Empower takes data privacy very seriously and is committed to protecting
and respecting the privacy, security, and integrity of your personal
information. This policy sets out key information regarding Empower and
how your personal information will be collected, used, and protected.
Please note that certain portions of this policy may or may not be
applicable to you based on the services and products in which you are
enrolled and applicable laws. This policy is supplemented by specific
notices, set out in links within this policy, that provide additional
information pertaining to your relationship with Empower or addressing
the requirements of the jurisdiction in which you live. In this policy,
the terms “Empower,” “we,” “us,” and “our” refer to each and all of the
Empower family of companies listed at the end of this policy.
Welcome to the Empower website
In this Privacy Policy, we will cover:
What data we collect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
How we use data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
How we share data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Deidentified or pseudonymous data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Children. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Website and mobile application use. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Cookies and web beacons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Do-not-track and global privacy control. . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Analytics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Interest-based advertising and communications. . . . . . . . . . . . . . . . . . 18
Additional privacy rights under applicable state laws. . . . . . . . . . . . . 19
International data transfers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Notice to Nevada residents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Modifications to our Privacy Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Requests, questions, or complaints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
About us. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3
What data we collect
Empower collects your “personal information” or “personal data” (i.e., information that when used alone or with other
relevant data may be capable of personally identifying you, or as defined by applicable law). Data that does not identify a
natural person (such as data that is aggregated and anonymized) is not “personal information” and is not subject to this
Privacy Policy. The information that we collect, and how we use it, depends on your relationship with us and may change
as your relationship evolves with us. This Privacy Policy is organized based on those different types of relationships as
described below.
You may fall into more than one category concurrently, depending on your relationship with us. For example, if you are
a Personal Cash customer, you may also be a visitor before logging in to your dashboard, wherein you will also be a user.
After your relationship with us ends, the terms of this policy shall continue to be applicable to your data for as long as we
retain your data.
The table below describes the personal information we have collected and shared in the preceding 12 months and may
continue to collect and share.
Visitors: Individuals who visit our public website without logging in to an account or using our services.
Users: Individuals who establish an account with us or otherwise use our service offerings, including our financial
dashboard software. Together with our Terms of Use, this Privacy Policy governs the use of the Empower
Personal Dashboard™.
Participants: Individuals who are enrolled in an employee stock purchase plan (“ESPS participants”); a consumer-
directed healthcare plan (“CDH participants”); or a retirement plan (“retirement plan participants”). Note that in this
capacity, Empower is acting as a service provider to provide plan services to your current or former employer
(“plan sponsor”). In this context, we collect and process personal data pursuant to the instructions provided by the
Plan Sponsor.
Retail customers: Individuals who are enrolled directly with Empower for financial services. These products and
services include but are not limited to: IRA products, Empower brokerage, managed portfolios, Empower Personal
Cash™, and advisory services. Please note that data held by Empower for these “retail” products and services are
subject to the data-protection requirements of Gramm-Leach-Bliley and, as such, may be exempt from some data
privacy laws.
Insurance customers: Individuals who have engaged in or purchased insurance products from Empower.
Advisory clients: Individuals who open an Empower Personal Strategy®
account and become advisory clients of
Empower Advisory Group, LLC or become clients of our Wealth Management and Empower Advisory Services and
establish an Empower-managed investment account.
California employees, job applicants, and independent contractors: For information on how we collect,
process, and protect your personal information, as well as privacy rights applicable to you, please refer to our
Privacy Notice for California Employees, Job Applicants, and Independent Contractors.
4
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information:
- From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - From activity in your account (for
example, data from the administration
of your investments, balances, trades,
and elections). If you enroll in accountaggregation services, we may also
collect information from the accounts
that you linked as approved by you. - From our service providers and other
third parties - From your plan sponsor (your
employer or former employer) - From our suppliers, consumer and
insurance reporting companies, data
providers, and other third parties as
permitted by law - From other sources to complete
transactions initiated by you or
your representative (for example,
to transfer balances from another
retirement account into a new
retirement account) - We may have also obtained this
information from our affiliates or
if it was held by a business that
we acquired. - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Third-party identity-verification
providers and fraud-analysis
providers - Persons acting as a fiduciary or
representative capacity on your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining
to you, the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business. - For purposes otherwise permitted or
required by law.
