As a valued client, it’s important for you to understand the relationship between your broker-dealer and National Financial Services LLC (“NFS”). Your broker-dealer has partnered with NFS to provide essential clearing and related services for your account. In line with these services, NFS is committed to keeping you informed about their practices concerning the privacy of your customer information. This privacy policy applies to you under the following circumstances:
- If you hold a retirement account through your broker-dealer where Fidelity Management Trust Company (“FMTC”), an NFS affiliate, acts as custodian.
- If your broker-dealer offers managed account services via the Fidelity Managed Account XchangeSM platform, sponsored by Fidelity Institutional Wealth Adviser LLC (“FIWA”), a registered investment advisor affiliated with NFS.
- If you maintain a brokerage account directly with NFS.
- If you have a direct professional relationship with Fidelity Capital Markets, a division of NFS.
For the purposes of this privacy policy, NFS and its listed affiliates covered by this policy will be collectively referred to as the “Fidelity Institutional Companies,” “we,” “us,” or “our.”
This privacy policy is provided to you, as customers of correspondent broker-dealers, on behalf of NFS, ensuring transparency and clarity regarding your data protection.
Rest assured, you don’t need to take any action to benefit from these privacy protections; they are automatically applied to all customers.
Within this privacy policy (“policy”), personal information is defined as information about an individual that is collected and maintained for business operations and can be used to identify that individual. It’s important to note that data which cannot identify an individual, such as anonymous, de-identified, or aggregated information, is not considered personal information and is therefore not subject to this policy.
This policy undergoes an annual review and is updated to reflect any changes in our practices or regulatory requirements, ensuring it remains current and relevant.
How and Why We Collect Personal Information
In the course of providing services for your account, Fidelity Institutional Companies may obtain non-public personal information about you from various sources. These sources include you directly, your broker-dealer, and other entities. Examples of how we collect this information include:
-
Interactions and Forms: Information you provide when completing applications or forms, interacting with our customer service teams, and when you navigate our websites or use our applications.
-
Account Transaction History: Details of your transactional activities within your account, such as your trading history and account balances.
-
Consumer Reporting Agencies: Information obtained from consumer reporting agencies, which may be used to evaluate your creditworthiness for products like margin accounts.
-
Third-Party Data Sources: Information from external data sources used to verify your identity and gain a deeper understanding of your financial product and service needs.
-
Consented Sources: Information from other sources, either with your explicit consent or with the consent of your broker-dealer, such as from other financial institutions when you transfer assets into NFS.
Our Commitment to Information Security
Protecting your personal information is a paramount concern. At Fidelity Institutional Companies, we implement and continuously update a comprehensive suite of physical, administrative, technical, and organizational security measures. These measures are designed to safeguard personal information from unauthorized access, use, or disclosure. We regularly refine these controls to adapt to evolving security challenges and technological advancements. Access to personal information within Fidelity Institutional Companies is strictly limited to employees who require it to perform their job functions, such as developing, supporting, and delivering products and services to you, and to effectively manage our business operations.
Information Sharing Practices
Fidelity Institutional Companies maintains a strict policy against selling or sharing your personal information with unaffiliated third parties for their marketing purposes. However, to effectively serve you and manage our operations, we may share the personal information we collect about customers, prospects, and former customers under specific and controlled circumstances. This sharing may occur with your broker-dealers or with:
- Corporate Affiliates: Our affiliates for essential operational services such as printing, mailing, and data processing, and for other legitimate business purposes that support our service delivery.
- Unaffiliated Service Providers: External service providers, including printing and mailing services, securities clearinghouses, and other entities that provide services under our direct instruction and control.
- Government and Regulatory Bodies: Government agencies, regulatory authorities, and law enforcement bodies as required for legal obligations, such as tax reporting or reporting suspicious activities.
- Consented Third Parties: Other third parties when you provide your consent or as directed by you or your broker-dealer, for example, when you request personalized performance reports.
- Legal and Compliance Requirements: Other organizations as permitted or required by law, such as for fraud prevention or in response to legal processes like subpoenas.
- Corporate Transactions: In the context of corporate business transactions, such as mergers, acquisitions, or the sale of business units, ensuring continuity and legal compliance.
We ensure that all service providers are contractually obligated to maintain the confidentiality of the personal information we share and to use it solely for the purposes we specify. This rigorous approach ensures your data is handled with care and used responsibly.
