By using our site or subsequent sites owned by Birinyi Associates, Inc ("Site"), you are agreeing to comply with and be bound by the following terms and conditions. You need to agree to all of the following terms and conditions, to use this Site. The terms "Birinyi", "us", "we" or "our" refer to Birinyi Associates, Inc. The term "Service" includes, but is not limited to, the text, emails, content (both electronic and “hard copy”), graphics produced by Birinyi Associates, Inc and appearing on this Site. The terms "you" and "your" refer to the user of the Service or viewer of this Site.
Acceptance of Agreement
By using this Site, you represent to us that you have read and agree to the terms and conditions set forth in this document, which constitutes a legal and binding agreement between you and us (the "Agreement"). This Agreement constitutes the only and entire agreement between you and us, and supersedes all prior agreements, representations, warranties and understandings with respect to your use of the Site and the Service. This Agreement may be amended at any time by us, and from time to time, without any notice to you. The latest Agreement will be posted on the Site, and you should review the Agreement prior to using or viewing this Site or the Service. You also agree to comply with U.S. law regarding the transmission of any information or data obtained from the Site or the Service in accordance with this Agreement. You also agree to not disrupt or interfere with the Site or the Service or use the Site or the Service for illegal purposes.
Copyrights and Trademarks
The works of authorship contained in the Service, including but not limited to all data, design, text, images, charts, audio, video or other data compilations or collective works, and all trademarks, trade names, service marks and other intellectual property, are owned, except as otherwise expressly stated, by Birinyi or one of our data providers, and may not be copied, reproduced, transmitted, displayed, performed, distributed, rented, sublicensed, altered, stored for subsequent use or otherwise used in whole or in part in any manner without the prior written consent of Birinyi in each instance. You agree to abide by all copyright notices or restrictions contained in the Site or the Service.
Disclaimer and Limitations of Liability
All information, data and analysis contained in the Site or the Service are provided "AS IS" and without warranty of any kind, either expressed or implied. All information, data and analysis provided by the Site or the Service is for informational and educational purposes only and is not a recommendation to buy or sell a security or basket of securities, including but not limited to equities, options and other derivative products, fixed income products, and ETFs. Birinyi believes all information, data and analysis contained in the Service to be accurate, but does not guarantee its accuracy. Under no circumstances, including, but not limited to, negligence and gross negligence, shall Birinyi, any of Birinyi´s affiliates, employees, or other third party data providers be liable to you for direct, indirect, consequential, incidental, special, punitive or exemplary damages even if an authorized Birinyi representative has been advised specifically of the possibility of such damages, arising from the use of or inability to use the Site or the Service, such as, but not limited to, losses, loss of revenue, anticipated profits or lost business. In no event shall Birinyi´s total liability to you for all damages, losses, and causes and action (whether in contract or tort, including but not limited to negligence) exceed the amount paid by you, if any, for accessing this Site or using the Service. All opinions expressed on this Site are subject to change without notice, and you should always obtain current information and perform appropriate due diligence before making trades or investment decisions. Birinyi, any of Birinyi´s affiliates, employees, may have long or short positions in the securities discussed in the Service and may purchase or sell such securities without notice. Birinyi uses various methods to evaluate investments which may, at times, produce contradictory recommendations with respect to the same securities. The performance of Birinyi´s past recommendations or investments is not a guarantee of future results and there is no guarantee that the results achieved in the past will be achieved in the future. As with all investment decisions (sales, purchases and short sales) you should perform your own independent research to determine if a given asset, stock, bond, ETF, option, future, commodity is suitable to your own unique risk tolerance. FURTHER, ALL INVESTMENTS CAN LOSE MONEY.
The securities mentioned in this Site or in the Service may not be suitable for all types of investors; their value and income they produce may fluctuate and/or be adversely affected by a multitude of factors that Birinyi has not researched nor tends to research.
Termination of Service
Either you or Birinyi may terminate this Agreement with or without cause at any time and effective immediately. You may terminate the Agreement by discontinuing use of the Service and destroying all materials obtained from the Site or the Service. This Agreement will terminate immediately without notice from Birinyi if you, in Birinyi´s sole discretion, fail to comply with any provision of this Agreement. Upon termination by you or upon notice of termination by Birinyi, you must promptly destroy all materials obtained from the Site or the Service and any copies. The Copyrights and Trademarks and Disclaimer and Limitations of Liability provisions of this Agreement shall survive any termination of this Agreement.
