Privacy Request Form

Effective Date: April 3, 2026 | Last Updated: April 3, 2026

1. Introduction: What Is a Data Subject Request?

A Data Subject Request (also called a Privacy Request) is a formal request to exercise one of your legal privacy rights. Under CCPA (California) and GDPR (Europe), you have the right to:

• Know: What personal information we collect and how we use it
• Delete: Request that we erase your personal information
• Correct: Request corrections to inaccurate information
• Access/Portability: Receive a copy of your data in usable format
• Opt-Out: Opt out of the sale or sharing of your data
• Restrict/Limit Use: Limit how we use your sensitive personal information
• Object: Object to certain types of processing

This form allows you to submit any of these requests. We will process your request in accordance with applicable privacy laws.

2. Categories of Requests Available

2.1 Right to Know / Right of Access

What You Can Request: A copy of what personal information we collect about you, including:

• Specific pieces of personal information we maintain
• Categories of personal information collected
• Sources of that information
• Purposes for collecting it
• Categories of third parties we share it with

Legal Basis: CCPA/CPRA Section 1798.100 (CA residents); GDPR Article 15 (EU residents)

Response Timeline: 45 days (CCPA), extendable to 90 days; 30 days (GDPR)

2.2 Right to Delete / Right of Erasure

What You Can Request: Deletion of personal information we maintain about you. Important Exceptions: We may not delete information if:

• It's necessary to complete a transaction you initiated
• We need it to provide services you requested
• Deletion would breach our legal obligations
• It's needed for fraud detection or security
• Deletion would prevent detection of illegal activity
• It's required by law or regulation

Legal Basis: CCPA/CPRA Section 1798.105 (CA); GDPR Article 17 (EU)

Response Timeline: 45 days (CCPA), extendable to 90 days; 30 days (GDPR)

2.3 Right to Correct / Right of Rectification

What You Can Request: Correction of inaccurate or incomplete personal information. You can request that we correct:

• Contact information (name, email, phone)
• Address information
• Professional or employment information
• Any other inaccurate data in our records

Legal Basis: CCPA/CPRA Section 1798.100(d) (CA); GDPR Article 16 (EU)

Response Timeline: 45 days (CCPA); 30 days (GDPR)

2.4 Right to Opt-Out of Sale/Sharing

What You Can Request: To stop sharing your personal information with third parties for targeted advertising purposes. See our "Do Not Sell or Share My Personal Information" page for details.

Legal Basis: CCPA/CPRA Section 1798.120 (CA)

Response Timeline: 45 days (CCPA), extendable to 90 days

2.5 Right to Limit Use of Sensitive Personal Information

What You Can Request: Limit our use of sensitive personal information categories to only:

• Purposes you explicitly authorized
• Purposes necessary to fulfill service requests
• Purposes required by law

Sensitive Information Categories: Social Security numbers, financial information, precise location, health information, genetic/biometric data, sex/sexual orientation, religious/philosophical beliefs

Legal Basis: CCPA/CPRA Section 1798.121 (CA)

Response Timeline: 45 days (CCPA)

2.6 Right to Data Portability (GDPR)

What You Can Request: Receive your personal data in a structured, commonly-used, machine-readable format (e.g., CSV, JSON). You can:

• Request data you provided to us
• Receive it in portable format
• Request transmission to another provider

Legal Basis: GDPR Article 20

Response Timeline: 30 days

2.7 Right to Object / Right to Restrict Processing (GDPR)

What You Can Request:

• Object to Processing: Object to processing based on legitimate interests, including marketing and profiling
• Restrict Processing: Request that we limit processing while we verify information or during a dispute

Legal Basis: GDPR Articles 18, 21

Response Timeline: 30 days

3. Information You Need to Provide

To submit a request, please provide the following:

3.1 Required Information

• Your Full Name
• Email Address (where we'll send response)
• Phone Number (optional but helpful for verification)
• Type of Request (select one from Section 2 above)
• Description of Request (what data you want, or what correction you need, etc.)
• Your Signature (typed name acceptable)

3.2 Optional but Helpful Information

• Date range of relevant information
• Specific data categories you're interested in
• Whether you had a direct transaction with us (employment, form submission, etc.)
• How you'd prefer we deliver the response (email, mail, download link)

4. Identity Verification

Why We Verify: We verify your identity to protect your privacy and prevent unauthorized access to your personal information.

