Updated 6/19/23

Effective Date: 619/23

This Privacy Policy describes how Mattamuskeet Goose Club (“Company,” “we,” “us,” or
“our”), uses, collects, and shares (“Processes”) your personal information when you use our
services (“Services”) and the choices that are available to you with respect to our handling of
your information. By using the Service, you hereby consent to allow us to process information in
accordance with this Privacy Policy. This Privacy Policy may be changed from time to time. You
will be notified of these changes through the date change at the top of the page. We encourage
our customers to review the Privacy Policy before interacting in order to stay informed about the
company’s practices.

Questions or concerns? Reading this privacy policy will help you understand your privacy
rights and choices. If you do not agree with our policies and practices, please do not use our
Services. If you still have any questions or concerns, please contact us at 
nik@mattamuskeetgooseclub.com.

SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details
about any of these by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we
may process personal information depending on how you interact with Mattamuskeet Goose
Club and the Services, the choices you make, and the products and features you use. Learn more
about personal information you disclose to us.

Do we process any sensitive personal information? We may process sensitive personal
information, when necessary, with your consent or as otherwise permitted by applicable law.
Learn more about sensitive information we process.

Do we receive any information from third parties? We may receive information from public
databases, marketing partners, social media platforms, and other outside sources. Learn more
about information collected from other sources.

How do we process your information? We process your information to provide, improve, and
administer our Services, communicate with you, for security and fraud prevention, and to comply
with law. We may also process your information for other purposes with your consent. We
process your information only when we have a valid legal reason to do so. Learn more
about how we process your information.

In what situations and with which parties do we share personal information? We may share
information in specific situations and with specific third parties. Learn more about when and
with whom we share your personal information.

How do we keep your information safe? We have organizational and technical processes and
procedures in place to protect your personal information. However, no electronic transmission
over the internet or information storage technology can be guaranteed to be 100% secure, so we
cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will
not be able to defeat our security and improperly collect, access, steal, or modify your
information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable
privacy law may mean you have certain rights regarding your personal information. Learn more
about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us.
We will consider and act upon any request in accordance with applicable data protection laws.

This Privacy Policy is subject to the provisions of the General Data and Protection
Regulation (“GDPR”), and the California Consumer Privacy Act of 2018 (“CCPA”), and
other applicable privacy laws. Mattamuskeet Goose Club agrees that under the GDPR, it
is a data “Controller” and you , if you are an individual and reside in the United Kingdom,
Northern Ireland, the European Union, or Switzerland (collectively, and for the purposes
of the Privacy Policy, the “EEA”), are a “Data Subject” with certain protected privacy
rights concerning your “Personal Data.” Similarly, under the CCPA, we are a “Business”,
and you, if you are an individual residing in California, are a “Consumer” with certain
protected privacy rights concerning your “Personal Information”. We will take
commercially reasonable steps to maintain compliance with GDPR and CCPA
requirements. Your Personal Data and Personal Information may identify you as a person,
and thus may be referred to as Personally Identifiable Information (“PII”).

Want to learn more about what Mattamuskeet Goose Club does with any information we
collect? Review the privacy notice in full.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
   3.WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
4. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
8. TERRITORIALITY
   9.’EUROPEAN UNION’ PRIVACY RIGHTS
9. HOW LONG DO WE KEEP YOUR INFORMATION?
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
11. DO WE COLLECT INFORMATION FROM MINORS?
12. WHAT ARE YOUR PRIVACY RIGHTS?
13. CONTROLS FOR DO-NOT-TRACK FEATURES
    15.DO CALIFORNIA RESIDENTS SHAVE SPECIFIC PRIVACY RIGHTS?
    16.DO VIRGINIA RESIDENTS SHAVE SPECIFIC PRIVACY RIGHTS?
    17.DO WE MAKE UPDATES TO THIS NOTICE?
14. HOW CAN YOU REVIEW, UODATE, OR DELETE THE DATA WE COLLECT FROM
    YOU?
15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
16. WHAT INFORMATION DO WE COLLECT?

a. Personal Information You Disclose to Us

In Short: We collect personal information that you provide to us.

