Vestmark

This Privacy Policy (this “Privacy Policy”) explains how Vestmark, Inc. and its direct and indirect subsidiaries Vestmark Technology Solutions, Inc., Vestmark Advisory Solutions, Inc., and Vestmark Outsourcing Solutions, Inc., (collectively, the “Company”) handle your personal information and data. We value your trust, and we’ve strived to present this policy in clear, plain language without complex legal jargon.

This Privacy Policy applies to all the products, services, apps and websites offered by the Company that post or include a link to this Privacy Policy. We refer to those products, services, apps and websites collectively as the “Services” in this Privacy Policy. We are located in the United States and collect, use, store and otherwise process your information and data in the United States.

Questions? For questions regarding this Privacy Policy or practices, contact us by emailing support@vestmark.com.

European Economic Area or Switzerland (collectively the “EU”) or Other Jurisdiction Data Subject Requests? For data subject requests, contact us by emailing support@vestmark.com or privacy@vestmark.com or use our online data subject request form.

We may modify this Privacy Policy at any time, but if we do so, we will notify you by publishing the changes on and in the Services. We will also update the effective date. If we determine the changes are material, we will provide you with an additional, prominent notice as is appropriate under the circumstances, including via email.

By using the Services, you consent to the collection and use of the information described herein. Your continued use of the Services following the modification of this Privacy Policy constitutes your consent to and acceptance of such modifications.

Our Services

  • Customers and Users. Our customers use our Services as a wealth management platform for the recordkeeping of account information. We also provide business process outsourcing for managing account information and investment advisory services.

What Information About You Do We Collect?

When you use our Services, we collect information relating to you and your use of our Services from a variety of sources, described below. Later sections describe what we do with the information.

Information We Collect Directly From You Includes:

  • Application / Registration Information. When you submit an application or contract request forms, we collect data which may include details such as your name, email address, phone number, and employment information.
  • Support. You are required to have an account to communicate with our support team. We require you to provide your contact details, such as a name, address, phone number, and email address, for this purpose.
  • Responses You Intentionally Share. We collect your personal information and other data if you submit it to us in response to support inquiries.
  • Cookies and Other Tracking Information. We collect usage data, device data, referral data, and information from cookies and page tags (collectively, “Cookies”). Cookies are small bits of data we store on the device you use to access our Services so we can recognize repeat users, and record how users use the Services, which site a user comes from, the number of each user’s visits, and how long a user stays on the Services. Cookies help to improve software function, facilitate site navigation, and personalize a user’s experience of the Services. Each Cookie expires after a certain period of time, depending on what we use it for.
  • Information About You That We Collect From Third Parties.
  • We use third-party vendors to collect information about you and your use of our Services to provide us with analytics and tools to manage, improve, market and expand our Services.

What Do We Do with the Information We Collect?

  • Responses. We store and maintain user responses submitted to all support inquiries as well as submissions via any and all webforms.
  • Usage Data. The Company may also analyze user usage patterns to improve or optimize our Services.
  • To Manage Our Services. We internally use your information, including certain responses, for the following limited purposes:
  • To Monitor and Improve Our Services and Related Features. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, and information from page tags) to analyze and measure user behavior and trends, to understand how users use our Services, and to monitor, troubleshoot and improve our Services. However, we do not use the non-public content of surveys (i.e., the content of questions and responses that you have not publicly shared) for these purposes.
  • To Aid Us In the Enforcement of Our Terms of Use.
  • To Prevent Potentially Illegal Activities.
  • To Create New Services, Features or Content (Public Data and Metadata Only). We may use public survey data and anonymized survey metadata (that is, data about the characteristics of a survey but not its non-public content), to create and provide new Services, features or content. For example, we may look at statistics like response rates, question and answer word counts, and the average number of questions in a survey and publish interesting observations about these for informational or marketing purposes.
  • To Contact You About Your Account. We occasionally send you communications of a transactional nature (e.g., service-related announcements, billing-related matters, changes to our Services or policies, or a welcome email when you first register). You cannot opt out of these communications since they are required to provide our Services to you.
  • To Respond to Legal Requests and Prevent Harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
  • Cookies. A Cookie is a small text file placed on the device you use to access our Services. Most browsers are set to accept Cookies by default, and by using our Services, you are consenting to our use of Cookies as described herein. We use information we obtain from Cookies for several reasons:
  • To Make Our Site Easier to Use. If you use the "Remember Me" feature when you sign into your account, we may store your username in a Cookie to make it quicker for you to sign in whenever you return to a Company website. For security reasons, we use Cookies to authenticate your identity, such as confirming whether you are currently logged into a Company website.
  • To Provide You with Personalized Content. We may store user preferences, such as your default language, in Cookies to personalize the content you see. We also use Cookies to ensure that users cannot retake certain surveys that they have already completed.
  • To Improve Our Services. We use Cookies to measure your usage of our websites and track referral data, as well as to occasionally display different versions of content to you. This information helps us to develop and improve our Services and optimize the content we display to users.

