PRIVACY AND INFORMATION SECURITY POLICY
Hills Bank and Trust Company is committed to protecting the confidentiality and integrity of the information to which it has been entrusted by its clients, as well as Hills Bank and Trust Company's proprietary information, including its products, the information systems and technology infrastructure, and the services it provides (collectively, “Information”). The Privacy and Information Security Policy (“Policy”) outlines the principles that govern all Hills Bank and Trust Company business units and regulated direct or indirect subsidiaries of Hills Bank and Trust Company (collectively, “Hills Bank and Trust Company”) with respect to the collection, sharing, and protection of Information. Hills Bank and Trust Company will adopt and implement procedures to achieve the Policy goals: to obtain, maintain and disseminate Information appropriately; to ensure the security and confidentiality of Information; and, protect against anticipated internal or external threats or hazards to the security or integrity of the Information.
Information takes many forms and includes records stored on computers and magnetic or optical media, data transmitted across networks or by fax, and information printed out or written on paper. It can also consist of work knowledge or concepts and can be represented in material objects. Specifically, Hills Bank and Trust Company may obtain “Nonpublic Personal Information,” information about an individual obtained in connection with providing a financial product or service to the individual for personal, family or household purposes. Nonpublic Personal Information may include, but is not limited to, name, address, social security number, account number or balance, debit card usage, and insurance policy coverage and may be provided to Hills Bank and Trust Company directly by the individual or obtained from transactions with Hills Bank and Trust Company or others.
Hills Bank and Trust Company uses the Nonpublic Personal Information it collects in a variety of ways depending on the nature of the customer’s relationship including, but not limited to, delivering various financial services; processing, servicing and maintaining accounts and transactions; responding to customer requests; resolving disputes; and generally fulfilling Hills Bank and Trust Company’s obligations to the customer. In addition, the information may be used to verify a customer’s identity as required by the USA PATRIOT Act.
Hills Bank and Trust Company does not disclose any Nonpublic Personal Information to third parties, except as permitted or required by law, rules or regulations. Hills Bank and Trust Company may disclose Nonpublic Personal Information to other financial institutions with which it has a joint marketing agreement or similar arrangement. Nonpublic Personal Information may be disclosed to affiliated and nonaffiliated third parties to enable them to provide business services for Hills Bank and Trust Company, including marketing services, for us, such as helping to evaluate requests for products or services, performing general administrative activities and/or assisting in processing transactions. The affiliated and nonaffiliated third parties are required to protect the confidentiality and security of this information and to use it only in accordance with Hills Bank and Trust Company’s instructions. In the event that a customer decides to close an account or otherwise becomes an inactive customer, Hills Bank and Trust Company will continue to follow its privacy and information security practices.
Session cookies which are temporary cookies that are automatically deleted whenever you close all open Web browser windows. Session cookies are used to ensure that you are recognized when you move from page to page within the site and that any information you have entered is remembered. Session Cookies do not collect information from the user’s computer. They typically will store information in the form of a session identification that does not personally identify the user.
Persistent cookies that remain permanently on the cookie file of your computer. These persistent cookies contain the user id used to access the site along with encrypted identification values associated with the User ID in conjunction with the particular device (e.g. the PC, mobile device or other computer from which you accessed the website). These persistent cookies are used to provide enhanced security measures, personalize your experience on the site, monitor overall web site performance and provide overall site usage reporting. Cookies placed on your device do not contain any personal information, such as an email address or name.
Although your browser may permit you to reject cookies, cookies are required to login and navigate within this website. If you should choose to disallow cookies you will be required to respond to challenge questions each time you log on.
We protect your account information from unauthorized access, to the best of our ability, by placing it on the most secure portion of our website. That’s why you have to enter a unique user name and password as well as either registering your device with us or answering 2 additional personal knowledge base questions each time you want to access this secure website. We also utilize a site authentication feature (personalized image and description), which allows you to verify you are visiting the valid website. Your password should never be shared with anyone.
None of our other clients can access your data, and only a restricted set of our employees can access your data in order to provide service to you. When you access password protected portions of our site using a web browser, Secure Sockets Layer (SSL) technology is used to protect your communications through server authentication and data encryption. We upgrade and maintain our technology on an ongoing basis. Although this website may link to some external sites, we are not responsible for the privacy practices of those websites.
The information practices described above comply with federal law. Vermont and California laws place additional limits on sharing Nonpublic Personal Information about their residents. If a customer is a Vermont or California resident, Hills Bank and Trust Company will automatically limit the disclosure of Nonpublic Personal Information to affiliated and nonaffiliated third parties as permitted or required by applicable law or regulation.
Hills Bank and Trust Company maintains physical, electronic and procedural safeguards to protect Information. Hills Bank and Trust Company is committed to the following principles to ensure the confidentiality and protection of Information: maintaining Information security, taking into consideration business requirements, risk mitigation, industry practice, and legal and regulatory requirements; protecting all forms of Information; implementing security measures that are effective, consistent and cost justified; effective implementation by management and staff for adherence to policies and procedures; monitoring advances in security technology to ensure that Hills Bank and Trust Company is providing an appropriate level of privacy and safety; and, appropriate reporting of deviations from the policies and procedures or security breaches.
Hills Bank and Trust Company employees are required to protect the confidentiality of Information and observe policies and procedures in accordance with their job function. Employees may only access Information when there is an appropriate reason to do so, such as to administer or offer Hills Bank and Trust Company products and services and may be subject to disciplinary rules for noncompliance with policies and procedures. Hills Bank and Trust Company may conduct business in various locations where the laws conflict with Hills Bank and Trust Company’s established policies and/or procedures. In such instances, Hills Bank and Trust Company will make appropriate modifications to comply with local law.
Several individuals are responsible for defining, maintaining and publishing the procedures necessary to implement the privacy and information security principles, including without limitation the Chief Information Officer, the Information Security Team and the Corporate Privacy Coordinator. The Operational Risk Committee will oversee the coordination of privacy and information security activities within the organization and review the activities from a business and regulatory perspective. The Board or the Legal & Regulatory Oversight Committee of the Board will review the Policy at least annually.