Official Arizona Coyotes Website

ARIZONA COYOTES PRIVACY POLICY
Revised and Effective as of July 10, 2023

INTRODUCTION
This Privacy Policy and its appendices (collectively, the "Privacy Policy") explain how the Arizona Coyotes and Tucson Roadrunners corporate entities and affiliates - specifically, IceArizona Holdings LLC, IceArizona Hockey Co LLC d/b/a the Arizona Coyotes, IceArizona AHL Co LLC d/b/a the Tucson Roadrunners, and the Arizona Coyotes Foundation (collectively, the "Arizona Coyotes", "we", "us", or "our") - collect, use, store, and disclose personally identifiable information and non-personally identifiable information (collectively, "Information") while providing our Products and Services. This Privacy Policy does not apply to the practices of any other entity or person that we do not control, the practices of which are governed solely by such third parties' respective privacy policies.

We will perform a periodic review at least every twelve (12) months regarding Privacy Policy procedures, and we may amend this Privacy Policy at any time. The most recent version of this Privacy Policy will be posted on this site. Your continued use, access, visitation, or participation in our Products and Services after we make changes to the Privacy Policy is deemed your acceptance of such changes, so please review this Privacy Policy periodically for updates.

Please reach out to us if you have questions about this Privacy Policy by:
• Mailing your questions to our mailing address; or

Arizona Coyotes
Attn. Privacy Policy Coordinator, Legal Department
8465 N. Pima Rd, Suite 100
Scottsdale, AZ 85258

• Emailing your questions to the following email address. [email protected]

YOUR ACKNOWLEDGEMENT & ACCEPTANCE
Please read this Privacy Policy carefully to understand our practices regarding collection, use, storage, and transmission of Information. We take commercially reasonable measures to protect the Information you choose to share with us; however, there are certain inherent risks associated with sharing Information. We cannot guarantee the security of any Information you disclose to us, and you disclose such Information at your own risk.

By using, accessing, visiting, or participating in any of our Products and Services, you acknowledge that we may collect, store, use, and share your Information as described in this Privacy Policy.

If you do not agree with our Privacy Policy practices, your choices are to:
• Not use, access, visit, or participate in our Products and Services;
• Limit the Information you provide to us; and/or
• Request that your Information be provided, amended, or deleted.

However, please note that, if you choose not to provide certain Information to us, you may not be able to participate, realize, or access certain Products and Services.

PROTECTION OF YOUR INFORMATION
We take commercially reasonable measures to:
• Protect Information from unauthorized access, disclosure, alteration, or destruction; and
• Keep Information accurate and up to date, as appropriate.

Unfortunately, despite our efforts, no security system or system of transmitting data is guaranteed to be entirely secure.

While we strive to protect Information and privacy, we cannot guarantee the security of any Information you disclose to us, and you disclose such Information at your own risk. For your privacy protection, we recommend that you do not share any particularly sensitive Information with anyone. If a data breach occurs, we will work to notify regulators and consumers, as required by applicable laws and regulations.

HOW WE COLLECT INFORMATION
This Privacy Policy applies to your use of our "Products and Services", which includes all offline and online/digital components.

Our offline products and services include without limitation the Arizona Coyotes Products and Services you use when:

• Attending our events and programs;
• Attending events and programs at which we are present and/or participating; and
• Otherwise interacting offline with our authorized employees and agents.

Our online/digital products and services (collectively, our "Touch Points") include without limitation our:
• Websites (i.e., arizonacoyotes.com and tucsonroadrunners.com);
• Mobile applications;
• Social media pages;
• Registration links;
• Entry forms; and
• Technology and interactive devices (e.g., cameras, scanners, wi-fi etc.).

We collect Information through our Products and Services (i) directly from you when you provide it to us and (ii) automatically when you use or navigate through our Touch Points.

We also collect Information from third parties, such as our affiliates, business partners, service providers, and ticketing platforms.

Information We Collect

The Information we currently collect, and have collected over the preceding twelve (12) months, includes the following:

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.

Yes

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information.(including familial genetic information).

Yes

D. Commercial information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

Yes

E. Biometric information.

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Yes

G. Geolocation data (including through our mobile app).

Physical location or movements.

