It is important that Clients know that the information they provide will be handled with integrity and discretion. The Firm’s regulatory responsibility to protect the confidentiality of personal information relating to individual clients is mandated by, among others, Regulation S-P.
The privacy policies and procedures must be reasonably designed to (i) ensure the security and confidentiality of Client information, (ii) protect against anticipated threats to the security or integrity of Client information, and (iii) protect against unauthorized access to or use of Client information that would result in substantial harm or inconvenience to any Client. The Firm also is required to maintain policies and procedures reasonably designed to protect nonpublic personal information from any anticipated threat, hazard, unauthorized access, or unauthorized use that could result in substantial harm or inconvenience to any Client.
It is the Firm’s policy to keep all Client information confidential and not to disclose any such information to non-affiliated third parties, except as set forth in the Firm’s Privacy Notice.
Stephen K. Brandt, CCO, will ensure that the Firm follows these privacy policies. The CCO will reasonably ensure that privacy notices are distributed according to the procedures set forth below and that confidentiality of all information is maintained.
B. Privacy Rules and Procedures
To fulfill its privacy obligations, the Firm imposes the following:
- Security. All Firm personnel shall safeguard the nonpublic personal information of Clients.
- Use of Information. Nonpublic personal information of any Client shall be used only to service or maintain that Client’s account. No Firm personnel shall improperly use any Client’s nonpublic personal information, whether obtained from the Client directly or through such Firm personnel’s awareness of portfolio transactions for Clients, or otherwise.
- Access. Only authorized Firm personnel shall have access to a Client’s nonpublic personal information. Access will be authorized if there is a work-related purpose for such access. Sharing a Client’s nonpublic personal information is on a need-to-know basis in order to carry out Firm business.
- Disclosure to Unaffiliated Third Parties. The Firm will not disclose a Client’s nonpublic personal information to unaffiliated third parties (including the Firm’s attorneys, auditors and administrators) except as necessary to effect, administer or enforce a Client transaction, or for the purpose of servicing or maintaining the Client’s account, or otherwise as permitted by law. It is the Firm’s belief that such service providers are capable of maintaining and have in place appropriate safeguards to protect customer information.
- Disclosure to Affiliates. The Firm may share a Client’s nonpublic personal Client information with its affiliates, but only with the consent or at the direction of the Client, or otherwise as permitted by law.
- Disclosures to Regulators and Other Legal Authorities. Nonpublic personal information also may be shared with regulators and/or when required by law, rule, regulation, or a subpoena or order issued by a court of competent jurisdiction, or by a judicial, administrative, or legislative body. The CCO must be consulted before responding to subpoenas, orders, regulatory inquires, or other similar requests for information.
- Retention. The CCO is responsible for maintaining the Firm’s Privacy Notice and for updating the Privacy Notice in the event of any changes. The Firm will retain evidence that the initial and annual Privacy Notices were delivered to Clients.
- Right to Opt Out. The Firm does not presently provide its Clients with a right to opt out of having its nonpublic personal information shared with nonaffiliated third parties or affiliates of the Firm, because the Firm does not share any nonpublic personal information with nonaffiliated third parties or its affiliates except as permitted by law.
C. Nonpublic Personal Information
Nonpublic personal information generally includes any information: (i) supplied by individual Clients to obtain a financial product or service, (ii) resulting from a transaction with Clients, and (iii) otherwise obtained in connection with providing a product or service to Clients, such as information from a consumer report or other outside source used to verify information about a Client. The nonpublic personal information that the Firm collects includes, but is not limited to:
- client names, addresses, and telephone numbers;
- social security numbers and/or tax identification numbers;
- financial circumstances, occupation, and income; and
- securities holdings and positions.
Nonpublic personal information must be safeguarded for all U.S. individuals who are current and former Clients of the Firm, as well as certain prospective clients of the Firm. An individual may provide nonpublic personal information to the Firm verbally or by filling out account or other documentation regardless of whether such individual ultimately becomes a Client of the Firm. That information is subject to these policies and procedures.
D. Safeguarding of Nonpublic Personal Information
All Firm personnel should take precautions to prevent unauthorized individuals from inadvertently or deliberately gaining access to nonpublic personal information or other protected confidential information relating to Clients. The following steps must be followed:
- Nonpublic personal information and other confidential information in any format/medium may not be removed from the premises of the Firm, unless necessary to conduct Firm business.
- Nonpublic personal information and other confidential information that is being printed, copied, or faxed must be attended by authorized persons only. Firm personnel should ensure that fax transmissions containing nonpublic personal information or other confidential information are labeled as confidential and are sent to a location where they can be recovered promptly by the addressee. Files, notes and correspondence should not be left out in the open.
- Discretion should always be employed when communicating via email with Clients, with others outside the Firm, or with individuals within the Firm. There can never be complete assurance that no one other than the intended reader will view the email, and Firm personnel should generally refrain from including nonpublic personal information or other confidential information in email messages.
- Firm personnel should avoid discussions of nonpublic personal information, other confidential Client information, or proprietary Firm information with, or in the presence of, unauthorized persons. No discussions about such information should take place in public places, such as building lobbies, elevators, or public transportation.
- Electronic Client protected information must be stored on a secure server that is accessible only with a password. Archived data must be stored either off-line or in a physically secure area.
- Nonpublic personal information that no longer is required by legal or regulatory requirements must be destroyed according to approved methods. However, the CCO must be consulted before destroying any such records or documents.
- Firm personnel immediately will report to the CCO any instance of unauthorized disclosure of, or unauthorized access to, nonpublic personal information or other confidential Client or Firm information, including unauthorized access to the Firm’s disclosure of computerized data.
- The CCO must ensure that all new and current Firm personnel are aware of and adhere to these policies and procedures regarding the protection of nonpublic personal information and other protected confidential Client and Firm information.
E. Physical Safeguards
Client information should not be given out over the telephone or in response to an email unless the person being communicated with has been identified as either the Client, a fiduciary representative of the Client, or one of the Firm’s service providers that needs the information to provide the service.
Client reports, statements, or performance data should not be left in common areas unattended. All documents containing Client data should be destroyed prior to disposal.
Visitors should not be permitted to walk unattended in areas where Client information is accessible.
F. Review Procedures