Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household (“personal information”). In particular, Gold Star has collected the following categories of personal information from Consumers within the last twelve (12) months:

Personal information does not include:

• Publicly available information from government records.
• De-identified or aggregated consumer information.
• Information excluded from the CPRA's scope, like:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from Our Consumers or their agents. For example, from documents that Our Consumers provide to Us related to the products and services for which they engage Us.
• Indirectly from Our Consumers or their agents. For example, through information We collect from Our Consumers in the course of providing products or services to them.
• Records and copies of Your correspondence (including email addresses) if You contact Us.
• Directly and indirectly from activity on Our website (www.goldstarfinancial.com). For example, from submissions through Our website application portal or website usage details collected automatically.
• From third-party business partners that interact with Us in connection with the services We perform or the products We provide. For example, from government agencies when We underwrite, close, or fund a mortgage loan.

Use of Personal Information

We or our service providers use Your personal information for Our operational purposes, or other notified purposes, which uses We strive to ensure are reasonably necessary and proportionate to achieve Our operational purposes for which We collect Your information in the first place, or for which We process Your information, or for another operational purpose that is compatible with the context in which We collect Your personal information. For example, the following are business purposes for which We collect or share Your information:

• To present the content of Our products and services to You.
• To provide You with information, products, or services that You request from Us.
• To fulfill any other purpose for which You provide it.
• To provide You with notices about Your account, including expiration and renewal notices.
• To carry out Our obligations and enforce Our rights arising from any contracts entered into between You and Us, including for billing and collection.
• To notify You about changes to Our products or services We offer or provide through it.
• In any other way We may describe when You provide the information.
• For any other purpose with Your consent.
• As appropriate, in our sole discretion, for other legitimate business activities.

We may use or disclose the personal information We collect for one or more of the following business purposes:

• To fulfill or meet the reason You provided the information. For example, if You disclose Your name and contact information to request a rate quote or ask a question about Our products or services, We will use that personal information to respond to Your inquiry. If You provide Your Personal Information to purchase a product or service, We will use that information to process Your payment and facilitate delivery. We may also save Your information to facilitate new product orders or process returns.
• To provide support, personalize, and develop Our services, products, and other services.
• To create, maintain, customize, and secure Your account with Us.
• To process Your requests, purchases, transactions, and payments and prevent transactional fraud.
• To provide You with support and to respond to Your inquiries, including to investigate and address Your concerns and monitor and improve Our responses.
• To personalize Your services experience and to deliver content and product and service offerings relevant to Your interests, including targeted offers and ads through Our services, third-party sites, and via email or text message (with Your consent, where required by law).
• To provide advertising and marketing services.
• To help maintain the safety, security, and integrity of Our services, products, and other services, databases, and other technology assets, and business.
• For testing, research, analysis, and product development, including to develop and improve Our Services, products, and other services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to You when collecting Your personal information or as otherwise set forth in the CPRA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Us about Our services users is among the assets transferred.
• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
• Helping to ensure security and integrity to the extent the use of the Consumer’s personal information is reasonably necessary and proportionate for these purposes.
• Debugging to identify and repair errors that impair existing intended functionality.
• Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a Consumer’s current interaction with Us.
• Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.
• Undertaking internal research for technological development and demonstration.
• Undertaking activities to verify or maintain the quality or safety of a product, service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the product, service or device that is owned, manufactured, manufactured for, or controlled by the business.

Sharing Personal Information

All financial companies need to disclose personal information to run their everyday business and provide the services You hope to obtain. We may disclose Your personal information to a third party for a business purpose. When We disclose personal information for a business purpose, We typically enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, We have disclosed the above categories of personal information for a business purpose to the following categories of third parties:

• Authorized third parties. We will disclose Your information to a third party with Your consent.
• Affiliates, subsidiaries, and businesses under Our control. We may disclose Your personal information to our affiliates, subsidiaries, and companies under common control.
• Service providers, contractors, and third parties. We may disclose personal information to service providers, vendors, or contractors, or they may disclose, collect, store, access, transfer, or otherwise process Your personal information on Our behalf to help Us carry out Our services or run Our business. We require service providers, vendors, and contractors to implement reasonable organizational controls to maintain the privacy and security of personal information provided to them.
• Government, regulatory, and legal entities. We disclose Your personal information to government, regulatory, and legal entities in response to their inquiries, to enforce our terms and conditions, to exercise or defend a claim, or if We determine disclosure is necessary or appropriate to protect the life, safety, or property of Our business, ourselves, or others.

We will comply with other federal and state laws and regulations that impact Our disclosure practices.

Sales of Personal Information

Gold Star does not sell consumer information nor have We sold personal information in the preceding 12 months outside of the permitted sharing, disclosures, or transfers made pursuant to the exemptions of the Gramm-Leach-Bliley Act or the Fair Credit Reporting Act. We have no actual knowledge of selling or sharing personal information of anyone under the age of 16 years old. Notwithstanding the foregoing, We will accept a verified request from You to not sell or share Your personal information should Our practices change in the future.

