As a registered investment adviser, Leonard Rickey Investment Advisors (“LRIA”) must comply with SEC Regulation S-P, which requires registered advisers to adopt policies and procedures to protect the "non-public personal information" of natural person consumers and customers and to disclose to such person’s policies and procedures for protecting that information.
Further, and as a SEC registered advisory firm, our firm must comply with SEC Regulation S-AM, to the extent that the firm has affiliated entities with which it may share and use consumer information received from affiliates.
Regulation S-P / Privacy Rule
The purpose of these regulatory requirements and privacy policies and procedures is to provide administrative, technical and physical safeguards which assist employees in maintaining the confidentiality of non-public personal information ("NPI") collected from the consumers and customers of an investment adviser. All NPI, whether relating to an adviser's current or
former clients, is subject to these privacy policies and procedures. Any doubts about the confidentiality of client information must be resolved in favor of confidentiality.
For these purposes, NPI includes non-public "personally identifiable financial information" plus any list, description or grouping of customers that is derived from non-public personally identifiable financial information. Such information may include personal financial and account information, information relating to services performed for or transactions entered into on behalf of clients, advice provided by the firm to clients, and data or analyses derived from such NPI.
Regulation S-P implements the GLB Act's requirements with respect to privacy of consumer nonpublic personal information for registered investment advisers, investment companies, and broker-dealers (each, a "financial institution"). Among other provisions, financial institutions are required to provide an initial notice to each customer that sets forth the financial institution's policies and practices with respect to the collection, disclosure and protection of customers' nonpublic personal information to both affiliated and nonaffiliated third parties. Thereafter, as long as the customer relationship continues to exist, the financial institution is required to provide an annual privacy disclosure to its customers describing the financial institution's privacy policies and practices unless it meets the requirements for the annual delivery exception as set forth
Significantly, on December 4, 2015, the President signed the Fixing America's Surface Transportation Act (the "FAST Act") into law. Among other provisions, the FAST Act includes an amendment of the consumer privacy provisions within the GLB Act. The amendment, which went into effect immediately, now provides an exception to the annual privacy notice distribution requirement if the financial institution meets the following two criteria: (i) the financial institution does not share nonpublic personal information with nonaffiliated third parties (other than as permitted under certain enumerated exceptions) and (ii) the financial institution's policies and practices regarding disclosure of nonpublic personal information have not changed since the last distribution of its policies and practices to its customers.
SEC Regulation S-AM, effective 9/10/2009, with a postponed compliance date from 1/1/2010 to 6/1/2010, requires SEC investment advisers, and other SEC regulated entities, to the extent relevant, to implement limitations on the firm's use of certain consumer information received from an affiliated entity to solicit that consumer for marketing purposes. Regulation SAM provides for notice and opt-out procedures, among other things. The compliance date was extended to allow registered firms to establish systems to meet the new regulatory requirements.
Benjamin Rickey is responsible for reviewing, maintaining and enforcing these policies and procedures to ensure meeting LRIA client privacy goals and objectives while at a minimum ensuring compliance with applicable federal and state laws and regulations. Benjamin Rickey may recommend to the firm's principal(s) any disciplinary or other action as appropriate. Benjamin Rickey is also responsible for distributing these policies and procedures to employees and conducting appropriate employee training to ensure employee adherence to these policies and procedures.
LRIA has adopted various procedures to implement the firm's policy and conducts reviews to monitor and ensure the firm's policy is observed, implemented properly and amended or updated, as appropriate, which include the following:
Non-Disclosure of Client Information
LRIA maintains safeguards to comply with federal and state standards to guard each client's non-public personal information ("NPI"). LRIA does not share any NPI with any nonaffiliated third parties, except in the following circumstances:
- as necessary to provide the service that the client has requested or authorized, or to maintain and service the client's account;
- as required by regulatory authorities or law enforcement officials who have jurisdiction over LRIA, or as otherwise required by any applicable law;
- to protect the confidentiality or security of the financial institution's records against fraud and for institutional risk control purposes; and
- to provide information to the firm's attorneys, accountants and auditors or others determining compliance with industry standards.
Employees are prohibited, either during or after termination of their employment, from disclosing NPI to any person or entity outside LRIA, including family members, except under the circumstances described above. An employee is permitted to disclose NPI only to such other employees who need to have access to such information to deliver our services to the client.
Safeguarding and Disposal of Client Information
LRIA restricts access to NPI to those employees who need to know such information to provide services to our clients. Any employee who is authorized to have access to NPI is required to keep such information in a secure compartments or receptacle. All electronic or computer files containing such information shall be password secured and firewall protected from access by unauthorized persons. Any conversations involving NPI, if appropriate at all, must be conducted by employees in private, and care must be taken to avoid any unauthorized persons overhearing or intercepting such conversations.