Identifiers
This may include your real name, alias, postal address, unique personal identifier, online identifier, internet protocol
(IP) address, email address, account name, Social Security number, driver’s license number, passport number, or other
similar identifiers.
To whom this applies
This applies to visitors, users, participants, retail customers, insurance customers, and advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
5
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - From activity in your account (for
example, data from the administration
of your investments, balances, trades,
and elections). If you enroll in accountaggregation services, we may also
collect information from the accounts
that you linked as approved by you. - From our service providers and other
third parties - From your plan sponsor (your
employer or former employer) - From our suppliers, consumer and
insurance reporting companies, data
providers, and other third parties as
permitted by law - From other sources to complete
transactions initiated by you or
your representative (for example,
to transfer balances from another
retirement account into a new
retirement account) - We may have also obtained this
information from our affiliates or
if it was held by a business that
we acquired. - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Third-party identity-verification
providers and fraudanalysis providers - Persons acting as a fiduciary or
representative capacity on your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining to
you, the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business. - For purposes otherwise permitted or
required by law. - This includes categories listed in the California Records Statute [Cal. Civ. Code § 1798.80(e)].
Financial information*
This may include contact and financial information such as your name, signature, Social Security number, address,
telephone number, bank account number, or other financial information.
To whom this applies
We may collect this information from users, participants, retail customers, insurance customers, and advisory
clients. Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
6
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - From activity in your account (for
example, data from the administration
of your investments, balances, trades,
and elections). If you enroll in account
aggregation services, we may also
collect information from the accounts
that you linked as approved by you. - From our service providers and other
third parties - From your plan sponsor (your
employer or former employer) - From our suppliers, consumer and
insurance reporting companies, data
providers, and other third parties as
permitted by law - From other sources to complete
transactions initiated by you or
your representative (for example,
to transfer balances from another
retirement account into a new
retirement account) - We may have also obtained this
information from our affiliates or
if it was held by a business that
we acquired.
Plan sponsors or their agents - Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Third-party identity-verification
providers and fraudanalysis providers - Persons acting as a fiduciary or
representative capacity on your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining
to you, the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business. - For purposes otherwise permitted
or required by law.
Characteristics of protected classifications under state or federal law
This may include, for example, your age, marital status, gender, race, and medical conditions.
To whom this applies
We may collect this information from visitors, users, participants, retail customers, insurance customers, and
advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
7
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your
representative when you
communicate with us
through web, email, phone,
or
other correspondence;
complete applications and
forms for various products
or services; or provide other
information on our websites - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Third-party identity-verification
providers and fraud-analysis providers - Persons acting as a fiduciary or
representative capacity on your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable legal
requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control,
or for resolving customer disputes or
inquiries. - To protect the confidentiality or
security of our records pertaining to
you, the service or product, or a
specific transaction. - To improve the quality or safety of a
service or device that is owned,
manufactured, manufactured for, or
controlled by the business. - For purposes otherwise permitted or
required by law.
Biometric information
We collect government-issued ID images (front/back), selfie images/video, facial templates or embeddings
(biometric identifiers), and voice recordings/voiceprints for identity verification and fraud prevention.
To whom this applies
This applies to participants, retail customers, insurance customers, and advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
8
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From our service providers and other
third parties - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - We may have also obtained this
information from our affiliates or
if it was held by a business that
we acquired. - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Third-party identity-verification
providers and fraudanalysis providers - Persons acting as a fiduciary or
representative capacity on your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining
to you, the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business. - For purposes otherwise permitted or
required by law.
Internet or other similar network activity
This includes, but is not limited to, browsing history, search history, and information regarding a consumer’s interaction
with an internet website, application, or advertisement. For example, we collect your IP address and cookies from your
browser to recognize you and deliver a consistent experience when you visit our site and to measure the effectiveness of
our marketing. We also collect information about how you interact with our website as well as your preferences when you
elect to receive or opt out of cookies, communications involving email, texting, or telephone calls; these preferences apply
to Empower communications with you and are not shared with nor transferable to third parties.
To whom this applies
We may collect this information from visitors, users, retirement plan participants, retail customers, insurance customers,
and advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
While we do not share your personal information with third parties for monetary gain, some data privacy laws have a broader
definition of “sale” and “share” that may be applicable to the use of certain third-party cookies, tags, pixels, or web beacons
(collectively, “cookies”) on our websites or mobile applications. In this context, Empower and our advertising partners use cookies
and the advertising identifier associated with your mobile or internet-connected device.