Yes

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

Yes

I. Professional or employment- related information.

Current or past job history or performance evaluations.

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

K. Inferences drawn from other Personal Information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Yes

Category

Examples

Collected

\ Even if our response in the "Collected" column is "Yes", it does not mean that every item listed in the respective "Examples" column for that Category is collected. For example, for the "A. Identifiers" Category, even though we indicate that we collect some "A. Identifiers" Category Information, it does not mean that we collect all of the Information provided in the "Examples" column for the "A. Identifiers" Category.

We collect both personally identifiable information and non-personally identifiable information. Personally identifiable information includes, among other things, a person's:
• name;
• credit card number;
• address;
• telephone number;
• date of birth;
• gender;
• email address; and
• other internet addresses.

Personally identifiable information does not include:
• Publicly available information from government records;
• De-identified or aggregated consumer information; or
• Information excluded from the scope of the California Consumer Privacy Act (the "CCPA"), such as:
o Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
o Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

We obtain the categories of personally identifiable information listed in the table above from the following categories of sources:
• Directly from our clients, partners, or their respective agents;
o For example, from documents that our clients provide to us related to the Products and Services for which they engage us.
• Indirectly from our clients, partners, or their respective agents; and
o For example, through information we collect from our clients in the course of providing Products and Services to them.
• Directly and indirectly from activity on our Touch Points.
o For example, from submissions through our Website portals or Website usage details collected automatically.

We collect personally identifiable information during:
• Our contest, raffle, sweepstakes, and other promotional registrations;
• Subscription registrations to our lists;
• Products and Services information requests to us;
• Our surveys and polls;
• Purchases from us and/or use of our Products and Services;
• Communications with us through our agents; and
• Participation in other Arizona Coyotes Products and Services.

Some of our Touch Points require the collection of images and other information from your device's camera and photos, including through the use of TrueDepth API and/or face tracking. Information from TrueDepth API and/or face tracking is used in real time - we do not store this information on our servers or share it with third parties.

Certain features of the application, such as the Augmented Reality ("AR") feature, may not be used without granting access to your device's camera and photos. These images are used only as necessary to initiate or fulfill your requests for AR services. The Arizona Coyotes do not store the data or share it with third parties.

Interactions with the Arizona Coyotes through social media (including, but not limited to, correspondence between us and you via social media, information you provide on our social media pages, or any references to or interactions with us on social media) may be used as data collection in accordance with this Privacy Policy.

If you access our Touch Points through a mobile device, we may automatically collect information about your device, your phone number, and your physical location. You can change the privacy settings of your device at any time to turn off the sharing of location information with our Touch Points. If you choose to turn off location services, this could affect certain features or services of our Touch Points. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.

We keep personally identifiable information about you for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required and/or allowed by applicable law.

We may also gather and use non-personally identifiable information. Generally, "non- personally identifiable information" means information that:
• Is collected through "traffic data"; or
• May entail the use of "Cookies", "IP Addresses," "Geolocation" or other numeric codes used to identify a computer or to monitor how a user accesses a website or other service.

Do Not Track (DNT) is a privacy preference that users can set in their web browsers. At this time, our Touch Points do not support DNT codes. However, except in the case of analytics cookies, our Websites limit tracking to the uses described above. Except in the case of analytics cookies, our Websites do not track your use across multiple websites other than the affiliated Websites described in this Privacy Policy. However, other third- party websites to which our Websites link may track your use, so please review their respective privacy policies to understand how you may be tracked.