Safeguarding standards encompass all aspects of the LRIA that affect security. This includes not just computer security standards but also such areas as physical security and personnel procedures. Examples of important safeguarding standards that LRIA may adopt include:
- access controls on customer information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing customer information to unauthorized individuals who may seek to obtain this information through fraudulent means (e.g., requiring employee use of user ID numbers and passwords, etc.);
- access restrictions at physical locations containing customer information, such as buildings, computer facilities, and records storage facilities to permit access only to authorized individuals (e.g., intruder detection devices, use of fire and burglar resistant storage devices);
- encryption of electronic customer information, including while in transit or in storage on networks or systems to which unauthorized individuals may have access;
- procedures designed to ensure that customer information system modifications are consistent with the firm's information security program (e.g., independent approval and periodic audits of system modifications);
- dual control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to customer information (e.g., require data entry to be reviewed for accuracy by personnel not involved in its preparation; adjustments and correction of master records should be reviewed and approved by personnel other
than those approving routine transactions, etc.);
- monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems (e.g., data should be auditable for detection of loss and accidental and intentional manipulation);
- response programs that specify actions to be taken when the firm suspects or detects that unauthorized individuals have gained access to customer information systems, including appropriate reports to regulatory and law enforcement agencies;
- measures to protect against destruction, loss, or damage of customer information due to potential environmental hazards, such as fire and water damage or technological failures (e.g., use of fire resistant storage facilities and vaults; backup and store off site key data to ensure proper recovery); and
- information systems security should incorporate system audits and monitoring, security of physical facilities and personnel, the use of commercial or in-house services (such as networking services), and contingency planning.
Any employee who is authorized to possess "consumer report information" for a business purpose is required to take reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. There are several components to establishing 'reasonable' measures that are appropriate for the firm:
- assessing the sensitivity of the consumer report information we collect;
- nature of our advisory services and the size of our operation;
- evaluating the costs and benefits of different disposal methods; and
- researching relevant technological changes and capabilities.
Some methods of disposal to ensure that the information cannot practicably be read or reconstructed that LRIA may adopt include:
- procedures requiring the burning, pulverizing, or shredding or papers containing consumer report information;
- procedures to ensure the destruction or erasure of electronic media; and
- after conducting due diligence, contracting with a service provider engaged in the business of record destruction, to provide such services in a manner consistent with the disposal rule.
Initial Privacy Notice Delivery
- LRIA will provide each natural person client with initial notice of the firm's current policy when the client relationship is established. LRIA shall also provide each such client with a new notice of the firm's current privacy policies at least annually.
- If LRIA shares non-public personal information ("NPI") relating to a consumer with a nonaffiliated company under circumstances not covered by an exception under Regulation S-P, the firm will deliver to each affected consumer an opportunity to opt out of such information sharing.
- If LRIA shares NPI relating to a consumer with a nonaffiliated company under circumstances not covered by an exception under SB1, the firm will deliver to each affected consumer an opportunity to opt in regarding such information sharing.
Annual Privacy Notice Delivery
- If LRIA shares non-public personal information ("NPI") relating to a consumer with a nonaffiliated company under circumstances not covered by an exception under Regulation S-P, the firm will annually deliver to each affected consumer an opportunity to opt out of such information sharing.
- If LRIA shares NPI relating to a consumer with a nonaffiliated company under circumstances not covered by an exception under SB1, the firm will annually deliver to each affected consumer an opportunity to opt in regarding such information sharing.
Annual Privacy Notice Exception
LRIA will not have to deliver an annual privacy notice provided it (1) only shares NPI with nonaffiliated third-parties in a manner that does not require an opt-out right be provided to customers (e.g., if the institution discloses NPI to a service provider or for fraud detection and prevention purposes) and (2) has not changed its policies and practices with respect to disclosing NPI since it last provided a privacy notice to its customers.
If, at any time, LRIA adopts material changes to its privacy policies, the firm shall provide each such client with a revised notice reflecting the new privacy policies. The Compliance Officer is responsible for ensuring that required notices are distributed to the LRIA consumers and customers.
Last updated May 9, 2023
Questions or concerns? Reading this privacy notice will help you understand your data privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at (509) 946-0200.
How Do We Collect Data?
Leonard Rickey Investment Advisors may collect your personal data when you use our website. For instance, when you input information on forms or purchase products and services online, we will collect that information. In addition, a variety of technologies, such as cookies, pixel tags, and analytic tools, allow us to obtain site usage and engagement information. In addition, we can obtain information from third-party sources.