9
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your representative •
From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - From activity in your account (for
example, data from the administration
of your investments, balances, trades,
and elections). If you enroll in account
aggregation services, we may also
collect information from the accounts
that you linked as approved by you. - From our service providers and other
third parties - From your plan sponsor (your
employer or former employer) - From our suppliers, consumer and
insurance reporting companies, data
providers, and other third parties as
permitted by law - From other sources to complete
transactions initiated by you or
your representative (for example,
to transfer balances from another
retirement account into a new
retirement account) - We may have also obtained this
information from our affiliates or
if it was held by a business that
we acquired. - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Third-party identity-verification
providers and fraudanalysis providers - Persons acting as a fiduciary or
representative capacity on your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining
to you, the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business. - For purposes otherwise permitted
or required by law.
Geolocation data
We collect your IP address from you when you visit our websites.
To whom this applies
This applies to visitors, users, retirement plan participants, retail customers, insurance customers, and advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
10
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - From activity in your account (for
example, data from the administration
of your investments, balances, trades,
and elections). If you enroll in account
aggregation services, we may also
collect information from the accounts
that you linked as approved by you. - From our service providers and other
third parties - From your plan sponsor (your
employer or former employer) - From our suppliers, consumer and
insurance reporting companies, data
providers, and other third parties
as permitted by law. We may have
obtained this information from our
affiliates or if it was held by a business
that we acquired. - From other sources to complete
transactions initiated by you or
your representative (for example,
to transfer balances from another
retirement account into a new
retirement account) - We may have also obtained this
information from our affiliates
or if it was held by a business that
we acquired. - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers (if
you are an advisory client) - Third-party identity-verification
providers and fraud-analysis
providers - Persons acting as a fiduciary or
representative capacity on your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining
to you, the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business. - For purposes otherwise permitted
or required by law.
Audio, electronic, visual, thermal, olfactory, or similar information
We collect voice recordings, voiceprint data, and pictures to verify your identity.
To whom this applies
This applies to retirement plan participants, retail customers, insurance customers, and advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
11
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - From activity in your account (for
example, data from the administration
of your investments, balances, trades,
and elections). If you enroll in account
aggregation services, we may also
collect information from the accounts
that you linked as approved by you. - From our service providers and other
third parties - From your plan sponsor (your
employer or former employer) - From our suppliers, consumer and
insurance reporting companies, data
providers, and other third parties
as permitted by law. We may have
obtained this information from our
affiliates or if it was held by a business
that we acquired. - From other sources to complete
transactions initiated by you or
your representative (for example,
to transfer balances from another
retirement account into a new
retirement account). We may have
also obtained this information from
our affiliates or if it was held by a
business that we acquired. - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Third-party identity-verification
providers and fraud-analysis
providers - Persons acting as a fiduciary
or representative capacity on
your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining
to you; the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business. - For purposes otherwise permitted
or required by law.
Professional or employment-related information
This may include information such as your job title, date of hire, employer name, and industry.
To whom this applies
This applies to retirement plan participants, retail customers, insurance customers, and advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
12
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - From activity in your account (for
example, data from the administration
of your investments, balances, trades,
and elections). If you enroll in account
aggregation services, we may also
collect information from the accounts
that you linked as approved by you. - From our service providers and other
third parties - From your plan sponsor (your
employer or former employer) - From our suppliers, consumer and
insurance reporting companies, data
providers, and other third parties
as permitted by law. We may have
obtained this information from our
affiliates or if it was held by a business
that we acquired. - From other sources to complete
transactions initiated by you or
your representative (for example,
to transfer balances from another
retirement account into a new
retirement account). We may have
also obtained this information from
our affiliates or if it was held by a
business that we acquired. - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Third-party identity-verification
providers and fraud-analysis
providers - Persons acting as a fiduciary
or representative capacity on
your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining
to you; the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business. - For purposes otherwise permitted or
required by law.
Inferences drawn from personal information
This includes inferences about your preferences, characteristics, psychological trends, predispositions, behavior, attitudes,
intelligence, abilities, and aptitudes to create a profile about you.
