CALIFORNIA PRIVACY POLICY - Jason Mitchell Real Estate

JASON MITCHELL GROUP

CALIFORNIA PRIVACY POLICY

Effective Date: September 16, 2025

Preamble

At Jason Mitchell Group (“JMG”), we recognize the critical importance of safeguarding the privacy and personal information of California residents. This California Privacy Notice (“CA Privacy Notice”) is published to clearly articulate our strong commitment to transparency and legal compliance in our handling of Personal Information, as defined under the California Consumer Privacy Act of 2018 (“CCPA”) and as amended by the California Privacy Rights Act (“CPRA”).

This CA Privacy Notice outlines the categories and sources of Personal Information JMG may collect, the purposes for which such information may be used or disclosed, and the circumstances under which Personal Information may be sold or shared. It also describes our policies for retaining Personal Information and details the rights of California consumers, including, but not limited to, the rights to access, correct, delete, and limit the use and disclosure of Personal Information.

JMG’s practices are designed to ensure strong data stewardship and compliance with all applicable legal obligations. We encourage you to review this CA Privacy Notice fully to understand your rights and our responsibilities under the CCPA, as amended by the CPRA. By interacting with JMG, you acknowledge that you have been provided this notice at or before the point of collection of your Personal Information, per California law.

Scope of this Notice

This CA Privacy Notice applies only to individuals who qualify as residents of the State of California, as defined by law. It governs the Personal Information that JMG collects directly from California consumers, or that is submitted by consumers via JMG’s digital platforms, during their interactions with JMG as customers or users.

This CA Privacy Notice does not apply to Personal Information collected in connection with prospective, current, or former employment or contractual engagement with JMG. It excludes Personal Information related to job applicants, employees, or independent contractors of JMG. For California residents engaging with JMG as job applicants, employees, or contractors, separate privacy notices are provided, each tailored to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and related regulations.

By clearly defining its scope, this Notice ensures that California consumers understand when and how their Personal Information is subject to the rights and obligations described here.

Notice at Collection: Categories of Personal Information

JMG collects the following categories of Personal Information for the purposes specified below:

Note: These tables are available in alternative formats (e.g., PDF, audio) upon request at techteam@jasonmitchellgroup.com.

General Personal Information

Category of Personal Information	Purpose of Collection	Sold or Shared for Cross-Context Behavioral Advertising?
A. Identifiers: Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, agent license number and licensing state; date of birth; debit card information; credit card information; IP address; Cookie Session Identifier; or other similar identifiers	To fulfill or meet the reason for which the information is provided; Servicing transactions and accounts (e.g., customer verification); Undertaking internal research for technological development and demonstration; Sharing the personal information with service providers to carry out business purposes. Example: sharing email address with a marketing platform for email communications.	No
B. Personal Information Categories from Cal. Civ. Code § 1798.80(e): Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information	To fulfill or meet the reason for which the information is provided; Servicing transactions and accounts (e.g., customer verification); Undertaking internal research for technological development and demonstration; Sharing the personal information with service providers to carry out other business purposes.	No
C. Characteristics of CA or Federal Protected Classifications: Race, religion, national origin, age (40 and over), gender, sexual orientation, medical condition, pregnancy (includes childbirth, breastfeeding and/or related medical conditions), familial status, disability, veteran status, or genetic information.	Short-term data use for the current interaction that is not used to build a profile.	No
D. Commercial Information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	To fulfill or meet the reason for which the information is provided; Servicing transactions and accounts (e.g., customer verification).	No
E. Biometric Information: Photos indicating a physical likeness, and keystroke patterns.	To fulfill or meet the reason for which the information is provided; For internal operation purposes; Debugging to identify and repair errors; Undertaking internal research for technological development and demonstration.	No
F. Internet or Other Similar Network Activity: Browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement, or Zoom data for employees.	To fulfill or meet the reason for which the information is provided; For internal operation purposes; Short-term data use for the current interaction that is not used to build a profile; Servicing transactions and accounts (e.g., customer verification).	No
G. Geolocation Data: Information that can be used to determine a device’s physical location.	For internal operation purposes; Fraud and security detection; Debugging to identify and repair errors; Undertaking activities to verify or maintain the quality or safety of a service or device.	No
H. Sensory or Surveillance Data: Audio, electronic, visual, thermal, olfactory, or similar information that can be linked or associated with a particular consumer or household.	To fulfill or meet the reason for which the information is provided; For internal operation purposes.	No
I. Professional or Employment-Related Information: Compensation, evaluations, performance reviews, personnel files and current and past job history.	To fulfill or meet the reason for which the information is provided; Short-term data use for the current interaction that is not used to build a profile; Sharing the personal information with service providers to carry out other business purposes.	No
J. Education Information (defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act):Education records directly related to a student.	To fulfill or meet the reason for which the information is provided; Short-term data use for the current interaction that is not used to build a profile; Sharing the personal information with service providers to carry out other business purposes.	No

