1. Purpose and Scope
“Confidential Information” means non-public information clearly identified as proprietary or confidential or which by its nature should be reasonably construed to be confidential. Confidential Information may include, but is not limited to, End Users’ Personal Information (as defined below); information about any Vestwell client or users of the Vestwell Platform; Vestwell’s proprietary software, intellectual property, products, services, strategies, or databases currently existing or under development; all reports and other similar product deliverables posted on the Vestwell Platform; tutorials, guides, and other education materials prepared by or for Vestwell.
“End User” or “End Users” (sometimes referred to as “you” or “your”) means any individual or organization that accesses or uses the Vestwell Platform or any other Vestwell application, visit the Sites, receives Vestwell’s Services, attends a Vestwell marketing event, or otherwise provides, directly or through a third party acting on their behalf, their Personal Information to Vestwell, including employees of Plan Sponsors and Employers that utilize the Vestwell Platform or Vestwell’s Services. When you use our Services or otherwise provide us with Personal Information, you are also agreeing that your Personal Information may be transferred from your current location to Vestwell’s offices and to any authorized and contracted third parties.
“Personal Information” means any information or data collected or maintained for Vestwell’s business purposes that (a) identifies, relates to, describes, or can be reasonably linked or associated with, directly or indirectly, to an End User, including by name, signature, address, telephone number, or other unique identifier; (b) can be used to identify or authenticate an End User, including passwords, PINs, biometric data, unique identification numbers (e.g., social security numbers, EINs), answers to security questions or other personal identifiers, or (c) an account number or credit card number or debit card number, in combination with any required security code, access code, or password, that would permit access to an End User's retirement plan account. Personal Information does not include information that is lawfully made available through federal, state, or local government records, or information that we have a reasonable basis to believe is lawfully made available to the general public through widely distributed media, by you, or by a person to whom you have disclosed the information, unless we are informed that you have restricted the information to a specific audience.
“Plan Sponsor(s),” or “Employers” refers to businesses that offer tax-qualified retirement plans or participate in Secure Choice or other retirement or saving plans sponsored or made available by various states where Vestwell State Savings serves as the program administrator or functional equivalent.
“Services” refers to the services provided by Vestwell to support tax-qualified or state-sponsored retirement or savings plans, including payroll file and participant data processing, recordkeeping, and plan and program administration services set forth in Vestwell’s contracts with clients.
3. What Information Vestwell Collects About You
As part of our Services, and in order to carry out our contractual responsibilities, Vestwell collects information associated with Plan Sponsors, Employers, investment advisors, third party administrators or service providers, and End Users (including any beneficiaries or alternate payees) including, but not limited to:
- End Users’ Contact information such as address, telephone and/or mobile phone numbers, or email address
- Demographic information, such as date of birth, marital status, or gender
- Social Security Number, Tax Identification Number, or Employer Identification Number
- Banking information for purposes of processing plan contributions, distributions, or invoices
- Employment-related records, such as name of employer, job title, compensation, and years of service
- The scope of Vestwell services and the name of the Vestwell entity performing those services
- Marketing channel by which Vestwell acquired End Users’ information and any notice delivery preferences
- Investment selections and contribution rates
- Account balances and transactions with us or our partners and vendors
- Biometric information such as voice recordings
Vestwell is provided with this information by you, your current or former Employer, or others acting on behalf of or authorized by you or your Employer, such as payroll providers and advisors, or proprietary search services.
4. How and When Vestwell Collects Information
Vestwell collects information in the following ways:
- Information that is collected from End Users who visit the Sites (section 4.1);
- Information provided to Vestwell when an End User registers to attend any of Vestwell’s events, responds to surveys, requests a proposal, contacts Vestwell for more information about the Services, or applies for employment opportunities with Vestwell (section 4.2);
- Information that Plan Sponsors or Employers provide to Vestwell pursuant to an agreement with Vestwell to support its benefit plan or program; when an End User registers for an account on the Vestwell Platform; when an advisor, its affiliated home office, or any other organization enters into an agreement or arrangement with Vestwell to use or market the Vestwell Platform; or when an Employer or individual provides information to Vestwell in connection with its participation in a state-sponsored retirement or savings program or receives the Services (section 4.3); and
- Vestwell may also collect information about you from other sources like service providers, other savings programs in which you participate or may have participated in, which we may combine with other information that we have about you.
