Freebie

Privacy Policy for Mani O’Brien Martech Consulting, LLC DBA OBrien Marketing Group (OMG)

Effective Date: January 1, 2024

Mani O’Brien Martech Consulting, LLC, doing business as OBrien Marketing Group (OMG) (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [Insert Website URL] and our services.

Information We Collect

We may collect personal information such as your name, email address, phone number, and job title when you contact us or use our services. We may also collect non-personal information such as your IP address, browser type, and referring website.

How We Use Your Information

We may use your information to:

Provide, operate, and maintain our website and services
Communicate with you, including responding to your inquiries
Personalize and improve our website and services
Analyze how you use our website and services
Comply with legal and regulatory requirements
How We Share Your Information

We may share your information with third parties, including service providers, business partners, and affiliates, to provide our services and for other purposes described in this Privacy Policy. We may also disclose your information in response to legal requests or to protect our rights.

Cookies and Similar Technologies

We may use cookies and similar technologies to collect information about your browsing activities. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

Data Security

We take reasonable measures to protect your information from unauthorized access, disclosure, alteration, or destruction. However, no data transmission over the Internet or wireless network can be guaranteed to be 100% secure.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

Mobile Terms of Service

Obrien Marketing Group

Last updated: April 26, 2024

The Obrien Marketing Group mobile message service (the “Service”) is operated by Mani O’Brien Martech Consulting, LLC (“Obrien Marketing Group”, “we”, or “us”). Your use of the Service constitutes your agreement to these terms and conditions (“Mobile Terms”). We may modify or cancel the Service or any of its features without notice. To the extent permitted by applicable law, we may also modify these Mobile Terms at any time and your continued use of the Service following the effective date of any such changes shall constitute your acceptance of such changes.

By consenting to Obrien Marketing Group’s SMS/text messaging service, you agree to receive recurring SMS/text messages from and on behalf of Obrien Marketing Group through your wireless provider to the mobile number you provided, even if your mobile number is registered on any state or federal Do Not Call list. Text messages may be sent using an automatic telephone dialing system or other technology. Service-related messages may include updates, alerts, and information (e.g., order updates, account alerts, etc.). Promotional messages may include promotions, specials, and other marketing offers (e.g., cart reminders).

You understand that you do not have to sign up for this program in order to make any purchases, and your consent is not a condition of any purchase with Obrien Marketing Group. Your participation in this program is completely voluntary.

We do not charge for the Service, but you are responsible for all charges and fees associated with text messaging imposed by your wireless provider. Message frequency varies. Message and data rates may apply. Check your mobile plan and contact your wireless provider for details. You are solely responsible for all charges related to SMS/text messages, including charges from your wireless provider.

You may opt-out of the Service at any time. Text the single keyword command STOP to +18445521274 or click the unsubscribe link (where available) in any text message to cancel. You’ll receive a one-time opt-out confirmation text message. No further messages will be sent to your mobile device, unless initiated by you. If you have subscribed to other Obrien Marketing Group mobile message programs and wish to cancel, except where applicable law requires otherwise, you will need to opt out separately from those programs by following the instructions provided in their respective mobile terms.

For Service support or assistance, text HELP to +18445521274 or email marketing@maniobrien.co.

We may change any short code or telephone number we use to operate the Service at any time and will notify you of these changes. You acknowledge that any messages, including any STOP or HELP requests, you send to a short code or telephone number we have changed may not be received and we will not be responsible for honoring requests made in such messages.

The wireless carriers supported by the Service are not liable for delayed or undelivered messages. You agree to provide us with a valid mobile number. If you get a new mobile number, you will need to sign up for the program with your new number.

To the extent permitted by applicable law, you agree that we will not be liable for failed, delayed, or misdirected delivery of any information sent through the Service, any errors in such information, and/or any action you may or may not take in reliance on the information or Service.

Contact Us

If you have any questions or concerns about our Privacy Policy, please contact us at hello@maniobrien.co

Written Information Security Program (WISP)

The objectives of this comprehensive written information security program (“WISP”) include defining, documenting, and supporting the implementation and maintenance of the administrative, technical, and physical safeguards OBrien Martech Consulting, LLC (“OBrien Martech Consulting”) has selected to protect the personal information it collects, creates, uses, and maintains. If this WISP conflicts with any legal obligation or other OBrien Martech Consulting policy or procedure, the provisions of this WISP shall govern, unless the Information Security Coordinator specifically reviews, approves, and documents an exception (see Section 3).

  1. Purpose. The purpose of this WISP is to:

    1. Ensure the security, confidentiality, integrity, and availability of Personal Information and Sensitive Information OBrien Martech Consulting collects, creates, uses, and maintains.

    2. Protect against any anticipated threats or hazards to the security, confidentiality, integrity, or availability of such information.

    3. Protect against unauthorized access to or use of OBrien Martech Consulting-maintained Personal Information and Sensitive Information that could result in substantial harm or inconvenience to any customer or employee.

    4. Define an information security program that is appropriate to OBrien Martech Consulting’s size, scope, and business, its available resources, and the amount of Personal Information and Sensitive Information that OBrien Martech Consulting owns or maintains on behalf of others, while recognizing the need to protect both customer and employee information.

  2. Scope. This WISP applies to all employees, contractors, officers, and directors of OBrien Martech Consulting. It applies to any records that contain Personal Information and Sensitive Information in any format and on any media, whether in electronic or paper form.

    1. For purposes of this WISP, “personal information” means either a US resident’s first and last name or first initial and last name in combination with any one or more of the following data elements, or any of the following data elements standing alone or in combination, if such data elements could be used to commit identity theft against the individual:

      1. Social Security number;

      2. Driver’s license number, other government-issued identification number, including passport number, or tribal identification number;

      3. Account number, or credit or debit card number, with or without any required security code, access code, personal identification number, or password that would permit access to the individual’s financial account GLBA: , or any personally identifiable financial information or consumer list, description, or other grouping derived from personally identifiable financial information, where personally identifiable financial information includes any information:

        1. A consumer provides OBrien Martech Consulting to obtain a financial product or service;

        2. About a consumer resulting from any transaction involving a financial product or service with OBrien Martech Consulting; or

        3. Information OBrien Martech Consulting otherwise obtains about a consumer in connection with providing a financial product or service].

      4. Health information, including information regarding the individual’s medical history or mental or physical condition, or medical treatment or diagnosis by a healthcare professional/created or received by OBrien Martech Consulting]/HIPAA: , which identifies or for which there is a reasonable basis to believe the information can be used to identify the individual and which relates to the past, present, or future physical or mental health or condition of the individual, the provision of health care to the individual, or payment for the provision of health care to the individual;

      5. Health insurance identification number, subscriber identification number, or other unique identifier used by a health insurer;

      6. Biometric data collected from the individual and used to authenticate the individual during a transaction, such as an image of a fingerprint, retina, or iris; or

      7. Email address with any required security code, access code, or password that would permit access to an individual’s personal, medical, insurance, or financial account.

    2. Personal information does not include lawfully obtained information that is available to the general public, including publicly available information from federal, state, or local government records.

    3. For purposes of this WISP, “Sensitive Information” means data that:

      1.  OBrien Martech Consulting considers to be highly confidential information; or

      2. If accessed by or disclosed to unauthorized parties, could cause significant or material harm to OBrien Martech Consulting, its customers, or its business partners.

      3. Sensitive information includes, but is not limited to, Personal Information, Confidential Information and Client Materials, as defined above or in the OBrien Martech Consulting Confidential Services Agreement]

  1. Information Security Coordinator. OBrien Martech Consulting has designated CTO to implement, coordinate, and maintain this WISP (the “Information Security Coordinator”). The Information Security Coordinator shall be responsible for:

    1. Initial implementation of this WISP, including:

      1. Assessing internal and external risks to Personal Information and Sensitive Information and maintaining related documentation, including risk assessment reports and remediation plans (see Section 4);

      2. Coordinating the development, distribution, and maintenance of information security policies and procedures (see Section 5);

      3. Coordinating the design of reasonable and appropriate administrative, technical, and physical safeguards to protect Personal Information and Sensitive Information (see Section 6);

      4. Ensuring that the safeguards are implemented and maintained to protect Personal Information and Sensitive Information throughout OBrien Martech Consulting, where applicable (see Section 6);

      5. Overseeing service providers that access or maintain Personal Information and Sensitive Information on behalf of OBrien Martech Consulting (see Section 7);

      6. Monitoring and testing the information security program’s implementation and effectiveness on an ongoing basis (see Section 8);

      7. Defining and managing incident response procedures (see Section 9); and

      8. Establishing and managing enforcement policies and procedures for this WISP, in collaboration with OBrien Martech Consulting human resources and management (see Section 10).

    2. Employee, contractor, and (as applicable) stakeholder training, including:

      1. Providing periodic training regarding this WISP, OBrien Martech Consulting’s safeguards, and relevant information security policies and procedures for all employees, contractors, and (as applicable) stakeholders who have or may have access to Personal Information and Sensitive Information;

      2. Ensuring that training attendees formally acknowledge their receipt and understanding of the training and related documentation, through digital or written acknowledgement forms (sent to all new hires as part of their onboarding/training process).

      3. Retaining training and acknowledgment records.

    3. Reviewing this WISP and the security measures defined here at least annually, or whenever there is a material change in OBrien Martech Consulting’s business practices that may reasonably implicate the security, confidentiality, integrity, or availability of records containing Personal Information and Sensitive Information (see Section 11).

    4. Defining and managing an exceptions process to review, approve or deny, document, monitor, and periodically reassess any necessary and appropriate, business-driven requests for deviations from this WISP or OBrien Martech Consulting’s information security policies and procedures.

    5. Periodically reporting to OBrien Martech Consulting management regarding the status of the information security program and OBrien Martech Consulting’s safeguards to protect Personal Information and Sensitive Information.

  2. Risk Assessment. As a part of developing and implementing this WISP, OBrien Martech Consulting will conduct a periodic, documented risk assessment[, at least annually, or whenever there is a material change in OBrien Martech Consulting’s business practices that may implicate the security, confidentiality, integrity, or availability of records containing Personal Information and Sensitive Information.

    1. The risk assessment shall:

      1. Identify reasonably foreseeable internal and external risks to the security, confidentiality, integrity, or availability of any electronic, paper, or other records containing Personal Information and Sensitive Information;

      2. Assess the likelihood and potential damage that could result from such risks, taking into consideration the sensitivity of the Personal Information and Sensitive Information; and

      3. Evaluate the sufficiency of relevant policies, procedures, systems, and safeguards in place to control such risks, in areas that include, but may not be limited to:

        1. Employee, contractor, and (as applicable) stakeholder training and management;

        2. Employee, contractor, and (as applicable) stakeholder compliance with this WISP and related policies and procedures;

        3. Information systems, including network, computer, and software acquisition, design, implementation, operations, and maintenance, as well as data processing, storage, transmission, retention, and disposal; and

        4. OBrien Martech Consulting’s ability to prevent, detect, and respond to attacks, intrusions, and other security incidents or system failures.

    2. Following each risk assessment, OBrien Martech Consulting will:

      1. Design, implement, and maintain reasonable and appropriate safeguards to minimize identified risks;

      2. Reasonably and appropriately address any identified gaps; and

      3. Regularly monitor the effectiveness of OBrien Martech Consulting’s safeguards, as specified in this WISP (see Section 8).

  3. Information Security Policies and Procedures. As part of this WISP, OBrien Martech Consulting will develop, maintain, and distribute information security policies and procedures in accordance with applicable laws and standards to relevant employees, contractors, and (as applicable) other stakeholders to:

    1. Establish policies regarding:

      1. Information classification;

      2. Information handling practices for Personal Information and Sensitive Information, including the storage, access, disposal, and external transfer or transportation of Personal Information and Sensitive Information;

      3. User access management, including identification and authentication (using passwords or other appropriate means);

      4. Encryption;

      5. Computer and network security;

      6. Physical security;

      7. Incident reporting and response;

      8. Employee and contractor use of technology, including Acceptable Use and Bring Your Own Device to Work (BYOD); and

      9. Information systems acquisition, development, operations, and maintenance.

    2. Detail the implementation and maintenance of OBrien Martech Consulting’s administrative, technical, and physical safeguards (see Section 6).

  4. Safeguards. OBrien Martech Consulting will develop, implement, and maintain reasonable administrative, technical, and physical safeguards in accordance with applicable laws and standards to protect the security, confidentiality, integrity, and availability of Personal Information and Sensitive Information that OBrien Martech Consulting owns or maintains on behalf of others.

    1. Safeguards shall be appropriate to OBrien Martech Consulting’s size, scope, and business, its available resources, and the amount of Personal Information and Sensitive Information that OBrien Martech Consulting owns or maintains on behalf of others, while recognizing the need to protect both customer and employee information.

    2. OBrien Martech Consulting shall document its administrative, technical, and physical safeguards in OBrien Martech Consulting’s information security policies and procedures (see Section 5).

