AFTS PRIVACY and SECURITY POLICIES
Our Commitment To Privacy
AFTS DOES NOT RELEASE ANY CLIENT INFORMATION TO OTHER ORGANIZATIONS. This information includes the client data supplied by the client as well as other confidential information learned by AFTS regarding the client's business.
AFTS collects only relevant information required to deliver the services requested by our clients. Data may be retained for backup, research, audit, or other operational purposes. It will be destroyed or deleted when it is no longer needed for providing client services.
The only exceptions to this policy are for:
· Required filings with the IRS.
· Required reporting to the USPS related to mailing services provided to our clients.
· Sub-contractors and consultants needed to perform services for clients.
· Court ordered requests for information.
· Other lawful requests from governmental agencies or regulatory authorities.
· Information specifically authorized for release by our clients for marketing samples, verification of mortgage, or other purposes.
We carefully establish relationships with business partners
It may be necessary for us to share information with our service providers in order to deliver services requested by our clients. We carefully choose the companies that provide support services for us. We may need to disclose information you provide to us to the following types of outside companies:
· Sub-contract vendors that deliver services or products on your behalf (like forms/envelope printers and mailing service specialists).
· Overload, backup, and disaster recovery sub-contractors.
· Independent contractors, such as technical systems consultants.
All of these companies acting on your behalf are obligated to keep the information that we provide to them confidential. They will use information only to provide the products and services we have asked them to provide.
AFTS CUSTOMER INFORMATION SECURITY POLICY
AFTS TAKES THE SECURITY AND CONFIDENTIALITY OF ALL DATA ENTRUSTED TO US VERY SERIOUSLY.
Sensitive Customer Information is regularly used by AFTS in the delivery of products and services requested by our clients. We protect this information from unauthorized access using a combination of policies, procedures, and data systems to protect against foreseeable internal and external threats.
These policies have been communicated to all staff and will be followed at all times. Any losses of data or suspected unauthorized access will be communicated immediately to affected clients.
Limited Physical Access
· Combination door locks on computer server rooms, warehouse access doors, and lockbox payment processing areas.
· Numbered, “no duplication” keys issued to employees.
· Public entry is only available at a single staffed reception area and only during normal office hours.
· User passwords required for login at all workstations. Workstations are logged off or locked when not in use.
· Group password access controlled by department.
· Hardware firewall systems at the single external access to the public internet.
· Software firewall systems at individual workstations.
· Virus protection on all workstations
· Spyware protection on all workstations
· Access logging of all authorized access (and unauthorized attempted access) to FTP sites.
· Encryption of data transmission to and from AFTS systems as required by clients.
· Web access via SSL encryption (using Verisign).
· Individually encrypted files using unencrypted transmission modes.
· PGP encryption