If the service is canceled by you, for any reasons within 30 (thirty) days of your initial sign-up a minimum charge of 30 (thirty) days of service will be due and charged, the remaining balance, if any, will be promptly refunded. If you cancel after 30 (thirty) days of sign-up a pro-rated refund will be given.
Automatic Renewal and Pricing
By accepting this agreement you authorize Birinyi to automatically renew your service at the then prevailing rate in effect at the time of your renewal. You understand that your credit card will be kept on file with Birinyi. It will be automatically charged for another term of the service and will continue to be charged at each anniversary, or month (dependent on your subscription term), until you cancel such service. Birinyi will, 30 days before your credit card is automatically charged, send to your email that is on file, notification that your account is set to automatically renew and that your credit card will be charged. Birinyi reserves the right to change the pricing of the Services at its soul discretion and without notification. Birinyi has no obligation to ensure that your email that you have provided to the Site for notifications is accurate, up-to-date or that notifications are received to that email. Not receiving an email from the Site regarding the auto-renew feature of the website does not relieve you of your agreement for auto renewal.
This Agreement and the relationship of the Parties in connection with the subject matter of this Agreement shall be governed by, and construed in accordance with, the laws of the State of Connecticut, applicable to contracts entered into and performed within the state. The Parties hereby submit to the non-exclusive jurisdiction of the Federal or state courts located in Fairfield County, Connecticut. The parties unconditionally waive their respective rights to a jury trial for any claim or cause of action arising out of or relating to, directly or indirectly, this Agreement, any of the related documents, or any dealings between them arising out of or relating to the subject matter of this transaction or any related transactions.
The Site or the Service may be temporarily unavailable from time to time due to required maintenance, telecommunications interruptions, or other disruptions, such as acts of god, war or terrorism. Although Birinyi makes every reasonable effort to minimize such downtime, Birinyi does not guarantee full availability of the Site or the Service.
If any provision of this Agreement is found invalid or unenforceable, the following section on Limited Remedies & Liability provision will be enforced to the maximum extent permissible, and the other provisions of the Agreement will remain in force.
LIMITED REMEDIES & LIABILITY
IN NO EVENT SHALL BIRINYI BE LIABLE FOR ANY OF THE FOLLOWING: LOST PROFITS, LOST REVENUE, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, WITH RESPECT TO THE DATA COMPONENTS OF ANY DATA SERVICE, SUCH COMPONENTS ARE PROVIDED ON AN “AS IS” BASIS. EXCEPT AS EXPRESSLY SET FORTH HEREIN, NEITHER BIRINYI NOR ANY OTHER PARTY MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO ANY DATA SERVICE, AND BIRINYI EXPRESSLY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE
No modifications of this Agreement shall be valid or binding on either party unless acknowledged in writing and signed by a duly authorized officer of Birinyi. All notices or other communications given under this Agreement shall be in writing, sent to the address set forth below as principal place of business or such other addresses as Birinyi may designate pursuant to this Section, by overnight courier or personal delivery. Notice shall be deemed given upon receipt. A copy of any notice or other communication given by you to Birinyi shall be sent to:
PO Box 711
Westport, CT 06881
The parties agree that this Agreement is the complete and exclusive statement of the agreement between the parties, which supersedes all prior communications and agreements between the parties relating to the subject matter of this Agreement.
At Birinyi Associates, Inc. (the “Firm”), protecting the privacy of our Client’s personal information is one of our most important jobs. Our clients trust us with their financial and other personal information and we are committed to respecting their privacy and safeguarding that information.
This document sets forth the procedures adopted by the Firm to protect our clients’ privacy and to ensure compliance with Regulation S-P promulgated by the United States Securities and Exchange Commission. Pursuant to Regulation S-P, investment advisers registered with the SEC, among others, are required (i) to develop and adopt policies with respect to the disclosure of nonpublic personal information about consumers, (ii) to develop and adopt procedures for the protection of such consumer information, (iii) to deliver to those individuals who become customers, at the time they become customers, a notice that describes the then current privacy policies and procedures and (iv) to provide on an ongoing basis an annual notice that describes the then current privacy policies and procedures. A more detailed description of Regulation S-P is attached to these Policies and Procedures Concerning Privacy as Appendix A.
All employees of the Firm are required to be familiar with the Firm’s Policies and Procedures Concerning Privacy and are responsible for compliance with those procedures that apply to their activities. A violation of the procedures set forth herein by an employee may cause the Firm to be in violation of Regulation S-P and may be grounds for dismissal of such employee.