If you would like to opt-out of the Cookies we employ on our Services, you may block, delete, or disable them through your browser, or set your browser to alert you when Cookies are being sent, as applicable:

  • The help function on most browsers contains instructions on how to set your browser to notify you before accepting Cookies or to disable Cookies entirely. Because each browser is different, please consult the instructions provided by your browser.
  • Some of our third-party partners may be members of the Network Advertising Initiative, which offers a single location to opt out of ad targeting from member companies. To learn more, please click here or here.
  • Some devices you may use may also have platform controls to make choices about Cookies. For instance, Google’s settings may be accessed here. Please note that you must separately opt out in each browser and on each device and that Cookie-based opt-outs are not effective on mobile applications.
  • Due to differences between websites and mobile apps, you may need to take additional steps to opt out of interest-based advertising for mobile applications. Please check your device settings and mobile app permissions for additional information on how to opt out. You also may stop further data collection from a mobile application by removing it from your mobile device.
  • Some browsers transmit “do-not-track” signals. Because of differences in how browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. We currently do not take action in response to these signals.

If you choose to refuse, disable, or delete Cookies, some of the functionality of the Services may no longer be available to you and any differences in service are related to the data. Deleting Cookies may in some cases cancel the opt-out selection in your browser.

How Do We Share the Data We Collect About You?

Rest assured that the Company does not sell your email address to any third parties. Nor does the Company sell your responses. To be clear, the Company does not sell your information to third parties, we only disclose your information to third parties (other than those in your organization) for a limited number of reasons:

  • Service Providers. We share your information with our service providers who help us to provide our Services to you. We give relevant persons working for some of these providers access to your information, but only to the extent necessary for them to perform their services for us. We also implement contractual and technical requirements to protect the safety and confidentiality of your personal information and ensure data is maintained, used only for the provision of their services to us, and handled in accordance with this Privacy Policy. Examples of service providers we utilize include email service providers, infrastructure-as-a-service, platform-as-a-service, data centers, and web traffic analytics tools. By using our Services, you authorize the Company to sub-contract in this manner on your behalf.
  • Research. We may disclose aggregated, anonymous, or anonymized data, including aggregated and anonymous responses, to third parties for market research, academic research, benchmarking, forecasting, trend research, or any other purpose. In all such instances, we will not disclose any identifiable information about users or our customers.
  • The Presence of a Cookie to Advertise Our Services. We may permit third parties to collect information from Cookies and disclose such information to third parties for those parties to display ads promoting our Services on other websites based on users’ online activities over time and across different sites, services, and devices. We may ask them to deliver those ads based on the presence of a Cookie but in doing so will not share any other information with the advertiser. You may opt-out of Cookies as described above. The information practices of these third parties are not covered by this Privacy Policy unless expressly stated otherwise herein.
  • Your Information If Required or Permitted By Law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us. Notwithstanding anything to the contrary in this Privacy Policy, the Company may disclose information regarding users (including personal information) pursuant to a valid subpoena or legal process. We will undertake good faith efforts to provide you with notice of any such subpoena or process, but this is not always possible or allowed by applicable law, and you acknowledge that we do not have a legal obligation to do so. Additionally, the Company may disclose information regarding users (including personal information) in order to protect the property of the Company or prevent any imminent damage to third party property or where there is a threat of personal injury.
  • Change in Business Ownership or Structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between Company entities, the Company will provide notice of such a transfer in accordance with applicable laws.

Do We Publicly Share Your Information?

Yes, but only in certain circumstances. Information you submit to publicly accessible blogs or community forums available through our Services may be read, collected, and used by others who access them. We are not responsible for any personal information you choose to submit in these publicly accessible areas of our Services.

Safety of Minors and COPPA

Our Services are not intended for and may not be used by minors. "Minors" are individuals under the age of majority in their place of residence. This age varies by jurisdiction, but generally includes those under sixteen (16) years old. The Company does not knowingly collect personal data from minors or allow them to register as users. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that we may have any information for or about a child under the age of sixteen (16), please contact us at support@vestmark.com or privacy@vestmark.com regarding an EU or other jurisdiction data subject.

What Are Your Rights to Your Information?

