This Privacy Policy (this “Privacy Policy”) explains how Vestmark, Inc. and its direct and indirect subsidiaries Vestmark Technology Solutions, Inc., Vestmark Advisory Solutions, Inc., and Vestmark Outsourcing Solutions, Inc. (collectively, the “Company”) handle your personal information and data. We value your trust, and we’ve strived to present this policy in clear, plain language without complex legal jargon.
This Privacy Policy applies to all the products, services, apps and websites offered by the Company that post or include a link to this Privacy Policy. We refer to those products, services, apps and websites collectively as the “Services” in this Privacy Policy. We are located in the United States and collect, use, store and otherwise process your information and data in the United States. Vestmark Advisory Solutions, Inc. separately maintains a Privacy Notice as required by the federal Gramm-Leach-Bliley Act.
Questions? For questions regarding this Privacy Policy or practices, contact us by emailing support@vestmark.com.
European Economic Area or Switzerland (collectively the “EU”) or Other Jurisdiction Data Subject Requests? For data subject requests, contact us by emailing support@vestmark.com or privacy@vestmark.com or use our online data subject request form.
We may modify this Privacy Policy at any time, but if we do so, we will notify you by publishing the changes on and in the Services. We will also update the effective date. If we determine the changes are material, we will provide you with an additional, prominent notice as is appropriate under the circumstances, including via email.
By using the Services, you consent to the collection and use of the information described herein. Your continued use of the Services following the modification of this Privacy Policy constitutes your consent to and acceptance of such modifications.
When you use our Services, we collect information relating to you and your use of our Services from a variety of sources, described below. Later sections describe what we do with the information.
In particular, our Services have collected the below categories of personal information from consumers and users within the last twelve (12) months. We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below. We do not sell your personal information.
Category
Whether Data is Collected and the Source of Collection
Business or Commercial Purpose for Collection or Use
Category of Third Party Recipient
A. Identifiers.
Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Yes
C. Protected classification characteristics under California or federal law.
Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Yes
D. Commercial information.
Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
No
N/A
N/A
E. Biometric information.
Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
Yes
F. Internet or other similar network activity.
Examples: Usage data, device data, referral data, information from cookies and page tags, information on a consumer's interaction with a website, application, or advertisement.
Yes
N/A
G. Geolocation data.
Examples: Physical location or movements.
Yes
H. Sensory data.
Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
Yes
I. Professional or employment-related information.
Examples: Current employment information.
Yes
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
No
N/A
N/A
K. Inferences drawn from other personal information.
Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
No
N/A
N/A
If you would like to opt-out of the Cookies we employ on our Services, you may block, delete, or disable them through the Pop-Up Banner (non-U.S. visitors only) or your browser, and manage your Cookie preferences or set your browser to alert you when Cookies are being sent, as applicable:
If you choose to refuse, disable, or delete Cookies, some of the functionality of the Services may no longer be available to you and any differences in service are related to the data. Deleting Cookies may in some cases cancel the opt-out selection in your browser.
Rest assured that the Company does not sell your email address to any third parties. Nor does the Company sell your responses. To be clear, the Company does not sell your information to third parties, we only disclose your information to third parties (other than those in your organization) for a limited number of reasons:
Yes, but only in certain circumstances. Information you submit to publicly accessible blogs or community forums available through our Services may be read, collected, and used by others who access them. We are not responsible for any personal information you choose to submit in these publicly accessible areas of our Services.
Our Services are not intended for and may not be used by minors. “Minors” are individuals under the age of majority in their place of residence. This age varies by jurisdiction, but generally includes those under sixteen (16) years old. The Company does not knowingly collect personal data from minors or allow them to register as users. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that we may have any information for or about a child under the age of sixteen (16), please contact us at support@vestmark.com or privacy@vestmark.com regarding an EU or other jurisdiction data subject.
Depending on the jurisdiction, you may have the right to access, correct, update, restrict processing or object to processing, or delete certain personal information covered by this Privacy Policy. Depending on the jurisdiction, you may also have the right to request that we refrain from processing personal information. Please bear in mind that if you object this may affect our ability to provide our Services to you. While the Company will make reasonable efforts to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such requests, if allowed or required by applicable law. Please note that it may take some time to process your request, consistent with applicable law.
Specifically, you can:
We retain your data as long as necessary to provide our Services and to comply with our legal obligations. Within thirty (30) days after your data is no longer needed to provide our Services or comply with our legal obligations, we anonymize and aggregate your data permanently. However, we reserve the right to delete or purge such data.
We obtain information about prospective customers and users from third party sources including data licensors and marketing company databases. We use the information to market Company Services.
The security of your data and information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information submitted to us, intended to protect it from unauthorized access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure, and we are unable to guarantee the absolute security of your data and information.
Residents of certain states (including California) may have additional rights regarding your personal information under applicable state law. This section describes privacy rights for residents of certain states and explains how to exercise those rights.
