Privacy Policy

Effective Date: October 15, 2025
Last Updated: October 1, 2025
Version: 2.0

1. Introduction and Scope

This Privacy Policy (“Policy”) describes how Miller Jones, Inc. (“MJ,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with our website located at [website URL] (the “Website”) and any services we provide.

1.1 Who This Policy Applies To

This Policy applies to:

• Visitors: Individuals who visit our Website
• Customers: Individuals who purchase or use our products or services
• Business Contacts: Representatives of companies with whom we do business
• Job Applicants: Individuals who apply for employment with MJ
• Contractors and Vendors: Individuals working with us in a professional capacity

1.2 Jurisdictional Applicability

We are committed to compliance with applicable privacy laws, including:

• The General Data Protection Regulation (GDPR) for individuals located in the European Union (EU) and European Economic Area (EEA)
• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents
• Other applicable U.S. state privacy laws

1.3 Controller Information

For the purposes of GDPR, Miller Jones, Inc. is the data controller responsible for your personal information. You can contact us at:

Miller Jones, Inc.
5930 LBJ Freeway, Suite #250
Dallas, Texas 75240
Email: privacy@millerjonesinc.com
Phone: +1 972.239.5322

1.4 Data Protection Officer

Our Data Protection Officer can be reached at:
Email: dpo@millerjonesinc.com
Address: Miller Jones, Inc., Attn: Data Protection Officer, 5930 LBJ Freeway, Suite #250, Dallas, Texas 75240

1.5 Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will update the “Last Updated” date at the top of this Policy and notify you of material changes by:

• Posting a prominent notice on our Website
• Sending you an email notification (where we have your email address)
• Other appropriate means as required by law

We update this Policy at least annually and recommend that you review it periodically.

2. Legal Basis for Processing Personal Data (GDPR)

Under GDPR, we must have a lawful basis to process your personal data. We rely on the following legal bases:

2.1 Consent

We process certain personal data based on your explicit consent, including:

• Marketing communications and promotional emails
• Optional cookies and tracking technologies (beyond essential cookies)
• Participation in surveys and feedback programs
• Newsletter subscriptions

You have the right to withdraw your consent at any time by contacting us at privacy@millerjonesinc.com or using the unsubscribe mechanism in our communications.

2.2 Contractual Necessity

We process personal data when necessary to:

• Fulfill orders and deliver products or services you have requested
• Create and manage your account
• Process payments and transactions
• Provide customer support
• Communicate with you about your orders or services

2.3 Legitimate Interests

We process personal data based on our legitimate business interests, including:

• Improving and customizing our Website and services
• Conducting internal analytics and research
• Preventing fraud and enhancing security
• Managing our business operations
• Enforcing our legal rights and complying with legal obligations

We have assessed that these interests are not overridden by your rights and freedoms.

2.4 Legal Obligations

We process personal data when required to comply with legal obligations, such as:

• Tax and accounting requirements
• Regulatory compliance
• Responding to law enforcement requests
• Compliance with court orders and legal processes

3. Information We Collect

3.1 Categories of Personal Information

We collect and process the following categories of personal information:

3.1.1 Identifiers

• Full name
• Email addresses
• Phone numbers
• Fax numbers
• Mailing addresses (business and/or personal)
• IP addresses
• Device identifiers
• Online identifiers and cookies

3.1.2 Commercial Information

• Products or services purchased or considered
• Purchase history
• Payment information (processed through third-party payment processors)
• Customer account information

3.1.3 Professional Information

• Job title
• Company name
• Business contact details
• Professional credentials

3.1.4 Demographic Information

• Age range
• Geographic location
• Language preferences
• Other demographic data you provide in surveys

3.1.5 Internet and Network Activity

• Browsing history on our Website
• Search history on our Website
• Interaction with our Website, emails, and advertisements
• Device information (browser type, operating system)

3.1.6 Inferences

• Preferences and interests derived from your activity
• Predicted characteristics and trends
• Customization profiles

3.2 Sensitive Personal Information

We request that you do not send us sensitive personal information such as:

• Social security numbers or national identification numbers
• Information related to racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Health data, biometric, or genetic information
• Criminal background information
• Trade union membership
• Precise geolocation data
• Sexual orientation information

If you do provide us with sensitive personal information, you consent to its processing in accordance with this Policy and applicable law. To avoid processing of sensitive data, please do not submit it.