To whom this applies
This applies to visitors, users, retirement plan participants, retail customers, insurance customers, and advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
13
Continued on next page
Sensitive personal information
Certain information may be considered sensitive personal information depending on your state of residence. We may
collect the following sensitive personal information: government identifiers, certain financial account information, status as
a victim of a crime (in order to process certain hardship distributions for retirement plan participants), demographic information
that may be considered sensitive, your citizenship status (in order to verify eligibility as an Empower Personal Cash
customer), and biometric data. If you are a CDH participant, we will also collect your health information to provide our services
to you. We limit our collection, use, and disclosure of this category of personal information to that which is necessary
to provide our services to you or for another permitted business purpose under applicable data privacy laws, such as
detecting security incidents. We do not use this information to infer characteristics about you.
To whom this applies
This applies to retirement plan participants, retail customers, insurance customers, and advisory clients.
Retention
We retain this information until all applicable legal and business obligations are fulfilled.
We do not sell this category of personal information or share it with unaffiliated third parties for the purpose of targeted
advertising; we may, however, disclose this information to third parties for a business purpose as described below.
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From you or your representative
when you communicate with us
through web, email, phone, or
other correspondence; complete
applications and forms for various
products or services; or provide other
information on our websites - From your device when you browse
our websites or mobile applications
and from tracking technologies in
emails that we or our suppliers send
to you - From activity in your account (for
example, data from the administration
of your investments, balances, trades,
and elections). If you enroll in account
aggregation services, we may also
collect information from the accounts
that you linked as approved by you. - From our service providers and other
third parties - From your plan sponsor (your
employer or former employer) - From our suppliers, consumer and
insurance reporting companies, data
providers, and other third parties
as permitted by law. We may have
obtained this information from our
affiliates or if it was held by a business
that we acquired. - Plan sponsors or their agents
- Our service providers
- Our banking provider (if you are an
Empower Personal Cash customer) - Our custodial brokerage providers
(if you are an advisory client) - Nonaffiliated third parties
- Third-party identity-verification
providers and fraud-analysis providers - Persons acting as a fiduciary or
representative capacity on your behalf - Our affiliates and subsidiaries
We may also disclose this information
in connection with a proposed or actual
sale, merger, transfer, or exchange of all
or part of our business.
For more information on these
types of recipients, please see
How We Share Data. - To provide our services and products
to you or the plan sponsor of your
retirement plan. - To detect security incidents and
protect against or prevent actual
or potential fraud, unauthorized
transactions, claims, or other liability. - To comply with federal, state, or local
laws, rules, and other applicable
legal requirements. - To comply with a properly authorized
civil, criminal, or regulatory
investigation or subpoena. - For institutional risk control, or
for resolving customer disputes
or inquiries. - To protect the confidentiality or
security of our records pertaining
to you; the service or product, or
a specific transaction. - To undertake internal research
for technological development
and demonstration. - To verify, maintain, or improve the
quality or safety of a service or
device that is owned, manufactured,
manufactured for, or controlled by
the business.
14
We collect this information from
the following sources:
Categories of third parties with
whom we disclose this category of
personal information:
Business purpose for collecting
and disclosing this information: - From other sources to complete
transactions initiated by you or
your representative (for example,
to transfer balances from another
retirement account into a new
retirement account). We may have
also obtained this information from
our affiliates or if it was held by a
business that we acquired. - For purposes otherwise permitted
or required by law.
How we use data
Empower uses your personal information to respond to your requests and inquiries and provide you with services
and products you receive from us. In the event you are enrolled in a retirement plan that is administered by Empower
pursuant to a services agreement with the plan sponsor of your retirement plan (your employer or former employer),
Empower will process your data to perform its services to the plan sponsor. If you contract directly with Empower or its
affiliates for other services offered by Empower to individual customers, such as advisory services, financial products, or
financial wellness services, Empower will use your data to process transactions and perform its obligations in connection
with such services. Empower will also use your data as permitted by law to make you aware of other financial products or
services that may be of interest to you.
Empower will use your data for other purposes as permitted by law, including to protect your interests and ours in the
detection, prevention, and mitigation of fraud; to meet the requirements of applicable laws and regulations; to comply
with requests of regulators with jurisdiction over our services; and for product development and delivery.
We do not collect nonpublic personal education information as defined in the Family Educational Rights and Privacy Act
(20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
15
How we share data
We limit the information we share and the parties we share it with. What we share depends on the types of products or
services you have procured and applicable law.