The Firm’s Policies and Procedures Concerning Privacy will be updated periodically, as appropriate. Employees are required to be familiar with any changes made to these Policies and Procedures Concerning Privacy and are responsible for complying with the procedures set forth herein on an ongoing basis, as those procedures may change from time to time.
The Firm’s Compliance Officer is responsible for ensuring that the employees of the Firm comply with the procedures set forth herein. In order to ensure that these procedures are complied with, the Compliance Officer will conduct a formal audit of such compliance no less often than annually. In addition, the Compliance Officer will, on an ongoing basis, regularly spot-check compliance. Any questions with respect to the procedures set forth in this Compliance Manual should be directed to the Firm’s Compliance Officer.
Use and Storage of Client Files
At the time of the establishment of a new account for a client of the Firm, the Firm creates a separate file for that client. Each client’s file consists of a correspondence file and a monthly statement and confirmations file and contains copies of the records that are required by law to be maintained with respect to that client’s account, as well as the information the Firm requires in order to adequately and appropriately service that client’s account.
Client files that are less than two years old are not to be removed from the offices of the Firm.
Monthly statement and confirmations files that are more than two years old may be sent to the Firm’s off-site storage facility. Correspondence files are to remain at the offices of the Firm at all times. Access to the Firm’s off-site storage facility is restricted to certain authorized personnel.
Certain client information is stored on the Firm’s computer network, which is password protected. No client information shall be downloaded or otherwise transferred from the Firm’s computer network to an unsecured computer and no client information that has been saved on a computer disk shall be removed from the Firm’s offices.
Changes to Client Information
From time to time, clients may wish to change or update information in their files. No employee shall make any change to client information without verifying the identity of the requesting party. If a change request is made by telephone, the employee acting on such change request shall verify the identity of the requesting party. If the requesting party is not personally known to the employee, the employee shall verify the name, address, social security number and account number of the requesting party. Change requests made in writing must be signed by the client and the signature of the client shall be compared to a specimen signature in the client’s file. No change to a client’s information will be made at the request of a person who is not the client or a legal guardian of the client.
Requests for Client Information
From time to time, the Firm may receive requests from third parties (such as accountants or lawyers) for information relating to a client. In the event that such a request is received, it shall be directed to the employee responsible for that client’s account. No client information will be released to a third party unless the client has expressly authorized such release. The client’s authorization may be written or verbal, provided that a verbal authorization must be followed up with a written confirmation. In the case of a verbal authorization given over the telephone, the employee responsible for the client’s account shall not release any client information if there is any doubt as to the identity of the person giving such authorization.
Delivery of Privacy Notices
A copy of the Firm’s Privacy Notice shall be delivered to each client of the Firm at the time an account is opened for that client. As part of the procedure followed in establishing client accounts, each client shall be required to acknowledge, in writing, receipt of the Firm’s Privacy Notice.
A copy of the Firm’s Privacy Notice shall also be delivered to each client annually, at a time selected by the Firm’s Compliance Officer.
A copy of the Firm’s current form of Privacy Notice is set forth in Appendix B hereto.
No employee is to send any e-mail that contains personal financial information about any client of the Firm. In particular, do not send any e-mail that contains account numbers, account balances, information with respect to trades made on behalf of a client or any other account information. If a client sends an e-mail that contains any such information, employees should not reply to that e-mail. Rather, either call the client on the telephone or send the client a new e-mail that does not contain any personal financial information about the client.
Employees should not ask or encourage clients to send any personal information to the Firm via e-mail. Clients should be advised that e-mail may not be secure and that information should be sent to the Firm in another, secure, fashion.
Third-party Service Agreements
From time to time, the Firm enters into agreements with unaffiliated third parties who provide services to the Firm. In connection with these agreements, the Firm may be required to make information about our clients available so that the services we are contracting for can be provided. Where that is the case, the Firm will not engage any third party to provide such services unless that third party agrees that it will not disclose or use any information about the Firm’s clients that is provided or otherwise made available to such third party by the Firm other than to carry out the purposes for which the Firm disclosed or made available such information. Where there is a written agreement to provide such services, that written agreement must contain the following paragraph, or language of similar effect:
Adviser and the Service Provider agree that each shall take all steps reasonably necessary to comply with applicable laws and regulations, including, without limitation, the Gramm-Leach-Bliley Act and Regulation S-P, requiring the protection of nonpublic personal information about Adviser’s customers. The Service Provider agrees that it shall not use or disclose any information relating to Adviser’s customers provided or otherwise made available to the Service Provider by Adviser for any purpose other than to carry out the purposes for which Adviser provided or otherwise made available such information. Adviser and the Service Provider agree that, to the extent either has not already done so, each shall adopt policies and procedures that comply with the provisions of the Gramm-Leach-Bliley Act and Regulation S-P for the protection of the nonpublic personal information of Adviser’s customers and shall create and maintain physical, electronic and procedural safeguards to guard such information.
