Keeling and Associates (K&A) has created this security and privacy statement in order to document and communicate its commitment to doing business with the highest ethical standards and appropriate internal controls.

We respect your privacy. Information you entrust to K&A will be handled with the greatest care, and K&A will not use the information in ways to which you have not consented or is not required by law.


SCOPE

This privacy policy applies to all K&A-owned websites and domains, and our wholly owned subsidiaries.

This site contains a number of links to other sites. K&A is not responsible for the security or privacy practices of these sites, their products, or services offered by these sites, or the content appearing at these sites. K&A does not endorse any of the products or services marketed at these other sites.


WEBSITE INFORMATION GATHERING

K&A recognizes the importance of keeping the information we collect about you confidential. We always take great care to protect what you entrust to us. K&A is committed to protecting the privacy of visitors to our website.

Personal Information Gathering – We do not automatically collect personally identifiable information (PII) about our web site visitors. We may record the Internet protocol (IP) address of the computer you are using, the browser software used, the operating systems used, and the websites from which our visitors link directly to our site. We aggregate and use this information to determine how many visitors we have to different pages on our web site, to detect and correct systems problems, and to improve the usability of our web site. This information is not connected to individual names or personal identities.

Explicit Information Gathering – You can examine our entire web site without providing any information whatsoever. Our web site’s request-for-more-information form requires users to give us contact information. This information is used to provide information to those who inquire about our products and services, to ship orders, to bill orders, and to handle related business matters. This information is also used to get in touch with customers when necessary. From time to time, the information gathered through this site will be used to notify you about products and services that we think will be of interest to you.

Covert Information Gathering – Our site does not covertly capture information regarding the specific activities of any particular user. We do not have any arrangements with any other sites to track or monitor user activities on the Web. Our site does, however, produce reports that permit us to view your activity on our site in anonymous or aggregated form. We do not use cookies, web bugs, or any other active content mechanism to capture or maintain information about users without their prior consent. The only personal information that we capture has been specifically submitted to us through the request-for-more-information form. We do not store any persistent information on your computer.

Cookies and Web Bugs – K&A uses “cookies” on this site. Cookies enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.

Personal Information Usage – When you disclose personal information to us that is where it stays. The only exception involves disclosure to the government according to normal business practice, for instance for the collection of taxes, and according to the orders of a court, for example responding to a subpoena or search warrant. We do not sell, rent, trade, lend, or otherwise transfer such personal information to affiliates, subsidiaries, sister companies, holding companies, parent companies, strategic partners, or any other organization.


CHILDREN

Precautions For Children – K&A does not attempt to collect personal information from children, and we do not provide services to children. The K&A website is not directed to children under age 18, and we do not knowingly collect personal information from children under age 18. If a child sends personal information to us, and this information can be identified as originating from a child, the information will be deleted. We cannot always determine which information originates with a user that is a child. We do not maintain databases about children.


EMAIL LIST
 PRIVACY

Opt-in Email Lists – We use email lists that we have assembled from people who have indicated they want additional information about our services. Additionally, we use email lists that are comprised of people who have requested additional information about services similar to those K&A provides.

Personal Contacts – K&A personnel frequently give presentations at conferences and seminars; write books, articles and newsletters; and participate in similar types of group and individual communications. We often receive business cards as well as requests for additional information or help with risk related issues. When we receive requests for information or help in person, from our web site from information volunteered by our web site visitors, or from conferences from people indicating they want more information about our type of services, we will place these individuals on our contact list.

Email List Privacy – K&A does not sell, rent or share our email lists with any other third parties. We do not link our email lists to any other databases. We do not store emails or individual information on our web server. All personally identifiable information is stored on servers behind our firewall.


THIRD 
PARTY ADVERTISING

Third Party Certification – K&A uses the Sucuri service to validate the privacy policies on this web site. Web site visitors can verify our status by clicking on the Sucuri logo on the web site.

Compelled Disclosure – There may be times when we are required by law to disclose the information that you have submitted. Unless we are legally prohibited to do so, we will do our best to provide you with notice that a request for your information has been made to give you an opportunity to object to the disclosure. If you do not challenge the disclosure request, we may be legally required to turn over your information.


WEB SITE
 SECURITY

Security Measures – Our site is protected with a variety of security measures such as change control procedures, passwords, and physical access controls. We also employ a variety of other mechanisms to ensure that data you provide is not lost, misused, or altered inappropriately. These controls include data confidentiality policies and regular database backups.

Encryption Policy – We use SSL encryption to protect the information you submit to us.

Storage of Personally Identifiable Information (PII) – We do not store any personally identifiable information on our web server.

Accountability – Information security personnel ensure the security of the information we process and store.

Policies and Procedures – K&A has internal policies and procedures to limit access to your information to only those who have a business need to view it.

Collecting Confidential Information – K&A will always use encryption when collecting personal information via web forms. Web site users can identify these forms by looking in the address bar of the browser, where the “https” in the URL indicates a secure connection. Site users can also view the “padlock” icon within the browser window. A closed padlock [insert image] indicates an encrypted connection.

FERPA Compliance

The Federal Education Rights and Privacy Act (FERPA) is predominantly about protecting the privacy of student education records. To comply with this federally-mandated law, Sucuri’s Data Management / Protection Policy (DMPP) specifically outlines the flow of data through Sucuri’s GDAN and ensures that data is never stored or accessible.


YOUR PERSONAL
 INFORMATION

Access to Personal Information – We make every effort to keep our records accurate. We will make appropriate changes when you notify us. If you want to view, update or delete the information we have about you in our database, please fill out our privacy information request form. We will follow procedures to verify your identity before providing this information to further protect your privacy.


PRIVACY POLICY CHANGES

Policy Change Notice – We may occasionally make changes to our privacy policy to reflect changes in legal and regulatory requirements, or as necessary as we upgrade or modify our technology, applications and service offerings. We recommend you visit our site to review our privacy policies occasionally.

CONTACT INFORMATION Customer Information Requests – With respect to this web site, there are two options regarding your personal information. If you wish to contact us about our products or services, then you need to disclose your contact information so that we can service your request. If you wish to remove your name and related information from our contact database, we will promptly take action to comply with your request. We are pleased to process address error correction notices and address change requests through any of the following channels:

 Sending electronic mail to info@keelingassociates.com

 Sending regular mail to 55 Harry Kemp Way, Provincetown, MA, 02567

 Calling 212-229-4750 during regular business hours EST.

Privacy Policy Questions and Problems: If you have any specific questions or concerns about our privacy policy or practices, including any suspected potential disclosures of your personal information, please use the following contact information:

Eric Engstrom

President, Keeling & Associates, LLC

55 Harry Kemp Way

Provincetown, Massachusetts, 02567

212-542-3201

eric@keelingassociates.com


REFERENCES

This policy helps address the requirements of the following regulations and standards:

OECD Fair Information Principles

FTC Online Privacy Principles – US Federal Trade Commission COPPA – Children’s Online Privacy Protection Act

ISO 27002: 15.1.4 Data protection and privacy of personal information Health Care: HIPAA Privacy – Final Rule, HITECH Act

Financial Services:  GLBA Act, Title V – Privacy