Privacy Policy for Workplace Consulting’s Global Financial Wellness Experience
Last Reviewed: January 1, 2024.
Our Commitment to Privacy
Fidelity Workplace Consulting, a division of Fidelity Workplace Services LLC (referred to henceforth as “Workplace Consulting”), is committed to maintaining the confidentiality, integrity, and security of your personal information.
As used in this Privacy Policy, “personal information” means information about an individual that is collected or maintained for business purposes and by which the individual can be identified. Please note that information by which an individual cannot be identified (for example, anonymous, de-identified, or aggregate information) is not considered personal information and therefore is not subject to this policy.
This Privacy Policy explains how we collect, use, and disclose personal information and other information about you in connection with your use of the Global Financial Wellness Experience, that comprises of a Global Financial Wellness Assessment website and a Global Financial Wellness Educational Content website (together, the “Sites”).
This Privacy Policy applies only to these Sites. If you use other websites and/or other products or services offered by us or any other Fidelity company, please review the applicable Privacy Policy (or policies) and cookie policy associated with those websites, products, and services.
How and why we obtain personal information
Workplace Consulting takes great care to protect personal information about you and when we use it, we do so with respect for your privacy.
This Global Financial Wellness Experience is a financial wellness tool (“Tool”) developed by Workplace Consulting to collect and store Eligible Persons’ responses to questions, to provide the Eligible Persons with insights of the data regarding their individual financial wellbeing and other relevant informational materials (“Purpose”).
The scope of personal information collected is limited to the information for Workplace Consulting to provide the services to Eligible Persons for the Purpose. The personal information collected when using the Tool may include details of each Eligible Person’s (and their spouse/partner’s) age, gender, marital status, dependents, income, financial wellness information such as their subjective feelings across four areas of financial wellbeing (budgeting, debt, savings, protection) and other information where necessary for the Purpose as determined by Workplace Consulting.
We store your responses to the Financial Wellness Assessment in anonymised form in a manner that cannot be used to identify any individual. The aggregated, anonymised information and data being collected may be subject to further analysis and assessment and be used to provide an employer (if applicable) with insights on sub-groups of Eligible Persons for the Purpose.
By using the Tool, Eligible Persons acknowledge and provide their prior express consent to Workplace Consulting to collect, use, analyse, and store their information collected via the Tool for the Purpose. Any Personal information collected for the Purpose will be used in accordance with applicable personal information security and data privacy laws, for example, if applicable the General Data Protection Regulation (“GDPR”).
How we protect information about you
Workplace Consulting recognises the importance of protecting personal information and considers it to be a foundation of customer trust and a sound business practice. We implement and maintain physical, administrative, technical and organizational measures designed to protect personal information and we regularly adapt these controls to respond to changing requirements and advances in technology.
At Workplace Consulting, we also limit the amount of personal information collected and we restrict access to personal information to those who require it to develop, support, offer and deliver services to you.
How we share information about you with third parties
We do not share or sell personal information we collect about you with unaffiliated third parties for use in marketing their products and services. We may share aggregated, anonymised data for the purpose of benchmarking aggregate results.
Privacy online
When you interact with us by using our Global Financial Wellness Experience, or via electronic communications, we manage personal information in accordance with all of the practices and safeguards described in this policy.
When you use our digital offerings, we may collect technical and navigational and location information, such as device type, browser type, pages visited, and average time spent on our digital offerings. We use this information for a variety of purposes, such as maintaining the security of your session, facilitating site navigation, improving our website design and functionality, and personalising your experience. Additionally, the following policies and practices apply when you are online.
Cookies and similar technologies
Please refer to the separate Cookie Policy which describes the use of cookies on the Sites.
Protecting children’s privacy online
The Financial Wellness Experience is not directed to individuals under the age of eighteen (18). We do not intentionally collect information from those we know are under 18, and we request that these individuals do not provide us with any information.
Additional Information for California Residents
This section is provided for purposes related to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”) and applies solely to the personal information that is subject to the CCPA. As used in this section, “personal information” means information that meets the definition of “personal information” as set forth in the CCPA and is not otherwise excluded from the scope of the CCPA.
Workplace Consulting and the CCPA
Workplace Consulting is engaged by employers to provide workplace retirement plans, or other employee benefit plan or other employee-benefit-related products or services sponsored by or provided through an employer. In that role, to the extent Workplace Consulting processes personal information as defined under the CCPA, Workplace Consulting acts as a service provider for the employer. As a “service provider” under the CCPA, Workplace Consulting will provide reasonable cooperation to employers to respond to consumer requests received by the employer and meet certain other obligations under the CCPA.
If you participate in a workplace retirement plan, or other employee benefit plan or receive other products or services sponsored by or provided through your employer (if applicable) and serviced or administered by Workplace Consulting, please direct your CCPA rights requests to your employer (if applicable) and not to Workplace Consulting.
Your Rights Under the CCPA
The CCPA gives certain rights to California residents and imposes certain obligations on those businesses that are subject to the CCPA. As required by the CCPA, set forth below is a description of certain rights that California residents generally have under the CCPA. As used below, a “consumer” means a resident of the State of California and a “covered business” means a business that is subject to the CCPA. In the context of CCPA, Workplace Consulting is a “service provider and your employer (if applicable) is the “covered business”.
- Right to Know/Right to Access. A consumer has the right to request that a covered business that collects a consumer’s personal information disclose to that consumer the categories and specific pieces of information the business has collected. A consumer also has the right to request that a covered business that collects a consumer’s personal information disclose to that consumer the following:
- The categories of personal information it has collected about that consumer
- The categories of sources from which the personal information is collected
- The business or commercial purpose for collecting, selling or sharing (if applicable) personal information
- The categories of third parties to whom the covered business discloses personal information
- The specific pieces of personal information that the covered business has collected about that consumer
These disclosures are not required to include any information about activity that occurred prior to January 1, 2022. Please also note that a covered business is not required to honour more than 2 of these requests from the same consumer during any 12-month period.
- Right to Delete. A consumer has the right to request that a covered business delete any personal information that the business has collected from the consumer, subject to certain exceptions.
- Right to Correct. A consumer has the right to request that a covered business correct inaccurate personal information that a business maintains about a consumer.
- Right to Opt-Out of Sale/ Sharing. If a covered business sells or shares personal information, a consumer has the right to opt-out of the sale or sharing of their personal information by the business.
- Right to Limit Use and Disclosure of Sensitive Personal Information. If a covered business uses or discloses sensitive personal information for reasons other than those set forth in the CCPA, a consumer has the right to limit the use or disclosure of sensitive personal information by the business.
- Non-Discrimination. A consumer has the right not to receive discriminatory treatment by the covered business for the exercise of privacy rights conferred by the CCPA.
Categories of personal information we may collect about you
In general, if you are a customer of ours or you otherwise interact with us, we collect various types of personal information about you. The amount and types of personal information we collect will vary depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you. The categories of personal information that we may collect about you are:
- Personal identifiers, such as your internet protocol address
- Internet or other electronic network activity information, including, but not limited to, browsing history and search history while using our digital offerings, and other information regarding your interactions with our digital offerings or our advertisements
- Geolocation data
- Professional or employment-related information, such as job title and business contact information
- Inferences drawn from any of the information listed above to create a profile about you, such as a profile that reflects your preferences, characteristics, behavior, and attitudes.
The retention periods for data elements within each category listed above vary depending on the nature of the data element and the purposes for which it is collected and used. Our retention period for the data elements within each category is set based on the following criteria: (1) the length of time that the data is needed for the purposes for which it was created or collected, (2) the length of time the data is needed for other operational or record retention purposes, (3) the length of time the data is needed in connection with our legal, compliance and regulatory requirements, legal defense and legal holds, (4) how the data is stored, (5) whether the data is needed for security purposes and fraud prevention, and (6) whether the data is needed to ensure the continuity of our products and services.
Categories of personal information we may collect about you
In addition to the sources described in the section above entitled “How and why we obtain and use personal information”, depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we may obtain personal information from the following sources:
- You, such as when using our products, services or digital offerings, when interacting with us or any of our service providers regarding our products, services or digital offerings
- Third parties that perform services for us or on our behalf
- Automatically, via technologies such as cookies and web beacons, when you interact with our digital offerings or electronic communications
Why we collect personal information
Please see the section above entitled “How and why we obtain and use personal information” for a description of some of the business or commercial purposes for which we collect personal information, including sensitive personal information. In addition to those purposes described above, below are additional business or commercial purposes for which we collect personal information:
- To provide you with information about products and services that may interest you
- To maintain the accuracy and integrity of our records
- For marketing and communication purposes
- For reporting and analytical purposes
- For personalizing your interactions and experiences with us
- For training and quality-control measures
- To protect against malicious, fraudulent, or illegal activity
- For business analysis, planning, and reporting
- For customer education
- For effectiveness measurements
Categories of personal information disclosed for business purposes
Like most businesses, we disclose personal information, including in some cases certain sensitive personal information, to third parties for our business purposes. Depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you or your employer (if applicable), we disclose to third parties for business purposes the personal information that is encompassed by one or more of the categories described in the “Categories of personal information we may collect about you” section above, with the categories of third parties listed in the section above entitled “How we share information about you with third parties”.
Other information about our handling of personal information
Please note that we do not “sell” or “share” (as defined in the CCPA) personal information about you to any third party and have not done so at any time during the 12-month period preceding the date this Privacy Policy was last updated. In addition, we do not sell or share personal information of minors under 16 years of age.
CCPA Exemptions
Please note that certain types of personal information collected or maintained by a covered business are exempt from the CCPA. For example, a covered business has limited obligations, or in some cases, no obligations, under the CCPA with regard to the following types of personal information:
- Personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (Public Law 106-102) and implementing regulations, or pursuant to the California Financial Information Privacy Act (Division 1.4 [commencing with Section 4050] of the California Financial Code)
- Medical information governed by the Confidentiality of Medical Information Act or protected health information that is collected by a covered entity or business associate pursuant to the Health Insurance Portability and Accountability Act of 1996
In addition, some businesses are not subject to the CCPA, such as:
- A business that does not do business in the State of California
- A business that is not organized or operated for the profit of financial benefit of its shareholders or other owners
- A business that does not determine the purposes and means of the processing of consumers’ personal information
- A business that has annual gross revenue of $25,000,000 or less
Furthermore, under the CCPA, there are a number of situations where a covered business under the CCPA may refuse to honour a CCPA request to delete a consumer’s personal information and is allowed to continue to maintain the personal information. Some examples include situations where retention of the personal information is reasonably necessary to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer or reasonably anticipated within the context of the covered business’s ongoing business relationship with the consumer, or otherwise perform a contract between the Fidelity company and the consumer
- Help to ensure security and integrity to the extent the use of the personal information is reasonably necessary and proportionate for those purposes
- Debugging to identify and repair errors that impair existing intended functionality
- Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided by law
- To enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer's relationship with the business and compatible with the context in which the consumer provided the information
- Comply with a legal obligation
Please note that the description of the CCPA set forth in this Privacy Policy is a summary of only certain aspects of the CCPA and is not and should not be considered a complete description of the CCPA. In addition to what is described above, the CCPA includes other exemptions that apply to particular types of personal information and particular businesses, as well as additional situations where a covered business is not required to honour a consumer’s request to delete the consumer’s personal information.
Submitting a CCPA Request
If you participate in a workplace retirement plan, or other employee benefit plan or receive other products or services sponsored by or provided through your employer (if applicable) and serviced or administered by Workplace Consulting, please direct your CCPA rights requests to your employer (if applicable) and not to Workplace Consulting. If you have retirement or benefit plans that are serviced or administered by Workplace Consulting with more than one employer (e.g., a former employer), please direct your request to each employer (if applicable).
If you have a separate relationship with another Fidelity business (e.g., personal brokerage account with Fidelity Brokerage Services LLC), please see the California Privacy Rights Privacy Page for information on how to submit a CCPA rights request to the applicable Fidelity business.
For residents of the United Kingdom (“UK”) and/or the European Union (“EU”) and/or European Economic Area (“EEA”)
For UK and EU residents, the UK and EU General Data Protection Regulation (“GDPR”) provides you with a number of rights in relation to your information which you have shared with us. If you wish to exercise any of your data rights, please contact us at globalfinancialwellness@fidelity.com.
You also have the right to complain to the Data Protection Commission (or another supervisory authority of your country or region) about the way in which we process your personal information.
For residents of Canada
For Canadian residents, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) provides you with a number of rights in relation to your information which you have shared with us. If you wish to exercise any of your data rights, please contact us at globalfinancialwellness@fidelity.com.
If you are a Canadian resident, you have the right to complain to the Office of the Privacy Commissioner of Canada (“OPC”).
Updates
We may change this Privacy Policy at any time, and without notice to you, by updating the Privacy Policy available on the Global Financial Wellness Experience Sites. When we make changes to this Privacy Policy, we will change the “Last Updated” date specified at the beginning of this Privacy Policy. All changes shall be effective from the date the updated Privacy Policy is published, unless otherwise specifically stated in the updated Privacy Policy. We encourage you to review this Privacy Policy on a regular basis so that you will be aware of any changes to it.
You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Tool after the date such revised Privacy Policy is posted.
Contact Us
If you have questions or comments about this Privacy Policy or wish to make a complaint, please contact us at: globalfinancialwellness@fidelity.com.
1127957.1.0