Privacy Policy

SUPERIOR MORTGAGE CORP.
PRIVACY POLICY

Mission Statement
We, at Superior Mortgage Corp. (SMC), believe that the basis of each consumer relationship is trust. When an individual(s) chooses to do business with SMC, we are obligated to honor that relationship with great care. This begins with the information that they choose to share with us. We believe that the confidentiality of non-public personal information should not be compromised.

Responsibility
SMC's Safeguard Program Officers are the Senior Manager of Information Technology and the Senior Manager of Compliance and Quality Control. They have been given the ultimate responsibility to appropriately establish and maintain this policy and related procedures. They have the responsibility to assure that adherence to this policy and related procedures are being observed on a daily basis by all employees.

Background and Overview
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act or GLB Act includes provisions to protect consumers' non-public personal financial information held by financial institutions. The "Act" states: "It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information." There are three principal parts of the privacy requirements:

Policy Definitions
Consumer relationship: Any individual who is seeking to obtain or has obtained a financial product or service from SMC that is to be used primarily for personal, family, or household purposes, or that individual's legal representative. A consumer does not, however, have a continuing relationship with you if you sell the consumer's loan and do not retain the rights to service the loan.
Customer relationship: Any individual who has a continuing relationship with SMC under which we provide one or more financial products or services (to the individual) that is used primarily for personal, family, or household purposes. In the case where the financial product or service is a mortgage loan, a customer relationship only exists where we own the servicing rights.
Non-affiliated Third Party: Any company that is not an affiliate of SMC.
Non-public personal information: Information that is collected in order to provide a financial product or service. Non-public personal information does not include information that is available from public sources, such as telephone directories or government records.
Personally identifiable financial information: Any information that SMC collects about a consumer in conjunction with providing a financial product or service. This includes:

Public information: Any information that we at SMC have a reasonable basis to believe is lawfully made available to the general public from Federal, State or local government records, widely distributed media, or disclosures to the general public that are required to be made by law.

Information We Collect
As part of our application process we may collect information such as name, address, telephone number, social security number, annual income, current and past employers, deposit and loan information and payment history. We may collect information from consumer reporting agencies regarding credit and payment histories. We may retain this information in our files.

Information That We May Disclose to Non-affiliated Companies Who Provide Necessary Business Functions or Services
We may share non-public personal information with certain non-affiliated companies that act as our agent to provide access to product or services that may benefit consumers or which may be required by law. These companies perform a necessary business function. These companies are required to keep confidential any information that we disclose to them. Examples of non-public personal information may be information we receive on an application such as assets, liabilities or income.

Business Relationships with Third Parties
In the course of providing quality financial services, SMC is required to provide or obtain personally identifiable information to various third parties. We will only provide this information if an Information Security Agreement is in place with that third party. A sample is contained in Section 7 of the IT Security/Safeguard Manual. This agreement requires third parties to maintain confidentiality of the information to at least the same extent that SMC. Their use of that information will be limited solely to the purpose for which it is disclosed or as otherwise permitted by law.

Exceptions
The Right to Financial Privacy Act (RFPA) established specific procedures for government authorities which seek information from a financial institution about a consumer's financial records and imposed limitation and duties on financial institution prior to release of information sought by government agencies. The Act only applies to records of an individual or a partnership of not more than five individuals. Records may be produced for an agency only in accordance with the access methods defined in the Act. These occur when:

Information or records may be provided even though none of the access methods above have been used if the information is related to the commission of a crime or the violation of a statue or regulation.

Privacy Notice
Based upon the definitions of "consumer" and "customer", SMC primarily has a consumer relationship with its borrowers since most of its loans are sold "servicing released". This means we must follow the regulation of GLBA as they apply to consumer relationships. Under the regulation, we are required to give an initial "Privacy Notice Disclosure" at the time of application. Because it is not the policy of SMC to disclose or sell any non-public personal information, the section of the Privacy Notice Disclosure labeled "Privacy Non-Disclosure Notice" should be checked. This section of the disclosure best describes our policy regarding how we handle our borrowers' non-public personal information.

Risk Identification
On an annual basis, SMC will identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of information. Based on those identified, the likelihood and potential damage to those threats will be assessed, taking into consideration the sensitivity of consumer information. For those areas of exposure, the adequacy of the policies and procedures will be evaluated. On an ongoing basis, responsibility is fixed with all Department Heads, Managers, Branch Managers and/or business line managers to ensure that security measures for managing and controlling risks are in place.

Security
We restrict access to personal information to those employees who need to know that information to provide products and services to you. Employees who violate our strict confidentiality standards are subject to disciplinary action, up to and including termination of employment. We maintain physical, electronic and procedural safeguards that comply with federal standards to guard non-public personal information.

Training
On an annual basis, all employees will be required to review the Procedure Manual and supplemental training will be provided as deemed necessary. Certification Records will be maintained to evidence the scope of training. The scope of training will be coordinated through SMC's Safeguard Officers. At a minimum, training will include:

Testing
The security procedures as outline in the SMC's Information Technology Security/Safeguard Manual will be tested on an annual basis. SMC's Safeguard Officers will ensure that controls, systems and procedures are in compliance with the required standards as indicated in Section 501(b), Safeguards Rule, of the GLBA.