TFP Privacy Policy

TFP Group, Inc. dba Training Funding Partners (“TFP”) is committed to protecting the privacy of personally identifiable information (“PII”) that it collects from its clients as required to perform its contracted services. This Privacy Policy (“Policy”) discloses TFP’s privacy practices, procedures, and safeguards used by TFP to protect this information.

PII Collection, Use, and Sharing

TFP provides professional services to procure and manage federal, state and local workforce development grants and incentives from various funding agencies. In order to meet the reporting needs of the various funding agencies and secure funding for its clients, TFP must collect and manage client employee PII for purposes of meeting the reporting requirements of the agencies.

The type of PII that may be provided by a client to TFP during the course of business (“client employee PII”) includes employee first and last names, identification numbers (including SSNs), job-related information, payroll/wage information, and demographic information such as ethnicity, gender, age, and education. Other client employee PII such as credit card information, driver’s license numbers, bank account numbers, and employee medical information is NOT required by the various funding agencies and therefore will NOT be collected by TFP.

Client employee PII data is not shared with any third parties beyond the funding agency as authorized by TFP’s client. TFP does not sell or rent this information to any third parties.

Cloud Service Provider Usage

TFP may contract with cloud service providers for purposes of hosting training related data, hosting its email, and managing client data and records as may be required based on the business and agency need. All client employee PII is encrypted while in transit to/from these cloud services providers or while client employee PII is stored at rest on their servers. These cloud service providers have been chosen due to their data centers being SSAE 16 and ISO 27001 accredited.

TFP consults with all its cloud service providers so that its clients’ sensitive information and activities are protected to the same degree of security that TFP would intend to provide its employees’ PII. Security and auditing is requested from TFP’s cloud service providers as applicable to TFP’s needs and concerns. Service level agreements (“SLA’s”) are reviewed by TFP periodically for system restoration and reconstitution time.

Security

TFP uses commercially reasonable physical, electronic, and administrative safeguards to protect our client employee PII from loss, misuse, unauthorized access, alteration, disclosure, and destruction. When clients upload sensitive information, technical measures and security controls are utilized to ensure that client employee PII is encrypted while in transit and while at rest using regular credential, password and authentication updating protocols including two-factor authentication.

Wherever TFP collects client employee PII, that information is encrypted and must be transmitted to TFP in a secure way. This security can be verified by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Secure Client Login page at the bottom of TFP’s main website at www.tfpgroup.com. Simple password protection on an email attachment is not a secure transfer method and therefore is not an allowable method for transferring PII.

Only TFP employees who need the information to perform a specific job are granted access to client employee PII. The computers/servers/databases in which TFP stores client employee PII are kept in a secure environment.   Critical patches are installed immediately when software security vulnerabilities are identified. Also, TFP performs regular internal security reviews and provides security training to its employees on an annual basis.

TFP immediately destroys client employee PII after its business need or relevance has expired.  Electronic PII is shredded by a software tool that will overwrite the files before deletion.  Hard copy PII, if any, is destroyed via a licensed shredding company. End-of-lifecycle hard drives are first shredded and then physically destroyed on site (in the presence of a TFP employee) by a certified destruction company.

Links

This website, www.tfpgroup.com, contains links to other sites. Please be aware that TFP is not responsible for the content or privacy practices of such other sites. TFP encourages its users to be aware when they leave TFP’s site to read the privacy statements of any other site that collects PII.

Enforcement and Dispute Resolution

Each employee of TFP has signed a confirmation of their responsibilities and accountabilities to TFP and its clients in regards to safeguarding a client’s employees’ PII and compliance with TFP’s Privacy Policy. Failure of a TFP employee to comply with TFP’s Policy may result in disciplinary action against that employee which may include termination of employment.

If you have any questions or concerns regarding TFP’s Policy, please contact TFP using the contact information below. Upon receipt of your questions or concerns, TFP will reply to your questions or concerns as quickly as possible.

Attention: Information Security Officer
TFP Group, Inc.
10221 Slater Ave
Suite 213
Fountain Valley, CA 92708
Fax: (714) 242-1830
Email: info@tfpgroup.com

At TFP’s discretion, TFP may modify its Policy at any time and such modifications will be effective immediately upon posting to its main website at www.tfpgroup.com.

Date Last Revised

August 20, 2015