P. Your U.S. State Privacy Notice and Rights

This U.S. State Privacy Notice (“Notice”) applies to “Consumers” as defined under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA”), the Colorado Privacy Act, the Virginia Consumer Data Protection Act, the Utah Consumer Privacy Act, Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring, Chapter 603A of the Nevada Revised Statutes, and all laws implementing, supplementing or amending the foregoing, including regulations promulgated thereunder (collectively, “U.S. Privacy Laws”).

This Notice is designed to meet our obligations under U.S. Privacy Laws, including our “notice at collection” obligation under the CCPA, and supplements the general privacy policies of Epson America, Inc. and Epson Canada, Limited (“Epson,” “our,” “us,” or “we”), including, without limitation, our Privacy Policy for the U.S. and Canada. In the event of a conflict between any other Epson policy, notice, or statement and this Notice, this Notice will prevail as to Consumers unless stated otherwise.

Applicability

* Section 1 of this Notice provides notice of our data practices, including our collection, use, disclosure, and sale of Consumers’ personal information or personal data as defined by the U.S. Privacy Laws (collectively, “PI”).

* Sections 2-5 of this Notice provide information regarding Consumer rights and how you may exercise them.

* Section 6 of this Notice provides additional information disclosures for California residents.

For California residents the term “Consumer” is not limited to data subjects acting as individuals regarding household goods and services and includes data subjects in a business-to-business context. This is not the case in the other states. Capitalized terms not defined in this Notice have the definition provided by applicable U.S. Privacy Laws.

Limited Applicability, Human Resources: Section 1 of this Notice does not apply to job applicants, current employees, former employees, or independent contractors (“Personnel”). Our California Personnel may obtain a separate privacy notice that applies to them by contacting our human resources department at epson.privacy@ea.epson.com. However, the details on how to exercise Consumer rights in Sections 2-6 of this Notice applies to our California Personnel.

1. Notice of Data Practices

The description of our data practices in this Notice covers the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.

We may Collect your PI directly from you (e.g., when you use the Sites, our Service, interact with us online, or register an account), your devices, our Affiliates, service providers, data brokers or resellers, social networks, marketing partners, public sources of data, or other businesses or individuals.

Generally, we Process your PI to provide you services and as otherwise related to the operation of our business, including for one or more of the following Business Purposes: Performing Services, Managing Interactions and Transactions, Security, Debugging, Advertising & Marketing, Quality Assurance, Processing Interactions and Transactions, and Research and Development. We may also use PI for other Business Purposes in a context that is not a Sale or Share under U.S. Privacy Laws, such as disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”), to the Consumer or to other parties at the Consumer’s direction or through the Consumer’s action; for the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice); as required or permitted by applicable law; to the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm; and to assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”) (“Additional Business Purposes”). Subject to restrictions and obligations under U.S. Privacy Laws, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.

We may also use and disclose your PI under this Notice for Commercial Purposes, which may be considered a “Sale” or “Share” under applicable U.S. Privacy Laws, such as when Third-Party Digital Businesses (defined below) Collect your PI via third-party cookies, and when we Process PI for certain advertising purposes. In addition, we may make your PI available to Third-Parties for their own use.

We provide more detail on our data practices in the two charts that follow.

a. PI Collection, Disclosure, and Retention – By Category of PI

We may collect, disclose, and retain PI as follows, depending on your interactions with Epson:

Category of PI Examples of PI Collected and Retained Categories of Recipients

1. Identifiers Real name, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, e-mail address, phone number, and account name. Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group;

• Customers;

• Public forums (such as product reviews), if you post such content;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

2. Personal Records Name, signature, description, address, telephone number, and financial information (e.g., payment card information). Some PI included in this category may overlap with other categories. Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group;

• Customers;

• Public forums (such as product reviews), if you post such content;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

3 Customer Account Details/Commercial Information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group;

• Customers;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: Third-Party Digital Businesses

4. Internet Usage Information When you browse our Sites or otherwise interact with our Service, we may Collect browsing history, search history, and other information regarding your interaction with our Service. Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group;

• Customers;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: Third-party Digital Businesses

5. Geolocation Data If you interact with us online we may gain access to the approximate location of the device or equipment you are using. Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group;

• Customers;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: Third-party Digital Businesses

6. Sensory Data We may Collect audio, visual, electronic, or similar information when you when you contact us through our customer service line or if you post photos or videos on our Service. Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group;

• Customers;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

7. Professional or Employment Information Professional or employment-related information. Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group, affiliates, and partners;

• Customers;

• Public forums (such as product reviews), if you post such content;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

8. Sensitive PI Government Issued Identification Numbers (e.g., social security, driver’s license, state identification card, or passport number) Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

Account Log-In (e.g., username and password to online account with Epson) Disclosures for Business Purposes:

• Vendors, such as general IT, cloud computing, software, and other business vendors, data analytics providers, data processors, payment processors, and marketing services providers;

• Other members of our corporate group;

• Governmental entities; and/or

• Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

There may be additional information we Collect that meets the definition of PI under applicable U.S. Privacy Laws but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category. Because there are numerous types of PI in each category, and various uses for each PI type, actual retention periods vary. We retain specific PI pieces based on how long we have a legitimate purpose for the retention.

(To be continued)