Further, personal information may be shared as necessary to effect, administer, or enforce a transaction you request or
authorize, with your consent, at your direction, or as allowed by applicable law. Your health information will not be shared
except as required or permitted by law. The chart below describes the categories of third parties with whom we share
your data.
Sharing category What do we share and why?
Plan sponsors If you are enrolled in a retirement plan offered by a plan sponsor (your employer or former
employer), your personal information may be shared with the plan sponsor and with that plan
sponsor’s third-party administrators, advisors, service providers, and other third parties as
authorized or directed by the plan sponsor.
Our service providers Like most businesses, we use third-party service providers to deliver some of the services
mentioned in this Privacy Policy. In doing so, we provide some of your data (including your
personal information) to those third-party service providers on a need-to-know basis. Our
contracts with those service providers require them to safeguard your information and prohibit
them from using your data for any purpose other than to provide services to us or improve
their services.
Empower Personal Cash
account service provider
If you are an Empower Personal Cash customer, you will own a program account provided
through the bank provider. The bank provider for our Empower Personal Cash customer
program accounts is UMB Bank, National Association (UMB), and we will share detailed
account information with UMB. Our contract with UMB requires them to treat your
information as confidential information. UMB’s Privacy Policy is available here.
Identity-verification and
fraud-analysis providers
We will share some of your personal information and detailed account information with
third-party identity-verification providers and fraud-analysis providers for the sole purpose
of verifying your identity and preventing fraudulent transactions. These providers are
required under contract with us to safeguard your information and not provide it to any third
parties except as required to provide services or as otherwise required by law, regulation, or
court order.
Your brokerage account(s) If you are an Advisory Client or Retail Customer of Empower, you will have a custodial
brokerage account that will hold your personal portfolio. Our custodial brokerage provider for
these accounts is Pershing, and we will share detailed advisory account information with them.
You will have direct visibility, access, and interaction with Pershing while you are an Empower
Advisory Client or Retail Customer. Pershing’s Privacy Policy is available here.
Affiliate sharing Certain personal information may be shared among our affiliates as permitted by law to
provide our services to you, to make it easier to do business with us, and for their everyday
business purposes. We do not share your personal information with affiliates for their
marketing purposes. From time to time, we may make you aware of products and services that
are available from our affiliates. Our affiliates are listed below in this policy and include, but are
not limited to, our broker-dealer, our advisory service provider, and our trust company.
Continued on next page
16
Sharing category What do we share and why?
Security, legal, and
regulatory sharing
We also reserve the right to disclose information about you that we believe, in good faith,
is appropriate or necessary to (i) take precautions against liability; (ii) protect ourselves or
others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend
ourselves against any third-party claims or allegations; (iv) protect the security or integrity of
the services we provide and any facilities or equipment used to make those services available;
(v) comply with any law or regulatory requirement, including pursuant to a subpoena, court
order, or other legal process; or (vi) protect our property or other legal rights (including, but not
limited to, enforcement of our agreements) or the rights, property, or safety of others.
Deidentified or pseudonymous data
We maintain and use deidentified data in such a way that any information can no longer be linked to you or any device
associated with you. After data has been deidentified, i) we maintain and use such deidentified data without attempting
to reidentify the data or reassociate it with specific individuals; ii) we take reasonable measures to ensure the information
cannot be reassociated with you or your household; and iii) previously implemented technical and organizational
safeguards as well as business processes prohibit the reidentification of your information. Such data is used for research
and benchmarking purposes. We contractually obligate all recipients of deidentified data to comply with applicable laws
pertaining to deidentification, and we monitor compliance with any contractual commitments.
Children
Empower does not knowingly collect personal information from children under the age of 16 without seeking prior
parental consent (if required by applicable law). We only use or disclose personal information about a child to the extent
permitted by law, to seek parental consent pursuant to local law and regulations, or to protect a child. The definitions of
“child” or “children” may be slightly different as set forth in various applicable laws.
17
Security
We use physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, and availability
of your personal information. Any third-party service providers with whom we share your personal information agree to
maintain the confidentiality and security of the personal information and use it solely to provide their services to us. In
addition, Empower provides the Empower Security Guarantee to its customers and participants as described here.
Website and mobile application use
When you access our websites or mobile applications, we or our third-party suppliers use a variety of technologies, such
as tags and web beacons, that automatically collect data (such as: without limitation, your device type, browser type,
internet protocol address, operating system used, number of visits, average time spent on the site, and pages viewed).
