Privacy Policy

Eagle Rock Distributing Company is committed to safeguarding the privacy, confidentiality, and security of personal, financial, and proprietary information related to our employees, customers, vendors, and business operations. This policy applies to all employees, contractors, and temporary workers who access, collect, process, store, or transmit sensitive or confidential information in the course of their work, in any form—physical, electronic, or verbal.

Definition of Confidential and Personal Data

Confidential and personal data includes, but is not limited to:

· Employee personal information (e.g., Social Security numbers, addresses, medical records)

· Customer or vendor contact details, financial data, and contracts

· Proprietary business information, pricing models, trade secrets, or strategic plans

· Login credentials, passwords, or system access codes

· Any data protected by law or explicitly designated as confidential by the Company

Employee Responsibilities

Employees must:

· Access and use confidential information only when necessary to perform assigned duties

· Keep all sensitive data secure—whether in physical storage or electronic systems

· Use only company-approved platforms and devices for storing, transmitting, or accessing confidential information

· Protect login credentials; never share passwords or system access with unauthorized persons

· Avoid discussing confidential information in public or unsecured environments

· Immediately report any suspected or actual data breach, loss, or unauthorized disclosure to their supervisor or the IT department

Prohibited Actions

Employees are strictly prohibited from:

· Sharing confidential or personal data with unauthorized individuals, internally or externally

· Using confidential or personal data for personal benefit or non-business activities

· Storing company data on personal devices, unauthorized cloud platforms, or unapproved systems

· Circumventing company security measures or copying data without permission

Data Retention and Disposal

Confidential and personal information must be retained only as long as required for business or legal purposes. When no longer needed, such data must be securely disposed of in accordance with Company policy and data destruction standards.

Legal and Regulatory Compliance

Eagle Rock Distributing Company complies with all applicable federal and state data protection laws, including but not limited to:

· Health Insurance Portability and Accountability Act (HIPAA)

· Fair Credit Reporting Act (FCRA)

· Colorado Privacy Act

· Georgia data security requirements

Monitoring and Enforcement

The Company reserves the right to monitor systems, communications, and data storage to ensure compliance with this policy. Violations may result in disciplinary action, up to and including termination of employment. In cases involving unlawful conduct, civil or criminal penalties may also apply.