Privacy Policy
Effective Date: Jan 1, 2025

____________________

Introduction
BSBPartners LLC ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal iand business information in compliance with the SEC, Internal Revenue Service (IRS) regulations and other applicable International, Federal, and State laws, depending on the nature of the engagement. Our data protection policies seek to protect the following general categories of data that we many utilize or possess:

• Personally Identifiable Information (PII): As discussed, it includes names, addresses, phone numbers, and Social Security numbers, data that directly identifies your specific clients.

• Personal Health Information (PHI): These comprise medical details like diagnoses, treatment records, and insurance information of your clients.

• Financial data: Clients’ payment details, credit card numbers, and banking information come into the picture.

• Personal family data: including wealth goals, professional goals, personal development goals, and  personal relationships/ relations. 

• Behavioral data: Lastly comes the online activity, including website visits, purchase history, and content interaction patterns.

Business Consulting and Personal Coaching 

We offer to individuals and corporations coaching and consulting services on a myriad of business operations and personal concerns. If we do not have the talent in-house to fulfill a clients needs,  we recruit partners to help with the projects. We accept our Fiduciary responsibility in accordance  with the professional ethics of the credentials our associates maintain and the services that we  provide. We do sign non-disclosure agreements to protect the privacy of your personal and business  information, including strategic and operational plans, finances, employee census, and  business planning documents. 

As a business consulting firm and a personal coaching organization, we are compliant with privacy regulations like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) to protect client data and maintain trust. These regulations, along with industry-specific laws like HIPAA, require our firm to implement security measures, control data access, and be transparent about our data collection and use 

Income Tax Planning, Tax Analysis, and Tax Document Preparation

Our organization has adopted policies and procedures to protect the privacy and confidentiality of client data (personal and business), prevent unauthorized access or disclosure, and ensure compliance with applicable laws, including the FINRA, SEC, IRS Publication 4557,  and the Gramm-Leach-Bliley Act (GLBA).

Information We Collect
We collect personal information necessary to provide tax preparation and related financial services. This may include:

• Name, address, phone number, and email address

• Social Security Number (SSN) or Taxpayer Identification Number (TIN)

• Income, deductions, and other financial information

• Banking information for direct deposit and payment processing

• Copies of tax returns and supporting documents

How We Use Your Information
We use your information to:

• Prepare and file your income tax returns

• Communicate with you regarding your tax matters

• Provide tax planning and related services

• Comply with legal and regulatory obligations

• Your information is shared only with your permission between allied services firms including Life-Legacy Services,  BSBPartners, and TheLegacy Message organization. 

Information Sharing and Disclosure
We do not sell or rent your personal information. We may disclose your information in the following circumstances:

• With your consent

• To the IRS and other tax authorities as required by law

• To third-party service providers who assist in tax preparation and compliance, under strict confidentiality agreements

• As required by law, such as in response to a subpoena or court order

Safeguarding Your Information
We implement physical, electronic, and procedural safeguards to protect your personal information from unauthorized access, disclosure, and misuse. These measures include:

• Secure document storage and disposal

• Encryption and password protection for electronic data

• Restricted access to sensitive information

Your Rights and Choices
You have the right to:

• Access and review the personal information we hold about you

• Request corrections to inaccurate or incomplete information

• Withdraw your consent to certain data uses, subject to legal obligations

Retention of Records
We retain your tax records in accordance with IRS regulations and professional standards. Generally, records are kept for at least three years, but some may be maintained longer as required by law.

Changes to This Privacy Policy
We may update this policy periodically. Any changes will be posted on our website with the revised effective date.

Contact Information
If you have any questions or concerns about this Privacy Policy, please contact us at: 

BSBPartners LLC
Info@BSBPartners.com

___________________________________________

BSB PARTNERS LLC WRITTEN INFORMATION SECURITY PLAN (WISP)

Effective Date: 01/01/2025   Last Reviewed/Updated: 01/01/2025

1. Purpose and Scope

 This Written Information Security Plan (WISP) is designed to protect the privacy and confidentiality of client data, prevent unauthorized access or disclosure, and ensure compliance with applicable laws, including the IRS Publication 4557 and the Gramm-Leach-Bliley Act (GLBA). This plan applies to all employees, contractors, and third-party service providers who access or handle our client information.

2. Data Collected

 The following sensitive information is subject to this plan:

1.      Client names, Social Security Numbers (SSNs), and addresses.

2.      Bank account and payment card information.

3.      Tax documents, financial records, and other confidential data.

4. Proprietary products, processes, operational strategies, and  scenarios. 

5. Information associated with Succession Planning, Reductions in Force, and other financial transactions. 

3. Risk Assessment

 We assess risks to taxpayer data, including:

1.      Unauthorized physical or digital access.

2.      Phishing, malware, or ransomware attacks.

3.      Loss or theft of devices containing sensitive information.

4.      Employee errors or negligence.

5.      Use third party software that also has data protection measures in place, including Intuit, FreeTax File USA, Taxfyle, and cloud-based data storage. 

4. Employee Training

1.      Employees and Contractors are trained annually on recognizing and responding to security threats, including phishing and social engineering.

2.      Training includes proper handling of sensitive data and secure disposal of records.

5. Access Controls

1.      Access to client information is restricted to authorized personnel based on job duties.

2.      Passwords must meet complexity requirements and be changed every 90 days.

3.      Multi-factor authentication (MFA) is required for accessing sensitive systems.

6. Physical Security

1.      Workspaces containing client data are locked when unattended.

2.      Physical files are stored in locked cabinets and shredded when no longer needed.

3.      Visitors are not permitted in areas where taxpayer data is processed.

4. Dictation records and electronic notes  are mantained in a secure manner using reasonable means to protect from cyber intrusion. 

7. Encryption and Data Protection

1.      All client  data is encrypted in transit (e.g., using SSL/TLS) and at rest.

2.      Portable devices (e.g., laptops, USB drives) containing taxpayer data are encrypted.

8. Network Security

1.      Firewalls and intrusion detection systems protect our network.

2.      Regular software updates and patching are performed to address vulnerabilities.

3.      Anti-virus and anti-malware software are installed and updated regularly.

9. Third-Party Providers

1.      Service providers handling client data must sign a confidentiality agreement and provide proof of compliance with security standards.

2.      Providers are reviewed annually to ensure they meet SEC, FINRA, IRS and GLBA requirements.

10. Incident Response Plan

If a breach occurs:

1.                    Immediately contain the threat and secure affected systems.

2.                    If tax related information is involved, our organization will notify the I RS within one business day
(as outlined in Publication 4557).

3.                    Notify affected individuals and provide support as needed.

4.                    Document the incident and update the WISP to prevent future occurrences.

11. Data Retention and Disposal

1.                    Client data is retained for 7 years]to meet legal and business requirements.

2.                    Data is securely deleted when no longer needed using approved methods (e.g., wiping drives, shredding paper files, etc).

12. Regular Monitoring and Testing

1.                    The WISP is reviewed annually, or more frequently if necessary, to address changes in:

2.                    Technology or business operations.

3.                    Security threats and vulnerabilities.

4.                    Penetration testing and audits are conducted to ensure the effectiveness of controls.

13. Compliance and Accountability

1.                    This organization complies with SEC, IRS and GLBA regulations.

2.                    The Managing Principal  is responsible for implementing and maintaining this WISP.

Authorized by: Bill Schretter

IRS Enrolled Agent 01/01/2025

Learn more by contacting us at info@bsbpartners.com