Sensitive Personal Information

Category of Sensitive Personal Information	Purpose of Collection	Sold to or Shared for Cross-Context Behavioral Advertising?
Social Security Number, Driver’s License, State Identification Card, or Passport Number	To perform services that provide the products requested and reasonably expected from JMG; To detect, prevent, and investigate security incidents involving user’s information; To investigate or curtail malicious, fraudulent, or illegal actions directed at us and to prosecute those responsible	No
Account log-in, financial account, debit card, or credit card number when provided with any required security or access code, password, or credentials allowing access to an account	To perform services that provide the products requested and reasonably expected from JMG; To detect, prevent, and investigate security incidents involving user’s information; To investigate or curtail malicious, fraudulent, or illegal actions directed at us and to prosecute those responsible	No
Precise geolocation	To perform services that provide the products requested and reasonably expected from JMG; To detect, prevent, and investigate security incidents involving user’s information; To investigate or curtail malicious, fraudulent, or illegal actions directed at us and to prosecute those responsible	No
Racial or ethnic origin, religious or philosophical beliefs, or union membership	This information may be requested to offer certain marketing content that aligns with the user’s interests. Please be advised this is optional and not required by the user.	No
Contents of a consumer’s mail, email, and text messages (unless we are the intended recipient of the communication)	To respond to a user’s outreach and help them with their real estate goals. This would include but not be limited to an email conversation, a mailing form the company and a text from a real estate agent.	No
Genetic data	N/A – JMG does not collect genetic data.	N/A
Biometric information for the purpose of unique identification	To establish the identity of the user. This would include but not be limited to the user providing their driver’s license.	No
Health Information	Health data is collected to promote resources such as healthcare policies and information relevant to California residents.	No
Information concerning sex life or sexual orientation	Not Applicable	N/A

Data Retention

JMG retains Personal Information only for as long as reasonably necessary to fulfill the legitimate purposes for which it was collected, including, but not limited to, facilitating account recovery, complying with applicable tax, legal, or accounting obligations, and other business requirements as mandated or permitted by law.

Upon expiration of the required retention period or when there is no continuing business necessity to retain Personal Information, JMG will employ reasonable measures to ensure that such information is securely deleted, anonymized, aggregated, or otherwise de-identified in accordance with applicable legal standards. In the course of disposing of Personal Information, JMG utilizes appropriate safeguards, including, where applicable, the shredding of physical documents and the secure wiping of electronic media, to render such information irretrievable and unreadable.

Through these data retention and disposal practices, JMG affirms its commitment to the protection and responsible stewardship of Personal Information entrusted to its care.

Principles Guiding Data Retention

JMG is guided by the following foundational principles in determining the retention, management, and disposition of Personal Information:

Minimization of Retention Periods: JMG is committed to retaining Personal Information only for the shortest duration necessary, consistent with protecting individual privacy and complying with applicable statutory and regulatory requirements.
Alignment with Business Purposes: The duration for which Personal Information is retained is strictly aligned with the specific, legitimate business purposes underlying its original collection. JMG periodically reviews retention periods to ensure ongoing necessity and proportionality.
Support, Operations, and Security: Data is maintained for intervals sufficient to ensure the continuity of support services, ongoing business operations, and the security and integrity of JMG’s technological and administrative environment.
Legal Consultation and Preservation Requirements: JMG will seek the guidance of qualified legal counsel before disclosing Personal Information beyond JMG or its contracted service providers or when evaluating obligations to preserve information in response to actual or anticipated litigation, governmental investigations, or law enforcement requests.

