PRIVACY POLICY

Effective Date: November 17, 2025
Last Updated: November 17, 2025

1. INTRODUCTION

TDQ Enterprises, Inc., doing business as Trusted Business Transaction Advisors ("Company," "we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website trustedbta.com (the "Site") and use our services.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. By accessing or using our Site, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Site.

This Privacy Policy is incorporated into and subject to our Website Terms of Use and M&A Advisory Services Disclaimers.

1.1 Scope of This Policy

This Privacy Policy applies to:

• Information collected through our website (trustedbta.com)
• Information collected through contact forms, newsletter subscriptions, and other interactive features
• Information collected through cookies and other tracking technologies
• Information collected through email communications

This Privacy Policy does NOT apply to:

• Information collected through our formal client engagements (which is governed by separate engagement agreements with confidentiality provisions)
• Information collected by third parties through their own websites or services (even if linked from our Site)
• Offline information collection

1.2 Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by:

• Posting the updated Privacy Policy on this page with a new "Last Updated" date
• Sending email notification to users who have provided email addresses (for material changes)
• Displaying a prominent notice on our Site for at least thirty (30) days

Material changes include but are not limited to:

• Changes to the types of personal information we collect
• Changes to how we use personal information
• Changes to how we share personal information with third parties
• Changes to user rights or how to exercise them
• Changes to data retention practices
• Changes to security practices
• Changes to international data transfers

Your continued use of the Site after any modifications constitutes your acceptance of the updated Privacy Policy. We recommend reviewing this Privacy Policy periodically.

2. INFORMATION WE COLLECT

We collect several types of information from and about users of our Site.

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

Contact Forms:

• Full name
• Email address
• Phone number
• Company name (optional)
• Type of inquiry (buying, selling, or other advisory needs)
• Business information you choose to provide
• Message content
• Any other information you choose to submit

Newsletter and Email Subscriptions:

• Email address
• Name (if provided)
• Preferences for types of communications (seller-focused, buyer-focused, general M&A insights)
• Date of subscription

Account Creation (if applicable in the future):

• We do not currently offer account creation on our Site
• If we add this feature in the future, this Privacy Policy will be updated

Other Communications:

• Information in emails you send to us
• Information in phone conversations (may be recorded with notice)
• Information provided during preliminary consultations

IMPORTANT NOTE ON CONFIDENTIALITY: Information you provide through the Site prior to executing a written engagement agreement is NOT treated as confidential. Do not submit confidential, proprietary, or sensitive business information through contact forms or email until a written engagement agreement with confidentiality provisions has been executed.

2.2 Information Collected Automatically

When you visit our Site, we automatically collect certain information about your device and your visit:

Device and Browser Information:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• Language preferences

Usage Information:

• Pages you visit on our Site
• Time and date of your visit
• Time spent on each page
• Referring website (how you arrived at our Site)
• Exit pages
• Click patterns and navigation paths
• Search queries entered on our Site
• Files downloaded
• Links clicked

Location Information:

• General geographic location based on IP address (city, state, country)
• We do not collect precise geolocation data

Cookie and Tracking Technology Information:

• Cookie identifiers
• Web beacon data
• Analytics data

See our Cookie Policy for detailed information

2.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Business Databases: We may supplement the information we collect with information from business databases, public records, and other third-party sources to better understand businesses and industries.
• Social Media: If you interact with us through social media platforms, we may receive information from those platforms in accordance with their privacy policies.
• Service Providers: Our third-party service providers (described in Section 4) may provide us with information about how you interact with their services on our behalf.
• Referral Sources: If you were referred to us by another party, we may receive information about you from that referral source.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for various purposes:

3.1 To Provide and Improve Our Services

• Respond to Inquiries: To respond to your contact form submissions, emails, and phone calls
• Send Requested Information: To provide information you've requested about our services
• Preliminary Consultations: To conduct preliminary discussions about potential engagements
• Site Operation: To operate, maintain, and improve our Site
• Troubleshooting: To diagnose and fix technical problems
• Customization: To customize your experience on our Site based on your interests and preferences

3.2 For Marketing and Communications

• Newsletter and Email Marketing: To send you newsletters, deal opportunity alerts (for buyer lists), market insights, industry updates, and other marketing communications you've subscribed to receive
• Segmented Communications: To send targeted content based on your indicated interests (seller-focused, buyer-focused, or general)
• Deal Opportunities: To send generic, non-confidential information about available business opportunities to subscribers on our buyer list (detailed information provided only after NDA execution)
• Promotional Offers: To inform you about our services, events, webinars, and resources
• Surveys and Feedback: To request feedback and participation in surveys (optional)

YOU MAY OPT OUT of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Sending a request to privacy@trustedbta.com
• Calling us at (330) 388-0768
• Writing to us at the address below

Note: Even if you opt out of marketing communications, we may still send you transactional or administrative emails related to your use of the Site.

3.3 For Analytics and Research

• Usage Analytics: To analyze how visitors use our Site to improve content, design, and functionality
• Trends and Patterns: To identify trends in Site usage and visitor behavior
• Performance Metrics: To measure the effectiveness of our content and marketing campaigns
• Business Intelligence: To better understand our audience and their needs
• Research: To conduct market research and industry analysis (aggregated and anonymized data only)

3.4 For Business Operations

• Record Keeping: To maintain records of communications and interactions
• Conflicts Checking: To check for conflicts of interest before accepting engagements
• Risk Management: To assess and manage business risks
• Quality Assurance: To monitor and improve the quality of our services
• Training: To train our staff (using anonymized or aggregated data)

3.5 For Legal and Security Purposes

• Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests
• Rights Protection: To protect our rights, property, and safety, and the rights, property, and safety of our users and others
• Fraud Prevention: To detect, prevent, and address fraud, security breaches, and other illegal activities
• Terms Enforcement: To enforce our Terms of Use and other agreements
• Dispute Resolution: To resolve disputes and enforce our legal rights
• Data Breach Response: To respond to and remediate data security incidents

3.6 For Other Purposes with Consent

We may use your information for other purposes with your specific consent, which we will obtain at the time of collection.

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf. These service providers are contractually obligated to use your information only for the purposes we specify and to protect the confidentiality and security of your information.

Types of Service Providers:

Website Analytics:

• Google Analytics (or alternative analytics platforms): We share browsing behavior, IP addresses, device identifiers, and usage data for website performance analysis and visitor insights
• Purpose: To analyze Site traffic, user behavior, and content effectiveness
• Data Shared: IP address, pages visited, time on site, referral sources, device information, location data (city/state level)
• Privacy Policy: Google Analytics Privacy Policy
• Opt-Out: Google Analytics Opt-out Browser Add-on
• Note: We may configure analytics to anonymize IP addresses and disable advertising features

Email Marketing Platforms:

• Mailchimp, Constant Contact, or similar services: We share email addresses, names, and communication preferences for sending marketing communications and managing subscriber lists
• Purpose: To send newsletters, market insights, deal opportunities, and marketing emails
• Data Shared: Email address, name, subscription date, preferences (seller/buyer/general lists), email open and click data
• Privacy Policies: Service providers' privacy policies govern their data practices
• Compliance: Our email marketing providers comply with CAN-SPAM and provide unsubscribe mechanisms
• Note: These providers may use email performance data for their own analytics but are prohibited from using your information for their own marketing

Customer Relationship Management (CRM):

• Salesforce, HubSpot, or similar CRM systems: We share contact information, communication history, and business information for relationship management and sales tracking
• Purpose: To manage leads, track communications, and maintain client relationships
• Data Shared: Name, email, phone, company name, inquiry details, communication history, engagement stage
• Privacy Policies: CRM providers' privacy policies apply to their data handling
• Security: CRM providers implement enterprise-grade security measures

Chatbot and Live Chat:

• Commercial or proprietary chatbot providers: We share conversation data, contact information, and device information for customer service and automated responses
• Purpose: To provide instant responses to common questions and capture contact information
• Data Shared: Chat conversation content, name, email, IP address, device information
• Human Review: Chat transcripts may be reviewed by our staff for quality assurance and training
• Retention: Chat data is retained according to our data retention policy (Section 7)

Website Hosting and Infrastructure:

• Web hosting providers: Host our Site and store data necessary for Site operation
• Purpose: To provide reliable and secure website hosting
• Data Shared: All data submitted through the Site (stored on hosting servers)
• Security: Hosting providers implement security measures including SSL/TLS encryption, firewalls, and access controls

Email Service Providers:

• Email servers and delivery services: Handle email delivery for transactional and marketing emails
• Purpose: To ensure reliable email delivery and protect against spam
• Data Shared: Email addresses, email content, delivery metadata

Security and Performance:

• Content delivery networks (CDNs): Improve Site performance and speed
• DDoS protection services: Protect against distributed denial of service attacks
• Security scanning tools: Identify and remediate security vulnerabilities

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Site of any change in ownership or use of your personal information, as well as any choices you may have regarding your personal information.

4.3 Legal Requirements and Rights Protection

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or enforceable government request
• Enforce our Terms of Use, including investigation of potential violations
• Detect, prevent, or address fraud, security, or technical issues
• Protect against harm to the rights, property, or safety of TDQ Enterprises, Inc., our users, or the public as required or permitted by law
• Respond to claims that content violates the rights of third parties
• Comply with subpoenas, court orders, or legal processes

4.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. For example, we may share statistics about Site usage, industry trends, or market insights. This data is not considered personal information and is not subject to this Privacy Policy.

4.6 Professional Advisors

We may share your information with professional advisors (attorneys, accountants, consultants, auditors) who are bound by confidentiality obligations and only use the information to provide professional services to us.

5. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect information about your use of our Site. For detailed information about cookies, please see our separate Cookie Policy.

5.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They allow the website to recognize your device and remember information about your visit.

5.2 Types of Cookies We Use

Strictly Necessary Cookies:

• Essential for the Site to function properly
• Cannot be disabled without severely affecting Site functionality
• Examples: Session cookies, security cookies, load balancing cookies

Analytics Cookies:

• Help us understand how visitors interact with our Site
• Provide statistics on usage patterns
• Examples: Google Analytics cookies

Marketing Cookies:

• Used to track visitors across websites
• Used to display relevant advertisements
• Used to measure advertising campaign effectiveness
• May be set by our advertising partners

Functionality Cookies:

• Remember your preferences and settings
• Examples: Language preferences, region settings

5.3 Cookie Consent

For U.S. Visitors: We provide notice of our cookie use through this Privacy Policy and our Cookie Policy. By continuing to use our Site, you consent to our use of cookies as described.

For EU/EEA/UK Visitors: We obtain your consent before placing non-essential cookies on your device through a cookie consent banner. You can manage your cookie preferences at any time.

5.4 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies. Instructions vary by browser.
• Cookie Preference Center: Available through our cookie consent banner (for EU/EEA/UK visitors)
• Opt-Out Tools: Industry opt-out tools such as the Network Advertising Initiative opt-out page or the Digital Advertising Alliance opt-out page
• Google Analytics Opt-out: Use the Google Analytics Opt-out Browser Add-on

Note: Disabling cookies may affect Site functionality and your user experience.

5.5 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Our Site does not currently respond to DNT signals because there is no industry standard for how to respond to such signals. We will continue to monitor developments in DNT technology.

5.6 Third-Party Tracking

Third-party service providers (such as analytics and advertising platforms) may use cookies and other tracking technologies to collect information about your online activities over time and across different websites. We do not control these third-party technologies or their practices. Please review the privacy policies of these third parties for information about their data collection practices and opt-out options.

6. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods by Data Type

Marketing Data (Newsletter, Contact Forms):

• Retention Period: Until you unsubscribe or request deletion, or after 3 years of inactivity (no opens, clicks, or engagement)
• Purpose: To send marketing communications and maintain subscriber lists
• Deletion: Automatically deleted or anonymized after retention period expires

Contact Form Submissions:

• Retention Period: 3 years from date of submission
• Purpose: To respond to inquiries and maintain records of communications
• Exceptions: May be retained longer if related to an engagement or legal matter

Client Engagement Data (For Actual Clients):

• Retention Period: 7 years after engagement ends
• Purpose: To comply with professional record-keeping requirements, tax obligations, and statute of limitations
• Legal Basis: IRS requirements (7 years), Ohio statute of limitations for contracts (15 years for written contracts under seal, 8 years otherwise)
• Note: Engagement data is governed by separate engagement agreements with specific confidentiality and retention provisions

Transaction Records:

• Retention Period: 7 years from transaction date
• Purpose: Tax compliance and legal requirements
• Legal Basis: IRS record-keeping requirements

Website Analytics:

• Retention Period: 26 months (Google Analytics standard retention period)
• Purpose: To analyze long-term trends while respecting privacy
• Anonymization: Data is automatically anonymized after retention period

Email Marketing Metrics:

• Retention Period: 3 years from email send date
• Purpose: To analyze campaign effectiveness and engagement trends
• Anonymization: Aggregated data may be retained indefinitely

Security Logs:

• Retention Period: 1 year from creation
• Purpose: Security monitoring, incident response, and forensic analysis
• Legal Requirements: May be retained longer if required by law or ongoing investigation

Financial and Accounting Records:

• Retention Period: 7 years from fiscal year end
• Purpose: Tax compliance, audit requirements, financial reporting
• Legal Basis: IRS requirements and accounting standards

6.2 Legal Holds and Exceptions

We may retain information beyond the specified retention periods when:

• Required by law or legal obligation
• Necessary for legal claims, disputes, or investigations
• Subject to a legal hold or subpoena
• Necessary to enforce our rights or defend against claims
• You have requested retention for a specific purpose
• Necessary for public interest, scientific research, or statistical purposes (anonymized data)

6.3 Deletion and Anonymization

When retention periods expire:

• Deletion: Personal information is securely deleted or destroyed
• Anonymization: Data may be anonymized (made non-identifiable) and retained for analytical purposes
• Aggregation: Data may be aggregated with other data and retained for statistical analysis

Deletion Methods:

• Electronic data: Secure deletion using industry-standard methods
• Physical records: Shredding or secure destruction
• Backup systems: Deleted from active systems and removed from backups during normal backup cycles

7. YOUR RIGHTS AND CHOICES

You have certain rights regarding your personal information. The availability of these rights may depend on your location and applicable law.

7.1 Access and Portability

Right to Access: You have the right to request access to the personal information we hold about you, including:

• What personal information we collect
• How we use your personal information
• Who we share your personal information with
• How long we retain your personal information

Right to Data Portability: In certain circumstances, you have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another organization.

How to Exercise: Email privacy@trustedbta.com with your request. We will respond within 45 days (extendable to 90 days if complex).

7.2 Correction and Update

Right to Rectification: You have the right to request that we correct inaccurate personal information and complete incomplete personal information.

How to Exercise:

• Update your subscription preferences using the link in marketing emails
• Email privacy@trustedbta.com with correction requests
• Call (330) 388-0768
• Write to us at the address below

7.3 Deletion

Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your personal information in certain circumstances:

• The personal information is no longer necessary for the purposes for which it was collected
• You withdraw consent (where consent was the legal basis for processing)
• You object to processing and there are no overriding legitimate grounds
• The personal information was unlawfully processed
• Deletion is required by law

Exceptions: We may deny deletion requests when retention is necessary for:

• Compliance with legal obligations
• Exercise or defense of legal claims
• Ongoing disputes or investigations
• Public interest, scientific research, or statistical purposes (anonymized data)
• Other purposes permitted by law

How to Exercise: Email privacy@trustedbta.com with your deletion request. We will confirm deletion within 45 days.

7.4 Opt-Out of Marketing Communications

Right to Opt-Out: You can opt out of receiving marketing emails at any time.

How to Exercise:

• Click the "unsubscribe" link in any marketing email (immediately effective)
• Email privacy@trustedbta.com
• Call (330) 388-0768
• Write to us at the address below

Processing Time: Opt-out requests are processed within 10 business days per CAN-SPAM requirements.

Note: Even after opting out of marketing emails, we may still send you:

• Transactional emails related to your inquiries
• Administrative emails related to your use of the Site
• Legal notices and policy updates

7.5 Objection to Processing

Right to Object: In certain circumstances, you have the right to object to our processing of your personal information, particularly when:

• Processing is based on legitimate interests
• Processing is for direct marketing purposes
• Processing is for research or statistical purposes

How to Exercise: Email privacy@trustedbta.com with your objection and the specific processing you object to.

7.6 Restriction of Processing

Right to Restriction: In certain circumstances, you have the right to request that we restrict the processing of your personal information, meaning we will store it but not use it.

Circumstances for Restriction:

• You contest the accuracy of the personal information (while we verify accuracy)
• Processing is unlawful but you oppose deletion
• We no longer need the data but you need it for legal claims
• You have objected to processing (while we verify overriding legitimate grounds)

How to Exercise: Email privacy@trustedbta.com with your restriction request and reason.

7.7 Withdraw Consent

Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to Exercise: Use the same method you used to provide consent, or email privacy@trustedbta.com.

7.8 California-Specific Rights (If CCPA Applies)

If you are a California resident and we meet the CCPA threshold requirements (currently: $26.625 million annual revenue, OR 100,000+ California consumers' personal information bought/sold/shared, OR 50%+ revenue from selling/sharing personal information), you have additional rights:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected, used, disclosed, or sold.
• Right to Delete: Request deletion of personal information (subject to exceptions).
• Right to Opt-Out of Sale/Sharing: If we sell or share personal information for targeted advertising (note: we do not currently sell personal information, but use of cookies for targeted advertising may constitute "sharing").
• Right to Limit Sensitive Personal Information: If we use or disclose sensitive personal information beyond necessary purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

How to Exercise: Email privacy@trustedbta.com or call (330) 388-0768. Response time: 45 days (extendable to 90 days).

Authorized Agents: You may designate an authorized agent to make requests on your behalf. We will require proof of authorization.

7.9 How to Exercise Your Rights

Methods to Submit Requests:

• Email: privacy@trustedbta.com (preferred method)
• Phone: (330) 388-0768
• Mail: TDQ Enterprises, Inc., Attn: Privacy, 5195 Hampsted Village Center Way #761, New Albany, OH 43054-8331

Information Required:

• Your full name
• Email address associated with your request
• Description of the right you wish to exercise
• Any additional information needed to verify your identity

Verification: To protect your privacy and security, we may need to verify your identity before processing your request. Verification methods may include:

• Confirming your email address
• Matching information you provide with information we have on file
• Requesting additional identifying information

Response Time:

• Most requests: 45 days (extendable to 90 days for complex requests)
• Opt-out of marketing: 10 business days

We will notify you if we need an extension and provide reasons.

No Fee: We do not charge a fee to process your requests, unless requests are manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable fee or refuse the request.

8. DATA SECURITY

We implement reasonable technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, and disclosure.

8.1 Technical Safeguards

Encryption:

• SSL/TLS Encryption: All data transmitted between your browser and our Site is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols
• Data Encryption: Sensitive data stored on our systems is encrypted at rest
• Secure Communications: Email communications with service providers use encrypted channels

Access Controls:

• Authentication: Strong password requirements and multi-factor authentication for administrative access
• Authorization: Role-based access controls limiting access to personal information based on job functions
• Least Privilege Principle: Users are granted minimum access necessary to perform their duties

Network Security:

• Firewalls: Network firewalls protect against unauthorized access
• Intrusion Detection: Systems monitor for suspicious activity and potential security incidents
• Regular Updates: Security patches and software updates are applied regularly
• Secure Configuration: Systems are configured according to security best practices

Security Monitoring:

• Log Monitoring: Security logs are reviewed regularly for suspicious activity
• Vulnerability Scanning: Regular scans identify potential security vulnerabilities
• Penetration Testing: Periodic testing assesses security effectiveness
• Incident Detection: Automated tools detect potential security incidents

8.2 Administrative Safeguards

Policies and Procedures:

• Security Policies: Comprehensive information security policies govern data handling
• Privacy Policies: Clear policies on personal information collection, use, and disclosure
• Incident Response Plan: Documented procedures for responding to data security incidents
• Vendor Management: Policies for evaluating and monitoring third-party service providers

Employee Training:

• Security Awareness: Regular training on information security best practices
• Privacy Training: Training on privacy obligations and proper data handling
• Incident Response: Training on recognizing and reporting security incidents
• Confidentiality: All employees sign confidentiality agreements

Access Management:

• Background Checks: Background checks conducted on employees with access to personal information (where permitted by law)
• Termination Procedures: Access is immediately revoked upon employee termination
• Periodic Reviews: Access rights are reviewed periodically

8.3 Physical Safeguards

Secure Facilities:

• Controlled Access: Physical access to facilities storing personal information is restricted
• Visitor Logs: Visitors are logged and escorted
• Security Monitoring: Security cameras and monitoring in sensitive areas

Data Center Security:

• Third-Party Data Centers: Our hosting providers maintain SOC 2 certified data centers
• Redundancy: Multiple redundant systems ensure availability
• Disaster Recovery: Backup systems and disaster recovery plans

8.4 Third-Party Security

Vendor Requirements:

• Security Standards: Third-party service providers must meet our security standards
• Contractual Obligations: Data processing agreements require appropriate security measures
• Audits: We periodically assess third-party security practices
• Compliance: Service providers must comply with applicable data protection laws

8.5 Limitations of Security

IMPORTANT: NO SECURITY IS PERFECT

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

You acknowledge and agree that:

• You provide information at your own risk
• Security breaches may occur despite our reasonable efforts
• Unauthorized access may occur due to factors beyond our control
• You are responsible for maintaining the security of your own devices and accounts
• You should use strong passwords and not share login credentials

Your Responsibility:

• Keep your passwords confidential
• Use secure Internet connections (avoid public Wi-Fi for sensitive communications)
• Keep your devices and software updated
• Be cautious of phishing attempts
• Report suspicious activity immediately

8.6 Data Breach Notification

Ohio Data Breach Law Compliance:

In the event of a data security breach involving unauthorized access to personal information, we will:

• Investigation: Promptly investigate the nature and scope of the breach
• Notification: Notify affected individuals without unreasonable delay and in no event later than 45 days after discovery of the breach (as required by Ohio Revised Code §1349.19)

Notification Method:

• Written notice sent to last known mailing address, OR
• Email notice sent to last known email address, OR
• Substitute notice (if contact information is insufficient): posting on our website and notification to major media outlets

Notification Content:

• Date and description of the breach
• Types of personal information affected
• Steps we are taking in response
• Steps you can take to protect yourself
• Contact information for further inquiries
• Whether law enforcement is investigating (if applicable)

Regulatory Notification: We will notify appropriate regulatory authorities as required by law

Credit Monitoring: For breaches involving Social Security numbers or financial information, we may offer credit monitoring services

You can report suspected security incidents to: security@trustedbta.com or (330) 388-0768

9. INTERNATIONAL DATA TRANSFERS

Our Site is operated in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States.

9.1 Data Transfer Mechanisms

U.S. Data Protection: The United States may not have data protection laws equivalent to those in your jurisdiction.

Safeguards: When we transfer personal information internationally, we implement appropriate safeguards, which may include:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Privacy Shield frameworks (where applicable)
• Other legally recognized transfer mechanisms

9.2 EU/EEA/UK Visitors

If you are located in the European Union, European Economic Area, or United Kingdom:

Legal Basis for Processing: We process your personal information based on:

• Consent: You have given consent for specific purposes
• Contractual Necessity: Processing is necessary to fulfill a contract with you or take pre-contractual steps
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving our services, marketing, fraud prevention) and does not override your rights
• Legal Obligation: Processing is necessary to comply with legal obligations

Your Rights: You have the rights described in Section 7, plus:

• Right to lodge a complaint with your local supervisory authority
• Right to object to processing based on legitimate interests
• Right to withdraw consent where consent is the legal basis
• Data Transfers: Transfers outside the EU/EEA/UK are protected by Standard Contractual Clauses or other appropriate safeguards.

Contact: For EU/EEA/UK-specific privacy inquiries, email privacy@trustedbta.com

10. CHILDREN'S PRIVACY

Our Site is not directed to children under the age of 13.

We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information.

If you are a parent or guardian and believe we have collected information from your child under 13, please contact us immediately at privacy@trustedbta.com.

Age Verification: We do not implement age verification mechanisms because our Site is not directed to children and we do not knowingly collect information from children.

COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA) by not knowingly collecting information from children under 13.

