Rebecca Herold & Associates, LLC Privacy Policy
Updated January 30, 2013
Our business is information security, privacy and compliance is our business.  We practice what we advocate.  

Table 1 summarizes the commitments we make within our privacy policy:
Privacy Policy Overview
Thank you for reading our web site privacy policy. We respect your privacy. Information you entrust to Rebecca Herold & Associates, LLC will be
handled with the greatest care, and Rebecca Herold & Associates, LLC will not use the information in ways to which you have not consented or is
not required by law.
Notice
Our privacy policy is made available on all
pages where we collect personal information.
Use Limitation & Retention
We collect and retain only the personal
information we need for the described business
purposes and legal requirements.
Choice
We respect your preferences for how we
contact you regarding our services and
activities.
Information Transfer
We confirm that our service providers provide
reasonable privacy and security protections.
Access
We will enable you to access and update the PII
we have on file for you by
contacting us.
Security
We secure your personal information using
reasonable technical, procedural and
administrative practices.
Accountability
We review and update our privacy practices at
least annually and whenever appropriate based
upon changes to our business.  We will post a
notice when changes in our privacy policy
occurs.
Data Quality
We will keep information as accurate as
possible for the purpose for which it is used.
Table 1 - Privacy Policy Summary

See below for more details about our privacy policy.

SCOPE OF THIS POLICY
This Policy applies to the processing of personal information on privacyguidance.com and by Rebecca Herold & Associates, LLC, an Iowa corporation
that assists organizations of all sizes and in all industries with information security, privacy and compliance

Our policy covers the following topics:
What information do we
collect?
How do we collect it?
Why do we collect this data?
Depending upon the
interaction, we may collect
your basic contact
information: name, e-mail,
address, phone number,
company name, and position
We may collect the information
from you, via our Site or your
communications with us; from
mutual acquaintances who refer
you to us; and from third-party or
public sources such as the
Internet
We use this information to contact
you to inform you about our
business, products, and services;
to conduct surveys; to perform
interviews for articles; and to
inform you of career or business
opportunities
Your payment information,
such as your credit-card
information or information on
checks you submit for
payment.
From you, via our Site or your
other communications with us
To process your payments for our
products and services
Your computer information
From your browser and cookies
when you visit our Site or open
our e-mails
To process your payments on our
Site, to measure and improve our
Site and our web presence, and
track e-mail open rates

Questions?
If you have any questions or concerns about our privacy policy or practices, please contact:

Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI
Rebecca Herold & Associates, LLC
1408 Quail Ridge Avenue
Van Meter, Iowa  50261
(515) 491-1564
rebeccaherold@rebeccaherold.com

Data Collection

Table 2 summarizes the information we collect from this site and why we collect it.

Table 2 - Data Collection

Web Site Information
Rebecca Herold & Associates, LLC recognizes the importance of keeping the information we collect about you confidential. We always take great care to
protect what you entrust to us. Rebecca Herold & Associates, LLC is committed to protecting the privacy of visitors to our website.

We do not automatically collect personal information about our web site visitors. We may record the Internet protocol (IP) address of the computer you are using,
the browser software used, the operating systems used, and the websites from which our visitors link directly to our site. We
aggregate and use this information to determine how many visitors we have to different pages on our web site, to detect and correct systems problems,
and to improve the usability of our web site. This information is not connected to individual names or personal identities.

Sites Covered by this Policy
This Privacy Policy applies to all Rebecca Herold & Associates, LLC-owned web sites and domains, and our wholly owned subsidiaries.

Links to Other Sites
Our web site contains links to other sites, and other sites may link to the Rebecca Herold & Associates, LLC site. Web sites linking to and from this site
may have different privacy practices from the ones described here. The privacy policies of Rebecca Herold & Associates, LLC apply only to our website. Please
read the privacy statements of other web sites you visit for information regarding specific privacy practices.

Cookies
We use “cookies” to allow for the ecommerce capabilities on this site, similar to how other commercial websites use them in a privacy-responsible manner.  

A cookie is a small text file that is placed on your computer by a web server.   The cookies cannot be used to install computer programs or deliver viruses to
your computer.   There are two types of cookies we may use to enable ecommerce:


Each time you visit our Website, our Web server will recognize your cookie.  By assigning your computer a persistent, unique identifier, we're able to   
create a database of your previous choices and preferences.  In situations where these choices or preferences need to be collected again, they can
be provided by us automatically, saving you time and effort.  Assigning your computer a persistent, unique identifier also helps us keep a more
accurate count of how many people visit our Website, how often they return, how their use of our Website varies over time, and the effectiveness of
our promotional efforts.  If you access our Website through an e-mail we have sent you or you've created a “user identity” during one of your visits, we
may link the information provided by our cookies to information in our records that identifies you personally.

Web Bugs
The pages on our Website may contain electronic images known as “Web bugs,” also commonly called “Web beacons, ” “single-pixel gifs” and
“clear gifs.” These web bugs allow us to count the number of visitors who have visited those pages.  We may use Web bugs to learn more about the
ways visitors use our Website, so that we can continually improve it.  

We may also include Web bugs in promotional or ecommerce delivery email messages in order to determine whether messages have been opened and
acted upon.  Some of these Web bugs may be used to place a persistent cookie on your computer so that we can determine the effectiveness of our
marketing efforts or email communications.  We may link information obtained using Web bugs to other information that identifies you personally.  

Some of the Web bugs on our Website may have been placed by third-party service providers to help determine the effectiveness of our advertising
campaigns or email communications.  These Web bugs may be used by these service providers to place a persistent cookie on your computer.  Doing
this allows the service provider to recognize your computer each time you visit certain pages and compile information in relation to those page views.  Our
service providers may link information obtained using Web bugs to other information that identifies you personally.  We confirm that our service providers,
however, will keep your personal information confidential and use it only to perform services on our behalf.

