FocusPoint Privacy Notice

Effective Date: 2/3/2025

This Privacy Notice ("Notice") describes how FocusPoint International, Inc., its affiliates and its subsidiaries (collectively, "FocusPoint," "we," "our," or "us") collects, discloses, or otherwise processes Personal Data (defined below) when we act as a data controller in relation to the operation of our business including through our websites ("Sites"), mobile application ("App"), our digital platform Overwatch x Rescue™ ("Digital Platform"), any communications between you and us, such as through customer service interactions and emails and other communications we send, and where this Notice is posted (collectively, the "Services").

This Notice does not apply to data for which FocusPoint is acting as a processor on behalf of a controller such as when we perform Services on behalf of our device service partners (e.g., where we do not determine the purpose and means of the data processing).

The sections of this Notice are hyperlinked below for your convenience:

1. What Data We Collect
2. How We Collect Data
3. Purpose of the Data We Collect
4. Cookies
5. Data Retention
6. How We Secure Your Data
7. With Whom We Disclose Personal Data
8. Do Not Track Signals
9. U.S. Residents - Children Under Age 13
10. For Residents of Texas and Nebraska - Your Legal Rights
11. For Residents of the European Economic Area (EEA) and United Kingdom (UK) - Your Legal Rights
12. International Data Transfers
13. Third-party Links
14. Changes to this Notice and your duty to inform us of changes
15. Contact Information

1. What Data We Collect

"Personal Data" means any data that identifies, relates to, describes, or is reasonably capable of being associated, linked or linkable with a particular individual or household.

The types of Personal Data we collect and process includes:

Identity Data: Name, date of birth and gender.
Contact Data: Email address, mailing address, and phone number.
Financial Data: Including credit card and payment data, invoices for cost related to emergency response and/or our Services, and insurance data.
Profile Data: Includes your username and password, other data communicated to us through the Digital Platform or Website, or information provided through submitted questions or responses to a form or survey.
Usage Data: Data collected via cookies, scripts, web beacons, and other technologies including your IP address, date and time you access our Website or Digital Platform and the pages and content you access during your visit, language preferences, websites that you link to or from, whether you receive or open an email or other communication from us, and the links you click on within those emails, data from your mobile device or your computer about how you interact with our Website or Digital Platform, including unique device identifier, mobile network data, the type of device used and the operating system on that device, browser type, a list of files downloaded or pages viewed, and any errors encountered.
Marketing Data: Includes your preferences in receiving marketing from us.
Sensitive Data: Personal Data revealing: racial or ethnic origin; religious beliefs; mental or physical health diagnosis (including medical history and medical diagnoses and treatment data); sexuality; citizenship or immigration status; precise geolocation data (radius of 1,750ft); and Personal Data collected from a known child.
Other Location Data: General geolocation data (city, state derived from IP address); and information associated with relocation or repatriation, including passport or other government IDs and other travel data.

We may also retain and use your Personal Data in an anonymized or de-identified format. Such data is not subject to the same usage restrictions as Personal Data as it does not directly (or indirectly) reveal your identity. We may use deidentified data to improve our Services, conduct research, or for our other business purposes as outlined below.

We may combine the Personal Data (excluding Sensitive Data) we gather about you with data from third parties. We may use this data, for example, to improve and personalize our Services, other products and services, content, and advertising.

Please note that failure to provide certain Personal Data may result in FocusPoint being unable to provide our Services, Website, or Digital Platform.

2. How We Collect Data

We collect Personal Data from a variety of sources, including:

Directly from you when provided to us, for instance when utilizing our Services, visiting our Website, signing up for or logging into an account, utilizing our App, communicating with us through the Services, purchasing our products or Services, submitting or responding to our inquiries, or filling out a survey.
Automatically as you utilize the Services. We may receive data from you in connection with content, widgets, cookies, components, or other tools deployed on or used by the Services, including from third parties. Please note that third parties may collect or share Personal Data about your online activities over time and across third-party websites and online services. These third parties may provide us data in connection with content, widgets, components, cookies, or other tools offered on our Site or Digital Platform. They may use this data to provide you with interest-based advertising or other targeted content, and for other purposes. We may not control Personal Data once collected by these parties. For more information about these types of tracking technologies, see Section 4 "Cookies."
From third parties. We may collect data from emergency response personnel, medical providers, your emergency contacts, advertisers, marketing service providers, analytics services, affiliates, promotional partners, and application providers.

3. Purpose of Data that We Collect

The chart below describes what purposes we use Personal Data for and why. It also sets out the 'lawful basis' we rely on for processing that personal information, which is a requirement under certain data protection laws, including in the UK/EU.

