CCPA Service Provider Addendum

This CCPA Service Provider Addendum ("Addendum") is entered into by and between EZ Finance Marketing LLC, DBA EZ Finance Marketing ("Company"), located at 30 N Gould St Ste R, Sheridan, WY 82801, and the Service Provider identified in the signature block below ("Service Provider"). This Addendum supplements and forms part of any existing agreement(s) between Company and Service Provider (the "Agreement") under which Service Provider may process Personal Information on behalf of Company.

Recitals

WHEREAS, Company operates the website https://www.ezfinancemarketing.com and engages various service providers who may process Personal Information of California consumers in the course of providing services to Company;

WHEREAS, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the "CCPA"), imposes certain obligations on businesses and their service providers with respect to the processing of Personal Information;

WHEREAS, Company and Service Provider desire to ensure that their arrangement complies with the requirements of the CCPA and that Personal Information is processed in accordance with applicable law;

NOW, THEREFORE, in consideration of the mutual obligations set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

Terms of Agreement

1. Definitions

For the purposes of this Addendum, the following terms shall have the meanings set forth below. Any capitalized terms not defined herein shall have the meanings assigned to them in the CCPA or the Agreement.

• "Business" means EZ Finance Marketing LLC (DBA EZ Finance Marketing), which determines the purposes and means of processing Personal Information.
• "Business Purpose" means the operational purposes for which Personal Information is collected or processed, as defined under the CCPA, including but not limited to: auditing, security, debugging, short-term transient use, performing services on behalf of the Business, internal research, and activities to verify or maintain the quality or safety of a service.
• "Consumer" means a natural person who is a California resident, as defined in the CCPA.
• "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household, as defined under the CCPA.
• "Processing" means any operation or set of operations performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
• "Service Provider" means the entity that processes Personal Information on behalf of the Business pursuant to a written contract that prohibits the entity from retaining, using, or disclosing the Personal Information for any purpose other than the Business Purposes specified in the Agreement.
• "Sell" or "Sale" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a Consumer's Personal Information to a third party for monetary or other valuable consideration, as defined under the CCPA.
• "Share" means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a Consumer's Personal Information to a third party for cross-context behavioral advertising, as defined under the CCPA.

2. Obligations of Service Provider

Service Provider agrees to the following obligations:

• Process Personal Information only on behalf of EZ Finance Marketing LLC and solely for the specific Business Purposes set forth in the Agreement.
• Not sell or share any Personal Information received from or on behalf of Company.
• Not retain, use, or disclose Personal Information for any purpose other than the Business Purposes specified in the Agreement, including for any commercial purpose other than providing the services specified in the Agreement.
• Not combine Personal Information received from Company with Personal Information received from or on behalf of another person or collected from Service Provider's own interactions with Consumers, except as expressly permitted by the CCPA.
• Conduct reasonable due diligence on any sub-processors engaged to process Personal Information, including verifying that such sub-processors have implemented adequate technical and organizational measures to protect Personal Information in accordance with the CCPA and this Addendum.
• Implement and maintain reasonable security procedures and practices appropriate to the nature of the Personal Information to protect it from unauthorized access, destruction, use, modification, or disclosure.
• Notify Company promptly (and in no event later than 72 hours) after discovering any actual or suspected unauthorized access, destruction, use, modification, or disclosure of Personal Information (a "Security Incident").
• Grant Company the right to take reasonable and appropriate steps to ensure that Service Provider uses the Personal Information in a manner consistent with the CCPA and this Addendum.
• Notify Company if Service Provider determines that it can no longer meet its obligations under the CCPA.

3. Restrictions on Use

Service Provider shall not use or disclose Personal Information for any purpose other than the specific purposes set forth in the Agreement. Service Provider is expressly prohibited from:

• Selling or sharing Personal Information received from Company.
• Retaining, using, or disclosing Personal Information outside the direct business relationship between Service Provider and Company.
• Using Personal Information for the purpose of cross-context behavioral advertising.
• Processing Personal Information in a manner that is incompatible with the Business Purposes for which it was collected or authorized by Company.

If Service Provider receives a request from a Consumer to exercise any of their rights under the CCPA, Service Provider shall not comply with the request directly but shall instead redirect the Consumer to Company at support@ezfinancemarketing.com, or inform Company of the request promptly.

