TAB PRIVACY POLICY

Effective (last updated) Date: December 15, 2025

We, TAB Products Co. LLC (collectively with its affiliates, “TAB”, “we,” “us”, “our”) provide the following notice regarding our data practices:

Section A of this Privacy Policy describes our collection, use, and disclosure of Consumers’ (individuals acting in an individual or household context but only for goods and services) Personal Information or Personal Data (collectively “Personal Data”) as those terms are defined under applicable law. Personnel may contact their local human resources (“HR”), or contact us as set forth in Section E, for the applicable HR privacy notice(s), if any.

Section B of this Privacy Policy applies to all users of, and visitors to, our online services (including websites and emails) that post a link to this notice (“Online Services”) (the “U.S. Online Privacy Notice. Do not use our Online Services if you do not accept our data practices as described in the U.S. Online Privacy Notice and agree to our Terms of Use.

https://tab.com/

https://recordsmanagement.tab.com/

https://storage.tab.com/

https://smartlockers.tab.com/

https://fusionrms.tab.com/

https://shoptab.com/

https://shoptab.ca/

https://shopjetersystems.com/

https://inhealthrecords.com/

https://www.tabquik.com/ 

Section C of this Privacy Policy describes Consumers’ privacy rights when available to the Consumer under applicable law. Our application of the rights in this section to residents of other jurisdiction is discretionary.

Section D includes information regarding changes to these policies and Section E lists our contact information.

Collectively, Sections A-E are our “Privacy Policy.” Additional notices may be made at the point of collection, in which case those will supplement this Privacy Policy and govern that collection in the event of a conflict with this main Privacy Policy. Capitalized terms used but not defined herein will have the meanings given to them in applicable laws where we are subject to such laws, which may differ from one applicable jurisdiction to another.

To see and print our full Privacy Policy, click here . You can also request disability access assistance by contacting us as set forth in Section E.

A. Data Practices Notice

This Data Practices Notice is designed to provide Consumers as defined under applicable law, with notice of our Personal Data practices from the prior 12 months (from the Effective Date), including through TAB online and offline business activities (the “Business Activities”).

If TAB’s processing materially changes between updates to this Data Practices Notice, TAB will provide a supplemental notice when or before the changes apply. Otherwise, this U.S. Privacy Policy serves as our notice at collection (i.e., pre-collection notice).

1. Notice of Collection and Privacy Practices

This Data Practices Notice does not apply to data that is collected in a HR context. If you are a current or former employee, independent contractor, intern, job applicant, or if we have collected data from you or about you otherwise in the HR context (e.g., emergency contact or beneficiary information) (“Personnel”), and are currently residing in a jurisdiction that requires HR privacy notices, you may request notice of our HR privacy practices by contacting your local HR representative, or contact us as set forth in Section E.

This Data Practices Notice does not apply to data that is not treated as Personal Data, or to the extent the data is subject to an exemption, under applicable law.

Generally, the processing purposes for which we collect, retain, use, disclose and otherwise Process your Personal Data in connection with our Business Activities, including to provide you, or to promote, our products and services and as otherwise related to the operation of our business, which includes both Business Purposes, and Commercial Purposes such as Sharing with Third-Party Digital Businesses, each as more fully explained in Section A.2 below.  This may include disclosing or otherwise making available Personal Data to our vendors that perform services for us in their role as “Service Providers” or “Processors”, as the terms are defined under applicable law (collectively, “Processors”), as well as to third parties, each as more fully explained in Section A.3 below.

The categories of sources from which we Collect your Personal Data include:  you, other Consumers, your employer (in the business-to-business context), our Processors, other of our vendors and Third Parties, including Third-Party Digital Businesses (defined below).

To learn about your privacy rights and how to exercise them see Section C.

2. Personal Data Processing Purposes

Generally, we collect, retain, use, and disclose your Personal Data to provide you our products and services, or information about them, and as otherwise related to the operation of our business, including for one or more of the following “Business Purposes”:

  • Providing Products or Services: Operating or distributing products and services, processing or fulfilling transactions, administering accounts, providing customer service, verifying customer information, and processing payments.
  • Managing Interactions and Transactions: Performing services on behalf of the business, including maintaining or servicing accounts and providing customer service, verifying customer information, processing payments, providing analytics services, and customizing your experience, offers and content.
  • Security and Debugging: Helping to ensure the security and integrity of our systems and data to the extent the use of the Consumer’s Personal Data is reasonably necessary and proportionate for these purposes. Debugging to identify and repair errors that impair existing functionality.
  • Advertising and Marketing: Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with applicable law. Short-term transient use including, but not limited to, for providing advertising and marketing services, except for cross-context behavioral advertising (i.e., targeted advertising), which is a separate commercial purpose described below for which there is a right to opt-out). Customizing your experience, offers, and content.
  • Quality Assurance: Undertaking activities to verify or maintain the quality or safety of our products and services, and to improve, upgrade, or enhance our products or services.
  • Research and Development: Undertaking internal research for technological development and demonstration.
  • Operation of our Business: For our additional legitimate Business Purposes that are compatible with the purposes of collecting your Personal Data and that are not prohibited by law in the context that is not a “Sale,” “Share” or “Targeted Advertising” under applicable law, such as disclosing it to a person that processes Personal Data on our behalf, such as our Processors, to the Consumer, or to other parties at the Consumer’s direction or through the Consumer’s action; for additional purposes explained at the time of collection (such as in the applicable privacy policy or notice); as required or permitted by applicable law; to the government or private parties, including litigants, to comply with law or legal process or to protect or enforce legal rights or obligations or prevent harm; and to assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”) or otherwise with your consent (“Additional Business Purposes”). Subject to restrictions and obligations under applicable law, our Processors may also use your Personal Data for Business Purposes and other purposes permitted by law and may engage their own vendors to enable them to perform services for us.

For more detail on processing purposes and activity details in connection with our Online Services, see Section B, below.

We may also use and disclose your Personal Data, regardless of the other purposes for which we collect it, for “Commercial Purposes,” which may be considered a “Sale” or “Share” or “Targeted Advertising” under applicable law, when Third-Party Digital Businesses collect your Personal Data, including via third-party cookies, or we otherwise make it available to them. Under applicable law some of these processing disclosure activities do not qualify as Business Purposes disclosures and are subject to a right to opt-out.  The specific purpose for this Selling or Sharing is to help us and others provide you with more relevant content and marketing messages (e.g., Targeted Advertising), and related activities and when we and third parties process your Personal Data for certain advertising purposes (e.g., creating profiles and inferences, measurement, some types of analytics, conversion tracking, audience extension, etc.) and the parties we disclose it to are detailed, by type of Personal Data, in Section A.3 below. For more information on the meaning of Selling, Sharing, and Targeted Advertising and how to adjust your preferences with respect to such processing, please refer to the Do Not Sell/Share/Target Opt-out subsection of the State Privacy Rights Section.

The Business Purposes and Commercial Purposes for processing described above may apply to all categories of your Personal Data, other than Sensitive Personal Data (defined below), but we detail our disclosures (including Selling and Sharing), and also detail our Sensitive Personal Data processing purposes, by Personal Data type in the chart that follows in the next section for additional transparency.

3. Collection, Disclosure and Retention of Personal Data – By Category of Personal Data

The table below describes the categories of Personal Data that may be collected, along with examples of data types that may fall within each category, and the corresponding categories of recipients to whom such Personal Data may be disclosed for Business Purposes and/or Sale or Share, where applicable. For Sensitive Personal Data, the table identifies the processing purposes for each applicable category.

 

Category of Personal Data Examples of Personal Data
Collected and Retained		 Categories of Recipients
Identifiers First and last name, postal address, unique personal or online identifier, IP address, email address, and account name.

Certain identifiers (such as name, contact details, and account credentials) are collected only where a user voluntarily creates an account (e.g., on e-commerce sites). IP addresses and similar online identifiers may be collected automatically when users interact with our websites.

 Disclosures for Business Purposes:

  • Processors (e.g., cloud storage vendors, IT vendors, email/messaging, customer support providers, data analytics and marketing vendors)(“Operational Vendors”);
  • Other members of our corporate group, and/or other parties in connection with a Corporate Transaction (“Corporate Recipients”);
  • Governmental entities (e.g., making requests pursuant to legal or regulatory process)(“Government”); and/or
  • Other parties (e.g., professional advisors (accountants and lawyers),  litigants and where you have directed or caused the disclosure) within the limits of Additional Business Purposes (“Other Business Recipients”).

Sale/Share: None
Personal Records Name, signature, address, telephone number, financial information (e.g., payment card information). Some Personal Data included in this category may overlap with other categories.

Such information is collected only where a user voluntarily establishes an account (e.g., on e-commerce sites). Payment card information is processed by third-party payment processors and is not stored by the Business after completion of the transaction.

 Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Personal Characteristics or Traits In some circumstances, we may collect Personal Data that is considered protected under U.S. law, such as age, gender, nationality, race, or information related to medical conditions, but only when the information is relevant for our Business Activities. We abide by the legal requirements imposed under applicable law regarding such information.

The Business does not intentionally collect such information through its websites or standard business operations.

 Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Commercial Information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

This information is collected only in connection with e-commerce transactions where a user voluntarily creates an account.

 Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Internet or Other Electronic Network Activity Information Browsing or search history, information regarding the Consumer’s interaction with online services or advertisements.

Such information is collected through website analytics tools and is typically associated with an IP address rather than a directly identified individual.

 Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Geolocation Data If you interact with us online, we may gain access to the approximate location of the device you are using, such as a location derived from an IP address, and we do not intentionally collect precise geolocation data. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Audio, Electronic, Visual, or Sensory Information Such as CCTV recordings in our offices and customer service recordings.

This information is collected only in limited, non-website contexts and where permitted by applicable law.

 Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Professional or Employment Information The Business does not collect professional, educational, or employment-related information through its public websites Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Inferences from Personal Data Collected Inferences drawn from Personal Data to create a profile about a consumer reflecting their preferences.

The Business does not draw inferences or create profiles about individuals’ preferences or characteristics based on Personal Data

 Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None

 
The table below describes the categories and examples of Sensitive Personal Data that may be collected and the processing purposes for and recipients of the same.

