Last Updated: August 7, 2025

This notice describes the categories of personal information collected by Afognak Native Corporation (“Afognak”), Afognak Benefits Trust (“ABT”), and the ANC Shareholder Settlement Trust (“SST”) (collectively, the “Company”) and the purposes for which Shareholder/Beneficiary personal information is collected and may be used. It is the policy of the Company not to sell any category of personal information collected, and your personal information is only used for purposes listed below, unless you are otherwise notified. We will retain your data for the duration of our relationship, subject to our legal obligations. We are providing this notice to you in accordance with California Civil Code Sec. 1798.100.

Categories of Personal Information Collected

Identifiers, Contact information, and Number of Shares/Trust Units. This category includes names, addresses, telephone numbers, mobile numbers, email addresses, dates of birth, Social Security numbers, bank account information, Alaska Native status (including blood quantum), 5-acre Lease ownership, Shareholder ID number, and other similar contact information and identifiers.

Professional, employment, and financial- information. This category includes career history in the Afognak Shareholder talent bank. For Shareholders running for a seat on the Afognak Board of Directors, this category also includes employment history, directorship information for other entities, certain financial information, information related to previous positions with the Corporation and subsidiaries, and other similar biographical information.

Education information. This category includes education history and scholarship information.

Family information. This category includes names, addresses, phone numbers, email addresses, blood quantum, social security numbers, Shareholder status, dates of birth, family trees, birth and death certificates, adoption papers, relationship to other shareholders, board candidates, board members, and certain executive officers.

Sensitive Personal Information. This category includes social security number, driver’s license information, state identification card information, passport number; racial or ethnic origin, citizenship or immigration status; account log-in information; financial account information; debit card and/or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. It also includes the contents of mail, email, and text messages unless the business is the intended recipient of the communication.

Please note that PI for purposes of this Notice does not include publicly available information or lawfully obtained, truthful information that is a matter of public concern; information that is deidentified or aggregated; and information subject to certain other laws such as the Gramm-Leach-Bliley Act (GLBA), the California Financial Information Protection Act, the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), etc.

Purposes Personal Information is Used

  • Respond to Shareholder/Beneficiary inquiries; provide requested Shareholder/Beneficiary benefits, including dividends/distributions, bereavement benefits, elder benefits, scholarships, and lands programs; improve program services for Shareholders/ Beneficiaries; track Shareholder/Beneficiary development.
  • Comply with applicable laws and internal policies and procedures related to stock transfers, 5-acre lease transfers, and eligibility for certain programs, including but not limited to, hunting & subsistence programs, and cabin rentals.
  • Comply with Alaska proxy regulations requiring certain disclosures, including, in some instances, salary information and education, to be published in annual proxy statement for Board candidates, continuing directors, officers, and employees.
  • Comply with Alaska Statute [AS 10.06.413; AS 10.06.430] regarding requirement to make voting list and other Shareholder information available for inspection by Afognak Shareholders.
  • Create Shareholder mailing labels for corporate use and for use by Afognak Board candidates to mail proxy and campaign materials to Afognak Shareholders.
  • Provide the Inspector of Voting & Elections for annual Board election/proxy purposes.
  • Conduct Shareholder surveys.

Sources of Personal Information.

We may collect your personal information from the following sources:

  • You. We may collect personal information directly from you or through your use of our facilities or systems, when you send us an email, or otherwise communicate or interact with us. We may also collect information automatically from you when you visit our website such as the shareholder portal.
  • Related Entities and Affiliates. We may collect information about you from our related parties and affiliates.
  • Social media and related services. We may collect information about you through your social media services consistent with your settings on such services.
  • Third parties. We may collect information about you from third parties such as your colleagues, emergency contacts, or other third-party sources that are lawfully entitled to share your personal information with us. This may include service providers or contractors who collect or process your personal information on our behalf.

Disclosures. To carry out the purposes outlined above, we may disclose your personal information to our related entities, or affiliates; our business partners; service providers, contractors, and vendors; professional advisors (e.g., lawyers, auditors, accountants, consultants); and government entities (e.g., regulatory agencies, law enforcement). We may also authorize our service providers to collect personal information on our behalf.

