M Financial Group
Privacy Policy

About M Financial Group

M Financial Group is a private corporation with multiple wholly owned subsidiary companies. This Privacy Policy governs the parent corporation, and all subsidiaries as listed below.

• M Financial Holdings, Inc. (d/b/a M Financial Group)
• M Holdings Securities, Inc.
• M Financial Securities Marketing, Inc.
• M Life Insurance Company (d/b/a M Life Re)
• Management Compensation Group, NW LLC (d/b/a M Benefits Solutions)
• M Insurance Solutions, Inc.
• M Financial Investment Advisors, Inc.
• M Financial Asset Management, Inc.
• M Administrative Services, LLC
• M Financial Bermuda, Ltd.
• M Financial Global Services, Ltd.
• M Funds, Inc.

Hereafter referred to collectively as “M Financial Group”, “We”, “Our” or “Us”.
‍

About This Policy

At M Financial Group, We respect your privacy, and We are committed to securing and protecting your personal information. This privacy policy describes how M Financial Group, including its subsidiary and affiliated companies, collect, store, share, and secure your information on Our websites and applications.

M Financial Group is a premier organization serving elite providers of financial solutions for high-net-worth individuals and successful businesses. Our business requires Us to collect a significant amount of personal information from you to operate, manage, and maintain your accounts and Our business. 

Our privacy notices, issued to consumers who are seeking to purchase Our products or services, describe your rights, and the choices available to you, such as limiting the sharing of your personal information for marketing purposes. A sample privacy notice is provided as part of this policy.
‍

We collect information from you in the following ways:

1. We collect the information you provide to Us either directly or indirectly through insurance producers, securities brokers, or investment advisors when you apply for Our products or services;
2. We collect information about you from third parties, such as service providers or credit reporting agencies; and 
3. We collect information from you automatically through your use of Our websites or applications, such as through cookies and similar technology.

We use and disclose your personal information to provide you with products and services, to communicate with you, to provide you with customer service, to market Our products and services to you, to develop or improve Our products and services, for legal or compliance purposes, or as required or permitted by applicable law.

This privacy policy is applicable on any website or application on which it is posted. Please note that additional privacy notifications may be presented to you as necessary when servicing your business needs, as required by law.
‍

Applicability

This Privacy Policy is applicable to any non-public personal information that We collect from any natural person for the purpose of purchasing Our products or services for individual or household use. This policy is not applicable for natural persons acting in a commercial context or employment context. For example, this Privacy Policy is not applicable to employers establishing or acquiring employee benefit plans for the benefit of their employees.
‍

Processing of your personal data

Processing of your personal dat

We Collect Information Through Our Websites and Apps.

We collect the information you provide when you use Our websites or apps. This may include, but is not limited to, your use of the following: 

• Use tools and calculators
• Apply for products or services
• Complete a form
• Conduct transactions
• Apply for a job
• Email Us
• Use the “Contact Us” form on Our website(s)
  ‍

We Collect Information When You Apply for Products or Services.

When you apply for products and services, We collect your personal information, either directly, or indirectly through securities brokers, investment advisors, or insurance producers. In some cases, the information requested is required by law to verify your identity or to comply with anti-money laundering and anti-terrorism regulations. Examples include:

• Name, address, date of birth, and Social Security Number
• Telephone number
• Assets, income, and occupation
• Property address and value
• Account and policy information
• Driver’s license image and driver’s license number, issue date, and expiration date
• Passport image or passport number, issue date, and expiration dateUse the “Contact Us” form on Our website(s)
• Utility bills, bank account statements, or property lease agreements
• Financial information
• Information from applications or transactions
• Any information you provide us; and
• Public information

We may collect information about you, a co-applicant (co-owner) when you request securities products, or a beneficiary when you or they apply for an insurance policy or service.
‍

Reinsurance

M Financial Group includes a subsidiary reinsurance company (M Life Re) that may request your medical records to conduct underwriting and actuarial activities. If M Life Re requests your medical records, you will be asked to complete an Authorization for Release of Health-Related Information, in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The authorization form will inform you who your Personal Health Information (PHI) will be shared with, and the specific purposes for which your PHI will be used.
‍

We Collect Information from Third Parties.

We may collect additional information about you from third parties. For example, We may:

• Collect change of address information from third parties to correct contact information;
• Obtain information from publicly available databases or third-party data providers; or
• Request information from other financial institutions, as allowed by law.

Information received from other sources is used solely for the purpose of providing and maintaining products purchased by you, providing customer service to you, or to comply with applicable laws and regulations.
‍

We Collect Information Automatically

We may collect information automatically using online technologies such as cookies, logs, tags, scripts, local storage, and others when you use Our websites or apps, send Us an email, or interact with Our emails. We limit Our use of these technologies. We use this data to improve the performance of Our website, control security access, data security authentication, for fraud detection, or similar purposes. We may collect your IP address as part of Our cybersecurity protection protocols, but We do not use your IP address for marketing purposes.
‍

You Can Control Cookies

You may choose to allow or disable cookies which are not required for Our sites to function. If you clear cookies on your web browsers or devices, you may need to set your cookie preferences again on your next visit to Our website(s). Cookies used on Our website(s) do not contain personal information about you. You can use your browser settings to limit the use of cookies, although doing so may limit the performance of Our website(s). We will retain cookies for 14 months from the date of your most recent visit to Our website(s).
‍

We Use Google’s Services

We use Google Analytics and its companion product, Google Tag Manager. Google stores cookies on their website to enable Google’s analytic tools to provide helpful data to website owners about how you use their website. Data sent and retained by Google include your granular geolocation (city data), and your IP address. 