Under CCPA, if we collect sensitive personal information, we will limit our use of it to purposes permitted by law and provide you with the right to limit its use.

3.3 Sources of Personal Information

We collect personal information from the following sources:

• Directly from you: When you register, make purchases, fill out forms, contact us, or otherwise interact with us
• Automatically: Through cookies, web beacons, and similar tracking technologies when you use our Website
• Third-party data providers: Marketing partners, data analytics providers, and data brokers
• Social media platforms: When you interact with our social media pages or connect your social media accounts
• Publicly available sources: Public databases, social media profiles, and business directories
• Business partners and affiliates: Companies with whom we have business relationships
• Service providers: Third parties who provide services on our behalf

4. How We Use Your Information

We use your personal information for the following specific purposes:

4.1 Service Delivery and Performance

• Processing and fulfilling your orders
• Providing customer support and responding to inquiries
• Creating and managing your account
• Delivering products and services you requested
• Processing payments and managing billing

Legal Basis (GDPR): Contractual necessity, legitimate interests

4.2 Communication

• Sending transactional emails and service updates
• Responding to your questions and requests
• Providing technical support
• Sending important notices about changes to our terms or policies

Legal Basis (GDPR): Contractual necessity, legal obligation, legitimate interests

4.3 Marketing and Promotional Activities

• Sending promotional emails about new products, special offers, or information we think may interest you (with your consent where required)
• Conducting market research and customer surveys
• Personalizing marketing messages based on your preferences

Legal Basis (GDPR): Consent, legitimate interests (where permitted)

You can opt out of marketing communications at any time by clicking the “unsubscribe” link in our emails or contacting us at privacy@millerjonesinc.com.

4.4 Website Improvement and Customization

• Analyzing how you use our Website to improve functionality
• Customizing content and experiences based on your interests
• Conducting A/B testing and user experience research
• Developing new products and services

Legal Basis (GDPR): Legitimate interests, consent (for certain analytics)

4.5 Security and Fraud Prevention

• Protecting against fraud, unauthorized access, and security threats
• Monitoring and investigating suspicious activity
• Enforcing our Terms of Service
• Protecting our legal rights and property

Legal Basis (GDPR): Legitimate interests, legal obligation

4.6 Analytics and Performance Measurement

• Analyzing traffic patterns and Website usage
• Measuring the effectiveness of our marketing campaigns
• Understanding customer behavior and preferences
• Generating statistical and aggregated data

Legal Basis (GDPR): Legitimate interests, consent (for non-essential cookies)

4.7 Legal Compliance

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Maintaining records as required by law
• Enforcing our agreements

Legal Basis (GDPR): Legal obligation, legitimate interests

5. How We Share Your Information

5.1 Categories of Third-Party Recipients

We may share your personal information with the following categories of third parties:

5.1.1 Service Providers

We share information with vendors who perform services on our behalf, including:

• Hosting and infrastructure providers: Cloud storage and server hosting
• Payment processors: To process transactions securely
• Email service providers: For sending communications
• Customer relationship management (CRM) platforms: To manage customer data
• Analytics providers: To analyze Website usage and performance
• Marketing platforms: To manage and send marketing communications
• IT and security services: To maintain and secure our systems

These service providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize.

5.1.2 Marketing and Advertising Partners

With your consent (where required), we may share information with:

• Marketing agencies and consultants
• Advertising networks and platforms
• Social media advertising services
• Co-marketing partners for joint promotional activities

5.1.3 Business Partners and Licensors

We may share information with:

• Strategic business partners for collaborative projects
• Licensors for product fulfillment and service delivery
• Companies we work with to offer integrated services

5.1.4 Professional Advisors

We may share information with:

• Attorneys and legal counsel
• Accountants and auditors
• Business consultants
• Insurance providers

5.1.5 Law Enforcement and Legal Authorities

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, and safety of MJ, our users, or others
• Prevent or investigate fraud, security issues, or illegal activities

5.1.6 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you of any such change and the choices you may have.