Category of Sensitive
Personal Data		 Examples of Sensitive
Personal Data		 Processing Purpose(s) Categories of Recipients
Government Issued Identifiers Social Security number, driver’s license, state identification card, or passport information The Business does not collect government-issued identifiers. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Account Log-in Username and password to online account with TAB To authenticate users and provide access to online accounts where a user voluntarily creates an account (e.g., e-commerce sites). Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Financial Data Your account log-in, financial account, debit or credit card number in combination with any required security or access code, password, or credentials allowing access to an account The Business does not store financial account numbers or payment card information. Payment information is processed directly by third-party payment processors. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Precise Geolocation Any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of between 1,750 – 1,850 feet. Precise geolocation may include, but is not limited to, GPS that provides the Consumer’s latitude and longitude coordinates. The Business does not collect precise geolocation data. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Sensitive Personal Characteristics A Consumer’s racial or ethnic origin, citizenship or immigration status, religious, or union membership] The Business does not collect sensitive personal characteristics. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Communication Content The contents of a consumer’s mail, email, and text messages, other than where Business is the intended recipient of the communication To receive and respond to communications where the Business is the intended recipient. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Biometric Data The processing of biometric information The Business does not collect or process biometric data. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Health Data (Including Consumer Health Data) Personal Data collected and analyzed concerning a Consumer’s health, medical history, mental or physical health, diagnosis/condition, and medical treatment The Business does not collect or process health or medical information. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None
Children’s Data Processing of Personal Data of / from a child The Business does not knowingly collect Personal Data from children, and its websites and services are not directed to children. Disclosures for Business Purposes:

  • Operational Vendors;
  • Corporate Recipients;
  • Government; and/or
  • Other Business Recipients.

Sale/Share: None

 

There may be additional information we collect that meets the definition of Personal Data under applicable  law but is not reflected by a category above, in which case we will treat it as Personal Data as required, but will not include it when we describe our practices by Personal Data category. As permitted by applicable law, we do not treat deidentified or aggregate data as Personal Data and we reserve the right to convert, or permit others to convert, your Personal Data into deidentified or aggregate data, and may elect not to treat publicly available information as Personal Data. We will not attempt to reidentify data that we maintain as deidentified.

Because there are numerous types of Personal Data in each category, and various uses for each Personal Data type, actual retention periods vary by purpose not by data type and, accordingly, the retention periods cannot be meaningfully provided by category of Personal Data. We retain specific Personal Data pieces based on how long we have a legitimate purpose for the retention, which includes the period of time we need to process the Personal Data to meet the processing purposes, plus limited retention thereafter to comply with law, maintain business and legal records and defend or bring potential legal claims.

B. U.S. Online Privacy Notice

This U.S. Online Privacy Notice applies to all users of our Online Services, regardless of if you are a resident of a state with applicable law. Section B.6 applies only to users from outside of the U.S. This U.S. Online Privacy Notice is a supplement to our other privacy policies and notices, and is part of our main Privacy Policy. In the event of a conflict between any other TAB policy, statement, or notice and this U.S. Online Privacy Notice, this notice will prevail as to data collected by our Online Services, except where additional notices are posted at collection that are said to modify or supplement this notice.

This U.S. Online Privacy Notice applies to “Online Services Personal Data,” which is Personal Data that is collected through the Online Services. To the extent we combine your Online Services Personal Data with data we receive outside of the Online Services or with deidentified data, we will treat the combined data as Online Services Personal Data and apply this U.S. Online Privacy Notice to such combined data, unless we have disclosed otherwise. As permitted by applicable law, we do not treat Online Services Personal Data that has been deidentified or aggregated as Personal Data and we reserve the right to convert, permit others to convert, your Online Services Personal Data into deidentified or aggregate data. We will not attempt to reidentify data that we maintain as deidentified.

1. Data We Collect

TAB and the third parties we have retained to perform or provide certain services or functions to us (“Vendors”) collect Online Services Personal Data in a number of ways:

a. Data That You Provide

The Online Services are publicly available. We collect Online Services Personal Data from you when you interact with, or submit your data through, the Online Services, such as when you fill out forms (e.g., Contact Us form); correspond with us by phone, e-mail or otherwise; subscribe to notifications (e.g., email alerts); search for content; interact with our social media functions on the Online Services; and when you report a problem with our Online Services. The Online Services Personal Data you give us may include, but is not limited to, your name, address, email address, phone number, the content of your communication, and any other data you choose to provide to us. You are responsible for ensuring the accuracy of the data you submit to TAB. Inaccurate data may affect your ability to use the Online Services, the data you receive when using the Online Services, and our ability to contact you. For example, your email address should be kept current.

b. Other Data Collected About You

When you access or use the Online Service, TAB, our Vendors, and/or third-party websites, apps, locations, platforms, code (e.g., plug-ins, application programming interfaces (“API”), or other services (each a “Third-Party Services”), may automatically collect the following data (note, however, that the privacy policy of that Vendor and/or Third-Party Service also apply to your interaction):

  • Usage data, including the URL from which you linked to the Online Service, how you use and interact with the Online Service, what pages you visit, and which hyperlinks you click. We and others may collect usage data to analyze usage trends to understand how individuals use the Online Service to help us improve the user experience, better serve you more relevant content and ads, and to provide customer assistance and technical support.
  • Technical data, including data regarding your Internet Protocol (“IP”) address, device type, device operating system, browser type you use to access the Services, the unique device identifier (“UDID”) or mobile equipment identifier (“MEID”) for your mobile device, and other data (“Device Identifiers”). We and others may use such Device Identifiers to associate data collected via different devices, or during separate interactions with us on the Online Services on the same device.
  • Data about you from cookies and other similar tracking technologies (e.g., pixels, embedded scripts, etc.), which may be considered Personal Data under applicable laws, to distinguish you from other users of the Online Service, to improve your experience on and off of the Online Service, including to serve you more relevant content and ads, to improve the Online Service, and our other products and services, and for other functions.