Digital Privacy and Online Interactions
When you interact with us through our websites, online services, or applications, including mobile apps, which we collectively refer to as “our digital offerings,” or via electronic communications, your personal information is managed with the same high standards of privacy and security as described throughout this policy.
When you engage with our digital offerings or communicate with us electronically, we (or our service providers acting on our behalf) may automatically collect technical, navigational, and location information. This includes details such as your device type, browser type, internet protocol (IP) address, the pages you visit, and the time spent on our digital offerings. We utilize this data for several key purposes: enhancing the security of your online sessions, streamlining site navigation, improving the design and functionality of our digital offerings and electronic communications, and personalizing your user experience.
In addition to these general practices, the following specific policies and practices are applied when you are online to further protect your digital privacy.
Cookies and Similar Technologies
We and our third-party service providers employ cookies and similar technologies (“cookies”) to ensure the efficient operation and maintenance of our digital offerings. Cookies are small data packets exchanged between a website or online service and a web browser or application on a visitor’s device, such as a computer, tablet, or mobile phone. These cookies help us gather information about the users of our digital offerings, including visit dates and times, pages viewed, duration of usage, and general device information. Our use of cookies also extends to security measures and personalizing your experience, such as remembering your screen layout preferences.
We, along with contracted third-party service providers, may also use cookies and other technologies like web beacons, pixel tags, or mobile device IDs in online advertising to provide you with relevant content and offers. Most web browsers and mobile devices offer settings to manage cookies. However, if you choose to disable or delete cookies through these settings, it may negatively affect your experience with our digital offerings. Some features and services may not function correctly, such as logging into your account or maintaining your personalized settings. Depending on your device and operating system, you might not be able to block or delete all types of cookies.
We may also utilize analytics data or third-party analytics tools, such as Google Analytics, to analyze traffic and usage patterns on our digital offerings and to better understand our user demographics. To learn more about Google’s data practices with Google Analytics, please visit Google’s privacy policy. For options to opt out of Google Analytics, you can use Google’s currently available opt-out options.
Social Media Interactions with Fidelity Institutional Companies
Fidelity Institutional Companies extends its engagement to various social media platforms to foster online sharing and collaboration among registered users. When you interact with us via social media, we may collect information you choose to provide, such as photographs, opinions, or your social media account ID. Any content you post, including pictures, information, opinions, or personal details made available to other participants on these social platforms, is also governed by the terms of use and privacy policies of the respective platforms. We encourage you to review these policies to understand your rights and obligations regarding such content.
Links to Third-Party Websites and Content
Our digital offerings may include links to external third-party websites and online services, such as social media platforms, and may also feature embedded content hosted by third parties. It is important to note that this privacy policy does not extend to the privacy practices, security measures, cookie policies, or settings of these third-party providers. We are not responsible for the privacy practices or content of these external websites, services, or content providers. When you follow a link to another website or online service or interact with third-party content (e.g., embedded videos), we advise you to consult the privacy policy of that website or online service for detailed information on their data handling practices and advertising opt-out instructions.
Privacy Protections for Children
In general, our digital offerings are designed for and directed towards individuals who are at least thirteen (13) years of age. We do not intentionally collect personal information on our websites from individuals we know to be under 13 years of age, and we request that such individuals refrain from providing personal information through our digital offerings. Should we offer a digital offering specifically intended for use by individuals under the age of 13, it will be governed by a separate, dedicated privacy policy to ensure appropriate protection and compliance with child privacy regulations.
Information for Former Customers
Even after you cease to be a customer, this privacy policy continues to apply to you. We maintain the same level of care and protection for your information as we do for our current customers, ensuring your data remains secure and private.
If you are a customer of a broker-dealer that utilizes NFS services, you can access and, if necessary, correct your account information through various channels provided by your broker-dealer and NFS, including online services. For specific details on how to correct your account information, please contact your broker-dealer directly.
Additional Privacy Information for California Residents
This section is specifically for California residents and is provided to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively referred to as the “CCPA”). It applies to personal information covered under the CCPA and your relationships with Fidelity Institutional Companies that fall under CCPA jurisdiction. In this section, “personal information” refers to information that meets the CCPA’s definition of “personal information” and is not otherwise exempt from the CCPA’s scope.
