PRIVACY STATEMENT
The Arcadia Companies (“Arcadia”) have created this security and privacy statement in order to document and communicate its commitment to doing business with the highest ethical standards and appropriate internal controls.
Arcadia respects your privacy. Information you entrust to Arcadia will be handled with the greatest reasonable care, and Arcadia will not use the information in ways to which you have not consented or which are not required by law.
POLICY SCOPE
Sites Covered by this Policy – This Privacy Policy applies to all web sites and domains owned by Arcadia and all of its wholly owned subsidiaries.
Links to Other Sites – This site contains a number of links to other sites. Arcadia is not responsible for the security or privacy practices of these sites, the security or privacy of the information you enter on these sites, the products or services offered by these sites, or the content appearing at these sites. Arcadia does not endorse any of the products or services marketed at these other sites. When accessing other sites, please review their privacy policies because you are subject to their privacy policies, not Arcadia’s.
WEB SITE INFORMATION GATHERING
Arcadia recognizes the importance of keeping the information it collects about you confidential. Arcadia always takes great care to protect what you entrust to it. Arcadia is committed to protecting the privacy of visitors to its website.
Personal Information Gathering – Arcadia does not automatically collect personally identifiable information (“PII”) about its web site visitors. Arcadia may record the Internet protocol (“IP”) address of the computer you are using, the browser software used, the operating systems used, and the websites from which visitors link directly to Arcadia’s site. Arcadia aggregates and uses this information internally to determine how many visitors it has to different pages on the web site, to detect and correct systems problems, and to improve the usability of the web site. This information is not connected to individual names or personal identities.
Explicit Information Gathering – You can examine Arcadia’s entire web site without providing any information whatsoever. Arcadia’s web site’s request-for-more-information form requires users to give it contact information. This information is used to provide information to those who inquire about Arcadia’s products and services and to handle related business matters. This information is also used to get in touch with customers when necessary. From time to time, the information gathered through this site will be used to notify you about products and services that we think will be of interest to you. If you wish to discontinue such communications, contact [email protected] to remove your name from the mailing list.
Personal Information Usage – When you disclose personal information to Arcadia that is where it stays. The only exception involves disclosure to the government according to normal business practice, for instance for the collection of taxes, and according to the orders of a court, for example responding to a subpoena or search warrant. Arcadia does not sell, rent, trade, lend, or otherwise transfer such personal information to affiliates, subsidiaries, sister companies, holding companies, parent companies, strategic partners, or any other organization.
CHILDREN
Precautions For Children – Arcadia does not attempt to collect personal information from children, and it does not provide services to children. The Arcadia website is not directed to children under age 18, and it does not knowingly collect personal information from children under age 18. If a child sends personal information to Arcadia, and this information can be identified as originating from a child, the information will be deleted. Arcadia cannot always determine which information originates with a user that is a child. Arcadia does not maintain databases about children.
EMAIL LIST PRIVACY
Opt-in Email Lists – Arcadia uses email lists that it has assembled from people who have indicated they want additional information about Arcadia’s services. Additionally, it uses email lists that are comprised of people who have requested additional information about services similar to those Arcadia provides.
Arcadia does not use third party email lists, personal contacts, or third party product distribution.
Email List Privacy – Arcadia does not sell, rent or share its email lists with any other third parties. It does not link its email lists to any other databases. Arcadia does not store emails or individual information on its web server. All personally identifiable information is stored on servers behind Arcadia’s firewall.
THIRD PARTY ACCESS TO YOUR PERSONAL INFORMATION
Third Party Access to Personal Information – Arcadia may use third-parties to process your personal information. In these cases, the information is only used for Arcadia business purposes. Arcadia contractually prohibits these vendors from using your personal data for any other activities, and from disclosing, selling or leasing them to any other parties.
Arcadia does not engage in third party advertising. Users will not see third party ads, behavioral targeting, or third party certification services on the Arcadia web site.
Compelled Disclosure – There may be times when Arcadia is required by law to disclose the information that you have submitted. Unless Arcadia is legally prohibited to do so, it will do its best to provide you with notice that a request for your information has been made to give you an opportunity to object to the disclosure. If you do not challenge the disclosure request, Arcadia may be legally required to turn over your information.