HOW WE USE INFORMATION
We use Information that you provide to us or that we collect about you in a number of ways, such as to:
• Fulfill the purposes for which you provide the Information, including those necessary to achieve such purposes and for any other purpose that is disclosed to you;
• Provide and/or personalize Products and Services, such as our surveys, polls, and email newsletters;
• Respond to your requests and questions about our Products and Services;
• Confirm Information, such as for promotion winner confirmation and prize distribution;
• Provide updates to you via the contact Information you provide, such as to keep you updated on our upcoming Products and Services;
• Conduct and notify you of marketing and sales promotions and for other marketing purposes, such as for contest, raffle, sweepstakes, and other promotional registrations;
• Conduct customer satisfaction and quality assurance surveys and market research;
• Present our Touch Points and their contents to you, such as validating your identity, verifying and responding to communications from you, and providing customer service;
• Prevent fraud and other prohibited or illegal activities, to investigate and resolve disputes and problems, and to comply with our obligations under applicable laws and regulations;
• Protect our consumers, guests, employees, the public, and our property and to respond to emergency;
• Correct issues with our IT systems and Touch Points that affect functionality;
• Evaluate our in persona and online interactions with you;
• Maintain our accounts and fulfill transactions, such as processing payments, advertising and marketing, or similar services;
• Verify or improve the quality and safety of our Products and Services;
• Enforce our Terms of Use and other contractual obligations;
• Administer, optimize, assess, analyze, and secure our Touch Points and their functionality;
• Cross-reference, supplement, or combine with other Information that we or our service providers acquire about you through other sources, except where prohibited by applicable law;
• Use for research purposes; and
• For other lawful purposes.

DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may disclose your Information to a third party for a business purpose. When we disclose Information to a third party for a business purpose, we enter into an agreement that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

We may share your Information with the following types of third parties and for the following purposes:
• Our affiliates and subsidiaries
o We may share your Information with other companies affiliated or under common ownership with us, who may use Information for any of the purposes disclosed in or consistent with the terms of this Privacy Policy.
• The National Hockey League
o We may share ticketing and other information about you with other members of the National Hockey League family ("NHL"). For example, we may share ticketing and other information about you with the National Hockey League and NHL Interactive CyberEnterprises, LLC, including so that they can conduct analysis to better understand NHL fans and fan engagement across the NHL, including its member clubs. NHL may also use and share insights with member clubs to enable the NHL, including its member clubs, to customize and improve their services, advertising, and communications.
• Marketing partners
o We may share your Information with our promotional partners and other business partners with whom we have marketing or other relationships for marketing purposes.
• Property partners
o We may share your Information with independently owned or operated venues at or related to where we provide our Products and Services, who may use your Information to provide you with services at or related to those venues.
• Service providers
o We may share your Information with our service providers that assist us by using the Information to perform core services, such as billing, payment processing, data storage, customer service, customer relationship management, accounting, auditing, processing insurance claims, investigating accident reports, administering promotions, surveys, email, and mailing services, and otherwise delivering our Products and Services.
• Transactions
o In the event of a sale, merger, consolidations, change in control, transfer of substantial assets, bankruptcy, reorganization, or liquidation of our business, we may transfer, sell, or assign to third parties Information concerning your relationship with us. Any successor may use your Information for the same purposes set forth in this Privacy Policy, and for additional purposes upon providing the required disclosures to you.
• Legal
o We may use your Information to identify you and, where permitted or required by law, we will provide any information about or relating to you, including any Information about you, to third parties without your consent if we reasonably believe that the action is necessary to: (a) comply with a court order, subpoena or other legal or regulatory requirements; (b) fulfill a government request for information; (c) protect or defend our legal rights or property, our Touch Points, or other guests and online users; (d) respond to claims that any posting or other content of our Touch Points violates the rights of third parties, including without limitation providing Information necessary to satisfy the notice and counter-notice procedures pursuant to the Digital Millennium Copyright Act; (e) in an emergency, to protect the health and safety of users of our Touch Points, our guests and visitors, or the general public; and/or (f) enforce compliance with our Terms of Use or other contracts.
• Other purposes
o We may share your Information to fulfill the purpose for which you provided it and, with your consent, for any other purpose disclosed to you.

In the preceding twelve (12) months, we disclosed the following categories of Information to a third party:
• Category A, Identifiers;
• Category B, Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).;
• Category D, Commercial information;
• Category F, Internet, or other similar network activity; and
• Category K, Inferences drawn from other Personal Information.

In the preceding twelve (12) months, we disclosed this Information for a business purpose to the following categories of third parties:
• Service providers, including without limitation marketing service providers, information technology services providers, software providers, shipping service providers and payment processing providers;
• Data analytics providers;
• Operating systems and platforms;
• Legal and accounting service providers; and
• Our affiliates and subsidiaries.

We do not currently sell consumer Information, and we have not sold consumer Information in the preceding twelve (12) months. However, if you do not want us to sell your Information in the future, you may preemptively exercise your right to opt-out of such sales by completing the form on the following site https://response.arizonacoyotes.com/optout.