We collect personal information provided to us when you use our website; provide product
reviews; call us on the phone; create an online account; sign up to receive our emails; participate
in a sweepstakes, contest, promotion or survey; communicate with us via third-party social
media sites; request customer support; apply for and/or participate in our loyalty program; or
otherwise communicate with us.

Personal Information Provided by You. The personal information that we collect depends on
the context of your interactions with us and the Services, the choices you make, and the products
and features you use. The personal information we collect may include the following:

 names
 phone numbers
 email addresses
 billing/shipping address
 product preferences
 demographic information
 usernames
 passwords
 contact preferences
 contact or authentication data
 billing addresses
 payment card information
 any other personal information you choose to provide

Sensitive Information. When necessary, with your consent or as otherwise permitted by
applicable law, we process the following categories of sensitive information:

Payment Data. We may collect data necessary to process your payment if you make
purchases, such as your payment instrument number, and the security code associated
with your payment instrument. All payment data is stored by PayPal. You may find their
privacy notice link(s) here: https://www.paypal.com/us/legalhub/privacy-
full#personalData.

Social Media Login Data. We may provide you with the option to register with us using
your existing social media account details, like your Facebook, Twitter, or other social
media account. If you choose to register in this way, we will collect the information
described in the section called “HOW DO WE HANDLE YOUR SOCIAL
LOGINS?” below.

Application Data. If you use our application(s), we also may collect the following
information if you choose to provide us with access or permission:
 Geolocation Information. We may request access or permission to track
location-based information from your mobile device, either continuously or
while you are using our mobile application(s), to provide certain location-
based services. If you wish to change our access or permissions, you may do
so in your device’s settings.

This information is primarily needed to maintain the security and operation of our
application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and
you must notify us of any changes to such personal information.

b. Information Automatically Collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and
device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This
information does not reveal your specific identity (like your name or contact information) but
may include device and usage information, such as your IP address, browser and device
characteristics, operating system, language preferences, referring URLs, device name, country,
location, information about how and when you use our Services, and other technical information.
This information is primarily needed to maintain the security and operation of our Services, and
for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:
 Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and
performance information our servers automatically collect when you access or use
our Services and which we record in log files. Depending on how you interact with
us, this log data may include your IP address, device information, browser type, and
settings and information about your activity in the Services (such as the date/time
stamps associated with your usage, pages and files viewed, searches, and other
actions you take such as which features you use), device event information (such as
system activity, error reports (sometimes called “crash dumps”), and hardware
settings).

 Device Data. We collect device data such as information about your computer,
phone, tablet, or other device you use to access the Services. Depending on the device
used, this device data may include information such as your IP address (or proxy
server), device and application identification numbers, location, browser type,
hardware model, Internet service provider and/or mobile carrier, operating system,
and system configuration information.

 Location Data. We collect location data such as information about your device’s
location, which can be either precise or imprecise. How much information we collect
depends on the type and settings of the device you use to access the Services. For
example, we may use GPS and other technologies to collect geolocation data that tells
us your current location (based on your IP address). You can opt out of allowing us to
collect this information either by refusing access to the information or by disabling
your Location setting on your device. However, if you choose to opt out, you may not
be able to use certain aspects of the Services.

 Transaction Information: When you purchase or return a product, we collect
information about the transaction, such as product details and the date and location of
the purchase/return.

 Information Collected by Cookies and Similar Tracking Technologies We (and our
service providers) use cookies, web beacons (also known as “tracking pixels”) and
similar tracking technologies to collect information about you when you interact with
our online Services or emails, including information about your browsing and
purchasing behavior. We may combine this information with other information we
collect about you and use it for various purposes, such as improving our websites and
your online experience, understanding which areas and features of our sites are
popular counting visits, understanding campaign effectiveness, tailoring our
communications with you, determining whether an email has been opened and links
within the email have been clicked and for other internal business purposes. For more
information about cookies and how to disable them, please see the “Cookies” section
below.

c. Information Collected From Other Sources

In Short: We may collect limited data from public databases, marketing partners, social media
platforms, and other outside sources.