Depending on the jurisdiction, you may have the right to access, correct, update, restrict processing or object to processing, or delete certain personal information covered by this Privacy Policy. Depending on the jurisdiction, you may also have the right to request that we refrain from processing personal information. Please bear in mind that if you object this may affect our ability to provide our Services to you. While the Company will make reasonable efforts to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such requests, if allowed or required by applicable law. Please note that it may take some time to process your request, consistent with applicable law.

Specifically, you can:

  • Update Your Account Details. You can update your registration and other account information on the Settings page.
  • Capture Your Responses. You can take screenshots of your information and data, including but not limited to responses. We may in our discretion provide other tools to export the data.
  • Cancel Your Account. Deleting your account will not cause all the responses in the account to be permanently deleted, but will disable your access to any other Services that require a Company account.
  • Submit a Request. You can submit a request by email to support@vestmark.com or to privacy@vestmark.com for EU and other jurisdiction data subject requests or by using our online request form. We will respond to your request, including any appropriate request to access, correct, update, restrict processing or object to processing, or delete your personal information within the time period specified by applicable law or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by applicable law (in which case we will block access to such data, if required by applicable law). If we are processing your personal data on behalf of a customer, we will promptly refer your request to our customer and support the customer in responding to your request.

For How Long Do We Retain Your Data?

We retain your data as long as necessary to provide our Services and to comply with our legal obligations. Within thirty (30) days after your data is no longer needed to provide our Services or comply with our legal obligations, we anonymize and aggregate your data permanently. However, we reserve the right to delete or purge such data.

Third-Party Data Sources

We obtain information about prospective customers and users from third party sources including data licensors and marketing company databases. We use the information to market Company Services.

Security

The security of your data and information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information submitted to us, intended to protect it from unauthorized access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure, and we are unable to guarantee the absolute security of your data and information.

Supplemental Notice to California Data Subjects

If you are a California resident, you may have certain rights regarding your personal information under state law. This Privacy Policy does not apply to workforce-related personal information collected from California-based employees, job-applicants, contractors, or similar individuals or to personal information provided for a business purpose.

Our websites collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include:

  • Publicly-available information from government records.
  • Deidentified or aggregated consumer information.
  • Other information excluded from the scope of state privacy laws.

In particular, our websites have collected the below categories of personal information from consumers within the last twelve (12) months. We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below. We do not sell your personal information.

Category Whether Data is Collected and the Source of Collection Business or Commercial Purpose for Collection or Use Category of Third Party Recipient

A. Identifiers.

Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

Yes

  • You
  • Your device
  • Our customers, service providers and business partners
  • Provide our Services to you
  • Manage, monitor, improve, and optimize our Services
  • Inform you about our other products, services and offers that may be of interest to you
  • Meet our contractual obligations with service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Contact you about your account and provide customer service
  • Detect and protect against security events, fraud, and illegal activities
  • Service providers
  • Business partners with which we jointly offer services
  • Recipients as required by law, regulation or judicial process or order

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Yes

  • You
  • Our customers, service providers and business partners
  • Provide our Services to you
  • Manage, monitor, improve, and optimize our Services
  • Inform you about our other products, services and offers that may be of interest to you
  • Meet our contractual obligations with service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Contact you about your account and provide customer service
  • Detect and protect against security events, fraud, and illegal activities
  • Service providers
  • Business partners with which we jointly offer services
  • Recipients as required by law, regulation or judicial process or order

C. Protected classification characteristics under California or federal law.

Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

  • You
  • Our customers, service providers and business partners
  • Inform you about our other products, services and offers that may be of interest to you
  • Meet our contractual obligations with service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Detect and protect against security events, fraud, and illegal activities
  • Service providers
  • Business partners with which we jointly offer services
  • Recipients as required by law, regulation or judicial process or order

D. Commercial information.

Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

No

N/A

N/A

E. Biometric information.

Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

N/A

N/A

F. Internet or other similar network activity.

Examples: Usage data, device data, referral data, information from cookies and page tags, information on a consumer's interaction with a website, application, or advertisement.

Yes

  • Your device
  • Third party analytics providers
  • Make our websites easier to use
  • Provide you with personalized content
  • Improve our Services

N/A

G. Geolocation data.

Examples: Physical location or movements.

Yes

  • Your device
  • Third party analytics providers
  • Monitor our Services
  • Meet our contractual obligations with service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Detect and protect against security events, fraud, and illegal activities
  • Service providers
  • Recipients as required by law, regulation or judicial process or order

H. Sensory data.

Examples: Audio, electronic, visual, thermal, olfactory, or similar information.