SPECIAL NOTICE REGARDING CHILDREN'S PRIVACY
We do not knowingly collect, use, store, or disclose personally identifiable information from children under eighteen (18) years of age, and we implement steps in an attempt to prevent the collection, use, storage, or transmission of such information, except for when:
• The child is under the age of thirteen (13) years and such child's parent, or guardian provides verifiable consent; or
• Otherwise permitted by the Children's Online Privacy Protection Act ("COPPA").

If we become aware that we collected or received personally identifiable information from a child, and none of the exceptions provided in the previous sentence have been met, we will delete such information.

If you learn that your child provided personally identifiable information to us without your consent, and you wish for such information to be deleted, please promptly send a deletion request through the steps provided in the applicable requests section below.

Although a child may be allowed to participate in certain promotions, if they win, notifications, prize claim documents, and prizes may be sent to their parent or guardian identified in the initial registration process.

SPECIAL NOTICE TO CALIFORNIA RESIDENTS
California residents may have additional privacy rights, including without limitation those provided under the CCPA. While we summarize CCPA rights in the attached Appendix A CCPA Privacy Notice, some of the rights are complex, and not all of the details are included in our summaries. Therefore, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these and other related rights.

SPECIAL NOTICE TO EUROPEAN ECONOMIC AREA RESIDENTS
European Economic Area residents may have additional privacy rights, including without limitation those provided under the European Union General Data Protection Regulation (the "GDPR"). While we summarize GDPR rights in the attached Appendix B, GDPR Privacy Notice, some of the rights are complex, and not all of the details are included in our summaries. Therefore, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these and other related rights.

REQUESTS TO ACCESS, AMEND, OR DELETE INFORMATION AND SALE OPT-OUT RIGHTS
There are specific information privacy rights for residents of certain regions (e.g., the CCPA for California). We will evaluate and respond to legitimate verifiable requests according to the applicable law and rights for each person, depending on their current residency. This section describes, and explains how to request to exercise, some of these rights.

1. Access to Specific Information and Data Portability Rights

You may have the right to request that we disclose certain information to you about our collection and use of your Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
• The categories of Information we collected about you;
• The categories of sources for the Information we collected about you;
• Our business or commercial purpose for collecting, or (if applicable at a later point since we do not currently sell Information and have not sold Information within the past twelve (12) months) selling, that Information;
• The categories of third parties with whom we share Information;
• The specific pieces of Information we collected about you (also called a data portability request); and/or
• If we sold or disclosed your Information for a business purpose, two (2) lists disclosing:
o Sales, identifying the Information categories that each category of recipient purchased; and
o Disclosures for a business purpose, identifying the Information categories that each category of recipient obtained.

2. Deletion Request Rights

You may have the right to request that we delete any of your Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and, as applicable, direct our service providers to delete) your Information from our records, unless an exception applies.

We may deny a deletion request if we cannot verify that the consumer making the request is (i) the consumer about whom we have collected Information or (ii) a person authorized by the consumer to act on that consumer's behalf.

We may also deny your deletion request if retaining the Information is necessary for us or our service providers to:
• Complete the transaction for which we collected the Information, provide a product or service that you requested, fulfill the terms of a written warranty or product recall conducted in accordance with applicable law, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract with you;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
• Debug products to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the Information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
• Comply with a legal obligation; and/or
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

3. Exercising Access, Data Portability, and Deletion Rights

You may request that we: (i) provide, amend, or delete your, or your household's, Information on file; or (ii) provide a response to your request to know categories of personally identifiable information, categories of sources of personally identifiable information, and/or categories of third parties to whom we have disclosed personally identifiable information. Again, we will evaluate and respond to legitimate verifiable requests according to the applicable law and rights for each person (e.g., California Consumer Privacy Act (CCPA) for California residents). You may contact us by:
• Mailing your request to our mailing address;

Arizona Coyotes
Attn. Privacy Policy Coordinator, Legal Department
8465 N Pima Rd, Suite 100
Scottsdale, AZ 85258

• Emailing your request to the following email address; [email protected]
• Submitting your request through our online portal; or https://response.arizonacoyotes.com/CCPA
• Calling our designated privacy request phone number.

