Privacy Policy

Effective Date: 7.10.2025

1. Introduction

Benefit Bank Distributors (“BBD,” “we,” or “our”) is committed to protecting the privacy and confidentiality of personal data we collect and use. This Data Privacy Policy explains how we handle and protect data in the course of supporting financial institutions and advisors in selling life insurance and annuity products.
We process data strictly for internal business and operational support. We do not sell, analyze, aggregate, or use client or consumer data for marketing or external purposes.

2. Scope

This policy applies to all employees, contractors, and service providers acting on behalf of BBD who may access or handle personal data. It covers all personal and business-related data processed during the course of providing services to our bank and institutional clients.

3. Data Collection and Use

3.1 Categories of Data – We collect and access two types of data:
(a) Advisor and Institutional Client Data:
– Name, business contact details, role, and team structure.
– Licensing, appointment, and sales-related records.
– Case status, communications, and transaction metadata.
(b) Application and Policyholder Data (Limited Access):
– During the life insurance application process, we may receive forms or PDFs containing personal data of the applicant (e.g., name, DOB, address) in order to assist with case review.
– This information is accessed but not stored in our systems or databases.
– No policyholder data is used for marketing or retained beyond the service event.
3.2 Legal Basis and Purpose – We collect and process data:
– To fulfill our service obligations under contracts with our clients.
– To support advisors in completing compliant product applications.
– To communicate and track sales support services.

4. Roles in Data Processing

BBD operates in both of the following roles:
– Data Controller: For internal business contacts, advisors, and operational records stored in systems like Salesforce.
– Data Processor: When handling policyholder documents or application materials from our clients, BBD acts solely as a processor, performing limited tasks to support the completion of a transaction. This data is not used beyond the scope of the service event.

5. No External Sharing or Marketing Use

– No Sale or Use for Marketing: BBD does not sell, share, or use personal data for marketing purposes.
– No Consumer Profiling or Analytics: We do not analyze or aggregate policyholder data.
– Third-Party Access: Where third-party services (e.g., Microsoft, Salesforce) are used, these vendors are bound by confidentiality and security agreements.

6. Data Security

We use technical, organizational, and contractual safeguards to protect the data entrusted to us, including:
– Encryption: All documents and systems use encryption at rest and in transit.
– Access Control: Access is role-based and limited to essential personnel only.
– Secure Storage: Documents are stored in encrypted folders on OneDrive/Azure with access limited to case team members.
– Platform Protections: We use Microsoft 365 and Salesforce under enterprise-grade security standards.
– Training: All staff with access to personal data are trained in secure data handling procedures.

7. Data Retention

– Advisor and Case Records: Retained as long as needed for service delivery and compliance.
– Policyholder Application Documents: Accessed only temporarily for processing; not retained in our systems.
– Retention Policy: Data is deleted or archived once no longer necessary, in line with legal and contractual obligations.

8. Client Data Rights

Although BBD is not subject to the CCPA or GDPR, we respect client expectations for transparency and control. Upon request, we will respond in good faith to:
– Requests for access or correction of personal data.
– Reasonable requests for deletion, subject to retention obligations.
– Inquiries about data use and safeguards.
*No self-service portal currently exists, but we are available to address these requests directly.*

9. Exclusions from Regulatory Applicability

As of this policy’s effective date:
– General Data Protection Regulation (GDPR): Not applicable. BBD does not conduct business in the EU or process personal data of EU residents.
– California Consumer Privacy Act (CCPA): Not applicable. BBD does not meet the statutory thresholds for applicability and does not sell or share consumer data.
*Nonetheless, we voluntarily align with core data protection principles from these frameworks.*

10. Data Breach and Incident Response

If a data breach occurs involving personal data, BBD will:
– Promptly notify affected clients.
– Take immediate steps to contain and investigate the incident.
– Remediate causes and strengthen safeguards as needed.
– Document the event and response in accordance with internal cybersecurity policy.

11. Updates to This Policy

This policy is reviewed regularly. Clients will be notified of significant updates by email or through a notice posted on our website or client portal.

12. Contact Information

For any questions about this policy or to exercise a data rights request, please contact: Tom LeBleu | Chief Information Security Officer | tlebleu@benefitbankdist.com