In order to enhance our ability to provide relevant marketing, offers, and services to you and
update our records, we may obtain information about you from other sources, such as public
databases, joint marketing partners, affiliate programs, data providers, social media
platforms, and from other third parties. This information includes mailing addresses, job titles,
email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP)
addresses, social media profiles, social media URLs, and custom profiles, for purposes of
targeted advertising and event promotion. If you interact with us on a social media platform
using your social media account (e.g., Facebook or Twitter), we receive personal information
about you such as your name, email address, and gender. Any personal information that we
collect from your social media account depends on your social media account’s privacy settings.

Information collected when you use our Facebook application(s). We by default access
your Facebook basic account information, including your name, email, gender, birthday, current
city, and profile picture URL, as well as other information that you choose to make public. We
may also request access to other permissions related to your account, such as friends, check-ins,
and likes, and you may choose to grant or deny us access to each individual permission. For
more information regarding Facebook permissions, refer to the Facebook Permissions
Reference page.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services,
communicate with you, for security and fraud prevention, and to comply with law. We may also
process your information for other purposes with your consent.

We process your personal information described above: As necessary to fulfill our
responsibilities under our contract with you (e.g., processing payments for and providing the
products you have ordered); As necessary for our legitimate interests, including our interest in
providing relevant and secure Services and improving our Services and products; As necessary
to comply with our legal obligations; or As consistent with your consent, which you may revoke
at any time.

We process your personal information for a variety of reasons, depending on how you
interact with our Services, including:
 To facilitate account creation and authentication and otherwise manage user
accounts. We may process your information so you can create and log in to your
account, as well as keep your account in working order.
 To deliver and facilitate delivery of services to the user. We may process your
information to provide you with the requested service.
 To respond to user inquiries/offer support to users. We may process your information
to respond to your inquiries and solve any potential issues you might have with the
requested service.
 To send administrative information to you. We may process your information to send
you details about our products and services, changes to our terms and policies, and other
similar information.
 To fulfill and manage your orders. We may process your information to fulfill and
manage your orders, payments, returns, and exchanges made through the Services.
 To enable user-to-user communications. We may process your information if you
choose to use any of our offerings that allow for communication with another user.
 To request feedback. We may process your information when necessary to request
feedback and to contact you about your use of our Services.
 To deliver targeted advertising to you. We may process your information to develop
and display personalized content and advertising tailored to your interests, location, and
more.
 To post testimonials. We post testimonials on our Services that may contain personal
information.

 To protect our Services. We may process your information as part of our efforts to keep
our Services safe and secure, including fraud monitoring and prevention.
 To administer prize draws and competitions. We may process your information to
administer prize draws and competitions.
 To evaluate and improve our Services, products, marketing, and your
experience. We may process your information when we believe it is necessary to identify
usage trends, determine the effectiveness of our promotional campaigns, and to evaluate
and improve our Services, products, marketing, and your experience.
 To identify usage trends. We may process information about how you use our Services
to better understand how they are being used so we can improve them.
 To determine the effectiveness of our marketing and promotional campaigns. We
may process your information to better understand how to provide marketing and
promotional campaigns that are most relevant to you.
 To comply with our legal obligations. We may process your information to comply
with our legal obligations, respond to legal requests, and exercise, establish, or defend
our legal rights.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS
   YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we
have a valid legal reason (i.e. legal basis) to do so under applicable law, like wit you consent, to
comply with laws, to provide you with services to enter into or fulfill contractual obligations, to
protect your right, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid
legal bases we rely on in order to process your personal information. As such, we may rely on
the following legal bases to process your personal information:

 Consent. We may process your information if you have given us permission (i.e.
consent) to use your personal information, for a specific purpose. You can
withdraw your consent at any time.
 Legal Obligations. We may process your information where we believe it is
necessary for compliance with our legal obligations, such as to cooperate with a
law enforcement body or regulatory agency, exercise or defend our legal rights, or
disclose your information as evidence in litigation in which we are involved.
 Vital Interests. We may process your information where we believe it is
necessary to protect your vital interests or the vital interests of a third party, such
as situations involving potential threats to the safety of any person.

