Your privacy is extremely important to us at ESAC, and we are committed to protecting and maintaining the confidentiality and security of the information that you provide to us. ESACorp.org (the “ESAC Site”) is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to enable individuals and organizations to establish trusting relationships based on respect for personal identity and information by promoting the use of fair information practices. This privacy statement covers the site www.ESACorp.org. Because this website wants to demonstrate its commitment to our users’ privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe. By displaying the TRUSTe trustmark, ESAC Site has agreed to notify users of:

1. What personally identifiable information ESAC collects;
2. What personally identifiable information third parties collect through the website.
3. How ESAC uses the information;
4. With whom ESAC may share user information;
5. What choices are available to users regarding collection, use and distribution of the information;
6. What measures ESAC takes to protect the information under its control; and
7. How users can correct any inaccuracies in the information.

If you have questions or concerns regarding this statement you should first contact ESAC by sending an e-mail to info@ESACorp.org. If you do not receive acknowledgment of your inquiry, or if your inquiry is not satisfactorily addressed, you should then contact TRUSTe through the TRUSTe Watchdog Dispute Resolution Process. TRUSTe will serve as a liaison with the website to resolve your concerns.

This privacy statement describes the information we collect about you and what may happen to that information. Although this statement may seem long, we have prepared a detailed statement because we believe you should know as much as possible about ESAC's practices so you can make an informed decision about submitting information for the accreditation process. Please review this privacy statement posted on the ESAC Site from time to time, as it may be amended without notice for some changes (for example, minor changes not affecting personal information). If, however, we are going to use users' personally identifiable information in a manner different from that stated at the time of collection, we will notify users via e-mail. Users will have a choice as to whether or not we use their information in this different manner. We will always post our most current privacy statement on the ESAC Site. Minor changes to our privacy statement will be effective upon such posting. By using the ESAC Site, you consent to the use of your information as expressed in this privacy statement.

Notwithstanding the above provisions, ESAC agrees to not resell, trade or rent any of your personally identifiable information to any third party.

YOUR INFORMATION AND HOW WE MAKE USE OF IT

Visiting the ESAC Site:
The ESAC Site collects two kinds of information: (i) information that identifies you or your company, (collectively, "Identifiable Information"); and (ii) information that does not identify any person or company (such as your Internet Protocol (IP) address, browser type, operating system type, access time and page views) (collectively, "Non-Identifiable Information"). As a general policy, only Non-Identifiable Information is automatically collected from your visit to the ESAC Site.

Information Collected During the Application and Accreditation Process:
If you choose to apply for Accreditation, you will be asked to provide us with certain specific information about yourself and/or your company currently collected offline. This information will include (i) contact information such as your name, phone number, fax number, mailing/e-mail address, and your company's name, phone number, fax number, mailing/e-mail address and primary contact person (collectively, "Contact Information"); and (ii) information about your company’s policies, procedures, operations and staff as they pertain to the financial, ethical and operational standards required for accreditation (collectively, "Business Information"). During the application process and initial accreditation process, we will only share your Contact Information and Business Information with the ESAC staff and service providers that are involved in verifying your company’s compliance with the accreditation requirements. None of these individuals will be employed by or own a financial interest in any other company in the same or similar business as your company, and all of these individuals will have executed a non-disclosure confidentiality agreement with respect to information provided to them by ESAC. Your Contact Information and Business Information will only be shared with the ESAC Board of Directors if it is determined by ESAC staff and service providers that, in their opinion, your company is in compliance with the requirements for accreditation. The ESAC Board of Directors also will have executed a non-disclosure confidentiality agreement similar to the agreement executed by ESAC staff. You will be invited to be present or to send a representative when your application is discussed by the ESAC Board of Directors. You also have the right to request the recusal of any Director that you believe has a conflict of interest with you or your company. ESAC will not share your Business Information with any director that has been recused at your request. If the ESAC Board of Directors approves your company for accreditation, ESAC will make a press release and update the ESAC Site identifying by company name, address, phone number and website address the fact that your company is now accredited, but no other Contact Information or Business Information will be released to the public without your express written permission. ESAC will also make available your company’s Contact Information and Business Information to any state and federal regulator to whom you have authorized access to such information on the ESAC Site as part of your request to take advantage of ESAC’s alternative registration/licensing compliance program as approved by that state or federal agency. It will be your responsibility to notify ESAC of your desire to cancel any such access to this confidential information.

The Internet service provider that hosts our website will have a site administrator (our Webmaster) with the ability to access all such information as part of website maintenance, but this company and the Webmaster have signed a non-disclosure agreement with us. We will maintain your Contact Information and Business Information in our secure and protected information databases as long as you maintain the accreditation. If you or we terminate your accreditation application or your accreditation status for any reason, we will deactivate this information unless you submit a written request that we retain this information pending future accreditation actions.

If you wish to take advantage of a voluntary and free subscription to PEO Pointers, ESAC's e-newsletter, your e-mail address will only be used to send newsletter issues to you. If you wish to opt-out of receiving the PEO Pointers, please follow the unsubscribe link within the welcome e-mail or in the footer of each newsletter OR you may e-mail us at info@ESACorp.org to have your e-mail address removed.

We do not resell, trade or rent any of your personally identifiable information to anyone.

