Our Commitment to Privacy
Last Updated: July 2023
As you may know, your broker-dealer and National Financial Services LLC ("NFS") have an agreement through which NFS provides clearing and other related services for your account. In connection with these services, NFS is required to communicate its practices regarding the privacy of customer information. These practices also apply to you if you in any of the following circumstances:
- You have a retirement account through your broker-dealer for which Fidelity Management Trust Company (“FMTC”), an affiliate of NFS, is the custodian
- Your broker-dealer offers managed account services through the Fidelity Managed Account XchangeSM, a managed account platform sponsored by Fidelity Institutional Wealth Adviser LLC ("FIWA"), a registered investment advisor affiliate of NFS
- You have a brokerage account held directly at NFS
- You have a direct relationship with Fidelity Capital Markets, a division of NFS
You do not have to contact your broker-dealer to benefit from these protections; they apply automatically to all customers.
This policy is reviewed annually and updated to reflect any changes.
How and Why We Obtain Personal Information
To facilitate the servicing of your account, Fidelity Institutional Companies may receive non-public personal information about you from you, your broker-dealer, and from various sources. Some examples include:
- Your applications or forms (for example, when you interact with our customer service staff, and when you visit our websites or use our applications)
- Transactional activity in your account (for example, trading history and balances)
- Information from consumer reporting agencies (for example, to assess your creditworthiness for margin products)
- Information from other third-party data sources (for example, to verify your identity and to better understand your product and service needs)
- Other sources with your consent or with the consent of your broker-dealer (for example, from other institutions if you transfer positions into NFS)
How We Protect Information about You
We implement and maintain physical, administrative, technical, and organizational measures designed to protect personal information, and we regularly adapt these controls to respond to changing requirements and advances in technology. Within the Fidelity Institutional Companies, we restrict access to personal information to those who require it to develop, support, offer, and deliver products and services to you and to operate our business.
How We Share Information about You
The Fidelity Institutional Companies do not share or sell personal information about our customers with unaffiliated third parties for use in marketing their products and services. We may disclose the personal information that we collect about customers, prospects, or former customers with their broker-dealers or with:
- Our corporate affiliates, including internal service providers (for example, printing, mailing, and data processing services)
- Unaffiliated service providers (for example, printing and mailing companies, securities clearinghouses, and other entities that may provide services at our direction)
- Government agencies, other regulatory bodies, and law enforcement officials (for example, for tax purposes or for reporting suspicious transactions)
- Other third parties, with your consent or as directed by you or your broker-dealer (for example, if you request personalized performance reporting) or as permitted or required by law (for example, for fraud prevention or to respond to a subpoena)
- In connection with corporate business transactions, such as a merger or sale of a business.
Our service providers are obligated to keep the personal information we share with them confidential and use it only to provide services specified by us.
Your Digital Privacy
When you interact with us by using our websites, online services or applications (including mobile applications) that are owned and controlled by us ("our digital offerings"), or via electronic communications, we manage personal information in accordance with all of the practices and safeguards described in this policy.
When you use or interact with us via our digital offerings, or interact with us via electronic communications, we (or our service providers on our behalf) may automatically collect technical and navigational and location information, such as device type, browser type, internet protocol address, pages visited, and average time spent on our digital offerings. We use this information for a variety of purposes, such as maintaining the security of your online session, facilitating site navigation, improving the design and functionality of our digital offerings and electronic communications, and personalizing your experience.
Additionally, the following policies and practices apply when you are online.
Cookies and Similar Technologies
Connecting with Fidelity Institutional Companies on Social Media Platforms
Third-Party Websites, Online Services, and Content
Access to Your Information
If you are a customer of a broker-dealer for which NFS provides services, you may access and, if necessary, correct your account information through a variety of means offered by your broker-dealer and NFS (for example, via online services). Please contact your broker-dealer for more information about how you may correct your account information.
The following statement only applies to you if you buy Fidelity funds through your broker-dealer.
- Information provided by you or your representative on applications or other forms furnished to the funds or through other interactions that you or your representative have with the funds
- Information arising from your investments in or accounts with the funds
- Information the funds receive from a consumer reporting agency
The funds employ physical, electronic, and procedural controls to safeguard your information. For example, the funds authorize access to your personal and account information only for personnel who need that information in order to provide products or services to you.
The funds do not disclose any non-public personal information about you, except as permitted by law. For example, the funds have entered into a number of arrangements with Fidelity Investments to provide for investment management, distribution, and servicing of the funds.
If you decide to close your account, the funds will continue to adhere to the privacy policies and practices as described in this policy.
If you are a former customer, your information is treated in the same manner as the information of current customers.
We offer several options for accessing and, if necessary, correcting your account information. You can review your information using your statements, or through our automated telephone or Internet services. You may also write or call us with your request for information. If we serve you through an investment professional, please contact them directly. Specific Internet addresses, mailing addresses, and telephone numbers are listed on your statements and other correspondence.
Additional Information for California Residents
This section is provided for purposes related to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights act of 2020 (collectively, the “CPRA”) and applies to the personal information and your relationship(s) with the Fidelity Institutional Companies that are subject to the CPRA. As used in this section, "personal information" means information that meets the definition of “personal information” as set forth in the CPRA and is not otherwise excluded from the scope of the CPRA.
Fidelity Institutional Companies and the CPRA
Depending on the Fidelity Institutional Company with which you have a relationship or otherwise interact, the nature of your relationship and interactions with that Fidelity Institutional Company, and the products and services provided to you through that relationship, some or all of the personal information that the Fidelity Institutional Company collects or maintains is covered by one or more of the exemptions described below (see the section below entitled "CPRA Exemptions" below). As a result, in some cases, the applicable Fidelity Institutional Company may have no obligation under the CPRA to accept any CPRA requests, and in other cases, it may have no obligation to honor a particular CPRA request, because of the nature of the personal information that the Fidelity Institutional Company collects or maintains. Here are some examples of CPRA exemptions:
- If your relationship and interactions with a Fidelity Institutional Company consists solely of personal financial services (e.g. maintaining one or more personal brokerage accounts), the personal information collected and processed about you is subject to the federal Gramm-Leach-Bliley Act ("GLBA") and therefore your CPRA requests will not be honored by the Fidelity Institutional Company.
- If you are a customer of a broker-dealer for which NFS provides services, CPRA requests should be directed to your broker-dealer.
Your Rights Under the CPRA
The CPRA gives certain rights to California residents and imposes certain obligations on those businesses that are subject to the CPRA. As required by the CPRA, set forth below is a description of certain rights that California residents generally have under the CPRA. Based on your relationship with the Fidelity Institutional Companies, some or all of the rights described below may not apply to you. As used below, a "consumer" means a resident of the State of California and a "covered business" means a business that is subject to the CPRA.
- Right to Know/Right to Access. A consumer has the right to request that a covered business that collects a consumer's personal information disclose to that consumer the categories and specific pieces of information the business has collected. A consumer also has the right to request that a covered business that collects a consumer's personal information disclose to that consumer the following:
- the categories of personal information it has collected about that consumer
- the categories of sources from which the personal information is collected
- the business or commercial purpose for collecting, selling or sharing (if applicable) personal information
- the categories of third parties to whom the covered business discloses personal information
- the specific pieces of personal information that the covered business has collected about that consumer.
These disclosures are not required to include any information about activity that occurred prior to January 1, 2022. Please also note that a covered business is not required to honor more than 2 of these requests from the same consumer during any 12-month period.
- Right to Delete. A consumer has the right to request that a covered business delete any personal information that the business has collected from the consumer, subject to certain exceptions.
- Right to Correct. A consumer has the right to request that a covered business correct inaccurate personal information that a business maintains about a consumer.
- Right to Opt-Out of Sale/ Sharing. If a covered business sells or shares personal information, a consumer has the right to opt-out of the sale or sharing of their personal information by the business.
- Right to Limit Use and Disclosure of Sensitive Personal Information. If a covered business uses or discloses sensitive personal information for reasons other than those set forth in the CPRA, a consumer has the right to limit the use or disclosure of sensitive personal information by the business.
- Non-Discrimination. A covered business cannot discriminate against a consumer because the consumer exercised any of the consumer's rights under the CPRA.
Categories of personal information we may collect about you
- Personal identifiers, such as your name, postal address, email address, online identifier, internet protocol address, account name, or other similar identifiers
- Information covered by California's records destruction law (California Civil Code
§1798.80), such as your signature, telephone number and financial account information
- Characteristics of protected classifications under California or US federal law, for example, gender
- Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
- Internet/Electronic network interactions, including, but not limited to, browsing history, search history, and information regarding your interactions with our digital offerings or our advertisements
- Audio, electronic, visual, and similar data, such as call recordings
- Inferences drawn from any of the information listed above to create a profile about you, such as a profile that reflects your preferences, characteristics, behavior, and attitude
- Sensitive personal information such as social security number, account log-in, password or credentials allowing access to your account(s) or to our digital offerings
The retention periods for data elements within each category vary depending on the nature of the data element and the purposes for which it is collected and used. Our retention period for the data elements within each category is set based on the following criteria: (1) the length of time that the data is needed for the purposes for which it was created or collected, (2) the length of time the data is needed for other operational or record retention purposes, (3) the length of time the data is needed in connection with our legal, compliance and regulatory requirements, for legal defense purposes and to comply with legal holds, (4) how the data is stored, (5) whether the data is needed for security purposes and fraud prevention and (6) whether the data is needed to ensure the continuity of our products and services.
Categories of sources from which personal information is collected
In addition to the sources described in the section above titled "How and why we obtain personal information", depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we may obtain personal information from the following sources:
- you or your representative, such as when using our products, services or digital offerings, when interacting with us or any of our service providers regarding our products, services or digital offerings or when otherwise communicating with us;
- your broker-dealer, investment professional and/or other financial services firm\
- providers of publicly available information to another person or other persons (typically people who know you) who provide referral information about you to us or who use the capabilities we offer on certain of our websites and applications to forward an article or other information to you
- third parties that provide products or services to you through your relationship with us
- third parties that perform services for us or on our behalf or other third-party sources, including government sources, data brokers and social networks automatically, via technologies such as cookies and web beacons, when you interact with our digital offerings or electronic communications
Why we collect personal information
Please see the section above entitled “How and why we obtain and use personal information” for a description of some of the business or commercial purposes for which we collect personal information, including sensitive personal information. In addition to those purposes described above, below are additional business or commercial purposes for which we collect personal information:
- To provide you with information about products and services that may interest you
- To maintain the accuracy and integrity of our records
- For marketing and communication purposes
- For reporting and analytical purposes
- For personalizing your interactions and experiences with us
- For training and quality-control measures
- To verify your identity
- To protect against malicious, fraudulent, or illegal activity
- For business analysis, planning, and reporting
- For customer education
- For effectiveness measurements
Categories of personal information disclosed for business purposes
Like most businesses, we disclose personal information, including certain sensitive personal information, to third parties for our business purposes.
Depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we disclose to third parties for business purposes the personal information that is encompassed by one or more of the categories described in the “Categories of personal information we may collect about you” section above, with the categories of third parties listed in the section entitled “Categories of sources of which personal information is collected” above.
Selling/sharing of personal information
In the 12 months preceding the date of this policy, we “sold” and/or “shared” (personal information for “cross context behavioral advertising” (as those terms are used in the CPRA) with respect to California residents covered by the CPRA. As of the date of this policy, we have ceased such practices and no longer “sell” and/or “share” personal information for “cross-context behavioral advertising”. We do not knowingly “sell” or “share” for “cross-context behavioral advertising” personal information of minors under 16 years of age.
Our prior “selling” and/or “sharing” activities were performed to personalize your browsing activities on our websites, to deliver our ads to you when you are visiting other websites or platforms, and to help us measure the effectiveness of our websites and online advertising, using information that we and our third party service providers engaged to perform these activities collected about your activity on our websites, including cookies and similar data stored on or collected from your browser or device. In some cases, our third-party service providers, including marketing and advertising providers and social media platforms (providers), combined this information collected on our websites with information about your activity on other, unaffiliated websites or social media platforms to deliver our ads to you when you visited other websites or platforms. This sharing of your information with certain third parties via cookies and similar methods, and our providers’ use of certain cookies, may be considered to be a “sale” of personal information or “sharing” of personal information for “cross-context behavioral advertising” under the CPRA.
Please note that certain types of personal information collected or maintained by a covered business are exempt from the CPRA. For example, a covered business has limited obligations, or in some cases no obligations, under the CPRA with regard to the following types of personal information:
- Personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act, (Public Law 106-102), and implementing regulations, or pursuant to the California Financial Information Privacy Act (Division 1.4 [commencing with Section 4050] of the California Financial Code)
- Medical information governed by the Confidentiality of Medical Information Act or protected health information that is collected by a covered entity or business associate pursuant to the Health Insurance Portability and Accountability Act of 1996
In addition, some businesses are not subject to the CPRA, such as:
- A business that does not do business in the State of California
- A business that is not organized or operated for the profit or financial benefit of its shareholders or other owners
- A business that does not determine the purposes and means of the processing of consumers' personal information
- A business that has annual gross revenue of $25,000,000 or less
Furthermore, under the CPRA there are a number of situations where a covered business under the CPRA may refuse to honor a CPRA request to delete a consumer's personal information and is allowed to continue to maintain the personal information. Some examples include situations where retention of the personal information is necessary to:
- complete the transaction for which the personal information was collected, provide a good or service requested by the consumer or reasonably anticipated within the context of the covered business's ongoing business relationship with the consumer, or otherwise perform a contract between the Fidelity Institutional Company and the consumer
- help to ensure security and integrity to the extent the use of the personal information is reasonably necessary and proportionate for those purposes
- exercise free speech, ensure the right of another consumer to exercise that consumer’s
right of free speech, or exercise another right provided for by law
- debugging to identify and repair errors that impair existing intended functionality
- to enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer's relationship with the business and compatible with the context in which the consumer provided the information.
- comply with a legal obligation
Submitting a CPRA Request
If you wish to submit a CPRA request to any of the Fidelity Institutional Companies, you may initiate your request through one of the options provided on our California Privacy Rights Request Page. Before submitting your request, please ensure you have reviewed all the CPRA exemptions including those described above under the section above entitled “CPRA Exemptions”.
Please note: if you are a customer of a broker-dealer for which NFS provides services, CPRA requests should be directed to your broker-dealer
You should generally expect to receive a response within 45 days of the date we receive your request. However, in some instances, we may require an additional 45 days to process your request in which case we will notify you and explain why the extension is necessary.
We will need to verify your identity before we can process your request. Through the request process, we will make you aware of any information that you will need to provide to us to process your request. You may have to confirm that you are a California resident and verify your identity or the identities of those authorized to submit requests on your behalf.
Additionally, the information you provide will be used to help verify your identity.
To understand how you can designate an authorized agent with the ability to make a request under the CPRA on your behalf, please refer to our California Privacy Rights Request page.
The Fidelity Institutional Companies received no CCPA requests for disclosure of personal information (request to know) and no requests for deletion of personal information (request to delete) between January 1, 2021 and December 31, 2021.
© 2023 FMR LLC. All Rights Reserved.