Data Protection Policy
Your privacy is important to Aurous Financial Services, LLC. Our information security program (“Data Protection Policy”) is effective as of July 2024 and explains the administrative, technical, and physical safeguards Aurous Financial Services, LLC. (“Aurous Financial Services,” “Aurous Financial,” “Aurous,” or “we”, “us” or “our”) has in place to protect the data that it collects, creates, uses, and maintains.
Updates to this Data Protection Policy
This Data Protection Policy is subject to change. We update this Data Protection Policy periodically as warranted. As a part of developing and implementing this Data Protection Policy, Aurous Financial Services will conduct and base its information security program on a periodic, documented risk assessment, whenever there is a material change in Aurous Financial Services’s business practices that may implicate the security, confidentiality, integrity, or availability of records containing information, or when circumstances so require. This Data Protection Policy has been developed in accordance with, inter alia, the requirements of the Gramm-Leach-Bliley Act Safeguards Rule, 16 C.F.R. §§ 314.1 to 314.6, the Massachusetts Data Security Regulation, 201 Code Mass. Regs. 17.01 to 17.05, and other similar US state laws, however, this should not be construed as a concession by Aurous Financial Services as to the applicability of any particular law or regulation to its operations, including with respect to the collection, protection and/or dissemination of data.
Purpose of the Data Protection Policy
The purpose of our Data Protection Policy is to enable Aurous Financial Services to the extent practicable, to:
A. Ensure the security, confidentiality, integrity, and availability of electronically stored information Aurous Financial Services collects, creates, uses, maintains and/or disseminates (“Data”);
B. Protect against anticipated threats or hazards to the security, confidentiality, integrity, or availability of Data;
C. Protect against unauthorized access to or use of Aurous Financial Services’s Data that could result in substantial harm or inconvenience to any customer or employee of Aurous Financial Services;
D. Define an information security program that is appropriate to Aurous Financial Services’s size, scope, and business, its available resources, and the amount of Data that Aurous Financial Services owns or maintains on behalf of others, while recognizing the need to protect both customer and employee information;
E. Comply with data and information-related legal obligations; and
F. Follow best practices for Data governance and security.
Kinds of Data We Protect
We may collect Data in the course of your use of, or registration with, our website, mobile applications, and social sites, through your computer, smartphone, tablet or other mobile devices.
For example, when you create an account or apply for a service, you may provide us with certain personal information. This type of personal information may include:
Aurous Financial Services also take steps to protect sensitive Data including but not limited to, customer lists, business and client development plans, and documents created or exchanged in connection with any of the services we offer.
How We Protect Your Data
Aurous Financial Services has developed, implemented, and maintained administrative, technical, and physical safeguards to protect the security, confidentiality, integrity, and availability of Data that Aurous Financial Services owns or maintains on behalf of others.
Administrative Safeguards
Aurous’s administrative safeguards include:
A. A designated “Qualified Individual” who manages this Data Protection Policy;
B. Identification of internal and external risks and regular assessment of whether the existing safeguards adequately control identified risks;
C. Training for employees in security program practices and procedures with management oversight;
D. Selecting service providers that are capable of maintaining appropriate safeguards and requiring service providers to maintain safeguards by contract; and
E. Adjusting the Data Protection Policy in light of business changes or new circumstances.
Technical Safeguards
Aurous Financial Services’s technical safeguards includes maintenance of a security system covering its network (including wireless capabilities) and computers that, at a minimum, and to the extent technically feasible, supports:
Physical Safeguards
Aurous’s physical safeguards include:
A. Physical security measures to protect areas where protected information may be accessed, including restricted physical access, and storing records containing protected information in locked facilities, areas, or containers;
B. Preventing, detecting, and responding to intrusions or unauthorized access to protected information, including during or after data collection, transportation, or disposal; and
C. Secure disposal or destruction of protected information, whether in paper or electronic form, when it is no longer to be retained in accordance with applicable laws or accepted standards.
Additional Safeguards
Aurous Financial Services’s safeguards also include:
after the last date Aurous Financial Services uses it for provisioning a product
or service to the relevant customer unless it is necessary for business
operations or other legitimate business purposes, retention is otherwise
required by law, or targeted disposal is not reasonably feasible due to the
way Aurous Financial Services maintains it; and
unnecessary retention of protected information.