Non-Identifiable Information:
We may aggregate Non-Identifiable Information to create statistical data, which will be used to help analyze site traffic and improve our services. We may also use such aggregated information to describe ESAC's website services to potential partners or other third parties. At no point, however, will the aggregated information identify you, your business or your clients.

LEGAL REQUIREMENTS

We reserve the right to disclose any Identifiable or Non-Identifiable Information if required to do so by law or if we believe that such action is necessary in order to (i) conform with the requirements of the law or to comply with legal process served on ESAC; (ii) to protect or defend the legal rights or property of ESAC, the ESAC Site, or its users; or (iii) in an emergency to protect the health and safety of ESAC's website users or the general public.

COOKIES

For your convenience, we place "cookies" on your computer so that we may keep track of your activity on an individual and aggregate level and customize your experience on the ESAC Site. Cookies are small text files from a website that are stored on your hard drive which make using a website more convenient by saving your passwords and/or preferences for you. We utilize session and permanent cookies. A session cookie is a temporary cookie that is sent to your browser when you log onto the website and deleted from your browser once you exit your browser or after some period of inactivity in your browser. We may transmit permanent cookies to your hard drive for use in identification and customization of our services. Information from cookies may be analyzed and matched with the data provided by you to better secure all data and information within our servers. We may provide our analysis to prospective partners and other third parties, but we will not disclose any Identifiable Information, except as provided in this privacy policy. If you would like the option of deciding whether or not to accept a cookie, you can set your browser to notify you when a cookie is being sent to your hard drive. You may also delete a cookie manually from your hard drive. Please note, however, that the application section of the ESAC Site will not function properly if you refuse to accept a cookie or choose to disable your cookies setting. The only information that will be stored in permanent cookies created by the ESAC Site is the Applicant I.D. information that the ESAC Site assigns to you. The session cookies will only store the Session I.D. for your visit.

LOG FILES

As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personally identifiable information.

LINKS

The ESAC Site may contain links to other sites, including websites of certified firms and service suppliers that are not maintained by ESAC. We cannot guarantee the security of your Identifiable Information on those sites. Please review their privacy policy statement before submitting any Identifiable Information to such websites.

SECURITY PROCEDURES

We have security measures in place to protect against the loss, misuse and alteration of the information under our control, both online and offline.

The ESAC Site operates secure data networks protected by industry standard firewall and password protection systems. We use a VeriSign Secure Server ID for 128-bit encryption of data being sent via the Internet between the browser and our servers. The servers on which we store your personal information are kept in a secure environment using industry-standard back-up and security procedures and protections.

All application, accreditation and user information is restricted in our offices. Only employees who need the information to process your accreditation or provide the Services are granted access to personally identifiable information. All employees have been verified as having a history of honesty and trustworthiness and have signed a non-disclosure agreement prohibiting the unauthorized disclosure, use or distribution of any client or user-related information. Furthermore, all employees are kept up-to-date on our security and privacy policies and practices and on the importance of maintaining and working with all client information in a secure and confidential manner.

Access to ESAC's office is restricted after normal business hours with security cards required for entry into the building and keys required for office access. The building is also equipped with security cameras and a burglar alarm system and has a security guard on the premises after normal business hours and on weekends.

Although we strive to protect our users' personal information and privacy, please be advised that we cannot guarantee that the security precautions we take will prevent third parties from illegally obtaining your information. However, our procedures have qualified www.ESACorp.org for the "VeriSign Secure Site" designation indicating that we provide you with authentication, confidentiality, and data integrity that meets established industry standards.

Be advised that any information you disclose in a “public forum” such as a bulletin board, or chat room is considered “public information” and will be treated as such.

Be advised that anyone providing a Testimonial will have their name, title and possibly the name of their company displayed for public viewing.

TRANSFER OF ASSETS

If another entity acquires us or all or substantially all of our assets, your Contact, Business Information, Non-Identifiable Information and any other information about your business that we have stored in our databases will be transferred to such entity as one of the transferred assets, but ESAC agrees that any such transfer will continue to be subject to this or an equivalent privacy policy to be legally binding on the acquiring party and its assigns. If, as a result of this transfer, users' personally identifiable information is to be used in a manner different than that stated at the time of collection, users will have a choice consistent with our 'Notification of Changes' section below.

NOTIFICATION OF CHANGES

If we decide to change our privacy policy, we will post those changes to this privacy statement on the ESAC Site and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy policy under which the information was collected. If, however, we are going to use users' personally identifiable information in a manner different from that stated at the time of collection we will notify users via e-mail. Users will have a choice as to whether or not we use their information in this different manner. However, if users have opted out of all communication with the site, or deleted/deactivated their account, then they will not be contacted, nor will their personal information be used in this new manner.

CHANGES TO INFORMATION AND QUESTIONS

Each participating user can access and update their personal information online. Each participating firm also has one or more designated account administrators that can add or delete users and access and update the information of the participating firm and that of all of its users.

Also, if you wish to (i) change or modify any of the information you have provided to us, (ii) terminate your accreditation process or accreditation status, or (iii) ask us questions about this privacy policy, please contact us by e-mail at service@ESACorp.org, by phone at 501.219.2045, or by mail or delivery service at Three Financial Centre, 900 S. Shackleford Road, Suite 401, Little Rock, AR 72211-3849.