Last updated: November, 2020
It is your responsibility to review this Policy periodically. If, at any time, you find the terms of this Policy unacceptable, please stop using all FamilyArc Services (defined below), and cancel your User Account. We may revise this Policy at any time. If you have any questions, please contact us at [email protected]
1. Certain Definitions.
A. "Affiliate" means an entity that controls, is controlled by, or is under common control with an Enterprise, where "control" means possession, directly or indirectly, of a majority of an entity’s voting interests.
B. " FamilyArc Services" means the Portal, the User Account, all products and services provided by FamilyArc on the Portal, Marketplace Products, and any other products or services FamilyArc provides or makes available to Users through the Portal.
C. "Marketplace Products" means products and services available for purchase from the marketplace within the Portal.
D. "Personal Information" means information by which a User may be personally identified. Personal Information does not include data where the User’s identity has been removed (anonymous data).
E. "Portal" means the FamilyArc website at www.FamilyArc.com and the User Account functionality which allows access to the FamilyArc Services, together with any associated database structures and queries, interfaces, tools, and the like that may be provided by FamilyArc to User, together with any and all revisions, modifications, and updates thereof.
F. "Sensitive Personal Information" means Personal Information relating to racial origin, ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, sex life, sexual orientation, genetic or biometric information.
G. "User" means any Advisor, Client User or Client-Invited User.
H. "User Account" refers to a User’s unique, password-protected account on the Portal.
I. Other Capitalized terms have the definitions ascribed to them in the User Agreement.
2. Purpose of Policy. FamilyArc respects your privacy and is committed to protecting it through its compliance with this Policy. We want Users (or "you") to feel safe using our Portal. FamilyArc will not sell, license, or transfer Personal Information we gather from you outside of FamilyArc or its Affiliates, except as directed by you, as necessary to provide you with information, services or products that we offer independently or jointly with others, or as otherwise described in this Policy. This Policy describes FamilyArc’s practices for collecting, using, maintaining, protecting, and disclosing that information. This Policy also covers FamilyArc’s processing activities as a data controller, for Users whose Personal Information is governed by GDPR.
4. Consent to Collection and Use/Processing of Data. BY SETTING UP A USER ACCOUNT, OR ACCESSING OR USING ANY FAMILYARC SERVICE, YOU CONSENT TO FAMILYARC’S COLLECTION, USE AND PROCESSING OF YOUR USER DATA, WHICH MAY INCLUDE PERSONAL INFORMATION, PURSUANT TO THE TERMS OF THIS USER AGREEMENT AND POLICY.
A. Consent for Users located outside of the United States (including but not limited to Canada and the European Union): In order to access and use any FamilyArc Service, Users outside of the United States (including but not limited to Canada and the European Union) must agree to the following, in addition to the general consent provided above:
i. User hereby consents to FamilyArc’s processing of User’s Personal Information, including sensitive information, as described in this Policy. This data may include: data relating to User’s racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, sex life and sexual orientation, or data concerning User’s health. User understands that he or she may have certain rights regarding the processing of User’s Personal Information, as described in this Policy, including the right to withdraw this consent at any time. User also consents to transferring User’s Personal Information, including sensitive information, to the United States of America, and understands that by providing Personal Information to FamilyArc, the User has transferred the Personal Information to the United States of America.
B. Withdrawal of Consent. You may withdraw consent at any time and free of charge, but your withdrawal does not affect the lawfulness of processing based on consent before you withdrew it. You can update your details and change your privacy preferences by contacting us as provided in the "Data Protection Contact" section in this Policy. It is important to note that if you withdraw your consent to our processing of your Personal Information, you may not be able to continue using one or more FamilyArc Services.
5. Applicability of Policy.
A. This Policy applies to information that is collected from:
i. our Portal, when information is provided directly from you, or from another party associated with you;
ii. email, text, and other electronic messages between you and FamilyArc through the Portal; and
iii. your navigation through our website or Portal, or your interaction with our applications on third-party websites.
B. It does not apply to information collected by:
i. FamilyArc offline or through any other means, including on any other website operated by us or any third party (including our Affiliates); or
ii. any third party (including our Affiliates), including through any application or content (including advertising) that may link to or be accessible from or on the Portal.
3775 EP True Parkway, 217
West Des Moines, IA 50265
7. Children Under the Age of 13. Personal Information of a child under 13 may be provided to us or stored on our Portal with the verifiable consent of the legal parent or guardian of that child. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13 without parental consent, please contact us at [email protected]
8. Adherence to GDPR. FamilyArc adheres to the following guidelines, required by GDPR, while processing your data:
A. Lawfulness, fairness and transparency. Data is processed lawfully, fairly, and in a transparent fashion.
B. Purpose limitation. Data is collected for specified, explicit, and legitimate purposes.
C. Data minimization. Data collected on a subject should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
D. Accuracy. Data is accurate and, where necessary, kept up to date.
E. Storage limitations. Data is kept in a form which permits identification of data subjects for no longer than necessary.
