INTERAL USE EMAIL POLICY

INTRODUCTION

Email is a valuable communication tool that enables efficient and effective communication. Email can also pose many security, privacy, legal, and reputational risks for an organization when misused, thus it is important to establish guidelines and expectations for the appropriate use of email within the organization. Kredit Financial Inc. (Kredit) aims to ensure that email is used responsibly and professionally, minimizing the risks associated with misuse or inappropriate behavior.

PURPOSE

The purpose of this Policy is to establish guidelines and expectations for the appropriate use of email within the organization.

SCOPE

This Policy applies to all employees, contractors, and authorized personnel who have access to Kredit email accounts and systems.

ROLES AND RESPONSIBILITIES

Kredit’s Chief Technology Officer (CTO) is responsible for monitoring email usage and compliance with this Policy.

Kredit’s Chief Compliance Officer (CCO) is responsible for this Policy is communicated to all employees and made available to all employees in the organization. The CCO is also responsible for reviewing this Policy on an annual basis.

POLICY

Use of email must comply with Kredit’s Code of Conduct Policy and Acceptable Use Policy, as well as the standards stated below:

AUTHORIZED USE

Email accounts provided by Kredit should be used for conducting company-related business, including communication with colleagues, clients, suppliers, and other relevant stakeholders. Personal communication is permitted on a limited basis, but non-Kredit related commercial/business uses are prohibited.

PROHIBITED USE

The following activities are strictly prohibited when using company email accounts:

• Harassment or Discrimination: Sending offensive, threatening, harassing, or discriminatory messages to anyone within or outside the organization.

• Confidential Information: Sending sensitive or confidential company information to unauthorized recipients or sharing sensitive data without proper authorization.

• Illegal Activities: Using email to engage in any illegal or unethical activities, including fraud, copyright infringement, or other unlawful actions.

• Chain Letters and Spam: Forwarding chain letters or engaging in spamming activities, including mass emails to unrelated recipients.

• Misrepresentation: Impersonating another employee, client, or third-party entity to deceive or manipulate recipients.

• Virus Transmission: Sending emails containing viruses, malware, or any harmful content that may disrupt company systems or networks.

• Email Forward: Automatically forwarding Kredit email to a third-party email system.

DATA SECURITY AND PRIVACY

Employees must refrain from sending sensitive information and or consumer PII (i.e., consumer name, social security number, date of birth) via email. When sending this information is necessary, this type of information must be encrypted or sent through secure channels. In the event this type of information is sent to a Kredit employee from an external via email, the following steps must be taken:

• Notify the CTO that sensitive information has been received

• Delete the email from the Inbox

• Delete the email from the Trash/Recycle Bin

• Perform a GDPR delete via Hubspot

Additionally, employees are responsible for protecting the privacy and security of their email accounts by using passwords that conform with Kredit’s Password Construction and Security Policy.

EMAIL ETIQUETTE

Employees are expected to maintain a professional tone and language in their email communications. This includes proper grammar, spelling, and clear and concise language. It is essential to be respectful and polite when addressing colleagues, clients, or any other recipients.

MONITORING AND COMPLAINCE

The organization reserves the right to monitor email usage without prior notice. Employees shall have no expectation of privacy in anything they store, send, or receive on Kredit’s email system.

REPORTING MISUSE

If an employee becomes aware of any misuse or violation of this Policy, they should immediately report it to the CTO or CEO.

RECORD RETENTION

Email shall be retained for the period of time defined in Kredit’s Record Retention and Destruction Policy.

COMMUNICATION

This Policy shall be communicated to all affected employees via email and maintained in the Internal Policy Repository folder on Google Drive for reference purposes.

VIOLATIONS

Failure to comply with this policy and procedure may result in the Kredit network being infected by a virus or malware.

CHANGE SUMMARY

Purpose: Internal Policy

Category: Information Security Policy

Policy Name: Internal Use of Email Policy