Privacy Policy

1 You are not required to provide personal information to us, although in some cases if you choose not to do so then we will be unable to make certain sections of the Website available to you.  For example, we may need to have your contact information in order to provide you with updates from our Website.  

2 When you provide personal information to us, we will comply with the New Zealand Privacy Act 1993.

3 The personal information you provide to us (including any information provided if you register for an account) is collected and may be used for communicating with you, statistical analysis, the marketing by us of products and services to you, credit checks (if necessary), and research and development.

4 We may also collect technical information whenever you log on to, or visit the public version of, our Website.  This may include information about the way users arrive at, browse through and interact with our Website.  We may collect this type of technical information through the use of cookies and other means.  Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive to enable our systems to recognise your browser.  If you want to disable cookies, you may do so by changing the settings on your browser.  However, if you do so, you may not be able to use all of the functions on the Website.  We use the technical information we collect to have a better understanding of the way people use our Website, to improve the way it works and to personalise it to be more relevant and useful to your particular needs.  We may also use this information to assist in making any advertising we display on the Website more personalised and applicable to your interests.

5 Generally, we do not disclose personal information to third parties for them to use for their own purposes.  However, some of the circumstances in which we may do this are:

a to service providers and other persons working with us to make the Website available or improve or develop its functionality (e.g. we may use a third party supplier to host the Website);

b in relation to the proposed purchase or acquisition of our business or assets; or

c where required by applicable law or any court, or in response to a legitimate request by a law enforcement agency.

6 Any personal information you provide to us may be stored on the secure servers of our trusted service providers, which may be located outside New Zealand.  This may involve the transfer of your personal information to countries which have less legal protection for personal information than New Zealand.

7 You have the right to request access to and correction of any of the personal information we hold about you.  If you would like to exercise these rights, please email us at hello@yonderhq.com

TOMIS HOLDINGS, INC Privacy Policy
Last revised: October 28th, 2024

1. General
We know that your privacy is important to you, and we work hard to earn and keep your trust. TOMIS HOLDINGS, INC. (collectively with its subsidiaries, “TOMIS,” “Yonder”, “we,” “us,” and “our,”) respects your privacy and is committed to protecting your privacy through our compliance with this Privacy Policy (the “Policy”).

This Policy describes:
- The types of information we collect from you or that you may provide when you visit our websites available
at: https://tomis.tech/, www.tomis.com, and all sub- domains thereof (collectively, the “Site”) as well as any paid web delivered software as a service applications, content, and other technical services (“Service(s)”) available on or through the Site (including, without limitation, the TOMIS analytics and marketing platform, search engine optimization services, blog library subscriptions, as well as any future software or Services provided by TOMIS).
- Our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Policy applies to information we collect through the Services or in emails and other electronic messages
between you and the Services, and information gathered when you interact with our advertising on third-party websites if such advertisements include links to this Policy.

This Policy does not apply to information collected by us offline or through any other means, including on any other website operated by TOMIS or any third party, or information collected by any third party through any application or content (including advertising) that may link to or be accessible from the Services (for further information, see below, “Third-party Websites”).

Please read this Policy carefully to understand our practices regarding your information and how we will treat it. If you do not agree with our policies and practices, then please do not use our Services. By using our Services, you agree to the terms of this Policy. This Policy may change from time to time (see below, “Changes to this Policy”). Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

2. Terms of Service and Subscription Agreement; Other Agreements
This Policy should be read in conjunction with the applicable TOMIS Terms of Service and Subscription Agreement, into which this Policy is incorporated by reference

3. What We Collect and How We Collect It
To ensure that we provide you with the best possible experience, we will store, use, and share personal information about you in accordance with this Policy. Personal Information is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user, household or device (“Personal Information”). In particular, the Service has collected the following categories of Personal Information from users of the Services within the last 12 months:

Category Examples Collected
Identifiers A real name, postal address, unique personal identifier, online Yes
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, physical characteristics or description, address, telephone number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Yes
Protected classification characteristics. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). No
Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes
Biometric information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No
Internet or other similar network activity Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. Yes
Geolocation Data Physical location or movements. Yes
Sensory data Audio, electronic, visual, thermal, olfactory, or similar information. No
Professional or employment-related information Current or past job history or performance evaluations. No
Non-public education information Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records No
Inferences drawn from other Personal Information Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes

We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from you. For example, when you: register yourself with the Services; place an online order or subscription; subscribe to one of our e-newsletters; apply for a job posting with TOMIS; review or comment on one of our products; or communicate with us, such as request information

- Indirectly from you. For example, through information we collect from you in the course of providing our
Services to you.