4.1 Verification Process

We may request you to verify your identity through one or more of the following:

• Email Verification: Confirm the email address associated with your account or our communications
• Phone Verification: Confirm phone number in our records or via callback
• Information Verification: Answer questions about information from our records (e.g., "Is your address [address]?", "Last 4 digits of phone?", "Services you've inquired about?")
• Government ID: For sensitive requests (deletion, financial info), provide a photocopy of government-issued ID
• Certified Verification: For some requests, notarized statement or certified copy

4.2 Response to Verification Failure

If we cannot verify your identity:

• We will notify you in writing (email or mail)
• We will explain what additional information we need
• You'll have 45 days to provide the verification
• If verification cannot be made, we'll deny the request with explanation

5. Authorized Agent Instructions

You may authorize a third party to submit a request on your behalf. The authorized agent must:

5.1 Agent Requirements

• Written Authorization: Provide a signed power of attorney or authorization letter from you
• Agent Identity: Provide their own identity verification (government ID copy)
• Proof of Authority: Proof they have authority to act on your behalf

5.2 Verification Process for Agents

We will:

• Verify the agent's identity
• Verify the validity of their authorization from you
• May also verify your identity (the consumer's identity)
• Confirm the agent has the legal authority they claim

6. Response Timeline

6.1 California Residents (CCPA/CPRA)

• Initial Response: Within 45 days of receipt of verified request
• Extension: We may extend up to 90 days total for complex requests, with notice to you
• Communication: We'll respond to the email or address you provided
• Format: Right to Know responses provided in digital format or mail

6.2 European/EEA Residents (GDPR)

• Standard Response: Within 30 days of receipt of valid request
• Extension: May extend up to 60 days for complex requests, with notification
• Communication: Response to email or address provided
• Format: Data in structured, commonly-used format (CSV, JSON, etc.)

6.3 What Counts as "Receipt"

We consider your request "received" when it reaches us through any of these methods:

• Email to community@perpetua.us
• Submission through this online form
• Mail to our address
• Phone call (verbal requests must be confirmed in writing)

7. Non-Discrimination Statement

The only exception is if we offer you a financial incentive for sharing data, which is voluntary and clearly disclosed.

8. Methods to Submit Your Request

Method 1: Online Form (This Page At The Bottom)

Use the form below to submit your privacy request directly. All fields marked as required must be completed for us to process your request.

Method 2: Email

Send to: community@perpetua.us
Subject Line: "Data Subject Request - [Your Request Type]"
Include in Email: All information from Section 3.1 above

Method 3: Mail

Perpetua Resources Corp
13181 Highway 55, PO Box 429, Donnelly, Idaho 83615
Attn: Data Privacy Team
Subject: Data Subject Request - [Your Request Type]

Method 4: Phone

Call: 208-901-3060
Note: Verbal requests must be confirmed in writing via email or mail

9. Special Provisions for Different Jurisdictions

9.1 California Residents (CCPA/CPRA)

Your Additional Rights:

• Right to know what data is collected and how it's used
• Right to delete personal information
• Right to correct inaccurate information
• Right to opt out of sale/sharing of data
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising these rights

California-Specific Contact: You may submit a complaint to the California Attorney General at www.oag.ca.gov/privacy

9.2 EU/EEA Residents (GDPR)

Your Additional Rights:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making and profiling
• Right to withdraw consent at any time
• Right to lodge a complaint with a Data Protection Authority

EU/EEA Data Protection Authorities: www.edpb.eu (European Data Protection Board directory)

9.3 Other States

If you reside in other U.S. states with privacy laws (Colorado, Connecticut, Utah, Virginia, Montana, Delaware, etc.), your state's privacy law may provide similar or different rights. Please reference your state's law or contact us for information about your specific state's privacy rights.

10. Response and Data Delivery

10.1 How We'll Provide Your Data

For "Right to Know" requests, we will provide your personal information in one of these formats:

• Digital Format: Downloadable CSV or PDF sent to your email
• Physical Format: Printed documents mailed to your address
• Secure Portal: Access to a secure online portal where you can download your data
• Email: Information provided directly in email for simple requests

10.2 Data Portability Format (GDPR)

For GDPR data portability requests, we'll provide data in a structured, commonly-used, machine-readable format such as:

• CSV (Comma-Separated Values)
• JSON (JavaScript Object Notation)
• Excel (.xlsx)
• XML (Extensible Markup Language)

11. Request Status and Follow-Up

11.1 Acknowledgment

We will send you an acknowledgment email within 5 business days confirming receipt of your request and providing:

• Request ID number for reference
• Type of request received
• Expected response date
• Any additional information needed

11.2 Status Updates

For complex requests extending beyond 45 days (CCPA) or 30 days (GDPR), we will provide status updates every 15 days.

11.3 Request Denial

If we must deny your request (e.g., cannot verify identity, exception applies), we will:

• Provide written explanation of the denial
• Explain the legal basis for denial
• Provide information about your right to appeal or dispute
• Explain how to contact us with questions

12. Contact Information

Data Privacy Team:

• Email: community@perpetua.us
• Phone: 208-901-3060
• Mailing Address: Perpetua Resources Corp, 13181 Highway 55, PO Box 429, Donnelly, Idaho 83615, Attn: Data Privacy Team
• Data Protection Officer: community@perpetua.us

13. Related Privacy Pages

For more information about our privacy practices, please see:

• Privacy Policy: Complete information about how we collect, use, and protect your data
• Cookie Policy: Details about cookies and tracking technologies
• Do Not Sell or Share: Specific instructions for opting out of data sharing
• Terms of Service: Website terms and conditions
• Accessibility Statement: Information about website accessibility