Email List Privacy
We use email lists that we have assembled from people who have indicated they want additional information about our services. Additionally, we use
email lists that are comprised of people who have made purchases from Rebecca Herold & Associates, LLC, and who have requested additional
information about services similar to those Rebecca Herold & Associates, LLC provides.

Log Files  
We may also collect log files that record Website activity, including how many "hits" a particular Web page is getting.  These entries are generated
anonymously, and enable us to assess overall site activity, track interest in advertised sales, and troubleshoot technical concerns.  We also use the log
file entries for our internal marketing and demographic studies, so that we can constantly improve the services we provide you.  Log files are used
internally only, and are not associated with any particular user, computer, or browser.

Spyware
Our Website does not use spyware.  The term “spyware” refers to a software program that, when installed on your computer, changes settings, displays
advertising, or tracks your Internet behavior and reports information back to a central database.  Spyware is usually installed on your computer without your
knowledge and can be very difficult to remove.

Third Party Access
We use PayPal to process the payments made on our site.  We provide do not provide any information directly to PayPal.  You, as a customer,
will provide PayPal directly with your purchase information, such as credit card number; we will not maintain or collect any credit card information
directly through out the site.  We may provide PayPal with the names and email addresses of our ecommerce customers to facilitate distribution,
but we do not give them access to any other personal information.

While we take steps to protect the confidentiality, privacy and security of personal information communicated to PayPal, their activities are not
subject to the exclusive control of Rebecca Herold & Associates, LLC and they are not subject to this privacy policy. Please see the PayPal
privacy policy, (
http://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside) to learn more about how they protect personal
information.

With the above exception, Rebecca Herold & Associates, LLC does not sell, rent or share our email lists with any other third parties. We do not link
our email lists to any other databases. We do not store emails or individual information on our web server. All personally identifiable information is
stored on servers behind our firewall.

Personal Contacts
Rebecca Herold & Associates, LLC personnel frequently give presentations at conferences and seminars; write books, articles and newsletters; and
participate in similar types of group and individual communications. We often receive business cards as well as requests for additional information
or help with risk related issues. When we receive requests for information or help in person, from our web site from information volunteered by our
web site visitors, or from conferences from people indicating they want more information about our type of services, we will place these individuals on
our contact list.

Your Opt-In and Opt-Out Decisions

If you would like to receive information regarding our services, publications, products or privacy practices, please fill out our information request form on
the
Contact Me page.  If you are currently on our email list and wish to be removed, please send an email to Rebeccaherold@rebeccaherold.com

Access to Your Personal Information
We make every effort to keep our records accurate. We will make appropriate changes when you notify us. If you want to view, update or delete the
information we have about you in our database, please fill out our information request form on the
Contact Me page.  We will follow procedures to
verify your identity before providing this information to further protect your privacy.

Communicating Via Email and Web Page
The fields used to make ecommerce purchases are encrypted. If you are using an Internet Explorer browser, you can see which communication pages
are encrypted by looking in the lower right hand corner of the bottom toolbar. A closed padlock icon indicates the page is encrypted. An open padlock
indicates that the page is not encrypted.

Important note: The information sent using the request form on the
Contact Me page is sent in clear text and is not encrypted. Do not send confidential
information through these communication fields. Contact Rebecca Herold & Associates, LLC directly by calling 515-996-2199 to communicate any
confidential information, or send an encrypted email using a PGP key that you have shared with our personnel.

Children
Rebecca Herold & Associates, LLC does not market information to children, and we do not provide services for children. The Rebecca Herold &
Associates, LLC website is not directed to children under age 18, and we do not knowingly collect personal information from children under age 18.

The forms on our Site are capable, however, of collecting online information from children under the age of 13 who furnish it without prior parental
consent.  Upon discovery that any such information has been supplied by children under the age of 13, we will disregard and delete that information.  
We urge parents to instruct their children to never give out their real names, addresses, or phone numbers without their permission when online.

Web Site Security
We use multiple security features and procedures to protect the information you send us from our website.

1. Encryption
Please be aware that the information you send to us in the Contact Me information request form and in an email message will not be encrypted.
Do not send any confidential information within clear text forms or email messages. If you want to give us confidential information, please call us
at the number given at the bottom of this page, or use your PGP key to encrypt the information.

We use strong encryption based upon current industry standards to protect the PII submitted to us on the product purchase pages of this sit.

2. Personal Information storage policy

We do not store any personal information on our Internet web server.

The information we collect is stored on our secured computer systems that are not directly accessible by Internet users..

3. Accountability
Information security personnel ensure the security of the information we process and store.

4. Policies and Procedures
Rebecca Herold & Associates, LLC has policies and procedures to limit access to your information to only those who have a business need to view it.

Privacy Policy Changes
We may occasionally make changes to our privacy policy to reflect changes in legal and regulatory requirements, or as necessary as we upgrade or
modify our technology, applications and service offerings. We recommend you visit our site to review our privacy policies occasionally.

Or, if you prefer, we will be glad to send you an email whenever the policy is updated. Please fill out our
Contact Me request form if you would like to be
notified via email.

Compelled Disclosure
There may be times when we are required by law to disclose the information that you have submitted. Unless we are legally prohibited to do so, we will
do our best to provide you with notice that a request for your information has been made to give you an opportunity to object to the disclosure. If you do
not challenge the disclosure request, we may be legally required to turn over your information.

Effective Dates
The effective date of this website policy is September 27, 2008.

Effective Locations
This policy applies to all our worldwide customers.

© 2014 Rebecca Herold & Associates, LLC.  All rights reserved.
Privacy Policy  
Email Rebecca Herold