1-623-594-2534

We cannot respond to your request or provide you with Information if we cannot verify your identity or authority to make the request and confirm that the Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use the Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

You may designate an eligible authorized agent to make a request on your behalf by providing verified proof of authorization to us through acceptable documentation that establishes a power of attorney and verification of the agent's identity.

4. Our Response

Upon receiving such a request, we will provide further details to you, as required by applicable law, such as the identity verification process and an estimated timeline - not to exceed forty-five (45) days from our receipt of your request, unless we provide a permissible advanced notice to you regarding our need for an extension (up to ninety(90) days total). These identity verification processes are implemented for your safety, as they are intended to protect your and others' Information.

The individual submitting the request will be required to:
• Verify at least three (3) specific pieces of the consumer's personally identifiable information on file;
• Sign a personal declaration confirming their identity as the consumer, or an eligible authorized agent of the consumer, whose Information is on file; and
• Provide other documentation that we deem necessary to confirm the person's identity.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12)-month period preceding receipt of the verifiable request. If applicable, our response will explain the reason(s) we cannot comply with a request.
For data portability requests, we will select a format to provide your Information that is readily useable and should allow you to transmit the Information with ease.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

5. Information Sales Opt-Out Rights

We will only use Information provided in an opt-out request to review and comply with the request.

NON-DISCRIMINATION
You have a right to not receive discriminatory treatment in response to your election to exercise your privacy rights conferred by an applicable law or regulation. We will not discriminate against you in response to your election to exercise any applicable legal privacy right or in any other illegal manner. For example, unless otherwise permitted under applicable law, we will not intentionally:
• Deny you goods or services;
• Charge you different prices or rates;
• Provide you a different level or quality of Products and Services; or
• Suggest that you may receive a different price or rate for Products or Services or a different level or quality of Products or Services.

However, for California residents, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA- permitted financial incentive we offer will reasonably relate to your Information's value to our business and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
California's "Shine the Light" law (Civil Code § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of Information to third parties for their direct marketing purposes. To make such a request, please contact us through the contact information provided in this Privacy Policy.

INTERNAL SECURITY POLICY
The importance of security for all personally identifiable information is of utmost concern to us. We exercise great care in providing secure transmission of your Information from your PC to our servers, utilizing encryption software. Only those employees who need access to your Information in order to do their jobs are allowed access, each having signed comprehensive nondisclosure agreements with us, which provides legal confidentiality protections. Any employee who violates our privacy and/or security policies is subject to disciplinary action, including possible termination and civil and/or criminal prosecution.

IP ADDRESSES
An IP address is a number that is automatically assigned to your computer whenever you surf the Web. Web servers - the big computers that "serve" up Web pages - automatically identify your computer by its IP address.
We collect IP addresses for the purposes of system administration and to report aggregate information to our advertisers.
When users request pages from our Touch Points, our servers log the users' IP addresses. We do not link IP addresses to anything personally identifiable. This means that a user's session will be logged, but the user remains anonymous to us.

COOKIES
Cookies are pieces of information that a website transfers to an individual's hard drive for record keeping purposes. Cookies make Web-surfing easier for you by saving your passwords, purchases, and preferences while you are at our site.

The use of cookies is an industry standard - you will find them at most major websites. By showing how and when users use the site, cookies help us see which areas are popular and which are not. Many improvements and updates to the site are based on such data as total number of visitors and pages viewed. This information is most easily tracked with cookies.
A cookie allows computers to remember that you registered, which allows us to speed up your future activities at our sites. Similarly, our Touch Points use a temporary cookie to track which products you choose to purchase while shopping. The cookie expires once you are done shopping. Allowing cookies to do the record keeping saves you the trouble of repeatedly entering information during a single visit. If you decline this cookie, you may have difficulty ordering your selections.

Our Touch Points do not use cookies to retrieve Information from your computer that was not originally sent in a cookie. Except as described below, we do not use Information transferred through cookies for any promotional or marketing purposes, and that Information is not shared with any third parties. We do not use cookies to identify specific individuals, except in such cases as online shopping (see above) and contest registration (where a cookie allows you to enter a contest every day without registering again each time).

