CALIFORNIA CONSUMER PRIVACY ACT PRIVACY POLICY

Last updated March 30, 2022

Your privacy is important to us. This California Consumer Privacy Act Privacy Policy explains how The Bank of Missouri, its affiliates, representatives, agents and servicers, including Atlanticus Services Corporation and its affiliates (together “we,” “our” or “us”) collect, use, and disclose personal information relating to California residents covered by the California Consumer Privacy Act of 2018 (“CCPA”). This notice is provided pursuant to the CCPA.

Introduction

Under the CCPA, “Personal Information” is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident. The CCPA, however, does not apply to certain information, such as information subject to the Gramm- Leach-Bliley Act (“GLBA”).

The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this Disclosure does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our Privacy Notice.

Keeping Personal Information secure is one of our most important priorities. Consistent with our obligations under applicable laws and regulations, we maintain physical, technical, electronic, procedural and organizational safeguards and security measures that are designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed by us or elsewhere.

Collection of Personal Information

In the past 12 months, we have collected the following categories of Personal Information relating to California residents covered by this privacy policy:

• Category A: Identifiers, such as name and government-issued identifier (e.g., Social Security number);
• Category B: Personal information, as defined in the California safeguards law (Cal. Civ. Code § 1798.80(e)), such as contact information and financial information;
• Category C: Characteristics of protected classifications under California or federal law, such as sex and marital status;
• Category D: Commercial information, such as transaction information and purchase history;
• Category E: Internet or network activity information, such as browsing history and interactions with our website;
• Category F: Geolocation data, such as device location and Internet Protocol (IP) location;
• Category G: Audio, electronic, visual and similar information, such as call recordings;
• Category H: Professional or employment-related information, such as work history and prior employer; and
• Category I: Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual”s preferences and characteristics.

Sources from which Personal Information is Collected

The categories of sources from whom we collected this Personal Information are:

• Directly from a California resident or the individual”s representatives;
• Service providers, consumer data resellers and other third parties;
• Public record sources (federal, state or local government sources);
• Information from our affiliates; and
• Website, mobile app and social media activity.

Third Parties with whom Personal Information is Shared

The categories of third parties to whom we disclosed Personal Information for our business purposes and the categories of personal information shared with such third parties are:

• Vendors and service providers who provide technology-related services, such as data storage, digital communications, website hosting, back office programs, data security and audit, and other information technology and related infrastructure (Personal Information Categories A through I listed above);
• Third parties who facilitate providing products and services to our customers, such as transaction and payment processors, financial institutions, call centers, customer and account management systems, collections service providers, data analysis service providers and marketing communications service providers (Personal Information Categories A, B, C, D, E, G, H and I);
• Professional services providers, such as tax and accounting professionals, legal professionals, auditors, marketing professionals and other consultants (Personal Information Categories A, B, C, D, E, G, H and I);
• Other third parties who enable customers to conduct transactions online and via mobile devices (Personal Information Categories A, B, C, D and F); and
• Courts and government agencies (as required by laws and regulations).

Use of Personal Information

In the past 12 months, we have used Personal Information relating to California residents to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including the following:

• Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing marketing services, or providing similar services;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
• Short-term, transient use, where the information is not disclosed to a third party and is not used to build a profile or otherwise alter an individual consumer”s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction;
• Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions and auditing compliance with this specification and other standards;
• Undertaking activities to verify or maintain the quality or safety of a service controlled by us and to improve, upgrade, or enhance the service controlled by the business;
• Debugging to identify and repair errors that impair existing intended functionality.
• Undertaking internal research for technological development and demonstration; and
• Complying with laws and regulations and complying with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).

Sale of Personal Information

In the past 12 months, we have not “sold” Personal Information that is subject to the CCPA, including Personal Information of minors under the age of 16. For purposes of this privacy policy, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration.

Rights under the CCPA

Right to Request Access. You have the right to request that we disclose your Personal Information that is collected, used, and disclosed to third parties. If you make an access request, you will receive the following information about you:

• Categories of personal information collected;
• Categories of sources from which personal information are collected;
• Specific pieces of personal information collected about you;
• Business purpose for collecting or selling; and
• Categories of third parties to whom sold.

