Pinpoint Direct Marketing


Privacy Policy

This is the Privacy Policy of Pinpoint Direct Marketing as it applies to business visitors. We do not market to consumers. This policy is valid for one month from the time you visit our site. If our information practices change in the future, we will use only data collected from the time of the policy change forward for these new purposes, or we will contact you before we use your data for these new purposes and offer you the ability to opt out of these new uses.

Contact us
Pinpoint Direct Marketing
14115 Lincoln St. NE, Suite 100A
Andover, MN 55304

E-mail Kerry Blom, Business Account Development,
Phone 763.784.7555 • 866.784.7555 (toll-free)

Addresses and phone numbers
If you give us your postal address, we will send you periodic mailings with information on new products, services or information on upcoming events.

If you supply us with your telephone number, you may receive telephone contact from us with information regarding your inquiry, or products and services or information on upcoming events.

If you do not wish to receive mailings or phone calls from us in the future, please let us know by sending an email to

E-mail addresses
We collect the email addresses of those who communicate with us via e-mail. The email addresses are used to contact existing or potential business customers. We will not share e-mail addresses you give to us with other marketers. If you do not want to receive future e-mail from us, please let us know by sending an email to

All visitors: We may place cookies on all website visitor hard drives to collect aggregate information on the number of visitors to our site and the number of pages viewed.

General information: Cookie information is used only by us and is not provided to any other organization. It is used in aggregate for traffic analysis and to provide relevant information to our visitors. It is also used for website and system administration, including research and development, user analysis, and business decision making.

For anonymous website visitors
If you do not sign on to our website, our Web server does not have access to personally identifiable information about you. It does not know your e-mail address unless you volunteer it. At the same time, much of our communication comes in the form of e-mail, so by not sharing your e-mail address you will have limited access to valuable information from us.

Click stream data
We collect click-stream data and HTTP protocol elements through access logs. This information is not personally identifiable and is used for website and system administration including research and development, user analysis, and business decision making.

Upon your request, we will provide you with a description of the information we maintain about you. We will accommodate all reasonable requests. Please contact us by email or the address at the top of the page.

If you feel Pinpoint Direct Marketing is not living up to its stated information policy, you may contact: The Federal Trade Commission at or call 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.

We apply technical and organizational measures to protect your data from accidental or deliberate manipulation, loss, destruction, or unauthorized access. Our precautions are continually improved.

John Blom, owner, is designated to implement, supervise, and maintain Pinpoint Direct Marketing's information security program. In this role, he is responsible for:
a) Initial implementation of the program.
b) Training employees.
c) Monitoring and testing program’s safeguards.
d) Evaluating the ability of third party service providers to implement and maintain appropriate security measures for the personal information to which we have permitted them access; and requiring such third party service providers by contract to implement and maintain appropriate security measures.
e) Reviewing the scope of the security measures at least annually, or whenever there is a material change in our business practices that may implicate the security or integrity of records containing personal information.
f) Conducting an annual training session for all permanent and contract employees who have access to personal information on the elements of the information security program. All attendees are required to certify their attendance at the training, and their familiarity with Pinpoint's requirements for ensuring the protection of personal information.

The following measures are mandatory and effective immediately.

