Privacy Notice

Last revised: February 3, 2026

Your privacy is important to us. This Privacy Notice explains how G2 Web Services, Inc. (d/b/a G2 Risk Solutions) and its Affiliates (as defined below) (collectively, “G2RS”, “we”, “us”, and “our”) collect, use and disclose personal data as Controller that we handle on our own behalf collected via www.g2risksolutions.com and other G2RS web properties that link to this privacy notice (collectively, the “website”). This Privacy Notice does not apply to other online services and applications operated by G2RS, and any information that we handle as a processor or service provider to our customers. We have also provided certain privacy notices applicable to G2RS customers who reside in US States that have comprehensive privacy laws, including but not limited to the California Consumer Privacy Act of 2018, as amended (“CCPA”).

In addition to G2 Web Services, Inc. this Privacy Notice applies to the following Affiliates: G2 Bankruptcy Risk Solutions, Inc., Web Shield Services GmbH, ZignSec AB, Ever Compliant Ltd., EverCompliant, Inc., Wyzer Limited, and Web Shield Services Polska z.o.o. As used herein, (a) ”Affiliate” means an entity that controls, is controlled by or under common control with G2RS; and (b) “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of voting securities, by contract or otherwise.

Use of the website constitutes your agreement to the terms of this Privacy Notice. If you do not agree with the terms of this Privacy Notice, please do not use the website.

1. Personal data we collect

When you interact with this website, we may collect certain information that can identify you either directly or indirectly (“personal data”). Where we refer to “personal data” in this Notice, this should be read as “personal information” under applicable privacy laws where such term is used. We collect and process personal data listed in the following table for the purposes stated therein:

2. Purpose of processing personal data

We collect and process your personal data for different purposes.

We describe the purpose for collecting and processing personal data, listed by categories of personal data, in the chart below. Please note that a specific piece of personal data may fall into one or more categories.

3. Legal basis for processing

We will process your personal data on our own behalf where we have a legal basis to do so. The following are the legal bases pursuant to which we process your information:

• Compliance with legal obligations—we may process your personal data as necessary to comply with the law (e.g. anti-money laundering and tax obligations).
• Contractual basis—where processing is necessary to enter into or perform a contract with you (or your organization).
• Legitimate interests—we may use your personal data where we have legitimate interests to do so. For instance, we analyze users’ behavior on the website to continuously improve it and we process information for administrative, fraud detection and other legal purposes, provided these are not overridden by your interests or fundamental rights and freedoms.
• Consent – We may process your personal data based on your consent as you will be asked to provide from time to time and which you can withdraw at any time.

4. Personal data we disclose

We do not disclose personal data that you provide to us or that we collect through the G2 Financial Verification Services application/verification process, except as described here. We may disclose personal data you provide to us or that we collect through the G2 Financial Verification Services application/verification process with:

• Service providers: We may disclose personal data to service providers that perform services on our behalf such as payment service providers, analytics providers, hosting providers and advisers. All service providers have entered into legally binding agreements requiring them to use and disclose personal data only as necessary to perform services on our behalf or comply with applicable legal requirements.
• Business partners: We may disclose personal data to our business partners for whom we have agreed to provide the G2 Financial Services Verification service. We have entered into legally binding agreements with our partners requiring them to use or disclose personal data only as necessary to perform services on our behalf or comply with applicable legal requirements.
• Corporate reorganization: If we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, we may share your personal data. We may also share your personal data if we undergo bankruptcy or liquidation, during such proceedings.
• Limited additional purposes: In addition, we may disclose personal data about you (a) if we are required to do so by law or legal process, for example due to a court order or a request from a law enforcement agency, (b) when we believe disclosure is necessary or appropriate to prevent physical harm, and (c) in connection with an investigation of suspected or actual fraudulent or other illegal activity.
• Disclosure within the group: We may share your personal data within G2RS in the context of our Intra-Group Personal Data Sharing and Transfer Agreement, which includes Standard Contractual Clauses.

