or mail center, or any mail scan request you make of your CMRA or mail center, as you dictate the method of processing you are the Data Controller and your CMRA and iP1 are only Data Processors. In the foregoing instances, iP1 shall not be classified as a Data Controller, Joint Data Controller, or Processor with regards to the personal data shared with the CMRA/Shipping Store.

9.1. Legal Bases for Processing your Information

For individuals located in the European Economic Area, United Kingdom or Switzerland (collectively “EEA Residents”) at the time their personal data is collected, we rely on legal bases for processing your information under Article 6 of the GDPR. We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business or to protect IP1's or your, property, rights, or safety, or where we have obtained your consent to do so. Below is a list of the purposes described in our policy with the corresponding legal bases for processing.

9.2. Marketing

9.2.1. Direct Marketing: Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. We will only contact you by electronic means (email or SMS) based on our legitimate interests, as permitted by applicable law, or your consent. To the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to send you marketing communications, please go to your account settings to optout or submit a request to service@iPostal1.com at any time and free of charge

9.2.2. Third Party Marketing: We will obtain your express consent before we share your personal information with any third parties for marketing purposes.

9.3. YOUR PRIVACY RIGHTS

Depending on applicable law where you reside, you may be able to assert certain rights related to your personal information, including those identified below. If any of the rights listed below are not provided under law for your operating entity or jurisdiction, iP1 has absolute discretion in providing you with those rights.

Depending upon the applicable law, your rights are not absolute. Privacy rights, including the right of access may be denied: (a) when denial is required or authorized by law; (b) when granting your request would have a negative impact on another's privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.

• Access and portability. You may request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to a potential fee associated with gathering of the information (as permitted by law), and unless there is a basis on which such request may be denied under applicable law. In certain circumstances, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another data controller
• Correction of incomplete or inaccurate personal information. You may correct or update any of your personal information held by iP1 that is inaccurate time by logging in to your account or informing us at service@iPostal1.com.
• Erasure. You may request to erase your personal information, subject to applicable law. If you close your iP1 Account, we will mark your account in our database as "Closed," but will keep certain account information, including your request to erase, in our database for a period as described above. This is necessary to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account, and to comply with iP1's legal obligations. However, if you close your account, your personal information will not be used by us for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Privacy Policy.
• Withdraw consent. To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of iP1's processing based on consent before your withdrawal.
• Restriction of processing. In some jurisdictions, applicable law may give you the right to restrict or object to us processing your personal information under certain circumstances. We may continue to process your personal information if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.
• Automated individual decision-making, including profiling. iP1 relies on automated tools such as MaxMind to help determine whether a transaction or a customer account presents a fraud or legal risk. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your personal information, save for the exceptions applicable under relevant data protection laws.

10. CALIFORNIA PRIVACY RIGHTS

Pursuant to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”/”CCPRA”), California residents have certain rights in relation to their personal information, subject to limited exceptions.

• For personal information collected by us during the preceding 12 months that is not otherwise subject to an exception, the right to access and delete their personal information. iP1 will not discriminate against Californians who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services.
• To the extent we sell/share your personal information to third parties, you also have the right to request that we disclose to you: (i) the categories of your personal information that we sold/share, and (ii) the categories of third parties to whom your personal information was sold/shared. You have the right to direct us not to sell/share your personal information.
• IP1 does not sell/share your personal information in its ordinary course of business and will never sell/share your personal information to third parties without your explicit consent unless obligated to do under applicable law.

You may designate an authorized agent to make a request to access, correct, or a request to delete on your behalf if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf or are unable to verify their identity.

11. PRIVACY REQUESTS OR COMPLAINTS

You can make privacy rights requests relating to your personal information by contacting us via dataprotection@uszoom.com. If you believe that we have infringed your rights, we encourage you to first submit a request via dataprotection@uszoom.com so that we can try to resolve the issue or dispute informally. If that does not resolve your issue, you may contact the our privacy officer at legal@uszoom.com.You may also have the right to complain to the data protection authority in your jurisdiction of residence.