Types of Non-Public Personal Information. It is impossible to list every type of Non-Public Personal Information that may be collected, but such information (the “Non-Public Personal Information”) may include:
- client’s first and last names (particularly when used in conjunction with any of the other Non-Public Personal Information), addresses and telephone numbers;
- social security numbers and/or tax identification numbers;
- driver’s license number or state-issued identification card number;
- financial account number, or credit or debit card number with or without any required security code, access code, personal identification number or password, that would permit access to a financial account;
- financial circumstances and income;
- securities holdings;
- account balances;
- pending orders;
- trading authorizations and powers of attorney;
- margin balances or account status; and/or
- trading plans or strategies;
provided, however, that Non-Public Personal Information shall not include any information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
FLX may collect Non-Public Personal Information about the FLX Team (Employees, and Independent Contractors).
Confidentiality. The FLX Team (Employees and Independent Contractors) shall not disclose Non-Public Personal Information, except as permitted/required by law or in connection with FLX’s service providers and/or Users and subject to the terms of this policy.
Documents. FLX restricts access to its User personal and account information to those on the FLX Team who need to know that information. Members of the FLX Team shall avoid placing documents containing Non-Public Personal Information in office areas where they could be read by unauthorized persons, such as in photocopying areas or conference rooms. Members of the FLX Team may only remove documents containing Non-Public Personal Information from the premises for bona-fide work purposes.
Information Systems. FLX has established and maintains its information systems, including hardware, software and network components and design, in order to protect and preserve Non-Public Personal Information.
Discussions. Members of the FLX Team shall avoid discussing Non-Public Personal Information with, or in the presence of, persons who have no need to know the information and in public locations, such as elevators, hallways, public transportation or restaurants.
Breach of Security. Each member of the FLX Team is obligated to report any breach or potential breach of security of Non-Public Personal Information to the Chief Executive Officer or designee. Upon a breach of security, FLX shall conduct an internal investigation and/or contact outside counsel for proper guidance on how to proceed. Any responsive actions taken in connection with a breach, the corrective action and any changes to the business practices as a result shall be documented.
Training. FLX conducts training of all new employees with respect to this policy and on the proper use of FLX’s computer security systems upon hire as a part of such employees’ initial onboarding. Training is provided to all members of the FLX Team as part of required compliance training.
Oversight of Service Providers. When retaining third-party service providers that may access/retain Non-Public Personal Information of members of the FLX Team, FLX takes reasonable steps to select third-party service providers that are capable of maintaining appropriate security measures to protect such Non-Public Personal Information consistent with this policy.
Distribution of Privacy Notice. The notice of this policy is disclosed to members of the FLX Team as required by applicable law.
Review of Policy. FLX reviews the scope of the security measures annually or whenever there is a material change in business practices that may reasonably implicate the security or integrity of records containing Non-Public Personal Information. The Chief Executive Officer or designee is responsible for the review and implementation of the standards outlined in this policy.