This information will be provided free of charge, unless we determine that your request is manifestly unfounded or excessive. You may request this information twice in any 12-month period. This right to request access is subject to certain restrictions and is not available to consumers who have requested information about, applied for, or maintain business credit accounts with us. Our employees and employees of our business partners and service providers also do not have a right to request access under the CCPA.

Right to Request Deletion. You have the right to request that we and our service providers delete any Personal Information about you that we have collected from you upon receipt of a verifiable request. This right is subject to the same exceptions as for Right to Access requests.

Submitting Access or Deletion Requests. You can submit your request by calling us at 877-681- 4060 or contacting us online at https://awsintwww.myfortiva.com/customers/. We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.

Verifying Access or Deletion Requests. To verify a California Consumer”s identity, we may request up to three pieces of Personal Information about you when you make a request to compare against our records. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity. This process is for your protection. An authorized agent may submit a request on your behalf, in which case we may require proof of your authorization and verification of their identity directly from you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information that you provide in your request to verify your identity. We reserve the right to take additional steps as necessary to verify the identity of California Consumers when we have reason to believe a request is fraudulent.

If we are not able to honor your request, we will let you know in our response. Situations where we may not be able to honor your request include

• If we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual;
• If an exception to the access or deletion right under the CCPA applies, such as when the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer, or when the requested Personal Information is not subject to the CCPA”s access or deletion rights; and
• If your request involves disclosure of social security numbers, driver”s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information, and the requested disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.

Right to Non-Discrimination. We will not discriminate against you because you exercised any of your rights, such as by

• Denying products or services to you;
• Charging different prices or rates for products or services, including through the use of discounts or other benefits or imposing penalties;
• Providing a different level or quality of products or services to you; or
• Suggesting that you will receive a different price or rate for products or services or a different level or quality of products or services.

Questions or Concerns

You may contact us with questions or concerns about this Privacy Policy and our practices calling us at 877-681-4060 or contacting us online at https://awsintwww.myfortiva.com/customers/.

Changes to This California Consumer Privacy Act Privacy Policy

We may change or update this Privacy Policy from time to time. When we do, we will post the revised Privacy Policy on this page with a new “Last Updated” date.

Website Terms of Use

By using or visiting, this website, www.myfortiva.com, and associated online services or mobile applications (collectively, the “Site”) you (the user) have read and agree to this Website Terms of Use (“Agreement”), the Website Privacy Policy and any terms and conditions associated with Fortiva products. If you do not agree with this Agreement, you should stop using the Site immediately. “We”, “our” or “us” refers to Atlanticus Services Corporation and its affiliates. We own and administer the Site for the benefit of The Bank of Missouri (“TBOM”), a federally insured Missouri bank, in connection with its Fortiva programs.

We may modify this Agreement from time to time. You agree to any changes to this Agreement by using the Site after changes to the Agreement have been posted.

Please read this Agreement carefully and print it for your records.

Products and Services on this Site

You understand and agree that TBOM is the creditor for all Fortiva products available through this Site. Any other products or services advertised on this Site are offered by and remain the sole responsibility of the respective product vendors or service providers (“Suppliers”). We, TBOM and Suppliers are not your agents.

This Site is a free service provided to you in connection with Fortiva programs. We may, from time to time, receive compensation from Suppliers for goods, facilities and services that we may provide to them under separate contract. Such goods, facilities or services may or may not relate in any way to your use of the Site. You agree to any such compensation arrangement whether or not related in any way to your use of the Site.

Eligibility

Use of this Site is void where prohibited. By using this Site, you represent and warrant that (i) all information you submit on this Site is truthful and accurate; (ii) you will maintain the accuracy of such information; and (iii) you are 18 years of age or older (19 in Alabama and Nebraska). This Site does not knowingly collect personal information on anyone under the age of 13.

Site Use and Access

We grant you permission to use the Site as set forth in this Agreement. You are responsible for all of your activities related to your use of the Site. You agree not to use this Site for any unlawful or unauthorized purpose. You may not use or attempt to use the Site in any way that: (i) causes you or us to violate any law or regulation or to infringe on any right of any third party; (ii) inhibits use of the Site by other users or interferes with the operation of the Site; or (iii) misuses a function available on the Site. You may not use or attempt to use the Site to: (i) post, store, transmit, or offer illegal, offensive, threatening, pornographic or defamatory materials; (ii) post, store or transmit any viruses, worms, Trojan horses or other harmful or disruptive components; or (iii) harvest, collect or mine information about other users of the Site.

To access certain features of the Site, you may have to create an account. You are solely responsible for the activity that occurs on your account and you must keep your password secure. You should notify us immediately of any unauthorized use of your online account. We and TBOM are not liable for losses caused by unauthorized use of your account.

Your access to and use of our Site, including an online account, may be interrupted from time to time for any reason, including, but not limited to, (i) the malfunction of equipment, (ii) periodic updating, (iii) maintenance or repair of the Site or (iv) any other action that we or TBOM elect to take. We or TBOM may limit, suspend or discontinue the availability of the Site, including an online account, at any time without prior notice.

Third-Party Content

This Site may contain third-party content, including links to third-party websites that are not owned or controlled by us or TBOM. We are not in any way responsible for the content on, or your use of any such third-party website. This Agreement and the Website Privacy Policy do not apply to third-party websites. We encourage you to read the terms of service and privacy policy that governs your activities and handling of your information on third-party websites. The appearance of any third-party website, content or product does not imply any endorsement by us or TBOM with respect to any such third-party website, its contents, its sponsor(s) or any products or services offered at or through such third-party website. It is your responsibility to investigate third parties.

Limitation of Liabilities and Warranties

To the extent permitted by applicable law, the Site is provided AS IS and neither we nor TBOM assume any responsibility for any failure in providing the Site to you. We and TBOM strive for the information on this Site to be accurate and complete but neither we nor TBOM make any representation or warranty regarding the accuracy or completeness of any information provided on or through the Site and shall not be responsible if errors occur. WE AND TBOM DISCLAIM ANY WARRANTY, WHETHER EXPRESS OR IMPLIED, RELATED IN ANY WAY TO THIS SITE, TO THE FULLEST EXTENT OF THE LAW. USE THIS SITE AT YOUR OWN RISK. NEITHER WE, TBOM, ANY SUPPLIER, NOR ANY COMPANY THAT SUPPORTS THIS SITE (INCLUDING EACH’S OFFICERS, MEMBERS, DIRECTORS, EMPLOYEES AND AGENTS) WILL BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, CONSEQUENTIAL OR SPECIAL DAMAGES IN ANY WAY ARISING OUT OF, OR CONNECTED TO, THE USE OF OR ANY INABILITY TO USE THIS SITE OR FOR ANY ERROR OR DELAY IN THE TRANSMISSION OF INFORMATION TO, FROM OR THROUGH THIS SITE.

Indemnity

As a condition of your use of this Site, you agree to defend, indemnify and hold us, TBOM and any company that provides services to support this Site (including their officers, members, directors, employees and agents), from and against any and all claims, damages, liabilities, losses, costs or expenses (including attorneys’ fees) arising out of, relating to or resulting from (i) your use or attempted use of this Site, (ii) your violation of this Agreement and (iii) your violation of any third-party right, including without limitation any copyright, property or privacy right. This provision will survive the termination of this Agreement and the termination of your use of the Site.

Governing Law and Other Terms

This Agreement is subject to and is to be construed in accordance with the laws of the State of Georgia, without regard to internal principles of conflicts of laws, and applicable Federal law of the United States of America. You consent to the exclusive jurisdiction of the federal and state courts located in the State of Georgia, for any and all disputes arising out of this Agreement. You may not use this Site in any jurisdiction that does not give effect to each and every provision of this Agreement. This Agreement constitutes the entire agreement between you and us and supersedes any and all prior or contemporaneous agreements, whether oral, written or electronic, between us. The headings used in this Agreement are for the convenience of reference only and are not intended to define or describe the scope or intent of any portion of this Agreement. In the event that any provision of this Agreement is determined to be invalid or unenforceable for any reason, then such provision should be deemed to be reformed to match as closely as possible the intent of the original provision and all other provisions of this Agreement shall remain in effect. Any bona fide printed or electronic version of this Agreement shall be admissible in any proceeding before a court, arbitrator or other authority.

