1. Subject to Terms of Use. The following Privacy Policy (“Privacy Policy”) supplements and is subject to Stevenson Management Company (“Company”) Terms of Use (“ToU”) which are incorporated herein by this reference. Capitalized terms used and not otherwise defined herein shall have the meanings set forth in the ToU. In the event of a conflict between this Privacy Policy and the ToU, this Privacy Policy shall control. Visitor acknowledges that Visitor has read this Privacy Policy.

2. Agreement to Abide by Privacy Policy. BY ACCESSING THE WEBSITE OR CUSTOMER ACCOUNT, SIGNING UP FOR OR USING THE PRODUCTS CUSTOMER AGREES TO BE BOUND BY THIS PRIVACY POLICY AND THE AGREEMENTS. Company’s collection of Personal Information (as defined below) is required by Company to serve the Website and deliver the Products. Refusal to provide required Personal Information to Company may delay or prevent access to the Website and/or providing the Products.

3. Privacy Policy. This Privacy Policy explains how and what data Company collects and how Company uses Personal Information (as defined herein). This Privacy Policy also describes options Company provides for Visitor to access, update or otherwise take control of Personal Information that Company or its sub-processors process. For questions about Company’s practices or Visitor’s rights described below, please contact Company’s Data Protection Team by email at privacy@stevensonmanagement.com. Please allow 2 to 3 business days for a response. By submitting a request Visitor agrees to the terms of this Privacy Policy regarding Visitor’s personally identifiable information.

4. Changes to the Privacy Policy. Company reserves the right, in its sole and absolute discretion, to amend this Privacy Policy at any time, for any reason, which amendment(s) will be effective upon posting to the Website. The date of the last revision to this Privacy Policy will be indicated by the “Last Updated” date located at the top of this Privacy Policy. By accessing the Websites or Visitor Account, signing up for or using the Products after such changes or modifications have been made shall constitute Visitor’s acceptance of this Privacy Policy as of “Last Updated” date. Company may occasionally notify Visitor of changes or modifications to this Privacy Policy by email, but is not required to do so. It is Visitor’s responsibility to log into and keep Visitor Account information accurate. Company assumes no liability or responsibility for Visitor’s failure to receive an email or other electronic notification (i.e., through Visitor Account) if such failure results from Visitor’s failure to access Visitor Account or related to an inaccurate email address.

5. Information Company Collects.
   • Personal Information: Company may collect information (i.e., via telephone, text, email, paper and/or other interactions through a Visitor Account, with the Websites or Products) when Visitor provides such information on the Website or through Visitor Account, signing up for or using the Products or otherwise interacts with Company (collectively, “Personal Information”).
     • The Types of Personal Information Company collects includes, but not limited to, contact information;
       • Name;
       • Address;
       • Email;
       • Telephone Number;
       • Internet Protocol (“IP”) Address;
       • Birth Date;
       • Billing and Delivery Information;
       • Credit Card or Other Financial Account Information; and/or
       • Other Identifying Information About Visitor.
     • The purposes for which this Personal Information is collected includes, but not limited to:
       • Register and manage the Account, including to allow access to and use of the Products; process payments or credits; and offer promotional programs. This includes:
         • Affiliate tracking;
         • Processing financial transactions;
         • Credit Card or Other Financial Account Information; and/or
         • Personal Information (see above).
       • Improve the Website and Products. Use information for analytical purposes and to enable Company to improve the Platform; and provide tailored and/or optimized experience. This includes, but not limited to:
         • Advertising;
         • Analytics;
         • Delivering website content;
         • Improving user experience;
         • Malware scanning; and/or
         • Site security.
       • Notify Visitor about special offers and products or services available from Company, its affiliates, or partners.
       • Communicate with Visitor or facilitate communication between Visitor and Company, its affiliates, or partners; conduct, monitor and record interactions with Company, Website and the Products; host reviews, forum posts, photos, videos, and other content; respond to requests, questions and comments. This includes, but not limited to:
         • Visitor Feedback; and/or
         • User Feedback
       • Legal Compliance. Resolve disputes or troubleshoot problems; prevent fraud and other potentially prohibited or unlawful activities; comply with relevant regulations and laws, respond to legal requests, prevent harm, and protect Company rights; provide payment services, including to detect and prevent money laundering, fraud and security incidents, to comply with legal obligations, and to enforce any applicable terms of service.