Yes

  • You
  • Our service providers and business partners
  • Teleconferencing as part of normal business operations
  • Customer support
  • Employee engagement
  • Detect and protect against security events, fraud, and illegal activities
  • Our customers

I. Professional or employment-related information.

Examples: Current employment information.

Yes

  • You
  • Our customers, service providers and business partners
  • Provide our Services to you
  • Manage, monitor, improve, and optimize our Services
  • Inform you about our other products, services and offers that may be of interest to you
  • Meet our contractual obligations with our customers, service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Service providers
  • Prospective employers
  • Recipients as required by law, regulation or judicial process or order

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

No

N/A

N/A

K. Inferences drawn from other personal information.

Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

N/A

N/A



This section describes privacy rights for California residents and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months (the "right to know"). Once we receive your request and confirm your identity, we will disclose to you:

  • The categories of personal information we have collected about you
  • The categories of sources for the personal information we have collected about you
  • Our business or commercial purpose for collecting or selling that personal information
  • The categories of third parties with whom we share that personal information
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained
  • The specific pieces of personal information we collected about you (also called a data portability request)
  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  • Debug products to identify and repair errors that impair existing intended functionality
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent
  • Enable solely internal uses that are reasonably aligned with consumer expectations based upon your relationship with us
  • Comply with a legal obligation
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

If you choose to exercise these rights, we ask you to provide sufficient information, including the Services you have used in the past, your state and country of residence, and contact information, in order for us to verify your identity and process your request. Depending on the types of requests, additional information may be requested. We will only use personal information provided in this retest to verify the requestor’s identity or authority to make it.

You may use an authorized agent to submit a request on your behalf related to your personal information. If you choose to use an authorized agent, you should supply your agent with written permission to act on your behalf in relation to your request, and your agent must provide us with proof of such authorization before we process your request.

To exercise a right related to your personal information, please contact us by email to privacy@vestmark.com, by using our online request form, or by calling us at this toll-free number: (833) 275-4994.

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact our Data Protection Officer at (781) 224-3640. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another forty-five (45) days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, utilizing AES 256 encryption. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We will not discriminate against you for exercising any of your California privacy rights. Unless permitted by law, we will not:

  • Deny you goods or services
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
  • Provide you a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

Supplemental Notice to EU Data Subjects

The Company processes personal data for the limited purposes identified above. We store your data to comply with legal, regulatory or contractual obligations and according to our documentation retention schedules. If you do not provide your personal data to us you may not be able to access our Services. We do not use automated decision-making.

  • Lawful Grounds. If you reside in the EU, we rely on the following lawful grounds under the General Data Protection Regulation to process (collect, store, and use) your personal data: (a) it is necessary for the performance of a contract with you; (b) our or a third-party’s legitimate business interest (e.g., marketing our goods and services, analyzing business models, designing new products and services, detecting and addressing possible fraud, securing our networks, and complying with legal or regulatory obligations); or (c) your consent.
  • Data Transfer Notice. We transfer your personal data to the United States for processing in the United States. We make the transfer to the United States in the absence of an adequacy decision because it is necessary for the performance of a contract with you, or with your explicit consent.
  • Individual Rights and Data Subject Requests. We provide you with tools to change access, delete, or modify your personal information within the Services. We also provide tools to our customers to respond to your data subject request within the Services. Additionally, you may also contact us at privacy@vestmark.com our use our online form to request access to, transfer of, and rectification or erasure of your personal data, or restriction of processing, or to object to processing of your personal data. If sending an email, please specify the nature of your request and the information that is the subject of your request. We may require you to submit additional information necessary to verify your identity and status as an EU data subject. We will respond to your request within thirty (30) days. You may file a complaint with the appropriate Member State and with the supervisory authority of the Member State where you reside, work, or where the infringement occurred.
  • Withdraw Consent. If we are processing your personal data based upon the lawful ground of your consent, you have the right to withdraw your consent for such processing at any time without affecting the lawfulness of processing based on consent before it is withdrawn. To withdraw consent, email us at privacy@vestmark.com.
  • Other Rights. You may have other rights including:
  • Right of access
  • Right of correction
  • Right of erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to withdraw consent


Contact

If you have any questions about this Privacy Policy, please contact us at:

Vestmark, Inc.
100 Quannapowitt Pkwy #205
Wakefield, MA 01880
Attn.: Data Protection Officer
+1 (781) 224-3640 or +1 (833) 275-4994
support@vestmark.com or if you are in the EU at privacy@vestmark.com

If you need to access this Privacy Policy in an alternative format due to having a disability, please contact privacy@vestmark.com and +1 (833) 275-4994.