5.2 Sale or Sharing of Personal Information (CCPA)

We do not sell your personal information for monetary consideration.

Under CCPA, “sharing” includes disclosing personal information to third parties for cross-context behavioral advertising (targeted advertising). We may share certain information for these purposes with advertising networks and social media platforms.

California residents have the right to opt out of the sale or sharing of personal information. To exercise this right, please:

• Click on the “Do Not Sell or Share My Personal Information” link on our Website
• Email us at privacy@millerjonesinc.com with “CCPA Opt-Out Request” in the subject line
• Call us at +1 972.239.5322

We will process your opt-out request within 15 business days and will not discriminate against you for exercising this right.

5.3 Safeguards for Third-Party Sharing

When we share your personal information with third parties, we:

• Enter into written contracts requiring them to protect your data
• Conduct due diligence on their security and privacy practices
• Limit their use of your information to specified purposes
• Monitor their compliance with applicable privacy laws

6. Cookies, Tracking Technologies, and Similar Tools

6.1 What Are Cookies?

A cookie is a small text file that is placed on your computer’s hard drive or mobile device when you visit a website. Cookies help websites recognize your device and remember information about your visit.

6.2 Types of Cookies We Use

6.2.1 Essential Cookies

These cookies are necessary for the Website to function properly. They enable core functionality such as:

• Security and authentication
• Session management
• Load balancing
• Form submission

Legal Basis: These cookies are necessary for the performance of our Website and do not require consent under GDPR.

6.2.2 Performance and Analytics Cookies

These cookies collect information about how visitors use our Website, including:

• Pages visited and time spent on pages
• Traffic sources and navigation paths
• Error messages encountered
• Website performance metrics

We use this information for statistical analysis and to improve our Website. Examples include Google Analytics.

Legal Basis: Legitimate interests (with consent where required by law)

6.2.3 Functional Cookies

These cookies enable enhanced functionality and personalization, such as:

• Remembering your preferences (language, region)
• Customizing content based on your interests
• Remembering items in your shopping cart
• Providing personalized features

Legal Basis: Legitimate interests, consent (depending on cookie type)

6.2.4 Marketing and Advertising Cookies

These cookies track your browsing activity to:

• Deliver targeted advertisements based on your interests
• Measure the effectiveness of advertising campaigns
• Limit the number of times you see an advertisement
• Enable social media sharing and interactions

Legal Basis: Consent (required under GDPR)

6.3 Third-Party Tracking Technologies

We use third-party services that may place cookies or use similar tracking technologies, including:

• Google Analytics: Website analytics and reporting
• Social media platforms: Facebook, LinkedIn, Twitter pixels for advertising
• Advertising networks: For behavioral advertising and retargeting
• Marketing automation platforms: For email marketing and customer engagement

These third parties may collect information about your online activities over time and across different websites.

6.4 Your Cookie Choices

You have several options for managing cookies:

6.4.1 Cookie Consent Management

When you first visit our Website, we will ask for your consent to use non-essential cookies. You can manage your preferences through our cookie banner or by visiting [Cookie Preferences Page].

6.4.2 Browser Settings

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies. Instructions for popular browsers:

• Chrome: Settings > Privacy and Security > Cookies and other site data
• Firefox: Options > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Manage Website Data
• Edge: Settings > Privacy, Search, and Services > Cookies and site permissions

Note: Blocking all cookies may prevent you from using certain features of our Website.

6.4.3 Opt-Out Tools

• Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on
• Network Advertising Initiative: Visit optout.networkadvertising.org
• Digital Advertising Alliance: Visit optout.aboutads.info

6.4.4 Global Privacy Control (GPC)

We recognize the Global Privacy Control signal. ## 7. Your Privacy Rights

7.1 Rights Under GDPR (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the following rights:

7.1.1 Right of Access

You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about how we use it.

7.1.2 Right to Rectification

You have the right to request that we correct inaccurate or incomplete personal data we hold about you.

7.1.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request that we delete your personal data in certain circumstances, including:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent (where processing was based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed
• The data must be erased to comply with a legal obligation

Exceptions apply, such as when we need to retain data to comply with legal obligations or establish legal claims.

