Vestwell Holdings Inc. and its subsidiaries (referred to as "Vestwell") are committed to protecting the
privacy of End Users (as defined below) who visit websites it owns and operates or who access, use or
register to use the Vestwell platform and any related applications and services, including services offered
by its subsidiaries and affiliates (the "Vestwell Platform") (the Vestwell websites and the Vestwell
explains what information is collected and why it is collected; how it uses that information; and the
choices it offers, including how to update information collected from the End Users.
Services (as defined below), and all End Users and third parties using the Sites. Compliance with this
Policy periodically for compliance with applicable laws and regulations affecting its business.
“Confidential Information” means non-public information clearly identified as proprietary or confidential or
which by its nature should be reasonably construed to be confidential. Confidential Information may include,
but is not limited to, Personal Information (as defined below); information about any Vestwell client or
users of the Sites; Vestwell’s proprietary software, intellectual property, products, services, or databases
currently existing or under development; all reports posted on the Sites; tutorials, guides, and other
education materials that are prepared by or for Vestwell on the Sites.
“End User” or “End Users” (sometimes referred to as “you” or “your”) means any individual or organization
that uses the Sites, receives Services, uses the Vestwell Platform, or who has otherwise provided their
Personal Information to Vestwell. This includes employees of Plan Sponsors and Employers that utilize the
Vestwell Platform or engaged Vestwell for Services.
“Personal Information” means any information or data collected or maintained for Vestwell’s business purposes
that (a) identifies an End User, including by name, signature, address, telephone number, or other unique
identifier; (b) can be used to identify or authenticate an End User, including passwords, PINs, biometric
data, unique identification numbers (e.g., social security numbers, EINs), answers to security questions or
other personal identifiers, or (c) an account number or credit card number or debit card number, in
combination with any required security code, access code, or password, that would permit access to an End
User's retirement plan account.
“Plan Sponsor(s),” or “Employers” refers to businesses that offer tax-qualified retirement plans or
participate in Secure Choice or other retirement or saving plans sponsored by various states.
“Services” refers to the services provided by Vestwell to support tax-qualified or state-sponsored retirement
or savings plans or accounts, including payroll file and participant data processing, recordkeeping, and
plan and program administration services set forth in contracts with clients.
3. What Information Vestwell Collects About You
As part of the Services, and in order to carry out its contractual responsibilities, Vestwell collects
information associated with Plan Sponsors, Employers, investment advisors, and End Users that uses the
Vestwell Platform including, but not limited to:
Contact information such as address, telephone/cell phone numbers, email address
Demographic information such as date of birth, marital status, gender
Social security number or EIN numbers
Banking information for purposes of processing plan contributions and
distributions or invoices
Employment-related records, such as job title, compensation, and years of service
Vestwell services provided to its clients
Marketing channel and any notice delivery preferences
Investment selections and contribution rates
Vestwell is provided with this information by you, your Employer, or others acting on your or your Employer’s
behalf such as payroll providers and advisors.
In addition to collecting Personal Information in connection with providing the Services, Vestwell may also
collect Personal Information or other information when End Users visit the Sites, request information about
the Services, download a white paper, or schedule a demonstration of the Vestwell Platform. Certain
information may also be collected and tracked automatically when End Users visit the Sites; please see
Section 4 for more details.
4. How and When Vestwell Collects Information
Vestwell collects information in the following ways:
Anonymous information that is collected from End Users that browse the Sites (section 4.1);
Information that is provided to Vestwell when an End User registers to attend any of Vestwell’s events,
responds to surveys, requests a proposal, contacts Vestwell for more information about the Services, or
applies for employment opportunities with Vestwell (section 4.2);
Information that Plan Sponsors or Employers provide to Vestwell relating to an agreement with Vestwell
to support its benefit plan; when an End User registers for a Vestwell account; when an advisor, its
affiliated home office, or any other organization enters into an agreement or arrangement with Vestwell
to use or market the Vestwell Platform (section 4.3).
4.1 Anonymous information Vestwell collects from End Users of the Sites
An End User can browse through the Sites without providing any Personal Information or Confidential
Information. However, certain information may be passively collected (information that is gathered without
an End User actively providing it) using various technologies, such as cookies, unique identifiers, Internet
tags, web beacons, and navigational data collection (log files, server logs, clickstream).
Device and location information: Vestwell collects device-specific information, such as whether End
Users are accessing the Sites from a mobile phone or laptop, the website URL that directed End Users to
the Sites, the Internet Protocol address, the browser version of End User’s device, the date and time of
access to the Sites, and the pages or screens that End Users access navigate while at the Sites.
Cookies, unique identifiers, web beacons, and similar technologies: Vestwell uses various technologies
technologies to collect and store information when End Users interact with the Services offered about
retirement plans and related matters to the general public as educational or promotional material, or to
registered investment advisors, Plan Sponsors, participants, beneficiaries, service providers, and
business partners who register to use the Vestwell Platform.
4.2 Information provided to Vestwell when an End User schedules or attends a Vestwell event, applies for
employment, or other affirmative contact with Vestwell.
Vestwell collects and uses the information that an End User, such as an attendee at one of its webinars,
affirmatively provides when registering to attend a Vestwell event. When End Users register to attend any of
Vestwell’s webinars, seminars, or online programs or events; respond to any surveys, emails, or
questionnaires; or contact Vestwell to request information or correspond, End Users may be requested to
provide names, addresses, e-mail addresses, company, and contact information. When End Users provide that
information, Vestwell uses it to keep in contact with End Users to inform them about Vestwell’s Services,
product enhancements, and related educational and promotional materials.
4.3 Information End Users provide to us when using the Services
End Users that use the Vestwell Platform to manage their retirement plan, retirement plan account, college
savings account, or other savings product are consenting to provide Vestwell with information needed to service
the retirement plan in which they participate or their savings accounts. This information includes Personal
Information as well as name, address, compensation, years of service, job positions, contributions, investment
selections, information necessary to qualify you to open or utilize a savings product, investment performance,
and other data that Vestwell needs in order to perform its contractual obligations and Services. Information
collected is used by Vestwell and its service providers and business partners to perform the Services. By
registering for a Vestwell account or by using the Services, End Users, Employers, and Plan Sponsors agree to
Vestwell’s use of Personal Information and cannot opt out, change or remove consent, or delete Personal
Information or other information from the Sites. This information is essential for Vestwell to perform the
5. How Vestwell Uses the Information Collected
Vestwell uses the information collected to provide the Services, including to verify identity and diagnose and
remediate technical and service related issues.
Vestwell may also use collected information for its own general business purposes, which may include, but is not
limited to, helping it analyze, research, report on, and improve the Services; assessing the effectiveness of
the Services; detecting, understanding and resolving any technical issues with the Sites or servicing End User
accounts; or better serving its current and prospective clients’ and investment advisors’ needs with respect to
products, services, and support.
Vestwell may also use collected information for marketing communications, either directly or through a third
party, in relation to existing or new services, for education information it thinks might benefit the End User,
or for keeping End Users up to date on industry and regulatory information and trends. End Users may opt out of
receiving these marketing communications at any time (see "Choice/Opt-Out" below).
Vestwell may also use End Users’, Employers’, and/or Plan Sponsors’ contact information to inform them about
additional or changes to Vestwell’s services, market trends, legislative changes, general retirement plan
education materials, or other information related to the use of the Vestwell Platform. By registering for a
Vestwell account or when using the Vestwell Platform, End Users, Employers, investment advisors, and Plan
Sponsors agree to Vestwell’s uses of Personal Information and cannot opt out, change or remove consent, or
delete Personal Information or other information from the Sites. This information is essential for Vestwell to
perform the Services and to comply with any relevant regulatory requirements.
6. Cookies and Tracking Technologies
certain websites write to End Users hard drives when they visit a website. Cookies cannot be used to run
programs or deliver viruses to an End User’s computer. A cookie file can contain information such as a
unique user ID that a website uses to track the pages End Users visited, but the only Personal Information a
cookie can contain is information End Users elect to supply. A cookie cannot read data off of a hard disk or
read cookie files created by other websites. Cookies can help save time. For example, if an End User
personalizes a web page, or navigates within a website, a cookie tracks and recalls the specific information
for future visits.
In addition to cookies, the Sites use a variety of other methods and tools for tracking purposes, including
Internet tags and web beacons, which are small pieces of data that are embedded in images and pages of the
Sites. While most web browsers automatically accept cookies, many browsers allow End Users to modify browser
settings to decline cookies and/or "opt-out" of tracking technologies. As each browser is different, please
consult the “help” menu within the browser. For additional information about cookies and how to control
their use on various browsers and devices, End Users can visit http://www.allaboutcookies.org. Please note
however, if a visitor turns off cookies, such visitor may find some of the functionality of the Sites and/or
our Services to be reduced or impaired.
Vestwell also utilizes both proprietary and third-party analytics tools, such as Google Analytics and other
solutions, to gather information designed to help gain insight into how visitors to the Sites interact with
and use the Sites’ contents and other services.
7. Information Sharing and Disclosure
Vestwell does not sell or rent Personal Information and only shares Personal Information with service
providers or business partners under the following limited circumstances:
With Plan Sponsors, Employers, payroll providers, or investment advisors associated with the End User’s
retirement plan or savings account;
Vestwell subsidiaries and its service providers to carry out, improve, or maintain the Services to End
Users. These may include vendors or subcontractors of Vestwell, such as hosting and information
technology providers, identity verification and fraud prevention services, data analytics, and customer
support services. These providers may have access to Personal Information needed to perform their
functions, but are contractually restricted from using such Personal Information for purposes other than
providing services for Vestwell.
When legally required to access, use, preserve, or disclose the information to satisfy any applicable
law, regulation, legal process, or enforceable governmental request;
To detect, prevent, or otherwise address security or technical issues involving the Sites or the
To protect against harm to the rights, property, or safety of Vestwell, its employees, End Users, or the
public as required or permitted by law;
To enforce the terms of Vestwell’s service agreements; or
Disclosure to federal, state or local regulators as required by applicable law.
Vestwell may also share Vestwell Platform users aggregated or anonymized information that does not directly
identify an End User (including device information and information derived from cookies and log files with
third parties) with third parties regarding trends about the general use of its services.
Vestwell intends to keep End Users of the Services current about new Vestwell Platform features, important
Vestwell announcements that are relevant to Vestwell Platform users, industry or regulatory updates, or
other information it believes End Users would like to hear about either from it or from its business
partners, and Vestwell may be using the information provided for those purposes as well as the activities
noted in section 4.
In addition, Vestwell may share anonymized aggregate information about End Users, such as demographics of
Vestwell Platform, with the media, business partners, and other third parties for Vestwell’s business
purposes, such as to customize or enhance the content and functionality of the Sites.
Lastly, as Vestwell continues to develop its business, it might sell or buy assets. In such transactions, End
User information may be one of the transferred business assets. If either Vestwell or any of Vestwell’s
assets are merged or acquired, End User’s Personal Information may be one of the transferred assets.
The Sites may reference or provide links to third party websites (including social media bookmarking buttons
that enable the End User to share certain content on the Sites or the Vestwell Platform). Vestwell is not
privacy policies posted on such sites. Please be aware that Vestwell does not control, nor is it responsible
for, the privacy policies, operation, or information practices or use of third parties or their websites.
When an End User uses third party links, these third parties may collect Personal Information about you, or
your online activities over time and across different websites.
8. Information Security
End Users’ privacy matters to Vestwell and Vestwell works hard to protect it. Vestwell utilizes the following
Encrypting data on the Vestwell Platform;
Enforcing password complexity standards for individuals to access their accounts on the Vestwell
Reviewing information collection, storage, and processing practices, including physical security
measures, to guard against unauthorized access to Vestwell’s systems; and
Restricting access to Personal Information to Vestwell employees and trusted service providers who need
to know that information to process it on Vestwell’s behalf, so that the employee or trusted service
provider can perform the Services, and who are subject to strict contractual confidentiality obligations
and may be disciplined or terminated if violated.
Vestwell utilizes reasonable security technologies to protect Personal Information in accordance with
industry and regulatory standards, which may include monitoring and recording transactions to help detect
potential fraudulent activity, and utilizing encryption, two-factor authentication, automatic logout after a
specified period of inactivity, or other controls to help protect End User’s sensitive information.
However, the security of this information depends in part on the security of the computer or device the End
User uses to communicate with Vestwell, and the security provided by the End User’s internet access services
provider. Vestwell is not responsible for the security of the End User’s internet access services provider.
You should review the security and privacy policies of your internet access services provider carefully.
Information that you access by using the Sites and the Vestwell Platform may be stored on your computer
during your session. If others have access to your computer or device, they may be able to access this
information. Vestwell is not responsible for the security or privacy of information communicated to or from
or stored on an End User’s computer, device or internet service provider. The End User is responsible to
store any correspondence they receive relating to the Services in a safe place, and keep all such documents
confidential. Your use of the Vestwell Platform and the Sites are also governed by the Platform Terms of
Use, which is incorporated herein by reference.
9. Retention of Personal information
Vestwell retains Personal Information for as long as necessary to provide the Services, carry out the
and applicable law. For example, Vestwell may retain information about End Users in order to comply with
legal, record keeping and regulatory obligations, or to protect its interests as part of providing the
10. Opting Out of Certain Communications
Vestwell wants End Users to have the tools necessary to manage their Personal Information. It is important
that End Users ensure that the information Vestwell has is accurate and current so that it can properly and
timely perform the Services. End Users’ ability to manage their Personal Information will differ depending
on their relationship with Vestwell and the Services provided.
With respect to anonymous information that Vestwell collects about End Users that browses its Sites described
in Section 4.1 above, End Users may be able to set their own Internet browser to alert them when a tracking
certain features of the Sites may not work without cookies enabled.
In some areas of the Sites, such as when subscribing to marketing communications, End Users are provided with
an opportunity to opt out of receiving future communications, which is how End Users give, or decline to
give, their consent to use Personal Information for the purpose(s) covered by the applicable opt-out choice.
End Users may also indicate their desire to opt-out when receiving marketing and promotional communications
from Vestwell by clicking the "unsubscribe" hyperlink and following the instructions or at any time by
sending an email request to email@example.com (please indicate "Opt-Out" in the subject line). Vestwell
maintains records of opt-out requests consistent with applicable law. If End Users wish to remove their name
and information from marketing communications, Vestwell may not be able to immediately delete residual
copies from its active or backup servers, and it may take up to 30 days to completely remove the End User’s
11. Vestwell’s Data Security Protocols
Vestwell safeguards the security and confidentiality of Personal Information and other data by using
physical, technical, and managerial procedures. Please be aware that, despite Vestwell’s best efforts, no
security measures are perfect or impenetrable. While Vestwell strives to protect End User’s Personal
Information, it cannot guarantee the security of the information an End User transmits, and urges End Users
to take every precaution to protect their Personal Information when using the Internet. Vestwell suggests
changing passwords often, using a combination of letters and numbers, taking advantage of multi-factor
authentication features where available, installing an antivirus and anti-malware software, bookmarking the
Sites web address once it is confirmed the Sites are owned and operated by Vestwell, and making sure that an
up-to-date and secure browser is being used. Vestwell recommends that End Users not store passwords in
browsers or share log-in credentials to any website with anyone.
12. Third Party Service Providers or Business Partners
contain links to other websites or applications operated by third parties. Some of these third-party sites may
be co-branded with a Vestwell logo even though they are not operated or maintained by Vestwell. End Users may be
directed through links to those sites while visiting the Sites or using the Vestwell Platform. Although Vestwell
chooses its business partners carefully, Vestwell is not responsible for the privacy practices or security
issues of websites operated by any third parties.
Vestwell Services are not targeted or directed at children under the age of 13, and it does not intend to or
knowingly collect or solicit Personal Information from children under the age of 13. If an End User has
reason to believe that a child under age 13 has provided Personal Information to Vestwell, Vestwell
encourages the child’s parent or guardian to contact Vestwell. If Vestwell learns that any Personal
Information collected has been provided by a child under age 13, it will promptly delete it. Vestwell does,
however, process Personal Information about children when necessary for the Services and when provided by
the End User. For example, if an End User has a college savings account supported by Vestwell’s Services,
Vestwell may collect information relating to the beneficiaries of that account, which may include children
under age 13.
14. International Use Statement
Vestwell is headquartered in the United States and its Services are provided and targeted only to residents
of the United States. Personal Information collected and maintained may be transferred to or controlled and
processed in the United States, but in certain circumstances, service providers or business partners may
process data in the United States and/or other countries around the world. By providing Vestwell with
Personal Information and by using the Sites or the Vestwell Platform, End Users consent to this transfer and
acknowledge the fact that Personal Information stored or processed in the United States will be subject to
the laws of the United States, including the ability of governments, courts, law enforcement, and/or
regulatory agencies of the United States that have valid jurisdiction over Vestwell to obtain disclosure of
End User’s Personal Information subject to a valid subpoena, court order, or similar request. If an End User
accesses the Sites from a location outside of the United States, the End User agrees that the use of
that their Personal Information may be transferred to and processed in the United States and other countries
that may not be deemed to provide the same level of data protection and privacy as the United States or the
state of the End User’s residence, and may have been deemed to have inadequate data protection and privacy
15. Compliance with State Laws
End Users may have privacy protections under applicable state laws that are in addition to those set forth in
this policy. To the extent such state laws apply, Vestwell will comply with them when sharing information
about End Users. Protections specific to California residents are set forth in Section 16 of this Privacy
16. Privacy Notice for California Residents
residents’ Personal Information collected in relation to the Sites.
16.1 What is Personal Information?
“Personal Information" has the same meaning as under the California Consumer Privacy Act (“CCPA”):
information that identifies, relates to, describes, is reasonably capable of being associated with, or could
reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information
does not include information that is de-identified or aggregated.
16.2 Personal Information Vestwell Collects
Vestwell collects the following types of information in connection with the Sites:
Unique identifiers (such as names or an ID number)
Contact information (such as telephone number, email address, or mailing address)
Professional information (such as employer’s name and title)
Commercial information (such as communication preferences, survey data, or other information provided in
order for Vestwell to respond to inquiries)
Audio, video, or visual information (such as a recording of voice or image if an End User participates
in a corporate event. End Users will always be notified of any recording in advance)
End User profile information (such as dietary preferences if End User registers for an event with a meal
Internet and technical information (such as IP address, device identifiers, browser type, ISP, and data
from cookies and web beacons)
16.3 Sources of Personal Information Vestwell Collects.
Vestwell collects Personal Information used in
relation to the Sites from the following sources:
Directly from End Users (e.g., through a submission made on Vestwell’s “Contact Us” page or when
registering for an event)
From third parties acting on End User’s behalf (e.g., your employer when it provides information about
From first and third party cookies that helps Vestwell operate and assess the Sites (see our “Cookies”
section above for more information)
16.4 Vestwell’s Business or Commercial Purposes for Collecting, Using and Disclosing Personal
Vestwell collects, uses, and discloses Personal Information for the following purposes:
To provide End Users with a requested service
To verify identity and registration
To communicate with End Users and to respond to inquiries or service requests
To gather feedback or survey responses
To host corporate events on behalf of Vestwell and its affiliates or partners
For Vestwell and its affiliates or partners marketing and analytics purposes
To administer, assess, personalize, and improve the Sites and Services
To conduct research, statistical analysis, survey/demographic interpretation, and other data studies
based on the data collected
To maintain network security and performance and protect against cyber-attacks
To comply with and enforce applicable laws, industry standards, and Vestwell’s own policies and terms
For auditing, reporting, corporate governance, and internal operations
For due diligence and implementation of commercial transactions, including reorganizations, mergers or
other disposition of all or any portion of Vestwell’s business, assets or stock
To exercise and defend legal rights
As otherwise described to End Users at the point of collection or pursuant to the End User’s consent
16.5 Categories of Third Parties With Whom Vestwell Shares Personal Information
Vestwell may share End User’s Personal Information with:
Affiliates to enable them to provide services to End User, and to enable them to contact an End User
regarding additional products and services that may interest them
Agents and service providers who perform services on Vestwell’s behalf, such as hosting the Sites,
sending communications, operating a call center, or hosting/managing corporate events
Third parties involved in events the End User registers to attend, including physical and virtual sites
that host the event
With the End User’s employer, to the extent the End User uses the Services in connection with their
Any entity that acquires all or a portion of Vestwell’s business, assets, or stock, including in
connection with a merger, reorganization, or other commercial transaction. In such transactions, End
User’s information generally is one of the transferred business assets. Also, if either Vestwell or any
of Vestwell’s assets are acquired (including through bankruptcy proceedings), the End User’s Personal
Information may be one of the transferred assets
Authorities, subject to applicable laws, including to respond to requests from courts, law enforcement
agencies, regulatory agencies, and other public and government authorities, which may include such
authorities outside the End User’s country or state of residence.
Vestwell’s third-party affiliates, service providers and successors to whom it discloses information are
required by law and/or contractual requirements to keep End User’s Personal Information confidential and
secure. These third-party affiliates may not use or disclose information except as reasonably necessary to
provide the Services to End Users of the Vestwell Platform or as otherwise permitted by law.
Vestwell may also use or share de-identified information that is not reasonably likely to identify the End
User for commercially legitimate business purposes with its affiliates, service providers, and business
Vestwell does not sell Personal Information to any third parties, and has not done so in the preceding 12
tracking technologies to analyze website traffic and facilitate marketing or advertising.
16.6 Children’s Personal Information
16.7 Rights as a California Resident
Under California law, some California residents have specific rights regarding their Personal Information.
These rights are subject to certain exceptions as described below. Further, if the End User is a current,
former, or prospective Vestwell employee, or if Vestwell has collected or processed your Personal
Information in connection with its business with a company, partnership, sole proprietorship, nonprofit or
government agency, and the End User is an employee, owner, director, officer, or contractor of that entity,
some of these rights do not go into effect until at least January 1, 2023. When required, Vestwell will
respond to most requests within 45 days, unless it is reasonably necessary for it to extend its response
Right to Disclosure of Information
End Users have the right to request that Vestwell disclose certain information regarding its
practices with respect to Personal Information. If an End User submits a valid and verifiable
request and Vestwell confirms the End User’s identity and/or authority to make the request, Vestwell
can disclose to the End User any of the following:
The categories of Personal Information it collected about the End User in the last 12 months
The categories of sources for the Personal Information it collected about the End User in the
last 12 months
Vestwell’s business or commercial purpose for collecting that Personal Information
The categories of third parties with whom Vestwell shared that Personal Information
The specific pieces of Personal Information Vestwell collected about the End User
If Vestwell sold the End User’s Personal Information for a business purpose, a list of the
Personal Information types that each category of recipient purchased
If Vestwell disclosed the End User’s Personal Information to a third party for a business
purpose, a list of the Personal Information types that each category of recipient received
Right to Delete Personal Information
End Users have the right to request that Vestwell deletes any of their Personal Information that was
collected and retained, subject to certain exceptions. If the End User submits a valid and
verifiable request and Vestwell can confirm their identity and/or authority to make the request,
Vestwell will determine if retaining the information is necessary for it or its service providers
Complete a transaction for which Vestwell collected the Personal Information, provide a good or
service that the End User requested, take actions reasonably anticipated within the context of
Vestwell’s ongoing business relationship with the End User, or otherwise perform its contractual
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal
activity, or prosecute those responsible for such activities
Debug products to identify and repair errors that impair existing intended functionality
Exercise free speech, ensure the right of another End User to exercise their free speech rights,
or exercise another right provided for by law
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.)
Engage in public or peer-reviewed scientific, historical, or statistical research in the public
interest that adheres to all other applicable ethics and privacy laws, when the information's
deletion may likely render impossible or seriously impair the research's achievement, if End
User previously provided informed consent
Enable solely internal uses that are reasonably aligned with End User’s expectations based on
your relationship with us
Comply with a legal obligation
Make other internal and lawful uses of that information that are compatible with the context in
which the End User provided it
If none of the above retention conditions apply, Vestwell will delete the End User’s Personal
Information from its records and direct its service providers to do the same.
How to excercise the above rights
End Users may exercise their rights to disclosure or deletion described above by submitting a
verifiable consumer request to Vestwell’s Legal Team via email at Legal@vestwell.com or by telephone
at (917) 979-5358 extension 103. Only the End User or a person legally authorized to act on their
behalf may make a verifiable consumer request related to their Personal Information. Vestwell
reserves the right to verify identities of an End User’s representative. The End User may make a
verifiable consumer request for access or deletion no more than twice within a 12-month period. In
connection with the request, Vestwell requires the End User to:
Provide sufficient information that allows it to reasonably verify the End User is the person
about whom Vestwell collected Personal Information or is an authorized representative of the End
User. Depending on the nature of the request and the sensitivity of the information requested,
Vestwell may ask for confirmation of various data elements it already has on file such as
mailing address or phone number, or, in case of sensitive Personal Information, Vestwell may
require you to submit a copy of a government issued identification.
Describe their request with sufficient detail that allows Vestwell to properly understand,
evaluate, and respond to it.
The End User will not be required to create an account with Vestwell in order to submit a verifiable
request, though Vestwell may communicate with the End User about the request via a pre-established
account if applicable. However, in order to safeguard the Personal Information in its possession, if
Vestwell cannot verify your identity or authority to act on another’s behalf, Vestwell will be
unable to comply with the request. Vestwell will only use End User’s Personal Information to confirm
the End User’s identity or authority, or to fulfill their request.
16.8. Right to Opt out of Sales of End User’s Personal Information
As a California resident, an End User has the right to direct a business that sells their Personal
Information to third
parties to refrain from selling their Personal Information. This right is referred to as “the right to
Vestwell does not sell End User’s Personal Information, it does not provide any mechanism for End User’s to
right to opt out.
16.9. Right to Non-Discrimination
End Users may exercise their rights under the CCPA without discrimination. For example, unless the CCPA
provides an exception, Vestwell will not:
Deny the End User goods or services;
Charge the End User different prices or rates for goods or services, including through granting
discounts or other benefits, or imposing penalties;
Provide the End User a different level or quality of goods or services; or
Suggest that the End User may receive a different price or rate for goods or services or a different
level or quality of goods or services.
Vestwell may offer the End User financial incentives to provide it with Personal Information that is
reasonably related to the information’s value. This could result in different prices, rates, or quality
levels for the Services. Any financial incentive Vestwell offers will be described in written terms that
explain the material aspects of the financial incentive program. The End User must opt-in to any financial
incentive program and may revoke their consent at any time by contacting Vestwell as indicated below.
16.10. Direct Marketing and Do Not Track Signals
Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year
about the Personal Information Vestwell shared with other businesses for its own direct marketing purposes.
Such a notice will include a list of the categories of Personal Information that were shared (if any) and
the names and addresses of all third parties with which the Personal Information was shared (if any). The
notice will cover the preceding calendar year. To obtain such a notice, please contact Vestwell’s Legal Team
at Legal@vestwell.com. In addition, under this law End
Users are entitled to be advised of how Vestwell
handles “Do Not Track” browser signals. Because there currently is not an industry or legal standard for
recognizing or honoring DNT signals, Vestwell does not honor Do Not Track requests at this time.
17. How to Contact Vestwell
or complaints relating to Vestwell’s privacy practices, please contact Vestwell by email at firstname.lastname@example.org or
by mail at Vestwell Holdings Inc., Legal Department, 1410 Broadway, 23rd Floor, New
York, New York 10018 (917) 979-5358. All complaints are recorded, reviewed, and handled by the Vestwell
Legal Department, which can also be reached at
Legal@vestwell.com. Complaints are generally responded to
within two business days.