1. Purpose and scope
“Confidential Information” means non-public information clearly identified as proprietary or confidential or which by its nature should be reasonably construed to be confidential. Confidential Information may include, but is not limited to, Personal Information (as defined below); information about any Vestwell client or users of the Sites; Vestwell’s proprietary software, products, services, or databases currently existing under development; all reports posted on the Sites; tutorials, guides, playbooks, and other education materials on the Sites; or quantitative measures of performance regarding Vestwell or any end user.
“Personal Information” means any information or data that (a) identifies an individual, including by name, signature, address, telephone number, or other unique identifier; (b) can be used to identify or authenticate an individual, including passwords, PINs, biometric data, unique identification numbers (e.g., social security numbers), answers to security questions or other personal identifiers, or (c) an account number or credit card number or debit card number, in combination with any required security code, access code, or password, that would permit access to an individual's retirement plan account.
“Services” refers to the services provided by Vestwell to support retirement plans and end users of our Platform, including payroll and participant data file processing and recordkeeping and plan administration services consistent with applicable legal and regulatory requirements as well as Vestwell’s contractual responsibilities. As part of our Services, Vestwell collects information associated with plans and participants on our Platform including name, address, email address, date of birth, phone number, social security number, banking information for purposes of processing plan contributions and distributions, investment selections and deferral rates, and marital status. In addition to collecting Personal Information in connection with providing our services, we may also collect Personal Information when you visit our websites, request information about our Services, download a white paper, or schedule a demonstration of our platform. That Personal Information may include your name, email address, and phone number. Certain information may also be collected automatically when you visit our website; please see Section 2 for more details.
3. How and when we collect information
We collect information in the following ways:
- Anonymous information that we collect from users who browse the Sites (section 3.1);
- Information that is provided to us when an individual registers to attend any of our events, responds to surveys, or contacts us for more information about Vestwell’s services (section 3.2);
- Information that Plan Sponsors or their employees or plan participants provide to us when the Plan Sponsor enters into an agreement with Vestwell to support its benefit plan; when an advisor, its affiliated home office, or any other organization enters into an agreement to use or market the Vestwell Platform; when a registered user contacts us for technical or other support services; and in other instances as discussed more below (section 3.3).
3.1 ANONYMOUS INFORMATION WE COLLECT FROM USERS OF OUR SITES
An individual can browse through our Sites without providing us with any Personal Information or Confidential Information. However, certain information may be passively collected (that is, gathered without your actively providing the information) using various technologies, such as cookies, unique identifiers, Internet tags, or web beacons, and navigational data collection (log files, server logs, clickstream).
- Device and location information: We collect device-specific information, such as whether you are accessing the Sites from a mobile phone or laptop, the website URL that directed you to our Sites, the Internet Protocol address, the browser version of your device, the date and time of your access to the Sites, and the pages or screens that you accessed while at the Sites.
3.2 INFORMATION YOU PROVIDE TO US
In addition, Vestwell collects and uses the Personal Information that a user, such as an attendee at one of our webinars, affirmatively provides to us when registering to attend a Vestwell event. When you register to attend any of our webinars, seminars, or online programs or events; respond to any surveys, emails, or questionnaires; or contact us to request information or correspond with us, you may be requested to provide your name, address, company, and contact information. When you provide that information, we use it to keep in contact with you to inform you about Vestwell’s services, product enhancements, and related educational and promotional materials.
3.3 INFORMATION YOU PROVIDE TO US WHEN REGISTERING FOR AN ACCOUNT
Plan Sponsors, advisors, and participants who use the Vestwell Platform to manage their retirement plan or retirement plan account consent to provide Vestwell with information needed to service the plan or the account. That information includes name, address, compensation, years of service, job position, contributions, investment selections, and investment performance. That information is used by Vestwell and our service providers and business partners to perform the services specified in the Vestwell Plan Services Agreement between Vestwell and the Plan Sponsor. Vestwell may also use participants’ and/or Plan Sponsors’ contact information to inform them about Vestwell’s services, market trends, general retirement plan education materials, or other information related to the Vestwell Platform. By registering for a Vestwell account or to use the Vestwell Platform, you agree to these uses and you cannot opt out, change or remove consent, or delete that information from the Sites because that information is essential for Vestwell to perform its services.
4. How we use information collected
Vestwell uses the information we collect to provide the Services described above, including to verify your identity and diagnose technical and service issues.
We may also use it for our own general business purposes, which may include, but not be limited to: helping us analyze, research, report on, and improve upon the services we provide; assessing the effectiveness of our Services; understanding and resolving any technical issues with the Sites or servicing your account; or better serving our current and prospective clients’ and advisors’ needs with respect to our products, services, and support.
We may also use it for marketing communications, either directly or through a third party, in relation to our existing or new Services, for education information we think might interest you, or for keeping you up to date on industry and regulatory information. Communications sent to you pursuant to this section shall either be permitted under the applicable law, our agreement with the Plan, or your consent. You may opt out of receiving these marketing communications at any time (see "Choice/Opt-Out" below).
In addition to cookies, our Sites use a variety of other methods and tools for tracking purposes, including Internet tags and web beacons, which are small pieces of data that are embedded in images and pages of the Sites. While most web browsers automatically accept cookies, many browsers allow you to modify your browser setting to decline cookies and/or "opt-out" of tracking technologies. As each browser is different, please consult the “help” menu within your browser. For additional information about cookies and how to control their use on various browsers and devices, you can visit http://www.allaboutcookies.org. Please note however, if a visitor turns off cookies, such visitor may find some of the functionality of our Sites and/or our Services to be reduced or impaired.
We also utilize both proprietary and third-party analytics tools, such as Google Analytics and other solutions, to gather information designed to help us gain insight into how visitors to the Sites interact with and use our content on the Sites and other services.
6. Information sharing and disclosure
We only share Personal Information with any third party outside of Vestwell, our service providers, or our business partners under the following limited circumstances:
- With Plan Sponsors, advisors associated with your retirement plan, our third party service providers, business partners (including payroll providers), and affiliates identified in our Plan Services Agreement to carry out our contractual responsibilities to our clients as described above in section 3.3 and to maintain and improve our Services;
- When we are legally required to access, use, preserve, or disclose the information to meet any applicable law, regulation, legal process, or enforceable governmental request;
- To detect, prevent, or otherwise address security or technical issues involving the Sites;
- To protect against harm to the rights, property, or safety of Vestwell, users of our Sites, or the public as required or permitted by law;
- To enforce the terms of our service agreements;
- With federal or state regulators as permitted by applicable law; or
- With third parties to provide, maintain, and improve our Services, including service providers such as hosting and information technology providers, identity verification and fraud prevention services, data analytics, and customer support services.
We may also share aggregated or anonymized information that does not directly identify any individual user (including device information and information derived from cookies and log files with third parties) about Vestwell Platform users with third parties regarding trends about the general use of our services. We want to keep users of Vestwell’s Sites up to date about new Vestwell Platform features, important Vestwell announcements that are relevant to Vestwell Platform users, industry or regulatory updates, or other information we think users would like to hear about either from us or from our business partners and we may be using the information you provide to us for those purposes as well as the activities noted in section 3.
On Sites where your Personal Information is subject to opt-in, unless you opt-in, Vestwell will not transfer such Personal Information to third parties, except we may transfer your Personal Information without your consent to the extent we are legally required to do so or in the good faith belief that such action is necessary to: (i) comply with legal process served on Vestwell; (ii) protect or defend the rights or property of Vestwell; (iii) act in urgent circumstances to protect the personal safety, property, or privacy of Vestwell's employees, users of Vestwell's products or services, or members of the public; or (iv) effect a transaction, restructuring or proceeding that transfers to a third party the assets or line of business to which the information pertains.
In addition, we may share anonymized aggregate information about our users, such as demographics of Vestwell Platform users, with the media, business partners, and other third parties for Vestwell’s business purposes, such as to customize or enhance the content and functionality of our Sites.
7. Information security
Your privacy matters to Vestwell and we work hard to protect it. We strive to use industry best practices to protect users of our services from unauthorized access, alteration, disclosure, or destruction from information we hold about our plan sponsors and plan participants. We utilize the following practices:
- We encrypt data on the Vestwell Platform;
- We enforce password complexity standards for individuals to access their accounts on the Vestwell Platform;
- We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems; and
- We restrict access to Personal Information to Vestwell employees and trusted service providers who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
8. Retention of personal information
We retain Personal Information for as long as necessary to provide the Services, carry out the purposes described in this policy, or other otherwise required in order to comply with our records retention periods and applicable law. For example, we may retain information about users of our Services in order to comply with our legal and regulatory obligations or to protect our interests as part of providing our Services.