Retention of Your Personal Information

We retain Your personal information throughout Our business relationship with You and thereafter only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances We may retain personal information for longer periods of time, for instance when We are required to do so in accordance with legal and regulatory requirements or to resolve disputes that may arise between You and Us.

Your Rights and Choices

The CPRA provides Consumers (California residents) with specific rights regarding their personal information. This section describes Your CPRA rights and explains how to exercise those rights.

1. The right to know Your personal information;
2. The right to delete personal Information collected from You, subject to certain exceptions;
3. The right to opt-out of the sale or sharing of personal information (if applicable);
4. The right to non-discriminatory treatment or no retaliation for exercising any rights;
5. The right to request the categories of personal information disclosed about You for a business purpose;
6. The right to correct inaccurate personal information;
7. The right to limit use and disclosure of sensitive personal information (if applicable), for reasons other than those set forth in section 7027, subsection (m) of the CPRA.

When You make a request, We may require that You provide information and follow procedures so that We can verify the request and Your jurisdiction before responding to it. The verification steps We take may differ depending on the request You make. We will match the information that You provide in Your request to information We already have on file to verify Your identity. If We can verify Your request, We will process it. If We cannot verify Your request, We may ask You for additional information to help Us verify Your request.

Consumers will be required to submit their first and last name and email address and may also be asked to provide their telephone number or address so that We can verify the request. Please provide as much of the requested information as possible to help Us verify the request. We will only use the information received in a request for the purposes of responding to the request.

California law permits California Consumers to use an authorized agent to make privacy rights requests. We require the authorized agent to provide Us with proof of the California Consumer’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the California Consumer. An authorized agent must follow the process described below to make a request. The authorized agent must also verify his/her own identity. We will confirm the agent’s authority with the California Consumer about whom the request was made.

The right to request deletion is not absolute and is subject to several restrictions and exemptions. Gold Star reserves all rights granted pursuant to the CPRA’s exemptions and restrictions relating to the deletion of personal information.

We may deny Your deletion request if We cannot verify Your identity, if We cannot verify the authorization of Your agent, if the information was not collected from You, or is otherwise not subject to the rights granted by the CPRA, or if retaining the information is necessary for Us or Our service providers to:

1. Complete the transaction for which We collected the personal information, provide a product or service that You requested, take actions reasonably anticipated within the context of Our ongoing business relationship with You, or otherwise perform Our contract with You.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another Consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with Consumer expectations based on Your relationship with Us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which You provided it.

In the event that We receive a “Verified Request” to delete information that is not covered by a restriction or exemption, We will notify You within 45 days and delete Your personal information from our records, and direct any service providers to delete Your personal information from its records. In the event that We receive a “Verified Request” to delete information that is covered by a restriction or exemption, We will deny Your request and within 45 days provide You a response indicating why it is denied.

You may submit a verified request to Us by:

• Calling Us at 833-635-0168
• Emailing Us at privacy@goldstarfinancial.com
• Sending Us a letter to: Gold Star Mortgage Financial Group, Corporation, Attn: Chief Compliance Officer, 100 Phoenix Drive, Suite 300, Ann Arbor, Michigan 48108.
• Submitting a request through the “Do Not Sell My Information” link and form located on Gold Star’s website.

Note: Gold Star does not “sell” or “share” (as defined in the CPRA) Consumer information. Additionally, Gold Star does not use or disclose sensitive personal information for purposes other than those specified in section 7027, subsection (m) of the CPRA.

Minors

We do not knowingly collect, process, use, sell, or share personal information of those 16 years old or younger.

Notice to Job Applicants

If You are a California resident and You have applied for a job with Us, are employed by Us, or Your employment with Us has ceased, please read our California Applicant Notice at Collection and Privacy Policy here, or Our California Employee Privacy Notice here, as applicable.

Non-Discrimination

We will not discriminate against You for exercising any of Your CPRA rights. Unless permitted by the CPRA, We will not:

• Deny You goods or services.
• Charge You different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide You a different level or quality of goods or services.
• Suggest that You may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Notice

We reserve the right to amend this Policy at Our discretion and at any time. When We make changes to this Policy, We will notify You by email or through a notice on Our website homepage. Your continued use of Our website following the posting of changes constitutes Your acceptance of such changes.

Contact Information

If You have any questions, comments, or concerns about this Policy and/or Our practices, please do not hesitate to contact Us at:

Phone: 833-635-0168

Email: privacy@goldstarfinancial.com

Sending a letter to Us at:

GOLD STAR MORTGAGE FINANCIAL GROUP, CORPORATION

Attn: Chief Compliance Officer

100 Phoenix Drive, Suite 300

Ann Arbor, Michigan 48108