TAB, and our Vendors and Third Party Services, may use cookies and other tracking technologies to help us collect data about interactions with the Online Service, other online services, and/or our emails, including data about your browsing and information or service request behaviors. These methods enable TAB to serve you better and more efficiently, and to personalize your experience.

  • Cookies. A cookie is a small text file that is stored on a user’s device, which may be session ID cookies or tracking cookies. Session cookies make it easier for you to navigate the Online Services and expire when you close your browser. Tracking and other persistent cookies remain longer and help in understanding how you use the Online Services, enhance your user experience, and perform other functions such as facilitating analytics and Targeted Advertising and remembering you and your preferences when you return. Persistent cookies may remain on your device for an extended time. The Online Services may associate some or all types of these cookies with your devices.  If you use your browser’s method of blocking or removing cookies, some but not all types of cookies may be deleted and/or blocked, which may cause some Online Services features and functionalities to not work.
  • Web Beacons/Tracking Pixels (“Pixels”). Pixels are small graphic images, also known as “Internet tags” or “clear gifs”, embedded in webpages and e-mail messages. Pixels may be used, without limitation, to count the number of visitors to the Online Services, to monitor how users navigate the Online Service, to determine if our emails are opened, and to count content views.
  • Embedded Scripts. An embedded script is programming code designed to collect information about your interactions with the Online Services. It is temporarily downloaded onto your device from TAB’s web server, or from a third party with which TAB works, and is active only while you are connected to the Online Services and deleted or deactivated thereafter.
  • Location-Identifying Technologies. Our Online Services may provide you the ability to enable location-identifying technologies. To stop utilizing, or to change the settings with respect to location-identifying technologies, you can change your device or browser preference settings.
  • Device Recognition Technologies. Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID) that attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household) (“Cross-device Data”).
  • Device and Activity Monitoring and Session Replay. Technologies that monitor, and may record, certain of your interactions with the Online Services, including without limitation, keystrokes, and/or collect and analyze information from your device, such as, without limitation, your operating system, plug-ins, system fonts, and other data, for purposes such as identification, security, fraud prevention, troubleshooting, tracking and/or improving the Online Services and customizing or optimizing your experience on the Online Services.

We are giving you detailed notice of the tracking technologies and your choices regarding them so that your consent is meaningfully informed.  For information on how to exercise preferences as to our features, functionality, and communications, see the Choices: Tracking and Communications Options section below.  For more information on Third-Party Services’ data collection and practices, and the choices they may offer you, please refer to the Third Party Services section below.

c. Data We Receive From Other Than Via the Online Services

TAB may receive Online Services Personal Data about you from third parties, including your contacts and others who use the Online Services, when they submit data to us or otherwise interact with the Online Services. We may also collect Online Services Personal Data and other Personal Data about you from other sources, including from companies that can help us correct or supplement our records, improve the quality or personalization of our Online Services to you, and help prevent or detect fraud. To the extent we combine your Online Services Personal Data with other data, we will treat it as Online Services Personal Data and apply this U.S. Online Privacy Notice to such combined data, unless we have disclosed otherwise.

2. How We Use Your Online Services Personal Data

TAB may use data about you, including Online Services Personal Data, for any purposes not inconsistent with TAB’s statements under this U.S. Online Privacy Notice, or otherwise made by us in writing at the point of collection, to the extent permitted by applicable law including, without limitation, the following:

  • To operate and improve our Online Services;
  • To display content (e.g., reviews) you post or otherwise submit;
  • To provide you with information, products and services you request, view, or engage with;
  • To communicate with you regarding information, products and services you request, view, or engage with;
  • To send you offers and promotions for our products and services or third-party products and services;
  • To facilitate, manage, personalize and improve your online experience;
  • To market our products and services, including by providing you with advertising based on your activity on the Online Services and on third-party websites and applications and to operate contests, sweepstakes and other promotions;
  • To send you notices to inform you about important changes and updates to the Online Services;
  • To operate, optimize, analyze the use of, improve and enhance the Online Services, including by using survey, research and analytics tools;
  • For auditing, compliance and legal purposes, to protect the rights and property of TAB, its partners and customers and other users of the Online Services and to investigate potential violations of and to enforce our Terms of Use
  • To detect, investigate and prevent activities that may violate our policies, pose safety issues or be fraudulent and illegal;
  • To respond to requests from legal and regulatory enforcement authorities, as appropriate and to the extent permitted or required by law; and/or
  • For all other purposes related to our business that are reasonably proportional to the forgoing purposes, or otherwise subject to your consent.

3. How We Disclose Your Online Services Personal Data

We may disclose your Online Services Personal Data as described in Section A (U.S. Privacy Policy) of our Privacy Policy, and for any purpose not inconsistent with our statements under this U.S. Online Privacy Notice, or statements otherwise made by us in writing at the point of collection and not prohibited by applicable law. We disclose Online Services Personal Data to Vendors. Other instances when we may disclose any Online Services Personal Data to outside parties include:

  • When we reasonably believe that such disclosure is permitted or required by law or pursuant to legal process or is necessary in connection with actual or threatened litigation or to protect TAB or third parties.
  • We may disclose your Online Services Personal Data to third parties in connection with a Corporate Transaction, such as the sale, purchase, merger, reorganization, liquidation, or dissolution of TAB, or under similar circumstances.
  • In connection with the purposes set forth in the How We Use Your Online Services Personal Data section, above.

