We know you trust us with personal and private information. We feel we have a responsibility to provide you a secure online experience and give you the tools and information you need to manage and protect your online privacy. This disclosure informs you about the information this web site collects, who may receive it, what we do with it, and how we protect it. We do not sell client lists or client information. We do not share client information with outside parties except as necessary to provide our services or if we are required to do so by law.
For clarification about this policy or if you have questions, feel free to contact us.
To report a security problem or incident, email email@example.com.
NBS requests information from client plan sponsors to initially establish plan sponsor (account) and plan records. This information includes information about the sponsoring employer, bank accounts used for electronic payments, plan specifications, and contact information. These records and all other records relating to the plan are stored in systems managed, maintained, and hosted by NBS and in systems of third-party partners who are obligated to protect data to standards satisfactory to NBS. These systems are collectively referred to as “NBS systems” throughout this narrative.
During the course of plan operations, participant accounts are created through enrollment, election, or other files provided by the plan sponsor or by participants accessing web-based NBS systems and setting up their own accounts. In some cases, NBS provides this information to other parties such as investment companies, banks, insurance companies, or other financial institutions in order to establish investment accounts, issue debit cards, and make appropriate payments necessary for the plan to operate.
Participant account information is further acquired by NBS through various means including contribution files submitted by plan sponsors, account balance files received from investment providers or banks, insurance companies or health plan providers, debit card transactions from retail stores or medical facilities, and claim reimbursement or distribution requests submitted by participants. NBS obtains this information in a variety of ways including secure FTP connections with institutions, participant and plan sponsor submissions through web-based NBS systems, file downloads from investment companies, faxes, and mail.
This information is stored in NBS systems. The information is used by NBS to administer benefit plans; provide useful features to plan participants; verify the identity of individuals; create reports and account statements for plan sponsors and participants; perform required government fillings and tax reporting; and ensure plans are operated in compliance with laws, regulations, legal plan documents, and official plan procedures. Information is made available to the plan sponsor’s representatives, plan participants, the plan’s designated advisor or broker, and government agencies, as appropriate. Information is shared through the web-portals of NBS systems, partner organization systems, and other secure transmission methods.
Some information about users of our websites such as browser type, access time, and referring site address is automatically collected and used to maintain quality of service and provide general site usage statistics. NBS does not track users’ activities across other third-party sites or services.
In some cases, you may review and change your personal information directly through the NBS website. Otherwise, you may request to review or change your personal information by contacting us by email at firstname.lastname@example.org, or calling 800-274-0503.
NBS collects a variety of information about plans, individuals (plan participants), and financial accounts. The kind of information collected varies depending on the type of plan or benefit such as a 401(k) plan, a flexible spending account (FSA), health reimbursement arrangement (HRA), health savings account (HSA), 403(b) plan, or COBRA plan.
In some situations, NBS collects health or medical information about you, your dependents, and other plan participants as necessary to administer applicable benefit plans. For additional disclosure about health and medical information, please see our HIPPA Privacy Notice: http://www.nbsbenefits.com/pdfs/HIPAAPrivacyNotice2013.pdf
NBS provides online tools to enhance the experience of our partners and clients. These tools include website, data collection, and communication tools such as SFTP, HTTPS file upload, and Secure Email. All relevant NBS tools have a minimum uptime availability of 99% excluding regular scheduled maintenance. Regular scheduled maintenance typically happens on the third Friday of every month.
We take safeguarding your information seriously. In fact, we believe keeping your information safe and secure is every employee’s responsibility. However, even the best security measures can only prevent malicious activity if you are also vigilant and employ safeguards to protect your information. For example, you should not share passwords to NBS sites and you should transmit information to NBS using the secure methods that have been provided. If you become aware of or suspect a security problem, contact NBS immediately at email@example.com.
We use a variety of industry-leading and externally audited security practices to protect your data. We maintain physical, electronic, and procedural safeguards to help prevent unauthorized access to and improper use of personally identifiable information. Some of the ways which we keep information safe include:
You are required to establish and use a password and user ID to access certain online services. You must keep your ID and password confidential. Your account and password should never be shared with another person. NBS will never ask for your password. NBS employees do not have access to the passwords you establish.
NBS will not send confidential or protected information (such as social security numbers) by unsecured email. Similarly, you should avoid sending sensitive information to us through unsecured email. If you are an employer or plan sponsor you should use this website or secure email to send information. If you are a plan participant you should send information by mail, fax, or through this website.
In some cases, NBS offers services to clients through software partnerships. NBS owns all partner commitments established through service agreements. The software partner may provide systems and infrastructure that make up the NBS platform. NBS requires partners to maintain high standards of security and privacy and these relationships are reviewed and updated as necessary.
Some NBS websites may contain links to other sites not under our control. We provide these links as a convenience to you but we are not responsible for the contents of linked sites nor does inclusion of any link imply endorsement by NBS.
NBS strives to provide appropriate validation of security and availability safeguards. A mixed approach of internal testing and third-party independent attestation reports are used to provide this assurance.
