We view protecting our customers/subscribers private information as a top priority and, pursuant to the requirements of the Gramm-Leach-Bliley Act (the GLBA), have instituted the following policies and procedures to ensure that customer information is kept private and secure.
This policy serves as formal documentation of TriggerPoint Research® and its affiliates ongoing commitment to the privacy of its customers. All employees will be expected to read, understand, and abide by this policy and to follow all related procedures to uphold the standards of privacy and security set forth by TriggerPoint Research. This Policy, and the related procedures contained herein, is designed to comply with applicable privacy laws, including the GLBA, and to protect nonpublic personal information of TriggerPoint Research clients/subscribers.
A. Scope of Policy
B. Overview of the Guidelines for Protecting Customer Information
In Regulation S-P, the Securities and Exchange Commission (the SEC) published guidelines, pursuant to section 501(b) of the GLBA, that address the steps a financial institution should take in order to protect customer information. The overall security standards that must be upheld are:
- Ensure the security and confidentiality of customer records and information;
- Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and
- Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.
C. Employee Responsibility
- Each employee has a duty to protect the nonpublic personal information of customers collected by TriggerPoint Research.
- No employee is authorized to disclose or use the nonpublic information of customers on behalf of TriggerPoint Research.
- Each employee has a duty to ensure that nonpublic personal information of TriggerPoint Research customers is shared only with employees and others in a way that is consistent with Privacy Notice and the procedures contained in this Policy.
- Each employee has a duty to ensure that access to nonpublic personal information of TriggerPoint Research customers is limited as provided in the Privacy Notice and this Policy.
- No employee is authorized to sell, on behalf of TriggerPoint Research or otherwise, nonpublic information of TriggerPoint Research customers/subscribers.
D. Types of Permitted Disclosures – The Exceptions
In keeping with the outline of Regulation S-P, there are several exceptions, which permit TriggerPoint Research to disclose customer information (the “Exceptions”). For example, TriggerPoint Research is permitted under certain circumstances to provide information to non-affiliated third parties to perform services on behalf of TriggerPoint Research. In addition, there are several “ordinary course” exceptions, which allow TriggerPoint Research to disclose information that is necessary to effect, administer, or provide information that a customer has requested or authorized. A more detailed description of these Exceptions is set forth below.
- TriggerPoint Research may from time to time have relationships with nonaffiliated third parties that require it to share customer information in order for the third-party to carry out services for customers/subscribers of TriggerPoint Research . These nonaffiliated third parties would typically represent situations where TriggerPoint Research or its affiliates offer products or services jointly with another organization, thereby requiring TriggerPoint Research to disclose customer information to that third-party. As an example, a group email service may fall under this exception.
- Processing and Servicing Transactions. TriggerPoint Research may also share information when it is necessary to effect, administer, or effect a transaction for our customers or pursuant to customer requests. In this context, “Necessary to effect, administer, or effect a transaction” means that the disclosure is required, or is a usual, appropriate, or acceptable method, and;
- To carry out the transaction or the product or service business of which the subscription is a part, and/or record, service, or maintain the consumer’s account in the ordinary course of providing the service or product.
E. Sharing as Permitted or Required by Law
TriggerPoint Research may disclose information to nonaffiliated third parties as required or allowed by law. This may include, for example, disclosures in connection with a subpoena or similar legal process, a fraud investigation, recording of deeds of trust and mortgages in public records, an audit, or examination, or otherwise.
TriggerPoint Research has taken the appropriate steps to ensure that it is appropriately sharing customer data with the above noted exceptions. Our payment processor(s) has achieved this by understanding how TriggerPoint Research shares data with its customers, their agents, service providers, parties related to transactions in the ordinary course of business or with joint marketers.
TriggerPoint Research has implemented internal controls and procedures designed to maintain accurate records concerning customers’ personal information. TriggerPoint Research customers have the right to contact TriggerPoint Research if they believe that their records contain inaccurate, incomplete, or stale information about them. TriggerPoint Research will respond in a timely manner to requests to correct information. To protect this information, TriggerPoint Research maintains appropriate security measures for its computer and information systems, including the use of passwords and firewalls and other encryption.
TriggerPoint Research protects confidential client information including but not limited to consumer reports or any compilation of consumer reports information derived from a consumer report by maintaining some information in encrypted and/or password protected locations.
G. Security Standards
TriggerPoint Research may maintain physical, electronic, and procedural safeguards to protect the integrity and confidentiality of customer information. Internally, TriggerPoint Research limits access to customers’ nonpublic personal information to those employees who need to know such information in order to provide products and services to customers. All employees are trained to understand and comply with these information principles.
H. Privacy Notice
TriggerPoint Research has developed this Privacy Notice to make all aware of the importance of protecting personal client data.
I. Privacy Notice Delivery
- Initial Privacy Notice – As regulations require, all new customers receive an initial Privacy Notice at the time when the customer relationship is established, for example on execution of the agreement for services.
J. Revised Privacy Notice
Updated: February 2012