Copyrights and Trademarks

All contents of this Site are Copyright © 2019 Atlanticus Services Corporation. All Rights Reserved. You acknowledge that the Site, including all content names, trademarks, text, graphics, logos, images, software used in connection with the Site and any product, service or information available through this Site (collectively, “Materials”) are the property of their respective owners and protected by applicable intellectual property and other laws. You are granted a limited, non-sublicensable right to access the Site and Materials for your personal non-commercial use only. Materials may not be used, copied, reproduced, distributed, transmitted, broadcasted, displayed, sold or licensed or otherwise exploited for any purpose without the prior written consent of the respective owners. You agree not to modify, use, copy or distribute any Materials other than as expressly permitted in this Agreement or by the owner for any commercial purposes. You are not granted any licenses, express or implied, or any other rights in or to the Materials except as expressly authorized by these Terms.

Website Privacy & Security Policy

This website is offered to you (the user of this site), conditioned on your acceptance, without modification, of the terms, conditions and notices contained in this Website Privacy and Security Policy (this “Agreement”). Your use of this site constitutes your agreement to the terms, conditions and notices from time to time set forth at this site. As used herein, “we”, “our” or “us” refers to Atlanticus Services Corporation, which, along with its affiliates and wholly-owned subsidiaries (the “Servicer”), is responsible for the Website Privacy and Security Policy for websites as servicer for The Bank of Missouri (“TBOM”), the issuer of the Fortiva Credit Card and the Aspire Credit Card.

We are committed to protecting your privacy. We recognize the importance of safeguarding and respecting your privacy, and accordingly have adopted this Agreement to serve as the basis for our policies and procedures. This Agreement demonstrates our commitment to providing privacy and security protection to visitors of our website. This Agreement is designed to assist you in understanding how we collect, use and safeguard personal information you may provide to us or to others through this website and to assist you in making informed decisions when using this site.

What Information Do We Collect?

When you visit our website you may provide two types of information, (1) personal information you knowingly choose to disclose which is collected on an individual user basis and (2) website use information collected on an aggregate basis as you and others browse our website. If you choose to correspond through email, we may retain the content of your email messages together with your email address and all responses sent through our website. We provide the same protections for these electronic communications as we employ in the maintenance of information received by mail and telephone.

How Do We Use Information We Collect From Cookies and Web Server Logs?

Similar to other commercial websites, our website utilizes a standard technology called “cookies” web server logs and Google Analytics to collect information about how our website is used.

“Cookies” are a feature of web browser software that allows web servers to recognize the computer used to access a website. Cookies are small pieces of data that are stored by a user’s web browser on the user’s hard drive. Cookies can remember what information a user accesses on one web page to simplify subsequent interactions with that website by the same user or to use the information to streamline the user’s transactions on related web pages. This makes it easier for a user to move from web page to web page and to complete commercial transactions over the Internet. Cookies should make your online experience easier and more personalized.

Cookies help us collect important business and technical statistics. Information gathered through cookies web server logs and Google Analytics may include the date and time of visits, the pages viewed, time spent at our website, and the website visited just before and just after our website. This information is collected on an aggregate basis. None of this information is associated with you as an individual user. Our server logs allow us to count how many users visit our website and evaluate our website’s visitor capacity. We do not use these technologies to capture your email address or any identifying information about you (although you DO enter those kinds of information in the application process). However, we do store IP addresses for fraud detection and prevention purposes. These technologies do permit us to deliver focused messages or other such responses to you while you are visiting our site or to provide advertising to you when you are visiting other sites. Any such offers, from TBOM or third parties sponsored or approved by TBOM, will be provided in accordance with the respective sender’s privacy notice and any preferences that you have previously provided to that sender.

You have the ability to manage the use of cookies on your computer using controls in your browser. To learn more about how to manage cookies, visit www.allaboutcookies.org.

How Do We Use the Other Information that You Provide To Us?

When providing identifying information to us, such as by email correspondence with us or by entering information into this site, we may use the information we collect to notify you about important changes to our website.

How Do We Secure Information Transmissions?

When you send personal credit account information through our website, secure server software which we have licensed from Secure Socket Layer (SSL) or Secure Electronic Transaction (SET) encrypts all information you input before it is sent. The information is scrambled en route and decoded once it reaches its destination. Other email that you may send to us may not be secure unless we advise you that security measures will be in place prior to your transmitting the information. For that reason, we ask that you do not send us confidential information such as social security or account numbers through an unsecured email.

How Do We Protect Your Information?

The Servicer uses sophisticated secure technology to protect personal information. Although we have taken reasonable measures to provide for the security of certain information that you send to our site, we cannot guarantee that this information will not be intercepted or decrypted by others. We accept no responsibility for such interception or decryption.