NBS makes available a Service Organization Controls 1 (SOC 1), Type II report. The report was prepared in accordance with the guidance of the ACIPA including the State on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization as amended in its codified location in the attestation standards at AT Section 801 (AT 801).
Our SOC 1 report addresses relevant aspects of our internal control environment, including controls over our retirement and cafeteria benefit plan administration and transaction processing. The SOC 1 report audit attests that NBS control objectives are appropriately designed and that the controls safeguarding client data are operating effectively.
NBS expects to publish our first Service Organization Controls 2 (SOC 2), Type I report effective 12/31/2017. As with the SOC 1, the SOC 2 consists of an evaluation of controls, but the SOC 2 results in an attestation report that expands the evaluation of controls to the criteria set forth by AICPA Trust Services Principles. These principles propose definitions for control criteria both general and specific to security, availability, processing integrity, confidentiality and privacy.
The NBS SOC 2 is an evaluation of the design of controls that meet the criteria for the security and availability set forth in the AICPA’s Trust Services Principles criteria. This report provides additional transparency into NBS’s safeguards based on defined industry standards and further demonstrates NBS’s ability to protect client data.
To obtain a copy of NBS’s SOC 1or SOC2 report, contact your NBS relationship manager.
For additional information about SOC 1, SOC 2, and audit controls, see nbsbenefits.com/data.
NBS may make changes to this Security and Privacy Notice at any time. In the event of a change, the updated version of the notice will appear on this page with the effective or changed date in the upper left-hand corner.
California law requires that we provide you certain privacy-related information. The information on this webpage fulfills those requirements.
Nevada law requires that we provide you certain privacy-related information. The information on this webpage fulfills those requirements.
The NBS online portal is comprised of this and other websites and web pages operated by NBS. By accessing this online portal, you acknowledge and agree to without modification the terms and conditions below. If you do not agree to the terms and conditions you should not access the NBS online portal.
NBS does not provide medical, legal, or financial advice. You should consult an appropriate professional for specific advice tailored to your situation.
Unauthorized use of the NBS online portal is strictly prohibited. Unauthorized use includes using the portal in any manner which could damage, disable, overburden, or impair the portal or interfere with any other party’s use and enjoyment of the portal. Unauthorized or unlawful use or disclosure of information about individuals or plan participants is strictly prohibited and will result in civil and criminal penalties under federal and state laws. You may not attempt to obtain any materials or information through any means not intentionally made available or provided for through the portal. You may not misuse passwords or misuse any information made available through the portal.
You are required to establish and use a password and user ID to access certain online services. You must keep your ID and password confidential. Your account and password should never be shared with another person.
Certain users of the NBS online portal are issued admin accounts which provide necessary access to plan sponsor records. For example, a plan’s trustee, human resource representative, or advisor/broker may be issued admin accounts which provides access to information for all participants of the plan. It is the responsibility of the plan sponsor to notify NBS when staffing, relationship, or work responsibilities change such that admin access for the user is no longer appropriate. NBS will modify or disable the account accordingly. NBS will not be held liable for the plan sponsor’s failure to notify NBS in a timely manner that a user’s account should be changed or disabled.
In some cases, based on instructions to NBS from authorized plan representatives, certain admin users are given the ability to create and issue new accounts to other users. The plan sponsor is responsible to ensure new accounts issued in this manner are appropriate. NBS will not be held liable for the plan sponsor’s failure to provision or administer these accounts appropriately.
The NBS online portal use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize NBS pages, or register with the NBS Portal site or services, a cookie helps us to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as addresses, alternate addresses, and so on. When you return to the same portal pages, the information you previously provided can be retrieved, so you can easily use the portal features that you customized.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, your experience on the NBS web portal may be limited or impaired.
Some web browsers include “Do Not Track” settings. The NBS system does not respond to Do Not Track settings.
The information, software, products, and services included in or available through the NBS online portal may include inaccuracies or typographical errors. Changes or improvements may be made to the website at any time.
NBS makes no representations about the suitability, reliability, availability, timeliness, and accuracy of the information, software, products, services and related graphics contained in the NBS online portal web site for any purpose. To the maximum extent permitted by applicable law, all such information, software, products, services and related graphics are provided “as is” without warranty or condition of any kind. NBS hereby disclaims all warranties and conditions with regard to this information, software, products, services and related graphics, including all implied warranties or conditions of merchantability, fitness for a particular purpose, title and non-infringement.
All contents of the NBS online portal are copyright National Benefit Services, LLC. All rights reserved.
Unless otherwise indicated, information included in the NBS online portal is owned by NBS and cannot be copied, distributed, transmitted, or displayed in any manner without prior written consent.
Applicable law, jurisdiction, and venue
To the maximum extent permitted by law, this agreement is governed by the laws of the State of Utah, and you hereby consent to the exclusive jurisdiction and venue of courts in Salt Lake County, Utah, U.S.A. in all disputes arising out of or relating to the use of the NBS online portal. Use of the NBS online portal is unauthorized in any jurisdiction that does not give effect to all provisions of these terms and conditions.
To report a security problem or incident, email firstname.lastname@example.org.