Effective Date: August 25, 2020
This privacy notice discloses the privacy practices for https://www.tnacpas.com. This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:
- What information we collect;
- With whom it is shared;
- How it can be corrected;
- How it is secured;
- How policy changes will be communicated; and
- How to address concerns over misuse of personal data.
Information Collection, Use, and Sharing
Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the Contact form or phone number provided on our website:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data.
We take precautions to protect your information. When you submit sensitive information via the website Portal, your information is protected both online and offline. Our firm uses WorkSpace™ Portal. The Portal is accessed via the Client Login link and allows the secure exchange of documents. Each Portal user must create their own password. Torkelson & Associates does not store user passwords and no client user passwords are known to us. Users may re-set their password using the Forgot Password? feature.
You can verify the Portal connection is secure by looking for a closed lock icon in your web browser or looking for “https” at the beginning of the address of the web page.
The datacenter for WorkSpace™ Portal is maintained by Rackspace Hosting which has completed an examination in conformity with Statement on Auditing Standards No. 70 (SAS 70 Type II and SOC II). WorkSpace™ Portal uses 256 bit encryption using HTTPS secure protocol and is also FINRA and HIPPA compliant. Completion of the examinations indicates that selected Rackspace’s processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing firm. The examination included the company’s controls related to security monitoring, change management, service delivery, support services, backup and environmental controls, logical and physical access. SAS 70 is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for a user organization’s management to obtain assurance about service organization’s internal controls without conducting separate assessments. A service auditor’s examination performed in accordance with SAS No. 70 (SAS 70 Audit) is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. A Type II report not only includes the service organization’s description of controls, but also includes detailed testing of the design and operating effectiveness of the service organization’s controls. Extended Validation displays the green verified address bar in end user browsers. WorkSpace™ Portal’s effective challenge response meets the IRS standards against web site attacks from malicious bots by using failed login lockout standards. In addition, WorkSpace™ Portal maintains physical, electronic and procedural safeguards that comply with applicable law and federal standards. While the portal provides a secure method to provide information online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g, billing or customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.
Notification of Changes
This web site contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.