We disclose personal data only as necessary for the purposes described in this Privacy Notice and subject to appropriate safeguards and contractual commitments (including data processing agreements where required).

5. Cookies, pixels, and similar technology

A cookie is a small text file that is stored in your web browser that allows G2RS or a third party (such as G2RS’s service providers) to recognize you. Cookies might be used for the following purposes: (1) to enable certain functions; (2) to provide analytics; (3) to store your preferences; and (4) to enable ad delivery and behavioral advertising. Cookies can either be “session cookies” or “persistent cookies”. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires, or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after multiple years. Cookies placed by the website you’re visiting are sometimes called “first-party cookies”, while cookies placed by other companies are sometimes called “third-party cookies.”

In the EEA and the UK, we only use cookies that are not strictly necessary (for example, analytics, functional or advertising cookies) with your prior consent. You can withdraw or change your consent at any time via [“Manage Cookies”] or adjusting your browser settings.

When you access and/or use the website, G2RS or a third party may place a number of cookies in your browser. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used. Each cookie serves one of four different purposes:

• Strictly necessary cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personal identifiable information.
• Targeting cookies: These cookies may be set through the website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They do not store personal data directly but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
• Performance cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of the website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
• Functional cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to the website’s pages. If you do not allow these cookies, then some or all of these services may not function properly.

We use additional technologies to help track user activities and preferences. For example, we use web beacons (also known as clear gifs, pixel tags or web bugs). Web beacons are tiny graphics (about the size of period) with a unique identifier that are embedded invisibly on web pages or emails. They are used to track user activities and communicate with cookies. You cannot opt out of web beacons used in webpages, but you can limit their use by opting out of the cookies they interact with. You can opt out of web beacons used in emails by setting your email client to render emails in text mode only.

Finally, we may set cookies that monitor links to our website that we send to you (if you have consented to receiving emails from us). These cookies are used to track visitors to our website sourced from these emails. To avoid these types of cookies, please follow the explanation below on how to change your browser cookies settings.

In addition, we may use a tracking technology (pixels) in emails to understand how often our emails are opened and clicked on by our customers. If you do not wish this tracking to be effected, please change your email software or service (such as Outlook, Gmail etc.) settings to not automatically download images (to the extent it is not already your default) In some instances, depending on your email or browser settings, cookies in an email may be automatically accepted (for example, when you have added an email address to your address book or safe senders list). Please refer to your email browser or device instructions for more information on this.

Third-party companies like analytics companies and ad networks generally use cookies to collect user information on an anonymous basis. They may use that information to build a profile of your activities on the website and other websites that you have visited.

If you do not like the idea of cookies or certain types of cookies, you can change your browser’s settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this, visit the help pages of your browser. Some useful information can also be found here: https://www.allaboutcookies.org/. Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

6. Advertising (cookie-based) opt-out requests

Where legally required, we will only use cookies for targeted advertising with your prior consent. You may withdraw consent at any time via [“Manage Cookies”]. You have the choice to opt out of G2RS’ marketing email communications, or to revoke consent to receive these communications, at any time by using the opt-out provision at the bottom of every G2RS email.

Additionally, if you prefer to opt-out of receiving marketing messages, we recommend that you visit the Association of National Advertisers (ANA) and register on their consumer web site. In addition, you may choose to opt out of digital advertising through the NAI’s Consumer Opt-Out Program, DAA’s Consumer Choice Page, or the European Union/European Economic Area (EU/EEA) Opt-Out. By clicking on the “Opt-Out” links below, you will be directed to the respective third-party website where your computer will be scanned to determine who maintains cookies on you. At that time, you can either choose to opt out of the cookie-based targeted advertising or you can choose to opt out of cookie-based targeted advertising by selecting individual companies. Where legally required, G2RS will send marketing communications only after receiving your consent.

7. Links to other sites or services

This Privacy Notice does not apply to other third-party sites or services. If you click on a link or browse to a third-party site from our site/service, your activity and interaction are subject to that third party’s rules and policies. We recommend that you review the online privacy statements on these other sites to understand their privacy practices and treatment of personal data so that you can make an informed decision regarding your use or interaction with their site/service.