4. Choices: Tracking and Communications Options

a. Tracking Technologies Generally

Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options, so you may need to set them separately. Please be aware that if you disable or remove these technologies, some parts of the Online Services may not work and that when you revisit the Online Services. Your ability to limit browser-based tracking technologies is subject to your browser settings and limitations.  Accordingly, you may want to consider the more limited opt-out choices noted in the next section.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, TAB currently does not alter TAB’s practices when TAB receives a “Do Not Track” signal from a visitor’s browser. However, we do honor browser signals known as “Global Privacy Controls” and provide cookie preference tools on our Online Services as more fully explained in the Do Not Sell/Share/Target Opt-out subsection of the State Privacy Rights Section.

Some third parties, however, may offer you choices regarding their tracking technologies. For specific information on some of the choice options offered by third party analytics and advertising providers, see the next section. We do not represent that these third-party tools, programs or statements are complete or accurate.

You will need to set preferences on each device that you use to access our Online Services and clearing cookies on your browser(s) may disable some preference settings.

b. Analytics and Advertising Tracking Technologies

TAB may engage and work with Vendors and other third parties to serve advertisements on the Online Services and/or on other online services. Some of these ads may be tailored to your interest based on your browsing of the Online Services and elsewhere on the Internet, which may include use of precise location and/or Cross-device Data, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”). This may include sending you an ad on another online service after you have left our Online Services (i.e., “retargeting”).

You may choose whether to receive some Interest-based Advertising by submitting opt-outs through the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, including use of Cross-device Data for serving ads, visit http://www.aboutads.info/choices/, Please be aware that, even if you opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads, including Targeted Advertising.  Opting out only means that those selected DAA members should no longer deliver certain Interest-based Advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks) or have your Personal Data Sold, Shared or Processed for Targeted Advertising.  Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser, your DAA browser-based opt-out may not, or may no longer, be effective. TAB supports the DAA’s Self-regulatory Principles for Online Behavioral Advertising and expects that ad networks TAB directly engages to serve you Interest-based Advertising will do so as well, though TAB cannot guaranty their compliance.  Also note that the DAA program is national and not the same as Do Not Sale/Share/Target Opt-out Rights under applicable law  Residents of states with applicable law have broader opt-out rights that will more effectively limit Targeted Advertising, as more fully explained in the Do Not Sell/Share/Target Opt-out subsection of the State Privacy Rights Section.

In addition, we may serve ads on other online services that are targeted to reach people on those services that are also identified on one of more of our data bases (“Matched List Ads”). This is done by using tracking technologies or by matching common factors between our databases and the databases of the other online services. For instance, we may use such ad services offered by Meta (Facebook and Instagram) or X (f/k/a Twitter) and other Third-Party Services, which may offer user controls that you can use to limit Matched List Ads. We are not responsible for these Third-Party Services, including without limitation their security of the data or their failure to comply with your or our opt-out instructions, they may not give us notice of opt-outs to our ads that you give to them, and they may change their options without notice to us or you.

TAB may use Google Analytics or other Vendors for analytics services. These analytics services may use cookies and other tracking technologies to help TAB analyze users and how they use the Online Services. Data generated by these analytics services (e.g., your IP address and usage data) may be transmitted to and stored by these Vendors on servers in the U.S. (or elsewhere) and these Vendors may use the data for purposes such as evaluating your use of the Online Services, compiling statistic reports on the Online Services’ activity, and providing other services relating to Online Services activity and other Internet usage. TAB is not responsible for, and makes no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Vendors and Third-Party Services associated with the Online Services, and encourages you to familiarize yourself with and consult their privacy policies and terms of use.

You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.

TAB is not responsible for effectiveness of, or compliance with, any third parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

Residents of certain U.S. states have additional, more comprehensive, rights more fully explained in the Do Not Sell/Share/Target Opt-out subsection of the State Privacy Rights Section.

c. Communications

You can opt-out of receiving certain promotional communications (emails or text messaging) from us at any time, as applicable.

  • Promotional Emails. To opt out of promotional emails, follow the instructions provided in emails or by clicking on the “Unsubscribe” link, or if available by changing your communication preferences by logging into your account.
  • Text Messages. To opt out of receiving our text messages, text the word “STOP” in response to a text we send you and follow any other opt-out instructions provided in the text messages we send you.
  • Apps. To stop receiving app notifications, turn off the app push notifications on the settings of your device and/or the app.

Please note that your opt-out is limited to the email address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt-out of receiving promotional communications, we may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or our ongoing business relations.

d. Mobile App Features and Functionality

Our mobile application (“App”) processes the personal information outlined in Section B.1. of this Privacy Policy, except for [e.g., Audiovisual or Similar Information].  The App’s features and functionality, and its related data collection, can be terminated by uninstalling the App. You may also delete your Account within the App. The deletion of your Account will delete, subject to certain exceptions, the personal information processed through the App including information obtain via Meta Platform tools. You can also Contact Us [link] to request deletion of your Account. You can use the App’s or your device’s settings to set and change some settings and control some functions, such as enabling or disabling certain features (e.g., “tracking”, Bluetooth, location-based services, push notifications, etc.).