FocusPoint relies on one or more of the following legal bases for processing:

We have obtained consent from you for such processing for one or more specific purposes. Where we rely on your consent, you may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before withdrawal. However, withdrawal of consent may result in the ineffectiveness of or our inability to provide our Services, Digital Platform, or Website.
Processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract.
Processing is necessary to protect the vital interests of a data subject or of another natural person.
Processing is necessary for compliance with a legal obligation to which FocusPoint is subject.
Processing is necessary for the purposes of our or a third party's legitimate interest. Where relying on legitimate interests for processing, such legitimate interests may include any or all the uses detailed above in this Notice, taking into consideration reasonable expectations of data subjects based on the relationship with us.

We will only process your Sensitive Data in the following circumstances:

To provide the Services you have requested.
Comply with law and satisfy our legal, regulatory, and compliance rights and/or obligations.
Provide you data that you request from us or otherwise respond to your communications and questions.
Fulfill any other purpose for which you provide your data to us and for other purposes disclosed to you in connection with our products and services.
Where it is necessary to protect you or another person from harm.
Where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent.

Purpose	Type of Personal Data	Lawful Basis	Categories of Recipients
Provide our Services, including to facilitate critical incident response	Identity Data Contact Data Financial Data Profile Data Sensitive Data Location Data	Performance of contract	Emergency Service Providers Third Parties Professional Advisors, Law Enforcement and Regulators
Facilitate payment for our Services and other critical incident response services	Identity Data Contact Data Financial Data	Performance of contract	Third Parties
Facilitate, coordinate, and execute travel arrangements	Identity Data Contact Data Financial Data Profile Data Location Data Sensitive Data	Performance of contract	Affiliated Organizations Emergency Service Providers Third Parties Professional Advisors, Law Enforcement and Regulators
Determine insurance coverage	Identity Data Contact Data Financial Data	Performance of contract	Third Parties Professional Advisors, Law Enforcement and Regulators
Calculate and provide invoices	Identity Data Contact Data Financial Data	Performance of contract	Third Parties Professional Advisors, Law Enforcement and Regulators
Set up and manage your accounts and subscriptions	Identity Data Contact Data Profile Data Financial Data Location Data	Performance of contract	Third Parties Professional Advisors, Law Enforcement and Regulators
Provide you with a customized experience when you visit our Sites	Usage Data Location Data	Legitimate interests (to provide you with the best experience on the Site)	Third Parties
Communicate with you about products and services not related to marketing, including changes to our terms or policies, changes to the services, technical notices, security alerts, and support and administrative messages.	Identity Data Contact Data	Performance of contract Legitimate interests (to keep you informed about our products and services)	Affiliated Organizations Third Parties
Facilitate, record, and store communications, including responding to your questions.	Identity Data Contact Data	Legitimate interests (to make sure we can respond to and keep in touch with you)	Third Parties
For marketing and advertising such as to provide data about new or related products and services we may offer and other business development, marketing, and promotional activities	Identity Data Contact Data Marketing Data	Legitimate interests (to promote our services) Consent	Affiliated Organizations Third Parties
Research and development	Usage Data	Legitimate interests	Third Parties
Compliance with legal obligations	Sensitive Data	Compliance with legal obligations	Professional Advisors, Law Enforcement and Regulators
To analyse use of the Services and Digital Platform and improve your experience	Usage Data Marketing Data Location Data	Legitimate interests (to evaluate and improve the performance and quality of our Services to and to understand our Site audiences, develop business strategies and marketing plans) Consent	Third Parties
Secure our systems and applications and to help detect and prevent fraud and other prohibited, illicit, or illegal activity	Identity Data Contact Data Financial Data Usage Data	Legitimate interests (to protect our business) To comply with our legal and regulatory obligations	Third Parties Professional Advisors, Law Enforcement and Regulators
Operate our business, including support for transactions impacting our company (such as mergers, acquisitions, reorganizations, underwriting or asset purchases)	Identity Data Contact Data Usage Data	Legitimate interests (for running our business)	Affiliated Organizations Third Parties Professional Advisors, Law Enforcement and Regulators
Defend and enforce our legal rights	Identity Data Contact Data Financial Data Sensitive Data	Legitimate interests (to protect our business, interests, and rights) To comply with our legal and regulatory obligations	Affiliated Organizations Third Parties Professional Advisors, Law Enforcement and Regulators
Monitor and enforce our contracts, legal terms, acceptable use or other policies or similar terms	Identity Data Contact Data Usage Data Sensitive Data	Legitimate interests (to make sure our policies and procedures are being followed) To comply with our legal and regulatory obligations	Affiliated Organizations Third Parties Professional Advisors, Law Enforcement and Regulators

4. Cookies

We use cookies or similar technologies on our Services. You can find out more about the specific cookies we use and manage your preferences through our cookie consent management solution on our Site. This is presented to you when you first visit our Site, or visit in incognito mode, but you can also change your preferences at any time via the Site or through your browser settings. Residents of Texas and Nebraska can find out more information about opting out of sales and targeted advertising in Section 10 "For Residents of Texas and Nebraska - Your Legal Rights" below.

