Privacy Policy

Our Commitment to Privacy

Northwestern Home Loans - NMLS #2469327, a division of LeaderOne Financial Corporation - NMLS #12007 (referred to as "us," "we," and "our") is committed to safeguarding your privacy online. We respect the confidentiality of personal information we collect from visitors to this Website (the "Website"). In addition, we also provide, through our website, physical offices, over the phone, and any other methods we may seem fit, various services to you, as a consumer (collectively the "Service"). Any personal information collected through our Service is voluntarily given by you to us through the Website or other means in order to obtain information about our mortgage loan services. The information provided is accessible only by designated staff or agents of our organization who will respond to your request.

It is important to recognize that "perfect security" does not exist on the Internet. This statement is provided to clarify our commitment to protecting the security of the personal information you provide.

This Privacy Policy addresses the following:

1. Personal Information that We May Collect
2. How We Collect and Use Your Information
3. PII You Give Us
4. Anonymously Collected Data
5. Information Sharing and Disclosure
6. Targeted Advertising
7. Data Retention
8. How We Protect Your Information
9. Links to Other Sites and Social Media
10. Compromise of Personal Data
11. Notification Procedures
12. Children Under the Age of 18
13. California Residents: Your California Privacy Rights
14. California Do Not Track Disclosures
15. California Residents: Your Request Rights
16. For Nevada Residence
17. Important Information for Non US Residents
18. Rights of EEA Residents
19. International Data Transfers
20. Changes to Our Privacy Policy
21. Questions and Suggestions

Personal Information that We May Collect/ NOTICE AT COLLECTION

We do collect certain personally identifiable information or "PII" about you. We may collect this in a variety of ways as described below. In addition, we may also collect, aggregate, and share "Non-PII" which is information that is aggregated, anonymized, de-identified and is unable to be readily identified to you. The amount and kind of information that we may collect will vary based on how you wish to use our Service and whether or not you close a mortgage loan with us. For your convenience, we are listing the categories of PII that we may have collected within the past 12 months and for what business purpose we do so:

Category	What We May Collect	How do we Collect it?	What Business Purpose
Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol ("IP") address, email address, account name, Social Security number, driver's license number.	We generally collect this information about you at the start of any business relationship with us, such as getting your name, alias, postal address, or email address through forms. We may also collect your IP address through cookies on your device during your use of our Website. Other, more sensitive information like your social security number will only be requested in certain situations, such as for select vendors/contractors or prior to obtaining tax or other income related documents, credit history, credit reports and/or credit scores that we may obtain as part of the mortgage lending process.	We use identifiers to determine who you are, where you are, and how to best contact you and answer any questions or concerns you may have about our services. In addition, there may be some circumstances where we need specific identifiers for tax and loan documents. Finally, we may use some of this information, like your name and email, to identify and alert you of any of our services that you may be interested in using. You can always unsubscribe from these email notices by clicking here.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, address, telephone number, driver's license or state identification card number, resident alien card, passport visa, dependent information, divorce decree and property settlement, IRS transcripts, employment, employment history, bank account number, credit card number, debit card number, and other financial information.	We generally collect this information about you at the start of any business relationship with us, such as getting your name, alias, postal address, or email address through forms and applications. This information may also be sent to us by Third Parties (as defined below) who you have given your information to. Other, more sensitive information like your social security number will only be requested in certain situations, such as for select vendors/contractors or prior to obtaining tax or other income related documents, credit history, credit reports and/or credit scores that we may obtain as part of the mortgage lending process.	We use identifiers to determine who you are, where you are, and how to best contact you and answer any questions or concerns you may have about services. We may also need certain identifiers, such as your social security number and financial information, to run credit checks and other validations on you and qualify you for a mortgage. Finally, we may use some of this information, like your name and email, to identify and alert you of any of our services that you may be interested in using. You can always unsubscribe from these email notices by clicking here. Furthermore, we may use your phone number to contact you or respond to any requests or questions you have regarding our services. Finally, your signature may be collected as part of an acknowledgement in order to enter into a loan agreement.
Protected classification characteristics under California or federal law.	Age (40 years or older), date of birth, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, dependent information, genetic information (including familial genetic information).	We collect this kind of information directly from you under our loan application.	We are required to comply with the Equal Credit Opportunity Act and the Home Mortgage Disclosure Act. The demographic information we collect about you is so we can fulfil our obligations to report and disclose information about the mortgages that we originate, to help regulators determine if lenders as a whole are serving the housing needs of their communities, identify discrimination, and assist public officials in making housing investment decisions. None of this information is used or considered when determining whether or not you qualify for a loan.
Commercial information.	Records of personal property, products or services purchased, obtained, or considered, divorce decree and property settlements, IRS transcripts, or other purchasing or consuming histories or tendencies.	We collect this information from you as part of the loan application process, either through the form, or your consent to our order of your credit history. We may also collect and retain information as it pertains to your use of services.	We collect and maintain this information about you in order to determine if you qualify for a loan, what kind of loan you qualify for, and how much do you qualify for. In addition, we may anonymize and aggregate some of this information to better inform us about our marketing and marketing team.
Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	We may also collect your IP address through cookies on your device during your use of our Website. Similarly, we may collect other information through cookies, such as the type of device, what directed you to our Website, and whether or not you clicked on one of our advertisements.	We collect, aggregate and anonymize this information to better inform us about our marketing and marketing team.