This Privacy Policy (this “Privacy Policy”) explains how Vestmark, Inc. and its direct and indirect subsidiaries Vestmark Technology Solutions, Inc., Vestmark Advisory Solutions, Inc., and Vestmark Outsourcing Solutions, Inc., (collectively, the “Company”) handle your personal information and data. We value your trust, and we’ve strived to present this policy in clear, plain language without complex legal jargon.

This Privacy Policy applies to all the products, services, apps and websites offered by the Company that post or include a link to this Privacy Policy. We refer to those products, services, apps and websites collectively as the “Services” in this Privacy Policy. We are located in the United States and collect, use, store and otherwise process your information and data in the United States.

Questions? For questions regarding this Privacy Policy or practices, contact us by emailing support@vestmark.com.

European Economic Area or Switzerland (collectively the “EU”) or Other Jurisdiction Data Subject Requests? For data subject requests, contact us by emailing support@vestmark.com or privacy@vestmark.com or use our online data subject request form.

We may modify this Privacy Policy at any time, but if we do so, we will notify you by publishing the changes on and in the Services. We will also update the effective date. If we determine the changes are material, we will provide you with an additional, prominent notice as is appropriate under the circumstances, including via email.

By using the Services, you consent to the collection and use of the information described herein. Your continued use of the Services following the modification of this Privacy Policy constitutes your consent to and acceptance of such modifications.

Our Services

  • Customers and Users. Our customers use our Services as a wealth management platform for the recordkeeping of account information. We also provide business process outsourcing for managing account information and investment advisory services.

What Information About You Do We Collect?

When you use our Services, we collect information relating to you and your use of our Services from a variety of sources, described below. Later sections describe what we do with the information.

Information We Collect Directly From You Includes:

  • Application / Registration Information. When you submit an application or contract request forms, we collect data which may include details such as your name, email address, phone number, and employment information.
  • Support. You are required to have an account to communicate with our support team. We require you to provide your contact details, such as a name, address, phone number, and email address, for this purpose.
  • Responses You Intentionally Share. We collect your personal information and other data if you submit it to us in response to support inquiries.
  • Cookies and Other Tracking Information. We collect usage data, device data, referral data, and information from cookies and page tags (collectively, “Cookies”). Cookies are small bits of data we store on the device you use to access our Services so we can recognize repeat users, and record how users use the Services, which site a user comes from, the number of each user’s visits, and how long a user stays on the Services. Cookies help to improve software function, facilitate site navigation, and personalize a user’s experience of the Services. Each Cookie expires after a certain period of time, depending on what we use it for.
  • Information About You That We Collect From Third Parties.
  • We use third-party vendors to collect information about you and your use of our Services to provide us with analytics and tools to manage, improve, market and expand our Services.

What Do We Do with the Information We Collect?

  • Responses. We store and maintain user responses submitted to all support inquiries as well as submissions via any and all webforms.
  • Usage Data. The Company may also analyze user usage patterns to improve or optimize our Services.
  • To Manage Our Services. We internally use your information, including certain responses, for the following limited purposes:
  • To Monitor and Improve Our Services and Related Features. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, and information from page tags) to analyze and measure user behavior and trends, to understand how users use our Services, and to monitor, troubleshoot and improve our Services. However, we do not use the non-public content of surveys (i.e., the content of questions and responses that you have not publicly shared) for these purposes.
  • To Aid Us In the Enforcement of Our Terms of Use.
  • To Prevent Potentially Illegal Activities.
  • To Create New Services, Features or Content (Public Data and Metadata Only). We may use public survey data and anonymized survey metadata (that is, data about the characteristics of a survey but not its non-public content), to create and provide new Services, features or content. For example, we may look at statistics like response rates, question and answer word counts, and the average number of questions in a survey and publish interesting observations about these for informational or marketing purposes.
  • To Contact You About Your Account. We occasionally send you communications of a transactional nature (e.g., service-related announcements, billing-related matters, changes to our Services or policies, or a welcome email when you first register). You cannot opt out of these communications since they are required to provide our Services to you.
  • To Respond to Legal Requests and Prevent Harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
  • Cookies. A Cookie is a small text file placed on the device you use to access our Services. Most browsers are set to accept Cookies by default, and by using our Services, you are consenting to our use of Cookies as described herein. We use information we obtain from Cookies for several reasons:
  • To Make Our Site Easier to Use. If you use the "Remember Me" feature when you sign into your account, we may store your username in a Cookie to make it quicker for you to sign in whenever you return to a Company website. For security reasons, we use Cookies to authenticate your identity, such as confirming whether you are currently logged into a Company website.
  • To Provide You with Personalized Content. We may store user preferences, such as your default language, in Cookies to personalize the content you see. We also use Cookies to ensure that users cannot retake certain surveys that they have already completed.
  • To Improve Our Services. We use Cookies to measure your usage of our websites and track referral data, as well as to occasionally display different versions of content to you. This information helps us to develop and improve our Services and optimize the content we display to users.

If you would like to opt-out of the Cookies we employ on our Services, you may block, delete, or disable them through your browser, or set your browser to alert you when Cookies are being sent, as applicable:

  • The help function on most browsers contains instructions on how to set your browser to notify you before accepting Cookies or to disable Cookies entirely. Because each browser is different, please consult the instructions provided by your browser.
  • Some of our third-party partners may be members of the Network Advertising Initiative, which offers a single location to opt out of ad targeting from member companies. To learn more, please click here or here.
  • Some devices you may use may also have platform controls to make choices about Cookies. For instance, Google’s settings may be accessed here. Please note that you must separately opt out in each browser and on each device and that Cookie-based opt-outs are not effective on mobile applications.
  • Due to differences between websites and mobile apps, you may need to take additional steps to opt out of interest-based advertising for mobile applications. Please check your device settings and mobile app permissions for additional information on how to opt out. You also may stop further data collection from a mobile application by removing it from your mobile device.
  • Some browsers transmit “do-not-track” signals. Because of differences in how browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. We currently do not take action in response to these signals.

If you choose to refuse, disable, or delete Cookies, some of the functionality of the Services may no longer be available to you and any differences in service are related to the data. Deleting Cookies may in some cases cancel the opt-out selection in your browser.

How Do We Share the Data We Collect About You?

Rest assured that the Company does not sell your email address to any third parties. Nor does the Company sell your responses. To be clear, the Company does not sell your information to third parties, we only disclose your information to third parties (other than those in your organization) for a limited number of reasons:

  • Service Providers. We share your information with our service providers who help us to provide our Services to you. We give relevant persons working for some of these providers access to your information, but only to the extent necessary for them to perform their services for us. We also implement contractual and technical requirements to protect the safety and confidentiality of your personal information and ensure data is maintained, used only for the provision of their services to us, and handled in accordance with this Privacy Policy. Examples of service providers we utilize include email service providers, infrastructure-as-a-service, platform-as-a-service, data centers, and web traffic analytics tools. By using our Services, you authorize the Company to sub-contract in this manner on your behalf.
  • Research. We may disclose aggregated, anonymous, or anonymized data, including aggregated and anonymous responses, to third parties for market research, academic research, benchmarking, forecasting, trend research, or any other purpose. In all such instances, we will not disclose any identifiable information about users or our customers.
  • The Presence of a Cookie to Advertise Our Services. We may permit third parties to collect information from Cookies and disclose such information to third parties for those parties to display ads promoting our Services on other websites based on users’ online activities over time and across different sites, services, and devices. We may ask them to deliver those ads based on the presence of a Cookie but in doing so will not share any other information with the advertiser. You may opt-out of Cookies as described above. The information practices of these third parties are not covered by this Privacy Policy unless expressly stated otherwise herein.
  • Your Information If Required or Permitted By Law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us. Notwithstanding anything to the contrary in this Privacy Policy, the Company may disclose information regarding users (including personal information) pursuant to a valid subpoena or legal process. We will undertake good faith efforts to provide you with notice of any such subpoena or process, but this is not always possible or allowed by applicable law, and you acknowledge that we do not have a legal obligation to do so. Additionally, the Company may disclose information regarding users (including personal information) in order to protect the property of the Company or prevent any imminent damage to third party property or where there is a threat of personal injury.
  • Change in Business Ownership or Structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between Company entities, the Company will provide notice of such a transfer in accordance with applicable laws.

Do We Publicly Share Your Information?

Yes, but only in certain circumstances. Information you submit to publicly accessible blogs or community forums available through our Services may be read, collected, and used by others who access them. We are not responsible for any personal information you choose to submit in these publicly accessible areas of our Services.

Safety of Minors and COPPA

Our Services are not intended for and may not be used by minors. "Minors" are individuals under the age of majority in their place of residence. This age varies by jurisdiction, but generally includes those under sixteen (16) years old. The Company does not knowingly collect personal data from minors or allow them to register as users. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that we may have any information for or about a child under the age of sixteen (16), please contact us at support@vestmark.com or privacy@vestmark.com regarding an EU or other jurisdiction data subject.

What Are Your Rights to Your Information?

