HERITAGE GROUP is committed to (i) safekeeping personal information collected from potential, currentand former Clients and (ii) safeguarding against the unauthorized acquisition or use of unencrypted data or encrypted electronic data regarding each Client. The proper handling of personal information is one ofHERITAGE GROUP’s highest priorities.
To this end, Blue River, under the supervision and direction of the CCO, has been designated to implement, maintain, review and revise, as necessary, a comprehensive information security program. The primary objectives for this program are to identify and assess any and all reasonably foreseeable internal and externalrisks to the security, confidentiality and/or integrity of any electronic, paper or other records containingpersonal information, and to evaluate and improve, where necessary, the effectiveness of current safeguards forlimiting such risks. To this end, HERITAGE GROUP:
- employs ongoing Employee training,
- sets policy for Employees relating to the storage, access and transportation of Client records and personalinformation,
- reviews the scope of security measures at least annually,
- reasonably monitors its information systems, including for unauthorized use or access, and
- reasonably reviews and tests electronic encryption and other elements of its computer security system(including its secure user authentication protocols, secure access control measures and system securityagent software).
The CCO reviews all contractual relationships with third party service providers engaged by HERITAGE GROUP to ensure adequate protections are in place with respect to the safeguarding of personal information.
ii. Client Information
HERITAGE GROUP collects and keeps only such information that is necessary for it to provide the services requested by its Clients and to administer its Clients’ business with HERITAGE GROUP. For instance, HERITAGE GROUP may collect nonpublic personal information (such as name, address, social security number, assets, income, net worth, copies of financial documents and other information deemed necessary toevaluate the Client’s financial needs) from Clients when they complete a subscription or other form.HERITAGE GROUP may also collect nonpublic personal information from Clients or potential clients as a result of transactions with HERITAGE GROUP, its affiliates, its Clients or others (such information to include information received from outside vendors to complete transactions or to effect financial goals).
Importantly, no Employee may provide the name of limited partners in a Fund without the prior approval of the CCO.
iii. Sharing Information
HERITAGE GROUP only shares the nonpublic personal information of its Clients with unaffiliated entities or individuals (i) as permitted by law and as required to provide services to HERITAGE GROUP’s Clients, such as with representatives within our firm, securities clearing firms, insurance companies and other services providers of HERITAGE GROUP, or (ii) to comply with legal or regulatory requirements. HERITAGE GROUP may also disclose nonpublic personal information to another financial services provider in connection with the transfer of an account to such financial services provider. Further, in the normal course of business, HERITAGE GROUP may disclose information it collects about Clients to entities or individuals thatcontract with HERITAGE GROUP to perform servicing functions such as recordkeeping or computer-related services. Finally, HERITAGE GROUP may make good faith disclosure of the nonpublic personal information of its Clients to regulators who have regulatory authority over HERITAGE GROUP.
Companies hired to provide support services to HERITAGE GROUP are not allowed to use personal information for their own purposes and are contractually obligated to maintain strict confidentiality. WhenHERITAGE GROUP provides personal information to service providers, it requires these providers to agree to safeguard such information, to use the information only for the intended purpose and to abide by applicable law.
HERITAGE GROUP does not (x) provide personally identifiable information to mailing list vendors or solicitors for any purpose or (y) sell information relating to its Clients to any outside third parties.
iv. Employee Access to Information
Only Employees with a valid business reason have access to Clients’ personal information. These Employees are educated on the importance of maintaining the confidentiality and security of such information and arerequired to abide by HERITAGE GROUP’s information handling practices. HERITAGE GROUP employsreasonable procedures to prevent terminated Employees from accessing records containing personalinformation.
v. Protection of Information
HERITAGE GROUP maintains security standards to protect Clients’ information, whether written, spoken, or electronic. To that end, HERITAGE GROUP restricts access to nonpublic personal information to Company personnel who need to know such information in order to provide services to Clients. All electronic or computer files containing such information are password secured and firewall protected from access by unauthorized persons. HERITAGE GROUP periodically updates and checks its systems to ensure the protection and integrity of information.
HERITAGE GROUP also maintains reasonable restrictions upon physical access to records containing personal information, and stores such records in secure facilities.
vi. Maintaining Accurate Information
HERITAGE GROUP’s goal is to maintain accurate, up to date Client records in accordance with industry standards. HERITAGE GROUP has procedures in place to keep information current and complete (including the timely correction of inaccurate information).
Should a Client send HERITAGE GROUP a question or comment via e-mail, HERITAGE GROUP will sharethe Client’s correspondence only with those Employees or agents most capable of addressing the Client’s question or concern. All written communications pertaining to such question or comment will be retained byHERITAGE GROUP until such time as HERITAGE GROUP believes (in its good faith judgment) that it has provided the Client with a complete and satisfactory response. After that time, HERITAGE GROUP willeither discard the communication or archive it according to the requirements of applicable securities laws.
Please note that, unless expressly advised otherwise, HERITAGE GROUP’s e-mail facilities do not provide a means for completely secure and private communications. Although every attempt will be made to keep Client information confidential, from a technical standpoint, there is still a risk. For that reason, please do not use e-mail to communicate information to HERITAGE GROUP that is considered to be confidential.
If the Client wishes, communications with HERITAGE GROUP may be conducted via telephone or byfacsimile. Additional security is available to Clients if they equip their Internet browser with 128-bit “secure socket layer” encryption, which provides more secure transmissions.