Privacy Policy

Welcome to Residential Home Funding’s web site. This section explains our policy regarding any personal information you might supply to us when you visit this site. Our goal is to protect your information on the Internet in the same way that we protect it in all the other ways we interact with you: in branches and on the phone.

You can visit this site and find out about our products and services, read about our company, check on career opportunities, get a news update, or other value-added services without giving us any information about yourself.

We will maintain this information, as well as your business activities and transactions, according to our usual strict security and confidentiality standards.

In order to provide better service, we use “cookies”. A cookie is a small piece of information which a web site stores on your web browser on your computer and can later retrieve. The cookie cannot be read by a web site other than the one that set the cookie. We use cookies for a number of administrative purposes, for example, to store your preferences for certain kinds of information.

Most cookies last only through a single session, or visit. None will contain information that will enable anyone to contact you by telephone, e-mail, or postal mail. You can set up your web browser to inform you when cookies are sent, or to prevent cookies from being set.

Your Privacy Matters to Us

We recognize the importance to you of keeping your information secure and confidential. We will not sell or share nonpublic personal information about you with third parties either outside or within our corporate family except as explained in this Privacy Policy. This Privacy Policy covers personally identifiable information about both current and former customers who obtain financial products or services from us primarily for personal, family or household purposes, and is provided as required by the Federal Financial Privacy Law.

Collecting Information

When you seek to obtain financial products and services from us, we may collect nonpublic personal information about you from the following sources:

Applications and other forms, or through other communication including information provided by mail, telephone, in person or electronically. Such information may include your name, address, employment, income, and other identifying information. Your transactions with us, members of our corporate family, or others. Such information may include, for example, your account balance and payment history. Consumer reporting agencies or other companies, which may include, for example, information regarding your creditworthiness or credit history. Other sources which may include, for example, verification of your employment history, credit balances, property insurance coverage or other representations made by you.

Sharing Information Outside of Our Corporate Family

We may share all of the information described above with our service providers, whose services may include, for example, mailing account statements. Service providers may include, for example, insurance companies, payment processing companies, mail service companies, check printing companies, and data processing companies. We may also share the information described above with companies that perform marketing services on our behalf. Such companies have agreed to keep confidential the information that we provide to them and to use the information only to carry out the functions we have asked them to perform. We do not share your nonpublic personal information with any company outside our corporate family for the purpose of marketing that company’s products or services. Finally, we may disclose all of the information above as permitted by law.

Sharing Information With Affiliated Companies

We may also share information regarding your transaction and account experience with us, including your name and address and your payment history with us, among our affiliated financial services companies, such as our mortgage banking companies and insurance agency. By sharing that information, we can better serve your financial needs and notify you of financial products and services that might interest you.

Former Customers

If you were, but are no longer, our customer, the policies and practices described in this Privacy Policy will apply to you except as stated below in the section on “Additional Rights and Modifications.”

Protecting Confidentiality And Security

We restrict access to nonpublic personal information about you to only those employees whom we have determined need to know that information in the course of their job responsibilities. We maintain physical, electronic, and procedural safeguards that comply with applicable federal standards to protect nonpublic personal information.

Additional Rights And Modifications

You may have other privacy protections under state law. We will provide notice of our Privacy Policy to you annually, as long as you maintain a customer relationship with us. We reserve the right to change this Privacy Policy in any respect at any time, and we will inform you of changes as required by law.

Special Notice To California Residents

The information sharing practices described above are designed in accordance with federal law. California law places additional restrictions on sharing information about California residents, so long as they remain California residents. If you are a California resident, you have the right to control whether we share some of your personal and financial information with our affiliated companies and other companies we do business with to provide financial products and services. Please refer to the California notice of Important Privacy Choices for Consumers.

Special Notice To Vermont Residents

The information sharing practices described above are designed in accordance with federal law. Vermont law places additional restrictions on sharing information about Vermont residents, so long as they remain Vermont residents. If you are a Vermont resident, we will not share consumer credit reports with our affiliates without your consent, and we will only disclose your name, contact information, and our own experience information to companies that perform marketing services on our behalf. Otherwise, we will share information in accordance with the practices described above.

Business Continuity

Business Continuity refers to the activities required to keep our organization running during a period of displacement or interruption of normal operation. 

Business Continuity Management & Disaster Recovery Programs

RealFi views recovery of its business operations and supporting technology, Business Continuity Management (“BCM”) and technology Disaster Recovery (”DR”) respectively, as a critical and fundamental part of its ability to fulfill its fiduciary responsibilities to clients. As such, significant resources and effort are dedicated to these programs.

RealFi maintains business continuity and crisis response plans to facilitate the continuity of business in the event of a business disruption. RealFi’s executive management is responsible for oversight and governance of the firm’s BCM program, supported by the Business Continuity Management group, which manages the program.  In order to maintain a resilient technology environment, the DR program has implemented strategies for near zero downtime and near zero data loss for all applications that support critical business processes as defined by the BCM Program. 

RealFi’s BCM/DR programs have several key elements, including:

  • Planning
  • Training and Awareness
  • Exercises and Testing
  • Third Party Resiliency

Planning

There are four main areas of focus that comprise the BCM/DR planning that RealFi performs:

  1. Business Continuity Plans: RealFi maintains Business Continuity Plans (BCPs) for each business function. The BCPs have the following two components:
  • Business Impact Analysis: The Business Impact Analysis (BIA) methodology is designed to assess both financial and non-financial impacts of the loss of a critical process. 
  • Business Recovery Plan: Business Recovery Plans (BRPs) are procedures designed to recover specific critical processes in support of continuity of operations in the event of a business disruption. These include recovery strategies for personnel, data, communications, information processing and facilities. Recovery Time Objectives (RTOs) are created for all critical business functions and services, and are validated through annual exercise requirements.
  1. Disaster Recovery Plans: Disaster Recovery Plans (DRPs) incorporate fail over strategies and are comprehensive enough to recover from a disruptive event affecting a data center facility yet modular enough to recover from the loss of a single server. The key elements of the DRPs include:
  • Communication Plan that identifies how personnel will be engaged when an event occurs as well as the frequency and method of communicating information and progress throughout the event
  • Incident Management Plan that includes information for establishing and maintaining a command center, responsibilities of the management team as well as a recommended methodology for decision making and escalation
  • Recovery Plans for each team that includes requirements, configuration and execution procedures for failing over each application to a secondary data center
  1. Crisis Management: RealFi has a program devoted to response planning which includes a full-featured Crisis Management framework.

Training and Awareness

RealFi uses several methods to keep employees aware of the critical role they play in preparing for and responding to potential business disruptions. Primary methods used include:

  • Mandatory annual all staff Emergency Preparedness & Business Recovery online training
  • Distribution of emergency pocket cards
  • Business recovery exercises
  • Crisis management training and exercises
  • Periodic educational intranet articles and emails

Exercises & Testing

RealFi exercises it BCPs to ensure the procedures for recovering business operations are appropriate, and that key personnel are familiar with documented procedures. Similarly, facilities-based exercises are conducted with BCM team participation. Broadly, the firm utilizes the following recovery strategies in its BCPs:

  • Remote Access exercises (e.g., work from home)
  • Alternative location exercises (e.g., work area recovery or alternate RealFi office)
  • Critical process transfer (e.g., transferring workload to another unaffected office and team)
  • System fail-over testing, including external vendors where appropriate
  • Evacuation drills, notification system tests and periodic generator tests

BCM exercise results are documented and reviewed with all involved participants following each exercise. Recommendations for improvements to the recovery process are identified and any corrective actions clearly defined and assigned to the appropriate personnel.

Third-Party Resiliency

One of the key components of the BCM planning process is our supplier management framework, which includes periodic reviews of the business continuity programs for key service providers. Risk assessments are used to determine the criticality of each service provider. For the most critical service providers, RealFi conducts targeted reviews and evaluations of BCM plans and, where appropriate, on-site visits.