I. Information collected and stored
NMLS collects and stores on behalf of the Agencies:
(1) Information provided by the Agencies and by
End Users that is used by the Agencies to issue
and maintain a state license or monitor a
Federal registration. This may include
nonpublic personal information of applicants as
well as confidential information submitted by
II. Use of information
NMLS makes available to Agencies the information they request to issue and maintain a license or monitor registrations (which may include nonpublic personal information and confidential information). NMLS makes available to End Users and other online viewers information as instructed by the Agencies.
SRR may copy, process, store, use or manipulate the information stored in NMLS for the purpose of disseminating aggregated information on a regional or national level. SRR may disseminate to the general public information stored in NMLS and not restricted from disclosure by the Agencies.
SRR may use Applicant contact information from time to time for the purposes of issuing communications concerning mortgage licensing and registration issues and NMLS to Applicants. Applicant Data may be checked against other State and Federal regulatory agency databases, the Social Security Administration or financial services or securities industry self regulatory organization databases, and Applicant Data may be shared with the relevant Agencies and financial services or securities industry self regulatory organizations subject to appropriate usage agreements. Certain Applicant Data submitted via the System, and other data or content uploaded to the System by Agencies, may be accessed publicly. SRR has no obligation with respect to any third party's use of data or content accessed via NMLS.
III. Control of information
Information submitted by an End User to an Agency through NMLS will be considered to be under that Agency’s control. Information submitted by an End User to more than one agency will be considered to be under the control of each Agency to which it is submitted. SRR will not be required to correct or alter any such information unless all Agencies that have control of such information consent to the change.
Once transmitted to an Agency, information will be the Agency's responsibility and subject to any Agency-administered privacy policies and public information laws. SRR is not responsible for any such information.
NMLS will create a unique identifier associated with End Users who use NMLS. The unique identifier is confidential and proprietary to SRR. SRR may, in its sole discretion, make this unique identifier public.
IV. Disclosure of information
SRR may disclose nonpublic personal identification and confidential information stored in NMLS for licensees if SRR believes it is required to do so by law; to protect itself or to protect the rights of another user; to reduce risk of credit or other kind of fraud; or to comply with a court order or other legal, regulatory, self-regulatory or governmental mandated policy, procedure or process. For federal registrants, such information would be shared only with the permission of the appropriate Federal Agency unless SRR is complying with a court order or other governmental mandated policy, procedure or process.
SRR uses third party service providers to help manage NMLS, its websites and databases, and to collect and disburse fees. These companies are required to maintain such information as confidential. SRR, however, is not responsible for the unauthorized access, use or disclosure of any nonpublic personal information or confidential information by a third party.
V. Breach and Breach Notification
In the event that SRR becomes aware of a security breach which SRR believes has resulted or may result in the unauthorized access, use or disclosure to nonpublic personal information of End Users, SRR will promptly investigate the matter and notify the applicable Agencies of such breach. Such investigation will be without delay, consistent with (1) legitimate needs of law enforcement; (2) measures necessary to determine the scope of the breach; (3) efforts to identify the individuals affected; and (4) steps to restore the reasonable integrity of NMLS.
The State Regulatory Agencies will be responsible for notifying their affected End Users and any other parties of any security breach in accordance with applicable law. Responsibility for notifying affected End Users and other third parties of any security breach will be in accordance with agreements between SRR and the respective Agencies. Unless otherwise required by law, SRR is not responsible for notifying End Users or any other parties of any such breach.
SRR will undertake commercially reasonable efforts to prevent from unauthorized access, use or disclosure the information submitted to and available through NMLS. SRR requires that its third party service providers implement security policies and procedures comparable to those used by SRR. SRR, however, is not responsible for the unauthorized access, use or disclosure of any nonpublic personal information or confidential information by a third party.
VII. Record Retention
SRR will retain End User information in NMLS for a minimum of five years after an End User no longer holds a valid State license or registration that is maintained in NMLS.
VIII. Policy Changes
©2012 SRR LLC | SRR Home