VITAL : South American Agent Web Portal

Effective Date: October 14, 2025

TM Claims Service

TM Claims Service, Inc. (“TMCS”) is concerned about the privacy of its customers and website visitors. This Privacy Policy (the “Policy”) describes how TMCS collects, processes, protects, and handles the information you provide to TMCS when you visit www.tmclaims.com.

Information Collected and its Uses

When registering, submitting a claim, or otherwise using our website (the ”Site”), users may be invited to share certain information, including name, address, email address, telephone number, and log-in ID and password (“Personal Information”) to allow TMCS to contact users, determine user eligibility for a requested product or service, administer a requested product or service, advise users about other available products and services, and provide a better user experience.

Passively Collected Information

We automatically receive certain information from a user’s browser, when a user visits our Site, which is collected only for internal purposes, such as to identify trends or to improve customer service. This information may include the number of a user’s visits to our Site, as well as the corresponding IP address, login time, logout time, browser type, system type, and time zone. If a user opts in to receive emails from TMCS, emails may include an embedded image that indicates whether the TMCS email was opened.

TMCS has developed policies and procedures for the protection of non-public personal and financial information, and TMCS maintains safeguards to protect data and files containing non-public information. All TMCS employees are responsible for the protection of non-public information and are responsible for compliance with TMCS’s privacy policies.

Information Sharing

Information Shared among TMCS Entities

We may share information with TMCS’s parent company and affiliates for a variety of purposes, including improving our products and services and providing you with the latest information about our products and services.

Information Shared with Vendors

We work with a limited number of select vendors and business partners, who assist TMCS in processing claims, facilitating requested customer transactions, assisting in operating www.tmclaims.com, processing data, and delivering related emails on behalf of TMCS. TMCS shares information with these vendors, pursuant to a written vendor agreement that includes data security and privacy provisions to safeguard the integrity and confidentiality of Personal Information.

Information Shared with Other Third Parties
We do not sell or trade user information with unrelated third parties. However, we may disclose certain limited information to third parties (other than those identified above), upon your consent and in furtherance of certain purposes, including but not limited to the following:

• to comply with valid legal processes, including subpoenas, court orders, or search warrants, and as otherwise authorized by law; and in cases involving danger of death or serious physical injury to any person or other emergencies;
• to protect the rights, property, or the safety of our customers or employees;
• to protect against fraudulent, malicious, abusive, unauthorized, or unlawful use of our products and services;
• to advance or defend against complaints or legal claims in court, administrative proceedings, and elsewhere; and
• to verify account information, authorized to be provided to third parties, including outside auditors and regulators. In the event of a merger, acquisition, or sale of all or a portion of TMCS’s assets or business, collected information may be transferred as a part of, or in connection with, the transaction.

Our Use of Cookies

Cookies are small data files transmitted from a website or service providers and stored on a user’s web browser. Our Site only uses first-party session cookies necessary for the functionality of the Site. This means that the cookies are put on a device by our Site, not a third-party, and expire once a user navigates away from our Site or closes the browser.

You may change your browser settings to have your computer warn you each time a cookie is being sent or to turn off all cookies. Each browser is different, so please review your browser's settings and its corresponding help center to modify your cookie settings. Please note that if you choose to disable cookies, some website features may not be fully functional.

Links to Third-Party Websites and Content

Our Site may include links to third-party websites and content on those sites. Our Site may also feature embedded media, such as images or videos, which are hosted on third-party platforms. When you click on these links or interact with these types of external content, the third-party providers of such content may place their own cookies on your computer, access existing cookies, and gather information about you. To learn about how these third parties treat the data they collect from you, please review their respective privacy policies.

Marketing Emails

Marketing emails you receive from TMCS include instructions on how to unsubscribe from and opt out of receiving future marketing-related emails. You may also opt out of receiving marketing-related emails by contacting us through any of the methods identified in the below Contact Us section.

Telemarketing

Federal “Do Not Call” laws allow you to place your phone numbers on the National Do Not Call Registry to prohibit many telemarketing calls to those numbers. To add your numbers to this list, please call 1.888.382.1222 or visit the National Do Not Call Registry website at http://www.donotcall.gov/.

If you would like to be removed from our telemarketing list, please communicate through any of the methods identified in the Contact Us section below.

California Online Privacy Protection Act

We do not knowingly market to or solicit Personal Information from children under the age of 13 without obtaining verifiable parental consent.See 16 CFR 312.5 -- Parental consent.

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.	Yes
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	No
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	Yes
G. Geolocation data.	Physical location or movements.	Yes
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	No
I. Professional or employment-related information.	Current or past job history or performance evaluations.	Yes
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other Personal Information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	No

Information Security

We use reasonable security measures to protect against unauthorized access to any information you may provide us. However, please note that no website or company can fully eliminate security risks. Despite our efforts to safeguard your information, third parties may circumvent our security measures to intercept or access data transmissions or Personal Information.

Updates to Our Privacy Policy

We may update our Privacy Policy as necessary, so please check back periodically for changes. You will be able to see changes by reviewing the effective date of this Privacy Policy.

