Privacy Policy

FRANKLIN PARK LINCOLN, INC.

STATEMENT OF PRIVACY POLICIES AND INFORMATION SECURITY STANDARDS

Effective July 1, 2001, the Financial Services Modernization Act of 1999, more commonly know as the "Gramm-Leach-Bliley Act", requires "financial institutions" that collect nonpublic personal information about customers who obtain a "financial product or service" to: (1) Implement privacy policies and procedures to protect the information they collect; and (2) Provide the customers with certain notices, including an Initial Privacy Policy Notice and, if applicable, an Annual Notice. addition, as of May 23, 2003, any financial institution that collects personal information from their customers must comply with the Federal Trade Commission's Safeguards Rule, which requires financial institutions to develop a written information security plan that describes their program protect customer information. In certain circumstances, our Company may be deemed to be "financial institution" for purposes of the Gramm-Leach-Bliley Act and the Federal Trade Commission's Implementing Rules. The purpose of this Statement is to advise you of your responsibilities as an Employee of our Company. As a condition of your employment with our Company, you agree to:

1. Read this "Statement of Privacy Policies and Information Security Standards" and familiarize yourself with the information contained herein.

2. Follow our procedures for providing copies of our Privacy Policies to each applicant and customer.

3. Follow our procedures for safeguarding and protecting applicant and customer information in accordance with our Information Security Standards.

OUR PRIVACY POLICY

Employees are responsible for providing copies of our Privacy Policies to each applicant and customer:

1. Applicant Privacy Policy:

a. In person when the applicant completes an Application;

b. By mail within five day(s) of receipt of the information to complete an Application via the telephone;

2. Customer Privacy Policy:

a. In person or by mail subsequent to the Company's acquisition of a Retail Installment Contract involving the Customer.

OUR INFORMATION SECURITY STANDARDS

Our Program Coordinator

We have appointed Paul Schneider as Program Coordinator of our Company's Information Security Program. It is the Program Coordinator's responsibility to design, implement and maintain privacy policies and information safeguard standards as he/he determines to be necessary from time to time. The Program Coordinator will report directly to Robert J. Fleisher, President. In the event the Program Coordinator ceases to be employed or is unable to perform his responsibilities, Robert J. Fleisher, President, shall take over the responsibilities of the Program Coordinator until a new permanent Program Coordinator is appointed.

Based upon the Program Coordinator's risk assessment of our Finance Company's operations, including employee management and training and our information systems (i.e. information collection, processing, storage, transmission and disposal, and potential system failures), the following privacy policies and information security standards have been adopted for all of our employees and any independent contractors. Individual employees may be given additional responsibilities as well. Compliance with our Company's privacy policies and information security standards is a condition of your employment with us.

Employee Interviewing, Hiring and Training

All current and new employees, as well as independent contractors who perform services on behalf of the Company, will:

1. Be subject to satisfactory reference and consumer/criminal report investigations.

2. Participate in any information security standards training program conducted by the Company.

3. Sign and acknowledge his/her agreement to our Company's Statement of Privacy Policies and Information Security Standards.

4. Be responsible for protecting the confidentiality and security of the applicant and customer information our Company collects and for using the information in accordance with our Privacy Policies.

Obtaining Applicant and Customer Information and Verifying Applicant and Customer Identities

The following procedures have been implemented with respect to obtaining applicant and customer information and verifying applicant and customer identities:

1. Forms utilized by the Company request information, such as names, addresses, telephone numbers, birth dates, social security numbers, tax identification numbers, and driver's license and insurance information, to enable the Company to verify identification.

2. Employees must request to see the applicant's or customer's driver's license or other form of government-issued identification bearing a photograph to verify the applicant's or customer's identity and will make a copy of the same to retain in the file. In connection with a transaction, the applicant or customer must complete a credit application, provide employment information and references, and authorize the Company to obtain a credit report. Employees may also request copies of the applicant's or customer's utility bills, bank or credit card statements and paycheck stubs.

3. In the event that information provided in documentation is conflicting or cannot be verified upon further inquiry, employees shall request additional government-issued documentation evidencing the applicant's or customer's residence and bearing a photograph or other safeguard (i.e. a social security card, alien identification card, or passport) to enable employees to form a reasonable belief that they know the applicant's or customer's true identity. If information still cannot be verified, employees shall notify the Program Coordinator for further instructions.

Protecting the Confidentiality and Security of Applicant and Customer Information

Each employee is responsible for protecting the confidentiality and security of applicant or customer information our Company collects and for using the information in accordance with our Privacy Policy. The following security procedures must be followed in order to protect the information:

1. Employees shall have access only to that applicant or customer information which is necessary to complete their designated responsibilities. Employees shall not access or provide any other unauthorized person access to applicant or customer information that is obtained during the course of employment. Employees must refer requests for applicant or customer information to the Program Coordinator when such requests are not received within the ordinary course of the Company's business or are for information that the employee is not authorized to provide.

2. All paper and electronic records must be stored in secure locations to which only authorized employees have access. Any paper records containing customer information must be stored in a deal jacket or folder. Paper records must be stored in an office, desk, or file cabinet that is locked when unattended. Electronic records will be stored on a secure server that is located in a locked room and is accessible only with a password. Where appropriate, records will be maintained in a fireproof file cabinet and/or at an offsite location. Customers, vendors and service providers shall not be left in an area with insecure customer records.

3. Access to electronic applicant or customer information will be password controlled. Every employee with access to the Company's computer system and electronic records will have unique password consisting of at least eight characters, including numbers and letters. Only employees that need to access electronic records will be provided with passwords. Passwords may not be posted near computers or shared any other person.

4. Employees that have access to the computer system and electronic records may not download any software or applications to our Company computers or open e-mail attachments from unknown sources. Employees must log off of any Internet, E-mail or other account when it is not in use.

5. Electronic records may not be downloaded to a disk or individual computer without explicit authorization from the Program Coordinator. If applicant or customer information is transmitted electronically over external networks, employees must encrypt the information at the time of transmittal.

6.All data must be erased from computers, disks, hard drives or any other electronic media that contain applicant or customer information before disposing of them and, where appropriate, hard drives will be removed and destroyed. Any paper records must be shredded and stored in a designated secure area until an authorized disposal/recycling service picks it up.

7.Employees may not remove any applicant or customer information, whether contained on paper records or electronic records from the Company or disclose our security standards to any person who is not employed by us without authorization from the Program Coordinator.

8. Only that information which is necessary to complete a transaction initiated by an applicant or customer, is specifically authorized to be disclosed and/or is permitted to be disclosed by law shall be provided to service providers, marketers or any other parties. If you are unsure as to whether a specific disclosure is permitted, it is your responsibility to check with the Program Coordinator to verify that it is acceptable to release the information before doing so.

9. Neither current nor former employees will be permitted to remove any applicant or customer information from the Company, whether contained in paper records or electronic records, or to disclose our information security standards to any person without authorization from the Program Coordinator.

10. The Program Coordinator should be notified immediately of any attempts by unauthorized persons to obtain access to applicant or customer information and/or if any password or applicant or customer information is subject to unauthorized access.

11. When an employee ceases to be employed by the Company, he/she must turn in any keys that provide access to the Company and file cabinets, desks, and offices in the Company; passwords and security codes, if applicable, will be deleted.

Disciplinary Action

Any employee that fails to abide by our Statement of Privacy Policies and Security Standards, whether such failure is intentional or unintentional, will be subject to appropriate disciplinary action, which may include termination of employment.