4. WHEN AND WITH WHOM DO WE SHARE YOUR
   PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with
the following third parties.

We may need to share your personal information in the following situations:
 Business Transfers. We may share or transfer your information in connection with, or
during negotiations of, any merger, sale of company assets, financing, or acquisition of
all or a portion of our business to another company.
 Affiliates. We may share your information with our affiliates, in which case we will
require those affiliates to honor this privacy notice. Affiliates include our parent company

and any subsidiaries, joint venture partners, or other companies that we control or that are
under common control with us.
 Business Partners. We may share your information with our business partners to offer
you certain products, services, or promotions.

5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

In Short: We are not responsible for the safety of any information that you share with third
parties that we may link to or who advertise on our Services, but are not affiliated with, our
Services.

The Services may link to third-party websites, online services, or mobile applications and/or
contain advertisements from third parties that are not affiliated with us and which may link to
other websites, services, or applications. Accordingly, we do not make any guarantee regarding
any such third parties, and we will not be liable for any loss or damage caused by the use of such
third-party websites, services, or applications. The inclusion of a link towards a third-party
website, service, or application does not imply an endorsement by us. We cannot guarantee the
safety and privacy of data you provide to any third parties. Any data collected by third parties is
not covered by this privacy notice. We are not responsible for the content or privacy and security
practices and policies of any third parties, including other websites, services, or applications that
may be linked to or from the Services. You should review the policies of such third parties and
contact them directly to respond to your questions.

6. DO WE USE COOKIES AND OTHER TRACKING
   TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your
information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or
store information. Specific information about how we use such technologies and how you can
refuse certain cookies is set out in our Cookie Notice.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we
may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media
account details (like your Facebook or Twitter logins). Where you choose to do this, we will
receive certain profile information about you from your social media provider. The profile
information we receive may vary depending on the social media provider concerned, but will
often include your name, email address, friends list, and profile picture, as well as other
information you choose to make public on such a social media platform. If you log in using
Facebook, we may also request access to other permissions related to your account, such as your
friends, check-ins, and likes, and you may choose to grant or deny us access to each individual
permission.

We will use the information we receive only for the purposes that are described in this privacy
notice or that are otherwise made clear to you on the relevant Services. Please note that we do
not control, and are not responsible for, other uses of your personal information by your third-
party social media provider. We recommend that you review their privacy notice to understand
how they collect, use, and share your personal information, and how you can set your privacy
preferences on their sites and apps.

8. TERRITORIALITY

Regardless of where our servers are located, your personal data may be processed by us in the
United States, where data protection and privacy regulations may or may not be to the same level
of protection as in other parts of the world. In all instances in this Privacy Policy, “our servers”
means servers that we own or on which the Service is hosted, or which are otherwise utilized by
the Service. BY VISITING THE SITES AND USING THE SERVICE, YOU
UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND
PROCESSING IN THE UNITED STATES OF ANY INFORMATION COLLECTED OR
OBTAINED BY US THROUGH VOLUNTARY SUBMISSIONS, AND, TO THE EXTENT
POSSIBLE, THAT U.S. LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.

9. ‘EUROPEAN UNION’ PRIVACY RIGHTS

If you currently reside in the EEA, the GDPR applies to your PII and you are a Data Subject. The
GDPR requires that we, as a Controller, have a legal basis to process your PII.

We process your PII under one or more of the following legal bases:
 To perform the contract that we are about to enter with you (e.g. our Terms of Service);
 Processing is necessary for our legitimate interests (or those of a third party) and your
interests and fundamental rights do not override those interests;
 To comply with a legal obligation; and/or
 If we have your consent to do so.