Please note, if Company uses automated decision-making technologies to process Personal Information, Company will implement appropriate measures required to safeguard Visitor’s rights and freedoms including Visitor’s right to obtain human intervention.

• Non-Personal Data. Company may also collect information about Visitor’s browsing activities and history or other information that is not considered Personal Information through Visitor’s use of and visits to the Platform, or Company’s resources through a variety of technologies, including, but not limited to Cookies, tags, beacons, chatbots, usage data and other tracking tools.
• Cookies may be placed by Company or Company’s web analytics third-party vendors or partners on the Platform or within the Platform. For more information on the cookies, tracking technologies and other similar technologies visit Company Cookie Policy.
  • Company’s use of cookies to collect information is in order to improve the Platform.
  • Visitor can instruct a browser to refuse all cookies or to indicate when a cookie is being implemented.
  • If Visitor does not accept cookies, use of some features of the Platform may not be available.
• Do Not Track Disclosure. Company supports Do Not Track (“DNT”). DNT is a preference Visitor can enable a web browser to inform websites not to track Visitor’s information.

• Types of non-personal data collected (defined as usage data) may include, but is not limited to, search terms, new or returning user information, browser information, computer type, operating system, internet service providers, website usage, referring/exit pages, platform type, date/time stamp, number of clicks and movements within a webpage, advertisements viewed, among other non-personal data (collectively, all of the foregoing data is considered “Non-Personal Data”).
• Additionally, cookies, tags, and other tracking tools placed by web analytics third-party vendors or partners may collect other information including, but not limited to, industry and/or company size, among other Non-Personal Data.

6. How Personal Information is Collected. Company collects Personal Information by telephone, text, email, paper and/or other interactions by Visitor with the Platform.

7. How Company Uses and Shares Personal Information.
   • Company strongly believes in both minimizing the data collected and limiting its use and purpose to only that (a) for which Company has been given permission, (b) as necessary to deliver the Platform, or (c) as Company might be required or permitted for legal compliance or other lawful purposes.
   • Use of Personal Information. Once collected, Company may use Personal Information including, but not limited to:
     • Provide service communications such as bill reminders, order confirmations, program registrations, and customer service messages;
     • Respond to Visitor emails or online requests for products, services, or information;
     • Deliver and process surveys;
     • Processing submitted job applications;
     • Personalize and improve the usability of the Platform;
     • Tailor content, advertising, email marketing automation and marketing to Visitor;
     • Share with third-parties as required by law or to protect Company as described herein;
     • Share Visitor’s email address as permitted as described herein;
     • Communicate with Visitor;
     • Improve and optimize the operation and performance of the Platform;
     • Diagnose problems with and identify any security risks, errors, or needed enhancements to the Platform;
     • Detect and prevent fraud and abuse of Company’s systems, and/or Platform;
     • Collecting aggregate statistics about use of the Platform; and/or
     • Understand and analyze Visitor use of the Platform.
   • Transfer of Data Abroad. Utilization of the Websites or Products from a country other than the country where Company’s servers are located, Visitor’s communications and interactions with Company may result in transferring Personal Information data across international borders. In such cases, Personal Information data is handled according to this Policy.
   • Sharing to Fulfill Service Requests and Perform Business Functions. Personal Information may be shared with certain third parties to fulfill the Visitor’s service requests. Company may also share such information with service providers that perform business functions for Company. Visit Company’s Subprocessor List for more information. Company only provides data to service providers that have taken appropriate measures to protect such information under contractual obligations on those service providers to ensure each only uses Personal Information to provide for specific services.
   • Sharing Personal Information When Legally Necessary or to Protect Company’s Interests. Company may disclose Personal Information if required to do so by law or in the good-faith belief that such action is necessary to: (a) conform to legal requirements or comply with legal process served on Company, including, but not limited to, compliance with legal, regulatory and law enforcement requests. In such instances, Company cooperates with government and law enforcement agencies and private parties to enforce and comply with the law. Company will disclose any information about Visitor to government or law enforcement agencies or private parties as Company, in Company’s sole and absolute discretion, believes necessary or appropriate to respond to claims and legal process (such as preservation requests, warrants, subpoenas or court orders), to protect Company’s property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity Company considers to be illegal or unethical, among other valid legal reasons. To the extent Company is legally permitted to do so, Company will take reasonable steps to notify Visitor in the event that Company is required to provide Visitor Personal Information to third parties as part of the legal process; (b) protect and/or defend the rights or property of Company; (c) protect the personal safety of Company personnel or users of the public in appropriate circumstances; or (d) if Company and/or its assets (or a portion of its assets) are sold, assigned, transferred, or merged or if Company undergoes some other change including a change to its corporate form as part of a bankruptcy proceeding or otherwise, information may be transferred as part of that transaction or change.