7.1.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain situations, such as:

• You contest the accuracy of the data (while we verify it)
• The processing is unlawful but you don’t want the data erased
• We no longer need the data but you need it for legal claims
• You have objected to processing (while we verify our legitimate grounds)

7.1.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where:

• The processing is based on consent or contract
• The processing is carried out by automated means

Where technically feasible, we will transmit your data directly to another controller at your request.

7.1.6 Right to Object

You have the right to object to processing of your personal data where:

• Processing is based on legitimate interests or public interest
• Processing is for direct marketing purposes (including profiling)

If you object to direct marketing, we will stop processing your data for that purpose immediately.

7.1.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing before withdrawal.

7.1.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred. Contact information for EU supervisory authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en

7.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

7.2.1 Right to Know

You have the right to request that we disclose to you:

• The categories of personal information we collected about you
• The categories of sources from which we collected your personal information
• The business or commercial purpose for collecting, selling, or sharing personal information
• The categories of third parties to whom we disclose personal information
• The specific pieces of personal information we collected about you

You may make a “Right to Know” request up to twice per year, free of charge.

7.2.2 Right to Delete

You have the right to request that we delete personal information we collected from you, subject to certain exceptions such as:

• Completing the transaction for which the information was collected
• Detecting and preventing security incidents or fraud
• Complying with legal obligations
• Internal uses reasonably aligned with your expectations

7.2.3 Right to Correct

You have the right to request that we correct inaccurate personal information we maintain about you.

7.2.4 Right to Opt-Out of Sale/Sharing

You have the right to opt out of the “sale” or “sharing” of your personal information. While we do not sell personal information for money, we may share information for targeted advertising purposes.

To exercise this right, click the “Do Not Sell or Share My Personal Information” link on our Website or contact us at privacy@millerjonesinc.com.

7.2.5 Right to Limit Use of Sensitive Personal Information

If we use or disclose sensitive personal information for purposes beyond what is permitted under CCPA, you have the right to limit such use.

7.2.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including by:

• Denying goods or services
• Charging different prices or rates
• Providing a different level or quality of goods or services
• Suggesting you will receive different prices or quality of goods or services

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request by:

11. Children’s Privacy

11.1 Age Restrictions

Our Website and services are not directed to children. We do not knowingly collect personal information from:

• Children under 16 years of age (GDPR standard)
• Children under 13 years of age (COPPA standard in the United States)

11.2 Parental Consent

If we learn that we have collected personal information from a child under the applicable age without proper parental consent, we will take steps to delete that information as soon as possible.

11.3 Parent or Guardian Rights

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at:

Email: privacy@millerjonesinc.com
Phone: +1 972.239.5322
Mail: Miller Jones, Inc., Attn: Children’s Privacy, 5930 LBJ Freeway, Suite #250, Dallas, Texas 75240

Upon verification, we will:

• Confirm what information we collected
• Delete the information from our systems
• Ensure the child’s account or profile is deactivated (if applicable)
• Take reasonable steps to prevent future unauthorized collection

11.4 Age Verification

In some cases, we may ask users to confirm their age before accessing certain features or services. We reserve the right to request proof of age or parental consent where we suspect a user is under the applicable age threshold.

11.5 Educational and Family Services

If we offer services specifically designed for children with verifiable parental consent, we will:

• Clearly disclose what information we collect from children
• Obtain verifiable parental consent before collection
• Limit collection to what is reasonably necessary for the service
• Provide parents the ability to review, correct, or delete their child’s information
• Maintain strict security measures to protect children’s information
• Online Form: [Link to Privacy Request Form]

Please provide sufficient information to allow us to verify your identity, including your name, email address, and a description of your request.

7.4 Verification Process

To protect your privacy, we will verify your identity before fulfilling your request. We may:

• Request additional information to confirm your identity
• Match the information you provide with information we already maintain
• Use a third-party verification service

We will respond to verified requests within the timeframes required by law:

• GDPR requests: Within one month (extendable by two additional months for complex requests)
• CCPA requests: Within 45 calendar days (extendable by an additional 45 days with notice)

7.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf. To do so, you must:

• Provide the authorized agent written permission
• Verify your own identity with us
• Directly confirm with us that you provided the agent authorization

We may deny requests from agents who do not provide proof of authorization.