Visitors to the Site may navigate the entire Site without using any of these features or providing any information.

How We Collect and Use Your Information

PII You Give Us:

As part of your use of our website and services, we may request that you provide us with your Personal Information as described below.

Forms

You will be provided with various forms, both online and in-person in which we can request information about mortgage financing, and for consumers to request a mortgage loan. These forms will typically require you to input your name and contact information. Other forms may collect electronic signatures through the use of a third-party electronic disclosure platform, such as DocuSign®. This information will be used to contact you and respond to any inquiries you may have about our mortgage loans, or respond to any requests for mortgage lending.

In Person

You may elect to visit us in person to discuss your loan. If you do this, we may collect your name, contact information, and signature in order to evaluate you for a mortgage loan or address your question.

Third Parties

We may also collect PII about you from other third parties who initially collected such data, such as demographic firms, social media sites, advertising networks, and our affiliates. We use this PII to make our services and marketing efforts more efficient and personalized for you and to contact you about services about which you have expressed an interest or that we believe you may have an interest in.

Contacting Us

In addition to the methods listed above, you may give us PII when contacting us, such as your phone number, email address, name, and other PII relevant to your contact through our agents, phone lines, email, mail, or through social media postings. We may also respond to your requests and comments to us through social media, asking for further information in order to fulfill or respond to your requests.

General Uses

We generally use all the information you provide on an aggregated basis to do such things as operate our site, enhance our site, and to better understand the profile of our online audience. We may also use this data, to enhance your site experience on our site by displaying content and marketing messages that we believe will be of interest to you.

We also use your PII for our everyday business purposes such as security, analytics, optimization, operations, fraud detection and prevention, reporting, making back-ups and legal compliance.

In addition, we may use your information to do the following, with your permission and consent:

• • To register you for, and otherwise administer, a promotion, contest, sweepstakes, survey, incentive program or other feature.
  • To prevent, detect or investigate any fraudulent, abusive or illegal act.
  • In connection with any employment inquiry or application for employment you submit, to obtain background information about you and manage your relationship with LeaderOne.
  • In any other way we may describe in a supplemental notice when you provide the information.

Anonymously Collected Data: Any time you visit our Site, we or our service providers may automatically collect, store or accumulate certain Device Information and Usage Data. “Device Information” is information relating to the computer or device you are using when you access our Site, such as your computer’s IP address, your mobile device identifiers (including Apple IDFA or an Android Advertising ID), the type of browser and operating system you are using, the identity of your internet service provider, and your device and browser settings. “Usage Data” is data related to your use of the Site such as the pages you visit, the sites you use before or after visiting ours, your actions within the Site, the type of content or advertisements you have accessed, seen, forwarded and/or clicked on, WiFi connections, date and time stamps, log files, and diagnostic, crash, website, and performance logs and reports.

Device Information and Usage Data are collected through the following means:

Google Analytics

We use a tool called “Google Analytics,” a web analytics service provided by Google, Inc. (“Google”) to collect information about use of this Site. Google Analytics collects information such as how often users visit our Site, what pages are visited, and what other sites were visited prior to coming to our Site. We use the information we get from Google Analytics only to improve this Site. Google Analytics collects only the IP address assigned to you on the date you visit this Site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this Site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this Site by disabling cookies on your browser, however, please note that if you do this you may not be able to use the full functionality of this Website.

