BPO American, Inc. Privacy Policy

1. Overview

BPO American, Inc. is committed to the responsible use of personal information and sensitive information collected from and about its customers, staff, business partners and others who provide such information to the company. This commitment is in accordance with both state and federal regulations concerning the use of sensitive information. Such sensitive information includes information that could be used to cause financial harm or reputational harm to any individual. This policy applies to personally identifiable sensitive information and how it is collected.

2. Objective / Purpose

The purpose of this policy is to protect the privacy of individuals who have sensitive information stored (either in electronic or paper form) on assets owned by BPO American, Inc., while at the same time providing the Company the ability to share this information with authorized entities as required by legitimate business need or by law.

3. Scope

The BPOA Privacy Policy applies to all employees, affiliates, and third-party service providers.

4. Privacy Policy

The responsible use of sensitive information requires that the Company respect individual privacy, protect against unauthorized access to or use of information, and comply fully with all laws and government regulations in the collection, use, storage, display, distribution and disposal of such information. Authorized uses of sensitive information within the Company are limited to uses which a) are necessary to meet legal and regulatory requirements; b) facilitate access to services, transactions, facilities and information.

Access to sensitive information is limited to:

• the individual whose information is produced or displayed;

• a Company official or agent of the Company with authorized access based upon a legitimate business interest and a need to know;

• an organization or person authorized by the individual to receive the information;

• a legally authorized government entity or representative;

• other circumstances in which the Company is legally compelled to provide access to information;

• or other individuals or entities, as allowed by law, for purposes judged to be appropriate or necessary for the reasonable conduct of Company business.

• are mailed unless required by other state or federal agency.