4.1 Anonymous information Vestwell collects from End Users
4.2 Information provided to Vestwell when an End User schedules or attends a Vestwell event, responds to a survey, requests a proposal for Services, applies for employment, or other similar contact with Vestwell
Vestwell collects and uses the information that an End User, or someone acting on their behalf, affirmatively provides to us by phone, email, chat, social media, applying for employment, completing forms on the Sites or otherwise voluntarily providing to us for any reason. When End Users register to attend any of Vestwell’s webinars, seminars, or online programs or events; respond to any surveys, emails, or questionnaires; or contact Vestwell to request information, End Users may be requested to provide their name, address, email addresses, name of employer, and contact information. When End Users provide that information, Vestwell uses it to keep in contact with End Users to inform them about Vestwell’s Services, product enhancements, and related educational and promotional materials.
4.3 Information End Users provide to us when using our Services
End Users, by using our Services, are consenting to provide Vestwell with information needed to service the retirement plan in which they participate or for their accounts in a state-sponsored retirement or savings program. That consent includes permission for Vestwell to collect, store, use, and share with other contracted service providers their Personal Information as well as name, address, compensation, years of service, job title(s), contributions, investment selections, information necessary to qualify you to open or utilize a savings product, and other data that Vestwell or contracted service providers need in order to perform their respective contractual obligations and Services. By registering for a Vestwell account or by using the Services, End Users, Employers, and Plan Sponsors agree to Vestwell’s use of Personal Information and cannot opt out, remove consent, or delete Personal Information or certain other information from the Sites that we need in order to perform our Services.
5. How Vestwell Uses the Information Collected
Vestwell uses the information collected to provide the Services, including to diagnose and remediate technical and service-related issues.
Vestwell may also use collected information for its own general business purposes, which may include, but is not limited to, helping it analyze, research, report on, and improve the Services; assessing the effectiveness of the Services; detecting, understanding and resolving any technical issues with the Sites or servicing End User accounts; or better serving its current and prospective clients’ and investment advisors’ needs with respect to products, services, and support.
Vestwell may also use collected information for marketing communications, either directly or through a third party, in relation to existing or new services, for education information it thinks might benefit the End User, or for keeping End Users up to date on industry and regulatory information and trends. End Users may opt out of receiving these marketing communications at any time (see "Choice/Opt-Out" below).
Vestwell may also use End Users’, Employers’, and/or Plan Sponsors’ contact information to inform them about additional or changes to Vestwell’s services, market trends, legislative changes, general retirement plan education materials, or other information related to the use of the Vestwell Platform or our Services. By registering for a Vestwell account or an account with a state-sponsored retirement or savings program or when using the Vestwell Platform, End Users, Employers, investment advisors, and Plan Sponsors agree to Vestwell’s uses of Personal Information and cannot opt out or remove consent, or delete Personal Information or other information from the Sites that Vestwell needs to perform its Services and to comply with any relevant regulatory requirements.
6. Cookies and Tracking Technologies
In addition to cookies, Vestwell and the Sites use a variety of other methods and tools for tracking purposes, including Internet tags and web beacons, which are small pieces of data that are embedded in images and pages of the Sites. While most web browsers automatically accept cookies, some browsers allow End Users to modify browser settings to decline cookies and/or "opt-out" of tracking technologies. As each browser is different, it is solely your responsibility to determine whether to activate or deactivate those tracking technologies. Please note however, if an End User turns off cookies, some of the functionality of the Sites and/or our Services may be reduced or impaired.
Vestwell also utilizes proprietary and third-party analytics tools, such as Google Analytics, Facebook pixels, Heap, and other solutions, to gather information about End Users and visitors to the Sites designed to help Vestwell gain insight into how End Users and visitors to the Sites interact with and use the Sites and utilize Vestwell’s content and other services.
7. How and With Whom Vestwell Shares Information
Vestwell does not sell or rent Personal Information and only directly or knowingly shares Personal Information with service providers, business partners, or other third parties under the following limited circumstances:
- With Plan Sponsors, Employers, payroll providers, investment advisors, third party administrators, mutual fund providers, or other service providers associated with the End User’s retirement plan or savings account.
- When legally required to access, use, preserve, or disclose the information to satisfy any applicable law, regulation, legal process, or enforceable governmental request, including preparing and filing to government agencies or providing support relating to our Services.
- To detect, prevent, or otherwise address security or technical issues involving the Sites or the Vestwell Platform.
- To protect against harm to the rights, property, or safety of Vestwell, its employees, End Users, or the public as required or permitted by law.
- Market or improve our Services or third party products or services that may be of interest or benefit to you. This includes information sharing to analyze trends and track online movement of End Users.
- To audit, investigate, enforce the terms of Vestwell’s service agreements.
- Disclosure to federal, state or local regulators as required by applicable law.
- Other information sharing or disclosure as permitted by you.
Vestwell may also share End Users’ aggregated or de-identified information with third parties regarding trends about the general use of its services or the URL used to contact or communicate with Vestwell or the Sites.
Vestwell intends to keep End Users of the Services current about new Vestwell Platform features, important Vestwell announcements that are relevant to Vestwell Platform users, industry or regulatory updates, or other information it believes End Users would like to hear about either from it or from its business partners, and Vestwell may be using the information provided for those purposes as well as the activities noted in section 4.
In addition, Vestwell may share anonymized aggregate information about End Users, such as demographics of Vestwell Platform, with the media, business partners, and other third parties for Vestwell’s business purposes, such as to customize or enhance the content and functionality of the Sites.
Lastly, as Vestwell continues to develop its business, it might sell or buy assets. In such transactions, End User information may be one of the transferred business assets. If either Vestwell or any of Vestwell’s assets are merged or acquired, End User’s Personal Information may be one of the transferred assets.
8. Sale of Personal Information
A “sale” of Personal Information under the Virginia Consumer Data Protection Act and similar data protection laws is defined as the exchange of Personal Information with a third party for monetary consideration. A “sale” of Personal Information under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and similar data protection laws includes an exchange of Personal Information with a third party for monetary or any other valuable consideration, and “sharing” includes providing Personal Information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. We do not sell Personal Information to or “share” Personal Information with any third parties as defined under applicable law. We also do not disclose Personal Information to third parties for purposes of “targeted advertising” as defined by applicable law. We do not have actual knowledge that we have sold the Personal Information of consumers we know are less than 16 years of age.
9. How Does Vestwell Protect My Personal Information
End Users’ privacy matters to Vestwell and Vestwell works hard to protect it. End User’s personal information is protected by physical, electronic, and procedural safeguards. We utilize reasonable security technologies to protect Personal Information in accordance with industry and regulatory standards, which may include monitoring and recording transactions to help detect potential fraudulent activity, and utilizing encryption, two-factor authentication, automatic logout after a specified period of inactivity, or other controls to help protect End User’s Personal Information. These safeguards also include appropriate procedures for access and use of electronic data, provisions for the secure transmission of sensitive personal information on the Vestwell Portal, and telephone system authentication procedures. Additionally, Vestwell limits access to Personal Information to those Vestwell employees who need access in order to offer and provide the Services to you. Vestwell requires our service providers to protect Personal Information by utilizing the privacy and security safeguards required by law.