You may occasionally get cookies from our advertisers. We do not control these cookies, and these cookies are not subject to our Privacy Policy or specific cookie policy. The use of advertising cookies sent by third-party servers is standard in the Internet industry. Most browsers are initially set to accept cookies.
If you prefer, you can set your browsers to refuse cookies or to alert you when cookies are being sent. However, it is possible that some parts of the site, such as the shopping, contest, and game areas, will not function properly if you do so.

LINKS TO OTHER SITES
Users should be aware that, when you are on our Touch Points, you could be directed to other sites that are beyond our control. There are links to other sites from our Touch Points that take you outside our service. For example, if you "click" on a banner advertisement, the "click" takes you off our Touch Points. This includes links from advertisers, sponsors and partners that may use our logos as part of a co-branding agreement. These other sites may send their own cookies to users, collect data, or solicit Information. Always be aware of where you end up and the contents of the applicable privacy policy.
Please keep in mind that whenever you give out Information - for example, via message boards or chat - that such Information may be collected and used by people you do not know. As a result, we highly recommend that you protect your Information and only provide your personally identifiable information through legitimate, verified sites.

APPENDIX A - CCPA Privacy Notice
Revised and Effective as of July 10, 2023
We collect, use, store, and disclose Information as set forth in our Privacy Policy. This Appendix B is in addition to the Privacy Policy and applies to California residents.

This notice is provided for California residents in compliance with the California Consumer Privacy Act (the "CCPA") to summarize your rights regarding your Information and how we handle your Information. Some of the rights are complex, and not all of the details are included in our summaries. Therefore, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these and other related rights.

Please note that certain terms in this notice are defined in the CCPA, and the meanings of such CCPA-defined terms are limited to the content of this notice and do not affect the meanings of terms used elsewhere in our Privacy Policy.
We will perform a periodic review at least every twelve (12) months regarding Privacy Policy procedures, and we may amend the Privacy Policy, and any subpart such as Appendix A, at any time. The most recent version of the Privacy

Policy and its appendices will be posted on this site. Your continued use, access, visitation, or participation in our Products and Services after we make changes to the Privacy Policy, including without limitation its appendices, is deemed your acceptance of such changes, so please review this Privacy Policy and its appendices periodically for updates.

If you are not a current California resident, this Appendix A notice does not apply to you.

Information We Collect

The Information we currently collect, and have collected over the preceding twelve (12) months, includes the following:

A. Identifiers

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Yes

C. Protected classification characteristics under California or federal law.

Yes

D. Commercial information.

Yes

E. Biometric information.

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Yes

G. Geolocation data (including through our mobile app).

Physical location or movements.

Yes

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

Yes

I. Professional or employment- related information.

Current or past job history or performance evaluations.

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34

K. Inferences drawn from other Personal Information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Yes

Category

Examples

Collected

Even if our response in the "We May Collect" column is "Yes", it does not mean that every item listed in the respective "Examples" column for that Category will be collected. For example, for the "A. Identifiers" Category, even though we indicate that we collect some "A. Identifiers" Category Information, it does not mean that we collect all of the Information provided in the "Examples" column for the "A. Identifiers" Category.

Please see our Privacy Policy for more information about our current and previous Information collection practices.

POTENTIAL SOURCES OF INFORMATION
We may collect Information from the following categories of sources:
• Your device or browser;
• Directly from you when you provide Information;
• Our affiliates, business partners, service providers, and other third parties;
• Data verification services;
• Payment processing services;
• Marketing vendors and advertising networks;
• Ticketing platforms;
• Technology and interactive devices; and
• Social media services platforms.

Please see our Privacy Policy for more information about our sources of Information.

