SCORE - for the life of your business

www.annarborscore.com

SCORE Association

PRIVACY POLICY

A. Introduction

SCORE Association (“SCORE”) hereby implements this Privacy Policy pursuant to state and

federal privacy regulations.


Members of SCORE's workforce may have access to personal information (“PI”) in its course
of its business, which includes, but is not limited to:


The first name and last name or first initial and last name of an individual

in combination with any one or more of the following data elements that

relate to such individual: (a) Social Security number; (b) driver’s license

number or state-issue identification card number; or (c) financial account

number, credit card number, or debit card number with or without any

required security code, access code, personal identification number or

password, that would permit access to an individual’s financial account;

provided however, that “personal information” shall not include

information that is lawfully obtained from publicly available information,

or from federal, state or local government records lawfully made available

to the general public.


SCORE and its workforce members will not redisclose PI without prior consent from the

individual. However, when an individual submits a request to participate in online counseling,

the individual is agreeing to the terms and conditions of our counseling. The individual’s request

to receive business management counseling from SCORE signifies the individual’s agreement to

cooperate with SCORE if selected to participate in surveys designed to evaluate the individual’s

business and permit SCORE to provide services to the individual. If necessary or required, any

information disclosed by SCORE to the Small Business Administration (SBA) or SBA

representatives will be held in confidence to the extent that it will only be disclosed to SBA

representatives to review and process applications; the information submitted in SBA

applications will not be disclosed to commercial entities. If necessary or required, information

will be disclosed to SBA representatives to process counseling applications. Relevant

information will also be disclosed to assigned management mentor(s) if an individual requests

such counseling from SCORE.


SCORE’s mentors and representatives do not provide advice pursuant to the authority of

professional certifications or licenses that they may hold. SCORE’s mentors and representatives

do not enter into relationships with individuals that entitle the individual to client privileges that

may be associated with any professional certifications or licenses that our mentors may hold.

SCORE does not engage in the practice of law. This includes, but is not limited to, providing

specific legal advice, representing an individual in litigation or any legal proceeding, or

otherwise practicing law as defined by applicable state law. We do not engage in conduct that

leads to the creation of any attorney-client relationship.

If commercially feasible, SCORE will destroy PI once the PI is no longer needed for SCORE to

carry out its business operations. If it is not commercially feasible, SCORE will ensure that the

PI is protected in accordance with this Privacy Policy.


It is SCORE's policy to comply with all applicable federal and state privacy regulations relating

to SCORE’s access to PI. To that end, all members of SCORE's workforce who have access to PI must comply with this Privacy Policy. For the purposes of this Policy, SCORE's workforce

includes individuals who would be considered part of the workforce under HIPAA such as

employees, volunteers, trainees, and other persons whose work performance is under the direct

control of SCORE, whether or not they are paid by SCORE. The term “employee” includes all of

these types of workers.


No third-party rights are intended to be created by this Policy. SCORE reserves the right to

amend or change this Policy at any time (and even retroactively) without notice. To the extent

this Policy establishes requirements and obligations above and beyond those required of SCORE

by federal or state law, the Policy shall be aspirational and shall not be binding upon SCORE.


B. SCORE's Responsibilities


I. Privacy Official and Contact Person

___________________ will be the Privacy Official for SCORE. The Privacy Official will be

responsible for the development and implementation of policies and procedures relating to

privacy of SCORE's PI, including but not limited to this Privacy Policy. The Privacy Official

will also serve as the contact person for individuals who have questions, concerns, or complaints

about the privacy of their PI.

The Privacy Official is responsible for ensuring that SCORE complies with the provisions of

federal or state laws, as applicable.


II. Workforce Training

It is SCORE's policy to train all members of its workforce who have access to PI on SCORE's

policies and procedures. The Privacy Official is charged with developing training schedules and

programs so that all workforce members receive the training necessary and appropriate to permit

them to carry out their SCORE functions in compliance with applicable state and federal

Regulations.


III. Security Safeguards

SCORE will establish appropriate and commercially reasonable physical, electronic and

managerial safeguards to prevent PI from intentionally or unintentionally being used or

disclosed. Such safeguards include, but are not limited to, implementing procedures for use and

disclosure of PI and limiting access to information by creating computer firewalls.

Firewalls will ensure that only authorized employees will have access to PI, that they will have

access to only the minimum amount of PI necessary for SCORE to carry out its business

functions, and that they will not further use or disclose PI in violation of applicable state or

federal regulations.


IV. Sanctions for Violations of Privacy Policy

Sanctions for using or disclosing PI in violation of this Privacy Policy will be imposed in

accordance with SCORE's employee discipline policy, up to and including termination.


V. Mitigation of Inadvertent Disclosures of PI

SCORE shall mitigate, to the extent possible, any harmful effects that become known to it from
a use or disclosure of an individual's PI in violation of federal or state law or the policies and

procedures set forth in this Privacy Policy. As a result, if SCORE becomes aware of an

unauthorized use or disclosure of PI, the appropriate steps to mitigate harm to the participant
will be taken.


VII. Workforce Must Comply With SCORE's Policy and Procedures

All members of SCORE's workforce (described at the beginning of this Policy and referred to

herein as “employees”) who have access to PI must comply with this Policy.


IX. Breach Notification Requirements

SCORE will comply with state breach notification requirements to provide all required

notification if SCORE discovers a breach of PI.