If you are a resident of a certain state, you may have certain rights regarding your personal information under such state’s law. This Privacy Policy does not apply to workforce-related personal information collected from California-based employees, job-applicants, contractors, or similar individuals or to personal information provided for a business purpose.
Our websites collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include:
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
You have the right to request that we amend incorrect personal information that relates to you (the “right to correct”).
You have the right to opt-out from the sharing of your personal information for cross-context behavioral advertising (the “marketing opt-out right”).
You may limit the sharing of some sensitive personal information that relates to you (the “right to limit sensitive information sharing”). We still may use sensitive personal information for permitted business purposes, such as to ensure data integrity and security, to meet legal or regulatory obligations, or to prevent fraud or misuse of our Services.
If you choose to exercise these rights, we ask you to provide sufficient information, including the Services you have used in the past, your state and country of residence, and contact information, in order for us to verify your identity and process your request. Depending on the types of requests, additional information may be requested. We will only use personal information provided in this retest to verify the requestor’s identity or authority to make it.
You may use an authorized agent to submit a request on your behalf related to your personal information. If you choose to use an authorized agent, you should supply your agent with written permission to act on your behalf in relation to your request, and your agent must provide us with proof of such authorization before we process your request.
To exercise a right related to your personal information, please contact us by email to privacy@vestmark.com, by using our online request form, or by calling us at this toll-free number: (833) 275-4994.
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact our Data Protection Officer at (781) 224-3640. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another forty-five (45) days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, utilizing AES 256 encryption. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your state-specific privacy rights. Unless permitted by law, we will not:
The Company processes personal data for the limited purposes identified above. We store your data to comply with legal, regulatory or contractual obligations and according to our documentation retention schedules. If you do not provide your personal data to us you may not be able to access our Services. We do not use automated decision-making.
If you have any questions about this Privacy Policy, please contact us at:
Vestmark, Inc.
100 Quannapowitt Pkwy #205
Wakefield, MA 01880
Attn.: Data Protection Officer
+1 (781) 224-3640 or +1 (833) 275-4994
support@vestmark.com or if you are in the EU at privacy@vestmark.com
If you need to access this Privacy Policy in an alternative format due to having a disability, please contact privacy@vestmark.com and +1 (833) 275-4994.
This Privacy Policy (this “Privacy Policy”) explains how Vestmark, Inc. and its direct and indirect subsidiaries Vestmark Technology Solutions, Inc., Vestmark Advisory Solutions, Inc., and Vestmark Outsourcing Solutions, Inc. (collectively, the “Company”) handle your personal information and data. We value your trust, and we’ve strived to present this policy in clear, plain language without complex legal jargon.
This Privacy Policy applies to all the products, services, apps and websites offered by the Company that post or include a link to this Privacy Policy. We refer to those products, services, apps and websites collectively as the “Services” in this Privacy Policy. We are located in the United States and collect, use, store and otherwise process your information and data in the United States. Vestmark Advisory Solutions, Inc. separately maintains a Privacy Notice as required by the federal Gramm-Leach-Bliley Act.
Questions? For questions regarding this Privacy Policy or practices, contact us by emailing support@vestmark.com.
European Economic Area or Switzerland (collectively the “EU”) or Other Jurisdiction Data Subject Requests? For data subject requests, contact us by emailing support@vestmark.com or privacy@vestmark.com or use our online data subject request form.
We may modify this Privacy Policy at any time, but if we do so, we will notify you by publishing the changes on and in the Services. We will also update the effective date. If we determine the changes are material, we will provide you with an additional, prominent notice as is appropriate under the circumstances, including via email.
By using the Services, you consent to the collection and use of the information described herein. Your continued use of the Services following the modification of this Privacy Policy constitutes your consent to and acceptance of such modifications.
When you use our Services, we collect information relating to you and your use of our Services from a variety of sources, described below. Later sections describe what we do with the information.
In particular, our Services have collected the below categories of personal information from consumers and users within the last twelve (12) months. We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below. We do not sell your personal information.
Category | Whether Data is Collected and the Source of Collection | Business or Commercial Purpose for Collection or Use | Category of Third Party Recipient |
---|---|---|---|
A. Identifiers. Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
Yes
|
|
|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. |
Yes
|
|
|
C. Protected classification characteristics under California or federal law. Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
Yes
|
|
|
D. Commercial information. Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
No |
N/A |
N/A |
E. Biometric information. Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
Yes
|
|
|
F. Internet or other similar network activity. Examples: Usage data, device data, referral data, information from cookies and page tags, information on a consumer's interaction with a website, application, or advertisement. |
Yes
|
|
N/A |
G. Geolocation data. Examples: Physical location or movements. |
Yes
|
|
|
H. Sensory data. Examples: Audio, electronic, visual, thermal, olfactory, or similar information. |
Yes
|
|
|
I. Professional or employment-related information. Examples: Current employment information. |
Yes
|
|
|
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
No |
N/A |
N/A |
K. Inferences drawn from other personal information. Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
No |
N/A |
N/A |
If you would like to opt-out of the Cookies we employ on our Services, you may block, delete, or disable them through the Pop-Up Banner (non-U.S. visitors only) or your browser, and manage your Cookie preferences or set your browser to alert you when Cookies are being sent, as applicable:
If you choose to refuse, disable, or delete Cookies, some of the functionality of the Services may no longer be available to you and any differences in service are related to the data. Deleting Cookies may in some cases cancel the opt-out selection in your browser.