5. Third Party Services

This U.S. Online Privacy Notice only applies to the processing activities of TAB through the Online Services. The Online Services may include or link to third-party websites, apps, locations, platforms, code (e.g., plug-ins, application programming interfaces (“API”), or other services (“Third-Party Service(s)”). These Third-Party Services may use their own cookies, web beacons, and other tracking technologies to independently collect data about you and may solicit Personal Data from you.

Certain functionalities on the Online Services permit interactions that you initiate between the Online Services and certain Third-Party Services, such as third-party social networks (“Social Features”). If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the Online Services or by the Third-Party Service that you use. Similarly, if you post information on a Third-Party Service that references the Online Services (e.g., by using a hashtag associated with TAB in a post or status update), your post may be used on or in connection with the Online Services or otherwise by TAB. Also, both TAB and the third party may have access to certain data about you and your use of the Online Services and any Third-Party Service.

If you follow a link to any Third-Party Services (including the “Careers” website that is linked on the Online Services, which is hosted by a third party), please note that those websites have their own privacy statements and that we do not accept any responsibility or liability for those practices. Please check the privacy statements, terms of use and other notices posted by those other third parties before visiting the third party’s website or submitting any personal data via Third-Party Services.

6. Additional Notices for Users Outside of the U.S.

All non-U.S. Users:  We are based in the U.S. and the information we and our Vendors collect via the Online Services is governed by U.S. law. If you are accessing our Online Services from outside of the U.S., please be aware that information collected through the Online Services may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. Your use of the Online Services, or provision of any information, therefore, constitutes your acknowledgement of the transfer to and from, processing, usage, sharing, and storage of your information, including Personal Data, in the U.S. (and potentially other territories worldwide) as set forth in this Privacy Policy.

7. Data Retention, Security and Monitoring

TAB will retain the Online Services Personal Data that is subject to this U.S. Online Privacy Notice for as long as reasonably necessary to achieve the purpose for which you provided it, or to the extent necessary for TAB to protect its rights, or as otherwise permitted or required by applicable laws.

TAB maintains reasonable administrative, technical and physical safeguards to protect your Personal Data against loss, misuse, unauthorized access, disclosure, alteration or destruction. Nevertheless, transmission via the Internet and online digital storage are not completely secure and TAB does not guarantee the security of your Personal Data or of the Online Service.

To help protect you and others, TAB and its Vendors may (but make no commitment to) monitor use of the Online Service, and may collect and use related information for all purposes not prohibited by applicable law or inconsistent with this Privacy Policy, including, without limitation, to identify fraudulent activities and transactions; prevent abuse of, and investigate and/or seek prosecution for, any potential threats to or misuse of the Online Service; ensure compliance with the Terms of Use investigate violations of or enforce these policies; improve the Online Services and your user experiences, and to protect the rights and property of TAB, third parties, and other users.  Monitoring may result in the collection, recording, and analysis of online activity or communications through our Online Services. If you do not accept these conditions, you must discontinue your use of the Online Services.

8. Children and Teens

Our Online Services are intended for individuals who are of the age of majority in the jurisdiction in which they reside, and are not directed at, marketed to, nor intended for children or other minors.  TAB does not knowingly collect any data, including Online Services Personal Data, from children or other minors. If you believe that we have inadvertently collected data from a child under 13 years of age, please contact us, and we will take immediate steps to delete or otherwise treat the data as required by applicable law. Some applicable law provide additional consideration for children and teens. More information on the privacy of the Personal Data of / from children and, where regulated by applicable law, teens (collectively “Child-Aged”) Consumers is included in the Child-Aged Consumers of Certain States subsection of Section C (State Privacy Rights) below.

C. State Privacy Rights

Subject to meeting the requirements for a Verifiable Consumer Request (defined below) and limitations permitted by applicable law, TAB provides Consumers residing in states with applicable law to which we are subject the privacy rights described in this section.

For residents of states without applicable law, or where we are not subject to a state’s jurisdiction (e.g., we do not meet applicability thresholds), we will consider requests but will apply our discretion with respect to if and how we process such requests. We will consider applying state law rights prior to the effective date of such laws but will do so in our discretion.

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, send an email to privacy@tab.com or contact us via phone by calling 1-888-466-8228. We do not accept or process Consumer privacy rights requests through other means (e.g., via fax, chats, or social media, etc.). Please respond to any follow-up inquiries we make to help us complete your request.

1. Your Consumer Privacy Rights

Subject to state-specific conditions and limitations, we provide Consumers the following rights:

a. Right to Limit Sensitive Personal Data Processing

We only process sensitive Personal Data for purposes that are exempt from Consumer choice under applicable law. For example, we process your Personal Data to perform the services/provide the goods that you requested. If you enabled location services in our app, you can terminate that service in the app’s settings.

b. Right to Know/Access
(i) Confirm Processing

Residents of other applicable states are entitled to confirm our processing of their Personal Data. They can do so by making a Categories request.

(ii) Specific Pieces

Consumers may request to confirm if we are processing your Personal Data, and if we are, you have a right to obtain a transportable copy, subject to applicable request limits, of your Personal Data that we have collected and are maintaining.  For your specific pieces of Personal Data, as required by applicable law, we will apply heightened verification standards. We have no obligation to re-identify data or to keep Personal Data longer than we need it or are required to by applicable law to comply with access requests.

c. Do Not Sell/Share/Target Opt-out

Consumers of certain states have a right to opt-out of Personal Data “sales”; provided, however, that Nevada residents are only entitled to the non-cookie opt-out explained below. Some states may also have an opt-out for “sharing” for cross-context behavioral advertising (i.e., the use of Personal Data derived from different businesses or services to target advertisements). Texas and Nebraska laws provide for an opt-out of Targeted Advertising (defined differently but also addressing tracking, profiling and targeting of advertisements).

Third-party digital businesses may associate cookies and other tracking technologies that collect Personal Data about you on our Online Services or otherwise collect and process Personal Data that we make available about you, including digital activity information and identifiers (“Third-Party Digital Businesses”). We understand that giving access to Personal Data on the Online Service or otherwise, to Third-Party Digital Businesses could be deemed a sale/sharing under the applicable law and as such, we will treat such Personal Data (e.g., cookie ID, IP address, and other online IDs and Internet or other electronic activity data) collected by Third-Party Digital Businesses, where not limited to acting as our Processor, as a sale/sharing that is subject to a Do Not Sell/Share/Target opt-out request under applicable law.

Opt-out for Non-Cookie Personal Data: If you would like to submit a Do Not Sell/Share/Target request for your non-cookie Personal Data (e.g., your email address), you must submit an opt-out request, as explained in the next section below.

Opt-out for Cookie Personal Data: If you would like to limit our processing of your cookie-related Personal Data for Targeted Advertising or opt-out of the Sale/Sharing of such data, you must exercise a separate opt-out request via our consent management tool, which is accessible via the “Your Privacy Choices” link on the footer of our websites. This is because we must use different technologies to apply your opt-out of cookie Personal Data and opt-out of non-cookie Personal Data. Our consent management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our Online Services you visit, from each browser you use, and on each device you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective, and you will need to enable them again via our consent management tool. Note that if you use ad blocking software, our cookie banner and/or the “Your Privacy Choices” link may not appear when you visit our Online Services.

Opt-out Preference Signals (also known as global privacy control or “GPC”): Some applicable law require us to process certain types of signals, referred to as opt-out preference signals or universal opt-out mechanism in other states, which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the sale or sharing of Personal Data, and of processing of Personal Data for Targeted Advertising, which we understand to include GPC signals.  We currently look for and recognize GPC signal and will display a message recognizing the signal.   To use a GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the GPC.  We process GPC with respect to Sales and Sharing that may occur in the context of collection of cookie Personal Data, discussed above, and apply it to the specific browser on which you enable GPC. We do not process GPC for opt-outs in other contexts (e.g., non-cookie Personal Data) because we lack the ability to match that data to your browser.

We may disclose your Personal Data for the following purposes, which are not a sale or sharing: (i) if you direct us to disclose Personal Data; (ii) to comply with a Consumer rights request you submit to us; (iii) disclosures amongst the entities that constitute TAB as defined above, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.

d. Child-Aged Consumers of Certain States

We do not knowingly Sell or Share, or use for Targeted Advertising, the Personal Data of / from Child-Aged or other similar term (as defined by the applicable State Privacy Law) Consumers who are residents of certain states, unless we receive affirmative opt-in authorization from (i) the applicable Consumer if the Consumer is at least 13 years of age and Consumer consent is required under the applicable State Privacy Law; or (ii) the parent or guardian of the Consumer if the Consumer is less than 13 years of age. If you think we may have unknowingly Sold or Shared Personal Data, or used Personal Data for Targeted Advertising, of / from a Consumer under the threshold age (as set by the applicable State Privacy Law) without the appropriate affirmative opt-in authorization, please report that to us as described in Section E.

e. Right to Delete

Consumers have the right to request that we delete any of your Personal Data that we have collected and retained, subject to certain exceptions; provided, however, that depending on where you reside, we may not be required to delete your Personal Data that we did not collect directly from you. Once we receive and confirm your Verifiable Consumer Request, we will delete (and direct our Processors / Service Providers to delete) your Personal Data, unless an exception applies.  If an exception applies, we will limit Processing to permitted purposes and to the duration of those purposes.

We may deny your request to delete your Personal Data if retaining the data is necessary for us or our Processor(s) / Service Provider(s):

  • to complete transactions and services, you have requested;
  • for security purposes;
  • for legitimate internal business purposes (e.g., maintaining business records);
  • to comply with law and to cooperate with law enforcement;
  • to exercise or defend legal claims; and
  • certain other permitted purposes under applicable law.

Please be aware that making a deletion request does not ensure complete or comprehensive removal or deletion of Personal Data or content that you may have posted.

f. Right to Correct Your Personal Data

Consumers may bring inaccuracies they find in their Personal Data that we maintain to our attention, and we will act upon such complaint as required by applicable law.

