Your Best Path, LLC ("YBP," "we," or "the firm") views protecting its customers' private information as a top priority; therefore, we have instituted the following policies and procedures to ensure that customer information is kept private and secure.
This policy serves as formal documentation of YBP's ongoing commitment to the privacy of its customers. All employees will be expected to read, understand, and abide by this policy and follow all related procedures to uphold the standards of privacy and security set forth by YBP. This Policy and the related procedures contained herein are designed to comply with applicable privacy laws, including the GLBA, and protect the nonpublic personal information of YBP's customers.
Scope of Policy
Overview of the Guidelines for Protecting Customer Information
In Regulation S-P, the Securities and Exchange Commission (the "SEC") published guidelines under section 501(b) of the GLBA, which address the steps a financial institution should take to protect client information. The overall security standards that must be upheld are:
- Ensure the security and confidentiality of client records and information;
- Protect against any anticipated threats or hazards to the security or integrity of client records and information; and
- Protect against unauthorized access to or use of client records or information that could result in substantial harm or inconvenience to any client.
- We have a duty to protect the nonpublic personal information of clients collected by YBP.
- No one is authorized to disclose or use the nonpublic information of clients on behalf of YBP.
- We have a duty to ensure that nonpublic personal information of YBP's clients is shared only with associates and others in a way that is consistent with YBP's Privacy Notice and the procedures contained in this Policy.
- We have a duty to ensure that access to nonpublic personal information of YBP's clients is limited, as provided in the Privacy Notice and this Policy.
- No one is authorized to sell, on behalf of YBP or otherwise, nonpublic information of YBP's clients.
- Employees with questions concerning collecting and sharing or access to nonpublic personal information of YBP's clients must look to YBP's CCO for guidance.
Violations of these policies and procedures will be addressed in a manner consistent with other Company disciplinary guidelines.
Types of Permitted Disclosures – The Exceptions
Regulation S-P contains several exceptions, which permit YBP to disclose client information (the "Exceptions"). For example, YBP is permitted under certain circumstances to provide information to non-affiliated third parties to perform services on YBP's behalf. In addition, there are several "ordinary course" exceptions, which allow YBP to disclose information that is necessary to effect, administer, or enforce a transaction that a client has requested or authorized. A more detailed description of these Exceptions is set forth below.
- Service Providers. YBP may, from time to time, have relationships with non-affiliated third parties that require it to share client information for the third party to carry out services for YBP. These non-affiliated third parties would typically represent situations where YBP or its employees offer products or services jointly with another financial institution, thereby requiring YBP to disclose client information to that third party. Every non-affiliated third party that falls under this exception is required to enter into an agreement that will include the confidentiality provisions required by Regulation S-P, which ensure that each such non-affiliated third party uses and re-discloses client nonpublic personal information only for the purpose(s) for which it was originally disclosed.
- Processing and Servicing Transactions. YBP may also share information when necessary to effect, administer, or enforce a transaction for our clients or pursuant to written customer requests. In this context, "Necessary to effect, administer, or enforce a transaction" means that the disclosure is required or is a usual, appropriate, or acceptable method.
- To carry out the transaction or the product or service business of which the transaction is a part and record, service, or maintain the client's account in the ordinary course of providing the financial service or financial product.
- To administer or service benefits or claims relating to the transaction or the product or service of which it is a part.
- To provide a confirmation, statement, or other record of the transaction or information on the status or value of the financial service or financial product to the client or the client's agent or broker; or
- To accrue or recognize incentives or bonuses associated with the transaction that YBP or any other party provides.
Sharing as Permitted or Required by Law
YBP may disclose information to non-affiliated third parties as required or allowed by law. This may include, for example, disclosures in connection with a subpoena or similar legal process, a fraud investigation, recording of deeds of trust and mortgages in public records, an audit or examination, or the sale of an account to another financial institution.
YBP has taken the appropriate steps to ensure that it is sharing client data only within the above-noted Exceptions. YBP has achieved this by understanding how YBP shares data with its clients, their agents, service providers, parties related to transactions in the ordinary course or joint marketers.
Safeguarding of Client Records and Information
YBP has implemented internal controls and procedures designed to maintain accurate records concerning clients' personal information. YBP's clients have the right to contact YBP if they believe that Company records contain inaccurate, incomplete, or stale information about them. YBP will respond promptly to requests to correct information. To protect this information, YBP maintains appropriate security measures for its computer and information systems, including the use of passwords and firewalls.
Additionally, YBP will use shredding machines, locks, and other appropriate physical security measures to safeguard client information stored in paper format. For example, employees are expected to discard documents not required to be kept by placing them in the appropriate bin for shredding.
YBP protects confidential client information, including but not limited to client reports or any compilation of client report information derived from a client report by maintaining some information in locked areas and shredding such information when then information is no longer needed by YBP.
YBP maintains physical, electronic, and procedural safeguards to protect the integrity and confidentiality of client information. Internally, YBP limits access to clients' nonpublic personal information to those employees who need to know such information to provide products and services to clients. All employees are trained to understand and comply with these information principles.
YBP has developed a Privacy Notice, as required under Regulation S-P, to be delivered to clients initially and on an annual basis. The notice discloses YBP's information collection and sharing practices and other required information and has been formatted and drafted to be clear and conspicuous. The notice will be revised as necessary any time information practices change. A copy of YBP's Privacy Notice is available on YBP's website.
- Privacy Notice Delivery
- Initial Privacy Notice - As regulations require, all new clients receive an initial Privacy Notice when the client relationship is established, for example, on the execution of the agreement for services.