Under the GDPR, as a Data Subject you have certain rights. They are:
 The right to be informed. This is your right to be informed about what they are
processing, why, and who else the data may be passed to.
 The right of access. This is your right to see what data about you is held by us.
 The right to erasure. This is the right to have your personal data to be deleted in the
event that such data is no longer required for the purposes it was collected for, your
consent for the processing of the data is withdrawn, or the data is being unlawfully
processed.

 The right to restrict processing. This is the right to ask for a temporary halt to
processing of your personal data, such as in the case where a dispute or legal case has to
be concluded, or the data is being corrected.
 The right to data portability. This is the right to ask for your personal data to be
provided to you in a structured, commonly used, and machine-readable format.
 The right to object. This is the right to object to further processing your personal data if
such processing is inconsistent with the primary purposes for which it was collected.
 Rights in relation to automated decision making and profiling. This is the right to not
be subject to a decision based solely on automated processing. The service does not
engage in automated decision making and profiling.

You can find instructions for enforcing some of these rights elsewhere in this Privacy Policy.
Otherwise, if you wish to find out more about these rights, please contact us at
nik@mattamuskeetgooseclub.com.

10. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in
this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set
out in this privacy notice, unless a longer retention period is required or permitted by law (such
as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping
your personal information for longer than the period of time in which users have an account with
us.

When we have no ongoing legitimate business need to process your personal information, we
will either delete or anonymize such information, or, if this is not possible (for example, because
your personal information has been stored in backup archives), then we will securely store your
personal information and isolate it from any further processing until deletion is possible.

11. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and
technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures
designed to protect the security of any personal information we process. However, despite our
safeguards and efforts to secure your information, no electronic transmission over the Internet or
information storage technology can be guaranteed to be 100% secure, so we cannot promise or
guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to
defeat our security and improperly collect, access, steal, or modify your information. Although
we will do our best to protect your personal information, transmission of personal information to
and from our Services is at your own risk. You should only access the Services within a secure
environment.

12. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 13 years of age.

We do not knowingly collect any information from any minors, and we comply with all
applicable privacy laws including the GDPR, the CCPA, the USA’s Children’s Online Privacy
Protection Act (“COPPA”) and associated Federal Trade Commission (“FTC”) rules for
collecting personal information from minors. Please see the FTC’s website (www.ftc.gov) for
more information. If you have concerns about our Site(s), wish to find out if your child has
accessed our services, or wish to remove your child’s personal information from our servers,
please contact us at nik@mattamuskeetgooseclub.com. Our Site(s) will not knowingly accept
personal information from anyone under 13 years old in violation of applicable laws, without

consent of a parent or guardian. In the event that we discover that a child under the age of 13 has
provided PII to us, we will make efforts to delete the child’s information in accordance with
COPPA. If you believe that your child under 13 has gained access to our Site(s) without your
permission, please contact us at nik@mattamuskeetgooseclub.com.

13. WHAT ARE YOUR PRIVACY RIGHTS?

In Short:  You may review, change, or terminate your account at any time.
 
If you are located in the EEA or UK and you believe we are unlawfully processing your personal
information, you also have the right to complain to your Member State data protection
authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information
Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal
information, which may be express and/or implied consent depending on the applicable law, you
have the right to withdraw your consent at any time. You can withdraw your consent at any time
by contacting us by using the contact details provided in the section “HOW CAN YOU
CONTACT US ABOUT THIS NOTICE?” below.

However, please note that this will not affect the lawfulness of the processing before its
withdrawal nor, when applicable law allows, will it affect the processing of your personal
information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our
marketing and promotional communications at any time by or by contacting us using the details
provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.
You will then be removed from the marketing lists. However, we may still communicate with
you — for example, to send you service-related messages that are necessary for the

administration and use of your account, to respond to service requests, or for other non-
marketing purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate
your account, you can:
 Log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and
information from our active databases. However, we may retain some information in our files to
prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms
and/or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us
at nik@mattamuskeetgooseclub.com.

14. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-
Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to
have data about your online browsing activities monitored and collected. At this stage no
uniform technology standard for recognizing and implementing DNT signals has been finalized.
As such, we do not currently respond to DNT browser signals or any other mechanism that
automatically communicates your choice not to be tracked online. If a standard for online
tracking is adopted that we must follow in the future, we will inform you about that practice in a
revised version of this privacy notice.

15. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY
    RIGHTS?

In Short: Yes, if you are a resident of California, you are granted specific rights regarding
access to your personal information.

Consumers Rights Under the CCPA.

California consumers have the right to request that we disclose Personal Information we have
collected about them in the previous 12 months including, but not limited to, the categories of
information collected by us, the source(s) of such information by category, and the purpose for
collecting such information. This right may not be exercised more than twice in a 12 month
period. In the previous 12 months, we have collected the following categories of Personal
Information about consumers;
 Identifiers. Identifiers can be your name, unique personal identifiers (device identifier, IP
Address, cookies, beacons, pixel tags, mobile ad identifiers), email, phone number, and
similar information;
 Personal Information Under the California Customer Records Law (Cal. Civ. Code
§1798.80) (“CCRLPI”), which is similar in nature to Identifiers;
 Commercial Information. Commercial information includes records of personal
property, products or services purchased, obtained, or considered, or other purchased or
consuming histories or tendencies;
 Geolocation Data. Such geolocation data may include GPS data;
 Internet/Network Activity. Internet Activity Information includes browsing history,
cookies, search history and a consumer’s interaction with a website; and
 Inferences drawn from any other category of Personal Information.

We collect Personal Information in the above categories from the consumers themselves, third
parties, marketing partners, data brokers/aggregators, and by automatic means for the purposes
described in this Privacy Policy, and as required to comply with applicable law.
 As a California consumer, you also have the right to request that we tell you which of
your Personal Information we have disclosed for a business purpose, or sold, in the
previous 12 months. With respect to Personal Information being disclosed for a business

purpose, the consumer shall receive the categories of information disclosed and the types
of entities they have been disclosed to. This right may not be exercised more than twice
in a 12 month period. For Personal Information being sold, this includes the categories of
information being sold and the categories of third parties to whom it is being sold. In the
past 12 months, we have disclosed Personal Information falling under the following
categories of Personal Information:
o Identifiers;
o CCRLPI;
o Internet/Network activity;
o Commercial Information; and
o Geolocation Data.

We have sold Personal Information to vendors, marketing partners, data brokers and aggregators,
and other third parties for the purposes described in this Privacy Policy.
 You have the right to opt out of the sale of your Personal Information, if applicable. To
do so, please go to this address, [INSERT WEB ADRESS LINK FOR DNS] , and follow
the instructions. You can also email us at nik@mattamuskeetgooseclub.com, with “Do
Not Sell My Information” in the subject line from the email address that we have on file
for you.
 You also have the right to request the deletion of the Personal Information that we have
collected from you at any time. However, we may not be required to comply with such
request under several circumstances including, but not limited to, when the data is
necessary for the underlying transaction, to comply with applicable law, to detect security
incidents, to debug glitches, and for our internal purposes.
 In the event that you exercise one of your rights under the CCPA, you have the right to
not be discriminated against by us in any way, including by the denial of goods or
services, providing you a different level of goods or services, or charging you different
prices or rates for the goods or services, unless the change in price is reasonably related
to the value you receive from your Personal Information.