Contact Us

If you have any questions, concerns, or requests related to our Privacy Policy, please contact us at:

TM Claims Service, Inc.
Attn: Privacy Request
283 S. Lake Avenue, Suite 160
Pasadena, California 91109-7316
COMPLIANCE@tmclaimsservice.com
1-626-568-7800

---

NOTICE FOR CALIFORNIA RESIDENTS

This section of our Privacy Policy outlines rights specific to California residents and those rights may be accessed, in accordance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (for purposes of this Privacy Policy, collectively referred to as the CCPA), Any terms defined in the CCPA have the same meaning when used in this Privacy Policy.

Information Collected

We collect Personal Information, including information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. Personal information does not include:

• Publicly available information from government records.
• De-identified or aggregated consumer information.
• Information excluded from the CCPA's scope, like:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you, the broker, insurer, or each of their agents. For example, from documents that you provide to us related to claim submitted.
• Indirectly from third party vendors. For example, through information we collect from our vendors through the course of our investigation and processing of the claim submitted.
• Directly and indirectly from activity on our Site (www.tmclaims.com). For example, from information submitted through our Site or Site usage details collected automatically.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

• to fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in conjunction with a claim, we will use that information to process the claim.
• to provide you with information, products or services that you request from us.
• to provide you with email alerts, event registrations, and other notices concerning our products or services, or news, that may be of interest to you.
• to improve our Site and present its contents to you.
• to further our testing, research, analysis, and development of new products and services.
• to comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law; in cases involving danger of death or serious physical injury to any person or other emergencies;
• to protect our rights or property or the safety of our customers or employees;
• to protect against fraudulent, malicious, abusive, unauthorized or unlawful use of our products and services;
• to advance or defend against complaints or legal claims in court, administrative proceedings, and elsewhere;
• to provide your Personal Information to a third party you have authorized to verify your account information;
• to provide your Personal Information to authorized third party auditors and regulators, with your consent; and
• to evaluate or conduct a merger, divestiture, restructure, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of Personal Information or use Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your Personal Information to a third party for one or more of the business purposes enumerated above. When we disclose Personal Information for a business purpose, we enter a contract that describes the business purpose and requires that Personal Information remain confidential and prohibits the use of Personal Information for any purpose outside of the parameters of the contract.

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

• A: Identifiers
• B: California Customer Records
• C: Protected classification characteristics
• D: Commercial information
• F: Internet or network activity
• G: Geolocation data
• I: Professional or employment-related information

We may disclose your Personal Information for a business purpose to the following categories of third parties:

• TMCS’s parent company and affiliates.
• Service providers.
• Third parties to whom you or your agents authorize us to disclose your Personal Information in connection with products or services we provide to you.

In the preceding twelve (12) months, we have not sold any Personal Information.

Your Rights and Choices

The CCPA provides California residents with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, (See 1798.140(ak). Definitions - California Consumer Privacy Act) will disclose to you:

• The categories of Personal Information we collected about you.
• The categories of sources from which we collect your Personal Information.
• The business or commercial purpose for which we collected or sold your Personal Information.
• The categories of third parties to whom we shared your Personal Information.
• The specific pieces of Personal Information we collected about you (also called a data portability request).
• If we sold or shared your Personal Information for a business purpose, two separate lists disclosing:
  • sales, identifying the categories of Personal Information that each category of third-party recipient purchased; and
  • disclosures, for a business purpose, identifying the categories of Personal Information shared with each category of third-party recipient.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

TMCS may deny your deletion request if retaining the information is necessary for us or our service providers to:

1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise free speech rights, or exercise another right provided by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a consumer request to us:

TM Claims Service, Inc.
Attn: Privacy Request
283 S. Lake Avenue, Suite 160
Pasadena, California 91109-7316
COMPLIANCE@tmclaimsservice.com
1-626-568-7800

Only you or a person registered with the California Secretary of State authorized to act on your behalf may make a consumer request related to your Personal Information. You may also make a consumer request on behalf of your minor child.

To submit a request, you must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, including your full name, date of birth, address, email address, and phone number.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity, or authority to make the request, and confirm the Personal Information relates to you. Making a Verifiable Consumer Request does not require you to create an account with us. We will only use Personal Information provided in a Verifiable Consumer Request to verify the requestor's identity or authority to make the request.

You may only make a consumer request for access or data portability twice within a 12-month period.

Response Timing and Format

We endeavor to respond to a Verifiable Consumer Request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the Verifiable Consumer Request. The response we provide will also explain the reasons we cannot comply with a request, if any.

For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your Verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Policy

We may update our Privacy Policy as necessary, so please check back periodically for changes. You will be able to see that changes have been made by reviewing the effective date provided in this Privacy Policy. We reserve the right to amend this Privacy Policy at our discretion and at any time.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or how to exercise your rights under the CCPA, please do not hesitate to contact us at:

TM Claims Service, Inc.
Attn: Privacy Request
283 S. Lake Avenue, Suite 160
Pasadena, California 91109-7316
COMPLIANCE@tmclaimsservice.com
1-626-568-7800