8. Data Retention and Deletion

8.1 Retention Principles

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, accounting, or reporting requirements.

8.2 Retention Periods

We use the following criteria to determine retention periods:

Category of Data	Retention Period	Basis
Account information	Duration of account plus 3 years	Contractual necessity, legal compliance
Purchase and transaction records	7 years from transaction	Tax and accounting requirements
Marketing communications data	Until consent is withdrawn or 2 years from last engagement	Consent, legitimate interests
Website analytics data	26 months	Legitimate interests
Customer support records	3 years from last interaction	Legitimate interests, contract fulfillment
Job applicant information	2 years from application	Legitimate interests, legal compliance
Security logs	1 year	Security, legal compliance
Cookies and tracking data	As specified in cookie policy (typically 6-24 months)	Consent, legitimate interests

8.3 Deletion and Anonymization

When retention periods expire, we will:

• Securely delete or destroy personal information
• Anonymize data so it can no longer identify individuals
• Aggregate data for statistical purposes

8.4 Legal Holds

We may retain personal information beyond standard retention periods when:

• Required by law or regulation
• Subject to legal hold or litigation
• Necessary for legal claims or regulatory investigations
• Required to protect the rights and safety of MJ or others

8.5 Requesting Deletion

You may request deletion of your personal information at any time by contacting privacy@millerjonesinc.com. We will process your request in accordance with applicable law and our retention requirements.

9. Security Measures and Safeguards

9.1 Our Commitment to Security

We are committed to ensuring that your personal information is secure. We have implemented appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect.

9.2 Technical Security Measures

9.2.1 Encryption

• Data in transit: We use Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers
• Data at rest: Sensitive data stored in our systems is encrypted using industry-standard encryption algorithms

9.2.2 Access Controls

• Role-based access control (RBAC) limiting access to personal data based on job function
• Multi-factor authentication (MFA) for administrative access
• Unique user credentials and strong password requirements
• Regular access reviews and prompt removal of access for terminated employees

9.2.3 Network Security

• Firewalls and intrusion detection/prevention systems
• Regular security patching and updates
• Network segmentation to isolate sensitive systems
• Virtual Private Network (VPN) requirements for remote access

9.2.4 Data Pseudonymization and Minimization

• Pseudonymization of personal data where feasible
• Collection and retention of only necessary data
• Regular data audits to identify and remove unnecessary information

9.3 Physical Security Measures

• Secure data centers with restricted physical access
• 24/7 monitoring and surveillance systems
• Background checks for personnel with physical access to data storage facilities
• Environmental controls to protect against hardware failure

9.4 Organizational Security Measures

9.4.1 Privacy by Design

• Privacy considerations integrated into system design and development
• Data Protection Impact Assessments (DPIAs) for high-risk processing activities
• Regular privacy reviews of new products and services

9.4.2 Employee Training

• Mandatory privacy and security training for all employees
• Specialized training for personnel handling personal data
• Regular updates on emerging threats and best practices
• Confidentiality agreements and security policies

9.4.3 Vendor Management

• Security assessments of third-party service providers
• Contractual obligations requiring appropriate security measures
• Regular audits and compliance reviews
• Data processing agreements compliant with GDPR requirements

9.5 Incident Response

We maintain an incident response plan that includes:

• Procedures for detecting and responding to security incidents
• Notification protocols for affected individuals and regulatory authorities
• Forensic analysis and remediation procedures
• Post-incident review and continuous improvement

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and applicable supervisory authorities within the timeframes required by law (72 hours under GDPR, without unreasonable delay under CCPA).

9.6 Security Audits and Testing

We regularly conduct:

• Vulnerability assessments and penetration testing
• Security audits by internal and external assessors
• Compliance assessments for SOC 2, ISO 27001, and other frameworks
• Code reviews and application security testing

9.7 Your Role in Security

While we implement robust security measures, you also play a role in protecting your information:

• Use strong, unique passwords for your account
• Enable multi-factor authentication if available
• Keep your login credentials confidential
• Log out of your account when using shared devices
• Report suspicious activity to security@millerjonesinc.com

9.8 Limitations

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You provide information at your own risk.

