Client privacy notice.

Effective Date: September 8, 2025

THE STONEHAM GROUP LLC

PRIVACY NOTICE

In order to perform daily money management services, The Stoneham Group LLC (“the Provider”) must, in the normal course of business, collect, use and, when necessary, disclose the Client’s personally identifiable information (“PII”), protected health information (“PHI”) and financial information (“FI”).

Personally Identifiable Information

Personally Identifiable Information (“PII”) is data used to distinguish one’s identity. Examples of PII range from an individual’s name or email address to an individual’s financial and medical records and/or criminal history. Unauthorized access, use, or disclosure of PII can cause significant harm to individuals, by enabling the opportunity for identity theft, blackmail, or embarrassment. Storage, access, use and disclosure of PII are subject to applicable state and federal privacy laws. It is the Provider’s policy that the following information received from any Client be maintained and protected as PII:

  • Client names and addresses

  • Email addresses

  • Social security numbers, tax identification numbers

  • Dates and places of birth

  • Credit card and bank account numbers

  • Income tax records 

  • Insurance records

  • Account access, PIN numbers and passwords

  • Driver’s license numbers or other government issued identification

Protected Health Information

Protected Health Information (“PHI”) is individually identifiable health information, which is any information that identifies an individual and relates to the individual’s: past, present or future physical or mental health condition, the provision of healthcare, or payment for healthcare services. Storage, access, use and disclosure of PHI are regulated by applicable state and federal law, including the Health Insurance Portability and Accountability Act (“HIPAA”). Examples of PHI range from an individual’s medical condition to treatment by physicians and hospitals including:

  • Explanation Of Benefits (EOB)

  • Hospital and doctor records

  • Medical bills and statements

Financial Information

Financial information (“FI”) is any information or documents collected from a client that relates to their banking, insurance, investments, and payments (including credit cards, online payment systems such as apps accessible via phone, and invoices). 

Examples of FI include the following:

  • Bank records and account statements

  • Insurance policies

  • Investment and brokerage records and statements

  • Credit card, online payment information

  • Credit and loan records and information

  • Tax records and information

  • Bills, invoices and statements

Use Of Information

The Provider acts to maintain the privacy of PII, PHI and FI and provides individuals with this Privacy Notice describing its legal duties and privacy practices with respect to PII, PHI and FI. The Provider may collect, use, store and maintain only the information reasonably necessary to provide services under the Letter of Engagement and Understanding. The Provider may use third-party software such as Quicken, QuickBooks, financial institution web-based record and bill pay software and may store information on devices or cloud storage servers provided by third-party service providers. 

Data Retention

The Provider retains client information for as long as necessary to provide services described in the Letter of Engagement and Understanding or as required by applicable law. Upon termination of services, the Provider may retain or securely destroy client records.

Data Security

The Provider will take reasonable precautions to protect PII, PHI and FI and documents collected from the Client from loss, misuse and unauthorized access, disclosure, alteration, and destruction. All information that the Client provides to the Provider either in paper or electronic form is securely stored and protected. The Provider uses encrypted methods or secure tools to transfer information where available. However, these measures, standing alone, are not sufficient to ensure the security of the Client’s information. The Provider cannot guarantee the security of the Client’s data transmitted to us without using encryption or other secure ways to transmit data, thus any transmission is at the Client’s own risk. 

It is also important for the Client to guard against unauthorized access to the Client’s passwords and the unauthorized use of the Client’s computer. The Client is responsible for safeguarding the Client’s login credentials, passwords, and access to personal accounts. The Client agrees to notify the Provider promptly of any changes to relevant accounts, or if the Client suspects unauthorized access. The Provider is not responsible for delays or errors resulting from the Client’s failure to provide accurate or timely information.

Limitation of Liability

While the Provider takes reasonable measures to safeguard PII, PHI, and FI, the Provider shall not be held liable for any unauthorized access, loss, or misuse of information resulting from (a) the actions or failures of third-party software providers, (b) the Client’s failure to follow recommended security practices, or (c) circumstances beyond the Provider’s reasonable control, including cyberattacks, data breaches, or systems failures.

Information Disclosures

  • Disclosures required by law: The Provider may disclose PII, PHI, and FI when a law or legal process requires it and will disclose only what is reasonably necessary to comply. Examples include court orders, subpoenas, valid requests from law enforcement or public authorities, and public-health reporting.

  • Reporting of abuse: When required by law, the Provider may disclose PHI or other relevant information concerning suspected abuse, neglect, or exploitation of older adults, nursing-home residents, or other vulnerable persons to appropriate authorities. If not required by law, the Provider may disclose this information if the individual agrees to this disclosure. 

  • Marketing: The Provider does not use or disclose PII, PHI, or FI for marketing. 

Dispute Resolution

Any dispute arising out of or related to this Privacy Notice, including the Provider’s collection, use, or disclosure of personal information, shall be resolved through binding arbitration in accordance with the terms set forth in the Letter of Engagement and Understanding.

Changes To Privacy Notice

The Provider reserves the right, at any time and without prior notice, to add to, update, or modify this Privacy Notice. The Provider will notify the Client by providing a link to the Provider’s website and sending the Client a notification through email. Any such change, update or modification will be effective immediately upon posting on the Provider’s website.