8. How to Manage the Sharing of Personal Information. To access, view, or update Visitor’s personal data (where available), Visitor can sign into Visitor’s Account. Visitor may also request a deletion of personal data by emailing privacy@stevensonmanagement.com. The request will apply only to the extent that it is no longer necessary or required for Company legitimate business purposes or legal or contractual record keeping requirements.

9. How Long Personal Information Will Be Kept.
   • Company will keep Personal Information while Visitor maintains a Visitor Account or while Company provides the Products to Visitor. Company will keep Personal Information for as long as is necessary:
     • To respond to any questions, complaints, or claims made by Visitor or on Visitor’s behalf;
     • To show that Company treated Visitor fairly; and/or
     • To keep records required by law.
   • Company will not retain Personal Information for longer than necessary for the purposes set out in this Policy. Different retention periods apply to different types of Personal Information.
   • When Personal Information is no longer necessary to be retained, Company will delete or anonymize the information.

10. How Company May Use and Share Non-Personal Data. Through the use of various technologies and tools, Company may collect Non-Personal Data to improve the usability of the Platforms and for other legitimate business reasons. Company may share the Non-Personal Data collected with third parties or permit third parties to place tools such as cookies, tags, or web beacons, to collect additional Non-Personal Data when using the Platform. Please note that Visitor may be subject to the privacy policies of non-Company companies when selecting an advertising link or other links to websites not operated by Company.

11. Online Tracking Technologies and Advertising.
    • Company and certain third-party service providers operating on Company’s behalf may collect information about a Visitor’s activity, or activity on devices associated with Visitor, on the Platform using tracking and analytical technologies as described in this Policy.
    • Company may collect information whether or not a Visitor is logged in or registered or maintains a Visitor Account, and may associate this tracking data with a Visitor Account, in which case Company will handle such information as provided in this Policy.
    • Advertisers and third parties also may collect information about a Visitor’s activity on the Platform, on devices associated with a Visitor, and on third-party websites and applications using tracking technologies. Tracking data collected by these advertisers and third parties may be used to decide which advertisements a Visitor may see or to track activity both on or through the Platform and on or through third-party sites and applications.

12. Remarketing Services.
    • Company may use remarketing services to advertise on third-party websites after visiting the Platform.
    • Company, and its third-party vendors and partners use cookies and other tracking tools to inform, optimize, and serve the Platform as well as advertise based on Visitor’s visits to the Platform. For more information see Company’s Subprocessor List.

