Last Updated December 20, 2022
Our Commitment to Privacy
Our commitment to privacy
We recognize the importance of maintaining the privacy of personal information about our current and prospective customers.
This policy is reviewed annually and updated to reﬂect any changes.
How and why we obtain and use personal information
Site recognizes the importance of maintaining personal information about you and when we use it, we do so with respect for your privacy. We obtain and use personal information about you to service, maintain, and protect your account; process transactions in your account; respond to inquiries from you or your representative; develop, offer, and deliver products and services; operate and manage our business; and fulfill legal and regulatory requirements. Site collects public and non-public personal information from customers and visitors from various sources. Some examples include:
You or your representative on applications or forms (for example, when you interact with our customer service staff, and when you visit our websites or use our applications)
You or your representative regarding your preferences (for example, your choice of electronic statement delivery, or the screen layout you specify if you use our websites)
You or your employer or plan sponsor if Site provides them with recordkeeping and/or employee benefits advisory services (for example, payroll, human resources, or benefits information)
Transactional activity in your account (for example, trading history and balances)
Other interactions with Site (for example, discussions with our customer service staff, including telephone or chat, information you enter into our websites, or when you enroll in our authentication services)
Information from consumer reporting agencies (for example, to assess your creditworthiness for margin products)
Information from other third-party sources (for example, to verify your identity and to better understand your product and service needs)
Other sources with your consent or with the consent of your representative (for example, from other institutions if you transfer positions into Site)
How we protect information about you
We implement and maintain physical, administrative, technical and organizational measures designed to protect personal information and we regularly adapt these controls to respond to changing requirements and advances in technology.
At Site, we restrict access to personal information to those who require it to develop, support, offer and deliver products and services to you and to operate our business.
How we share information about you with third parties
Site does not share or sell personal information about our customers with unaffiliated third parties for use in marketing their products and services. We may share personal information with the following entities:
Unaffiliated service providers (for example, printing and mailing companies, securities clearinghouses, marketing service providers, and other entities who may provide services at Site direction)
Government agencies, other regulatory bodies and law enforcement officials (for example, for tax purposes or for reporting suspicious transactions)
Other third-parties, with your consent or as directed by your representative (for example, if you request to transfer assets from another financial institution, or if you use an external aggregation website or service that you have provided permission to access your Site financial account on your behalf)
Other third parties whose products, services and investment offerings are made available through Site, and which you decide to utilize
Other organizations as permitted or required by law (for example for fraud prevention or to respond to a subpoena)
In connection with corporate business transactions, such as a merger or sale of a business.
Our service providers are obligated to keep the personal information we share with them confidential and use it only to provide services specified by Site.
In addition, if you choose to use or indicate your interest in using a product, service or investment offering that is offered by a third party and made available through Site, we may share personal information with that third party in connection with your use or interest of that product, service or investment offering.
Based on the nature of your relationship with Site, we may exchange information with other third parties as described below:
If Site provides workplace services to your employer or plan sponsor, such as payroll, human resources or employee benefits advisory and/or recordkeeping services, Site may exchange any information received in connection with such services with your employer or plan sponsor or others they may authorize.
If you conduct business with Site through your investment professional, we may exchange information we collect with your investment professional or with others they may authorize.
If you transact business through Site life insurance companies, we may validate and obtain information about you from an insurance support organization. The insurance support organization may further share your information with other insurers, as permitted by law. We may also share medical information about you to learn if you qualify for coverage, to process claims, to prevent fraud, or otherwise at your direction, as permitted by law.
How we provide information about you with our affiliates
We may provide personal information about you to various Site corporate affiliates including internal service providers which perform, for example, printing, mailing, and data processing services.
If you interact with Site directly as an individual investor (including joint account holders), we may provide certain information about you to Site affiliates, such as our brokerage and insurance companies, for their use in marketing products and services as allowed by law.
Where Site provides services to you under an arrangement with your employer or plan sponsor, to the extent permitted by you or under our agreement with your employer or plan sponsor and as allowed by law, we may provide information about you to Site affiliates, such as our brokerage and insurance companies, for their use in marketing products and services.
Information collected from investment professionals’ customers is not provided to Site affiliates for marketing purposes, except with your or your representatives’ consent and as allowed by law.
Your digital privacy
When you interact with us by using our websites, online services or applications (including mobile apps) that are owned and controlled by Site Investments (“our digital offerings”), or via electronic communications, Site manages personal information in accordance with all of the practices and safeguards described in this policy.
When you use or interact with us via our digital offerings, or interact with us via electronic communications, we (or our service providers on our behalf) may automatically collect technical and navigational and location information, such as device type, browser type, Internet protocol address, pages visited, and average time spent on our digital offerings. We use this information for a variety of purposes, such as maintaining the security of your session, facilitating site navigation, improving the design and functionality of our digital offerings and electronic communications, and personalizing your experience. Additionally, the following policies and practices apply when you are online.
Cookies and similar technologies
Advertising on Site Digital Offerings
Site advertises on its own digital offerings (including our mobile applications), and when we do, we may use information about your relationship with us, such as the types of accounts you have, to tailor advertisements and communications about Site and third-party products and services that may be of interest to you.
If you generally want to “opt out” of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in a self-regulatory programs like the Digital Advertising Alliance DAA program or the Network Advertising Initiative (NAI), please follow the instructions at WebChoices: Digital Advertising Alliance’s Consumer Choice Tool for Web US (aboutads.info) and NAI Consumer Opt Out (networkadvertising.org) to place an “opt-out” cookie on your device indicating that you do not want to receive interest-based advertisements. If you want to “opt out” of receiving online interest-based advertisements on mobile devices, please follow the instructions at YourAdChoices.com | AppChoices and Mobile Opt Out – NAI: Network Advertising Initiative (thenai.org).
Connecting with Site on social media platforms
Third Party websites, online service, and content
If you are a former customer, these policies also apply to you; we treat your information with the same care as we do information about current customers.
Site several options for accessing and, if necessary, correcting your account information. You can review your information using your statements, or through our automated telephone or our digital offerings. You may also write or call us with your request for information. If you transact business through Site life insurance companies, you are entitled to receive, upon written request, a record of any disclosures of your medical record information. If we serve you through an investment professional, please contact them directly. Speciﬁc Internet addresses, mailing addresses and telephone numbers are listed on your statements and other correspondence.
Additional Information for California Residents
This section is provided for purposes related to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CPRA”) and applies solely to the personal information and Site companies that are subject to the CPRA. As used in this section, “personal information” means information that meets the definition of “personal information” as set forth in the CPRA and is not otherwise excluded from the scope of the CPRA.
The CPRA gives certain rights to California residents and imposes certain obligations on those businesses that are subject to the CPRA. As required by the CPRA, set forth below is a description of certain rights that California residents generally have under the CPRA. As used below, a “consumer” means a resident of the State of California and a “covered business” means a business that is subject to the CPRA.
Right to Know/Right to Access. A consumer has the right to request that a covered business that collects a consumer’s personal information disclose to that consumer the categories and specific pieces of information the business has collected. A consumer also has the right to request that a covered business that collects a consumer’s personal information disclose to that consumer the following:
The categories of personal information it has collected about that consumer
The categories of sources from which the personal information is collected
The business or commercial purpose for collecting, selling or sharing (if applicable) personal information
The categories of third parties to whom the covered business discloses personal information
The specific pieces of personal information that the covered business has collected about that consumer
These disclosures are not required to include any information about activity that occurred prior to January 1, 2022. Please also note that a covered business is not required to honor more than 2 of these requests from the same consumer during any 12-month period.
Right to Delete. A consumer has the right to request that a covered business delete any personal information that the business has collected from the consumer, subject to certain exceptions.
Right to Correct. A consumer has the right to request that a covered business correct inaccuratepersonal information that a business maintains about a consumer.
Right to Opt-Out of Sale/Sharing. If a covered business sells or shares personal information, a consumer has the right to opt-out of the sale or sharing of their personal information by the business.
Right to Limit Use and Disclosure of Sensitive Personal Information. If a covered business uses or discloses sensitive personal information for reasons other than those set forth in the CPRA, a consumer has the right to limit the use or disclosure of sensitive personal information by the business.
Non-Discrimination. A consumer has the right not to receive discriminatory treatment by the covered business for the exercise of privacy rights conferred by the CPRA.
Categories of personal information we may collect about you
In general, if you are a customer of ours or you otherwise interact with us, we collect various types of personal information about you. The amount and types of personal information we collect will vary depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you. The categories of personal information that we may collect about you are:
Personal identifiers, such as your name, postal address, email address, online identifier, internet protocol address, account name, or other similar identifiers
Information covered by California’s records-destruction law (California Civil Code §1798.80), such as your signature, telephone number, and financial account information
Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Characteristics of protected classifications under California or federal law
Biometric information, such as when you use our voice-recognition service that we use for identity-verification and security purposes
Internet or other electronic network activity information, including, but not limited to, browsing history and search history while using our digital offerings, and other information regarding your interactions with our digital offerings or our advertisements
Audio, electronic, visual, and similar data, such as call recordings
Professional or employment-related information, such as job title and business contact information
Inferences drawn from any of the information listed above to create a profile about you, such as a profile that reflects your preferences, characteristics, behavior, and attitudes
Sensitive personal information such as social security number, or account log-in, password or credentials allowing access to your account(s) or to our digital offerings
The retention periods for data elements within each category listed above vary depending on the nature of the data element and the purposes for which it is collected and used. Our retention period for the data elements within each category is set based on the following criteria: (1) the length of time that the data is needed for the purposes for which it was created or collected, (2) the length of time the data is needed for other operational or record retention purposes, (3) the length of time the data is needed in connection with our legal, compliance and regulatory requirements, for legal defense purposes and to comply with legal holds, (4) how the data is stored, (5) whether the data is needed for security purposes and fraud prevention, and (6) whether the data is needed to ensure the continuity of our products and services.
Categories of sources from which personal information is collected
In addition to the sources described in the section above entitled “How and why we obtain and use personal information”, depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we may obtain personal information from the following sources:
You or your representative, such as when using our products, services or digital offerings, when interacting with us or any of our service providers regarding our products, services or digital offerings or when otherwise communicating with us
Providers of publicly available information
Another person or other persons (typically people who know you) who provide referral information about you to us or who use the capabilities we offer on certain of our websites and applications to forward an article or other information to you
Third parties that provide products and services to you through your relationship with us
Third parties that perform services for us or on our behalf
Other third-party sources, including government sources, data brokers and social networks
Automatically, via technologies such as cookies and web beacons, when you interact with our digital offerings or electronic communications
Why we collect personal information
Please see the section above entitled “How and why we obtain and use personal information” for a description of some of the business or commercial purposes for which we collect personal information, including sensitive personal information. In addition to those purposes described above, below are additional business or commercial purposes for which we collect personal information:
To provide you with information about products and services that may interest you
To maintain the accuracy and integrity of our records
For marketing and communication purposes
For reporting and analytical purposes
For personalizing your interactions and experiences with us
For training and quality-control measures
To verify your identity
To protect against malicious, fraudulent, or illegal activity
For business analysis, planning, and reporting
For customer education
For effectiveness measurements
Categories of personal information disclosed for business purposes
Like most businesses, we disclose personal information, including in some cases certain sensitive personal information, to third parties for our business purposes. Depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we disclose to third parties for business purposes the personal information that is encompassed by one or more of the categories described in the “Categories of personal information we may collect about you” section above, with the categories of third parties listed in the section above entitled “How we share information about you with third parties”.
Other information about our handling of personal information
Because we do not sell or share personal information, Site companies do not have any obligation under the CPRA to accept CPRA requests requesting that the Site companies not sell or share a consumer’s personal information.
Please note that certain types of personal information collected or maintained by a covered business are exempt from the CPRA. For example, a covered business has limited obligations, or in some cases, no obligations, under the CPRA with regard to the following types of personal information:
Personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (Public Law 106-102) and implementing regulations, or pursuant to the California Financial Information Privacy Act (Division 1.4 [commencing with Section 4050] of the California Financial Code)
Medical information governed by the Confidentiality of Medical Information Act or protected health information that is collected by a covered entity or business associate pursuant to the Health Insurance Portability and Accountability Act of 1996.
In addition, some businesses are not subject to the CPRA, such as:
A business that does not do business in the State of California
A business that is not organized or operated for the profit of financial benefit of its shareholders or other owners
A business that does not determine the purposes and means of the processing of consumers’ personal information
A business that has annual gross revenue of $25,000,000 or less
Furthermore, under the CPRA, there are a number of situations where a covered business under the CPRA may refuse to honor a CPRA request to delete a consumer’s personal information and is allowed to continue to maintain the personal information. Some examples include situations where retention of the personal information is reasonably necessary to:
Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer or reasonably anticipated within the context of the covered business’s ongoing business relationship with the consumer, or otherwise perform a contract between the Site company and the consumer
Help to ensure security and integrity to the extent the use of the personal information is reasonably necessary and proportionate for those purposes
Debugging to identify and repair errors that impair existing intended functionality
Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided by law
To enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer’s relationship with the business and compatible with the context in which the consumer provided the information
Comply with a legal obligation
Submitting a CPRA Request
You should generally expect to receive a response within 45 days of the date we receive your request. However, in some instances, we may require an additional 45 days to process your request in which case we will notify you and explain why the extension is necessary.
We will need to verify your identity before we can process your request. Through the request process, we will make you aware of any information that you will need to provide to us to process your request. You may have to confirm that you are a California resident and verify your identity or the identities of those authorized to submit requests on your behalf. Additionally, the information you provide will be used to help verify your identity.
To understand how you can designate an authorized agent with the ability to make a request under the CPRA on your behalf, please refer to our California Privacy Rights Request page.