PRIVACY AND INFORMATION SECURITY POLICY  

1. Objectives
Legacy Trust is committed to protecting the confidentiality and integrity of the information to which it has been entrusted by its clients, as well as Legacy Trust 's proprietary information, including its products, the information systems and technology infrastructure, and the services it provides (collectively, “Information”). The Privacy and Information Security Policy (“Policy”) outlines the principles that govern all Legacy Trustbusiness units and regulated direct or indirect subsidiaries of Legacy Trust(collectively, “[BANK]”) with respect to the collection, sharing, and protection of Information. Legacy Trust will adopt and implement procedures to achieve the Policy goals: to obtain, maintain and disseminate Information appropriately; to ensure the security and confidentiality of Information; and, protect against anticipated internal or external threats or hazards to the security or integrity of the Information.

2. Scope
Information takes many forms and includes records stored on computers and magnetic or optical media, data transmitted across networks or by fax, and information printed out or written on paper. It can also consist of work knowledge or concepts and can be represented in material objects. Specifically, Legacy Trust may obtain “Nonpublic Personal Information,” information about an individual obtained in connection with providing a financial product or service to the individual for personal, family or household purposes. Nonpublic Personal Information may include, but is not limited to, name, address, social security number, account number or balance, debit card usage, and insurance policy coverage and may be provided to Legacy Trust directly by the individual or obtained from transactions with Legacy Trust or others.

3. Use of Nonpublic Personal Information
Legacy Trust uses the Nonpublic Personal Information it collects in a variety of ways depending on the nature of the customer’s relationship including, but not limited to, delivering various financial services; processing, servicing and maintaining accounts and transactions; responding to customer requests; resolving disputes; and generally fulfilling Legacy Trust’s obligations to the customer. In addition, the information may be used to verify a customer’s identity as required by the USA PATRIOT Act.

4. Disclosure of Nonpublic Personal Information
Legacy Trust does not disclose any Nonpublic Personal Information to third parties, except as permitted or required by law, rules or regulations. Legacy Trust may disclose Nonpublic Personal Information to other financial institutions with which it has a joint marketing agreement or similar arrangement. Nonpublic Personal Information may be disclosed to affiliated and nonaffiliated third parties to enable them to provide business services for Legacy Trust, including marketing services, for us, such as helping to evaluate requests for products or services, performing general administrative activities and/or assisting in processing transactions. The affiliated and nonaffiliated third parties are required to protect the confidentiality and security of this information and to use it only in accordance with Legacy Trust’s instructions.

In the event that a customer decides to close an account or otherwise becomes an inactive customer, Legacy Trust will continue to follow its privacy and information security practices.

5. Cookies
This website uses cookies, messages given to a Web browser by a Web server. The browser then stores the cookie in a text file. This website uses two types of cookies:

Session cookies which are temporary cookies that are automatically deleted whenever you close all open Web browser windows. Session cookies are used to ensure that you are recognized when you move from page to page within the site and that any information you have entered is remembered. Session Cookies do not collect information from the user’s computer. They typically will store information in the form of a session identification that does not personally identify the user.

Persistent cookies that remain permanently on the cookie file of your computer. These persistent cookies contain the user id used to access the site along with encrypted identification values associated with the User ID in conjunction with the particular device (e.g. the PC, mobile device or other computer from which you accessed the website). These persistent cookies are used to provide enhanced security measures, personalize your experience on the site, monitor overall web site performance and provide overall site usage reporting. Cookies placed on your device do not contain any personal information, such as an email address or name.

Although your browser may permit you to reject cookies, cookies are required to login and navigate within this website. If you should choose to disallow cookies you will be required to respond to challenge questions each time you log on.

We protect your account information from unauthorized access, to the best of our ability, by placing it on the most secure portion of our website. That’s why you have to enter a unique user name and password as well as either registering your device with us or answering 2 additional personal knowledge base questions each time you want to access this secure website. We also utilize a site authentication feature (personalized image and description), which allows you to verify you are visiting the valid website. Your password should never be shared with anyone.

None of our other clients can access your data, and only a restricted set of our employees can access your data in order to provide service to you. When you access password protected portions of our site using a web browser, Secure Sockets Layer (SSL) technology is used to protect your communications through server authentication and data encryption. We upgrade and maintain our technology on an ongoing basis. Although this website may link to some external sites, we are not responsible for the privacy practices of those websites.

6. Vermont and California Residents Only
The information practices described above comply with federal law. Vermont and California laws place additional limits on sharing Nonpublic Personal Information about their residents. If a customer is a Vermont or California resident, Legacy Trust will automatically limit the disclosure of Nonpublic Personal Information to affiliated and nonaffiliated third parties as permitted or required by applicable law or regulation.

7. Information Security
Legacy Trustmaintains physical, electronic and procedural safeguards to protect Information. Legacy Trust is committed to the following principles to ensure the confidentiality and protection of Information: maintaining Information security, taking into consideration business requirements, risk mitigation, industry practice, and legal and regulatory requirements; protecting all forms of Information; implementing security measures that are effective, consistent and cost justified; effective implementation by management and staff for adherence to policies and procedures; monitoring advances in security technology to ensure that Legacy Trust is providing an appropriate level of privacy and safety; and, appropriate reporting of deviations from the policies and procedures or security breaches.

Legacy Trust employees are required to protect the confidentiality of Information and observe policies and procedures in accordance with their job function. Employees may only access Information when there is an appropriate reason to do so, such as to administer or offer Legacy Trust products and services and may be subject to disciplinary rules for noncompliance with policies and procedures. Legacy Trust may conduct business in various locations where the laws conflict with Legacy Trust’s established policies and/or procedures. In such instances, Legacy Trust will make appropriate modifications to comply with local law.

8. Administrative Responsibilities
Several individuals are responsible for defining, maintaining and publishing the procedures necessary to implement the privacy and information security principles, including without limitation Legacy Trust. Legacy Trust will oversee the coordination of privacy and information security activities within the organization and review the activities from a business and regulatory perspective. Legacy Trust will review the Policy at least annually.