Vestwell does not send unsolicited communications asking for account information, such as your password. Report suspected phishing emails or calls to us at firstname.lastname@example.org Our privacy and security practices are independently certified annually, including SOC certification.
Please be aware that, despite Vestwell’s efforts, no security measures are perfect or impenetrable. While Vestwell strives to protect End User’s Personal Information, it cannot and does not guarantee the security of the information an End User transmits, and urges End Users to take every precaution to protect their Personal Information. Vestwell suggests changing passwords often, using a combination of letters and numbers, taking advantage of multi-factor authentication features where available, installing an antivirus and anti-malware software, and making sure that an up-to-date and secure browser is being used. Vestwell recommends that End Users not store passwords in browsers or share log-in credentials to any website with anyone.
10. Retention of Personal Information
11. Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Iowa Privacy Act and Indiana Consumer Data Protection Act
12. Opting Out of Certain Communications
Vestwell wants End Users to have the tools necessary to manage their Personal Information. It is important that End Users ensure that the information Vestwell has is accurate and current so that it can properly and timely perform the Services. End Users’ ability to manage their Personal Information will differ depending on their relationship with Vestwell and the Services provided.
In some areas of the Sites, such as when subscribing to marketing communications, End Users are provided with an opportunity to opt out of receiving future communications, which is how End Users give, or decline to give, their consent to use Personal Information for the purpose(s) covered by the applicable opt-out choice. End Users may also indicate their desire to opt-out when receiving marketing and promotional communications from Vestwell by clicking the "unsubscribe" hyperlink and following the instructions or at any time by sending an email request to email@example.com (please indicate "Opt-Out" in the subject line). Vestwell maintains records of opt-out requests consistent with applicable law. If End Users wish to remove their name and information from marketing communications, Vestwell may not be able to immediately delete residual copies from its active or backup servers, and it may take up to 30 days to completely remove the End User’s information.
12.1 Right to Opt-In
If you are a resident of the Commonwealth of Virginia (and beginning on July 1, 2023, Colorado or Connecticut), applicable law requires us to receive your opt-in consent before processing certain Sensitive Personal Information, including (1) Personal Information revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; (2) the processing of genetic or biometric data for the purpose of uniquely identifying a natural person; (3) Personal Information collected from a known child; or (4) precise geolocation data. We do not process your Sensitive Personal Information as defined under applicable Virginia law in connection with the Services but will ask for your opt-in consent before doing so.
12.2 Right to Know
You have the right to know and confirm that we are processing your Personal Information. You also have a right to access to see what Personal information we have collected about you. To the extent feasible, you may request for us to also provide a copy of your Personal Information that you previously provided to us in readily usable format to permit you to transfer your data to another entity.
12.3 Right to Correct
You have the right to request that we correct any inaccuracies in the Personal Information we have collected from you.
12.4 Right to Delete
You have the right to request that we delete the Personal Information we have collected from you and direct our Service Providers to do the same. There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:
- Comply with a federal, state, or local laws, rules, regulations, or other legal obligations;
- Investigate, establish, exercise, prepare for, or defend any legal claims;
- Provide you a good or service;
- Perform a contract between us and you;
- Protecting an interest that is essential for your or another natural person’s life or physical safety;
- Prevent, detect, protect against, or response to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity; or prosecute those responsible for any such action;
- Preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action;
- Protect the free speech rights of you or other users;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws; or
- Conduct internal research to develop, improve, or repair our products, services, or technology.