By adhering to these principles, JMG ensures that data retention practices are both privacy-centric and fully compliant with legal and operational obligations.

Data Minimization

JMG is committed to the principle of data minimization. We collect, process, and retain Personal Information only to the extent that such information is strictly necessary and proportionate to fulfill the specific, disclosed purposes for which it was collected, or as otherwise required by applicable law. JMG regularly reviews its data collection practices to ensure that we are not collecting superfluous or excessive Personal Information. If we determine that certain data is no longer needed for its stated purpose, we will take steps to securely delete, anonymize, or de-identify that information. We encourage consumers to only provide information that is accurate, relevant, and necessary for their specific interactions with JMG.

Data Security

JMG maintains reasonable and appropriate administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of Personal Information. These safeguards include, but are not limited to:

Encryption: Implementing strong encryption (e.g., AES-256) at rest and employing secure transport protocols (TLS 1.2 or higher) for sensitive Personal Information in transit.
Access Controls: Restricting access to Personal Information to authorized personnel with a legitimate business need, adhering to the principle of least privilege. Access is granted and reviewed on a regular basis.
Regular Security Assessments: Conducting regular vulnerability assessments and penetration testing at least annually, and more frequently (e.g., quarterly) for critical systems, to identify and address potential security risks.
Incident Response Plan: Maintaining and regularly updating an incident response plan to address potential data breaches or security incidents, including procedures for prompt notification to affected individuals and regulatory authorities as required by law.
Employee Training: Providing regular training to employees on data security best practices, privacy principles, and compliance requirements, covering topics such as data breach prevention, phishing awareness, and secure data handling procedures.
Physical Security: Implementing physical security measures to protect data centers and other facilities where Personal Information is stored, including access controls and surveillance.

While JMG takes reasonable steps to protect Personal Information, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, JMG cannot guarantee the absolute security of Personal Information. In the event of a data breach, JMG will comply with all applicable data breach notification laws.

Do Not Sell or Share My Personal Information

Per the CA Consumer Privacy Act, as amended by the CPRA, California residents possess the unequivocal right to direct JMG not to sell or share their Personal Information, including for purposes of cross-context behavioral advertising.

Should you wish to exercise your right to opt out of the sale or sharing of your Personal Information, you may do so at any time by clicking the “Do Not Sell/Share My Personal Information” link at https://thejasonmitchellgroup.com/privacy-center. Alternatively, you may submit your opt-out request by contacting us via email at techteam@jasonmitchellgroup.com, or by enabling a Global Privacy Control (GPC) signal in your browser settings, which JMG honors as an opt-out request. JMG supports GPC signals to facilitate automated opt-out preferences.

JMG will act upon your opt-out directive pursuant to all obligations prescribed by the CCPA and CPRA and will ensure that your choice is honored to the fullest extent required by law.

California Privacy Rights

JMG is fully committed to upholding the privacy rights of California residents through robust compliance with state data protection statutes, as summarized below:

California’s Shine the Light Law: Pursuant to California Civil Code Section 1798.83, California residents are entitled to request information regarding JMG’s disclosures, if any, of their Personal Information to third parties for those parties’ direct marketing purposes. To submit such a request, please contact us via email at techteam@jasonmitchellgroup.com.
California Online Privacy Protection Act (“CalOPPA”): JMG complies with CalOPPA by providing clear privacy disclosures and honoring “Do Not Track” signals sent by browsers, thereby respecting users’ online privacy preferences in accordance with statutory requirements.
California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”): As a “Consumer” under the CCPA and CPRA, California residents are afforded the following statutory rights concerning their Personal Information:
1. Right to Know: You have the right to request information regarding the categories of Personal Information we collect, the sources of such information, and the purposes for its collection, use, or sharing.
2. Right to Deletion: You may request the deletion of your Personal Information, subject to certain statutory exceptions.
3. Right to Correct: You may request correction of incomplete or inaccurate Personal Information maintained by JMG.
4. Right to Opt-Out: You have the right to direct us not to sell or share your Personal Information, including for cross-context behavioral advertising.
5. Right to Non-Discrimination: You will not be discriminated against for exercising any of your rights under the CCPA or CPRA.

