The privacy of BeSmartee’s clients, partners and employees is extremely important. Protection of personal or sensitive information and use of such data in a fair and trustworthy fashion comes with a degree of trust in manner that is key to the core values of BeSmartee. This policy applies to all information collected by or in use of BeSmartee.
BeSmartee understands that a lenders customer furnishes sensitive information during the mortgage application process and is considering to be within the course of business. The Company and Management are committed to treating such information responsibly and identify expectations surrounding the sourcing, storage and retention of such personal and financial information.
BeSmartee is dedicated to take all the necessary steps to safeguard sensitive information that has been entrusted to us and lenders by their customers.
Gramm Leach Bliley Act
Subtitle A of Title V of the Gramm Leach Bliley Act established specific guidelines regarding to disclose nonpublic personal information about a consumer to nonaffiliated third parties, and requires a financial institution to disclose to all of its customers the institution’s privacy policies and practices relating to information sharing with both affiliates and nonaffiliated third parties. Additionally, the Act requires that customers be provided an opportunity to opt-out of sharing his or her nonpublic personal information to nonaffiliated third parties subject to certain exceptions. BeSmartee has elected to not share any non-public personal information with nonaffiliated third parties other than as permitted by the exceptions delineated in the privacy rule.
Affiliate- any company that controls, is controlled by, or is under common control.
Personally, identifiable financial information – any information collected about a consumer in connection with providing a financial product or service to that consumer. This includes: information provided by the consumer during the application process (e.g., name, phone number, address, income); information resulting from the financial product or service transaction (e.g., payment history, loan or deposit balances, credit card purchases); information from other sources about the consumer obtained in connection with providing the financial product or service (e.g., information from a consumer reporting agency or from court records)
Publicly available information – any information BeSmartee reasonably believes is lawfully made available to the general public from federal, state, or local government records, widely distributed media, or disclosures to the general public that are required to be made by federal, state, or local law.
Nonaffiliated third party – means any person who is not an affiliate.
Nonpublic personal information – consists of personally identifiable financial information obtained or that is provided by a consumer that is not publicly available information. It includes any lists, descriptions, or other groupings of consumers (including publicly available information contained therein) that are derived using personally identifiable financial information that is not publicly available.
Recipient – receipt of nonpublic personal information from a nonaffiliated financial institution and to any nonaffiliated entity to which BeSmartee gives nonpublic personal information.
Right to Financial Privacy Act
The Right to Financial Privacy Act established guidelines and procedures regarding how agencies of the federal government may obtain the financial records of certain customers. The Right to Financial Privacy Act covers requests for financial information regarding individuals and partnerships with five or fewer people. It does not govern record requests for corporations or partnerships with more than five people. The Right to Financial Privacy Act only covers requests from a federal government authority. It does not apply to requests from the Internal Revenue Service or from state, local, or other non-federal agencies.
BeSmartee will not honor any request for information that does not comply with the requirements of the Right to Financial Privacy Act. Strict precautions will be taken to prevent the release of inappropriate information as allowed by the Right to Financial Privacy Act.
Information Collected
Personal Information
Information related to any identified or identifiable individual person or party, such as employees, customers, contractors, partners or any other third party (including third parties’ personnel). Examples of Personal Information are name, address, or credit card number. Other examples of Personal Information may include browsing history, loan applications, and requests for information about products and services, if they relate to an identified or identifiable individual. An identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his identity. from many sources is collected.
Sensitive Personal Information
Is Personal Information that receives special legal protection under applicable law. Some examples in the US include social security numbers, credit card numbers, personal health information, credit reports and ratings, race, political affiliations, religious beliefs, personal health information, etc. Sensitive information may require heightened security protection or special individual consent.
Information Disclosed
We do not disclose nonpublic personal information except as permitted or required by law. Disclosure of personally identifiable information without consumer’s refusal occurs in the following circumstances;
- To certain nonaffiliated third parties (under limited circumstances) to the extent permissible under law to service the lenders customer, report to credit bureaus, manage risk, and perform other financial services related activities.
- Disclosing information, we receive on a lenders customer loan application such as the assets, liabilities, income, and employment history for a lender using our system to determine whether a loan made to the customer is salable in the secondary market, for example.
- Information necessary to enforce legal or contractual rights, if applicable, or the right of any other person who is engaged in a transaction directly with our company and not the lender.
- To disclose information required in the ordinary course of business, such as in the settlement of claims or benefits or the confirmation of information to a lender’s customer or the consumer’s agent.
- To provide information to agencies, persons that are assessing our compliance with industry standards, and our attorneys, accountants, and auditors.
- To the extent permissible under the Right to Financial Privacy Act.
- To comply with federal, state, or local laws, rules, and other applicable legal requirements.
Safeguarding
We protect lenders customer privacy by ensuring that only employees who have a business reason for knowing information have access to it. We have retained the services of a compliance officer as the financial privacy coordinator, who is consulted for maintaining internal procedures to ensure that our lenders customers’ information is protected. For example, a lenders customer information can only be accessed by employees who work in software customer and technical support or lender integration support.
All employees have a copy of this policy and are trained at least annually regarding the importance of safeguarding information. Any employee who violates our privacy policy is subject to disciplinary action.
If we change our policy or practice by, for example, adding a category of information that will be disclosed to a third party, we will notify existing lenders and give them an appropriate time period to opt out of the disclosure.
Additional Info. Collecting, Accessing, and Sharing PII
Collecting or maintaining any sensitive PII electronically in our database, accessible remotely from AWS servers, adheres to best practices related to privacy impact assessments. Access to sensitive PII is based on having a “need to know” basis for the collection of the info., i.e., when the info. relates to our official duties of delivering software services to lenders licensing our platform to enable their customers to have the ability to submit loan applications and corresponding documentation. Access is limited to only sensitive PII needed to fulfill our services, and not to view or use sensitive PII for any purpose other than to fulfill this our required duties.
No documents and data are accessible to casual visitors, passersby, or other individuals within the office without a “need to know.” There will never be an authorization to access, share, or display any info. deemed sensitive PII outside work hours or outside of corporate headquarters, and outside of the company administrative login site. In addition, unless specifically designated to conduct work related to the development and delivery of the platform services to our client, you will not have the ability to access sensitive PII unless given the specific authority and access to do so by a direct supervisor. You access will be monitored utilizing an audit trail of your login, and pages accessed while you are logged in.
Oversight Responsibility
BeSmartee’s compliance program includes a series of effective systems and controls to monitor its activities and ensure that the compliance program is being implemented in accordance with the policies established.
- It is the responsibility of the Compliance Department to ensure compliance for all regulations.
- The Compliance Officer is responsible for the administration of the program.
- The Compliance Officer and designees are responsible for establishing and maintaining an effective compliance program with systems and controls.
Enforcement of Policy
The Board of Directors has the authority to approve all compliance policies and at is discretion may assign responsibility for updating the program to an appropriate committee or senior management.
The Compliance Officer, Compliance Committee, and business line management are responsible for the enforcement of this policy and ensuring the directives are implemented and administrated in compliance with the approved policy.