10. Cross-Border Data Transfers

10.1 Transfer of Data Outside Your Jurisdiction

Miller Jones, Inc. is based in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States and potentially other countries where we or our service providers operate.

These countries may have data protection laws that differ from the laws of your country. However, we take measures to ensure that any such transfers comply with applicable data protection laws and that your personal information remains protected.

10.2 Transfers from the EU/EEA

For personal data transferred from the European Union, European Economic Area, or the United Kingdom to the United States or other countries, we rely on the following legal mechanisms:

10.2.1 Standard Contractual Clauses (SCCs)

We use the European Commission’s Standard Contractual Clauses (also known as Model Clauses) with our service providers and business partners. These contractual commitments have been approved by the European Commission as providing adequate safeguards for personal data transferred outside the EU/EEA.

10.2.2 Adequacy Decisions

Where applicable, we transfer data to countries that have been determined by the European Commission to provide an adequate level of data protection.

10.2.3 Supplementary Measures

In addition to SCCs, we implement supplementary technical and organizational measures, including:

• Encryption of data in transit and at rest
• Pseudonymization where appropriate
• Strict access controls and authentication requirements
• Contractual restrictions on data access by third parties
• Regular assessments of the legal environment in recipient countries

10.3 Additional Information on Transfers

You may request additional information about our international data transfers and obtain copies of relevant safeguards (such as SCCs) by contacting our Data Protection Officer at dpo@millerjonesinc.com.

10.4 Data Localization

Where required by law, we store and process personal data within specific geographic boundaries and implement appropriate controls to prevent unauthorized cross-border data transfers.

6.5 Do Not Track Signals

Some browsers have “Do Not Track” features. Our Website does not currently respond to Do Not Track signals, but we honor GPC signals as described above. purposes

12. Links to Other Websites

12.1 Third-Party Links

Our Website may contain links to third-party websites, applications, or services that are not owned or controlled by Miller Jones, Inc. These may include:

• Social media platforms (Facebook, LinkedIn, Twitter, etc.)
• Partner websites and services
• Payment processors
• Third-party tools and integrations
• Advertising networks
• Content providers

12.2 No Responsibility for Third-Party Practices

Once you leave our Website or are redirected to a third-party website, we do not have any control over that third party’s practices, and this Privacy Policy no longer applies. We are not responsible for:

• The privacy practices of third-party websites
• The protection or security of information you provide to third parties
• The content or accuracy of third-party websites
• Any losses or damages incurred through your interactions with third parties

12.3 Your Responsibility

Before providing any personal information to third-party websites:

• Review their privacy policies and terms of service
• Understand how they collect, use, and share your information
• Exercise caution and make informed decisions
• Contact the third party directly with any privacy questions or concerns

12.4 Social Media Features

Our Website may include social media features such as:

• Share buttons (Facebook, Twitter, LinkedIn)
• Embedded social media feeds
• Social login options
• Social media plugins

These features may collect your IP address, track which pages you visit on our Website, and set cookies to enable functionality. Your interactions with these features are governed by the privacy policies of the companies providing them.

12.5 Integrated Services

When you connect third-party services or applications to your account (such as single sign-on services), you authorize us to access and use information from those services as permitted by their terms and your privacy settings. Review the permissions requested before connecting integrated services.