JMG is committed to facilitating the exercise of these rights in a transparent, timely, and comprehensive manner, as required by California law. JMG will respond to verifiable consumer requests within 45 days, extendable by an additional 45 days with notice, per CCPA/CPRA requirements.

Collection of Personal Information

JMG collects Personal Information from California consumers through their interactions with our website, use of our services, communications with JMG representatives, and visits to our physical locations. The categories of Personal Information that may be collected include:

Customer Records Information: This includes personally identifiable details such as your name, address, email address, Social Security number, driver’s license number, telephone number, and relevant financial information. Such information is collected in order to facilitate transactions, assist in property purchases or sales, and provide you with comprehensive support throughout your interactions with JMG. Please Note: If JMG is unable to verify with details provided, such as a Government ID and or other validation with such data this may lead to a partial and or the entire request to not be acted upon.
Characteristics of Protected Classes: Where required to process transactions or as otherwise permitted by law, we may collect information such as your age or race.
Professional or Employment Information: We may collect information about your current occupation or professional status if it is relevant to a transaction or your engagement with JMG.
Inferences from Public Records: JMG may derive certain inferences from publicly available records, such as likely property interests or preferences. These inferences enable us to communicate with you more effectively and ensure that our marketing efforts are relevant to your interests; they do not involve using your personal characteristics.

JMG or authorized agents may collect this information directly from you or through authorized interactions. All data collection is performed in accordance with applicable laws and in alignment with JMG’s dedication to privacy, transparency, and responsible stewardship of your Personal Information.

Additional Disclosures and Consumer Protections

JMG collects, uses, retains, and shares Personal Information only to the extent that such actions are reasonably necessary and proportionate to fulfill the specified purposes for which the data was collected or for other purposes that are adequately disclosed and compatible, in strict accordance with California Civil Code §1798.100(c).

JMG does not disclose Personal Information to unaffiliated third parties for their own direct marketing purposes without obtaining your explicit prior consent.

To ensure the security of your data and compliance with applicable law, JMG verifies consumer requests by matching provided identifiers (e.g., email address, transaction history, or government-issued ID for sensitive requests) to our records. If verification cannot be completed, we will notify you to provide additional information or explain why the request cannot be processed.

Please be advised that the privacy practices of independent agents and third-party vendors engaged by JMG are governed by their own separate privacy policies. As such, their data collection and usage may differ from those of JMG. Consumers are encouraged to review the privacy policies of such third parties before disclosing any personal information.

Vendor Management

JMG engages with third-party vendors and service providers who assist us in providing our services. JMG requires these vendors to adhere to privacy and security standards that are substantially equivalent to our own. Before engaging with a vendor that will have access to Personal Information, JMG will:

Conduct Due Diligence: Perform a thorough review of the vendor’s privacy and security policies and practices, including reviewing their SOC 2 reports (if applicable), privacy policies, security certifications, and data breach history.
Contractual Protections: Enter into a written agreement with the vendor that includes provisions regarding data security, confidentiality, and compliance with applicable privacy laws, including the CCPA and CPRA, and requires the vendor to promptly notify JMG of any data breaches or security incidents.
Ongoing Monitoring: Regularly monitor the vendor’s compliance with the terms of our agreement and with applicable privacy laws and reserve the right to audit the vendor’s security and privacy practices to ensure compliance.
Data Processing Agreements: Utilize Data Processing Agreements where legally required to ensure vendors process Personal Information only as instructed by JMG.

JMG remains responsible for the Personal Information that we share with our vendors. In the event that a vendor fails to meet its obligations under our agreement, JMG will take appropriate action to protect Personal Information, including terminating the relationship with the vendor.

Exercising Your Rights

To exercise any of your rights under the CCPA and CPRA, please submit a verifiable consumer request through the contact methods outlined below. A consumer request must be verifiable to ensure proper processing and to protect your privacy rights.

Contact Information

For questions, concerns, or to exercise your rights, please contact us via:

Email: techteam@jasonmitchellgroup.com
Phone: (833) 471-3337
Mail: Jason Mitchell Group, LLC, 3080 N Civic Center Plaza, Suite 100, Scottsdale, AZ 85251

JMG is committed to responding to all requests within 45 days, extendable by an additional 45 days with notice, ensuring timely and effective communication and resolution.

National Headquarters:

Useful Links: