(Effective Date January 1, 2023)

Introduction

This Privacy Policy describes how Kum & Go, L.C. and its affiliates (“Kum & Go” or the “Company”) collect and use Personal Information (as hereinafter defined) when you interact with the Company. These interactions are detailed further below and can occur in a variety of ways, including, visiting our websites (e.g., kumandgo.com), using our mobile applications (e.g., &Rewards loyalty application), submitting job applications, or visiting our retail convenience store locations. This privacy policy applies to all of your interactions with the Company within the United States of America. This Privacy Policy may not apply to websites that are accessible through the Kum & Go, L.C. sites, that are operated by third parties, and we are not responsible for the content of these third-party websites. We encourage you to read the privacy policies of those other sites to learn how they collect, use, share and secure your Personal Information.

Personal Information Defined

“Personal Information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, and might include things like names, addresses, birth dates, demographic information, social security numbers, email addresses, and other similar identifiers as outlined by applicable laws. Personal information does not include de-identified information or aggregated data, transactional data related to purchases at our stores that could not be used to identify a person, or publicly available information.

How Personal Information is Obtained

There are a variety of ways in which Personal Information may be obtained in your interactions with the Company. These interactions primarily include visits to our websites, utilization of our mobile applications, engaging with us on our social media accounts, entering Company sponsored contests, promotions, and sweepstakes, applying for open positions, responding to surveys we conduct (or which are conducted on our behalf) and visiting our retail locations, which may employ technologies to prevent fraud (e.g., video surveillance) and to market products and enhance customer experience (e.g., beacons, Wi-Fi, etc.,). In your interactions with the Company, Personal information is typically obtained directly from you, through use of online technologies, technologies at our stores, or as provided to us by 3rd party business partners. We may also receive your Personal Information from other sources with your consent or as otherwise permitted by law. By utilizing and interacting with our website, mobile applications, and products and services, as outlined and described herein, you are providing your consent to the collection, use and disclosure of Personal Information as set forth in this Privacy Policy or as otherwise permitted by law. At times your express consent is required and at other times your consent might be implied (e.g., through use of our website or mobile applications). We retain Personal Information that is collected for as long as necessary to fulfil the purposes described in this Privacy Policy, unless otherwise required or permitted by law. As may be permitted by applicable law or otherwise provided herein, you can manage the collection and use of your Personal Information and choose how you would like the Company to communicate with you as further explained herein.

How Personal Information is Used

Personal Information is used to provide you our products and services, to market our products, to improve our business and your experience with us, for commercial purposes, and for other reasons as described herein and as permitted by law. More specifically, we will collect and use Personal Information which we broadly and generally categorize as follows:

• Transactional – Provision of Kum & Go Products and Services
• Marketing and Advertising of Kum & Go Products and Services
• Data Analytics and Brand Strategy – Understanding our Customers and the Retail Industry
• Legal Compliance and Risk Mitigation

Within one or more of these categories, we articulate the following as business reasons for which Personal Information is collected and used:

• Processing transactions and fulfill requests for products and services, including age verification relating to the marketing and/or sale of age restricted products;
• Creating, administering, and maintaining your accounts, and allowing you to earn loyalty points and redeem rewards (e.g., loyalty &Rewards account);
• Responding to your inquiries and requests for information;
• Administering sweepstakes, promotions or surveys;
• Evaluating product offerings and services and recommending products to customers;
• Verifying your identity and verifying your eligibility to purchase certain age restricted products and participate in our programs;
• Improving the effectiveness of our websites and mobile applications;
• Conducting market research and analysis;
• Sending marketing communications;
• Reviewing job applications;
• Allowing you to make purchases at our stores without having to check out at the cashier, if you have subscribed to this service;
• Xonducting research projects with academic institutions and research partners for statistical or scholarly research purposes;
• Carrying out any other purpose described to you at the time the information was collected;
• Performing other business activities as needed or permitted by law.