Information Security. We utilize Secure Socket Layer (SSL) and Transport Layer Security to safeguard the confidentiality of personal information from unauthorized access or disclosure and accidental loss, alteration or destruction.

Evaluation of Information Protection Practices. Periodically, our operations and business practices are reviewed for compliance with corporate policies and procedures governing the security, confidentiality and quality of our information.

Employee Access, Training and Expectations. We are committed to the protection of information. In general, our business practices limit employee access to confidential information and the use and disclosure of such information to authorized persons, processes and transactions.

Do We Disclose Information to Outside Parties?

We will provide information about you, website traffic patterns and related website information to our affiliates and/or third parties (including TBOM), as allowed by law.

We also may disclose information provided as described in the section of this document titled How Do We Use the Other Information that You Provide To Us? above.

How Do We Protect Children?

We do not knowingly solicit data from or knowingly market to children. Our website is directed to adult consumers. Parents can use various readily available software packages to prevent their children from accessing websites which they deem to be inappropriate. Parents can choose to utilize other methods to limit the websites to which their children have access.

What About Legally Compelled Disclosure of Information?

We may disclose information when legally compelled to do so; in other words, when we, in good faith, believe that the Servicer requires it or for the protection of our legal rights and as otherwise required by law (such as to respond to the governmental inquiries of TBOM’s regulators).

What About Other Websites Linked to the www.myfortiva.com Website?

We are not responsible for the information practices employed by websites linked to or from our website. Often links to non-Fortiva sites are provided solely as pointers to information on topics that may be of interest to the users of our website.

Please remember that when you use a link to go from our website to another website, the Website Privacy and Security Policy is no longer in effect. Your browsing and interaction on any other website, including websites which have a link on our website, are subject to such other website’s rules and policies. Please read over their rules and policies before proceeding.

Your Consent

By using our website, you consent to our collection and use of your information as described in this Agreement that does not involve transferring nonpublic personal information to unaffiliated third parties. If we change this Agreement for any reason, we will post the changes on our website. We will tell you what information we collect, how we use it and under what circumstances we may disclose it, and we will always provide notices under applicable laws and regulations. We will only share data as allowed by applicable state and federal law.

Copyright ©2023 Atlanticus Services Corporation. All Rights Reserved. Users of this site agree to be bound by the terms of the Website Privacy and Security Policy. We will notify you as required by applicable law of any changes to the Website Privacy and Security Policy.

The Bank of Missouri Privacy Policy
To view The Bank of Missouri Privacy Policy, please click here.

FORTIVA® CREDIT CARD FEATURES TERMS

Cash Back Reward Program Details (if applicable):

How do I earn cash back rewards?

You will earn a 3% cash back reward when you use your credit card for gas and grocery purchases and utility bill payments. You will earn a 1% cash back reward when you use your credit card for other eligible purchases of goods and services and bill payments. Rewards will be earned when the transaction posts to your account and will remain as long as the purchases and bill payments are not returned or credited.

Purchases do NOT include fees or interest charges, balance transfers, cash advances, or purchases of other cash equivalents. Rewards are not earned for pending transactions.

How do I redeem cash back rewards?

All cash back rewards will automatically be redeemed in the form of an annual statement credit against your purchase balance in the anniversary month of your account opening as long as your account is in good standing.

Rewards can only be redeemed as a statement credit, which lowers your account balance. The statement credit cannot be used toward your minimum payment due or your monthly payment. You cannot request that the rewards be provided in cash.

What does ‘account in good standing’ mean?

An account will be deemed in good standing if it is not suspended, restricted, delinquent or otherwise in default. If your account is not in good standing on the anniversary date, you will not lose your rewards, but you must wait until the next anniversary month to be eligible to receive your rewards.

Additional cash back reward program information:

We may change the terms and conditions of this program or end your participation in the program at any time after the
first anniversary date of your account. Void where prohibited. Full terms and conditions are included with the cardholder agreement that will be furnished upon verification of eligibility.

Free Credit Score Details:

Your free credit score will be available at myfortiva.com starting 60 days after your account is opened. (Registration required)

The free VantageScore 4.0 credit score provided by TransUnion® is for educational purpose only. This score may not be used by The Bank of Missouri (the issuer of this card) or other creditors to make credit decisions.

The Fortiva® Credit Card is issued by The Bank of Missouri, Perryville, MO. ©2023