Under Title V of the Graham-Leach-Bliley Act and SEC Regulation S-P (Reg. S-P), DENALI Advisors is responsible for protecting the security and confidentiality of our clients and employees nonpublic personal information. DENALI is required to ensure that such records are secure and confidential. These records and information must be protected from threats, hazards and unauthorized use or access.
DENALI Advisors collects nonpublic personal information about you from the following sources:
• Information we receive from you on applications or other forms; and
• Information about your transactions with others, such as your financial advisor, or us.
DENALI Advisors will not disclose any nonpublic personal information about you or your account(s) to anyone unless one of the following conditions is met:
• DENALI Advisors receives your prior written consent;
• DENALI Advisors believes the recipient is your authorized representative;
• DENALI Advisors is permitted by law to disclose the information to the recipient in order to service your account(s); or
• DENALI Advisors is required by law to disclose information to the recipient.
If you decide to close your account(s) or become an inactive customer, DENALI Advisors will adhere to the privacy policies and practices as described in this notice.
DENALI Advisors restricts access to your personal and account information to those employees who need to know that information to provide you products or services. We maintain physical, electronic, and procedural safeguards to guard your nonpublic personal information.
Based upon the requirements of Reg. S-P, and the policy as recreated above, DENALI and its employees will follow the following procedure regarding the appropriate handling of this information.
1. Only employees requiring access to nonpublic information shall have access to these records.
a. If access is available to any employee not needing access to the information, the breach is to be immediately reported to the CCO.
b. If access is needed on a temporary basis, the reason must be clearly stated and approved. The approval is to be filed (electronically or in the general files).
i. After temporary use is complete, the materials are to be returned to the individual who granted access. If it is in electronic format, the copy is to be deleted or restricted from further use.
2. Any records with nonpublic information are to be properly destroyed once retained for the required period in accordance with Rule 204-2.
a. For hard copies, the copies are to be shredded in a cross shredder to ensure the information cannot be pieced together.
b. For computers, the files are to be destroyed.
i. Temporary files are to be destroyed immediately upon completion of need of use.
ii. Original files are only to be destroyed if the computer is to be removed from DENALI’s list of assets. (Files need to be kept per SEC requirements for record keeping.) If there is a question on whether a file can be destroyed, contact the CCO.
c. Any computer, which is no longer in use, is to be ‘scrubbed’ prior to leaving DENALI’s office to prevent access by any outsider who may come in contact with the computer.
3. If a breach occurs:
a. DENALI will take immediate action to secure any information that has or may have been compromised.
b. DENALI will contact any client whose information may have been breached.
c. DENALI will preserve and review files or programs that may reveal how the breach occurred with its IT consultant
d. If feasible and appropriate, DENALI will bring in security professionals to help assess the breach as soon as possible to determine how the breach occurred and how to prevent such a breach from occurring in the future.
If there are any questions regarding the proper use and handling of nonpublic information, please contact the CCO.