We may disclose your personal information to clients or customers and third parties, as necessary, to: (1) comply with federal, state, or local laws; (2) comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (3) cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local laws; (4) investigate claims or allegations or to establish, exercise or defend legal claims.

The following chart lists the categories of third parties to whom we disclose or may have disclosed these categories of personal information in the preceding 12 months.

Categories of Personal InformationCategories of Third Parties to Whom Disclosed
Identifiers and other Contact information –
(e.g., name, postal address, email address, phone number, account name, date of birth, Social Security number, driver’s license number, photograph, passport number, unique personal identifier, online identifier, IP address, email address, photo, signature, account name, or other similar identifiers)

NOTE: The information in this category may also include elements of Sensitive Personal Information such as Social Security number, driver’s license number, state identification card number, and/or passport number.		Third parties as directed by you.

Subsidiaries, affiliates, and related entities.

Our business partners.

Clients or customers.

Service providers, contractors and vendors.

Third parties as related to an acquisition of all or portions of our business.

Governmental entities.

Professional advisors.
Protected status – such as citizenship, ethnic background, sex, or other similar identifiers or any other characteristic protected by applicable federal, state or local laws.
 
NOTE: The information in this category may also include the following elements of Sensitive Personal Information: racial, ethnic, or national origin, data related to citizenship or immigrations status.		Third parties as directed by you.

Subsidiaries, affiliates, and related entities.

Our business partners.

Service providers, contractors and vendors.

Third parties as related to an acquisition of all or portions of our business.

Governmental entities.

Professional advisors.
Audio, electronic, visual or similar information.Third parties as directed by you.

Subsidiaries, affiliates, and related entities.

Our business partners.

Service providers, contractors and vendors.

Third parties as related to an acquisition of all or portions of our business.

Governmental entities.

Professional advisors.
Biometric Information

NOTE: Biometric information is considered an element of Sensitive Personal Information.		Third parties as directed by you.

Subsidiaries, affiliates, and related entities.

Third parties that perform services on our behalf.

For example, providing the time biometric data collection device and related data storage or processing.
Education or Professional and Employment information, including veteran status or other similar identifiers.

NOTE: The information in this category may include the following elements of Sensitive Personal Information: union membership.		Third parties as directed by you.

Subsidiaries, affiliates, and related entities.

Our business partners.

Service providers, contractors, and vendors.

Third parties as related to an acquisition of all or portions of our business.

Governmental entities.

Professional advisors.
Sensitive InformationThird parties as directed by you.

Subsidiaries, affiliates, and related entities.

Our business partners.

Service providers, contractors, and vendors.

Third parties as related to an acquisition of all or portions of our business.

Governmental entities.

Professional advisors.

Selling and Sharing Personal Information. The Company does not sell or share, as those terms are defined by the CCPA, any category of personal information collected. In addition, we do not have actual knowledge that we sell the personal information of individuals under the age of 16 years. The company may share personal information of individuals under the age of 16 with their parent/guardian consent as part of shareholder benefit youth programs.

Disclosing Sensitive Personal Information. We do not use or disclose your Sensitive Personal Information for purposes that, with limited exceptions, are not necessary for which we collect it or as reasonably expected by an average individual in this context or for other permitted purposes under the CCPA or as authorized by regulation.

Retention. We retain your Personal Information for as long as is necessary to fulfill the purpose for which it was collected (e.g., to manage the employment relationship, etc.) and in accordance with the Company’s records retention schedule and applicable law. We may retain your Personal Information for longer if it is necessary to comply with our legal or reporting obligations (e.g., if we are required to retain your data to comply with applicable laws), resolve disputes, enforce our legal agreements and policies, address other legitimate business needs, or as permitted or required by applicable law. We may also retain your Personal Information in a deidentified or aggregated form so that it can no longer be associated with you.