• Monitor their compliance with applicable privacy laws

13. Contact Information and Data Protection Officer

13.1 General Privacy Inquiries

For questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact us:

Miller Jones, Inc.
Attn: Privacy Team
5930 LBJ Freeway, Suite #250
Dallas, Texas 75240

Email: privacy@millerjonesinc.com
Phone: +1 972.239.5322
Website: www.millerjonesinc.com/privacy-contact

13.2 Data Protection Officer (DPO)

Our Data Protection Officer oversees our privacy compliance program and is available to address privacy-related questions and concerns:

Data Protection Officer
Miller Jones, Inc.
5930 LBJ Freeway, Suite #250
Dallas, Texas 75240

Email: dpo@millerjonesinc.com
Phone: +1 972.239.5322

13.3 EU/UK Representative

For individuals located in the European Union or United Kingdom, we have designated an EU/UK representative you may contact regarding GDPR matters:

[If applicable, insert EU/UK Representative contact details]

13.4 Response Times

We aim to respond to all privacy-related inquiries within:

• General inquiries: 5-7 business days
• Rights requests (GDPR): Within one month (may extend to 3 months for complex requests)
• Rights requests (CCPA): Within 45 calendar days (may extend to 90 days with notice)
• Security incidents: As required by law and our incident response procedures

14. Your Right to Lodge Complaints with Regulatory Authorities

14.1 GDPR – EU/EEA Residents

If you are located in the European Union, European Economic Area, or United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data in violation of GDPR.

14.1.1 Supervisory Authorities

You may file a complaint with the data protection authority in:

• The EU member state where you habitually reside
• The EU member state where you work
• The EU member state where an alleged infringement of GDPR occurred

List of EU/EEA Supervisory Authorities:
A complete list of EU data protection authorities can be found at:
https://edpb.europa.eu/about-edpb/board/members_en

UK Information Commissioner’s Office (ICO):
Website: https://ico.org.uk
Phone: 0303 123 1113
Online: https://ico.org.uk/make-a-complaint

14.1.2 Direct Resolution

While you have the right to lodge a complaint with a supervisory authority at any time, we encourage you to contact us first at dpo@millerjonesinc.com so we can attempt to resolve your concerns directly.

14.2 CCPA – California Residents

If you are a California resident and believe we have violated your rights under the California Consumer Privacy Act (CCPA), you may file a complaint with:

California Privacy Protection Agency (CPPA)
Website: https://cppa.ca.gov
Email: complaints@cppa.ca.gov
Phone: [CPPA Phone Number when available]
Mail: California Privacy Protection Agency, 2101 Arena Boulevard, Sacramento, CA 95834

Online Complaint Form:
https://cppa.ca.gov/complaints

California Attorney General’s Office
Website: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
Phone: (916) 210-6276

14.3 Other U.S. State Privacy Laws

If you are a resident of another U.S. state with privacy laws (such as Virginia, Colorado, Connecticut, or Utah), you may have the right to file complaints with your state’s Attorney General or designated enforcement authority.

14.4 Federal Trade Commission (FTC)

U.S. consumers may also file complaints with the Federal Trade Commission regarding unfair or deceptive privacy practices:

Federal Trade Commission
Website: https://reportfraud.ftc.gov
Phone: 1-877-FTC-HELP (1-877-382-4357)
Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.5 Right to Judicial Remedy

In addition to administrative complaints, you may have the right to seek judicial remedies for violations of your privacy rights under applicable law, including:

• Compensation for damages resulting from GDPR violations (Article 82)
• Private right of action under CCPA for data breaches involving unencrypted or unredacted personal information
• Other remedies available under applicable state and federal laws

14.6 No Retaliation

We will not retaliate against you in any way for filing a complaint with a regulatory authority or exercising your legal rights. Any such retaliation would violate applicable privacy laws and our internal policies.

15. Do Not Sell or Share My Personal Information (California Residents)

15.1 Your Right to Opt-Out

California residents have the right to opt out of the “sale” or “sharing” of their personal information under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Important: We do not sell personal information in exchange for money. However, under CCPA’s broad definition, “sharing” personal information with third parties for cross-context behavioral advertising (also known as targeted advertising) may be considered a “sale” or “sharing” under the law.

15.2 How to Opt-Out

You can exercise your right to opt out through any of the following methods:

15.2.1 Online Request

Click the “Do Not Sell or Share My Personal Information” link located in the footer of our Website and follow the instructions to submit your request.

15.2.2 Email

Send an email to privacy@millerjonesinc.com with the subject line “CCPA Opt-Out Request” and include:

• Your full name
• Email address associated with your account
• A statement that you wish to opt out of sale/sharing of your personal information

15.2.3 Phone

Call us at +1 972.239.5322 and request to opt out of the sale or sharing of your personal information.

