Our Privacy Commitment to You
We recognize, respect and protect the personal privacy rights of all our customers. We realize that our customers entrust us with personal information and it is our policy to maintain our customers' information in a confidential manner. We are committed to providing the highest level of security and privacy regarding the collection and use of our customers' personal information of all consumers who visit our institution.
Confidentiality and Security of Nonpublic Personal Information
We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.
Nonpublic Personal Information We Collect
We collect nonpublic personal information about you from the following sources:
1) Information we receive form you on application forms
2) Information about your transactions with us, our affiliates, or others.
3) Information we receive from a consumer reporting agency
Nonpublic Personal Information We Disclose.
We do not disclose nor do we reserve the right to disclose, any nonpublic personal information about our customers or former customers to anyone, except to other nonaffiliated third parties as permitted by law.
Notify Us of Inaccurate Information We Report To Consumer Reporting Agenceies
Please notify us if we report any inacccurate information about your account(s) to a consumer reporting agency. Your written notice describing the specific inaccuracy(ies) should be sent to us at the following address:
Readlyn Savings Bank
141 Main St.
PO Box 40
Readlyn, IA 50668.
Privacy and the Internet
1. Visitors to the Readlyn Savings Bank website remain anonymous. We do not collect personal identifying information about site users, unless you choose to provide such information to us via email. Visitors may elect to provide us with personal information via email. This information is used internally, as appropriate, to handle the sender's request and manage the Bank's website. It is not disseminated or sold to any other organization. Visitors should, however, keep in mind email is not necessarily secure against interception. If you do not agree with the use of the information, or are not comfortable with the level of privacy, cancel the email before it is sent. Visitors should call the bank directly at 319-279-3321 if request of statements include private or sensitive information.
Readlyn Savings Bank values the trust our customers place in us and the Bank is committed to ensuring the security and confidentiality of customer information and protecting that information. Information about our customers is held in confidence by the Bank and no employee of Bank shall divulge any non-public information of a customer or discuss the business of a customer with anyone outside the bank without the customer's prior written consent or as permitted by law.
It is the policy of Bank to comply with all requirements imposed on the Bank by the Gramm-Leach-Bliley Act of 1999 regarding the safekeeping of customer information. The Bank follows its established standards for administrative, technical and physical safeguards of customer records. Additionally, the program shall meet the standards mandated by the interagency guidelines establishing standards for safeguarding customer information.
The Bank will collect, retain, and use the information about customers only where such information is believed to be useful and allowed by law to administer the business of Bank to provide products, services and other financial opportunities to its customers.
The Bank will review the measures that it has taken to safeguard customer information. The review takes into account the on-going changes in technology and the internal and external changes that the Bank goes through in addition to the complexity and scope of the Bank's activities. Not only is the focus on compliance with this part of the GLBA but also on the legal ramifications that arise from noncompliance
Information Security Officer
The Board of Directors of Bank shall designate a senior officer of the Bank as its Information Security Officer and annually approve the information security program. The Information Security Officer shall report to the Board at least once a year and more frequently, if deemed necessary either by the Board or the Information Security Officer.
The Information Security Officer shall design, review and inform the Board of the security program as to its ability to protect against anticipated threats to the integrity of such information and against unauthorized access or use of such information to ensure the information remains secured and confidential. The Information Security Officer shall monitor, evaluate and suggest adjustments to the Board as appropriate as needed but not less than once a year.
Douglas J. Sheppard has been appointed as the Information Security Officer by the Board of Directors to maintain compliance with all aspects of the Customer Information Security Policy.
Management shall identify the reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems.
Access to customer information is limited only to authorized individuals and the Bank maintains appropriate security standards and procedures to restrict access.
All employees of the Bank that require access to the Bank's computers to perform their duties shall be given a unique password and user identification code for use in logging onto the Bank's system. The Information Security Officer will review user access/profile listings on a regular basis. Passwords shall be designed to not be easily decipherable. All passwords shall be modeled to the tasks that the employee holding the password requires access to perform their duties and no others. All passwords shall be changed as needed, but not less than once every 90 days. Password length, timeout intervals, hours of access and lockouts will be utilized to further limit access.