In the preceding paragraph, the word “Adviser” is used to refer to the Firm.
Access to the Firm’s Offices; Visitors
Access to the Firm’s offices is restricted to authorized personnel, including employees of the Firm, authorized visitors and authorized maintenance personnel. A receptionist is generally on duty between the hours of 8:30 AM and 5:30 PM. When there is no receptionist on duty, the office will be locked.
All visitors to the Firm are to be escorted during the time that they are inside the Firm’s offices. No visitor is to be left unattended in any location where he or she is not within sight of an employee of the Firm. If an employee sees an unescorted visitor in the Firm’s offices, the employee should ask the visitor who he or she is visiting and escort the visitor either to that person’s office or to the reception area.
Any document that contains any identifiable information about any client of the Firm is to be shredded prior to being disposed of. This includes, without limitation, any document that contains the name of a client (even if no other information about the client is contained in the document) or from which the identity of a client can be deduced or any information about a client can be obtained, and any record that is a consumer report or is derived from a consumer report.
In addition, no medium, including computer equipment, on which consumer report information is stored shall be sold, donated or transferred so long as such information remains stored on such medium. In the case of electronic media, removal of such information must be in such a manner that the information cannot be practicably read or reconstructed.
Prior to disposing of any document, the employee disposing of such document shall examine it to determine whether it is to be shredded prior to disposal. If a document is to be shredded prior to disposal, the employee disposing of such document shall do so.
Disposal of Records
Certain client records that are more than five years old may no longer be required to be maintained by the Firm. In the event that the Firm elects to dispose of any client records, any documents so disposed of that contain any identifiable information about any client of the Firm are to be shredded prior to being disposed of.
The Compliance Officer shall be responsible for arranging or providing training for employees with respect to the proper disposal of client information where necessary to ensure that all employees understand and are able to comply with the policies set forth above.
The Firm has taken steps to protect the security of its computer network and to ensure that client information that is stored on the network will not be corrupted or lost. Among other things, the Firm’s computer network cannot be accessed by any person who has not been registered as a user and granted a password. In addition, the Firm blocks access to certain Internet sites to maintain the integrity of the Firm’s computer network. No employee shall take any action that might compromise the security of the Firm’s computer system. In particular, no employee shall disclose his or her password to any person who is not an employee of the Firm. All employees are expected to take appropriate steps to keep their passwords confidential.
The security and reliability of the Firm’s computer network will be tested on a regular basis. In addition, the Firm will regularly assess the adequacy of the security measures in place and developments in technology to determine whether changes should be made. The Firm has designated IMT Computers in coordination with Jeffrey Rubin as the person responsible for the Firm’s computer system.
Description of Regulation S-P
Effective Date Regulation S-P became effective on November 13, 2000. Compliance with Regulation S-P became mandatory as of July 1, 2001.
Purpose and Scope Regulation S-P applies to brokers, dealers and investment companies, as well as to investment advisers that are registered with the SEC (referred to collectively herein as “covered entities”), and governs the treatment of nonpublic personal information about individuals who obtain financial products or services primarily for personal, family or household purposes. Regulation S-P does not apply to information about companies or about individuals who obtain financial products or services primarily for business, commercial or agricultural purposes.
Regulation S-P (i) requires covered entities to provide notices to their customers (as defined in Regulation S-P) describing the covered entities’ privacy policies and practices, (ii) sets forth conditions which must be met before covered entities may disclose nonpublic personal information about customers and about consumers (as defined in Regulation S-P) to nonaffiliated third parties and (iii) requires that covered entities allow customers and consumers to “opt out” of disclosure of their nonpublic personal information to nonaffiliated third parties. Regulation S-P also requires that covered entities put in place procedures for the protection of the nonpublic personal information of customers and consumers.
Nonpublic Personal Information, Customers and Consumers Nonpublic personal information, as defined in Regulation S-P, is personally identifiable financial information (i.e., any information about a consumer obtained in connection with providing a financial product or service) and any list, description or other grouping of consumers (and publicly available information pertaining to them) that is derived using any such personally identifiable information that is not publicly available. Under Regulation S-P, individuals who obtain financial products or services may be either “customers” or “consumers”. A consumer is defined by Regulation S-P as “an individual who obtains or has obtained a financial product or service ... that is to be used primarily for personal, family, or household purposes, or that individual’s legal representative.” A customer is a consumer who “has a customer relationship” with a covered entity. A customer relationship is “a continuing relationship between a consumer and [a covered entity] under which [the covered entity] provide[s] one or more financial products or services to the consumer that are to be used primarily for personal, family or household purposes.”
Limits On Disclosure Regulation S-P provides that (subject to certain exceptions) a covered entity may not disclose any nonpublic personal information about a consumer to a nonaffiliated third party unless the covered entity (i) provides the consumer with an initial notice (discussed below), (ii) provides the consumer with an opt out notice (discussed below) and (iii) provides the consumer with a reasonable opportunity (generally, thirty days) to opt out before any disclosure is made (and unless the consumer does not opt out). Regulation S-P also imposes limits on redisclosure of information received by covered entities from other covered entities.
Initial, Annual and Ongoing Notice Requirements Regulation S-P requires that covered entities provide a clear and conspicuous initial notice that accurately reflects the entity’s privacy policies and practices (i) to each individual who becomes a customer when the customer relationship is established (subject to certain exceptions that allow for a later delivery of the notice) and (ii) to a consumer before disclosing any nonpublic personal information about the consumer to a nonaffiliated third party (subject to certain exceptions for disclosure that is necessary to effect a transaction or administer an account).
In addition to the initial notice requirement, Regulation S-P requires that covered entities provide to customers a clear and conspicuous notice that accurately reflects the entity’s privacy policies and practices no less often than annually during the continuation of the customer relationship.
Regulation S-P also requires that covered entities deliver a revised privacy notice to an existing customer if the customer obtains a new financial product or service and, as a result, the privacy notice that was most recently provided to that customer no longer accurately reflects the entity’s privacy policies or practices with respect to that customer.
Finally, Regulation S-P requires that covered entities provide a consumer a clear and conspicuous opt out notice affording such consumer an opportunity to opt out of disclosure, and that such consumer not elect to opt out, prior to disclosing any nonpublic personal information about the consumer.
Privacy Notice Content Regulation S-P sets forth specific requirements as to the content of the privacy notice that must be delivered. Depending upon the practices of a particular covered entity with respect to disclosure of nonpublic personal information, the privacy notice may be required to state, among other things, (i) the categories of nonpublic personal information that are collected, (ii) the categories of nonpublic personal information that are disclosed, (iii) the categories of affiliates and nonaffiliated third parties to whom information is disclosed, (iv) the categories of nonpublic personal information about former customers that are disclosed, and to whom, (v) an explanation of the right to opt out of disclosure, if it is applicable and (vi) a description of the covered entity’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal information. The requirements with respect to the content of privacy notices vary with the information disclosure practices of the specific covered entity; thus, the determination as to what should be included in any particular notice is fact specific and must be made with care in each instance.
Opt Out Notice Content If a covered entity is required to deliver an opt out notice, the notice must accurately explain the right to opt out of information disclosure. The notice must (i) state that the covered entity discloses or reserves the right to disclose nonpublic personal information to nonaffiliated third parties, (ii) state that the consumer has the right to opt out of such disclosure, and (iii) provide a reasonable means by which the consumer may exercise the opt out right. A reasonable means by which to exercise the opt out right may include, among other things, including a reply form with the opt out notice, providing a means of opting out over the Internet or providing a toll-free telephone number. A reasonable means does not include requiring the consumer to write his or her own letter in order to opt out.
Notice Delivery Requirements Privacy and opt out notices must be provided in such a manner as to ensure that each individual entitled to receive such a notice can reasonably be expected to receive actual notice in writing or electronically (if the individual has agreed to receive information electronically). Examples of when it can reasonably be expected that a notice will be received include hand delivery of a printed copy, mailing of a printed copy to a last known address or, for an individual who conducts transactions electronically, posting the notice conspicuously on a Web site. It is not reasonable to expect that a notice will be received if it is merely posted in a branch or main office, advertised in publications or delivered via e-mail to an individual who does not obtain products or services electronically.
Privacy Protection Procedures Regulation S-P requires that covered entities adopt policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information. These policies and procedures must be reasonably designed to (i) ensure the security and confidentiality of customer records and information, (ii) protect against anticipated threats or hazards to the security or integrity of customer records and information and (iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer. In addition, covered entities that maintain or otherwise possess consumer credit reports, or information derived from such credit reports, for a business purpose are required to properly dispose of such information in a manner that prevents unauthorized disclosure..
Collection and Use of Customer Information We collect only relevant information about you and our other customers that the law allows or requires us to have in order to conduct our business and properly service your accounts. We collect financial and other personal information about you from the following sources:
- Information you provide on applications or other forms or through oral, written or electronic communications with us
- Information derived from your transactions with us, our affiliates or others
- Information we receive from non-affiliates, such as your bank or broker
Keeping Information Secure We maintain physical, electronic and procedural safeguards to protect your financial and other non-public personal information, and we regularly assess new technology with the aim of adding additional safeguards to those we have in place, or upgrading existing safeguards and procedures, as appropriate.
Accuracy of Information We strive to keep our records of your information accurate and we take prompt steps to correct errors that are brought to our attention. If there are any inaccuracies in your statements, or in any other communications from us, please contact us.
Use of Personal and Financial Information by Us and Third Parties We do not disclose any non-public personal information about our customers or former customers to anyone, except as permitted by law. As permitted by law, we may share non-public personal information about you with our affiliates and with other third parties who provide services for your account. The information we share may include:
- Information you provide on applications or other forms or through oral, written or electronic communications (for example, your name, address, social security number and birth date)
- Information derived from your transactions with us, our affiliates or others (for example, transaction amounts, account balances and account numbers)
- Information we receive from non-affiliates (such as your bank account or brokerage account number or account balances)
The types of third parties to whom we may disclose non-public personal information about you include:
- Financial service providers, such as transfer agents and brokers
- Non-financial companies such as the companies that provide us with technological and administrative support
Maintaining Customer Privacy in Business Relationships We do not share non-public personal information about you with anyone who does not agree to keep your information confidential. If you believe we have shared your information inappropriately, please contact us.
Protecting Information Online If you contact us via e-mail, we preserve the content of your e-mail, including your e-mail address, and our response so that we can more efficiently handle any follow-up questions you may have and to meet legal and regulatory requirements. It is important for you to understand that regular, non-encrypted, Internet e-mail, such as the e-mail you send to us through the “contact us” portion of our Web site, is not secure. We strongly urge you not to send confidential information, such as social security or account numbers, to us via a non-secure e-mail address. Because our e-mail back to you also would not be secure, we will not include confidential information in an e-mail response.
 The term ‘consumer report’ is defined in the Fair Credit Reporting Act (as such definition is used in Regulation S-P) to mean “any written, oral or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumers eligibility for (A) credit or insurance to be used primarily for personal, family or household purposes; . . .”
 Thus, nonpublic personal information may include information that is otherwise publicly available, such as names and addresses, if it is derived, in whole or in part, using personally identifiable financial information that is not publicly available, such as account numbers. The determination as to whether personal information is “nonpublic personal information” as defined in regulation S-P is fact specific and must be made with care in each instance.
 “Financial Product or Service” is defined as “any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under section 4(k) of the Bank Holding Company act of 1956 (12 U.S.C. 1843(k)).” Activities that are “financial in nature” under Section 4(k) of the Bank Holding Company include, among others, dealing in securities and providing investment advice.
 Again, the determination as to whether or not an individual, or class of individuals, (i) is a consumer and (ii) has a continuing relationship such as to be considered a customer, is fact specific and must be made with care in each instance.
 An affiliate is, generally, any company that controls, is controlled by or is under common control with a financial institution. A nonaffiliated third party is, generally, any person other than (i) an affiliate or (ii) a person employed jointly by a financial institution and a company that is not an affiliate.
 One of the exceptions that allows a financial institution to disclose nonpublic personal information about a consumer to a nonaffiliated third party without affording the consumer an opportunity to opt out of such disclosure is where the nonaffiliated third party performs services for, or functions on behalf of, the financial institution and the nonaffiliated third party has entered into a contractual agreement that prohibits disclosure or use of the information other than for the purposes for which such information was disclosed. For the purposes of complying with this exception, joint marketing and service agreements that were in effect as of July 1, 2000 were required to be brought into compliance with such exception (i.e., be amended so as to prohibit, if they did not already, the disclosure or use of nonpublic personal information) by July 1, 2002.