Sharing

Except as provided herein, Kum & Go does not share or otherwise sale your Personal Information. Furthermore, Kum & Go does not collect, share, or sell any “sensitive personal information” as that is defined in the California Consumer Privacy Act.

&Rewards Loyalty Members: As a means of improving our products and services, improving your customer experience, for commercial and marketing purposes, and for other reasons outlined herein or as permitted by law, Kum & Go may share Personal Information of those of its consumers that participate in its &Rewards loyalty program within Kum & Go and its affiliates, with our third-party business partners and marketing partners (e.g., companies assisting Kum & Go with its products, services, and marketing and business strategy) and with other service providers for the purposes described in this Privacy Policy, and as it may deem appropriate as permitted by applicable law. Some of these business partners assisting Kum & Go with its marketing activities also use the Personal Information for their own commercial purposes. We may also share aggregated and/or deidentified data with third parties for analysis and research purposes. Options available to you for managing the Company’s use of your Personal Information are explained herein in the section of this Privacy Policy entitled CHOICES REGARDING YOUR PERSONAL INFORMATION.

As Required by Law: In addition, from time to time, we may be required to share Personal Information in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we believe to be unlawful and to share certain Personal Information when reasonably necessary to protect the safety, rights, or property of others and ourselves. We may also transfer Personal Information in the event of a corporate sale, merger, acquisition, dissolution or similar event.

Choices Regarding Your Personal Information

There are various methods that may be available to you to manage the collection and use of your Personal Information depending upon how you interact with the Company, the technology employed, and the requirements of applicable law.

Kumandgo.com Website. When you visit websites like kumandgo.com, the websites automatically collect small text files (“Cookies”) that remember your visit and any choices you might make in your use of the website. Although some Cookies are required for a website to operate, you can manage collection of many types of Cookies either through “cookie consent” pop-ups on our website or through altering the settings in your website browser. Please note that blocking or deleting Cookies may result in a loss of functionality of certain features on our websites and mobile applications.

Email, Text Messaging, Mobile Application Push Notifications and Alert. Through your interactions with the Company’s website, mobile applications, and programs and services, you may elect to provide the Kum & Go with your name, address, email address, mobile phone number, and other similar information. Each of these different modes of communication provide options for you to manage the way in which we communicate with you. For example, you can unsubscribe from email lists by clicking the “unsubscribe” link in our emails, opt out of text messages you receive in accordance with the instructions provided by such text messages and/or as identified in Company mobile applications, and modify the notification and alert settings within your mobile device related to the use of Kum & Go mobile applications. Opting out of such communications may impact your ability to learn about special promotions or contests we run, and we may still send you communications relating to your transactions with us, including emails about your account or purchases.

Customer Accounts. Various Kum & Go programs and services may involve the establishment of a customer account, such as are used for the &Rewards customer loyalty program. You can manage your communication preferences with us within your relevant customer account. For example, &Rewards loyalty members can contact the Company at the contract information noted below in “Contacting Kum & Go, L.C.” to delete their &Rewards account if they wish to do so.

Employment with Kum & Go. The laws regulating information in the context of the employment relationship, or in considering of applications for employment, are separate and distinct from those laws regulating online privacy. Information disclosed to us in the context of employment or by applicants for positions with Kum & Go are used solely for those purposes and the information employees and applicants provide to us are maintained in accordance with the requirements of applicable law.

Contacting Kum & Go, L.C. If you (i) have any concerns or questions about this Privacy Policy, or (ii) (iii) wish to report a known or suspected privacy or security breach or to submit privacy or security-related questions or complaints, you may contact us using the following methods appropriate under the circumstances:

1. Follow the directions on a marketing e-mail or direct mail marketing communication you receive from us.

2. If you’ve created an account on KumandGo.com or one of our mobile applications, you can update your online account information after logging into your account

3. Call (888) 458-6646 with your request and current contact information.

4. Send a letter with your request and current contact information to: Kum & Go, L.C. Attn: Customer Relations 1459 Grand Ave Des Moines, IA 50309