When you visit our website, you will receive a notification that will allow you to customize the data we collect. If you choose to disable data collection and cookies, some features of our site may be unavailable to you.
More on What Data We Collect
When you access this website, some information—such as the site that referred you to www.bestpathforward.com your IP address, and your email address—may be automatically collected as part of the operation of this website. Other information may be dependent on what information you input into our website or prior third-party websites.
- Identifiers, such as your name, display name, postal address, unique personal identifier, online identifier, IP address, email address, username, or other similar identifiers.
- Personal information, such as your name, address, telephone number, payment information (if applicable, last 4 digits only). Some personal information included in this category may overlap with other categories.
- Characteristics of protected classifications, such as your gender and age. The main purpose for collecting this information is to verify your age, ensure you are eligible to use our services, and to show you more relevant ads and content.
- Commercial information, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or other electronic network activity information, such as session logs, search history, information on a consumer's interaction with a website, application, or advertisement.
- Geolocation data, such as your physical location.
- Inferences drawn from other personal information. We may use this information to create a profile reflecting your preferences and characteristics.
What is a Cookie?
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. Cookies allow us to understand your preferences based on previous or current site activity, which enables us to provide you with improved services.
You can choose to have your computer warn you when a cookie is being sent, or you can choose to turn off all cookies. You make these selections in your browser settings. If you turn cookies off, you will not have access to many features that make your site experience more efficient, and some online services will not function properly.
How Do We Use Your Data?
Leonard Rickey Investment Advisors may use your collected personal information for the following purposes:
- Provide customer service
- Market and advertise across a variety of platforms and devices
- Product and service development
- Facilitate subsequent use of this website, including providing information to website hosting partners and other entities who assist us in operating our website and conducting our business.
If you have opted in, such as for a newsletter, we may send you periodic emails. You are welcome to unsubscribe anytime.
Occasionally, we may include or offer third-party products or services on our website. These third-party sites are responsible for their own privacy policies.
We also reserve the right to (a) disclose any such personal information if required to do so by law or in good faith believe that such action is reasonably necessary to comply with legal process, respond to claims, or to protect the rights, property, or safety of our company, employees, clients, or the public; and (b) transfer or sell such personal information to any legitimate successor-in-interest to Leonard Rickey Investment Advisors in the event of sale, acquisition, or insolvency of the company.
How Do We Store Your Data?
Leonard Rickey Investment Advisors makes every reasonable effort to protect the information stored in our databases and the servers we use but cannot guarantee complete freedom from risk. No electronic transmission over the internet or information storage technology can be guaranteed 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security efforts and improperly collect, access, steal, or modify your information. We will not be liable for disclosures of personal information that result from circumstances beyond the company’s control.
Any personal information, as may from time to time be collected from this website— such as when you order or register on the site, subscribe to a newsletter, or fill out the contact form—is stored indefinitely.
Data is stored on our website customer relationship management (CRM) and internal customer management software. In addition, data is stored on the servers we use which are in the United States.
Your Data Protection Rights
Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. For instance, depending on where you are located, you may have the right to:
- The right to access– You have the right to request Leonard Rickey Investment Advisors for copies of your personal data. We may charge you a fee for this service.
- The right to rectification– You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
- The right to erasure– Under certain conditions, you have the right to request that we erase your personal data.
- The right to restrict processing– Under certain conditions, you have the right to request that we restrict the processing of your personal data.
- The right to object to processing– Under certain conditions, you have the right to object to our processing of your personal data.
- The right to data portability– Under certain conditions, you have the right to request that we transfer the data that we have collected to another organization, or directly to you.
- The right to non-discrimination – You have the right to review or change your privacy preferences without retaliation.
If you reside in California, California Civil Code section 1798.83 (the “Shine The Light” law) permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.
If you are located in the European Economic Area (EEA), United Kingdom (UK), and Canada, you have rights that allow you greater access to and control over your personal information. If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority: https://ec.europa.eu/newsroom/article29/items/612080.
If you are located in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
If you make a request, please afford us one month to respond to you. If you have questions or comments about the collection of your personal information, please contact us at (509) 946-0200.
How to Opt Out of Marketing and Promotion Communications?
You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided below. If you are removed from the marketing lists, we may still communicate with you to provide service of your website or other services, to respond to service requests, or for other non-marketing purposes.
Should Children Use This Website?
It is not our intention to collect personal information from anyone under 18 years of age. If you are under 18, you should not enter information on this website.
How to Contact Us
Call us: (509) 946-0200
If at any time you believe that Leonard Rickey Investment Advisors has not followed the above policy, please let us know by contacting us at (509) 946-0200. We will make reasonable efforts to identify and correct any problem.