CONSUMER PRIVACY AND INFORMATION SECURITY POLICY

Regulation P – Gramm-Leach-Bliley Act

The financial services industry is rapidly changing and being shaped by technology, which is literally changing the way Garden State Mortgage Services in lieu of true Corporate Name; Garden State Home Loans, Inc. (GSHL) conducts its business. To be successful in this environment, GSHL must continue to grow and ensure that its customers are confident that their financial affairs will be expertly and confidentially managed.

GSHL customers have access to a broad range of products and services such as conventional fixed rate & adjustable mortgages, government fixed rate & adjustable mortgages, portfolio fixed rate and adjustable mortgage, and several other mortgage products. To deliver these products and services effectively and conveniently, GSHL uses technology to manage and maintain certain customer information while ensuring that customer information is kept confidential and protected.

The safeguarding of customer information is an issue that the Board of Directors of Garden State Home Loans takes seriously. The Board maintains its continuing commitment to the proper use and protection of customer information, and has established and affirmed the following Principles of Privacy as the Consumer Privacy and Information Security Policy (the “Policy”) of Garden State Home Loans. This Policy and the accompanying Principles are in compliance with the Gramm-Leach-Bliley Act (the “Act”) and Regulation P, Privacy of Consumer Financial Information. This Policy will be used to guide GSHL in serving the privacy needs of its customers, and protecting confidential information.

Customer’s Expectation of Privacy. GSHL believes the confidentiality and protection of customer information is one of its fundamental responsibilities. While information is critical to providing quality service, it is recognized and understood that one of GSHL’s most important assets is the trust of its customers. The safekeeping of customer information is a priority for GSHL.

Collection, Use, and Retention of Customer Information. GSHL limits the use, collection, and retention of customer information to what it believes is necessary or useful to conduct its business, provide quality service, and offer products, services, and other opportunities that may be of interest to customers. GSHL will carefully handle information it obtains about a visitor to its web site. GSHL believes that the

Confidentiality and protection of its web site visitor information is another of its fundamental responsibilities.

Anytime someone visits the site, the following information is collected and stored:

  1. Name of the domain from which they access the Internet;
  2. Date and time;
  3. Internet address of the web site they left to visit us;
  4. Names of the pages they visit while at our site; and
  5. Internet address of the web site they then visit.

To do this, the GSHL’s web server will write a “cookie” to the individual’s hard drive upon their first visit to the site. This electronic file is tracked during the visit and helps the GSHL understand which parts of its site visitors find most useful and where they are likely to return over time. This information allows GSHL to improve the site and make it more useful.

If a consumer submits an online application or sends an e-mail:

  1. GSHL may enter the information into its electronic database.
  2. Consumers may also be contacted for additional information.
  3. Most of the forms on the GSHL’s web site use encryption to send information across the Internet. This is the case where confidential information, such as account numbers or social security numbers, is requested.
  4. GSHL has requested that consumers do not send confidential information via e-mail. E-mail is not necessarily secure against interception. If the communication is very sensitive, or includes personal information such as account numbers, credit card numbers, or social security numbers, we have instructed the consumer to call us or send the information by regular mail instead.
  5. GSHL will not obtain personally-identifying information about any consumer when they visit our site unless they choose to provide such information to us.

Maintenance of Accurate Information. GSHL recognizes that accurate customer records must be maintained. To accomplish this, GSHL has established procedures to maintain the accuracy of customer information and to keep such information current and complete. These procedures include responding to requests to correct inaccurate information in a timely manner.

Limited Employee Access to Information. GSHL employee access to personally identifiable customer

information is limited to those with a business reason to know such information. Employees are educated on the importance of maintaining the confidentiality of customer information as well as this Privacy Policy. All GSHL employees are responsible for maintaining the confidentiality of customer information and employees who violate this Policy and Principles are subject to disciplinary measures.

Protection of Information via Established Security Procedures. GSHL recognizes that a fundamental element of maintaining effective customer privacy is to provide reasonable protection against unauthorized access to customer information. Therefore, GSHL has established appropriate security standards and procedures to guard access to customer information.

Restrictions on the Disclosure of Customer Information. When sharing customer information with unaffiliated companies, GSHL places strict limits on both the specific information shared and on who receives information about customer accounts or other personally identifiable data. Information is specifically identified as “Public Personal Information” and “Non-Public Personal information.” GSHL may share Public information with such companies if they provide a product or service that may benefit customers. In sharing public information, GSHL carefully reviews the company and the product or service to ensure that it provides value to customers. GSHL shares the minimum amount of information necessary for that company to offer its product or service.

GSHL will not share Non-Public Personal Information except as permitted by law in the course of its business (for example, with consumer reporting agencies and government agencies; when legally required or permitted in connection with fraud investigations and litigation; in connection with acquisitions and sales; in the audit process or the secondary market sale of loans; and at the request or with the permission of a customer).

Maintaining Customer Privacy in Business Relationships with Third Parties. If the broker provides personally identifiable customer information to a third party with which GSHL has a business relationship, it will insist that the third party keep such information confidential, consistent with the law and the conduct of the business relationship.

Disclosure of Privacy Policy to Customers. GSHL recognizes and respects the privacy expectations of its customers, and wants customers to understand its commitment to privacy in the use of customer information. As a result of its commitment, GSHL has made readily available to customers its Privacy Policy and Web Site Principles has been posted on the GSHL’s Web Site. GSHL has also prepared a consumer privacy disclosure entitled “What Does  GSHL Do With Your Personal Information” which is mailed to every consumer customer of GSHL annually as required by the Gramm-Leach-Bliley Act.

Customers who have questions regarding the privacy of their information will be directed to contact Garden State Home Loans, Inc.at its toll free telephone number (1-888-612-4604) or to email GSHL at info@gardenstateloans.com.

This Policy applies to individuals and GSHL reserves the right to change the Privacy Policy described above, at any time without prior notice. In accordance with the requirements of the Gramm-Leach-Bliley Act, changes to the Privacy Policy that allows for sharing of Non-Public Personal Information with non-affiliated third parties not identified in this Policy will require re-disclosure to the consumer which clearly outlines those changes and an option will be provided for the consumer to decline or “opt out” of the sharing of any Non-Public Personal Information.

This Policy provides for general guidance and does not constitute a contract or create legal rights and does not modify or amend any agreements the Bank has with its customers.

Information Security Objectives.

Customer information is a valuable asset and must be protected against accidental or intentional misuse. Customer information must be kept secured and confidential, and safeguarded against unauthorized access by non-GSHL personnel, and must not be sold, exchanged, or given away without prior written consent of the customer.

Working with Independent Service Providers.

As GSHL periodically works with independent service providers, it must ensure that providers have security programs that meet the security objectives of this Policy.

Threats to Security Controls.

GSHL must take all measures possible to identify immediate or potential threats to GSHL’s information security controls, including:

    • Proper disposal of confidential information
    • Securing of confidential information
    • Computer access to confidential data
    • Employee violations of the Policy
    • Computer hackers
    • Unauthorized transaction to customer accounts
    • Password integrity

Any breaches or attempted breaches of security must be reviewed and reported to the appropriate legal authorities, the Executive Committee, and the Board of Directors. To comply with GSHL Consumer Privacy and Information Security Policy, each department will have written procedures to support this Policy.

Review and Revision of Information Security Program.

This Consumer Privacy and Information Security Policy will be reviewed and revised annually by the Board of Directors, or its appointed committee.