F. Integrity and confidentiality. Data is processed in a manner that provides appropriate security of the Personal Information, including reasonable protection against unlawful processing or accidental loss, destruction or damage.
G. Accountability. FamilyArc’s policies and practices demonstrate compliance with GDPR principles.
9. Information We Collect About You and How We Collect It. Personal Information, for purposes of this Policy, is information that can be used to identify you either directly or indirectly. Personal Information does not include data where the identity has been removed (anonymous data). If we combine or connect data that does not directly or indirectly identify you with Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Policy. You are required to provide Personal Information in certain areas of the Portal, and to purchase, access and use certain FamilyArc Services. In other circumstances, you may have a choice as to whether you provide us with Personal Information.
A. How We Collect Data:
i. We collect information:
a. directly from you when you provide it to us;
b. from the Enterprise, Advisor, or other Users associated with your User Account or Subscription, when they provide it to us;
c. automatically as you navigate through the Portal. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and
d. from third parties, for example, our business partners.
B. What We Collect:
i. We collect and store information from and about Users, including Personal Information, such as name, postal address, e-mail address, telephone number, or any other identifier by which you may be contacted online or offline.
ii. We also collect information that is about you, such as usage history from the Portal, information about your computer and internet connection, including your IP address, operating system, and browser type, and information regarding the content you view and features you access on the Portal.
iii. We collect information that you submit to us in a form, such as when you Subscribe to our service, set up your User Account, purchase or use any FamilyArc Service, submit instructions to us regarding your User Account, enter a contest or promotion sponsored by FamilyArc, post material in the Portal, search for information on our Portal or website, interact with our personnel, or report a problem with the Portal or a FamilyArc Service.
iv. We do not, as a standard practice, attempt to collect Sensitive Personal Information or data through our Portal, except as is necessary or appropriate to enable us to provide the FamilyArc Services. Note that due to the nature of some FamilyArc Services, it may be appropriate or necessary for the User to provide, and FamilyArc to collect and process, Sensitive Personal Information. In the event that you submit or upload to us any Sensitive Personal Information, you are thereby consenting to our proposed use of that information. In most circumstances, when the User submits Sensitive Personal Information, the information is encrypted and cannot be accessed by FamilyArc, but can only be accessed by the User and any individuals to whom the User has granted access to such information.
v. We collect anonymous details of your visits to our Portal that do not identify you directly or indirectly, including statistical information such as traffic data, location data, logs, and other communication data concerning how you use our Portal and information linked to a cookie identifier or other identifier not paired in our system with your identifiable information or data, including your name, phone number, or email address.
vi. We may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). At this time, the Portal is not able to honor web browser do-not-track settings or other similar mechanisms.
10. User Contributions. You may provide information, including Personal Information and Sensitive Personal Information, to be published or displayed (hereinafter, "posted") on public areas of the Portal, or transmitted to other users of the Portal or third-parties (collectively, "User Contributions"). Your User Contributions are posted and transmitted to others at your own risk. Although we limit access to certain pages, you may set certain privacy settings for such information by logging into your account profile. Please be aware that no security measures are perfect. Additionally, we cannot control the actions of other users of the Portal or third parties with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
11. Other Websites. The Portal may contain links that connect you to and from websites of third parties including advertisers and other Affiliates. If you click on or follow the links to any of those websites, please note that those parties’ websites have their own privacy policies. FamilyArc disclaims any liability or responsibility for those websites’ privacy policies or data collection practices. Please review the content of those policies before you submit Personal Information to those websites.
12. Third Parties. Our third-party service providers may collect from our Portal your Personal Information or information that does not identify you. We require each third party with which we contract to assist in administering a product or service to agree in writing to abide by all applicable laws with respect to the privacy and protection of your Personal Information.
13. How We Use Your Personal Information. We only use Users’ Personal Information when allowed by this Policy or applicable law. Please note that we may process your Personal Information without your knowledge or consent, where this is required or permitted by law.
A. Use of Personal Information When Governed By GDPR. For Users located in the European Union, the purposes and activities for which FamilyArc will use your Personal Information or data, and the legal basis for which we carry out each type of processing, are as follows:
Purpose/activity for which FamilyArc will process Personal Information
Lawful basis for processing including basis of legitimate interest
To enable you to access information on and register for our Portal
It is in our and your legitimate interest to provide services to you and register you on our Portal at your request.
To manage our relationship with you, which will include, but not be limited to:
(b) asking you to leave a review or take a survey;
(c) enforcing the terms of our User Agreement or other agreements between us;
(e) enforcing the terms of any contract entered into with you; and
(f) understanding your preferences, usage patterns, and concerns regarding our services.
It is in our legitimate interests to:
(a) perform pursuant to the terms of a contract with You;
(b) and (f) keep our records updated, to study how customers use our products/services, and to improve the user experience; and
(c)-(e) to comply with a legal obligation and enforce Our rights under contract(s) with You.
To send you newsletters, e-announcements, and other communications concerning FamilyArc.
It is in our legitimate interests to promote our services to existing users, and to keep users apprised of changes and news regarding our services.
To administer, protect, and improve our business and services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
It is in our legitimate interests to improve and police our site and services to ensure the security of information transmitted on this Portal and to run our business effectively. This monitoring may also be necessary to comply with a legal obligation.
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To use data analytics to improve our website, products, services, marketing, customer relationships and experiences.
Necessary for our legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
To make suggestions and recommendations to you about goods or services that may be of interest to you.
To assist law enforcement or other regulatory bodies or legal process in any investigations relating to suspected illegal or wrongful activity, and to protect our rights, property, and safety, or the rights, property, and safety of third parties.
Necessary for our legitimate interests (to develop our products/services and grow our business).
It is in our legitimate interests to cooperate in any investigations relating to illegal or wrongful activity and to protect our rights or the rights and remedies of third parties.
To enable you to store and share information, including Sensitive Personal Information, with others.
Necessary for your use of the FamilyArc Services, as this is an important feature of the FamilyArc Services
B. Change Of Purpose. We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
C. Marketing. You may receive marketing materials or communications from us if you have requested information from us or registered to use the Portal or other FamilyArc Services and, in each case, where you have not opted out of receiving that marketing. You have the right to opt out of receiving marketing communications at any time by contacting us pursuant to the "Data Protection Contact" section set forth above.
D. Disclosure of Your Information. We only share your Personal Information as provided in this Policy, or as directed by you, and to the extent allowed by law.
i. We may, but are not obligated to, share your Personal Information with the following third parties:
a. To our Affiliates to carry out the purposes for which the information was provided;
b. To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them;
c. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of FamilyArc’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by FamilyArc about Users is among the assets transferred.
ii. Additionally, FamilyArc may disclose information about you:
a. To comply with any court order, law, or legal process, including to respond to any government or regulatory request, which may or may not include your jurisdiction of residence;
c. If necessary to protect the interests of a third party.
iii. We may disclose aggregated information about our Users, and information that is not Personal Information, without restriction.
14. International Transfers for Users in the EEA and Canada. If you are located in the European Economic Area ("EEA") or Canada:
A. To deliver services and products to you, you or we must transfer your Personal Information outside of the EEA or Canada to our affiliated firms and our third-party service providers located in the USA.
B. To obtain further information on the specific mechanism used by us when transferring your Personal Information out of the EEA or Canada, please contact us using the details set out above.
15. Cookies And Analytics. The data collection technologies we use may include, but are not necessarily limited to, the following:
B. Flash Cookies. Certain features of our Portal may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Portal. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see the section entitled "Choices Regarding How We Use and Disclose Your Information."
C. Web Beacons. Pages of the Portal and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related Site statistics (for example, recording the popularity of certain content on the Sites and verifying system and server integrity).
16. Choices Regarding How We Use and Disclose Your Information. We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:
B. Promotional Offers from the Company. If you do not wish to have your email address or contact information used by us to promote our own or third parties’ products or services, you can opt-out by using the "unsubscribe" link in our emails, emailing [email protected], or if we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions.
C. Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out by sending us an email stating your request to [email protected]
D. General Opt-Out for Ads. You can opt out of the behavioral targeting component of online ads by consulting the Digital Advertising Alliance at http://www.aboutads.info/choices/ or the Network Advertising Initiative ("NAI") at http://www.networkadvertising.org/choices/. If you delete your cookies, though, you must opt-out again through the Digital Advertising Alliance of Network Advertising Initiative after your cookie deletion.
17. Accessing and Correcting Your Information
A. For all users of the Portal, you may send us an email at the email address listed in the "Data Privacy Contact" section of this document to request access to, correct, or delete any Personal Information that you have provided to us, or any other information relating to you. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Absent our receipt of written notice from you making a request described in this section, which you are responsible for verifying that we received, we are not under any obligation to update or change any Personal Information that is out of date or inaccurate, or any other information relating to you or your profile, and disclaim any liability, to the fullest extent allowed by law, for failing to do so.
B. If you request that we delete your Personal Information, you may not be able to access or use certain FamilyArc Services.
18. Data Security. We have implemented physical, technical, and organizational security measures designed to protect your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Portal, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We attempt to ensure that any third-party vendors that process Personal Information put adequate security measures in place to ensure the security of your Personal Information.
19. How Long We Retain Your Personal Data. We will retain your Personal Information only as long as reasonably necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information longer in the event of a complaint.
20. Gramm-Leach-Bliley Act ("GLBA").
A. This GLBA Privacy Notice is provided to help you better understand how we obtain, use, share, and protect your non-public personal financial information even after our customer relationship with you has ended. We may obtain your name, address, phone number, social security number, date and place of birth, age, sex, and other demographic information. Depending on the product or service in which you are enrolled, we may also obtain your occupation, salary, billing preferences, beneficiary information, and work history.
B. We obtain non-public personal financial information about you from:
i. you, on your application for insurance or other service;
ii. you, concerning your transactions with us and other companies; and
iii. other third parties within and outside our family of Affiliates, depending on the product or service in which you are enrolled.
C. We use your non-public personal financial information to perform transactions and functions necessary to implement and administer the product or service in which you are enrolled. These functions include enrollment, payment processing, and other similar activities. We also use your non-public personal financial information to determine if you might be interested in any of our other products or services.
D. We may share any of your non-public personal financial information we obtain with our Affiliates as well as non-Affiliates as necessary to provide our products and services to you or as required by law. For example, we may share such information with companies and individuals with whom we contract to assist with administration of the product or service in which you are enrolled. Those companies and individuals may help us with our communications to you, manage your information, collect delinquent accounts, conduct satisfaction surveys, or perform other activities. We require each unaffiliated third party with whom we contract to assist in administering a product or service to agree in writing to abide by the same privacy standards we do.
E. We maintain physical, electronic, and procedural safeguards to protect your non-public personal financial information. We use and share your non-public personal financial information to the extent minimally necessary to administer the products and services in which you are enrolled. We restrict our employees' access to your non-public personal financial information to those employees who need to know the information to administer the product or service in which you are enrolled
21. Health Insurance Portability and Accountability Act ("HIPAA"). We are committed to protecting the privacy and confidentiality of your personal health information. In those instances where the Health Insurance Portability and Accountability Act of 1996, as amended, applies to our handling of your personal health information, we comply with federal laws and meet required standards for securing that information.
22. Your California Privacy Rights. California Civil Code Section § 1798.83 permits Users of our Portal that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email or write us at the address provided in the Data Protection Contact section of this Policy.
23. Data Rights For EU and Canada Users. Users located in the European Union or Canada have the following rights:
A. Request Access To Your Personal Data. You have the right to access your Personal Information. You may do so in your User Account, or by contacting us as set forth in the Data Protection Contact section of this Policy. You may also have the right to receive Personal Information you provided to us in a commonly used and structured format in order for it to be transferred to another data controller. This right applies if your Personal Information is processed by us with your consent. It also applies for the performance of a contract and when processing is carried out by automated means.
B. Request Correction Of Your Personal Data. You may ask us to correct or remove any data that is inaccurate by contacting us as provided in the "Data Protection Contact" section of this Policy. Please keep us informed if your Personal Information changes during your relationship with us.
C. Request Erasure Of Your Personal Data. In certain circumstances, you may request the erasure of your Personal Information, which is referred to as the right to be forgotten. Note that erasure of your Personal Information may make it impossible for you to access or use one or more FamilyArc Services.
D. Object To Processing Of Your Personal Data. You may object to processing your Personal Information for direct marketing purposes. You also have the right to object at any time to processing of your Personal Information which is based on our legitimate interests, pursuant to grounds relating to your particular situation. If you object on this ground, we shall no longer process your Personal Information unless we can demonstrate compelling legitimate grounds for such processing, and those grounds override your interests, rights, and freedoms; or, to establish, exercise, or defend legal claims. Note that our inability to process your Personal Information may make it impossible for you to access or use one or more FamilyArc Services.
E. Request Restriction Of Processing Your Personal Data. You may restrict the processing of your Personal Information to processing in certain circumstances. Note that our inability to process your Personal Information may make it impossible for you to access or use one or more FamilyArc Services.
F. Request Transfer Of Your Personal Data. You may request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
G. Withdraw Consent. You have the right to withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
H. Not Be Subject To Profiling Or Automated Decision-making. You have the right not to be subject to a decision based solely on automated data processing, including profiling, where the decision has a legal or other significant effect, subject to certain exceptions.
I. What We May Need From You. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.