Log File Information

Log file information is automatically reported by your browser each time you access a web page. When you register with or view our Website, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) addresses or other device identifiers, browser information, Internet Service Provider (“ISP”), operating system, location, date/time stamp, clickstream data, referring/exit pages and URLs, domain names, landing pages, pages viewed, and other such information.

Mobile Analytics

We utilize third party analytics technology in our mobile applications which tracks usage and interactions within our mobile applications. This information helps provide insight into the use of such mobile applications and assists with our further improvement and development associated with the mobile application and LeaderOne.

We also collect some Usage Data and Device Information in a de-identified, aggregated form, which cannot be readily linked to your PII through the following methods:

Cookies Information

When you visit the Website, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer, tablet or mobile device that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the Website. A cookie does not collect PII from you, and the information from the cookie is de-identified. Our Websites, websites that may be linked through our Website, and third party technology used on our Site may use cookies for user authentication, promotional campaigns, keeping track of your information and preferences, and tracking other statistical usage information, such as time spent on a particular site or webpage and number of pages visited. We use both session cookies and persistent cookies. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the Website. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Site or services may not function properly if the ability to accept cookies is disabled.

Clear Gifs Information

When you use the Site or services, we may employ clear gifs (a.k.a. Web Beacons) which are used to track the online usage patterns of our users anonymously. No PII from your account is collected using these clear gifs. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting, improve the effectiveness of our marketing, and make this Site better for our users.

Information Sharing and Disclosure

We do not sell or rent your personal information or share your PII with other people or nonaffiliated companies, except with your permission, or under the following circumstances:

Third-Party Service Providers

We contract with companies, contractors or individuals that provide administrative and support services to us such as webhosting, web analytics (including analysis of online activity over time and across websites), mailing, emailing, and other communications, marketing, administering our programs and operations, administering promotions and surveys, data management, or processing any other information on our behalf to provide services available at our Site. We may store Personal Data in locations outside the direct control of LeaderOne (for instance, storage of physical documents in storage facilities or virtual documents on servers or databases co-located with hosting providers). These service providers only receive PII, if such information is needed to perform their function(s) or services, and they are not authorized to use any PII for any purpose(s) other than the purpose(s) set forth by LeaderOne.

Parties Related to your Transaction or Potential Transaction

We may also share your PII with other third-party companies to help facilitate your transaction with us or assist you before, during or after a loan application. For example, we may share your PII with brokers, lenders, mortgage solution companies, third party lien holders, verification servicers, investors, document solution companies, appraisers or other service providers to ensure you qualify for a loan or to assist you with the loan process. In addition, we may share your PII with third parties, in response to any request you make to us regarding your loan application.

Special Events, Promotions and Partnerships with Third-Parties

From time to time, we may also join with third parties to provide specific services or products, special events or promotions (such as surveys, contests or sweepstakes). If you choose to sign up for such services, order these products, or participate in a special event or promotion, LeaderOne may share your PII with third party partners. We will share only the information that is necessary for the third parties to provide these services or products or otherwise participate in or administer the applicable event.

Compliance with Law and Fraud Protection

We may, and you authorize us to, use and disclose any information: (1) we deem necessary, in our sole discretion, to comply with any applicable law, regulation, governmental request or legal process served on us or our affiliates; (2) to investigate, prevent or take action regarding suspected or actual illegal activities and to resolve consumer disputes or inquiries; (3) to enforce our Terms of Use, take precautions against liability, investigate and defend ourselves against any third-party claims or allegations, assist government enforcement agencies, or protect the security or integrity of our Site; (4) to exercise or protect the rights, property, or personal safety of LeaderOne, our users or others; (5) to other companies and organizations for consumer reporting, credit fraud protection and risk reduction; and (6) to enforce any agreement we have with you.

Business Transfer or Sale

As we develop our business, we may buy or sell assets or business offerings. User, email, and visitor information is generally one of the transferred business assets in these types of transactions. We may also transfer such information in the course of corporate divestitures, mergers, dissolution, joint ventures or reorganization.

We fully cooperate with law enforcement agencies in identifying those who use our Site or services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful, as determined in our sole discretion. Release of your Personal Data for security purposes, as described in this Policy to any person or entity under any circumstances, including, without limitation, in connection with any government investigation or litigation, shall be based on a determination made solely by us, exercising our own discretion, permission for which is expressly granted by you to us in accordance with this Policy.

For your convenience, you may consult the chart below to see what information we disclose to third parties and what categories of information we have disclosed in the prior 12 months.

Category	What We May Disclose	What Kind of Third Parties Do We Disclose Your Information to?	Business Purpose for Disclosure
Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol ("IP") address, email address, account name, Social Security number, driver's license number.	We disclose this information to escrow agents, third party lien holders, service providers, document processing companies, consumer verification services, and any other third party involved in your loan process.	We disclose this information so these parties know who you are, and how to reach you for the purposes of a transaction between you and LeaderOne. We may also disclose this information to comply with our legal obligations.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, address, telephone number, driver's license or state identification card number, resident alien card, passport visa, dependent information, divorce decree and property settlement, IRS transcripts, employment, employment history, bank account number, credit card number, debit card number and other financial information.	We disclose this information to escrow agents, third party lien holders, service providers; document processing companies, consumer verification services, and any other third party involved in your loan process	We disclose this information so these parties know who you are, and how to reach you for the purposes of a transaction between you and LeaderOne. We may also disclose this information to comply with our legal obligations.
Protected classification characteristics under California or federal law.	Age (40 years or older), date of birth, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, dependent information, genetic information (including familial genetic information).	We disclose this information to escrow agents, third party lien holders, service providers; document processing companies, consumer verification services, and any other third party involved in your loan process. In addition, we are required to disclose some data to the federal government.	We disclose this information so these parties know who you are, and how to reach you for the purposes of a transaction between you and LeaderOne. We may also disclose this information to comply with our legal obligations.
Commercial information.	Records of personal property, products or services purchased, obtained, or considered, divorce decree and property settlements, IRS transcripts, or other purchasing or consuming histories or tendencies.	We disclose this information to escrow agents, third party lien holders, service providers; document processing companies, consumer verification services, and any other third party involved in your loan process.	We disclose this information for the purposes of reporting your creditworthiness, and to confirm and allow for the verification of information that you provide to LeaderOne.
Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	We disclose this information to marketing partners, service providers; and any other third party involved in your loan process. Furthermore, this information may be shared with external information technology experts to determine and assess the nature of a data breach.	We share some of this information, after it has been de-identified pursuant to the Terms of use information to better tailor our service to You.

Non-Personally Identifiable Information

We may also collect, share or transfer Device Information and Usage Data in aggregated, anonymized form with or to our affiliates, licensees, partners and service providers for administrative, analytical, research, optimization, and security purposes, but no such information will be linked with your Personal Data or be used to identify or contact you.

Targeted Advertising

We engage certain third-party ad networks to serve advertisements on our behalf across the Internet and to provide analytics services. These entities may utilize cookies (including within the ads) to collect Device Information and Usage Data from you such as your IP address, web browser, pages viewed, time spent on pages, how you use our Site, any links you click on, and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content or products, measure the effectiveness of ad campaigns, determine the proper amount of repeat views of a given ad, and deliver advertising and content targeted to your interests on our websites and other websites (also known as “interest-based advertising”).

To learn more about advertising networks and interest-based advertising, visit the Digital Advertising Alliance at www.aboutads.info/choices or the Network Advertising Initiative atwww.networkadvertising.org/choices.

Data Retention

We reserve the rights to retain information as necessary to improve our Services, for any business purpose, as required by law, and respond to legal requests. You may have the opportunity to opt-out of certain communications. Please be aware this may take several hours to be reflected.

Upon an event requiring deletion of your account data under law, we delete all of the above-mentioned data in our possession within a reasonable timeframe. We generally do not verify the correctness of personal data unless it is part of a transaction with LeaderOne.

In some cases, we may not be able to delete your personal information, and will retain and use your information as necessary for legitimate business purposes, to comply with our legal obligations, resolve disputes, enforce our agreements, and comply with technical and legal requirements and constraints related to the security, integrity and operation of LeaderOne. We take reasonable steps and appropriate measures to protect data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Your Choices, Opting-Out, Reviewing or Making Changes to Your Information

At various times during your use of the Site, you may be presented with the ability to request to receiving newsletters, emails, push notifications or other communications from us, including those about projects you are interested in and other communications that are promotional in nature. If you do not want to receive such communications, do not opt in. Alternatively, if you initially decide to receive communications from us but at a later date wish to remove your information from our database, you can do so by using the unsubscribe link at the bottom of our communications. You may also at any time opt out of receiving communications from us by emailing privacy@leader1.com and noting “OPT OUT” in the subject line of your email. Opting out may prevent you from receiving email messages regarding updates, improvements, promotions or offers.