- Directly and indirectly from activity on our Services. For example, from website usage details that are
collected automatically.

The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email or free text boxes, such as contacting TOMIS to request further information. When providing your Personal Information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, credit card information or other sensitive Personal Information, unless required for the Services.

Additionally, we may ask you to create a username and password that should only be known to you. Moreover, we may receive information about you from other sources and add it to the information you have provided to us.

4. How We Use Your Information
The information we gather and that you provide is collected to provide you information and the Services you request, in addition to various other purposes, including, but not limited to:

- Providing the information, products and Services you request; security, credit, or fraud prevention purposes; providing you with effective customer service; providing you with a personalized experience when you use the Services; contacting you with special offers and other information we believe will be of interest to you (in accordance with any privacy preferences you have expressed to us); contacting you with information and notices related to your use of the Services; inviting you to participate in surveys and providing feedback to us (in accordance with any privacy preferences you have expressed to us); better understanding your needs and interests; improving the content, functionality and usability of the Services; improving our products and services; improving our marketing and promotional efforts; and any other purpose identified in an applicable privacy notice, click-through agreement or other agreement between you and us.

5. How We Share Your Information
We do not sell or lease your Personal Information to any third party. We may share your Personal Information by disclosing it to a third party for a business purpose. When we disclose your Personal Information, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except for the purposes set forth in the contract.

In the preceding 12 months, we have disclosed the following categories of Personal Information for one or more business purposes:
● Identifiers;
● Personal Information categories;
● Commercial information;
● Internet or other network activity information;
● Geolocation data; and
● Inferences drawn from other Personal Information.

We disclose your Personal Information for a business purpose to the following categories of third parties:
- Our affiliates; and
- Third-party vendors who provide services that enhance our Services, products and services to you (such as vendors for credit card processing, advertising and marketing, and customer support).

Except as described in this Policy, we will not share your information with third parties without your notice and
consent, unless it is under one of the following circumstances:
- Legal Reasons: We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, subpoena, or court order; To respond to duly authorized information requests from law enforcement or other governmental authorities; To enforce our agreements, policies, or the Terms of Service and Subscription Agreement; To investigate and prevent security threats, fraud, or other malicious activity; or To respond to an emergency that we believe in good faith requires us to disclose such information
to assist in preventing the death or serious bodily injury of any person or TOMIS employee.

- Sale of Business or Merger. There are circumstances where TOMIS may decide to buy, sell, or reorganize
its business in selected countries. Under these circumstances, it may be necessary to share or receive
Personal Information with prospective or actual partners or affiliates. In such circumstances, TOMIS will
ensure your information is used in accordance with this Policy.

6. Your Choices and Selecting Your Privacy Preferences
We want to provide you with relevant information that you have requested. When possible, we will always provide options as to what information we collect and how you can manage any preferences that pertains to such information.

When we provide subscription-based services, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Transactional or service-oriented messages, such as delivery confirmation messages, are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.

We will not intentionally send you email newsletters and marketing emails unless you consent to receive such
marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the Service provided.

7. Text Messaging
You may have the opportunity to receive SMS or "text" messages, pre-recorded voice messages or auto-dialed phone calls from TOMIS, its affiliates and related entities as well as third parties. Such messaging may be used to authenticate your identity or mobile device, as well as provide you informational updates about services or products you may have requested. In providing your mobile device number or cell phone number to TOMIS, you knowingly consent to such communications from TOMIS or for TOMIS to use your cell phone number or mobile device number in accordance with TOMIS’s Terms of Use. In providing your number, you represent that you have the authority to agree to receive text messages at the telephone number that you provide to TOMIS, or from which you sent the text message request to us. You further acknowledge that no purchase is required to opt into this service, and you may opt out at any time by following the instructions provided in our communications to you.

Any such communications you receive from us will be administered in accordance with your preferences and this Policy.

8. Accuracy and Access to Your Personal Information
We strive to maintain and process your information accurately. We have processes in place to maintain all of our information in accordance with relevant data governance frameworks and legal requirements. We employ
technologies designed to help us maintain information accuracy on input and processing.

Where we can provide you access to your Personal Information in our possession, we will always ask you for a
username and password to help protect your privacy and security. We recommend that you keep your password safe, that you change it periodically, and that you do not disclose it to any other person or allow any other person to use it. To view and change the Personal Information that you have provided to us, you can log in to your account and follow the instructions on that webpage, or contact us directly for assistance.

9. Information of Minors
We do not intentionally seek to gather information from individuals under the age of 18. We do not target the Services to minors, and would not expect them to be engaging with our Services. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet. If we are aware of any Personal Information that we have collected about minors, we will take steps to securely remove it from our systems.