CCPA Compliance at Fidelity Institutional Companies
The applicability of the CCPA to Fidelity Institutional Companies depends on the specific Fidelity Institutional Company you interact with, the nature of your relationship and interactions, and the products and services provided. Due to various exemptions under the CCPA, some or all of the personal information collected by Fidelity Institutional Companies might be exempt. This means that in certain situations, Fidelity Institutional Companies may not be obligated to fulfill CCPA requests, or certain types of requests, due to the nature of the data they collect. Examples of CCPA exemptions include:
- If your relationship with a Fidelity Institutional Company is solely for personal financial services (e.g., managing personal brokerage accounts), the personal information collected is governed by the federal Gramm-Leach-Bliley Act (“GLBA”). In such cases, Fidelity Institutional Companies will not honor CCPA requests due to this exemption.
- If you are a client of a broker-dealer that uses NFS services, CCPA requests should be directed to your broker-dealer, as they manage the primary customer relationship.
Your Rights Under the CCPA
The CCPA grants specific rights to California residents and imposes obligations on businesses that are subject to the CCPA. Below is a description of the rights generally available to California residents under the CCPA. Depending on your relationship with Fidelity Institutional Companies, some of these rights may not apply to you. In this context, “consumer” refers to a California resident, and “covered business” refers to a business subject to the CCPA.
-
Right to Know/Right to Access: You have the right to request details about the categories and specific pieces of personal information a covered business has collected about you. You can also request information on:
- The categories of personal information collected.
- The sources of personal information.
- The business or commercial purposes for collecting, selling, or sharing personal information.
- The categories of third parties with whom personal information is disclosed.
- The specific pieces of personal information collected about you.
These disclosures are limited to information collected from January 1, 2022, onwards, and a covered business is not required to fulfill more than two such requests within a 12-month period.
-
Right to Delete: You can request the deletion of your personal information collected by a covered business, subject to certain legal exceptions.
-
Right to Correct: You have the right to request the correction of any inaccurate personal information maintained by a covered business.
-
Right to Opt-Out of Sale/Sharing: If a covered business sells or shares personal information, you have the right to opt out of the sale or sharing of your personal information.
-
Right to Limit Use and Disclosure of Sensitive Personal Information: If a business uses or discloses sensitive personal information for purposes beyond those specified in the CCPA, you have the right to limit such use or disclosure.
-
Non-Discrimination: A covered business cannot discriminate against you for exercising your CCPA rights.
Categories of Personal Information We May Collect
We may collect various categories of personal information, including:
- Personal Identifiers: Such as name, postal address, email address, online identifiers, IP address, account names, and similar identifiers.
- California Customer Records Information: As defined under California law (Cal. Civ. Code § 1798.80), including signature, telephone number, and financial account information.
- Protected Classification Characteristics: Characteristics protected under California or U.S. federal law, such as gender.
- Commercial Information: Details of products or services purchased, considered, or purchase histories and tendencies.
- Internet/Electronic Network Activity: Including browsing history, search history, and interactions with our digital offerings and advertisements.
- Audio, Electronic, Visual Data: Such as call recordings.
- Inferences: Inferences drawn from any of the above information to create a profile reflecting your preferences, behaviors, and attitudes.
- Sensitive Personal Information: Including Social Security number, account login credentials, passwords, or credentials for accessing accounts or digital offerings.
Data retention periods for each category vary based on the data’s nature and the purposes for which it is used. Our retention policies are determined by factors such as: (1) the time needed for the purposes for which the data was collected; (2) operational and record-keeping needs; (3) legal, compliance, and regulatory requirements, including legal defense and holds; (4) data storage methods; (5) security and fraud prevention needs; and (6) the necessity for ensuring continuity of our products and services.
Sources of Personal Information Collection
In addition to the sources detailed in the “How and why we obtain personal information” section, we may collect personal information from:
- Direct Interactions: From you or your representatives when you use our products, services, or digital offerings, interact with our service providers, or communicate with us directly.
- Broker-Dealers and Financial Professionals: Your broker-dealer, investment professionals, and other financial service firms.
- Publicly Available Information: Providers of publicly accessible information.
- Referrals: Individuals who may refer you to us or use website features to share information with you.
- Third-Party Products and Services: Third parties that offer products or services through your relationship with us.
- Service Providers: Third parties performing services for us or on our behalf.
- Other Third-Party Sources: Including government sources, data brokers, and social networks.
- Automated Collection: Automatically through technologies like cookies and web beacons when you interact with our digital offerings or electronic communications.
Purposes for Collecting Personal Information
Refer to the section “How and why we obtain and use personal information” for primary business and commercial purposes for collecting personal information, including sensitive personal information. Additional purposes include:
- Providing Product and Service Information: To inform you about products and services that may be of interest.
- Maintaining Record Accuracy: To ensure the integrity and accuracy of our records.
- Marketing and Communications: For marketing and communication efforts.
- Reporting and Analytics: For internal reporting and analytical purposes.
- Personalization: To personalize your interactions and experiences with us.
- Training and Quality Control: For staff training and quality assurance.
- Identity Verification: To verify your identity.
- Fraud and Security Protection: To protect against malicious, fraudulent, or illegal activities.
- Business Analysis and Planning: For business analysis, planning, and reporting.
- Customer Education: To provide customer education.
- Effectiveness Measurement: To measure the effectiveness of our services and offerings.
Categories of Personal Information Disclosed for Business Purposes
Like most businesses, we disclose personal information, including sensitive personal information, to third parties for various business purposes.
Depending on your relationship with us and the services we provide, disclosures may include personal information from categories listed in the “Categories of personal information we may collect about you” section, to the categories of third parties listed in the “Categories of sources of which personal information is collected” section.
Sale and Sharing of Personal Information
We DO NOT sell your personal information for monetary compensation. However, under the CCPA, certain ways we share information with third parties on our websites may be considered a “sale” of personal information or “sharing” of personal information for “cross-context behavioral advertising.”
We utilize third-party service providers, including marketing and advertising firms and social media platforms, to personalize your browsing experience, provide targeted advertising, and measure the effectiveness of our websites and online advertising. When you visit our websites, we and our providers collect data about your website activity, including cookies and similar data. In some instances, this data may be combined with your activity on other websites to deliver our ads to you on those platforms. This data sharing, particularly via cookies, might be categorized as a “sale” or “sharing” of personal information under the CCPA.
California residents have the right to opt out of this “sale” or “sharing.” On websites where these activities occur and are subject to CCPA, a “Do Not Sell or Share my Personal Information” link is available in the website footer for California visitors. Clicking this link and following the prompts allows you to opt out.
Fidelity also supports the Global Privacy Control (GPC) signal. If you have enabled GPC in your browser, we will automatically honor your opt-out request for the sale or sharing of personal information. Opt-out settings are device or browser-specific, meaning you must reset your preferences if you use a different device or browser, change settings, or clear cookies.
In the 12 months prior to this notice, we have engaged in activities that may be considered “selling” and/or “sharing” personal information for “cross-context behavioral advertising” for California residents under CCPA. We do not knowingly sell or share personal information of minors under 16 for these purposes.
CCPA Exemptions Explained
Certain types of personal information are exempt from the CCPA. Covered businesses have limited or no obligations under the CCPA regarding:
- Information processed under the Gramm-Leach-Bliley Act (GLBA) or the California Financial Information Privacy Act.
- Medical information protected under the Confidentiality of Medical Information Act or HIPAA.
Additionally, the CCPA does not apply to businesses that:
- Do not conduct business in California.
- Are non-profit organizations.
- Do not determine the means and purposes of processing personal information.
- Have annual gross revenues of $25,000,000 or less.
Furthermore, there are situations under the CCPA where a covered business may refuse to delete personal information, such as when retention is necessary to:
- Complete transactions, provide requested services, or fulfill contracts.
- Ensure security and integrity where use of personal information is reasonably necessary and proportionate.
- Exercise free speech or another legal right.
- Debug and repair errors.
- Support internal uses reasonably aligned with consumer expectations.
- Comply with legal obligations.
This CCPA description is a summary and not a comprehensive legal explanation. The CCPA includes other exemptions and conditions, which are not fully detailed here.
How to Submit a CCPA Request
To submit a CCPA request to any Fidelity Institutional Companies, please use the options provided on our California Privacy Rights Request Page. Before making a request, please review all CCPA exemptions, including those described in the “CCPA Exemptions” section.
Important Note: If you are a customer of a broker-dealer using NFS services, please direct your CCPA requests to your broker-dealer.
Expect a response within 45 days of your request. In some cases, an extension of 45 days may be needed, for which you will be notified with an explanation.
Identity verification is required before processing your request. During the request process, we will inform you of the necessary information for verification. You may need to confirm California residency and verify your identity or the identity of authorized agents.
The information provided will be used solely for identity verification.
For details on designating an authorized agent to make CCPA requests on your behalf, please visit our page. Fidelity Institutional received 1 request to know and 2 requests to delete personal information between January 1, 2023, and December 31, 2023.
This privacy policy is reviewed annually and updated to reflect any changes in our practices and regulations.