12.5 Exercising Your Rights
If you have agreed to receive communications or solicitations from us, and you later change your mind, you can revise your preference by contacting us at firstname.lastname@example.org. You also may opt out of receiving future promotional emails from us by clicking on the opt-out or “unsubscribe” link within the promotional email you receive. Please understand that if you opt out of receiving promotional correspondence from us, we may still send you transactional emails and contact you in connection with your other relationship, activities, and communications with us. You may opt-out of receiving ads from network advertisers by clicking the AdChoices icon on advertisements that are sent to you or by visiting the opt-out pages on the NAI website and the DAA website. Opting out does not prevent you from seeing ads; it simply means that network advertisers will no longer collect data for the purpose of providing you targeted ads. The NAI and DAA opt-out tools are cookie-based. They signal network advertisers so that they do not collect data online or deliver specific ads targeting you, and only affect the Internet/web browser on the computer where the cookies are installed. These opt-out tools will only function if your browser is set to accept third-party cookies. If you delete an opt-out cookie or all your cookies from a browser’s cookie files, change web browsers, or change computers, you will no longer be opted out of our data collection and ad targeting, and we may place a new cookie unless an opt-out cookie is again reset on that browser. Opting out using one browser on one computer will not opt you out using any other browser on the same or another computer.
12.6 Response Timing and Format
Upon receiving your communication, we will take appropriate steps to update or correct such information in our possession, or to remove you from our catalog and mailing list. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another forty-five (45) days), we will inform you of the reason and extension period in writing. Your preferences may depend on the services we provide you, and may include, if applicable, your profile information, any shipping, payment, and account information, or whether you want to receive communications from us. If you are a registered User, you can access some preferences by logging into your Vestwell portal. We may request certain Personal Information for the purposes of verifying the identity of the individual seeking access to their Personal Information records. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. The “Right to Appeal” below describes how you can appeal our refusal to take action on a request to exercise your rights.
12.7 Right to Appeal
12.8 Virginia residents
If you are a resident of the Commonwealth of Virginia, you can file a complaint with the Consumer Protection Section of the Office of the Attorney General of Virginia at 202 North Ninth Street, Richmond, VA 23219
Toll Free: (800) 552-9963
Phone number: (804) 786-2042
Fax number: (804) 225-4378
12.9 Colorado residents
Effective July 1, 2023, if you are a resident of Colorado, we will inform you, in writing, of any action taken or not taken in response to your appeal within forty-five (45) days of receipt of your appeal. If we require more time (up to another sixty (60) days), we will inform you of the reason and extension period in writing. If we deny your appeal, you can file a complaint with the Office of the Attorney General of Colorado at: Ralph L. Carr Judicial Building, 1300 Broadway, 10th Floor, Denver, CO 80203
Phone number: (720) 508-6000
12.10 Connecticut residents
Effective July 1, 2023, if you are a resident of Connecticut, you can file a complaint with the Office of the Attorney General of Connecticut at: 165 Capitol Avenue, Hartford, CT 06106
Phone number: (860) 808-5420
13. Privacy Notice for California Residents
13.1 What is Personal Information?
“Personal Information" has the same meaning as under the California Consumer Privacy Act (“CCPA”): information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that is de-identified or aggregated.
13.2 Personal Information Vestwell Collects
Vestwell collects the following types of information in connection with the Sites:
- Unique identifiers (such as names or an ID number)
- Contact information (such as telephone number, email address, or mailing address)
- Professional information (such as employer’s name and title)
- Commercial information (such as communication preferences, survey data, or other information provided in order for Vestwell to respond to inquiries)
- Audio, video, or visual information (such as a recording of voice or image if an End User participates in a corporate event. End Users will always be notified of any recording in advance)
- End User profile information (such as dietary preferences if End User registers for an event with a meal included)
- Internet and technical information (such as IP address, device identifiers, browser type, ISP, and data from cookies and web beacons)
13.3 Sources of Personal Information Vestwell Collects.
Vestwell collects Personal Information used in relation to the Sites from the following sources:
- Directly from End Users (e.g., through a submission made on Vestwell’s “Contact Us” page or when registering for an event)
- From third parties acting on End User’s behalf (e.g., your employer when it provides information about its employees)
- From first and third party cookies that helps Vestwell operate and assess the Sites (see our “Cookies” section above for more information)