5. Complete the Request Form accessible https://www.kumandgo.com/contact-us/

Managing Your Personal Information. Subject to the requirements and limitations of applicable laws, you may submit a verifiable consumer request to the Company at the contact information listed under the heading “Contacting Kum & Go, L.C.” asking that the Company take any of the following actions described below:

1. Right to Know. As to Personal Information that was actually collected in the preceding 12 months and sold or disclosed for business purposes in the preceding 12 months, identify (a) the categories of personal information collected; (b) specific pieces of personal information collected; (c) the categories of sources from which the business collected personal information; (d) the purposes for which the business uses the personal information; (e) the categories of third parties with whom the business shares the personal information; (f) the categories of information that the business sells or discloses to third parties.

2. Right to Delete and Correct. As to some, but not all information, you may request that Kum & Go delete the Personal Information it has collected and/or maintained about you. To do so, please see the heading above called “Contacting Kum & Go” under the heading Choices Regarding Your Personal Information. Note, we may need to retain certain Personal Information as permitted by law. Furthermore, beginning in 2023 the California Privacy Rights Act may provide California residents with the right to correct certain Personal Information.

3. Right to Opt-Out. Companies that sell their consumers information have to provide those consumers a right to “opt-out” of the sale of their Personal Information. We may share or sell to our 3rd party marketing and business partners the Personal Information of our &Rewards loyalty members. Accordingly, those &Rewards loyalty customers may opt-out of the sale of their Personal Information by contacting the Company at the contact information listed under the heading “Contacting Kum & Go, L.C. and requesting that the their Personal Information not be shared.

4. Non-Discrimination. Consumers that exercise their rights under this Privacy Policy will not be unlawfully discriminated against because of the exercise of those rights. However, as further explained herein, eligibility and continued participation in certain programs and services of the Company may require the retention and use of Personal Information.

Security of your Personal Infromation

Kum & Go knows that information is an important asset and must be managed to ensure its confidentiality and integrity. Kum & Go has instituted information security measures and controls to safeguard information from unauthorized or accidental modification, disclosure and/or destruction and to ensure information is available and usable as needed to conduct business. In this regard, Kum & Go has aligned with the Center for Internet Security (CIS) CIS Controls framework, and has reviewed, selected and tailored the 20 specific controls defined in the CIS framework and adopted them as the compliance standards for the organization. However, Kum & Go, L.C. cannot ensure or warrant the security of any information you transmit to us by e-mail, cellular networks, or over the internet, and you do so at your own risk.

Third-party Ad Providers

The Kum & Go, L.C. websites use third party service providers to serve ads across the Internet and to analyze website traffic on our behalf. They may collect anonymous information about your visits to our website and your interaction with our ads. These companies may use technologies similar to those outlined above to measure the effectiveness of ads and e-mails. They may also use information about your visits to our Web site so that we can provide advertisements about goods and services. No personally identifiable information is collected in this process. We may share anonymous information with this service provider in an aggregate form, for purposes of analysis and improvement of our site.

Personal Information of Children Under the Age of 16

Our products, services, and programs are intended for the general public in the states where we have retail store locations and, except as explicitly qualified below, are not intended for individuals under the age of 16. We do not knowingly collect Personal Information from persons under the age of 16, but we do collect information from participants of our &Rewards loyalty program, with their consent, which program is open to persons 13 years old and older.

Privacy Policy Changes

We may make changes to this Privacy Policy from time to time as we deem appropriate and/or as may be required by law. Please note the effective date of the Privacy Policy. Any changes we make will become effective when we post a modified version of the policy on our websites and apps. By continuing to participate in our programs, or using our services or purchase our products after the modified version of the Privacy Policy has been posted or you have been informed of such update, you are accepting the changes to the Privacy Policy. If you do not agree to this Privacy Policy or any subsequent changes in our Privacy Policy, it is your responsibility to stop participating in our programs, and/or using our services or purchasing our products. It is your obligation to ensure that you have read, understand and agree to the latest version of the Privacy Policy.