8. Securing personal data

We maintain a comprehensive Information Security Program with administrative (policies, standards, and processes), physical, and technical controls designed to protect the confidentiality, integrity, and accessibility of your personal data, taking into account the nature of the personal data.

9. Retaining personal data

We retain your personal data for as long as reasonably necessary to fulfill the purposes for which it was collected or processed, as described in this Privacy Notice. For instance, we retain your personal data, collected through our services and websites, for as long as your account is active or as needed to provide services to you and our customers. When determining retention periods, we consider our relationship with you and your information, the nature and sensitivity of the information, and what is reasonably necessary and proportionate to provide and improve our services. We also adjust retention periods to comply with our legal, reporting, or accounting obligations, to resolve disputes, and to enforce our agreements. We regularly review our retention periods and assess our data minimization practices, retaining the least amount of information for the shortest retention period, while still upholding all our obligations.

10. Consumer privacy rights

In some instances, G2RS offers its services to customers as a service provider/processor or subject to other exceptions under the applicable federal law (such as, in certain cases and solely in connection with services provided by G2 Bankruptcy Risk Solutions, Inc. the Fair Credit Reporting Act) Cand state privacy laws (please see Section 11 of this Privacy Notice for information on which US residents may exercise privacy rights). Where G2RS is acting as a service provider/processor, we are processing data on behalf of others who may provide you applicable privacy rights.

Where G2RS acts as a controller of your personal data, You may have the rights prescribed below in relation to personal data processed by us if you are a data subject in certain jurisdictions, such as the European Economic Area, or if your personal data is otherwise governed by certain privacy laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR”):

• The right to be informed about how your personal data is being used;
• The right of access to your personal data processed by us, which includes the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the purposes of the processing; categories of personal data concerned; recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored; the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling; the appropriate safeguards relating to the transfer of your personal data outside the EEA.
• The right to request the correction of inaccurate personal data we hold about you;
• In certain circumstances, the right to request that we delete your data;
• The right to restrict processing of your personal data;
• The right to object to processing activities, if the processing is based on our legitimate interest;
• The right to withdraw consent for processing at any time, if the processing is based on consent;
• The right to object to processing of personal data for direct marketing purposes at any time;
• In certain circumstances, you have the right to receive the personal data you have provided to us in a portable, machine and human-readable format, and to transmit those data to another controller (or have us transmit them where technically feasible) where our processing is based on your consent or on a contract and is carried out by automated means.
• The right to file a complaint with your relevant government agency or Supervisory Authority (in the EEA, as prescribed by GDPR).

You may exercise these rights to the extent these rights apply to you by contacting G2RS via the contact information listed below. We will undertake to respond to your request within the applicable time frame prescribed by applicable law, and in any event we will make efforts to respond within 30 days of receipt of your request. Although G2RS will make reasonable efforts to accommodate your requests, in some circumstances we may deem your request unfounded or not eligible under applicable law. If that should happen, G2RS expressly reserves the right to refuse your request personal data. Before G2RS is able to accommodate any request, provide you with any information or correct any inaccuracies we may verify your identity by requesting certain information or identification.

11. Supplemental US state privacy law disclosures

This section provides supplemental information as required under certain US state privacy laws and applies to residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia (collectively, the “Covered States”). Where a Covered State has a unique requirement, it applies only to residents of that Covered State. Where no supplemental information is provided, the generally applicable terms of this Privacy Notice apply.

11.1 Personal data we collect

Over the past 12 months, we have collected the categories and types of personal data listed in Section 1 of this Privacy Notice. Some of this personal data may be considered “sensitive” in Covered States.

In Covered States except California, Iowa, Maryland, and Utah, unless permitted by other applicable laws and subject to any applicable exceptions, we are required to obtain your consent before collecting or processing your sensitive personal data. In California, unless permitted by applicable exceptions, we will obtain your consent before processing your sensitive personal data if you previously exercised your right to limit our use or disclosure of this information.