We do not sell, share, or rent your location or IP address to nonaffiliates.

You can view Google’s Privacy Policy here:  Safeguarding your data - Analytics Help
‍

Sharing of Your Personal Data

Third-Party Vendors

We may engage third-party vendors to provide services to Us on your behalf, including IT services, securities clearing vendors, and IT service providers. 

Third-party vendors who are granted access to, or with whom We share your personal information, are required to agree, as part of their contractual obligations, to comply with all federal and state privacy laws, as applicable, including data protection measures that are appropriate for the sensitivity of the data being accessed by them or shared with them. They are prohibited from sharing your information, without express permission, and they must honor any opt-out request submitted by you, immediately upon your request being communicated to them by Us.

We conduct an extensive due diligence of every third-party vendor, and We verify their data security credentials, as appropriate.
‍

Sharing Your Data for Marketing Purposes

We do not share, sell, or rent your personal data to any nonaffiliates for marketing purposes. 

We do share your personal data with Our affiliates (affiliates include investment advisors, insurance producers, or securities brokers) to market Our products and services to you, or to provide you with customer service. The Privacy Notice provided to you will include information about your choices for opting out of sharing, and instructions on how to contact Us to inform Us of your opt-out request.
‍

Sharing Your Data for Legal Purposes

In certain circumstances, state or federal law requires that We share your personal information with other organizations such as:

• Law Enforcement
• State or federal regulators
• Financial institutions
• Auditors
• Relevant industry self-regulating bodies, such as FINRA
• Others, where permitted or required by law, or where We have your consent
  ‍

How Your Data is Secured and Stored

We employ multiple levels of data security to ensure your data is safe from unauthorized disclosure, loss, or alteration, including:

• Physical security of servers and user devices
• Access management and controls
• Application security and patching
• Backups
• Employee education
• Network and endpoint security monitoring and controls

User access is granted based on the user’s role, ensuring access to the minimum amount of data necessary to perform job functions. 
We will retain your personal data for as long as it is necessary to fulfill the purposes for which it was collected. Due to the nature of the products and services We provide, We are required, by law, to maintain certain information for up to 10 years after your business relationship with Us is terminated. We maintain a detailed record retention schedule that identifies Our regulatory record retention requirements.
‍

Your Rights

When you purchase goods or services from us, you become Our customer and you will receive a Privacy Notice that outlines your rights under the Privacy laws that are applicable to Us and the product or service you are purchasing from us.

We do not sell or rent your personal data to anyone that is not affiliated with Our organization; however, there are certain circumstances that We will share your personal information with non-affiliates. You have the right to opt out of sharing for the purposes outlined in the Privacy Notice you receive.
‍

Children and Minors

Our products and services are not intended for ownership by individuals under the age of eighteen (18). 

In some cases, individuals as young as age seventeen (17) may be insured by a life insurance policy, which requires Us to collect personal information about the minor. In the case of a minor who is insured (not the owner of a life insurance policy), the parent or guardian would be required to consent to the collection of the minor’s personal information.

No individual under the age of 17 should submit or post information through Our website(s). We do not knowingly collect personal information from persons under the age of 17. If We become aware or suspect that you are under the age of 17, any information you submit will not be used or retained by us.
‍

Your Data Outside the United States

We do not transfer or transmit your personal information outside the United States. 

If We determine there is a business need to transfer or transmit your personal information to a party outside the United States, We are required to notify you. Our notification must inform you about the information We are transferring/transmitting, who We are transferring/transmitting your information to, the purpose for which the data will be used, and the country your data will be transferred/transmitted to. You will also be given a minimum of 30 days to contact Us to opt-out of your data being transferred/transmitted.

If We transfer your data outside the United States, We are required to ensure your data is protected and provide you with notification of your rights under the corresponding data protection and privacy laws in the applicable jurisdiction, most notably the General Data Protection Regulation (GDPR) in European Union participating countries.
‍

Your Right to Notify Us

If you have reason to believe that We failed to notify you of Our Privacy Policy, to provide you with a Privacy Notice at the appropriate time, or have questions, please contact us at Privacy@mfin.com. We will provide you with the necessary documentation and ensure that your opt-out preferences are honored immediately.
‍

Privacy Laws that Apply to M Financial Group

M Financial Group is subject to the following privacy laws in the United States:

• Gramm-Leach-Bliley Act (17 CFR, Part 248)
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Although seventeen (17) states have passed comprehensive privacy laws and implementing regulations, M Financial Group is exempt from all state level privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights and Enforcement Act (CPRA).

However, We remain committed to the protection of your personal information and will honor requests from consumers to opt-out of sharing in certain circumstances, as detailed in the Privacy Notice you receive when you purchase product or services from Us. 
‍

Contact Us

You can contact the Privacy Officer by phone at (800) 565-6960.

You can email Us at Privacy@mfin.com.

You can send your written request to:

M Financial Group
Attn: Privacy Officer
1125 NW Couch St. Ste. 900
Portland, OR 97209-4129
‍

Sample Privacy Notice