Privacy Policy
1. PURPOSE
We at Nhabla Financial LLC (hereinafter, “nhabla”) take your privacy seriously. Just like you do. Being a cloud-based financial advising firm comes with a lot of perks, but also with a lot of responsibility. This Personal Data Privacy Notice describes the information we collect from and about you as we work with you to develop your financial planning. This information that we collect from and about you is called Personally Identifiable Information (“PII”), and it includes but is not limited to your name, email address, phone numbers, addresses, etc. We will explain how we collect and use your PII, whom we share it with, and how we protect it.
2. WHAT INFORMATION WE COLLECT AND WHY
We are thrilled that you have trusted nhabla to be your financial advising firm. As we work with you to develop your financial planning, one (or several) of our Wealth Advisors (more widely referred to as “Financial Advisors” in the finance industry) will start to gather certain personal details from you—your name, email address, phone numbers, etc.—which we collectively refer to you as PII. Any PII we collect from you is for the sole and exclusive purpose of better serving you. We may use certain information for analytic purposes, market research, or for marketing purposes, as allowed by law. However, we will never use or sell your personal information to third parties for commercial purposes. Ever.
3. OUR THIRD-PARTY VENDORS AND THEIR ACCESS TO YOUR PII
We have partnered up with certain third-party vendors for purposes of better serving you and your financial needs. As we are a cloud-based company, most of our business partners are also cloud-based, and they are:
Acuity Scheduling, which is a scheduling tool that we use to manage our appointments with prospective clients who visit our website to learn about our services. Acuity Scheduling will store your name, phone number, and email address for the purpose of scheduling meetings, sending reminders by text and/or email about said meetings, etc. To learn more about Acuity Scheduling’s privacy policy, please visit https://www.squarespace.com/privacy
Microsoft Office 365 Suite is a cloud-based suite of apps (including Outlook, SharePoint, Word, Excel, OneDrive, etc.) that we use to conduct business on a daily basis. All of our email communications with you, our business partners, and other parties will occur through Outlook. Therefore, any emails and/or attachments you send to us will pass through and remain in Microsoft’s servers. We also use SharePoint and OneDrive to maintain our client files, which may contain your PII and other confidential documents and information.
Eversign will hold electronic copies of all documents of all documents signed by you. To learn more about eversign’s privacy policy, please visit https://eversign.com/legal/privacy
Altruist LLC is our broker-dealer and custodian, so Altruist holds actual custody of your assets. This means that Altruist holds all your account and bank information, and any information that is necessary to establish the legitimacy of your identity and to identify any risk factors (known as “Know Your Customer” information or “KYC”). To learn more about Altruist’s security and privacy policies, please visit https://altruist.com/security/
GoTo Connect is a cloud-based, all-in-one communications solution that allows for VoIP phone calls, meetings, and messaging between our Financial Strategists and you. For quality assurance and dispute resolution purposes, any calls between our Wealth Advisors will be recorded and saved onto GoTo Connect. These recordings are exclusively used for internal purposes, unless a legal dispute arises that makes it necessary for the recording to be disclosed outside of nhabla. In that instance, the call will only be disclosed to the extent that is deemed necessary by the law. To learn more about GoTo Connect’s Privacy Policy and beyond, please visit https://www.goto.com/company/legal/privacy
Stripe is the e-commerce payment processing software that we use for our website and mobile application. You can learn more about Stripe’s Privacy Policy by visiting https://stripe.com/privacy
4. HOW WE KEEP YOUR PERSONAL INFORMATION SAFE
Obviously, your PII is considered non-public information, which means that nhabla treats it as confidential information. As a cloud-based financial adviser firm, we are acutely aware that your PII is particularly vulnerable to cyberattacks and we have implemented safeguards to keep your information safe. While we cannot control Internet transmissions and cannot provide assurances that personal information transmitted to us will never be compromised, safeguarding your PII is the primary focus of our cybersecurity and confidentiality policies.
In addition to our internal cybersecurity policies, nhabla’s websites are protected with a variety of security measures, such as change control procedures and passwords. nhabla also employs a variety of other mechanisms to protect a user’s data from being lost, misused, or altered inappropriately. These controls include data confidentiality policies. We appreciate that a cybersecurity data breach involving your PII can lead not only to regulatory issues but also to losing your trust.
Our cybersecurity policy is modeled on the National Institute of Technology (NIST) framework, which helps us identify potential risks, protect, limit, or contain the impact of any cybersecurity incidents, detect when there is a potential cybersecurity vulnerability in a timely manner, respond accordingly to any cybersecurity incidents once detected, and recover to normal operations in a timely manner.
5. OUR EMPLOYEES’ ACCESS TO YOUR PERSONAL INFORMATION
nhabla employees will have access to your PII as necessary to conduct their duties. In other words, not all nhabla employees will have untethered access to your information. No unauthorized access or improper use of your PII will be tolerated.
All nhabla employees are trained regularly, and as required by the applicable regulations, in cybersecurity best practices. We also test our Cybersecurity Policy on a 3 quarterly basis to ensure that all employees have the proper system access privileges, to address any security vulnerabilities, and to ensure that all workstations have the proper security measures. We also test and evaluate our Cybersecurity Policy on a yearly basis to assess any risk or vulnerabilities in our security policies and procedures, ensure two-factor authentication is in place, perform relevant third-party penetration tests or vulnerability scans and remediate any relevant discoveries, and ensure that the recovery and restoration process if properly configured and sufficient.
Any and all devices used by our employees to conduct nhabla business must first be approved by management and be password-protected at all times.
6. IF YOUR PERSONAL INFORMATION IS COMPROMISED, WE ARE PREPARED TO RESPOND
In the event of theft, loss, unauthorized release, or unauthorized use or of access of your sensitive client information, we will communicate the details of the incident to the relevant parties (internally and externally), determine if any internal disciplinary action is needed, determine if any third-party vendors were involved in the incident, contact proper law enforcement and/or regulatory agencies as required by the law (if necessary), communicate the steps being taken to rectify the incident to impacted clients of the firm (if necessary), and follow all relevant state data breach notification laws (if necessary).
Once we mitigate and respond to the incident, we will review the details of the incident to determine whether any changes to our Cybersecurity Policy are warranted. If so, we will update our Cybersecurity Policy accordingly.
7. CHANGES TO THIS NOTICE
nhabla reserves the right to modify or update this Personal Data Privacy Notice at any time. Any modifications or updates shall be effective upon posting on your client portal.
8. CONTACT US
If you have any questions or concerns regarding our Personal Data Privacy Notice, please email us here. If you prefer to write to us, please do so at the following address.
Nhabla Financial LLC. d/b/a nhabla
Attn: Compliance Dept. – Personal Data Privacy Notice
2300 Wilson Blvd
Suite 700 #1076
Arlington, Virginia 22201