This Privacy Statement describes American Financial Systems, Inc. (d.b.a. Deferral.com) and its affiliates (collectively, "Deferral.com") agreement with each user of the Deferral.com Online Platform (the "Website") to treat certain information on a confidential basis. Deferral.com reserves the right to revise its privacy statement from time to time but will publish such changes on the Website before doing so. You should check the Website regularly for updates and changes.
By using the Website, you agree to this Privacy Statement. If you do not agree with any term in this Privacy Statement, please do not use our services.
The Website is used to host and operate an online recordkeeping system (the "System") for certain types of supplemental benefits, most of which are not qualified plans under ERISA (often called "Nonqualified plans"). While many nonqualified plans do not hold assets for their Participants, some Plan Sponsors elect to use life insurance, mutual funds, securities, and other assets to pay or deliver plan benefits.
Our System stores data for plans, assets (or both) that employers may elect to hold or provide in connection with their plans, including information about the Plan Sponsor and personal information about the Plan's Participants. For plans that allow online enrollment or that enable Participants to make investment allocations or other elections, our System will track this information, as well.
Plan Sponsors own the records (including Participant data of their employees) maintained in the database in our System for their plans. Deferral.com owns the database architecture, structure, design, and software, along with other technology used for the Website. We do not sell individual nonpublic personal information for targeted advertising or other similar uses, and we use password access restrictions for nonpublic information in our databases. If you believe any of your nonpublic information is in error, please contact your Plan Administrator to arrange for any necessary corrections or clarifications.
Information Collection and Usage
All authenticated users of this Website (Participants, Plan Administrators) will require a username and password to access the site. Such information is stored in the Website, and in the case of passwords, encrypted using a hashing algorithm. We will collect information about your user-agent (browser), IP address, and technical data about your device and location to support the use of Website features and site access records.
For Participant in Plan(s) managed on our Website, we collect nonpublic information from you, your Employer, your Plan Sponsor (along with its brokers, advisers and, if applicable, insurers) and Plan Administrator to enable such parties to manage your benefits plan, to collect and provide information about your participation, transactions and choices relating to your plan account, and to manage assets (if any) your Plan Sponsor chooses to hold or provide to pay or deliver benefits under your Plan.
Information collected from you (or others on your behalf, such as your Plan Administrator) may include your name, address, date of birth, social security number, and benefit plan account information.
Depending on the type of benefit plan, such information can also include details about your compensation, retirement benefits, assets that may be used to fund, deliver or measure benefit payments, and your transactions related to the Plan (such as investment allocations).
Information stored on this site is collected through direct interaction with the Website (web forms), direct upload, device interaction, and manual or automatic file transfer(s) from you, your Employer, your Plan Sponsor (and associated parties), and Plan Administrator.
The process of login into the Website is considered as the acceptable method under which a Participant verifies his/her identity to process Information management requests.
Requests made via publicly available Website contact forms are delivered via email and not processed or retained in the Database. Users are explicitly asked to exclude personal information when using these contact mechanisms.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. All sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology and stored on secured devices.
We implement a variety of security and control measures when a user places an order, enters, submits, or accesses their information to maintain the safety of their personal data.
We perform regular vulnerability scanning to our public websites and use regular Malware Scanning, along with intrusion detection mechanisms.
We never ask for credit card numbers.
Use of 'cookies'
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies. If you turn cookies off, it will turn off some of the features of the site.
We do not sell, trade or disclose nonpublic personal information to nonaffiliated third parties, except to the extent reasonably required to perform services on the Website, to allow any successor to our business to continue serving the services provided by the Website (for example, if Deferral.com were to be sold), as required by law, or to the extent that such information already is publicly available from sources other than Deferral.com. For example, we disclose personal information for purposes of managing (or permitting your Plan Administrator, Sponsor, and other appropriate and authorized parties to manage) your benefit plan and related transactions, assets, and services following applicable law. Also, nonpublic information about your Plan is reported to your Plan Sponsor, Employer, and Administrator, and some of this information may be used for federal, state, or local income tax reporting purposes. We do not include or offer third-party products or services on our Website.
Many benefit plans require the support and services of financial intermediaries (such as security and insurance brokers), insurance companies, consultants, and other service providers in the ordinary course of plan management and Plan transaction activity. These unaffiliated third parties may need access to your nonpublic information to enable them to perform services or provide or manage assets that relate to your Plan. The privacy policies of your Employer, Plan Sponsor, Plan Administrator, and any financial intermediary, insurer, or other service provider used in connection with your Plan (for example, a securities broker or insurer) also will govern how your personal information may be used and disclosed. Further information regarding these policies may be obtained from your Plan Administrator.
Applicability and Geographic Restrictions
Deferral.com's services are provided to United States companies or subsidiaries and individuals associated with them, as it follows the rules enacted by the corresponding regulatory entities. Such entities include, but are not limited to, the United States Department of Labor (DOL), Internal Revenue Service (IRS), Financial Industry Regulatory Authority (FINRA) and others. Deferral.com also follows the regulatory requirements established by US Privacy laws concerning 'Personally Identifiable Information.'
As a result, this Website is intended to be used only by Participants, Administrators, and Plan Sponsors located within the United States. Therefore, the use of the Website from locations outside of the United States is not expected, with specific limitations established for EU citizens residing or operating abroad. To ensure compliance with such restrictions, the Website utilizes filtering mechanisms intended to disallow access to the platform from locations that implement regulations beyond the scope of those provided by Deferral.com.
If you are one of the restricted parties mentioned above and intends to use the Website from outside the United States, please refrain from using it and contact your Plan Sponsor.
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users.
We have not enabled Google AdSense on our site, but we may do so in the future.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
oUsers can visit our site anonymously. Anonymous users cannot perform transactions, only view public content.
oYou can change your personal information by logging in to your account.
oIt's also important to note that we do not allow third-party behavioral tracking. We honor Do Not Track signals (DNT) browser mechanisms.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States, and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
Should a data breach occur, we will notify your Plan Sponsor or Administrator via email upon discovery and following a reasonable forensic processing time.
We also agree with the Individual Redress Principle, which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate or prosecute non-compliance by data processors.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out severe penalties for violations.
We collect your email address to Process orders and to send information and updates about orders and transactions. Deferral.com does not send marketing materials or allow third parties to email Participants.
To be compliant with CAN-SPAM, we agree Not to use false or misleading subjects or email addresses.
If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org, and we will promptly remove you from ALL correspondence.
404 Wyman St. Suite 100
Waltham, MA 02451
This policy was most recently updated on May 1st, 2020.