2. How to Exercise Your Consumer Privacy Rights

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, please compose an email and send it to us at privacy@tab.com to or contact us via phone by calling 1-888-466-8228. However, for cookie-data Do Not Sell/Share/Target you must exercise a separate opt-out request via our consent management tool, which is accessible via the “Your Privacy Choices” link on the footer of our websites or use GPC signals as explained in the section above.  Please respond to any follow-up inquiries we make to help us complete your request. We do not accept or process requests through other means (e.g., via fax, chats, or social media, etc.), except that notices of Child-aged Personal Data issues and general privacy inquiries may be directed to us as explained in Section E.

a. Verification of Your Request

We do not verify Do Not Sale/Share/Target opt-outs or requests to limit Sensitive Personal Data processing or withdraw consent to Sensitive Personal Data unless we suspect fraud.  As permitted or required by applicable law, any other request you submit to us must be a “Verifiable Consumer Request,” meaning when you make a request, we may ask you to provide verifying information, such as your name, email, phone number, account and/or transaction information. We will review the information you provided and may request additional information (e.g., customer history) via email or other means to ensure we are interacting with the correct individual. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correct request(s) unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected Personal Data.  Only you, or someone legally authorized to act on your behalf (your authorized agent), may make a Verifiable Consumer Request related to your Personal Data or the Personal Data of your child.

We verify each request as follows:

  • Right to Know/Access (Confirm Processing): We verify your request to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us that we have determined to be reliable for the purpose of verifying you. If we cannot do so, we will refer you to this Privacy Policy for a general description of our data practices.
  • Right to Know/Access (Specific Pieces): We verify your request to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us that we have determined to be reliable for the purpose of verifying you together with a signed declaration under penalty of perjury that you are the Consumer whose Personal Data is the subject of the request. If you fail to provide requested information, we will be unable to verify you sufficiently to honor your request, but we will then treat your request as a Right to Know (Categories) request.
  • Do Not Sell/Share/Target: No specific verification required unless we suspect fraud.
  • Limit Sensitive Personal Data Processing / Withdraw Consent: No specific verification required unless we suspect fraud.
  • Right to Delete: We verify your request to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, depending on the sensitivity of the Personal Data and the risk of harm posed by unauthorized deletion. If we cannot verify you sufficiently to honor a deletion request, you can still make a Do Not Sell/Share/Target opt-out request.
  • Right to Correct: We verify your request to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, depending on the sensitivity of the Personal Data and the risk of harm posed by unauthorized correction.

To protect Consumers, if we are unable to verify you sufficiently, we will be unable to honor your request. We will use Personal Data provided in a Verifiable Consumer Request only to verify your identity and authority to make the request and to track and document request responses unless you also gave it to us for another purpose.

b. Authorized Agent Requests

Only you, or someone legally authorized to act on your behalf, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you, in accordance with the Verification of Your Request section above, may make a Verifiable Consumer Request where we need to verify the request as explained above. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable laws.

c. Appeals

You may appeal TAB’s decision regarding a Consumer privacy rights request you submitted (or that was submitted on your behalf by your authorized agent), and if you are a resident of a state an state consumer privacy law is applicable to us, by following the instructions provided in our response to your request.

3. Response Timing and Formats

We endeavor to respond to Verifiable Consumer Requests within the applicable timeframe under the applicable law. As permitted by applicable law, if we require more time, we will inform you of the reason and extension period in writing.

Any disclosures we provide will cover the 12-month period preceding our receipt of the Verifiable Consumer Request, or longer if we are able to. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily usable and that allows you to transmit the information from one entity to another without hindrance.

We do not charge a fee to process or respond to your Verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Consistent with applicable law and our interest in the security of your Personal Data, we will not deliver you information regarding your Social Security number, driver’s license number, or other government-issued ID number, financial account number, an account password, or answers to security questions in response to a Consumer rights request; however, you may be able to access some of this information yourself through your account if you have an active account with us.

4. Non-Discrimination / Non-Retaliation

We will not discriminate or retaliate against you for exercising any of your Consumer privacy rights. Unless permitted by applicable law, we will not do the following if you exercise your Consumer privacy rights:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

5. Our Rights and the Rights of Others

Notwithstanding anything to the contrary, we may collect, use, and disclose your Personal Data as required or permitted by applicable law and this may override your rights under applicable law. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

6. Additional Notice for California Residents

California’s “Shine the Light” law (Civil Code section 1798.83) (“STL Law”) permits California residents to request certain information regarding our disclosure of personal information to third parties (including our affiliates) for those third parties’ own direct marketing purposes. We do not currently disclose personal information to third parties for their own direct marketing purposes. To make such a request to opt-out of such disclosures, please send an email to privacy@tab.com or write us at 605 4th St Mayville, WI 53050, United States. You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, the data privacy rights detailed in Section C, and must be requested separately. We will not accept Shine the Light requests by telephone or by fax and are not responsible for requests not labeled or submitted properly, or that are incomplete. You may also opt-out the sale and sharing of your Personal Data, and its processing for targeted advertising, as explained in Section C.

D. Changes to These Policies

We reserve the right to change this Privacy Policy prospectively effective upon the posting of the revised Privacy Policy. We also reserve the right to update and modify this Privacy Policy at any time without other form of notice, but from time to time, we may also notify you by email, or otherwise, when appropriate. Additional or different practices may be disclosed at the point of collection without changing the main Privacy Policy. Any modifications will apply only to Personal Data we collect after posting the updated Privacy Policy unless we obtain your consent. Please check frequently to see any updates or changes to this Privacy Policy. To the extent any provision of this Privacy Policy is found by a court of competent jurisdiction, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.

E. Contact Us

If you have any questions or comments about this Privacy Policy or the Service, please contact us at privacy@tab.com or 1-888-466-8228.