Additional privacy information for California residents

This Privacy Notice for California Residents is intended to be supplemental to, and not replace, the information contained in our Privacy Policy and applies solely to individuals who reside in the State of California (you). This additional information is provided pursuant to the California Consumer Privacy Act of 2018, as amended (the “CCPA”). Any terms defined in the CCPA have the same meaning when used in this notice.  A description of our privacy practices relating to personal information of our California employees, applicants, and independent contractors are covered under a separate privacy policy which can be found here

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device or household (personal information). The chart below describes, in the preceding 12 months, the categories of personal information we have collected, the sources from whom or where it was collected, and the business purpose(s) for which it was collected. We retain your personal information until all applicable legal and business obligations are fulfilled.

Categories of personal information

Sources

Business purpose

A. Identifiers

These may include your name, alias, address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, and other similar identifiers.

From you, your plan sponsor (employer or former employer), our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclosethis information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

This may include your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, employment, bank account number, or other financial information.

From you, your plan sponsor (employer or former employer), our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

C. Protected classification characteristics under California or federal law

This may include, for example, your age, marital status, gender, race, and medical conditions.

From you, your plan sponsor (employer or former employer), our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

From you, our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

E. Biometric information

From you when you call our service center (including voiceprint data).

To provide our products and services to you or to the plan sponsor of your retirement plan We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

F. Internet or other similar network activity

This includes, but is not limited to, browsing history, search history, and information regarding your interaction with websites.

From you, our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

G. Geolocation data

From you, our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

H. Audio, electronic, visual, thermal, olfactory, or similar information

From you when you call our service center (including voiceprint data).

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

I. Professional or employment-related information

From you, your plan sponsor (employer or former employer), our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

We don’t collect.

Not applicable.

K. Inferences drawn from other personal information listed above reflecting an individual’s preferences, characteristics, predispositions, behavior, and attitudes.

From you, our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, , auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

 

Sensitive Personal Information is a subcategory of Personal Information. Depending on what our relationship is with you or what Empower services or products you use, we may also collect sensitive personal information (as defined in the CCPA). The chart below describes the categories of sensitive personal information we may collect, the sources from whom or where it was collected, and the business purpose(s) for which it was collected. We retain your personal information until all applicable legal and business obligations are fulfilled.

Categories of sensitive personal information

Sources

Business purpose

Government identifiers. This includes a consumer’s social security, driver’s license, state identification card, or passport number.

 

From you, your plan sponsor (employer or former employer), our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

We limit our collection, use, and disclosure of this category of personal information to that which is necessary to provide our services to you or for another permitted business purpose under the CCPA such as detecting security incidents. We do not use this information to infer characteristics about you.

 Financial account information. This includes account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

From you, your plan sponsor (employer or former employer), our service providers or third parties.

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

We limit our collection, use, and disclosure of this category of personal information to that which is necessary to provide our services to you or for another permitted business purpose under the CCPA such as detecting security incidents. We do not use this information to infer characteristics about you.

Precise geolocation data. This includes data used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1850 feet except as otherwise set forth in applicable law or regulations.

We don’t collect.

Not applicable.

Certain demographic information. This includes racial or ethnic origin, religious or philosophical beliefs, or union membership.

From you or your plan sponsor (employer or former employer).

 

To provide our products and services to you or to the plan sponsor of your retirement plan. We may disclose this information to service providers, auditors and regulatory authorities, and other parties as set forth in the Privacy Policy to which this document is linked.

We limit our collection, use, and disclosure of this category of personal information to that which is necessary to provide our services to you or for another permitted business purpose under the CCPA such as detecting security incidents. We do not use this information to infer characteristics about you.

Private communications. This includes the contents of a consumer’s mail, email and text messages, unless Empower is the intended recipient of the communication.

We don’t collect.

Not applicable.

Genetic data.

We don’t collect.

Not applicable.

Processing of biometric information for the purpose of uniquely identifying you.

We don’t collect.

Not applicable.

Personal information collected and analyzed concerning a consumer’s health.

We don’t collect.

Not applicable.

Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.

We don’t collect.

Not applicable.

Personal information does not include:

  • Publicly available information as it is defined under the CCPA.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain information directly from you and other sources. For example, we obtain information from forms you complete on our website, your conversations with an Empower call center representative, from observing your actions on our website or interactions with our advertisers. In addition, we obtain the categories of personal information listed above from the following other sources:

  • Directly from your retirement plan or plan sponsor (your employer or former employer). For example, your employer’s retirement plan may contain some of your personal information necessary to maintain your account or perform our services for your retirement plan or plan sponsor.
  • Directly from third parties. For example, we may need to verify your identity with third parties in order to prevent fraudulent transactions.

Use of personal information

We use the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry.
  • To maintain or service accounts, provide customer service, process or fulfill orders and transactions, verify customer information or provide similar services on behalf of a retirement plan, if applicable.
  • To fulfill our obligations to service your retirement plan, if applicable.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To undertake internal research to improve our services or for product development.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not use your personal information for materially different, unrelated, or incompatible purposes without providing you notice as required by law.

Deidentified or pseudonymous data

We maintain and use deidentified data in such a way that any information can no longer be linked to you or any device associated with you. After data has been deidentified, i) we maintain and use such deidentified data without attempting to reidentify the data or re-associate it with specific individuals; ii) we take reasonable measures to ensure that the information cannot be reassociated with you or your household; and iii) we have implemented technical and organizational safeguards as well as business processes designed to prohibit the reidentification of your information. Such data is used for research and benchmarking purposes. We contractually obligate all recipients of the deidentified data to comply with applicable laws pertaining to deidentification and we monitor compliance with any contractual commitments.

Disclosing personal information

We may disclose your personal information to a third party for the business purposes described above, such as detecting security incidents; performing services on behalf of the retirement plan sponsor or employer or to offer you our own services and products. Disclosures may be made to service providers providing advertising and marketing services, internal research and quality control. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

We disclose your personal information with the following categories of third parties: service providers (including affiliates), vendors, auditors and applicable regulatory authorities. The categories of personal information we may disclose with such third parties may include: identifiers, personal information categories listed in the California Customer Records statute, protected classification characteristics under applicable law, commercial information, biometric information, internet or network activity, , Audio, electronic, visual, thermal, olfactory, or similar information, employment-related information, inferences drawn from personal information, and certain categories of sensitive personal information that we collect where disclosure is permitted under the CCPA.

Your rights and choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Right to know what personal information is being collected sold, or disclosed for a business purpose

Subject to applicable exemptions in the CCPA, you have the right to request that we disclose certain information to you about our collection, use, and disclosure of your personal information. Once we receive and confirm your verifiable consumer request, to the extent required by the CCPA, we will disclose to you:

  • The categories of personal information we collected about you;
  • The categories of sources from which the personal information was collected;
  • The business or commercial purpose for which we collected or sold the personal information;
  • The categories of third parties with whom we share personal information;
  • The categories of personal information that we sold, and for each category identified, the categories of third parties to whom we sold the particular category of personal information; and
  • The categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information.
  • The specific pieces of personal information we have collected about you.

Right to correct inaccurate personal information

You have the right to request correction of your personal information that is inaccurate. Once we receive your verifiable consumer request, we will use commercially reasonable efforts to correct the inaccurate personal information as described in your request. You may be required to provide additional documentation if necessary to determine the accuracy of your personal information.

Right to opt out of the sale and sharing of your personal information

Under the CCPA, California residents have the right to opt out of the sale or sharing (as such terms are defined under the CCPA) of their personal information. While we do not share your personal information to third parties for monetary gain, the CCPA has a broader definition of “sale” and “share” that may be applicable to use of certain third-party cookies, tags, pixels or web beacons (collectively, “cookies”) on our websites or mobile applications. In this context, Empower and our advertising partners use cookies and the advertising identifier associated with your mobile or internet-connected device.

If you wish to opt out of the sale or sharing of your personal information pertaining to Empower’s use of third-party cookies as described above, you may do so by clicking on the “Do not sell or share my personal information” link at the bottom of this web page, or if you are using a mobile app, by opting out in the Privacy Preference Center under the “Settings” section of your Profile.  In the future if you change browsers, devices, or clear your cookies, you will need to opt-out again as described above. Please note that Empower will continue to share your data with service providers as permitted by law and described in the section entitled “Disclosing Personal Information” above. 

Right to limit use and disclosure of sensitive personal information

We limit the collection, use, and disclosure of your sensitive personal information to that which is necessary to provide our services to you or for another permitted purpose under the CCPA such as detecting security incidents and we do not use this information to infer characteristics about you.  Our service providers are contractually obligated to limit their use and disclosure of your sensitive personal information to that which is necessary for the business purpose set forth in our contract with them. Since we already limit the use of your sensitive personal information, an opt-out is not necessary.

Right to request deletion

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will deidentify or delete (and direct our service providers to delete) your personal information from our records, unless an exception applies

Exercising your rights to know, correct, and delete

If Empower holds your data in connection with a workplace retirement plan, any request to obtain copies of your data, correct or delete data under the CCPA, as described above, should be directed to the sponsor of your retirement plan (your employer or former employer who is the sponsor of that plan). Otherwise, to submit a request to exercise your rights described above, please complete the Privacy Request Form and email it to us at privacymatters@empower.com , or send it by mail directed to the Chief Privacy Officer at 8525 E. Orchard Rd., 2T3, Greenwood Village, CO, 80111; you may also exercise your rights by calling us toll-free at 855-756-4738. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Do not include any confidential information in any email that you send pursuant to this paragraph.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must include sufficient detail that allows us to properly understand, evaluate, and respond to it.

When making a request, in order to maintain the security of your personal information and verify your identity, we may require you to call our service center or log in to your account to answer a few identity-related questions, including providing additional information about yourself. We may deny your request in the event that any exemptions in the CCPA are applicable to your request or we are not able to verify your identity.

Response timing and format

We will confirm receipt of a request to know, request to correct, or a request to delete as required by applicable law. Such confirmation will include our verification process and when you should expect a response.

We endeavor to respond to a verifiable consumer request within 45 days of its receipt or as required by law. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing. We will deliver our final response by mail.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Designating an authorized agent

You may use an authorized agent to submit a request on your behalf. To do so, the authorized agent must provide a copy of your signed authorization to  privacymatters@empower.com. You will also be required to verify your identity directly with us and confirm that you provided the authorized agent with permission to submit a request on your behalf.

Nondiscrimination & Nonretaliation

We will not discriminate or retaliate against you for exercising any of your CCPA rights. To the extent prohibited by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services, or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior consent, which you may revoke at any time.

Questions or Requests

To submit privacy-related questions or requests, please call our toll-free number at 855-756-4738 or send us an email at Privacymatters@empower.com. Please do not put any confidential or personal account information in an email request.

Rev 6/11/2023

Privacy notice available for download here.