11. Third-party Websites
This Policy does not apply to websites or other domains that are maintained or operated by third parties or our affiliates. Our Services may link to third-party websites and services. These links are not endorsements of these websites, and this Policy does not extend to them. Because this Policy is not enforced on these third-party websites, we encourage you to read any posted privacy policy of the third-party website before using the service or website and providing any information.

12. Your California Rights
Shine the Light law. Pursuant to California Civil Code Section 1798.83, we will not disclose or share your Personal Information with third parties for the purposes of third- party marketing to you without your prior consent.

Do Not Track Signals. Other than as disclosed in this Policy, the Services do not track users over time and across third-party websites to provide targeted advertising. Therefore, the Services do not operate any differently when it receives Do Not Track (“DNT”) signals from your internet web browser.

WE DO NOT SELL YOUR PERSONAL INFORMATION. If we ever decide to sell Personal Information, we will update you via this Policy and include a link entitled “Do Not Sell My Personal Information,” to provide you with an opportunity to opt out of sales of your Personal Information.

California Consumer Rights. If you are a California consumer, as defined by the California Consumer Privacy Act of 2018, you may be afforded additional rights with respect to your “Personal Information” as that term is explicitly defined under California law. Any Personal Information we collect is collected for the commercial purpose of effectively providing our Services to you, as well as enabling you to learn more about, and benefit from, our Services.
You may exercise each of your rights as identified below, subject to our verification of your identity.

A. Access. You have the right to request that we disclose certain information to you about our collection, use
and disclosure of your Personal Information over the past 12 months. Any disclosures we provide will only
cover the 12-month period preceding the receipt of your request. The response we provide will also explain
the reasons we cannot comply with a request, if applicable.
B. Prohibit Data Sharing. When applicable, you may prohibit the sharing of your Personal Information. In
your request, please explain how you wish us to prohibit the sharing of your Personal Information, and which
categories of third parties you want to prohibit from receiving your Personal Information. When such
prohibitions are not possible to provide our Services to you, we will advise you accordingly. You can then
choose to exercise any other rights under this Policy.
C. Portability. Upon request and when possible, we can provide you with copies of your Personal
Information. When such a request cannot be honored, we will advise you accordingly. You can then choose
to exercise any other rights under this Policy
D. Deletion. You have the right to request that we delete any of your Personal Information that we collected
from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer
request, we will delete (and direct our service providers to delete) your Personal Information from our
records, unless an exception applies. Where applicable, we will ensure such changes are shared with
trusted third parties.
E. Non-Discrimination. If a California data subject exercises his or her rights under California law, including
the CCPA, we shall not discriminate against that California resident by denying our goods or services,
charging different prices or rates to similarly situated consumers, providing a different level or quality of our
goods or services, or taking any other adverse action.
F. Exercising your rights. If you are a California resident who chooses to exercise the rights listed above, you
can:

1. Submit a request via email at grow@tomis.tech; or
2. Call us at 406-926-6701 to submit your request.

Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal
Information. If an authorized agent makes a request on your behalf, we may require proof that you gave the
agent permission to submit the request.

Responding to Your Request. Upon receiving your request, we will confirm receipt of your request by
sending you an email confirming receipt. To help protect your privacy and maintain security, we may take
steps to verify your identity before granting you access to the Personal Information. In some instances, such
as a request to delete personal information, we may first separately confirm that you would like for us to in
fact delete your personal information before acting on your request.

We will respond to your request within 45 days. If we require more time, we will inform you of the reason and
extension period in writing.

In some cases our ability to uphold these rights for you may depend upon our obligations to process
Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal
requirements, listed below, or because processing is necessary to deliver the Services you have requested.
Where this is the case, we will inform you of specific details in response to your request. We may deny your
deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide a good or
service that you requested, take actions reasonably anticipated within the context of our ongoing
business relationship with you, fulfill the terms of a written warranty or product recall conducted in
accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or
prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or
exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et.
seq.)
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest
that adheres to all other applicable ethics and privacy laws, when the information's deletion may
likely render impossible or seriously impair the research's achievement, if you previously provided
informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your
relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which
you provided it.

13. For Service Users or Visitors Outside of the United States
We do not warrant or represent this Policy or the Services’ use of your Personal Information complies with the laws of any particular jurisdiction. Furthermore, to provide you with our Services, we may store, process, and transmit information in the United States and other locations around the world, including countries that may not have the same privacy and security laws as yours. Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.

