Arit Services CPNI Policy

 

In accordance with Section 222 of the Communications Act and the Federal Communications Commission’s (“FCC”) CPNI Rules (47 C.F.R. § 64.2001, et seq.), ARit Services, LLC (“ARit Services” or “Company”) has established the policies and procedures outlined below for collecting, accessing, using, and storing Customer Proprietary Network Information (“CPNI”). ARit Services provides telecommunications services to retail customers. Therefore, because ARit Services may collect, access, use, or store CPNI when providing these types of services, the Company undertakes the steps outlined in this Policy Statement to protect CPNI from unauthorized access or misuse.

Definition of CPNI
Under federal law, CPNI is certain customer information obtained by a telecommunications provider during the course of providing telecommunications and related services (including interconnected VoIP) to a customer. This includes information relating to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier. Examples of CPNI include information typically available from telephone-related details on a monthly bill such as the types of services purchased by a customer, numbers called, duration of calls, directory assistance charges, and calling patterns. CPNI does not include names, addresses, and telephone numbers of customers, because that information is considered subscriber list information under applicable law.

Use of CPNI
It is the policy of ARit Services not to use CPNI for any activity other than as permitted by applicable law. Any disclosure of CPNI to other parties (such as affiliates, vendors and agents) occurs only if it is necessary to conduct a legitimate business activity related to the services already provided by ARit Services to the customer. If ARit Services is not required by law to disclose CPNI or if the intended use is not otherwise permitted under FCC rules, the Company will first obtain the customer’s consent prior to using or sharing CPNI. ARit Services follows industry-standard practices to prevent unauthorized access to CPNI by a person other than the subscriber or Company. However, ARit Services cannot guarantee that these practices will prevent every unauthorized attempt to access, use, or disclose personally
identifiable information.

CPNI Notification
ARit Services notifies customers immediately of any account changes, including address ofrecord, authentication, online account, and password-related changes.

Employee Training Policies
All employees of ARit Services are trained as to when they are, and are not, authorized to use CPNI. Specifically, ARit Services prohibits its personnel from releasing CPNI based upon a customer-initiated telephone call except under the following three (3) circumstances.

• When the customer has pre-established a password and confirms that password when contacting ARit Services about CPNI-related matters;
• When the information requested by the customer is to be sent to the customer’s address of record; or
• When ARit Services calls the customer’s telephone number of record and discusses the information with the party initially identified by the customer when service was initiated.

Disclosure to Business Customers
ARit Services may negotiate alternative authentication and CPNI procedures for services that the Company provides to business customers that have a dedicated account representative and a contract that specifically addresses the protection of the business customer’s CPNI.

Disciplinary Procedures
ARit Services has informed its employees and agents that it considers compliance with the Communications Act and FCC rules regarding the use, disclosure, and access to CPNI to be very important. Violation by company employees or agents of such CPNI requirements will lead to disciplinary action (including remedial training, reprimands, unfavorable performance reviews, probation, and/or termination), depending upon the circumstances of the violation (including the severity of the violation, whether the violation was a first time or repeat violation, whether appropriate guidance was sought or received from a supervisor, and the extent to which the violation was or was not deliberate or malicious).

Use of CPNI in Sales and Marketing Campaigns
ARit Services does not use CPNI in its marketing campaigns. However, if ARit Services does use CPNI in marketing campaigns, the company will maintain a record of all sales and marketing campaigns that use the CPNI. The record will include a description of each campaign, the specific CPNI that was used in the campaign, and what products and services were offered as part of the campaign. ARit Services will also implement a system to obtain prior approval and informed consent from its customers in accordance with the Commission’s CPNI rules. This system will allow for the status of a customer’s CPNI approval to be clearly established prior to the use of CPNI. Prior to commencement of a sales or marketing campaign that utilizes CPNI, ARit Services will establish the status of a customer’s CPNI approval. The following sets forth the procedure that will be followed by the Company:
• Prior to any solicitation for customer approval, ARit Services will notify customers of their right to restrict the use of, disclosure of, and access to their CPNI.
• ARit Services will use opt-in approval for any instance in which Company must obtain customer approval prior to using, disclosing, or permitting access to CPNI.
• A customer’s approval or disapproval remains in effect until the customer affirmatively revokes or limits such approval or disapproval.
• Records of approvals are maintained for at least two years.
• ARit Services provides individual notice to customers when soliciting approval to use, disclose, or permit access to CPNI.
• The CPNI notices sent by ARit Services will comply with FCC Rule 64.2008(c) and will be retained for at least one (1) year. ARit Services will also maintain a supervisory review process regarding compliance with the CPNI rules for any outbound marketing situations relating to CPNI and will maintain such compliance and supervisory approval records for at least one (1) year consistent with FCC Rule 64.2009(d).

FCC Notification
Company is prepared to provide written notice within five (5) business days to the FCC of any instance where the opt-in mechanisms do not work properly or to such a degree that consumers’ inability to opt-in is more than an anomaly.

Third Party Use of CPNI
To safeguard CPNI, prior to allowing joint venturers or independent contractors access to customers’ individually identifiable CPNI, ARit Services will require all such third parties to enter into a confidentiality agreement that ensures compliance with this Policy, and ARit Services shall also obtain opt-in consent from a customer prior to disclosing the information to such third parties. In addition, ARit Services requires all outside agents to acknowledge and certify that they may only use CPNI for the purpose for which that information has been provided. ARit Services requires express written authorization from the customer prior to dispensing CPNI to new carriers, except as otherwise required by law. ARit Services does not market or sell CPNI information to any third party.

Law Enforcement Notification of Unauthorized Disclosure
If an unauthorized disclosure of CPNI occurs, ARit Services shall provide notification of the breach within seven (7) days to the United States Secret Service (“USSS”) and the Federal Bureau of Investigation (“FBI”). ARit Services shall wait an additional seven (7) days from its government notice prior to notifying the affected customers of the breach. Notwithstanding the above, ARit Services shall not wait the additional seven (7) days to notify its customers if the Company determines there is an immediate risk of irreparable harm to the customers. ARit Services shall maintain records of discovered breaches for a period of at least two (2) years.

Annual CPNI Certification
Pursuant to FCC regulations, 47 C.F.R. § 64.2009(e), ARit Services will annually submit to the FCC, by March 1st or any subsequently established deadline, a CPNI Certification of Compliance and accompanying Statement regarding the company’s CPNI policies and operating procedures. These documents certify that ARit Services complied with federal laws and FCC regulations regarding the protection of CPNI throughout the prior calendar year.