11.2 Purposes of processing personal data

We collect and process your personal data for the purposes listed in Section 2 of this Privacy Notice.

11.3 Personal data we disclose

Over the past 12 months, we have disclosed the categories of personal data listed in Section 1 of this Privacy Notice to the recipients and for the purposes listed in Section 4 of this Privacy Notice.

11.4 Consumer privacy rights

Subject to applicable law and except as may be provided by such applicable law, residents of Covered States may exercise the following privacy rights:

• The right to confirm that we process your personal data, know what categories of personal data about you we have collected or processed, and receive a copy of the personal data we have collected or processed about you in a portable, machine and human-readable form.
• The right to request that we correct or rectify inaccurate personal data about you. This does not apply to Iowa residents. Indiana residents may request that we correct only personal data you have provided to us.
• The right to request that we delete or erase personal data about you. Iowa residents may request that we delete or erase only personal data you have provided to us.
• The right to opt-out of our processing your personal data for cross-contextual behavioral advertising or targeted advertising.
• California residents have the right to request that we limit the processing of your sensitive personal data only to a business purpose, as defined in the CCPA, as amended.
• The right to opt-out of the “sale” or “sharing” of your personal data. Connecticut residents have the right to request a list of all third parties to whom we have sold your personal data.
• The right to opt-out of the processing of your personal data for profiling. This does not apply to Iowa or Utah residents. For personal data used for profiling, Connecticut and Minnesota residents have the right to object to the results of that profiling, be informed why the profiling resulted in a certain decision, review the personal data used in the profiling, and–if the profiling was undertaken with inaccurate personal data–request the profiling to be redone using corrected personal data.
• The right to appeal the denial of privacy rights to which you are legally entitled.

You may exercise your privacy rights by contacting us through one of the methods provided in Section 14 of this Privacy Notice. Please include the subject “Privacy Rights Request” on any requests submitted through email or postal mail. For all requests, please clearly identify the rights you wish to exercise. As permitted by applicable law, we retain the right to request that you provide additional information where required to verify your identity. Depending on the Covered State in which you live, you may have the right to designate an authorized agent to submit a request on your behalf. We will undertake to respond to your privacy rights request within 30 days or as otherwise legally required. G2RS does not discriminate against any consumer for exercising their privacy rights.

11.5 Do not track

G2RS does not respond to browser-based “do not track” requests.

12. Personal data of children

Our services are not intended for use by individuals under the age of eighteen (18). If we learn that we have collected or received personal data from individuals under the age of eighteen (18), we will delete the personal data. We do not knowingly collect or sell personal data of children under the age of eighteen (18) years.)If you believe we have collected personal data from individuals under the age of eighteen (18), a parent or guardian may make a privacy rights request on their behalf by contacting us through one of the methods in Section 14.

13. International data transfers

We may transfer your personal data within the G2RS group and to our service providers and partners (including transfers to the United States, where our parent company is based). Where this involves a transfer outside the EEA or the UK, or to a country that is not recognized as providing adequate level of protection, we will ensure appropriate safeguards are in place, including:

• The European Commission’s Standard Contractual Clauses (and, where applicable, the UK IDTA or UK Addendum to the SCCs); and
• Supplementary measures (technical, organizational and/or contractual) where needed to ensure a level of protection essentially equivalent to that in the EEA/UK.

14. Contact information

If you have questions or concerns regarding this Privacy Notice or the protection of your personal data, or to exercise your privacy rights, or to contact the G2 Data Protection Officer, you may contact us in the following ways:

15. Changes to the Privacy Policy

G2RS reserves the right to change this Privacy Policy at any time. If we make material changes, we will notify you by updating the effective date at the top of this Privacy Notice and, where required by applicable law, provide a notice (for example, on our website homepage or by email). We encourage you to review this Privacy Policy periodically to stay informed about how we process your personal data.