HOW WE MAY USE INFORMATION

We may use Information to:
• Fulfill the purposes for which you provide the Information, including those necessary to achieve such purposes and for any other purpose that is disclosed to you;
• Provide and/or personalize Products and Services, such as our surveys, polls, and email newsletters;
• Respond to your requests and questions about our Products and Services;
• Confirm Information, such as for promotion winner confirmation and prize distribution;
• Provide updates to you via the contact Information you provide, such as to keep you updated on our upcoming Products and Services;
• Conduct and notify you of marketing and sales promotions and for other marketing purposes, such as for contest, raffle, sweepstakes, and other promotional registrations;
• Conduct customer satisfaction and quality assurance surveys and market research;
• Present our Touch Points and their contents to you, such as validating your identity, verifying and responding to communications from you, and providing customer service;
• Prevent fraud and other prohibited or illegal activities, to investigate and resolve disputes and problems, and to comply with our obligations under applicable laws and regulations;
• Protect our consumers, guests, employees, the public, and our property and to respond to emergency;
• Correct issues with our IT systems and Touch Points that affect functionality;
• Evaluate our in persona and online interactions with you;
• Maintain our accounts and fulfill transactions, such as processing payments, advertising and marketing, or similar services;
• Verify or improve the quality and safety of our Products and Services;
• Enforce our Terms of Use and other contractual obligations;
• Administer, optimize, assess, analyze, and secure our Touch Points and their functionality;
• Cross-reference, supplement, or combine with other Information that we or our service providers acquire about you through other sources, except where prohibited by applicable law;
• Use for research purposes; and
• For other lawful purposes.

Please see our Privacy Policy for more information about how we use, and have used, Information.

WITH WHOM WE MAY SHARE INFORMATION
We may share Information with:
• Our affiliates and subsidiaries;
• The National Hockey League and other of its member clubs
• Business and marketing partners;
• Property partners;
• Service providers; and
• Legal and accounting service providers.

We may also share Information with other legal persons outside of the Arizona Coyotes if we have a good faith belief that access, use, preservation, or disclosure of such Information is reasonably necessary to:
• Comply with a court order, subpoena or other legal or regulatory requirements;
• Fulfill a government request for information;
• Protect or defend our legal rights or property, our Touch Points, or other guests and online users;
• Respond to claims that any posting or other content of our Touch Points violates the rights of third parties, including without limitation providing Information necessary to satisfy the notice and counter-notice procedures pursuant to the Digital Millennium Copyright Act;
• In an emergency, to protect the health and safety of users of our Touch Points, our guests and visitors, or the general public; and/or
• Enforce compliance with our Terms of Use or other contracts.
Please see our Privacy Policy for more information about our Information disclosure practices and history.

YOUR RIGHTS
The CCPA provides current California residents, including through their eligible authorized agents, with the following rights:
• Right to access personal information;
o May request access to the categories and specific pieces of Information we collect.
• Right to data portability;
o May request to receive their Information, when provided electronically, in a readily useable format.
• Right to deletion;
o May request that we delete certain Information on file about them or
• Right to disclosure;
o May request to receive additional information about the sources of information we collect, why we collect and share Information, the Information of theirs we collect, and the categories of parties with whom we share their Information.
• Right to opt-out of sales; and
o May direct us to not sell their Information in the future.
• Right to be free from discrimination.
o May freely exercise the aforementioned rights without illegal retaliation.

If you are a California resident, or an eligible authorized agent of a California resident, who would like to exercise one of your rights, please contact us by:
• Mailing your request to our mailing address;

Arizona Coyotes
Attn. Privacy Policy Coordinator, Legal Department
8465 N Pima Rd, Suite 100
Scottsdale, AZ 85258

1-623-594-2534

We will respond as required by the CCPA. Please see our Privacy Policy for more information about the request and response processes.

APPENDIX B - GDPR Privacy Notice

Revised and Effective as of July 10, 2023

We collect, use, store, and disclose Information as set forth in our Privacy Policy. This Appendix B is in addition to the Privacy Policy and applies to European Economic Area ("EEA") residents.

We will perform a periodic review at least every twelve (12) months regarding Privacy Policy procedures, and we may amend the Privacy Policy, and any subpart such as this Appendix B, at any time. The most recent version of the Privacy Policy and its appendices will be posted on this site. Your continued use, access, visitation, or participation in our Products and Services after we make changes to the Privacy Policy, including without limitation its appendices, is deemed your acceptance of such changes, so please review this Privacy Policy and its appendices periodically for updates.

If you are not a current EEA resident, this Appendix B notice does not apply to you.