13.4 Vestwell’s Business or Commercial Purposes for Collecting, Using and Disclosing Personal Information.
Vestwell collects, uses, and discloses Personal Information for the following purposes:
- To provide End Users with a requested service
- To verify identity and registration
- To communicate with End Users and to respond to inquiries or service requests
- To gather feedback or survey responses
- To host corporate events on behalf of Vestwell and its affiliates or partners
- For Vestwell and its affiliates or partners marketing and analytics purposes
- To administer, assess, personalize, and improve the Sites and Services
- To conduct research, statistical analysis, survey/demographic interpretation, and other data studies based on the data collected
- To maintain network security and performance and protect against cyber-attacks
- To comply with and enforce applicable laws, industry standards, and Vestwell’s own policies and terms
- For auditing, reporting, corporate governance, and internal operations
- For due diligence and implementation of commercial transactions, including reorganizations, mergers or other disposition of all or any portion of Vestwell’s business, assets or stock
- To exercise and defend legal rights
- As otherwise described to End Users at the point of collection or pursuant to the End User’s consent
13.5 Categories of Third Parties With Whom Vestwell Shares Personal Information.
Vestwell may share End Users’ Personal Information with:
- Affiliates to enable them to provide services to End User, and to enable them to contact an End User regarding additional products and services that may interest them
- Agents and service providers who perform services on Vestwell’s behalf, such as hosting the Sites, sending communications, operating a call center, or hosting/managing corporate events
- With the End User’s employer, to the extent the End User uses the Services in connection with their employment
- Any entity that acquires all or a portion of Vestwell’s business, assets, or stock, including in connection with a merger, reorganization, or other commercial transaction. In such transactions, End User’s information generally is one of the transferred business assets. Also, if either Vestwell or any of Vestwell’s assets are acquired (including through bankruptcy proceedings), the End User’s Personal Information may be one of the transferred assets
- Authorities, subject to applicable laws, including to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside the End User’s country or state of residence
Vestwell’s third-party affiliates, service providers and successors to whom it discloses information are required by law and/or contractual requirements to keep End User’s Personal Information confidential and secure. These third-party affiliates may not use or disclose information except as reasonably necessary to provide the Services to End Users of the Vestwell Platform or as otherwise permitted by law.
Vestwell may also use or share de-identified information that is not reasonably likely to identify the End User for commercially legitimate business purposes with its affiliates, service providers, and business partners.
13.7 Rights as a California Resident.
Under California law, some California residents have specific rights regarding their Personal Information. These rights are subject to certain exceptions as described below. Further, if the End User is a current, former, or prospective Vestwell employee, or if Vestwell has collected or processed your Personal Information in connection with its business with a company, partnership, sole proprietorship, nonprofit or government agency, and the End User is an employee, owner, director, officer, or contractor of that entity, some of these rights do not go into effect until at least January 1, 2023 or later. When required, Vestwell will respond to most requests within 45 days, unless it is reasonably necessary for it to extend its response time.
- Right to Disclosure of Information
End Users have the right to request that Vestwell disclose certain information regarding its practices with respect to Personal Information. If an End User submits a valid and verifiable request and Vestwell confirms the End User’s identity and/or authority to make the request, Vestwell can disclose to the End User any of the following:
- The categories of Personal Information it collected about the End User in the last 12 months
- The categories of sources for the Personal Information it collected about the End User in the last 12 months
- Vestwell’s business or commercial purpose for collecting that Personal Information
- The categories of third parties with whom Vestwell shared that Personal Information
- The specific pieces of Personal Information Vestwell collected about the End User
- If Vestwell sold the End User’s Personal Information for a business purpose, a list of the Personal Information types that each category of recipient purchased
- If Vestwell disclosed the End User’s Personal Information to a third party for a business purpose, a list of the Personal Information types that each category of recipient received
- Right to Delete Personal Information
End Users have the right to request, and if you are the parent or guardian of a minor child, you may also make a request related to your child’s Personal Information, that Vestwell deletes any of their Personal Information that was collected and retained, subject to certain exceptions. If the End User submits a valid and verifiable request and Vestwell can confirm their identity and/or authority to make the request, Vestwell will determine if retaining the information is necessary for it or its service providers to:
- Complete a transaction for which Vestwell collected the Personal Information, provide a good or service that the End User requested, take actions reasonably anticipated within the context of Vestwell’s ongoing business relationship with the End User, or otherwise perform its contractual obligations
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
- Debug products to identify and repair errors that impair existing intended functionality
- Exercise free speech, ensure the right of another End User to exercise their free speech rights, or exercise another right provided for by law
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.)
