Effective as of January 1, 2023.
- use our mobile applications (collectively, the “App”);
- use our financial advisory services or are eligible to access them as an employee benefit (“Client Services”);
- visit our physical locations;
- interact with us in a business-to-business capacity;
For personal information that we handle pursuant to the federal Gramm-Leach-Bliley Act, please see the GLBA Financial Notice.
California residents: we provide important information about our collection, use, and disclosure of your personal information and privacy rights in our California privacy notice.
TABLE OF CONTENTS
- Personal information we collect
- How we use your personal information
- How we share your personal information
- Your choices
- Other sites and services
- International data transfer
- How to contact us
- California privacy notice
PERSONAL INFORMATION WE COLLECT
Information you provide to us. Personal information you may provide to us through the Service or otherwise, or that we obtain from your employer, includes:
- Contact data, such as your first and last name, email and mailing addresses, residence, postal code, phone number, professional title and company name.
- Profile data, such as your username and password that you set to establish an online account with us, age or date of birth, gender, biographic details, interests, education-related information and preferences, intended time of retirement, and information that may be related to a service, account or an event you register for.
- Identity data, such as a national identification number (e.g., Social Security number where permitted, tax identification number, passport number), state or local identification number (e.g., driver’s license or state ID number), and an image of the relevant identification card.
- Communications that we exchange when you contact us with questions, feedback, or otherwise using any channel, including social media.
- Financial data, such as your income, economic or financial status, financial institution, financial account details, investment holdings and preferences, investment changes, account balances and contributions, assets and ability to invest.
- Payment and transactional data, such as the information needed to complete your orders on or through the Service (including name, contact information, credit card information, and billing information), and information about payments to and from you and other details of products or services you have purchased from us, and information that you provide us in subscription agreements, investor questionnaires or other documents prepared in connection with the Client Service.
- Marketing data, such as your preferences for receiving communications about our products, activities, events and publications, and details about how you engage with our communications.
- Research data that we collect if you participate in our research activities such as interviews and focus groups, which may include demographic information, your responses and feedback to our questions, and audio and video recordings of your interactions with us.
- Familial data, such as marital status and information about your family members that you may provide to us (e.g., name, gender, age and date of birth).
Data from other sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:
- Data providers, such as information services (e.g., data appending services) and data licensors who may provide us with additional information about you such as contact information, demographic information, and interests and preferences.
- Public sources, such as social media platforms and public records.
- Business partners, such as joint marketing partners and event co-sponsors.
- Our clients, such as your employer when it engages us to provide Client Services as a benefit to its employees, who may provide us with contact information as well as demographic and employment-related information.
Data collected automatically. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on the Sites and other online services, such as:
- Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, the website you visited before browsing to our website, and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access.
Cookies and similar technologies. Like many online services, we use the following technologies:
- Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
- Flash cookies, or locally stored objects, which are used on websites for purposes similar to cookies but allow storage of a larger amount of data.
- Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
- Software development kits, or SDKs, which are used to incorporate third-party computer code into our App that allows our third-party service providers or advertising partners to collect data directly from it for a variety of purposes, including to provide us with analytics regarding the use of the App, to integrate with social media, add features or functionality to our App or to facilitate online advertising.
- Session replay technologies. We use third-party services that record users’ interactions with the Services in a manner that allows us to watch DVR-like replays of those user sessions. The replays may include users’ clicks, mobile App touches, mouse movements, scrolls, and keystrokes/key touches during those sessions. These replays help us diagnose usability problems and identify areas for improvement. For example, we use session replay services provided by Hotjar. You can learn more about Hotjar at https://www.hotjar.com/legal/policies/privacy/.
Information about others. Users of the Service may have the opportunity to refer friends or other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.
HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information for the following purposes:
Service delivery. We use your personal information to:
- provide, operate and improve the Service;
- execute your transactions;
- establish and maintain your user profile on the Service;
- enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
- communicate with you or your employer about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
- understand your needs and interests, and personalize your experience with the Service and our communications;
- provide support for the Service; and
- respond to your requests, questions and feedback.
Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Marketing and advertising. We and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
- Direct marketing. We may send you Edelman Financial Engines-related or other direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Compliance and operations. We may use your personal information to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Cookies and similar technologies. The Service employs Cookies and similar technologies to facilitate the purposes for which we use personal information:
- Service delivery and operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password-protected areas of the Service, and to enhance the performance and functionality of our services.
- Interest-based advertising. To facilitate interest-based advertising as described above.
- Research and development. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails and advertisements. For example, we use Google Analytics cookies for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.
HOW WE SHARE YOUR PERSONAL INFORMATION
Affiliates. We may share personal information about you with our affiliated companies for everyday business purposes, however, our affiliated companies are not permitted to use this information to market their products or services to you. Additionally, we do not share information with our affiliated companies regarding your creditworthiness.
Please see our Privacy Notice for more information on how your information may be shared.
Service providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as IT, hosting, investment trading, customer relationship management and support, print and mail fulfillment, data management, event registration, email delivery, marketing, website analytics, and event management services).
Service-related third parties. Brokers, custodians, administrators, investment funds and their respective managers and other non-affiliated third parties as necessary to provide the Service.
Advertising partners. Third party advertising companies that collect information about your activity on the Site and other online services to help us advertise our services, and/or use hashed customer lists that we share with them to deliver ads to them and similar users on their platforms.
Professional advisors. Professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and operations purposes described above.
Business transferees. Relevant participants in business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Edelman Financial Engines or our affiliates (including, in connection with a bankruptcy or similar proceedings).
You have the following choices with respect to your personal information.
Access or update your information. If you have registered for an account with us, you may review and update certain account information by logging into the account.
Opt-out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. You may continue to receive service-related and other non-marketing emails.
If you receive text messages from us, you may opt out of receiving further text messages from us by replying STOP to our message.
Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. We use Google Analytics to help us understand user activity on the Service. You can learn more about Google Analytics cookies at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage and about how Google protects your data at http://www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our sites by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
Advertising choices. You can limit use of your information for interest-based advertising by:
- Browser settings. Blocking third party cookies in your browser settings.
- Privacy browsers/plug-ins. By using privacy browsers such as Brave or ad-blocking browser plug-ins such as Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third-party cookies/trackers.
- Platform settings. Google and Facebook offer opt-out features that let you opt out of use of your information for interest-based advertising:
- Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:
- Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
- Digital Advertising Alliance: optout.aboutads.info
- AppChoices mobile app, available at https://www.youradchoices.com/appchoices, which will allow you to opt out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance.
- Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
You will need to apply these opt-out settings on each device from which you wish to opt out.
Do Not Track. Some internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
OTHER SITES AND SERVICES
The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on webpages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
INTERNATIONAL DATA TRANSFER
We are headquartered in the United States and may use service providers with operations in other countries, where privacy laws may be of a standard more or less protective as those in your state or the United States generally. Our service providers may have access to the personal information we collect about you during the course of our contractual relationship with them in order to provide their services or products. It is our practice, however, to enter into written agreements with our service providers that impose data protection obligations no less protective than our own.
The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information from a child under 16 without the consent of the child's parent or guardian as required by law, we will delete it.
HOW TO CONTACT US
You can reach us in the following ways:
- Mail: Edelman Financial Engines, 28 State St., 21st Floor, Boston, MA 02109, Attention: Privacy
- Phone: (800) 601-5957
CALIFORNIA PRIVACY NOTICE
This section describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, "Personal Information" has the meaning given in the California Consumer Privacy Act of 2018 ("CCPA") but does not include information exempted from the scope of the CCPA. For example, Personal Information does not include information that we collect from consumers in connection with providing the Client Services or that is otherwise covered by our GLBA Financial Notice.
Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Information/know. You can request information about:
- The categories of personal information that we have collected.
- The categories of sources from which we collected personal information.
- The business or commercial purpose for collecting, sharing and/or selling personal information.
- The categories of personal information that we sold or disclosed for a business purpose.
- The categories of third parties to whom the personal information was sold, shared or disclosed for a business purpose.
- Access. You can request a copy of the personal information that we have collected about you.
- Deletion. You can ask us to delete the personal information that we have collected from you.
- Correction. You can request that we correct inaccurate personal information that we have collected about you.
- Opt-out. If we “sell” or “share” your personal information as defined by the CCPA, you can opt out of those disclosures.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
You may submit requests to exercise your right to information/know, access, deletion and correction by:
- visiting https://ccpa-form.financialengines.io/
- calling us toll free at (800) 601-5957
We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Identity verification. We need to verify your identity to process your requests to exercise your rights to know, access, deletion, and correction, and we reserve the right to confirm your California residency. To verify your identity, we may require you to log into an online account if you have one, provide identifiers we can match against information we may have collected from you previously, confirm your request using the email or telephone account stated in the request, provide government identification, or provide a declaration under penalty of perjury, where permitted by law.
Authorized agents. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable state law. If you have not provided your agent with such a power of attorney, we may ask you and/or your agent to take additional steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request.
Information practices. The following describes our practices currently and during the past 12 months:
- Sales and sharing of personal information. Our use of the interest-based advertising services described above may constitute “sharing” of your Personal Information from which you have the right to opt out. That is because these services use our users’ personal information (specifically, the contact data, device data and online activity data described above in Personal information we collect) to show you ads they think may interest you on other online services. You can request to opt out of this “sharing” of your personal information here: Do Not Share My Personal Information. Your request to opt out will apply only to the browser and the device from which you submit the request. You can also enable the Global Privacy Control (GPC) to opt out of the “sharing” of your personal information for each participating browser system that you use. Learn more at the Global Privacy Control website. We do not “sell” personal information as defined by the CCPA, and have no actual knowledge that we have sold or shared the personal information of California residents under 16 years of age.
- Sensitive personal information. We do not use or disclose sensitive personal information for purposes that California residents have a right to limit under the CCPA.
- Retention. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. The length of time we retain particular categories of personal information is determined based on whether it is sufficient to achieve such purposes. When we no longer require the personal information, we may either delete it, anonymize it, or isolate it from further processing.
- Deidentification. We do not to attempt to reidentify deidentified information derived from personal information, except for the purpose of testing whether our deidentification processes comply with applicable law.
Personal Information that we collect, use and share pursuant to the CCPA
|Statutory category Personal Information we collect
|Categories of third parties to whom we disclose the Personal Information for a business purpose
Online activity data
|California Customer Records (as defined in California Civil Code §1798.80)
|Internet or Network Information
Online activity data
|May be derived from any of the above categories