    3. OBrien Martech Consulting’s administrative safeguards shall include, at a minimum:

      1. Designating one or more employees to coordinate the information security program (see Section 3);

      2. Identifying reasonably foreseeable internal and external risks, and assessing whether existing safeguards adequately control the identified risks (see Section 4);

      3. Training employees in security program practices and procedures, with management oversight (see Section 3);

      4. Selecting service providers that are capable of maintaining appropriate safeguards, and requiring service providers to maintain safeguards by contract (see Section 7); and

      5. Adjusting the information security program in light of business changes or new circumstances (see Section 11).

    4. OBrien Martech Consulting’s technical safeguards shall include maintenance of a security system covering its network (including wireless capabilities) and computers that, at a minimum, and to the extent technically feasible, supports:

      1. Secure user authentication protocols, including:

        1. Controlling user identification and authentication with a reasonably secure method of assigning and selecting passwords (ensuring that passwords are kept in a location or format that does not compromise security) or by using other technologies, such as biometrics or token devices;

        2. Restricting access to active users and active user accounts only and preventing terminated employees or contractors from accessing systems or records; and

        3. Blocking a particular user identifier’s access after multiple unsuccessful attempts to gain access or placing limitations on access for the particular system.

      2. Secure access control measures, including:

        1. Restricting access to records and files containing Personal Information and Sensitive Information to those with a need to know to perform their duties; and

        2. Assigning to each individual with computer or network access unique identifiers and passwords (or other authentication means, but not vendor-supplied default passwords) that are reasonably designed to maintain security.

      3. Encryption of all Personal Information and Sensitive Information traveling wirelessly or across public networks;

      4. Encryption of all Personal Information and Sensitive Information stored on laptops or other portable or mobile devices, and to the extent technically feasible, Personal Information and Sensitive Information stored on any other device or media (data-at-rest)];

      5. Reasonable system monitoring for preventing, detecting, and responding to unauthorized use of or access to Personal Information and Sensitive Information or other attacks or system failures;

      6. Reasonably current firewall protection and software patches for systems that contain (or may provide access to systems that contain) Personal Information and Sensitive Information; and

      7. Reasonably current system security software (or a version that can still be supported with reasonably current patches and malicious software (“malware”) definitions) that (1) includes malware protection with reasonably current patches and malware definitions, and (2) is configured to receive updates on a regular basis.

    5. OBrien Martech Consulting’s physical safeguards shall, at a minimum, provide for:

      1. Defining and implementing reasonable physical security measures to protect areas where Personal Information and Sensitive Information may be accessed, including reasonably restricting physical access and storing records containing Personal Information and Sensitive Information in locked facilities, areas, or containers;

      2. Preventing, detecting, and responding to intrusions or unauthorized access to Personal Information and Sensitive Information, including during or after data collection, transportation, or disposal; and

      3. Secure disposal or destruction of Personal Information and Sensitive Information, whether in paper or electronic form, when it is no longer to be retained in accordance with applicable laws or accepted standards.

  5. Service Provider Oversight. OBrien Martech Consulting will oversee each of its service providers that may have access to or otherwise create, collect, use, or maintain Personal Information and Sensitive Information on its behalf by:

    1. Evaluating the service provider’s ability to implement and maintain appropriate security measures, consistent with this WISP and all applicable laws and OBrien Martech Consulting’s obligations.

    2. Requiring the service provider by contract to implement and maintain reasonable security measures, consistent with this WISP and all applicable laws and OBrien Martech Consulting’s obligations.

    3. Monitoring and auditing the service provider’s performance to verify compliance with this WISP and all applicable laws and OBrien Martech Consulting’s obligations.

  6. Monitoring. OBrien Martech Consulting will regularly test and monitor the implementation and effectiveness of its information security program to ensure that it is operating in a manner reasonably calculated to prevent unauthorized access to or use of Personal Information and Sensitive Information. OBrien Martech Consulting shall reasonably and appropriately address any identified gaps.

  7. Incident Response. OBrien Martech Consulting will establish and maintain policies and procedures regarding information security incident response (see Section 5). Such procedures shall include:

    1. Documenting the response to any security incident or event that involves a breach of security.

    2. Performing a post-incident review of events and actions taken.

    3. Reasonably and appropriately addressing any identified gaps.

  8. Enforcement. Violations of this WISP will result in disciplinary action, including immediate termination, in accordance with OBrien Martech Consulting’s information security policies and procedures and human resources policies.

  9. Program Review. OBrien Martech Consulting will review this WISP and the security measures defined herein at least annually, or whenever there is a material change in OBrien Martech Consulting’s business practices that may reasonably implicate the security, confidentiality, integrity, or availability of records containing Personal Information and Sensitive Information.

    1. OBrien Martech Consulting shall retain documentation regarding any such program review, including any identified gaps and action plans.

  10. Effective Date. This WISP is effective as of 12/09/2021.

    1. Revision History: Original publication 12/09/2021.