9. It’s your choice, you can opt out of certain communications or review information
We want you to have the tools at your disposal to manage your Personal Information. It is important that you make sure that the information we have about you is accurate and up to date so that we can properly and timely perform our Services and contractual obligations. Your ability to manage your Personal Information will differ depending on your relationship with Vestwell and the Services we provide.
With respect to all other information that you proactively provide to us, such as when you attend one of our educational events or register for an account, unless you take affirmative action to "opt-out" described in section 3.2 above, you have given us your consent to collect and use your information in accordance with this Policy when you provide us with your information. In some areas of the Sites, users are provided with an "opt-out checkbox” which is how you give us, or decline to give us, your consent to use your Personal Information for the purpose(s) covered by the applicable opt-out choice. You may also indicate your desire to opt-out: (i) at the point of data collection when your Personal Information is entered by using the "opt-out" checkbox, (ii) when you receive marketing and promotional communications from us by clicking the "unsubscribe" hyperlink and following the instructions, or (iii) at any time by sending an email request to email@example.com (please indicate "Opt-Out" in the subject line) or by sending a written request to our address as provided below ("Contact Us"). We aim to maintain our Sites in a manner that protects information from accidental or malicious misuse. If you wish to remove your name and information from marketing communications, we may not be able to immediately delete residual copies from our active or backup servers and it may take up to 30 days to remove that information.
10. Our data security protocols
Vestwell safeguards the security and confidentiality of the Personal Information and other data provided to us using physical, technical, and managerial procedures. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable. While we strive to protect your Personal Information, we cannot ensure the security of the information you transmit to us, and so we urge you to take every precaution to protect your Personal Information when you are using the internet. Change your passwords often, use a combination of letters and numbers, take advantage of multi-factor authentication features where available, and make sure you use an up-to-date and secure browser. We recommend that you do not store passwords in your browser or share log-in credentials to any website with anyone.
11. Third party service providers or business partners
Our Services are not targeted or directed at children under the age of 13 and we do not intend to or knowingly collect or solicit Personal Information from children under the age of 13. If you have reason to believe that a child under age 13 has provided Personal Information to us, we encourage the child’s parent or guardian to contact us. If we learn that any Personal Information we collected has been provided by a child under age 13, we will promptly delete it. We do, however, process personal information about children when it is necessary for our Services and you provide it to us. For example, if you are a plan participant, we may collect information relating to children if your employer is using the Vestwell Platform to support its retirement plan and you add them as beneficiaries.
13. International use statement
Vestwell is headquartered in the United States of America and our services are provided and targeted only to residents of the United States of America. Personal Information that we collect and maintain may be transferred to or controlled and processed in the United States of America, but in certain circumstances our service providers or business partners may process data in the United States and/or other countries around the world. By providing us with Personal Information and by using our Sites, you consent to this transfer. By using our Sites, you also consent to and acknowledge the fact that Personal Information stored or processed in the United States will be subject to the laws of the United States, including the ability of governments, courts, law enforcement, and/or regulatory agencies of the United States who have valid jurisdiction over Vestwell to obtain disclosure of your Personal Information subject to a valid subpoena, court order, or similar request.
14. Compliance with state laws
You may have privacy protections under applicable state laws, including those for California residents. To the extent such state laws apply, we will comply with them when we share information about you or the plan. The California Information Privacy Act may provide additional protections to control whether we share some of your Personal Information. In accordance with California law, we will not share information we collect about California residents with outside companies except as permitted by law, such as with the consent of the individual or to service the plan.
15. How to contact us
Your privacy matters to us. Vestwell welcomes your comments regarding this privacy statement and our privacy practices. If you have reason to believe that Vestwell has not adhered to this privacy statement, please contact us by email at firstname.lastname@example.org or contact us at Vestwell Holdings, Inc., Legal Department, 1410 Broadway, 23rd Floor, New York, NY 10018, (917) 979-5358.