To determine the appropriate retention period for your Personal Information, we consider various factors such as the amount, nature, and sensitivity of your information; the potential risk of unauthorized access, use or disclosure; the purposes for which we collect or process your Personal Information; and applicable legal requirements. Personal information does not include certain categories of information, such as publicly available information from government records, and deidentified or aggregated information.

California Resident Individual Rights Requests. Individuals who are residents of the State of California have the following rights, subject to certain limitations.

Right To Know About Personal Information Collected or Disclosed. You have the right to request information beyond what we have disclosed above regarding the following, to the extent applicable:

• the categories of personal information the Company collected about you.
• the categories of sources from which that personal information was collected.
• the business or commercial purposes for which that information was collected, sold, or shared.
• the categories of third parties to whom the information was disclosed.
• the specific pieces of personal information collected.

Upon receipt of a verifiable Request to Know (see below), and as required by applicable law, we will provide a response to such request.

Right To Request Deletion of Your Personal Information. You have the right to request that we delete the Personal Information we collected or maintain about you. Once we receive your request, we will let you know what, if any, Personal Information we can delete from our records and will direct any service providers and contractors to whom we disclosed your Personal Information to also delete your Personal Information from their records. There may be circumstances where we cannot delete your Personal Information or direct service providers or contractors to delete your Personal Information from their records. Such instances include, without limitation, when the information at issue is maintained: (a) to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Company and compatible with the context in which you provided the information, or (b) to comply with a legal obligation.

Upon receipt of a verifiable Request to Delete (see below), and as required by applicable law, we will provide a response to such requests.

Right to Request Correction. You have the right to request that the Company correct any inaccurate Personal Information we maintain about you, taking into account the nature of that information and purpose for processing it. Upon receipt of a verifiable Request to Correct (see below), and as required by the CCPA, we will provide a response to such requests.

We will not discriminate or retaliate against you for exercising any of the rights described above.

Submitting CCPA Rights Requests. To submit a CCPA Rights request, please contact us at 888-292-9580 or email us at shareholderservices@afognak.com. We reserve the right to only respond to verifiable Requests to Know, Delete, or Correct that are submitted as instructed. A verifiable consumer request is one made by any individual who is:

• the individual who is the subject of the request,
• an individual on behalf of the individual’s minor child, or
• the authorized agent of the individual.

What to submit. If we request, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of the individual. In general, we may ask you to provide identifying information that we already maintain about you, or we may use a third-party verification service. In either event, we will try to avoid asking you for sensitive Personal Information to verify your identity. We may not be able to respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. However, making a verifiable request does not require you to create an account with us.

Additionally, you will need to describe your request in sufficient detail to allow us to review, understand, assess, and respond. We will not use the Personal Information we collect from an individual to determine a verifiable request for any other purpose, except as required or permitted by law.

Our response. We reserve the right to charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will attempt to notify you as to why we made that decision and provide a cost estimate before completing your request. We will endeavor to respond to a verifiable request within forty-five (45) calendar days of receipt, but we may require an extension of up to forty-five (45) additional calendar days to respond and we will notify you of the need for the extension.

Authorized Agent. You may authorize a natural person or a business (the Agent) to act on your behalf. When you submit a Request to Know, Correct, or Delete, the Agent must provide proof that you gave the Agent signed permission to submit the request, and you either must (i) verify you own identity with the business or (ii) directly confirm with us that you provide permission to the Agent. However, these steps are not required when you have provided the authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465. We reserve the right to deny requests from persons or businesses claiming to be authorized agents that do not submit sufficient proof of their authorization.

Spouses, Dependents, and Associates. If you have knowledge that the Company collected Personal Information related to your spouse, dependent, or associate, please share a copy of this notice with all such individuals.

The Company may add to the categories of personal information it collects and the purposes it uses Shareholder/Beneficiary personal information. In that case, the Company will inform you.

If you have questions about the Company’s privacy policies and procedures, and rights you may have concerning your personal information, please contact Shareholder Services at shareholderservices@afognak.com or (888) 292-9580.