Rest assured that the Company does not sell your email address to any third parties. Nor does the Company sell your responses. To be clear, the Company does not sell your information to third parties, we only disclose your information to third parties (other than those in your organization) for a limited number of reasons:
Yes, but only in certain circumstances. Information you submit to publicly accessible blogs or community forums available through our Services may be read, collected, and used by others who access them. We are not responsible for any personal information you choose to submit in these publicly accessible areas of our Services.
Our Services are not intended for and may not be used by minors. “Minors” are individuals under the age of majority in their place of residence. This age varies by jurisdiction, but generally includes those under sixteen (16) years old. The Company does not knowingly collect personal data from minors or allow them to register as users. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that we may have any information for or about a child under the age of sixteen (16), please contact us at support@vestmark.com or privacy@vestmark.com regarding an EU or other jurisdiction data subject.
Depending on the jurisdiction, you may have the right to access, correct, update, restrict processing or object to processing, or delete certain personal information covered by this Privacy Policy. Depending on the jurisdiction, you may also have the right to request that we refrain from processing personal information. Please bear in mind that if you object this may affect our ability to provide our Services to you. While the Company will make reasonable efforts to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such requests, if allowed or required by applicable law. Please note that it may take some time to process your request, consistent with applicable law.
Specifically, you can:
We retain your data as long as necessary to provide our Services and to comply with our legal obligations. Within thirty (30) days after your data is no longer needed to provide our Services or comply with our legal obligations, we anonymize and aggregate your data permanently. However, we reserve the right to delete or purge such data.
We obtain information about prospective customers and users from third party sources including data licensors and marketing company databases. We use the information to market Company Services.
The security of your data and information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information submitted to us, intended to protect it from unauthorized access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure, and we are unable to guarantee the absolute security of your data and information.
Residents of certain states (including California) may have additional rights regarding your personal information under applicable state law. This section describes privacy rights for residents of certain states and explains how to exercise those rights.
If you are a resident of a certain state, you may have certain rights regarding your personal information under such state’s law. This Privacy Policy does not apply to workforce-related personal information collected from California-based employees, job-applicants, contractors, or similar individuals or to personal information provided for a business purpose.
Our websites collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include:
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
You have the right to request that we amend incorrect personal information that relates to you (the “right to correct”).
You have the right to opt-out from the sharing of your personal information for cross-context behavioral advertising (the “marketing opt-out right”).
You may limit the sharing of some sensitive personal information that relates to you (the “right to limit sensitive information sharing”). We still may use sensitive personal information for permitted business purposes, such as to ensure data integrity and security, to meet legal or regulatory obligations, or to prevent fraud or misuse of our Services.
If you choose to exercise these rights, we ask you to provide sufficient information, including the Services you have used in the past, your state and country of residence, and contact information, in order for us to verify your identity and process your request. Depending on the types of requests, additional information may be requested. We will only use personal information provided in this retest to verify the requestor’s identity or authority to make it.
You may use an authorized agent to submit a request on your behalf related to your personal information. If you choose to use an authorized agent, you should supply your agent with written permission to act on your behalf in relation to your request, and your agent must provide us with proof of such authorization before we process your request.
To exercise a right related to your personal information, please contact us by email to privacy@vestmark.com, by using our online request form, or by calling us at this toll-free number: (833) 275-4994.
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact our Data Protection Officer at (781) 224-3640. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another forty-five (45) days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, utilizing AES 256 encryption. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your state-specific privacy rights. Unless permitted by law, we will not:
The Company processes personal data for the limited purposes identified above. We store your data to comply with legal, regulatory or contractual obligations and according to our documentation retention schedules. If you do not provide your personal data to us you may not be able to access our Services. We do not use automated decision-making.
If you have any questions about this Privacy Policy, please contact us at:
Vestmark, Inc.
100 Quannapowitt Pkwy #205
Wakefield, MA 01880
Attn.: Data Protection Officer
+1 (781) 224-3640 or +1 (833) 275-4994
support@vestmark.com or if you are in the EU at privacy@vestmark.com
If you need to access this Privacy Policy in an alternative format due to having a disability, please contact privacy@vestmark.com and +1 (833) 275-4994.