4. Compliance with CCPA

Service Provider represents and warrants that it understands the restrictions and obligations set forth in this Addendum and the CCPA, and agrees to comply with them. Service Provider shall:

• Comply with all applicable provisions of the CCPA, including any regulations promulgated thereunder.
• Provide the same level of privacy protection as is required by the CCPA.
• Allow Company to conduct reasonable assessments, or arrange for an independent assessor to conduct assessments, of Service Provider's policies and technical and organizational measures to ensure compliance with this Addendum. Service Provider shall cooperate with such assessments and make available all information reasonably necessary to demonstrate compliance.
• Upon reasonable notice, allow Company to audit or inspect Service Provider's practices related to the processing of Personal Information to verify compliance with this Addendum and the CCPA.

5. Notification of Requests

If Service Provider receives any request, complaint, or communication from a Consumer or any regulatory authority relating to the processing of Personal Information under the Agreement, Service Provider shall promptly (and in no event later than five (5) business days) notify Company by contacting:

• Email: support@ezfinancemarketing.com
• Address: 30 N Gould St Ste R, Sheridan, WY 82801

Service Provider shall not respond to such requests or communications on behalf of Company unless expressly authorized in writing by Company to do so.

6. Assistance with Requests

Service Provider shall assist Company in responding to Consumer requests to exercise their rights under the CCPA, including but not limited to requests to:

• Know what Personal Information has been collected about them.
• Delete their Personal Information.
• Correct inaccurate Personal Information.
• Opt out of the sale or sharing of their Personal Information.
• Limit the use and disclosure of Sensitive Personal Information.

Service Provider shall respond to Company's requests for assistance within ten (10) business days, or such shorter timeframe as may be required for Company to comply with CCPA deadlines. Service Provider shall make available all Personal Information in its possession related to the Consumer's request in a readily usable format.

7. Sub-processors

Service Provider shall not engage any sub-processor to process Personal Information on behalf of Company without prior written authorization from Company. If Company provides general written authorization, Service Provider shall inform Company of any intended changes concerning the addition or replacement of sub-processors, giving Company the opportunity to object to such changes.

Where Service Provider engages a sub-processor, Service Provider shall:

• Enter into a written agreement with the sub-processor that imposes obligations no less protective than those set forth in this Addendum.
• Ensure that the sub-processor complies with the requirements of the CCPA applicable to service providers.
• Remain fully liable to Company for the acts and omissions of any sub-processor engaged by Service Provider.

8. Return or Deletion of Data

Upon termination or expiration of the Agreement, or upon Company's written request, Service Provider shall, at Company's election:

• Return all Personal Information to Company in a structured, commonly used, and machine-readable format; or
• Delete all Personal Information in its possession, including any copies, backups, or archives, and certify in writing to Company that such deletion has been completed.

Service Provider shall complete the return or deletion of Personal Information within thirty (30) days of Company's request, unless applicable law requires storage of the Personal Information. In such cases, Service Provider shall inform Company of the legal requirement and shall continue to protect the Personal Information in accordance with this Addendum until deletion is permitted.

9. Miscellaneous

• Governing Law. This Addendum shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of laws principles.
• Conflicts. In the event of any conflict between this Addendum and the Agreement, this Addendum shall prevail with respect to the processing of Personal Information under the CCPA.
• Amendments. This Addendum may not be amended or modified except by a written instrument signed by both parties. Company reserves the right to update this Addendum to reflect changes in applicable law or regulatory guidance, with reasonable notice to Service Provider.
• Severability. If any provision of this Addendum is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
• Entire Agreement. This Addendum, together with the Agreement, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior or contemporaneous understandings, agreements, or representations.
• Survival. The obligations of Service Provider under this Addendum shall survive the termination or expiration of the Agreement to the extent necessary to fulfill their purpose, including but not limited to obligations regarding data deletion, confidentiality, and compliance with the CCPA.
• Third-Party Claims. In the event that any third-party claim arises from Service Provider's breach of this Addendum or its obligations under the CCPA, Service Provider shall: (a) promptly notify Company of such claim; (b) provide reasonable cooperation and assistance to Company in defending against such claim; (c) bear all costs and expenses (including reasonable attorneys' fees) associated with the defense and resolution of such claim to the extent it arises from Service Provider's breach; and (d) not settle any such claim without Company's prior written consent if the settlement would impose any obligation on Company or require any admission of liability by Company.
• Contact. For questions or concerns regarding this Addendum, please contact EZ Finance Marketing LLC at support@ezfinancemarketing.com or at 30 N Gould St Ste R, Sheridan, WY 82801.

Signatures

IN WITNESS WHEREOF, the parties have executed this CCPA Service Provider Addendum as of the date last signed below.