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if End User previously provided informed consent
- Enable solely internal uses that are reasonably aligned with End User’s expectations based on your relationship with us
- Comply with a legal obligation
- Make other internal and lawful uses of that information that are compatible with the context in which the End User provided it
If none of the above retention conditions apply, Vestwell will delete the End User’s Personal Information from its records and direct its service providers to do the same.
- How to exercise the above rights
End Users may exercise their rights to disclosure or deletion described above by submitting a verifiable consumer request to Vestwell’s Legal Team via email at Legal@vestwell.com or by telephone at (917) 979-5358 extension 103. Only the End User or a person legally authorized to act on their behalf may make a verifiable consumer request related to their Personal Information. Vestwell reserves the right to verify identities of an End User’s representative without modifying any of its other contractual obligations. The End User may make a verifiable consumer request for access or deletion no more than twice within a 12-month period. In connection with the request, Vestwell requires the End User to:
- Provide sufficient information that allows it to reasonably verify the End User is the person about whom Vestwell collected Personal Information or is an authorized representative of the End User. Depending on the nature of the request and the sensitivity of the information requested, Vestwell may ask for confirmation of various data elements it already has on file such as mailing address or phone number, or, in case of sensitive Personal Information, Vestwell may require you to submit a copy of a government issued identification.
- Describe their request with sufficient detail that allows Vestwell to properly understand, evaluate, and respond to it.
The End User will not be required to create an account with Vestwell in order to submit a verifiable request, though Vestwell may communicate with the End User about the request via a pre-established account if applicable. However, in order to safeguard the Personal Information in its possession, if Vestwell cannot verify your identity or authority to act on another’s behalf, Vestwell will be unable to comply with the request. Vestwell will only use End User’s Personal Information to confirm the End User’s identity or authority, or to fulfill their request.
13.8. Right to Opt out of Sales of End User’s Personal Information
As a California resident, an End User has the right to direct a business that sells their Personal Information to third parties to refrain from selling their Personal Information. This right is referred to as “the right to opt-out.” Because Vestwell does not sell End User’s Personal Information, it does not provide any mechanism for End User’s to exercise the right to opt out.
13.9. Right to Non-Discrimination
End Users may exercise their rights under the CCPA without discrimination. For example, unless the CCPA provides an exception, Vestwell will not:
- Deny the End User goods or services;
- Charge the End User different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide the End User a different level or quality of goods or services; or
- Suggest that the End User may receive a different price or rate for goods or services or a different level or quality of goods or services.
Vestwell may offer the End User financial incentives to provide it with Personal Information that is reasonably related to the information’s value. This could result in different prices, rates, or quality levels for the Services. Any financial incentive Vestwell offers will be described in written terms that explain the material aspects of the financial incentive program. The End User must opt-in to any financial incentive program and may revoke their consent at any time by contacting Vestwell as indicated below.
13.10. Direct Marketing and Do Not Track Signals
Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the Personal Information Vestwell shared with other businesses for its own direct marketing purposes. Such a notice will include a list of the categories of Personal Information that were shared (if any) and the names and addresses of all third parties with which the Personal Information was shared (if any). The notice will cover the preceding calendar year. To obtain such a notice, please contact Vestwell’s Legal Team at Legal@vestwell.com.
15. International Use Statement
16. How to Contact Vestwell
Revised: May 2023