Depending on the jurisdiction, you may have the right to access, correct, update, restrict processing or object to processing, or delete certain personal information covered by this Privacy Policy. Depending on the jurisdiction, you may also have the right to request that we refrain from processing personal information. Please bear in mind that if you object this may affect our ability to provide our Services to you. While the Company will make reasonable efforts to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such requests, if allowed or required by applicable law. Please note that it may take some time to process your request, consistent with applicable law.

Specifically, you can:

  • Update Your Account Details. You can update your registration and other account information on the Settings page.
  • Capture Your Responses. You can take screenshots of your information and data, including but not limited to responses. We may in our discretion provide other tools to export the data.
  • Cancel Your Account. Deleting your account will not cause all the responses in the account to be permanently deleted, but will disable your access to any other Services that require a Company account.
  • Submit a Request. You can submit a request by email to support@vestmark.com or to privacy@vestmark.com for EU and other jurisdiction data subject requests or by using our online request form. We will respond to your request, including any appropriate request to access, correct, update, restrict processing or object to processing, or delete your personal information within the time period specified by applicable law or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by applicable law (in which case we will block access to such data, if required by applicable law). If we are processing your personal data on behalf of a customer, we will promptly refer your request to our customer and support the customer in responding to your request.

For How Long Do We Retain Your Data?

We retain your data as long as necessary to provide our Services and to comply with our legal obligations. Within thirty (30) days after your data is no longer needed to provide our Services or comply with our legal obligations, we anonymize and aggregate your data permanently. However, we reserve the right to delete or purge such data.

Third-Party Data Sources

We obtain information about prospective customers and users from third party sources including data licensors and marketing company databases. We use the information to market Company Services.

Security

The security of your data and information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information submitted to us, intended to protect it from unauthorized access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure, and we are unable to guarantee the absolute security of your data and information.

Supplemental Notice to California Data Subjects

If you are a California resident, you may have certain rights regarding your personal information under state law. This Privacy Policy does not apply to workforce-related personal information collected from California-based employees, job-applicants, contractors, or similar individuals or to personal information provided for a business purpose.

Our websites collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include:

  • Publicly-available information from government records.
  • Deidentified or aggregated consumer information.
  • Other information excluded from the scope of state privacy laws.

In particular, our websites have collected the below categories of personal information from consumers within the last twelve (12) months. We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below. We do not sell your personal information.

Category Whether Data is Collected and the Source of Collection Business or Commercial Purpose for Collection or Use Category of Third Party Recipient

A. Identifiers.

Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

Yes

  • You
  • Your device
  • Our customers, service providers and business partners
  • Provide our Services to you
  • Manage, monitor, improve, and optimize our Services
  • Inform you about our other products, services and offers that may be of interest to you
  • Meet our contractual obligations with service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Contact you about your account and provide customer service
  • Detect and protect against security events, fraud, and illegal activities
  • Service providers
  • Business partners with which we jointly offer services
  • Recipients as required by law, regulation or judicial process or order

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Yes

  • You
  • Our customers, service providers and business partners
  • Provide our Services to you
  • Manage, monitor, improve, and optimize our Services
  • Inform you about our other products, services and offers that may be of interest to you
  • Meet our contractual obligations with service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Contact you about your account and provide customer service
  • Detect and protect against security events, fraud, and illegal activities
  • Service providers
  • Business partners with which we jointly offer services
  • Recipients as required by law, regulation or judicial process or order

C. Protected classification characteristics under California or federal law.

Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

  • You
  • Our customers, service providers and business partners
  • Inform you about our other products, services and offers that may be of interest to you
  • Meet our contractual obligations with service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Detect and protect against security events, fraud, and illegal activities
  • Service providers
  • Business partners with which we jointly offer services
  • Recipients as required by law, regulation or judicial process or order

D. Commercial information.

Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

No

N/A

N/A

E. Biometric information.

Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

N/A

N/A

F. Internet or other similar network activity.

Examples: Usage data, device data, referral data, information from cookies and page tags, information on a consumer's interaction with a website, application, or advertisement.

Yes

  • Your device
  • Third party analytics providers
  • Make our websites easier to use
  • Provide you with personalized content
  • Improve our Services

N/A

G. Geolocation data.

Examples: Physical location or movements.

Yes

  • Your device
  • Third party analytics providers
  • Monitor our Services
  • Meet our contractual obligations with service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Detect and protect against security events, fraud, and illegal activities
  • Service providers
  • Recipients as required by law, regulation or judicial process or order

H. Sensory data.

Examples: Audio, electronic, visual, thermal, olfactory, or similar information.

