First Financial Network, Inc. (“FFN” or the “Company”) complies with the EU-U.S. Data Privacy Framework (DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. FFN has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov. This policy applies to personal data we handle. For purposes of this statement, "personal data" means information that:

• Is transferred from a European Union member country to the United States, in reliance on the Data Privacy Framework;
• Is about, or pertains to, a specific individual; and
• Can be linked either directly or indirectly to that individual.

How We Collect Information

FFN collects personal data in the following ways:

• Online Registration: We collect your information, including personal information (information that individually identifies you) directly through your completed online registration form on www.ffncorp.com, which may also include your execution of an online confidentiality agreement on our website. We maintain your digital signature in our files relating to your execution of the confidentiality agreement. We may request additional information from you via e-mail or phone. In some cases, the professional organization you are affiliated with may provide pertinent contact information to us. This information is collected whether the data subject is a buyer or seller.
• Portfolio Data: We may receive debt-related data that is provided to us directly from our clients located within a European Union member country (“Client”) which may contain personal data.
• IP Addresses: An IP address is a number that is automatically assigned to your computer whenever you browse the internet. First Financial Network logs IP addresses of visitors for system administration, security and troubleshooting purposes as well as tracking relative statistical information for a specific sale. Web servers automatically identify your computer by its IP address. When you request pages from any First Financial Network website, FFN servers log your IP address. First Financial Network collects these IP addresses for the purpose of identifying our users' service providers so we can better develop our products.
• Cookies: A cookie is a piece of data stored on the user’s hard drive containing information about the user session that tracks online system behavior and history (if your web browser permits). Cookies can also enable us to track and target the interests of our users to enhance the experience on our website. This statistical information may also be shared with sellers associated with a sale registered by the user and for FFN’s own internal informational purposes. By visiting www.ffncorp.com with your browser settings adjusted to accept cookies, you consent to FFN’s use of your cookies.
• E-mail Address: When a visitor submits an inquiry via e-mail, FFN may log or retain the email address for FFN’s records.

Notice and Choice

• We notify individuals about the personal data we collect from them, how we use it and how to contact us with privacy concerns;
• We provide such notice through this policy on our website or other similar documents, and direct communication with individuals from whom we collect personal data.
• We collect and process personal data about FFN’s personnel for the purpose of human resources administration and recruitment following the Data Privacy Framework.
• We collect and process personal data about our clients and their personnel for the purpose of rendering professional services to them.
• We collect personal data from individuals only as permitted by the Data Privacy Framework in accordance with the Principals outlined therein.
• Consent for personal data to be collected, used, and/or disclosed in certain ways (including opt-in consent for sensitive data) may be required in order for an individual to obtain or use our services. Such consent is provided through our web site privacy policy, our registration form, and our other agreements with clients or users.

In the case that FFN receives portfolio data from one of its Clients, the Client is responsible for receiving consent, providing any required notice to its customers as to what data is collected and how it is used.

The Way We Use Data

When you register on our site, submit an inquiry or a comment, we may contact you regarding your registration, inquiry or comment. We may also use your e-mail address and/or phone number to provide you with information regarding a specific sale you have registered for or about related sales, industry information that might be of interest, and/or FFN’s services, as well as email alerts. We use the information you provide about yourself when bidding in order to complete the bid and to maintain in FFN’s sale records, which are internal to FFN.

We may also use aggregate information for business purposes to enhance FFN’s services and offerings, website, data analysis, and marketing analysis.

With Whom We Share/Disclose Your Information

We typically only share your bid information with Client in order to complete a transaction. We may share your information with appropriate entities or public authority if we believe it is reasonably necessary to comply with a law, rule or regulation, reporting requirement, protect the safety of any person, address fraud, security or technical issues, or to protect FFN’s legal rights or property.

We may share your information in response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law.

We do not disclose an individual's personal data to third parties, except when one or more of the following conditions is true:

• We have the individual's permission to make the disclosure.
• The disclosure is required by lawful request by public authorities, including to meet national security or law enforcement requirements. FFN is also subject to the authority of the Federal Trade Commission.
• The disclosure is required by law or mandatory professional standards. The disclosure is reasonably related to the sale or other disposition of all or part of our business.
• The information in question is publicly available.
• The disclosure is reasonably necessary for the establishment of legal claims.

FFN is responsible for the third-party acts within its control that result in the processing of personal data inconsistent with the Data Privacy Framework. If we become aware of a third-party processing data covered by this Data Privacy Framework Policy in a way that is conflict with the Data Privacy Framework Principles, FFN will take immediate steps to prevent or stop such processing.

Data Security

To prevent unauthorized access, maintain data accuracy, ensure the appropriate use of information and protect against the loss, misuse or alteration of information under our control, we have put in place reasonable physical, electronic and managerial procedures to safeguard and protect the information we collect online.

While we follow generally accepted standards to protect personal data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of the website after your session. If you have any questions about the security of our websites, please contact us by using the information in the “How to Contact Us” section below.

Data Integrity and Access

You have certain rights relating to your personal data. These rights include:

• To access your personal data (right to access);
• To rectify inaccurate personal data (right to rectification);
• To erase/delete your personal data, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
• To transfer your personal data to another controller, to the extent possible (right to portability);
• To object to any processing of your personal data carried out on the basis of our legitimate interests (right to object). Where we process your personal data for direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide a specific reason for such objection;
• To not be subject to a decision based solely on automated processing, including profiling, which produces legal affects (automated decision-making).
• To withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

If your personal data is included in portfolio data obtained by FFN from a Client, you may contact the Client to which you submitted your data and request access. FFN will then assist in the subject access request as directed by the Client.

To exercise your rights, please contact FFN’s Data Protection Officer by sending an email to dpo@ffncorp.com. Please attach a copy of your ID with your request for verification purposes.

We may request additional identifying information as a security precaution such as possibly a national identifier (e.g. a Social Security number). In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or where the rights of persons other than the individual would be violated. In some circumstances, we may charge a reasonable fee, where warranted, for access to personal information.

Some registered users may update their user settings and profiles by logging into their accounts and editing them on the Account page.

Compliance and Enforcement

We have designated a Data Protection Officer (DPO) to monitor our adherence to the Data Privacy Framework and to address questions and concerns regarding our adherence.

Individuals may file a complaint with Data Protection Officer in connection with FFN’s processing of their personal data under the Data Privacy Framework.

With respect to any dispute relating to this policy that cannot be resolved through our internal processes:

• Individuals may file a claim with Judicial Arbitration and Mediation Services (JAMS). To contact JAMS and learn more about submitting a complaint, please visit: https://www.jamsadr.com/dpf-dispute-resolution. JAMS will provide independent dispute resolution and, should it determine it appropriate, can also assess sanctions, including damages, for violation of the Principles outlined in the Data Privacy Framework.

• An individual may under certain conditions invoke binding arbitration. Please see the Data Privacy Framework website for more information on conditions giving rise to binding arbitration.

Changes to this Privacy Policy

This Privacy Policy is subject to change from time to time. We will post any applicable Privacy Policy changes on this page. If the changes are significant, we will provide a prominent notice to you. So long as we adhere to the Data Privacy Framework, we will not amend our policy in a manner inconsistent with the Data Privacy Framework.

Contact Information

If you have any questions, please contact us via email or in writing at:

Data Protection Officer
First Financial Network, Inc.
9211 Lake Hefner Parkway, Suite 200
Oklahoma City, OK 73123

e: dpo@ffncorp.com

Last Updated October 20, 2023