5. Data Retention

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint, for purposes of record keeping, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

6. How We Secure Your Data

We are committed to maintaining measures to protect the security of your Personal Data maintained in our systems and have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk. However, no network or system is ever entirely secure, and we cannot guarantee the security of networks and systems that we operate or that are operated on our behalf. If we face a security breach, we will notify you as required by law.

The safety and security of your Personal Data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. You should not share your password with anyone.

7. With Whom We Disclose Personal Data

We may disclose Personal Data with:

Affiliated Organizations. We may disclose your Personal Data with our parent organizations, subsidiaries, affiliates, joint ventures, or other organizations or entities under common control with us.

Emergency Services Providers. We may disclose Personal Data with third parties, service providers, vendors, or others in order to provide the Services, such as emergency response units, companies facilitating or involved in providing travel, insurance providers, medical/health providers, and payment processors.

Third Parties. We work with third parties to help us provide the Services and to support internal operations including by processing Personal Data on our behalf. In some cases, they may use your data subject to their own privacy policies and to comply with their own legal and regulatory obligations. We work with different types of third parties, presently including:

Data hosting, storage and cloud service providers;
Payment processors;
Security service providers;
Technical and customer support providers;
Marketing and analytics providers; and
Other third parties that may be disclosed to you.

Professional Advisors, Law Enforcement and Regulators. We disclose Personal Data with our professional advisors who provide legal, compliance, auditing, accounting, banking, consulting, or other professional services, and with regulators, law enforcement, or government agencies, including to:

Comply with our legal and regulatory obligations, including those compliance obligations of federal, state or local regulators;
Protect our interests, property or legal rights, or those of our customers or third parties;
Respond to a subpoena, court order, or similar law enforcement request, or when we believe in good faith that the disclosure of Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of this Notice or other applicable terms; and
For other legal purposes, such as to enforce our terms and conditions, or to exercise or defend legal claims.

In Connection to a Transaction. In the event of a transaction or reorganization impacting us as an entity or organization, we may disclose your Personal Data to facilitate such transaction. We may disclose your Personal Data in connection with, or during the diligence or negotiation of, any merger, sale of company stock or assets, financing, acquisition, restructuring, divestiture or dissolution of all or a portion of our business, or other similar event.

Other Disclosures. In addition to the above disclosures, we may disclose Personal Data in the event that we believe such disclosure is: (i) necessary to provide our products and services or operate our business; (ii) in accordance with purposes we describe when you share it with us; (iii) permitted by law; or (iv) with your consent or at your direction.

As permitted by applicable law, we may disclose aggregated or deidentified data that does not identify any individual without restriction.

8. Do Not Track Signals

We do not respond to "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of Personal Data about an individual consumer's online activities over time and across third-party websites or online services.

9. U.S. Residents - Children Under Age 13

FocusPoint does not knowingly collect personally identifiable information from children under 18 without parental consent. In the event that we learn that we have collected such information from a child under the age of 18 without parental consent, we will delete this information from our database as quickly as possible. If you believe we have collected any personally identifiable information about anyone under 18, please contact us at info@wwfocus.com.

10. For Residents of Texas and Nebraska - Your Legal Rights

Under the Nebraska Data Privacy Act (Nebraska Act L.B. 1074) and the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code § 541.001 et seq.), consumers (e.g. individuals excluding business contacts, current or former employees, job applicants, contractors, dependents, beneficiaries, etc.) who reside in Texas or Nebraska have the following rights with respect to their data subject to certain exceptions:

Right to Access. You can request that we confirm whether we process your Personal Data and, if the data is available in a readily usable digital format, obtain a copy of the data you previously provided us.
Right to Correct. You can request that we correct inaccurate Personal Data that we maintain about you, subject to certain exceptions.
Right to Delete. You can request that we delete your Personal Data that we maintain about you, subject to certain exceptions.
Right to opt out sales and targeted advertising. You can request that we not sell or use your Personal Data for targeted advertising purposes by contacting us at privacy@wwfocus.com or by utilizing an opt-out preference signal ("OOPS") such as the Global Privacy Control ("GPC") signal. OOPS are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual's choice to opt-out of Sale, Sharing and/or Targeted Advertising. To use an OOPS/GPC, you can download a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC.

For purposes of this section, "sell" means the sale of your Personal Data to an outside party for monetary or other valuable consideration. Please note that if you make a request to opt out of sale/targeted advertising using the "Do Not Sell or Target My Personal Data" signal your selections are specific to the device, website and browser you are using. Your selections are deleted whenever you clear your cookies or browser's cache.

