Information security & privacy policies

Protecting data is imperative to maintaining our stakeholders’ trust. Our Global Security program promotes all aspects of information security risk and considers the confidentiality, integrity and availability of information assets in order to protect information assets. Our security controls, which identify threats, detect attacks and protect these information assets, are aligned with industry guidelines and applicable statutes and regulations. We have an incident response program that includes periodic testing and is designed to restore business operations in a secure manner.

We also have a privacy oversight and governance framework that includes our privacy strategies, privacy policy, guidance for maintaining compliance with privacy regulatory obligations and our approaches to managing risks related to privacy.

All security policies and standards align with the National Institute of Standards & Technology Cybersecurity Framework and applicable industry frameworks (e.g., ISO, FFIEC) and have been developed, reviewed and approved to support appropriate management of identified risks, align with regulatory and industry guidelines and safeguard Harpcredit’s assets. In addition, Privacy Impact Assessments are carried out as part of risk management for certain higher-risk processes undertaken by, or on behalf of Harpcredit.


Transparency & privacy notices

We provide our clients with privacy notices and policies aligned to the services we offer and applicable local regulations. Our privacy notices outline aspects such as personal data we collect, why we collect it, how we use it and any and all rights applicable to such data.

Security & privacy expectations for vendors & service providers

We expect vendors and service providers to abide by our information security and privacy standards. Our global vendor relationship management program standardizes our approach for security and privacy risks related to the relationships we have with vendors and service providers.

As part of the global vendor relationship management program, our Global Security department has a defined third-party security and privacy risk program. Third-party security and privacy due diligence is performed during onboarding of a service and on a defined frequency, based on the risk tiers. The due diligence covers information (cyber) security, business recovery, privacy, technology management, and physical and personnel security expectations. We employ a robust process of questionnaires, third-party follow-ups and site visits when needed to evaluate and monitor these key risk areas.

Security & privacy training

To keep our employees, contract consultants and temporary employees abreast of security and privacy best practices and protocols, we provide them with regular training, including an annual mandatory security and privacy awareness training. Employees in business functions that interact regularly with customer data also participate in tailored security and privacy training.

We also require new employees, contractors, consultants and temporary employees to formally acknowledge Harpcredit’s Acceptable Use Policy and Code of Conduct, in addition to completing mandatory security and privacy awareness training upon hire. Existing employees, contractors, consultants and temporary employees must reconfirm acceptance of Harpcredit’s Code of Conduct on a regular basis.

We continuously promote security and privacy awareness through periodic alerts, messages and/or in-person presentations. One of the hallmarks of the 2021 security awareness program was offering topics that are relevant to recent external events or threats specific to Harpcredit. Harpcredit security awareness promotes a culture that advocates employees to report a security concern 24.7.365. Building on these initiatives, we implement security and privacy tools and exercises that provide additional concentrated messages and training. These include phishing tests, which are designed to simulate security and privacy events and incidents. These tools and exercises allow us to better assess our employees’ recognition of such events and inform new training and awareness programs that further our cyber and information security.


Security & privacy governance

It is our fiduciary responsibility to maintain the confidentiality of information relating to our clients and comply with the data protection requirements imposed by relevant jurisdictions. As such, we’ve established the proper maintenance, controls, processes and protection for our clients’ assets.

The Global Security Department (GSD) brings together Information Security, Global Privacy Office, Business Continuity & Operational Resilience, Corporate Security, Business Security Officers and Strategy, Projects & Governance in collaboration with Global Intelligence & Threat Analysis. This structure provides a comprehensive, holistic approach to keeping our clients, employees and critical assets safe while enabling a secure and resilient business.

The department is distributed globally to most efficiently provide the appropriate level of support anywhere in the world at any time, while simultaneously maintaining strong working relationships with industry peers, regulators, and intelligence and law enforcement agencies in those locations.


Changes to this Statemen

Harpcredit may change this Statement of Privacy from time to time to reflect company and consumer input. Harpcredit invites you to review this Statement on a regular basis to stay up to speed on how Harpcredit is protecting your information

Unsubscribe

We value your privacy and provide you with the option to opt-out of getting certain notifications. By emailing us at Harpcredit, users can opt out of receiving any or all messages from Harpcredit.

Contact Information

Your questions or comments about our Privacy Policy are welcome at Harpcredit. If you believe Harpcredit has violated this Statement, please contact Harpcredit at the following address:

Help: [email protected]

Phone: (404) 282-4986

Last updated June 16th, 2022

Harpcredit will never share your personal info with third parties