EU-U.S. and SWISS -U.S. PRIVACY SHIELD & ONLINE PRIVACY POLICY

At Commercial Services Group ("CSG"), we recognize the importance of securing the private information of our customers, employees, business partners and others. Not only does CSG strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices. This Privacy Policy Statement (the "Policy") sets forth the privacy principles CSG follows in respect to transfers of personal information to and from the European Union and Switzerland.

Commercial Services Group may collect a name, social security number, address and/ or birthdate in the process of collecting outstanding debt.

EU-U.S. and SWISS -U.S. PRIVACY SHIELD FRAMEWORKS

The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EEA to the United States.

PRIVACY PRINCIPLES

Commercial Services Group (CSG) complies with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. CSG has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov

In compliance with the EU-US and Swiss-US Privacy Shield Principles, CSG commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact CSG at:

Commercial Services Group

2401 Stanley Gault Parkway

Louisville, Kentucky 40223

ATTN: Compliance

Or by email to: CSGCompliance@collectcsg.com

CSG has further committed to refer unresolved privacy complaints under the US-EU and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if an EU or Swiss individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance with the Privacy Shield.

NOTICE: Where CSG collects personal information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which CSG discloses that information, the choices and means, if any, CSG offers individuals for limiting the use and disclosure of personal information about them, and how to contact CSG. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to CSG, or as soon as practicable thereafter, and in any event before CSG uses or discloses the information for a purpose other than that for which it was originally collected.

Where CSG receives personal information from its subsidiaries, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.

CHOICE: We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information, in any way, shape, or form. CSG under no circumstances will release personal information to a third party except where required by law or by court order and personal data will not be used for any purpose other than that for which it was originally collected. But in the event CSG shares individual personal information, we will first contact that individual and give them the choice to opt-out.

ACCOUNTABILTY FOR ONWARD TRANSFER: CSG’s disclosure of personal information to third parties will comply with the Notice and Choice principles, except in certain instances where we may be required by law to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Specific examples of instances when CSG may disclose personal information without notice or choice include when responding to court orders, legal process, or to establish or exercise legal rights or defend against claims. CSG will enter into a contract with any Business Partner or Vendor limiting the purposes for which the data may be processed and ensuring that the recipient will provide the same level of protection as the Principles. CSG will take reasonable steps to ensure that the agent effectively processes data in a manner consistent with Principles; upon notice, take reasonable steps to stop and remediate unauthorized processing; and upon request, provide a summary or copy of privacy provisions of its contract with the agent to the Department of Commerce.

In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Commercial Services Group is potentially liable.

SECURITY: CSG will take reasonable precautions to protect personal information in its possession from loss, misuse, and unauthorized access, disclosure, alteration and destruction. All privileged information, whether stored in system or out of system (via information media) will be protected by data protection mechanisms to ensure the highest levels of confidentiality, integrity and availability. Non-privileged information will be protected to ensure the highest levels of integrity and availability.

Only personnel who have previously been authorized are allowed to enter information into an information system. Inputs will be restricted according to granted permissions, though these restrictions may be lifted on a temporary basis based on pre-defined project responsibilities. In such circumstances, additional authorization is required and must be granted before restrictions are lifted.

Where possible, information systems will check entered information for accuracy, completeness, validity and authenticity. These checks will be performed as close to the point of information entry as possible and will attempt to ensure that data corruption does not occur or that entered information cannot be interpreted as system commands by the information system.

Information systems will be configured such that they prevent unauthorized and unintended information transfer. Further, information systems will protect the integrity and confidentiality of transmitted information using session authentication, session encryption and data encryption where applicable.

Data is not transported off site in any unsecure manner, including, but not limited to USB device, external hard drive, flash drive, etc. In the event that client data would need to be transferred to removable media, permission would be obtained from the client.

DATA INTEGRITY AND PURPOSE LIMITATION: CSG will use personal data in ways that are compatible with the purpose for which the data was collected or subsequently authorized by the individual or customer/client, as the case may be. CSG will take reasonable steps to ensure personal data is relevant to its intended use, accurate, complete and current.

ACCESS: EU and Swiss individuals have the right to access their personal information. Upon written request, using the Commercial Services Group address below, CSG will grant individuals reasonable access to personal information that it holds about them. In addition, CSG will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

RECOURSE, ENFORCEMENT AND LIABILITY: CSG will conduct compliance audits of its relevant privacy practices to verify adherence with the EU – US and Swiss-US Privacy Shield principles and this Policy. Any employee that CSG determines to be in violation of this policy will be subject to disciplinary action up to and including termination of employment. CSG is liable for appropriate onward transfers of personal data to third parties.

POLICY CHANGES: CSG reserves the right to change this policy from time to time, consistent with the EU-US and Swiss- US Privacy Shield Principles. In the event that CSG, at some point in the future, were to choose to withdraw from the EU-US and Swiss- US Privacy Shield programs, personal information transferred pursuant to the EU – US and Swiss – US Privacy Shield programs would continue to be subject to EU – US and Swiss – US Privacy Shield requirements and protections even after withdrawal.

LIMITATION ON APPLICATION OF PRINCIPLES: Adherence by CSG to these EU -US and Swiss- US Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

INTERNET PRIVACY: CSG sees the Internet and the use of other technology as valuable tools to communicate and interact with consumers, employees, business partners, and others. CSG recognizes the importance of maintaining the privacy of information collected online and has created a specific Internet Privacy Policy Statement (IPP) governing the treatment of personal information collected through the web sites that it operates. With respect to personal information that is transferred from the EEA or Switzerland to the U.S. the IPP is subordinate to this Policy. However, the IPP also reflects additional legal requirements and evolving standards with respect to Internet privacy. CSG’s Internet Privacy Policy can be found at http://www.collectcsg.com/Home/PrivacyPolicy.

Questions or comments regarding this Policy should be submitted to the CSG Compliance Office by mail to:

Commercial Services Group

2401 Stanley Gault Parkway

Louisville, Kentucky 40223

ATTN: Compliance

Or by email to: CSGCompliance@collectcsg.com

ONLINE PRIVACY POLICY

Your Company’s privacy and security are our highest priority. CSG wants to ensure that electronic access to all confidential materials and services provided by Commercial Services Group ("CSG") are secure. Business and personal data in our possession is maintained and used in accordance with local, state and federal privacy laws. CSG educates its employees about the importance of protecting our client’s business and personal data, and only authorized employees have access to sensitive data.

INFORMATION SHARING: The outline below describes what CSG will and won’t do with the client’s business and personal data.

What we do:

What we do not do:

SECURITY NOTICE

CSG implements a variety of security measures to maintain the safety of your personal information. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.

When you send CSG data or access your personal information, we offer the use of a secure server. All sensitive/credit information you supply is transmitted via Barracuda technology and then encrypted into our databases to be only accessed as stated above.

CSG is committed to preserving the privacy and security of our clients/customers personal information. Registration is required on this site to safeguard the privacy and security of your information and that of your customers.

Your IP address will be used to help diagnose problems with our servers, to administer our Web site, and for internal tracking and monitoring purposes.

If you have any questions about this privacy statement or about the practices and policies of this site, please contact CSG Compliance by clicking here CSGCompliance@collectcsg.com