VOLUNTARY COMPLIANCE
OUR COMPLIANCE WITH ARTICLE 26 OF THE EUROPEAN UNION'S DATA PROTECTION DIRECTIVE (DIRECTIVE 95/46/EC, 1995 O.J. (L281) 31), ALSO KNOWN AS THE EU GENERAL DATA PROTECTION REGULATION ("GDPR"), IS VOLUNTARY. WE DO NOT CONSENT OR SUBMIT TO THE JURISDICTION OF THE EUROPEAN UNION FOR ANY PURPOSE OR MATTER OF ANY KIND OR WAIVE ANY RIGHTS OR DEFENSES IN LAW OR EQUITY WITH RESPECT THERETO.

Our Touch Points and the Products and Services available through them are targeted primarily, but not exclusively for, users in the United States of America. Any Information you enter on our Touch Points is transferred outside of the European Union to the United States of America, which does not offer an equivalent level of protection to that required in the European Union.

The United States of America uses a sectoral model of privacy protection that relies on a mix of legislation, governmental regulation, and self-regulation. The GDPR allows for transfer of personal data from the European Union to a third country if the individual has unambiguously given his consent to the transfer of Personal Data, regardless of the third country's level of protection.

BY USING, ACCESSING, VISITING, OR PARTICIPATING IN ANY OF OUR PRODUCTS AND SERVICES, INCLUDING WITHOUT LIMITATION THROUGH OUT TOUCH POINTS, YOU CONSENT TO THE TRANSFER OF ALL PERSONAL DATA TO THE UNITED STATES OF AMERICA, WHICH MAY NOT OFFER AN EQUIVALENT LEVEL OF PROTECTION TO THAT REQUIRED IN THE EUROPEAN UNION AND TO THE PROCESSING OF THAT INFORMATION BY US ON OUR SERVERS LOCATED IN THE UNITED STATES OF AMERICA AS DESCRIBED IN THIS PRIVACY POLICY.

Your Data Protection Rights Under the GDPR

The European Union General Data Protection Regulation (the "GDPR") provides EEA residents with certain data protection rights.
If you are not a current EEA resident, this notice does not apply to you.

Please note that certain terms in this notice are defined in the GDPR, and the meanings of such GDPR-defined terms are limited to the content of this notice and do not affect the meanings of terms used elsewhere in our Privacy Policy. When used in this notice, the term "Personal Data" means, collectively, Personal Information, Unique Identifiers,

Advertising Identifiers, and Location Data which you have provided to us, or which has otherwise been collected by us when you use or otherwise access our Touch Points.

We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Under the GDPR, EEA residents have certain data protection rights which are summarized in this notice. Some of the rights are complex, and not all of the details are included in our summaries. Therefore, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these and other related rights.

The principal rights for EEA residents under the GDPR are:

• You may access, update, rectify, or delete your Personal Data;
• You may restrict processing of your Personal Data;
• You may request that we cease processing of your Personal Data;
o For marketing activities;
o For statistical purposes; or
o Where the processing is based on our legitimate business interests, unless demonstrate a compelling legitimate business basis for the processing or we need to process your Personal Data to establish, exercise, or defend a legal claim or comply with the law.
• You may request a copy of the Information we have on you in a structured, machine-readable, and commonly used format ("Data Portability"); and
• You may withdraw your consent at any time where we relied on your consent to process your Personal Data.

Please note that we may ask you to verify your identity before responding to requests in exercising your rights.

You also have the right to complain to a Data Protection Authority (as defined in the GDPR) about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.

Our legal basis for collecting and using your Personal Data depends on the Personal Data we collect and the specific context in which we collect it. We may process your Personal Data because:

• We need to perform a contract with you or fulfill services for you;
• You have given us permission to do so;
• The processing is in our legitimate interests, and it is not overridden by your rights; or
• To comply with the law.

If you wish to be informed what Personal Data, we hold about you or if want to exercise any of your rights under the GDPR, please contact us by:

• Mailing your request to our mailing address;
Arizona Coyotes
Attn. Privacy Policy Coordinator, Legal Department
8465 N Pima Rd, Suite 100
Scottsdale, AZ 85258
• Emailing your request to the following email address; [email protected]
• Submitting your request through our online portal; or https://response.arizonacoyotes.com/GDPR
• Calling our designated privacy request phone number.

1-623-594-2534

Please see our Privacy Policy for more information about our Information practices.