WEB SITE SECURITY
Security Measures – Arcadia’s site is protected with a variety of security measures that are provided by/ hosted by a third party, such as change control procedures, passwords, and physical access controls. These controls include data confidentiality policies and regular database backups.
Encryption Policy – Please be aware that the information you send to Arcadia in an email message or in any other form will not be encrypted. Do not send any confidential information within clear text forms or email messages. If you want to give Arcadia confidential information, please call (408) 961-8100.
Storage of Personally Identifiable Information (“PII”) – Arcadia does not store any PII on its web server.
Accountability – Information security personnel ensure the security of the information Arcadia processes and stores.
Policies and Procedures – Arcadia has internal policies and procedures to limit access to your information to only those who have a business need to view it.
Sensitive Communications Via Email and Web Page
Sending Confidential Information – Web sites visitors must not use this site to submit confidential information to Arcadia. To arrange for the delivery of highly sensitive information, contact Arcadia directly by calling (408) 961-8100 to communicate any confidential information.
Arcadia does not collect confidential information via this web site.
YOUR PERSONAL INFORMATION
Access to Personal Information – Arcadia makes every effort to keep its records accurate. Arcadia will make appropriate changes when it is notified. If you want to view, update or delete the information Arcadia has about you in its database, please email [email protected]. Arcadia will follow procedures to verify your identity before providing this information to further protect your privacy.
Your Opt-In and Opt-Out Decisions
Product Information – If you would like to receive information regarding Arcadia’s services or publications, please email [email protected].
Email Lists – If you are currently on Arcadia’s email list and wish to be removed, please send an email to [email protected].
Privacy Policy Changes
Policy Change Notice – Arcadia may occasionally make changes to its privacy policy to reflect changes in legal and regulatory requirements, or as necessary as it upgrades or modifies its technology, applications and service offerings. Arcadia recommends you visit the site to review its privacy policies occasionally.
SECURITY BREACH NOTIFICATION
Arcadia strives to maintain the security of all information collected, including using security measures provided by/ hosted by a third party. Personal information includes:
An individual’s first name or initial, plus last name, plus one or more of the following data elements:
Social Security number,
California State ID number (including driver’s license), or
Any payment account number, including payment card numbers, in combination with a password or other code that would permit access to that account.
A user name or email address, in combination with a password or security question and answer that would permit access to an online account.
By voluntarily entering your information in an email message or in any other method to Arcadia, you agree to accept electronic notification in the event of a data breach. Following the discovery of a data breach, any California resident whose personal information was, or is reasonably believed to have been acquired by an unauthorized person will be notified in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement.
For breaches falling under the section A definition of personal information above, the electronic notification will be in plain language and include (1) Arcadia’s contact information, (2) a list of the types of personal information potentially subject to the breach, (3) the date, approximate date, or date range during which the breach occurred, (4) whether the notification was delayed as a result of law enforcement, (5) a general description of the breach, and (6) if the breach exposed California ID or a social security number, the contact information of the major credit reporting agencies.
For breaches falling under the section B definition of personal information above, the security breach notification shall be provided by written notice, conspicuous posting on Arcadia’s web site, or by delivery to an IP address or online location that Arcadia knows the consumer often uses to access the breached account.
CONTACT INFORMATION
Privacy Policy Questions and Problems: If you have any specific questions or concerns about Arcadia’s privacy policy or practices, including any suspected potential disclosures of your personal information, or wish to remove your name and related information from our contact database, please use the following contact information:
The Arcadia Companies
P.O. Box 5368
San Jose, CA 95150
(408) 961-8100
[email protected]
REFERENCES
This policy helps address the requirements of the following regulations and standards:
OECD Fair Information Principles
FTC Online Privacy Principles – US Federal Trade Commission
COPPA – Children’s Online Privacy Protection Act
ISO 27002: 15.1.4 Data protection and privacy of personal information
Health Care: HIPAA Privacy – Final Rule, HITECH Act
Financial Services: GLBA Act, Title V – Privacy
California Civil Code
California Business and Professions Code