Right to opt out of profiling. We do not profile in furtherance of decisions that produces a legal or similarly significant effect.
Right to Appeal. You have the right to appeal a decision regarding a privacy request that you or your agent submitted.

We will not discriminate against you because you made any of these requests.

Requests to access, correct, delete, and/or appeal can be submitted online by contacting privacy@wwfocus.com or by calling us at 866-340-8569. In order to identify you within our systems, you will need to provide your full name, email, customer account number as well as the state and country where you reside. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain Personal Data as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests.

Note that for purposes of these requests, Personal Data does not include data about job applicants, current or former employees, other of our personnel, dependents, and/or beneficiaries; data about employees and other representatives of third-party entities we may interact with; or data we have collected as a service provider to our clients.

We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the type of request, sensitivity of the Personal Data that is the subject of the request, and whether you have an account with us.

You may designate an authorized agent to make a request on their behalf. If you choose to submit a privacy request through an authorized agent, we may require that you provide the agent with written permission to do so, and that the agent verify their own identity with us. If your privacy request is submitted by an agent without proof that they have been authorized by you in to act on your behalf in accordance with applicable law, we may deny the request. We also reserve the right, in our sole discretion, to reach out to you directly to confirm that the agent is in fact authorized to make this request on your behalf to the extent allowable under applicable law, including where verification is insufficient or the nature of the Personal Data subject to the request is sensitive in nature.

11. For Residents of the European Economic Area (EEA) and United Kingdom (UK) - Your Legal Rights

By law, you have a number of rights when it comes to your Personal Data. Some of these rights apply generally, while others will only apply in certain circumstances. Further information and advice about your rights can be obtained from the national data protection regulator.

For all rights, we usually act on requests and provide information free of charge, but, where allowed under the law, we may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request in some circumstances. We'll try to respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we'll come back to you and let you know.

You may have the following rights:

Right to be informed. You have the right to be provided with clear, transparent, and easily understandable information about how we use your Personal Data and your rights. This is why we're providing you with the information in this Notice.
Right of access. You have the right to access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Right of rectification. This allows you to have your information corrected if its inaccurate or incomplete.
Right to withdraw consent. If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent for the processing of Personal Data at any time (although it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
Right to be forgotten/erasure. This allows you to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep using it. We may not always be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Right to restriction of processing. You have rights to 'block' or suppress further use of your Personal Data where one of the following applies:

You contest the accuracy of the Personal Data.
The processing is unlawful and you oppose the erasure of the Personal Data.
We no longer need the Personal Data for the purposes of the processing, but you require the data for the establishment, exercise, or defense of legal claims.
You have objected to processing and the objection is pending verification as to whether our legitimate grounds override your objection.

When processing is restricted, we can still store your information, but may not use it further.

Right to portability. You have the right to receive Personal Data concerning you, which you provided to us, in a structured, commonly used and machine-readable format and to reuse your Personal Data for your own purposes across different services.
Right to object. You have the right to object to certain types of processing, including processing on the basis of legitimate interests and/or processing for direct marketing purposes.
Right to lodge a complaint. You have the right to lodge a complaint with a national supervisory authority about the way we handle or process your Personal Data.
Right to opt out of profiling. Automated decisions are decisions made without human intervention that produce a legal or similarly significant effect. We do carry out this type of processing activity.

To exercise any of the rights described in this section, please contact us at 866-340-8569.

12. International Data Transfers

FocusPoint operates globally and may engage in international transfers of Personal Data to the categories of parties described in the "How We Share Personal Data" Section, and internally, within the FocusPoint organization. We transfer Personal Data across borders for the purposes described above in this Notice, including as necessary to operate our business and to provide and support our Services, Website, and Digital Platform.

Whenever we transfer your Personal Data outside of the UK/EEA, we will always ensure it is protected by reasonable safeguards, including (but not limited to) only transferring personal data to countries that have been deemed by the Information Commissioner or European Commission to provide an adequate level of protection, or by using specific contractual protections, such as standard contractual clauses (see European Commission: Model contracts for the transfer of personal data to third countries https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and United Kingdom Addendum [link to https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/.

13. Third-party links

Our Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our Site, we encourage you to read the privacy policy of every other website you visit.

14. Changes to this Notice and your duty to inform us of changes

We keep our Notice under regular review and may update it from time to time. Any changes will be posted on our Site and, where appropriate, notified to you.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

15. Contact Information

If you have questions about this Notice, you may contact us at:

Attention: Privacy Officer
13680 NW 5th Street
Suite 230
Sunrise, Florida
33325

Email: privacy@wwfocus.com

FocusPoint operates via the following legal entity: FocusPoint International Inc.