Whenever a password holder's employment with the Bank is terminated, that employee's password is to be invalidated. Dual control procedures and segregation of duties are utilized for employees with access to customer information and the Bank takes any necessary disciplinary measures to enforce employee privacy responsibilities.
The Bank's facility and equipment shall be physically secure from damage and secure from unauthorized access. The Bank's personal computers shall be kept in secure areas and removable disks with Bank data shall be kept in secured areas when not in use. Software is held in the Bank vault under limited access and all of our irreplaceable records are kept in the vault or in fireproof safes and filing cabinets.
All information on the Bank server is backed up at the Bank. In addition to magnetic cartridge and tape files, references and printed documentation are stored off-site at Fiserv (our data processor). File backups are executed daily at Fiserv and the Bank's server is backed up daily. Fiserv stores backup media in a secure storage facility in Des Moines and the server backups are stored in the Bank vault.
Network security and operating systems are maintained on a regular basis through patches, updates, etc. In addition, virus protection is maintained on all systems. These security systems are routinely tested by an independent third party.
In the event of a natural disaster or other cause that disrupts the Bank's operations, the Bank has a recovery plan that will enable it to resume operations as quickly as possible. In addition, Fiserv maintains, and at least annually, tests a disaster recovery program for their site.
The Bank's hardware, software, computer-generated data, custom software, the LAN, and all other aspects of the Bank's computer system are an integral part of the Bank's disaster recovery policy, which is addressed in a separate policy statement.
Important information is stored by personal computers in the Bank and can be changed or deleted by anyone using them; therefore, the PCs in the Bank must be subject to controls.
No employee shall bring any personally owned personal computer, any personal computer disk, or any software onto Bank premises, or install any such item on a Bank PC, without prior approval of the Information Security Officer. In addition, no personal computer owned or leased by the Bank shall be moved from its location without permission of the Information Security Officer.
All third party developed software installed on any Bank PC shall be appropriately licensed from the software's vendor as the Bank will permit no unauthorized copies of copyrighted software to be used in the Bank's personal computers.
No one shall use any Bank PC to access the Internet or any similar service for any purpose except the Bank's business needs
Customers may communicate with employees of the Bank through the use of e-mail and employees may communicate with one another through the use of e-mail.
The Bank's e-mail system may be used only for Bank related business and for no other purpose. Employees of the Bank shall not use the Bank's e-mail system for any purpose other than the communication of Bank business. Customers of the Bank shall be discouraged from using the Bank's e-mail system to communicate with an employee for any purpose other than the Bank's business.
Any communication from a customer received through the Bank's e-mail system shall be acted upon with the same urgency and diligence as if the communication had been received in writing. Accordingly, each Bank employee who has the capacity of receiving e-mail shall check his or her mailbox at least once each day. A printed record shall be made of each customer request that requires a response or action on the part of the bank. The printed record shall be given to the person in the Bank responsible for handling of the issue in question.
When an employee is absent from the Bank for one day or longer, it is the responsibility of the employee's supervisor to review any e-mail messages that the employee has received and act upon them appropriately.
Customer information security training is provided to all personnel on an ongoing basis and the effectiveness of the training is reviewed annually by the Information Security Officer. All employees need to understand all aspects of the Bank's information security program and their role in it. All personnel must also understand the Bank's record retention and storage procedures. Information security training will be documented in writing.
Third Party Service Providers
When dealing with 'third party service providers', the Bank will request a written statement from these providers attesting to having a Security Program that meets the security objectives outlined in this policy. The Information Security Officer shall oversee these agreements and insure that due diligence is exercised in selecting these providers in making sure customer information is kept secure and implementing procedures to ensure the information is protected. The Information Security Officer shall monitor the service providers for compliance with this policy.
It is the policy of Bank to validate the Bank's information security program through annual testing performed by an independent third party.
In addition, Fiserv employs an internal auditor responsible for ensuring the integrity of its processing environments and internal controls. Fiserv also provides for periodic independent audits of its operations. Fiserv provides the Bank with a copy of the audit and also provides a copy of such audit to the appropriate regulatory agencies, if any, having jurisdiction over Fiserv's provision of service.
Management reviews the results of program audits and takes appropriate measures to address any concerns promptly. Any recommendations based on findings or corrective actions are followed. Summary reports will be presented to the Board at least annually.