14. Your New Zealand Rights
Pursuant to NZ’s Privacy Act 2020, we are compliant with all 13 established Information Privacy Principles, as
outlined in this privacy policy. Should Yonder experience a privacy breach that poses a risk of serious harm (harm includes any loss, damage, disadvantage or emotional harm), Yonder will notify the impacted NZ user and the NZ Privacy Commissioner.To contact the Privacy Officer at Yonder/TOMIS:
Kira Hazelbaker
kira@tomis.tech

To contact the NZ Privacy Commissioner, please submit at enquiry to the following:
https://www.privacy.org.nz/about-us/contact-us/enquiry-form/

15. For Users or Visitors in the European Union (“EU”)
Under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or “GDPR”), individuals in the EU are afforded specific rights with respect to their Personal Information, or “personal data” as defined under the GDPR. For the purposes of this Policy, TOMIS operates as a data controller.

Any personal data we collect from you is processed in the United States and under the terms of this Policy. Any personal data we collect from you is processed in the legitimate interest of our business and providing our services to you as the lawful means of such processing. You may always withdraw your consent to our use of your personal data as described below. We will only retain your personal data for the time necessary to provide you the information and services to which you have consented, to comply with the law and in accordance with your rights below.

The Data Controllers are:
NAME: TOMIS HOLDINGS, INC.
ADDRESS: 283 W Front St Suite 001, Missoula, MT 59802
EMAIL ADDRESS: grow@tomis.tech

You can exercise any of the following rights, subject to verification of your identity, by notifying us as described below:
Access.

You may email us at grow@tomis.tech to request a copy of the personal data our Services database currently
contain.
- Access. You may email us at grow@tomis.tech to request a copy of the personal data our Services
database currently contain.
- Automated Processing and Decision-Making. You may email us at grow@tomis.tech to request that we stop using your personal data for automated processing, such as profiling. In your email, please explain how you wish us to restrict automated processing of your personal data. When such restrictions are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include
withdrawing your consent to the processing of your personal data.
- Correction or Rectification. You can correct what personal data our Services database currently contains by accessing your account directly, or by emailing us at grow@tomis.tech to request that we correct or rectify
any personal data that you have provided to us. We may not accommodate a request to change information
if we believe the change would violate any law or legal requirement or cause information to be incorrect.
Where applicable, we will ensure such changes are shared with trusted third parties.
- Restrict Processing. When applicable, you may restrict the processing of your personal data by submitting a request via email to grow@tomis.tech. In your email, please explain how you wish us to restrict processing of your personal data. When such restrictions are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Object to Processing. When applicable, you have the right to object to the processing of your personal data by submitting a request via email to grow@tomis.tech. When such objections are not possible, we will
advise you accordingly. You can then choose to exercise any other rights under this Policy, to includewithdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Portability. Upon request and when possible, we can provide you with copies of your personal data. You may submit a request via email to grow@tomis.tech. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent. Where applicable, we will ensure such changes are shared with any trusted third parties.
-Withdraw Consent. At any time, you may withdraw your consent to our processing of your personal data
through this Service by notifying us via email at grow@tomis.tech. Using the same email address associated
with your Services account, simply type the words “WITHDRAW CONSENT” in the subject line of your
email. Upon receipt of such a withdrawal of consent, we will confirm receipt and proceed to stop processing
your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Erasure. If you should wish to cease use of our Services and have your personal data deleted from our
Services, then you may submit a request by emailing us at grow@tomis.tech. Upon receipt of such a
request for erasure, we will confirm receipt and will confirm once your personal data has been deleted.
Where applicable, we will ensure such changes are shared with trusted third parties.
- Submit Complaints or Questions. If you wish to raise a complaint on how we have handled your personal
data, you can contact us as described below. If you reside in a European Union member state, you may also
lodge a complaint with the supervisory authority in your country.

16. Safeguarding the Information We Collect
We use reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure. However, we can never promise 100% security. As a user or consumer, you have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please also notify us of any actual or suspected unauthorized use.

17. Changes to this Policy
This Policy describes our current policies and practices with regard to the information we collect through the Services. We are continually improving and adding to the features and functionality of Services along with the products and services we offer through the Services. If we make any changes to this Policy, a revised Policy will be posted on this webpage and the date of the change will be reported in the “Last Revised” block above. You can get to this page from any of our webpages by clicking on the “Privacy Policy” link (usually at the bottom of the screen).

18. How to Contact Us
We value your opinions and welcome your feedback.
To contact us about this Policy or your Personal Information,
please contact us by email at grow@tomis.tech or by telephone at 406-926-6701.