Please note that even if you unsubscribe or opt out from our communications, we may still need to contact you with important information related to your account and your purchases. For example, even if you have unsubscribed from our promotional emails, we will still send you required legal notices or alert you to changes to our Terms of Use or Privacy Policy.

To the extent you are receiving SMS Messaging from LeaderOne, you may opt out by replying to any message we send you with the word “STOP” or by contacting us at the phone number listed below. To the extent you receive notifications from any of our applications, you may opt out of receiving push notifications on your mobile device through your account and device settings.

NOTE: Please allow up to fifteen (15) business days for us to process your request. We may continue to send you transactional or operational communications.

You can ask to review, update or make changes to the Personal Data we maintain about you at any time by sending a written request to the postal or email address set out below, or by following the instructions in any promotional email you receive from us. We may take a reasonable period of time to respond. If you request the deactivation or change of information on our system, such information may be retained in our backup systems for a period of time subject to technology restrictions, or as a precaution against systems failures. Some information may be retained for longer periods as required by law, contract or auditing requirements or as otherwise described in this Policy.

How We Protect Your Information

The security of your PII is important to us and LeaderOne uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your PII consistent with industry standards. Please remember, however, that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your PII, we cannot ensure or warrant the absolute security of any information you transmit to LeaderOne or the Site, and you do so at your own risk. Once we receive your transmission of information, LeaderOne makes commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. While we strive to protect your PII and privacy, we cannot guarantee the security of any information you disclose online.

You should also understand that you play an important role in securing your own information, namely, that the way you secure and manage your password will affect your likelihood of experiencing a data breach. Please, remember to engage in safe computing, and secure all data.

Links to Other Sites and Social Media

Portions of our Site may provide links to third party websites, which websites have their own privacy policies. We are not responsible for the practices employed by these third party websites linked to or from our Site nor the information or content contained therein, and we make no warranty, either express or implied, concerning the content of any such site, including the accuracy, completeness, reliability, or suitability thereof for any particular purpose, nor do we warrant that any such site or content is free from any claims of copyright, trademark, or other infringement of the rights of third parties, or that any such site or content is devoid of viruses or other contamination. LeaderOne may provide links to other websites to you solely as a convenience, and the inclusion of linked sites does not imply endorsement by LeaderOne of any of the linked sites. Please remember that when you use a link to go from our Site to another website, our Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our Site, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding. We do not ensure the security of your Personal Data if you visit websites not belonging to LeaderOne. We further reserve the right to terminate a link to a third-party site at any time.

We sometimes use third party social media content we obtain from social media platforms such as Twitter, Pinterest, Facebook and Instagram on our Site. The privacy protections provided on these third-party social media platforms and sites are not part of our Policy and may differ from the privacy protections described in this Policy. If you upload content related to LeaderOne or our products on third party social media platforms or sites that share information with the general public, user community, and/or other third party sites, it may be used or shared by us on our Site or our social media platforms to promote our LeaderOne products and services. Consequently, you should review the privacy policies of these third-party sites before using them and ensure that you understand how your content may be used.

Compromise of Personal Data

In the event that Personal Data is compromised as a result of a breach of security, LeaderOne will promptly notify those persons whose Personal Data has been compromised, in accordance with the notification procedures set forth in this Policy, or as otherwise required by applicable law.

Notification Procedures

It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business-related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on our Website page, as determined by LeaderOne in its sole discretion. By providing LeaderOne your email address, you consent to our use of your email address to send you Website and service-related notices, including any notices required by law, in lieu of communication by postal mail provided that we reserve the right to determine the form and means of providing notifications to you, provided that you may opt out of certain means of notification as described in this Policy.

Children Under the Age of 18

Our Website contains general information and is not intended for nor directed toward children under 18 years of age. We do not knowingly collect, use, sell, share, disclosure, attempt to solicit, or receive any PII from children under the age of 18. If you are under 18, please do not use or provide any information on this Website or on or through any of its features, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number or email address. If we learn we have collected or received PII from a child under 18 without verification of parental consent, we will delete that information. If you believe that we may have any information from or about a child under 18, please contact us.