13. Privacy Rights and Reporting.
    • In addition to the rights as explained in this Policy, under California’s “Shine the Light” law and California Consumer Privacy Act (“CCPA”), and/or the European General Data Protection Rules (“GDPR”), Visitors or Platform visitors or users who provide personal information (as defined in the Shine the Light law, CCPA and/or the GDPR) using the Platform for personal, family, or household use are entitled to request and obtain from Company, once a calendar year, information about the Personal Information Company shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which Company shared such information for the immediately prior calendar year.
    • Company receives and responds to all data subject requests and grants the same rights to all, regardless of country, province or state of residence. To obtain this information for all requests received over the reporting period and the response provided. The metrics reflect all requests from all submitters.
    • Submit any data subject request online, email to privacy@stevensonmanagement.com or send via postal mail to Stevenson Management Company, Attn: Data Protection Team, 1111 North Brand Boulevard, Suite 302, Glendale, CA 91202.

14. Canada Anti-Spam Law (“CASL”) and GDPR. Platform visitors or users who have provided Company a Canadian or European Union mailing address will not receive unauthorized Commercial Electronic Messages (CEMs) as defined under CASL and/or GDPR unless these individuals have opted-in to receive CEMs. To access, view, update, delete or port personal data (where available), or to update subscription preferences, Visitor can sign into the Visitor Account. Residents of the European Union Economic Area (EUEA) and to whom believe Company maintains Personal Information subject to the GDPR after contacting Company, may direct questions, requests or complaints to the UK’s Information Commissioner’s Office at ico.org.uk, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom, Phone: 0303 123 1113.

15. Data Retention. Company may retain Personal Information for as long as a Visitor Account is active or as otherwise needed to provide Visitor with the Platform. Company may continue to retain such Personal Information even after deactivation of a Visitor Account and/or cease to use the Platform, as reasonably necessary to comply with Company’s legal obligations, to resolve disputes regarding Visitor, prevent fraud and/or abuse, enforce agreements and/or protect Company’s legitimate interests. Company maintains a data retention policy which applies to information in Company’s control. Subject to any legal requirement, if Personal Information is no longer required, Company will use commercially reasonable efforts to ensure Personal Information is securely deleted.

16. Age Restrictions. The Platform is not intended for individuals under eighteen (18) years of age. No one under the age of eighteen (18) should provide any Personal Information to Company through the Platform. Company does not knowingly collect Personal Information from individuals under eighteen (18). If reasons exist to believe any individual under the age of eighteen (18) has provided Company with any Personal Information, please contact Company at privacy@stevensonmanagement.comand provide, in detail, the Personal Information (e.g. full name, address, telephone number) requested to be removed.

17. Information Security. Company implements commercially reasonable security measures to help protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. Company restricts access to Personal Information to certain companies who may require the information in order to operate, develop, or improve the Platform and/or service. These individuals or organizations are bound by confidentiality obligations, agreements and may be subject to discipline, including termination and civil and/or criminal prosecution for failing to meet these obligations. Company cannot guarantee or warrant the security of any information Visitor transmits to Company, or to or from the Platform.

18. Linking to Other Internet Websites, Applications or Platforms. Internet websites linked from the Platform or from Company email or other messages may contain privacy provisions that differ from the provisions of this Policy. To ensure Visitor privacy is protected, Company recommends that Visitor review the privacy statements of these other linked websites, applications, or other digital platforms.

19. How Visitor Can Access and Change Information. Visitor may review, update and/or correct through the Visitor Account profile information or by emailing privacy@stevensonmanagement.com.

20. For a Full List of Company Data Sub-Processors. View or print Company’s Data Sub-Processors.

21. Company Contact Information: For any questions, concerns or complaints about this Policy, please email privacy@stevensonmanagement.com, or send in writing to Stevenson Management Company, Attn: Data Protection Team, 1111 North Brand Boulevard, Suite 302, Glendale, CA 91202. Company will attempt to resolve any complaints regarding the use of Personal Information in accordance with this Policy. Company will respond to all requests, inquiries and/or concerns within thirty (30) calendar days of receipt of a notice or as required by law.