11. THIRD-PARTY WEBSITES AND SERVICES

Our Site may contain links to third-party websites, services, or resources that are not owned or controlled by TDQ Enterprises, Inc.

We Are Not Responsible For:

• Content on third-party websites
• Privacy practices of third-party websites
• Security of third-party websites
• Practices or policies of third parties
• Information collection by third parties

Your Responsibility:

• Review the privacy policies and terms of service of any third-party websites you visit
• Understand that third-party privacy policies govern information they collect
• Exercise caution when providing information to third parties

Third-Party Services We Use: See Section 4.1 for information about third-party service providers we use and links to their privacy policies.

No Endorsement: The inclusion of any link does not imply endorsement of the third-party website, service, or company.

12. CALIFORNIA PRIVACY RIGHTS

12.1 Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for their direct marketing purposes.

We do not share personal information with third parties for their direct marketing purposes without your consent.

If you are a California resident and have questions, contact privacy@trustedbta.com.

12.2 CCPA/CPRA Rights

If the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA) applies to you (see Section 7.8), you have the rights described in that section.

"Do Not Sell or Share My Personal Information" Notice:

We do not sell your personal information in the traditional sense. However, the use of cookies and tracking technologies for targeted advertising may constitute "selling" or "sharing" under California law.

To Opt-Out:

• Adjust your cookie preferences through our cookie consent banner
• Use the "Do Not Sell or Share My Personal Information" link in our footer (if applicable)
• Enable Global Privacy Control (GPC) in your browser (we honor GPC signals)
• Email privacy@trustedbta.com

12.3 Financial Incentives

We do not offer financial incentives or price differences in exchange for personal information.

13. CAN-SPAM COMPLIANCE

We comply with the CAN-SPAM Act for all email marketing communications.

Our Compliance Measures:

• Accurate Header Information: Email "From," "To," and routing information is accurate and identifies us as the sender.
• Truthful Subject Lines: Subject lines accurately reflect the content of emails.
• Advertisement Identification: Marketing emails are identified as advertisements where required.
• Physical Address: All marketing emails include our valid physical postal address:
  TDQ Enterprises, Inc.
  5195 Hampsted Village Center Way #761
  New Albany, OH 43054-8331
• Clear Opt-Out Mechanism: All marketing emails include a clear and conspicuous unsubscribe link that:
  • Is easy to find and use
  • Allows one-click unsubscribe
  • Does not require login or additional information beyond email address
• Honor Opt-Outs Promptly: We process unsubscribe requests within 10 business days.
• Opt-Out Functionality: Unsubscribe mechanisms remain functional for at least 30 days after email is sent.
• Monitoring: We monitor third-party email marketing providers to ensure compliance.
• Penalties: We understand that CAN-SPAM violations carry penalties up to $51,744 per violation.
• Questions? Contact info@trustedbta.com if you have questions about our email practices.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

TDQ Enterprises, Inc.
d/b/a Trusted Business Transaction Advisors

Privacy Inquiries:

• Email: privacy@trustedbta.com
• Phone: (330) 388-0768
• Mail: TDQ Enterprises, Inc., Attn: Privacy, 5195 Hampsted Village Center Way #761, New Albany, OH 43054-8331

General Inquiries: Email: info@trustedbta.com

Legal Notices: Email: legal@trustedbta.com

Website: trustedbta.com

Response Time: We will respond to privacy inquiries within 45 days.

15. UPDATES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy at any time. When we make changes:

Notice of Changes:

• Updated "Last Updated" date at the top of this policy
• Email notification to users who provided email addresses (for material changes)
• Prominent notice on our Site for at least 30 days (for material changes)

Effective Date: Changes become effective on the date indicated in the "Last Updated" field.

Your Acceptance: Continued use of the Site after changes become effective constitutes acceptance of the updated Privacy Policy.

Material Changes Include:

• Changes to personal information collection
• Changes to how we use personal information
• Changes to third-party sharing
• Changes to user rights
• Changes to data retention
• Changes to security practices

Review Regularly: We recommend reviewing this Privacy Policy periodically to stay informed.

Prior Versions: You may request prior versions of this Privacy Policy by emailing privacy@trustedbta.com.

Last Updated: November 17, 2025

© 2025 TDQ Enterprises, Inc. All rights reserved.