California Residents: Your California Privacy Rights

California Civil Code Section 1798.83 permits users who are residents of the state of California to request information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please fill out the form here, contact us at privacy@leader1.com, or call us at our toll-free line at 800-270-3416.

California Do Not Track Disclosures

California Business & Professions Code Section 22575(b) (as amended effective January 1, 2014) provides that California residents are entitled to know how a Website operator responds to “Do Not Track” (DNT) browser settings. DNT is a feature offered by some browsers which, when enabled, sends a signal to Websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. We do not currently take actions to respond to DNT signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a DNT standard once one is created. For information about DNT, please visit: www.allaboutdnt.org.

California Residents: Your Request Rights

If you are a California resident, you should be aware that you have certain special rights regarding your information.

1) If you are a California resident, you may request that we disclose the following:

(a) The categories of personal information we have collected about you. These are detailed above. To review, please click here.

(b) The categories of sources from which the personal information is collected. These are detailed above. To review, please click here.

(c) The business or commercial purpose for collecting or selling personal information. These are detailed above. To review, please click here.

(d) The categories of third parties with whom we share personal information. These are detailed above, to review, please click here.

(e) The specific pieces of personal information we have collected about you.

You can make any of these requests by filling out the form here, by emailing us at privacy@leader1.com, or by calling us at 800-270-3416.
We do not knowingly collect, use, share, or disclose personal information from children under the age of 18.

2) If you are a California resident, we are obligated to make additional disclosures if we choose to sell or share your data for business purposes. While we do not sell your personal information, we do sell loans as a normal course of business, in which case we may disclose your PII to third parties in the ordinary course of business. You should be aware that the use and disclosure of your personal information as it is used for your loans is subject to federal laws and your California rights do not extend to that information. In addition, if you have a loan with us, or are otherwise engaging our services, we may ask for your consent to distribute your PII. Following this, we will disclose the following at your request:

(a) The categories of personal information that the business collected about you.

(b) The categories of personal information that the business sold about you and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.

(c) The categories of personal information that we have disclosed about you for a business purpose.

You may request the above information at least twice per 12-month period. We will ask for some verification to comply with this request in order to protect your privacy.

3) If you are a California resident, you may also make a request to delete the information we have collected about you.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

You can submit a request concerning disclosures or deletion of your information by filling out the form here, by emailing us at privacy@leader1.com, or by calling us at 800-270-3416 describing your request(s). We will need your name, email address, and confirmation that you live within California to respond to your request. Additionally, if you have done business as an individual or as a partnership with us, we may request confirmation of this as well. We will require you to verify your identity by clicking a hyperlink that we send to the email address you provide us and you will have 24 hours from our submission of the email to confirm your identity. Depending on the nature of your request, we may also require that you answer any questions we deem appropriate reflecting PII that you have previously provided to us. These requests are free and may be made twice a year, though we reserve the right to implement a reasonable fee for excessive or complex requests you may submit.

Before responding to a request by you, we will ask you to verify your identity using personal information you have previously provided to us, in order to protect your privacy. The manner in which we do so will vary on how you make a request and what is being requested. For example, if you submit an inquiry via email, we will respond with an email requesting verification. Otherwise, we may ask you verbally if you make this request over the phone (or in person). We may not be able to oblige all requests, as we are prohibited from disclosing some information.

In the event that you are using an authorized agent to request a disclosure or the deletion of your information, please send us a signed letter, including your name, email, your agent's name, and your agent's email, authorizing your agent. We may then ask you to verify your identity with us by email before responding to a request by your agent. Alternatively, you may directly confirm with us that the agent is authorized to submit the request.

We endeavor to respond to a verifiable consumer request for access or deletion within fortyfive (45) days of its receipt, and a verifiable opt-out request within fifteen (15) days from receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

4) In addition, you always have certain rights to opt-out of communications and marketing with LeaderOne. For more detail on your opt-out rights and how to opt-out, please click here.

We cannot treat you differently due your exercise of these rights. If you wish, you can also designate a third party to make requests under the California Consumer Privacy Act on your behalf. In addition, we wish to emphasize that LeaderOne is not required to comply with some deletions requests or disclosure requests, such as those concerning your PII collected pursuant to a loan or financial instrument, where the Financial Privacy Notice applies.

FOR NEVADA RESIDENTS

If you are a Nevada resident, Nevada law may provide you with additional rights regarding our use of your personal information. To learn more about your Nevada privacy rights, see the following portions of this Privacy Policy.