A copy of the company's information security program is provided to each employee required to access the information, and they shall acknowledge in writing, that he/she has received a copy.
New employees having access to private information will receive training on the detailed provisions of the program within 30 days of their employment.
No employee is allowed to possess any client-provided personal information or store it on laptops or any portable device or media.
All employees are required to comply with the provisions of the program, and are prohibited from any nonconforming use of personal information during or after employment. Our staff members accessing your data are bound to confidentiality by us. Mandatory disciplinary action will be taken for violations of the program policies. The nature of the disciplinary measures may depend on a number of factors, including the nature of the violation and the nature of the personal information affected by the violation.
The amount of personal information collected will be limited to what is reasonably necessary to accomplish our legitimate business purposes, or necessary for us to comply with other state or federal regulations.  The collected personal data will only be used to provide you with the requested products or services or for other purposes to which you have given consent, notwithstanding any legal requirements to the contrary.
Pinpoint Direct Marketing does not accept “personal information,” which is described as  a person's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to them: Social Security number;  driver's license number or state-issued identification card number; or financial account number, member number;  or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account. However, “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public. Any information received that falls into any of these categories is immediately destroyed. Any other personal data we receive that isn't needed will be destroyed immediately. All data needed is kept only as long as necessary to produce your campaign and no longer.
Access is granted only to those who are required to know such information in order to accomplish your legitimate business purpose or to enable us comply with other state or federal regulations. Those with access must have passed a background check and drug test. Access to files containing personal data is monitored by company owners on a regular basis. Staff members are made aware of this practice as part of this company's policy.
Electronic access to user identification is blocked after multiple unsuccessful attempts to gain access.
A terminated employee’s physical and electronic access to personal information is immediately blocked. Terminated employees are required to surrender all keys, IDs or access codes or badges, business cards, and anything else that permits access to the firm’s premises or information. Moreover, a terminated employee’s remote electronic access to personal information will be disabled. Their access to voice-mail, email, company internet, FTP site, and passwords will be invalidated. The company owners maintain a secured list of all lock combinations, passwords, and keys.
Current employees’ user IDs and passwords are changed periodically. Strong passwords are always used.
Access to personal information is restricted to active users and active user accounts only.
Employees are encouraged to report any suspicious or unauthorized use of customer information.
Whenever there is an incident that violates written security practices, there shall be an immediate mandatory post-incident review to determine whether changes are required to improve the security of personal information for which we are responsible.
Employees are prohibited from leaving open any files containing personal information when they are away from their desks.
At the end of the work day, all files and records containing personal information must be secured in a manner consistent with our rules for protecting the security of personal information.
Access at Pinpoint’s office is restricted by building alarms, electronic door key access, exterior and interior surveillance cameras, and a single, dedicated access point.
Access to electronically-stored personal information is limited to those employees having a unique log-in ID. Re-log-in shall be required when a computer has been inactive for more than a few minutes.
Visitors are not permitted to visit unescorted to any area on our premises that contains personal information or use any equipment that would allow access to such data.
Any printed documents containing personal information will be shredded. Electronic records (including records stored on hard drives or other electronic media) containing personal information shall be erased.

The following measures are in place to combat external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information:

Data Server:
Pinpoint Direct Marketing’s data server meets SSAE 16 certification.

Pinpoint Direct Marketing’s data and backup recovery servers through Equinix, Inc. and Rackspace US, respectively, meet SSAE 16 and
IAASB ISAE 3402 standards. The widely respected audit demonstrates a service organization has been through an in-depth audit of their
control activities, which generally includes controls over information technology and related processes. Pinpoint’s servers meet the highest standards of security and have the appropriate controls and safeguards clients need to protect their mission-critical data. Pinpoint’s data is co-located in a highly secure, environmentally-controlled IBX Data Center Hosting Service.

SSAE 16 is an internationally-recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
Rackspace US enlisted the services of Ernst and Young LLP and Equinix enlisted the services of Brightline Certified Public Accountants
and Associates.

There are reasonably up-to-date firewall protection and operating system security patches, reasonably designed to maintain the integrity of the personal information, installed on all systems processing personal information.
There is a reasonably up-to-date version of system security agent software which must include malware protection and reasonably up-to-date patches and virus definitions, installed on all systems processing personal information.
To the extent technically feasible, all personal information, records, and files transmitted across public networks or wirelessly, must be encrypted. Encryption here means the transformation of data into a form in which meaning cannot be assigned without the use of a confidential process or key, unless further defined by regulation by the Office of Consumer Affairs and Business Regulation.
All computer systems are monitored for unauthorized use of or access to personal information.

Secure FTP Site:
The only data transfer method used is via Pinpoint's secure FTP site.  Email is never used or acceptable for transferring personal data.
Our FTP site is SSAE 16 certified.
All uploads and downloads are encrypted.