This Privacy Policy applies to the website accessible at https://bigbearresort2.wpengine.com,
(“Website”) the services and the mobile applications offered by Big Bear Resorts Inc, DBA Big
Bear Vacations, a register California Corporation (the “Company”). The Company may also be
referred in this Privacy Policy as “we”, “us”, or “our”. This Privacy Policy describes how the
Company collects and uses personal information collected through the Website or through your
correspondence with us by phone, email or otherwise. By accessing or using the Website or our
services, you agree to this Privacy Policy. IF YOU DO NOT AGREE TO THIS PRIVACY
POLICY, DO NOT ACCESS OUR WEBSITE OR USE OUR SERVICES.

For purposes of the General Data Protection Regulation 2018 (“GDPR”), the data controller is Big
Bear Resorts Inc, DBA Big Bear Vacations, 41693 Big Bear Blvd, Big Bear Lake, CA 92315.

Information We Collect About You

We adhere to ethical standards in gathering, using and safeguarding any information you provide.
We collect personal information from you. Such information is collected when voluntarily
submitted to us by you through access to the Website or filling out a form on the Website. The
types of information that may be collected include your name, mailing address, email address,
phone number, usage information, including the materials that you access on the Website and
messages that you send through our online contact form.

We may automatically collect information from you each time you visit the Website. This includes
technical information, information about your visit, and information about your activity on our
Website such pages viewed, page response times, download errors, length of visit to certain pages,
page interaction information (such as scrolling, clicks and mouseovers), methods to browse to and
away from a page, and methods used to contact our support team. Technical information may also
include the internet protocol address used to connect your computer to the Internet, browser type
and version, time zone setting, browser plug-in types and versions, operating systems and device
platform.

Information We Receive From Other Sources

This is information we receive about you from third parties that we work closely with to provide,
promote and improve our services. These third parties include business and integration partners,
vendors who assist in technical and payment services, analytics providers and search information
providers.

How We Collect Information

We collect information from you when you submit inquiries through our online contact form. We
also use technology to collect information from you.

We collect information from you when you speak to us by telephone. We may record telephone
conversations for quality assurance purposes. This Privacy Policy also governs those recordings.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive
through your Web browser that enables the sites or service providers’ systems to recognize your
browser and capture and remember certain information. We do not link the information we store
in cookies to any personal information you submit while on our site. We use both session ID
cookies and persistent cookies. A session ID cookie expires when you close your browser. A
persistent cookie remains on your hard drive for an extended period of time.

We use the following types of cookies:

Strictly Necessary Cookies. These are cookies that are required for the operation of the Website
and under our terms with you. They include, for example, cookies that enable you to log into secure
areas of the Website, use a shopping cart or make use of e-billing services.

Analytical/Performance Cookies. They allow us to recognize and count the number of visitors
and to see how visitors move around the Website. This helps us improve the way the Website
works.

Functionality Cookies. These are used to recognize you when you return to the Website. This
enables us, subject to your choices and preferences, to personalize our content and remember your
preferences.

Targeting Cookies. These cookies record your visit to the Website, the pages you have visited
and the links you have followed. We use this information to make the Website more relevant to
your interests.

This Website also includes certain components transmitted by Google Analytics, a web traffic
analysis service provided by Google, Inc. (“Google”). Also in this case, they are third party cookies
collected and managed anonymously to monitor and improve the performance of the Website.

Google Analytics uses the cookies to collect and analyze anonymously the information on the
behavior of use of the website. This information is collected by Google Analytics, which processes
in order to prepare reports for the Company regarding activities on the Website. This Website
doesn’t use the analysis tool of Google to track or collect personal information.

We use the following web beacon technology:

Web beacons (a.k.a. clear gifs) are tiny graphics with a unique identifier, similar in function to
cookies, which are used on our website to track online movements of web users and compile
aggregated statistics to analyze how our site is used and may be used, in our services, or in our
emails. Our use of Web beacons also includes to count visits and to tell if an email has been
opened and acted upon. We do not link the information gathered from web beacons to any personal
information.

As is true of most web sites, we gather certain information and store it in log files. This information
includes internet protocol (IP) addresses, browser type, internet service provider (ISP),
referring/exist pages, operating system, date/time stamp, and clickstream data. We use this
information to analyze trends, to administer the site, to track users’ movements around the site and
to gather demographic information about our user base as a whole. We do not link this data to
personal information.

You have a variety of tools to control cookies, web beacons and similar technologies, including
browser controls to block and delete cookies and controls from some third-party analytics service
providers to opt out of data collection through web beacons and similar technologies.

Children

We do not knowingly collect information from anyone under the age of 16.

Social Media Widgets

Our Website includes Social Media Features (“Features”), such as the Facebook Like button and
Widgets, such as the Twitter button, Share This button, or other interactive mini-programs that run
on our site. These Features may collect your IP address, which page you are visiting on our site,
and may set a cookie to enable the Feature to function properly. Features and Widgets are either
hosted by a third party or hosted directly on our site. Your interactions with these Features are
governed by the privacy policy of the company providing it.

Use of Information

Company uses information, including personal information, to carry out the following purposes:
Meeting our Obligations to You. We may use your personal information to contact you at your
request to provide further information about our products and services. We may also contact you
to carry out our obligations of delivering or supporting contracted services or products to you.

Improving and Maintaining the Website. Company may collect and use personal information
to investigate any customer service issues that you or other users notify us about. We may use your
IP address and other information collected from you to help diagnose problems with our server(s),
create new functionality and to improve and administer the Website.