This notice for Nevada Residents supplements the information contained in the previous portions of this privacy policy and applies solely to all visitors, users, and others who reside in the State of Nevada. We adopt this notice to comply with the Nevada Privacy Law and any terms defined in the Nevada Privacy Law have the same meaning when used in this notice.

The Nevada Privacy Law provides Nevada residents with specific rights regarding their personal information. This section describes your rights and explains how to exercise those rights.

Personal Information Sales Opt-Out Rights

You have the right to direct us to not sell your personal information we have collected or will collect at any time (the "right to opt-out"). The categories of covered information we collect are as follows:

· Your first and last name.

· Your home or other physical address which includes the name of a street and the name of a city or town.

· Your electronic mail address.

· Your telephone number.

· Your social security number.

· An identifier that allows you to be contacted either physically or online.

· Any other information concerning you collected from your through the Website or an online service and maintained by LeaderOne in combination with an identifier in a form that makes the information personally identifiable.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us here please note “OPT OUT” in the subject line.

Once you make an opt-out request, you may change your mind and opt back into personal information sales at any time by emailing LeaderOne at privacy@leader1.com. You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

We endeavor to respond to an opt-out request by Nevada residents within sixty (60) days of its receipt. If we reasonably believe we require more time (up to 30 days), we will inform you of the extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by a secured portal we give access to through your email.

Nevada law requires we provide the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number-702.486.3132; email: BCPINFO@ag.state.nv.us. LeaderOne Financial Corporation, 7500 College Blvd., Suite 1150, Overland Park, KS 66210; 800-270-3416.

IMPORTANT INFORMATION FOR NON-US RESIDENTS

Although our Website is accessible throughout the world, our Website is designed for and targets U.S. audiences, and is generally governed by and operated in accordance with the laws of the United States. LeaderOne products, services and offers may not be available in your state or community. The information on our Site is not an offer of products or services where LeaderOne is not doing business or where prohibited by law. We make no representation that our Site is operated in accordance with the laws or regulations of, or governed by, other nations, and we do not warrant or imply that our Site or content/materials on our Site are appropriate for use outside of the United States.

Rights of EEA Residents

This section of the Privacy Policy is applicable to residents of the EEA, which consists of the member states of the European Union. This section also applies to residents of Switzerland and, in the event of its departure from the EU, residents of the United Kingdom. Residents of the EEA, UK and Switzerland are referred to here as “EEA Residents.”

From May 25, 2018, all processing of Personal Data of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Data and on the free movement of such data (“GDPR”).

Under the GDPR, we are both the controller and a co-processor of the Personal Data of EEA Residents. Our purpose for collecting and processing Personal Data from EEA Residents is to provide them with the features and functionalities of our Site and information regarding our Site and services. The legal basis for collecting Personal Data is to fulfill the purposes of your requests, provide you with the services you’ve requested and make available the Site and its related features and functionality. We also rely on your consent to receive information about our Site. You may withdraw consent from receiving marketing and promotional communications by clicking the “Unsubscribe” link on the communication or sending an e-mail to privacy@leader1.com with the subject line “Opt Out.” If EEA Residents do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such residents with certain features or functionalities of the Site or information regarding the Site.

EEA Residents may obtain information about the Personal Data that we hold about them by contacting us at privacy@leader1.com.

International Data Transfers

If you are resident outside the United States, including in the EEA, we transfer Personal Data provided to you for processing in the United States. Under the GDPR, we are considered a “controller” and a “co-processor” of the Personal Data of EEA Residents. By providing Personal Data to us for the purpose of using the Site, you consent to the processing of such data in the United States. The transfer of your Personal Data to the United States is necessary for the performance of a contract between you and us for your use of the Site.

Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.

Changes to Our Privacy Policy

We reserve the right to change or modify our Privacy Policy. Please revisit our Privacy Policy from time to time for changes and updates. The date the Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Site and this Policy to check for any changes.

Questions and Suggestions

If you have any questions about this Privacy Policy, the practices of this Site, your dealings with this Site, or wish to update us with your preferences, you may contact us using one of the following methods:

• Call: 800-270-3416
• Email: privacy@leader1.com
• Send mail to: LeaderOne Financial Corporation, 7500 College Blvd., Suite 1150, Overland Park, KS 66210; Attn: Privacy Officer.

Link for more information: https://leader1.financial/privacypolicy