Website Privacy Policy

We appreciate the confidence that you place in BDI and understand the responsibilities it demands of us. Our objective will always remain the same -- to serve your needs with integrity throughout every process BDI performs for your organization. At the center of this commitment is the Privacy and Security Policy outlined in this document. It describes the safeguards in place to protect the personal information you provide to us and how we seek to protect your interests in this area.

Accountability

Our organization is responsible for your customers' personal information when under our control. Our organization has designated individuals who are held accountable for compliance with the Policies described in this notice.

Maintaining Safeguards

BDI will protect your customers' personal information by using appropriate security safeguards. We will remain alert and prepared to adapt these measures to address potential threats, hazards, or unauthorized access.

• We restrict information access to persons needing to know the information for providing products or services to your customers.
• We maintain physical, electronic, and procedural safeguards to protect your customers' personal information.
• We impose contractual commitments and procedures requiring service providers' adherence to privacy and security policies consistent with our own.

Limiting Disclosure

Personal information is retained and disclosed as necessary to serve our customers (and their customers) and otherwise only in accordance with applicable law. Personal information about our customers (and their customers) is not used or disclosed to any third parties except:

• As required in rendering the services you request.
• As required by law (e.g. subpoena).
• As may be appropriate to protect against fraud or illegal activity, for the safety of customers (and their customers), employees, or property, or is otherwise permitted by law.
• If you elect to disclose, or specifically direct us to disclose, any customers' personal information to a third party.

Information Security and Quality

We protect the quality and integrity of your personally identifiable information by implementing appropriate technical and organizational measures, such as using encryption for transmission of IDs and passwords, to help us keep your information secure and accurate.

Cookies

We sometimes collect anonymous information from visits to our sites to help us provide better client support. For example, we keep track of the movement within our domain and measure member activity, but we do so in ways that keep the information anonymous. This anonymous information is sometimes known as "clickstream data". BDI may use this data to analyze trends and statistics and to help us provide better customer service. We collect this anonymous information through the use of various technologies, including one called "cookies". A cookie is an element of data that a web site can send to your browser, which may then be stored on your system. All BDI pages use cookies sent by BDI, third party vendors, or other technologies.

Internet Security

Below is a high-level diagram of the BDI eStatement Web application.

This diagram reveals that BDI's eStatement application has security safeguards at several strategic locations.
Up to 256-bit SSL is used to encrypt any sensitive information transmitted to, or received from, the member over the Internet. SSL makes spying a tremendously difficult task and alleviates identity spoofing, information disclosure, and data tampering. Our SSL Certificates are from Thawte, an industry recognized certificate authority.

BDI utilizes state of the art firewalls to control access and protect sensitive information. Industry leading intrusion detection/prevention technology monitors all incoming and outgoing traffic and filters out any abnormal data requests. Internal network and application controls protect database servers from unauthorized access from within BDI's private network.

Highly-sensitive data, such as customer (end-user) passwords, are encrypted using a strong cryptographic routine before being stored in the database.

Notice

We will electronically post a written notice upon any material change to this Policy.

Inquiries

Questions regarding this statement can be achieved at this site or may be directed to: