National Financial Services LLC Privacy Policy
Our commitment to privacy
View the National Financial Services LLC Privacy Notice
Last Updated: December 2024
As you may know, your broker-dealer and National Financial Services LLC ("NFS") have an agreement through which NFS provides clearing and other related services for your account. In connection with these services, NFS is required to communicate its practices regarding the privacy of customer information. These practices also apply to you in any of the following circumstances:
- You have a retirement account through your broker-dealer for which Fidelity Management Trust Company (“FMTC”), an affiliate of NFS, is the custodian
- Your broker-dealer offers managed account services through the Fidelity Managed Account XchangeSM, a managed account platform sponsored by Fidelity Institutional Wealth Adviser LLC ("FIWA"), a registered investment advisor affiliate of NFS
- You have a brokerage account held directly at NFS
- You have a direct relationship with Fidelity Capital Markets, a division of NFS
For purposes of this privacy policy, NFS and its affiliates listed above that are covered by this privacy policy shall be collectively referred to as the “Fidelity Institutional Companies”, “we”, “us”, “our”.
This privacy policy is provided to customers of correspondent broker-dealers on behalf of NFS.
You do not have to contact your broker-dealer to benefit from these protections; they apply automatically to all customers.
As used in this privacy policy (“policy”), personal information means information about an individual that is collected or maintained for business purposes and by which the individual can be identified. Please note that information by which an individual cannot be identified (for example, anonymous, de-identified, or aggregate information) is not considered personal information and therefore is not subject to this policy.
This policy is reviewed annually and updated to reflect any changes.
How and why, we obtain personal information
In connection with servicing of your account, Fidelity Institutional Companies may receive non-public personal information about you from you, your broker-dealer, and from various sources. Some examples include:
- Your applications or forms (for example, when you interact with our customer service staff, and when you visit our websites or use our applications)
- Transactional activity in your account (for example, trading history and balances)
- Information from consumer reporting agencies (for example, to assess your creditworthiness for margin products)
- Information from other third-party data sources (for example, to verify your identity and to better understand your product and service needs)
- Other sources with your consent or with the consent of your broker-dealer (for example, from other institutions if you transfer positions into NFS)
How we protect information about you
We implement and maintain physical, administrative, technical, and organizational measures designed to protect personal information, and we regularly adapt these controls to respond to changing requirements and advances in technology. Within the Fidelity Institutional Companies, we restrict access to personal information to those who require it to develop, support, offer, and deliver products and services to you and to operate our business.
How we share information about you
The Fidelity Institutional Companies do not share or sell personal information about our customers with unaffiliated third parties for use in marketing their products and services. We may share the personal information that we collect about customers, prospects, or former customers with their broker-dealers or with:
- Our corporate affiliates to provide services to us or your broker-dealer (for example, printing, mailing, and data processing services) and for other business purposes
- Unaffiliated service providers (for example, printing and mailing companies, securities clearinghouses, and other entities that may provide services at our direction
- Government agencies, other regulatory bodies, and law enforcement officials (for example, for tax purposes or for reporting suspicious transactions)
- Other third parties, with your consent or as directed by you or your broker-dealer (for example, if you request personalized performance reporting)
- Other organizations as permitted or required by law (for example for fraud prevention or to respond to a subpoena)
- In connection with corporate business transactions, such as a merger or sale of a business.
Our service providers are obligated to keep the personal information we share with them confidential and use it only to provide services specified by us.
Your digital privacy
When you interact with us by using our websites, online services, or applications (including mobile applications) that are owned and controlled by us ("our digital offerings"), or via electronic communications, we manage personal information in accordance with all of the practices and safeguards described in this policy.
When you use or interact with us via our digital offerings, or interact with us via electronic communications, we (or our service providers on our behalf) may automatically collect technical and navigational and location information, such as device type, browser type, internet protocol address, pages visited, and average time spent on our digital offerings. We use this information for a variety of purposes, such as maintaining the security of your online session, facilitating site navigation, improving the design and functionality of our digital offerings and electronic communications, and personalizing your experience.
Additionally, the following policies and practices apply when you are online:
Cookies and similar technologies
We and our third-party service providers use cookies and similar technologies ("cookies") to support the operation of and maintain our digital offerings. Cookies are small amounts of data that a website or an online service exchanges with a web browser or an application on a visitor's device (for example, computer, tablet, or mobile phone). Cookies help us to collect information about users of our digital offerings, including date and time of visits, pages viewed, amount of time spent using our digital offerings, or general information about the device used to access our digital offerings. Our cookies are also used for security purposes and to personalize your experience, such as customizing your screen layout.
We and third-party service providers we hire may use cookies and other technologies, such as web beacons, pixel tags, or mobile device ID, in online advertising as described below. Most browsers and mobile devices offer their own settings to manage cookies. If you use those settings to refuse or delete cookies, it may negatively impact your experience using our digital offering, as some features and services on our digital offerings may not work properly. For example, you may not be able to sign in and access your account, or we may not be able to recognize you, your device, or your online preferences. Depending on your device and operating system, you may not be able to delete or block all cookies.
We may collect analytics data or use third-party analytics tools, such as Google Analytics, to help us measure traffic and usage trends for our digital offerings and to understand more about the demographics of our users. You can learn more about Google's practices with Google Analytics by visiting Google's privacy policy. You can also view Google's currently available opt-out options.
Connecting with Fidelity Institutional Companies on social media platforms
The Fidelity Institutional Companies provides experiences on social media platforms that enable online sharing and collaboration among users who have registered to use them. We may collect information you provide by interacting with us via social media, such as photographs, opinions, or social media account ID. Any content you post, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is also subject to the terms of use and privacy policies of those platforms. Please refer to them to better understand your rights and obligations with regard to such content.
Third-Party websites, online services, and content
Our digital offerings may contain links to third-party websites and online services (for example, social media platforms) and may include embedded content that is hosted by third parties. This policy does not address the privacy, security, cookie policy and settings, or other practices of the third parties that provide such websites, online services, or content, and we are not responsible for the privacy practices or the content of these other websites, online services, or content providers. If you use a link to another website or online service or view third-party content (for example, an embedded video), please consult the privacy policy for that website/or online service for additional information on their privacy practices and advertising opt-out instructions.
Children's privacy
In general, our digital offerings are not directed to individuals under the age of thirteen (13). We do not intentionally collect information on our websites from those we know are under 13, and we request that these individuals do not provide personal information through our digital offerings. If we do provide a digital offering that is intended to be used by individuals under the age of 13, it will have a separate privacy policy.
Additional information
If you are a former customer, this policy also applies to you; we treat your information with the same care as we do information about current customers.
If you are a customer of a broker-dealer for which NFS provides services, you may access and, if necessary, correct your account information through a variety of means offered by your broker-dealer and NFS (for example, via online services). Please contact your broker-dealer for more information about how you may correct your account information.
Additional Information for California Residents
This section is provided for purposes related to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights act of 2020 (collectively, the “CCPA”) and applies to the personal information and your relationship(s) with the Fidelity Institutional Companies that are subject to the CCPA. As used in this section, "personal information" means information that meets the definition of “personal information” as set forth in the CCPA and is not otherwise excluded from the scope of the CCPA.
Fidelity Institutional Companies and the CCPA
Depending on the Fidelity Institutional Company with which you have a relationship or otherwise interact, the nature of your relationship and interactions with that Fidelity Institutional Company, and the products and services provided to you through that relationship, some or all of the personal information that the Fidelity Institutional Company collects or maintains is covered by one or more of the exemptions described below (see the section below entitled "CCPA Exemptions" below). As a result, in some cases, the applicable Fidelity Institutional Company may have no obligation under the CCPA to accept any CCPA requests, and in other cases, it may have no obligation to honor a particular CCPA request, because of the nature of the personal information that the Fidelity Institutional Company collects or maintains. Here are some examples of CCPA exemptions:
- If your relationship and interactions with a Fidelity Institutional Company consists solely of personal financial services (e.g. maintaining one or more personal brokerage accounts), the personal information collected and processed about you is subject to the federal Gramm-Leach-Bliley Act ("GLBA") and therefore your CCPA requests will not be honored by the Fidelity Institutional Company.
- If you are a customer of a broker-dealer for which NFS provides services, CCPA requests should be directed to your broker-dealer.
Your Rights Under the CCPA
The CCPA gives certain rights to California residents and imposes certain obligations on those businesses that are subject to the CCPA. As required by the CCPA, set forth below is a description of certain rights that California residents generally have under the CCPA. Based on your relationship with the Fidelity Institutional Companies, some or all of the rights described below may not apply to you. As used below, a "consumer" means a resident of the State of California and a "covered business" means a business that is subject to the CCPA.
- Right to Know/Right to Access. A consumer has the right to request that a covered business that collects a consumer's personal information disclose to that consumer the categories and specific pieces of information the business has collected. A consumer also has the right to request that a covered business that collects a consumer's personal information disclose to that consumer the following:
- the categories of personal information it has collected about that consumer
- the categories of sources from which the personal information is collected
- the business or commercial purpose for collecting, selling or sharing (if applicable) personal information
- the categories of third parties to whom the covered business discloses personal information
- the specific pieces of personal information that the covered business has collected about that consumer.
These disclosures are not required to include any information about activity that occurred prior to January 1, 2022. Please also note that a covered business is not required to honor more than 2 of these requests from the same consumer during any 12-month period.
- Right to Delete. A consumer has the right to request that a covered business delete any personal information that the business has collected from the consumer, subject to certain exceptions.
- Right to Correct. A consumer has the right to request that a covered business correct inaccurate personal information that a business maintains about a consumer.
- Right to Opt-Out of Sale/ Sharing. If a covered business sells or shares personal information, a consumer has the right to opt-out of the sale or sharing of their personal information by the business.
- Right to Limit Use and Disclosure of Sensitive Personal Information. If a covered business uses or discloses sensitive personal information for reasons other than those set forth in the CCPA, a consumer has the right to limit the use or disclosure of sensitive personal information by the business.
- Non-Discrimination. A covered business cannot discriminate against a consumer because the consumer exercised any of the consumer's rights under the CCPA.
Categories of personal information we may collect about you
- Personal identifiers, such as your name, postal address, email address, online identifier, internet protocol address, account name, or other similar identifiers
- Information covered by California's records destruction law (California Civil Code 1798.80), such as your signature, telephone number and financial account information
- Characteristics of protected classifications under California or US federal law, for example, gender
- Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
- Internet/Electronic network interactions, including, but not limited to, browsing history, search history, and information regarding your interactions with our digital offerings or our advertisements
- Audio, electronic, visual, and similar data, such as call recordings
- Inferences drawn from any of the information listed above to create a profile about you, such as a profile that reflects your preferences, characteristics, behavior, and attitude
- Sensitive personal information such as social security number, account log-in, password or credentials allowing access to your account(s) or to our digital offerings
The retention periods for data elements within each category vary depending on the nature of the data element and the purposes for which it is collected and used. Our retention period for the data elements within each category is set based on the following criteria: (1) the length of time that the data is needed for the purposes for which it was created or collected; (2) the length of time the data is needed for other operational or record retention purposes; (3) the length of time the data is needed in connection with our legal, compliance and regulatory requirements, for legal defense purposes and to comply with legal holds; (4) how the data is stored; (5) whether the data is needed for security purposes and fraud prevention; and (6) whether the data is needed to ensure the continuity of our products and services.
Categories of sources from which personal information is collected
In addition to the sources described in the section above titled "How and why we obtain personal information", depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we may obtain personal information from the following sources:
- you or your representative, such as when using our products, services or digital offerings, when interacting with us or any of our service providers regarding our products, services or digital offerings or when otherwise communicating with us;
- your broker-dealer, investment professional and/or other financial services firms
- providers of publicly available information
- another person or other persons (typically people who know you) who provide referral information about you to us or who use the capabilities we offer on specific websites and applications to forward an article or other information to you
- third parties that provide products or services to you through your relationship with us
- third parties that perform services for us or on our behalf
- other third-party sources, including government sources, data brokers and social networks
- automatically, via technologies such as cookies and web beacons, when you interact with our digital offerings or electronic communications
Why we collect personal information
Please see the section above entitled “How and why we obtain and use personal information” for a description of some of the business or commercial purposes for which we collect personal information, including sensitive personal information. In addition to those purposes described above, below are additional business or commercial purposes for which we collect personal information:
- To provide you with information about products and services that may interest you
- To maintain the accuracy and integrity of our records
- For marketing and communication purposes
- For reporting and analytical purposes
- For personalizing your interactions and experiences with us
- For training and quality-control measures
- To verify your identity
- To protect against malicious, fraudulent, or illegal activity
- For business analysis, planning, and reporting
- For customer education
- For effectiveness measurement
Categories of personal information disclosed for business purposes
Like most businesses, we disclose personal information, including certain sensitive personal information, to third parties for our business purposes.
Depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we disclose to third parties for business purposes the personal information that is encompassed by one or more of the categories described in the “Categories of personal information we may collect about you” section above, with the categories of third parties listed in the section entitled “Categories of sources of which personal information is collected” above.
Selling/sharing of personal information
We DO NOT sell your personal information for payment or for any other compensation. However, some of the ways in which we share your personal information with third parties on certain of our websites may, under the CCPA, be considered to be a “sale” of personal information or “sharing” of personal information for “cross-context behavioral advertising” (as those terms are used in the CCPA).
We engage third party service providers, including marketing and advertising providers, and social media platforms (providers) to personalize your browsing experience on our websites, to provide certain targeted advertising services for us, and to help us measure the effectiveness of our websites and our online advertising. When you visit our websites, we and our providers collect certain information about your activity on our websites, including cookies and similar data stored on or collected from your browser or device. In some cases, our providers may combine this information collected on our websites with information about your activity on other, unaffiliated websites or social media platforms to deliver our ads to you when you are visiting other websites or platforms. This sharing of your information with certain third parties via cookies and similar methods, and our providers' use of certain cookies, may be considered to be a "sale" of personal information or "sharing" of personal information for "cross-context behavioral advertising" under the CCPA.
California residents covered by the CCPA have the right to opt out of this "sale" or "sharing" of personal information. For those websites where we engage in these activities and are covered by the CCPA, if we determine that you are visiting the website from a location in California, you will see a "Do Not Sell or Share my Personal Information" link on the footer of the website's homepage. To opt out of this sale or sharing of your personal information, please click on the link and follow the prompts.
Note that Fidelity permits all visitors to certain portions of our website to automatically exercise their right to opt-out of this sale or sharing of this personal information through the use of the Global Privacy Control (GPC) signal without having to make individualized opt-out requests. If you've enabled the GPC signal in your browser, we will honor your request to opt-out of this sale or sharing of personal information as communicated via the GPC signal. These opt-outs (whether via the toggle above or via the GPC signal) are a setting that is specific to the device or browser you're using. You'll need to opt out again if you visit our applicable websites from a different device or browser, change your browser settings, or clear your cookies.
In the 12 months preceding the date of this Notice, we "sold" and/or "shared" personal information for "cross-context behavioral advertising", with respect to California residents covered by the CCPA. We do not knowingly "sell" or "share" for "cross-context behavioral advertising" personal information of minors under 16 years of age.
CCPA Exemptions
Please note that certain types of personal information collected or maintained by a covered business are exempt from the CCPA. For example, a covered business has limited obligations, or in some cases no obligations, under the CCPA with regard to the following types of personal information:
- Personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act, (Public Law 106-102), and implementing regulations, or pursuant to the California Financial Information Privacy Act (Division 1.4 [commencing with Section 4050] of the California Financial Code)
- Medical information governed by the Confidentiality of Medical Information Act or protected health information that is collected by a covered entity or business associate pursuant to the Health Insurance Portability and Accountability Act of 1996
In addition, some businesses are not subject to the CCPA, such as:
- A business that does not do business in the State of California
- A business that is not organized or operated for the profit or financial benefit of its shareholders or other owners
- A business that does not determine the purposes and means of the processing of consumers' personal information
- A business that has annual gross revenue of $25,000,000 or less
Furthermore, under the CCPA there are a number of situations where a covered business under the CCPA may refuse to honor a CCPA request to delete a consumer's personal information and is allowed to continue to maintain the personal information. Some examples include situations where retention of the personal information is necessary to:
- complete the transaction for which the personal information was collected, provide a good or service requested by the consumer or reasonably anticipated within the context of the covered business's ongoing business relationship with the consumer, or otherwise perform a contract between the Fidelity Institutional Company and the consumer
- help to ensure security and integrity to the extent the use of the personal information is reasonably necessary and proportionate for those purposes
- exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law
- debugging to identify and repair errors that impair existing intended functionality
- to enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer's relationship with the business and compatible with the context in which the consumer provided the information.
- comply with a legal obligation
Please note that the description of the CCPA set forth in this privacy policy is a summary of only certain aspects of the CCPA and is not and should not be considered a complete description of the CCPA. In addition to what is described above, the CCPA includes other exemptions that apply to particular types of personal information and particular businesses, as well as additional situations where a covered business is not required to honor a consumer's request to delete the consumer's personal information.
Submitting a CCPA Request
If you wish to submit a CCPA request to any of the Fidelity Institutional Companies, you may initiate your request through one of the options provided on our California Privacy Rights Request Page. Before submitting your request, please ensure you have reviewed all the CCPA exemptions including those described above under the section above entitled “CCPA Exemptions”.
Please note: if you are a customer of a broker-dealer for which NFS provides services, CCPA requests should be directed to your broker-dealer.
You should generally expect to receive a response within 45 days of the date we receive your request. However, in some instances, we may require an additional 45 days to process your request in which case we will notify you and explain why the extension is necessary.
We will need to verify your identity before we can process your request. Through the request process, we will make you aware of any information that you will need to provide to us to process your request. You may have to confirm that you are a California resident and verify your identity or the identities of those authorized to submit requests on your behalf.
Additionally, the information you provide will be used to help verify your identity.
To understand how you can designate an authorized agent with the ability to make a request under the CCPA on your behalf, please refer to our page. Fidelity Institutional received 1 CCPA request for disclosure of personal information (request to know) and 2 requests for deletion of personal information (request to delete) between January 1, 2023and December 31, 2023.
This privacy policy is reviewed annually. The printed and online notices are then updated to reflect any changes.
© 2024 FMR LLC. All Rights Reserved.