B. How do you exercise your rights under the CCPA?

 You may submit your requests to exercise your rights under the CCPA by emailing us at
nik@mattamuskeetgooseclub.com. When submitting a request via email, please
indicate which CCPA right you wish to exercise and provide sufficient information to
allow us to locate your file.
 We will acknowledge receipt of your request within 10 business days of receiving it, and
will do our very best to respond within 45 calendar days of receipt of your request, and in
no event will our response come more than 90 days after receiving your request. If we
are unable to provide our response within the first 45-day window, we shall notify you as
soon as we become aware of the possible delay and provide an explanation of why
additional time is needed to respond.
 Before we respond to any CCPA based requests to access or delete your Personal
Information, we will take steps to reasonably verify the identity of the person making the
request (“Requestor”) to make sure it’s you, or your authorized agent. We do this to this
avoid disclosing your information to third parties and bad actors, not to inconvenience
you in any way. To do this, we will ask the Requestor to confirm at least two pieces of
information that we have in our files. As the sensitivity of the information being
requested goes up, we will ask the Requestor to confirm more pieces of information. If an
agent is acting on behalf of the consumer, we will need to also verify the agent’s identity
and their authority to act on the consumer’s behalf. For requests to delete information,
after verification, we will confirm the consumer’s desire to delete one final time before
actually deleting the information. If the identity of the Requestor cannot be reasonably
verified, either as the consumer or their agent, then in order to protect that consumer, we
shall not disclose the Personal Information requested.

16. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY
    RIGHTS?

In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding
access to and use of your personal information.

Virginia CDPA Privacy Notice

Under the Virginia Consumer Data Protection Act (CDPA):
 “Consumer” means a natural person who is a resident of the Commonwealth acting only
in an individual or household context. It does not include a natural person acting in a
commercial or employment context.
 “Personal data” means any information that is linked or reasonably linkable to an
identified or identifiable natural person.
 “Personal data” does not include de-identified data or publicly available information.
 “Sale of personal data” means the exchange of personal data for monetary consideration.
If this definition “consumer” applies to you, we must adhere to certain rights and
obligations regarding your personal data.

The information we collect, use, and disclose about you will vary depending on how you interact
with Mattamuskeet Goose Club and our Services.

Your rights with respect to your personal data
 Right to be informed whether or not we are processing your personal data
 Right to access your personal data
 Right to correct inaccuracies in your personal data
 Right to request deletion of your personal data
 Right to obtain a copy of the personal data you previously shared with us
 Right to opt out of the processing of your personal data if it is used for targeted
advertising, the sale of personal data, or profiling in furtherance of decisions that produce
legal or similarly significant effects (“profiling”)

Mattamuskeet Goose Club sells personal data to third parties or processes personal data for
targeted advertising. Please see the following section to find out how you can opt out from
further selling or sharing of your personal data for targeted advertising or profiling purposes.

Exercise your rights provided under the Virginia CDPA

More information about our data collection and sharing practices can be found in this privacy
notice. You can opt out from the selling of your personal data, targeted advertising, or profiling
by disabling cookies in Cookie Preference Settings. You may contact us by email
at nik@mattamuskeetgooseclub.com or by referring to the contact details at the bottom of this
document. If you are using an authorized agent to exercise your rights, we may deny a request if
the authorized agent does not submit proof that they have been validly authorized to act on your
behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and
your consumer’s request. If you submit the request through an authorized agent, we may need to
collect additional information to verify your identity before processing your request. Upon
receiving your request, we will respond without undue delay, but in all cases, within forty-five
(45) days of receipt. The response period may be extended once by forty-five (45) additional
days when reasonably necessary. We will inform you of any such extension within the initial 45-
day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and
reasoning behind it. If you wish to appeal our decision, please email us
at nik@mattamuskeetgooseclub.com. Within sixty (60) days of receipt of an appeal, we will
inform you in writing of any action taken or not taken in response to the appeal, including a
written explanation of the reasons for the decisions.

17. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by
an updated “Revised” date and the updated version will be effective as soon as it is accessible. If
we make material changes to this privacy notice, we may notify you either by prominently
posting a notice of such changes or by directly sending you a notification. We encourage you to
review this privacy notice frequently to be informed of how we are protecting your information.

18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE
    DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the
personal information we collect from you, change that information, or delete it. To request to
review, update, or delete your personal information, please email
nik@mattamuskeetgooseclub.com.

19. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us
at nik@mattamuskeetgooseclub.com or contact us by post at:

[Need Street Number]
Lakeshore Drive Fairfield
NC, US 27826