15.2.4 Mail

Send a written request to:
Miller Jones, Inc.
Attn: CCPA Opt-Out Request
5930 LBJ Freeway, Suite #250
Dallas, Texas 75240

15.2.5 Global Privacy Control (GPC)

We recognize and honor Global Privacy Control (GPC) signals. If your browser or browser extension sends a GPC signal, we will treat it as a valid request to opt out of sale/sharing.

15.3 Processing Your Opt-Out Request

• No account required: You do not need to create an account to submit an opt-out request
• Minimal verification: We may ask basic identifying questions but will not require you to verify your identity for opt-out requests
• Processing time: We will process your opt-out request within 15 business days
• Confirmation: We will send confirmation once your opt-out request has been processed

15.4 Effect of Opting Out

Once you opt out:

• We will stop sharing your personal information for targeted advertising purposes going forward
• Third-party cookies and tracking technologies for advertising will be disabled on your browser
• You may still see advertising, but it will not be targeted based on your personal information
• Your opt-out preference will be tied to your browser/device, so you may need to opt out again if you use a different browser or device

15.5 Opt-Out Preference Signals

We honor the following opt-out preference signals:

• Global Privacy Control (GPC)
• Other legally recognized opt-out mechanisms as they become available

15.6 No Discrimination

We will not discriminate against you for exercising your right to opt out, including by:

• Denying goods or services
• Charging different prices or rates
• Providing different levels or quality of goods or services
• Suggesting you will receive different prices, rates, or quality

15.7 Authorized Agents

You may authorize another person (an authorized agent) to submit an opt-out request on your behalf. The authorized agent must:

• Provide proof of their authorization
• Submit the request through one of the methods described above

For opt-out requests, we do not require you to verify your identity directly if a valid authorized agent submits the request with proper documentation.

15.8 Minors Under Age 16

We do not knowingly sell or share the personal information of consumers under 16 years of age without affirmative authorization or, for consumers under 13, parental consent.

16. Changes to This Privacy Policy and Version History

16.1 Policy Updates

We review and may update this Privacy Policy periodically to reflect:

• Changes in our data practices or business operations
• New features, products, or services
• Changes in applicable privacy laws and regulations
• Technological developments
• Feedback from users and regulators
• Industry best practices

16.2 Update Schedule

• We review this Policy at least annually
• Material changes will be communicated prominently
• The “Last Updated” date at the top of this Policy reflects the most recent revision

16.3 How We Notify You of Changes

When we make material changes to this Privacy Policy, we will notify you by:

16.3.1 Website Notice

Posting a prominent notice on our Website homepage for at least 30 days

16.3.2 Email Notification

Sending an email to the address associated with your account (if you have provided one) at least 30 days before the changes take effect

16.3.3 In-Product Notifications

Displaying notices within our services or applications

16.3.4 Updated “Last Updated” Date

Changing the date at the top of this Policy

16.4 Material vs. Non-Material Changes

Material changes include:

• Changes to the categories of personal information we collect
• New purposes for which we use personal information
• New categories of third parties with whom we share information
• Changes that reduce your privacy rights or protections
• Changes to data retention periods
• Changes to international data transfers

Non-material changes include:

• Clarifications of existing practices
• Formatting or organizational changes
• Updates to contact information
• Minor grammatical or typographical corrections

We may make non-material changes without prior notice, though we will still update the “Last Updated” date.

16.5 Your Acceptance of Changes

By continuing to use our Website or services after we post or communicate changes, you accept the updated Privacy Policy. If you do not agree with the changes:

• You may close your account and stop using our services
• You may exercise your rights to delete your personal information
• You may contact us to discuss your concerns

For material changes that require additional consent under applicable law, we will obtain your express consent before applying the changes to your personal information.

16.6 Version History

We maintain a version history of this Privacy Policy. You may request access to previous versions by contacting privacy@millerjonesinc.com.

Current Version: 2.0
Effective Date: October 15, 2025
Previous Version: 1.0 (Effective January 1, 2024)

16.7 Archived Versions

Previous versions of this Privacy Policy are available upon request for your review and records.