Improving and Developing Products and Services. We may use your personal information to
improve and develop products or services offered. We may also use aggregated and anonymized
information to assist us in providing the best service possible to our customers.

Communicating with You. We may collect and use personal information to inform you about
new features of our software and advise you of offers that you may be interested in.

Marketing the Website and Our Services. Additionally, we may use aggregated and anonymized
information for marketing purposes such as generating or selling advertisements.

Disclosure of Your Information to Third-Parties

We will not sell your personal information to third parties for the purpose of such third parties’
sending unsolicited offers or advertisements. However, we may disclose your personal information
as follows:

Law Enforcement. We may need to share your information with law enforcement or government
agencies in response to a subpoena, state and/or federal audit or as otherwise required by law.

Agents and Consultants. We sometimes hire other companies to perform certain business-related
functions, such as sending email on our behalf, payment processing or conducting market research.
We also share your email address with third parties, such as Facebook, LinkedIn and Twitter in
order to provide custom marketing materials for you on their platforms. These companies are not
permitted to use any personal information that we share with them for any other purpose aside
from providing services to us.

Business Transfers. In the event that we sell all or part of our membership interests or assets or
enter into a merger, we reserve the right to include personal information and non-personal
information among assets transferred to the acquiring or surviving company.

General Marketing Purposes. We may provide non-personal information about our customers’
sales, Website traffic patterns and related Website information to third party advertisers.

Your Rights

In accordance with applicable privacy law, you have the following rights in respect of your
personal information that we hold:

Right of Access and Portability. The right to obtain access to your personal information along
with certain information, and to receive that personal information in a commonly used format and
to have it ported to another data controller.

Right to Rectification. The right to obtain rectification of your personal information without
undue delay where that personal information is inaccurate or incomplete.

Right to Erasure. The right to obtain the erasure of your personal information without undue
delay in certain circumstances, such as where the personal information is no longer necessary in
relation to the purposes for which it was collected or processed.

Right to Restriction. The right to obtain the restriction of the processing undertaken by us on your
personal information in certain circumstances, such as where the accuracy of the personal
information is contested by you, for a period enabling us to verify the accuracy of that personal
information.

Right to Object. The right to object, on grounds relating to your particular situation, to the
processing of your personal information, and to object to processing of your personal information
for direct marketing purposes, to the extent it is related to such direct marketing.
You have the right to request that we do not process your personal information for marketing
purposes. You can exercise your right to prevent such processing by using the “Unsubscribe” link
found in our emails or by contacting us at 877-417-6504 or reservations@bigbearvacations.com. Please note
that we may not include the opt-out information in e-mails that are transactional in nature and are
not marketing communications.

If you are a California resident, California law permits you to request certain information regarding
the disclosure of your personal information by us and our subsidiaries to third parties for the third
parties’ direct marketing purposes. To make such a request, please use the contact information
above.

You may exercise your rights via telephone or email. Please call 877-417-6504 to review, change
or correct information or email a request to review, change or correct information to:
reservations@bigbearvacations.com.

You can delete your account and erase all personal information associated with you at any time
contacting us at 877-417-6504 or reservations@bigbearvacations.com.

For any request that you make, you should receive an email response from us. Please contact us if
you do not receive confirmation within 30 days of your request.

Third Party Websites

The Company is not responsible for the privacy practices or policies of any third-party websites
that are linked to the Website. We encourage you to read their respective privacy policies prior to
providing any personal information at or to such sites.

Data Storage and Security

The information that we collect is stored in our database, which is secured through password
authentication. Your information may be stored on our servers and also on servers of companies
that we hire to provide services. In each case, information may be stored in the United States and
in other countries where we operate, and in countries where our respective service providers
operate. If you are in the European Union, Switzerland, or other regions with laws governing data
collection and use, you acknowledge that we may transfer, process and store your personal
information in the United States and other countries, the privacy laws of which may be considered
less strict than those of your region.

We understand that security of your personal and financial information is important to you, so we
have taken steps to enhance the safety and confidentiality of personal and financial information
sent to or from us. Company uses commercially reasonable efforts to maintain the security of the
Website and your information.

If you choose to license our software, you will need to establish and account. Access by you to
your account is available through a password and/or unique user name selected by you. This
password is encrypted. You should not divulge your password to anyone. You should change your
password often using a combination of letters and numbers, and you should ensure you use a secure
web browser. We cannot be responsible for activity that results from your own neglect to safeguard
the secrecy of your password and user name. If you share a computer with anyone, you should
always log out of your account after you are finished, in order to prevent unauthorized access.
Please notify us as soon as possible if your user name or password is compromised.

Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed
to be 100% secure. As a result, while we strive to protect your personal information, you
acknowledge that: (a) there are security and privacy limitations of the Internet that our beyond our
control; (b) the security, integrity and privacy of any and all information and data exchanged
between you and us through this Website cannot be guaranteed and we shall have no liability to
you or any third party for loss, misuse, disclosure or alteration of such information; and (c) any
such information and data may be viewed or tampered with in transit by a third party.

If we become aware of a data breach that is likely to result in a risk for the rights and freedoms of
individuals, we will notify you within 72 hours of first having become aware of the breach.

Notwithstanding the foregoing, Company provides the Website “as is” without any express or
implied warranty of any kind, including warranties of merchantability, reliability, or fitness for a
particular purpose.

Changes in Privacy Policy

This Privacy Policy may change from time to time to accommodate changes in the Website,
changes in technology or legal developments. We will post any changes to the Privacy Policy on
the Website.

Contact Us

To report any known or suspected privacy or security breaches or to submit privacy related
questions or complaints please contact us at reservations@bigbearvacations.com.

Revised: May 2018