Yes

  • You
  • Our service providers and business partners
  • Teleconferencing as part of normal business operations
  • Customer support
  • Employee engagement
  • Detect and protect against security events, fraud, and illegal activities
  • Our customers

I. Professional or employment-related information.

Examples: Current employment information.

Yes

  • You
  • Our customers, service providers and business partners
  • Provide our Services to you
  • Manage, monitor, improve, and optimize our Services
  • Inform you about our other products, services and offers that may be of interest to you
  • Meet our contractual obligations with our customers, service providers or business partners
  • Respond to legal requests and meet other legal and regulatory requirements
  • Service providers
  • Prospective employers
  • Recipients as required by law, regulation or judicial process or order

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

No

N/A

N/A

K. Inferences drawn from other personal information.

Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

N/A

N/A

This section describes privacy rights for California residents and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months (the "right to know"). Once we receive your request and confirm your identity, we will disclose to you:

  • The categories of personal information we have collected about you
  • The categories of sources for the personal information we have collected about you
  • Our business or commercial purpose for collecting or selling that personal information
  • The categories of third parties with whom we share that personal information
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained
  • The specific pieces of personal information we collected about you (also called a data portability request)
  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  • Debug products to identify and repair errors that impair existing intended functionality
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent
  • Enable solely internal uses that are reasonably aligned with consumer expectations based upon your relationship with us
  • Comply with a legal obligation
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

If you choose to exercise these rights, we ask you to provide sufficient information, including the Services you have used in the past, your state and country of residence, and contact information, in order for us to verify your identity and process your request. Depending on the types of requests, additional information may be requested. We will only use personal information provided in this retest to verify the requestor’s identity or authority to make it.

You may use an authorized agent to submit a request on your behalf related to your personal information. If you choose to use an authorized agent, you should supply your agent with written permission to act on your behalf in relation to your request, and your agent must provide us with proof of such authorization before we process your request.

To exercise a right related to your personal information, please contact us by email to privacy@vestmark.com, by using our online request form, or by calling us at this toll-free number: (833) 275-4994.

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact our Data Protection Officer at (781) 224-3640. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another forty-five (45) days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, utilizing AES 256 encryption. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We will not discriminate against you for exercising any of your California privacy rights. Unless permitted by law, we will not:

  • Deny you goods or services
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
  • Provide you a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

Supplemental Notice to EU Data Subjects

The Company processes personal data for the limited purposes identified above. We store your data to comply with legal, regulatory or contractual obligations and according to our documentation retention schedules. If you do not provide your personal data to us you may not be able to access our Services. We do not use automated decision-making.

  • Lawful Grounds. If you reside in the EU, we rely on the following lawful grounds under the General Data Protection Regulation to process (collect, store, and use) your personal data: (a) it is necessary for the performance of a contract with you; (b) our or a third-party’s legitimate business interest (e.g., marketing our goods and services, analyzing business models, designing new products and services, detecting and addressing possible fraud, securing our networks, and complying with legal or regulatory obligations); or (c) your consent.
  • Data Transfer Notice. We transfer your personal data to the United States for processing in the United States. We make the transfer to the United States in the absence of an adequacy decision because it is necessary for the performance of a contract with you, or with your explicit consent.
  • Individual Rights and Data Subject Requests. We provide you with tools to change access, delete, or modify your personal information within the Services. We also provide tools to our customers to respond to your data subject request within the Services. Additionally, you may also contact us at privacy@vestmark.com our use our online form to request access to, transfer of, and rectification or erasure of your personal data, or restriction of processing, or to object to processing of your personal data. If sending an email, please specify the nature of your request and the information that is the subject of your request. We may require you to submit additional information necessary to verify your identity and status as an EU data subject. We will respond to your request within thirty (30) days. You may file a complaint with the appropriate Member State and with the supervisory authority of the Member State where you reside, work, or where the infringement occurred.
  • Withdraw Consent. If we are processing your personal data based upon the lawful ground of your consent, you have the right to withdraw your consent for such processing at any time without affecting the lawfulness of processing based on consent before it is withdrawn. To withdraw consent, email us at privacy@vestmark.com.
  • Other Rights. You may have other rights including:
  • Right of access
  • Right of correction
  • Right of erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to withdraw consent

Contact

If you have any questions about this Privacy Policy, please contact us at:

Vestmark, Inc.
100 Quannapowitt Pkwy #205
Wakefield, MA 01880
Attn.: Data Protection Officer
+1 (781) 224-3640 or +1 (833) 275-4994
support@vestmark.com or if you are in the EU at privacy@vestmark.com

If you need to access this Privacy Policy in an alternative format due to having a disability, please contact privacy@vestmark.com and +1 (833) 275-4994.