This data is used to operate the websites more efficiently, maintain the security of your online session, improve our
websites’ design and navigation, and perform online advertising (where permitted by law). If you have created an account
with us, we may combine the data collected through the tracking systems described herein with other information we
know about you as permitted by law. We use this information internally to provide you with a better user experience and
offer you products and services that may be of interest to you.
We use session replay technology to help us understand how you interact with our website and to improve your
experience. This technology captures your interactions—such as clicks, scrolling, and typing behavior—so we can identify
usability issues and optimize our content. Sensitive information is automatically masked, and we do not use Session Replay
to collect or store passwords, credit card numbers, or other sensitive data.
Some of our websites include links or navigation to third-party sites. These third-party sites may include informational sites,
sites providing financial wellness tools and services, or services offered to you solely by a third party, as further described in
the disclosures provided on such sites.
Cookies and web beacons
A cookie is a piece of information that is stored on your computer, tablet, phone, or other device by your web browser. Web
beacons (also known as clear GIFs, web bugs, or pixels) are small graphics with a unique identifier that are embedded
invisibly on web pages. Empower and third-party service providers we hire may use such cookies and web beacons
(collectively referred to below as “cookies”) to track the online movements of users of our websites and mobile applications
and collect other data such as IP address, type of device used, and browser information. Empower and its third-party
service providers use such data to customize your experience on our website and personalize our communications
with you. With respect to emails that are sent to you, we or our service providers also use cookies and web beacons to
determine when you receive and open our emails, whether you click any links in the email, and other information about the
device from which you access the email as permitted by law.
If you do not want to have cookies on your computer or device, you can use the link at the bottom of the webpage that is
titled “Do not sell or share my personal information” to access a cookie manager through which you may refuse or deny
certain types of cookies. Additionally, you can use the settings or tools offered on your browser to delete cookies that have
already been stored. If you refuse or delete cookies, you may notice an impact on your use of Empower’s (and its affiliates’)
websites; for example, you may not be able to sign in and access your account without additional authentication, or we may
not be able to recognize you, your device, or your online preferences.
18
Do not track and global privacy control
Some web browsers have the ability to activate a “do not track” signal. At this time, Empower does not respond to “do
not track” signals; however, you may exercise your right to opt out of the sale and sharing of your personal information
through the use of the Global Privacy Control (GPC) signal, which allows you to communicate your privacy preference
without having to make individualized opt-out requests. To learn more about the GPC and how you can use it to opt out
of the sale or sharing of your personal information, visit its website here. If you’ve enabled the GPC signal in your browser,
we will honor your opt-out request as communicated via the GPC signal. Please note that these opt-outs are specific to the
device or browser you’re using, so you’ll need to opt out again when you use a different device or browser, change your
browser settings, or clear your cookies.
Analytics
We use a tool called Google Analytics to help us understand how you interact with our website and mobile applications,
market our products and services to you, and improve the user experience, or regarding your receipt and access to
information in emails we send to you. Google Analytics collects information such as how often users visit our websites,
what pages they visit when they do so, and what other sites they used to navigate to this site. For more information about
how Google uses data, visit “How Google uses information from sites or apps that use our services.”
Interest-based advertising and communications
Empower advertises its products and services on its websites and mobile applications and on websites not affiliated with
Empower, and we contract with third-party advertisers to place those advertisements. Empower and its suppliers may
also send you advertising and communications that are tailored to you, or provide you with products or services that
may be of interest to you, based on information that we or such third-party service providers have collected about you.
Such advertising may include advertising on websites not affiliated with Empower, such as social media platforms. Our
third-party advertising providers might use information collected from cookies or beacons about your use of our websites
to provide interest-based advertisements based on your online activity as permitted by applicable law. If you would like
information about how to opt out of such interest-based advertising, you may find more information through the Network
Advertising Initiative here.
You can also opt out of this type of advertising through the GPC described above; if you reside in Connecticut, Minnesota,
New Hampshire, Oregon, Texas, or Virginia, you do not need to opt out of this type of advertising because this has already
been done on your behalf.
19
Additional privacy rights under applicable
state laws
Under the Health Insurance Portability and Accountability Act (HIPAA), and state data privacy laws, you may have
additional privacy rights as described below. As of the date of this privacy notice, this includes residents of California,
Connecticut, Minnesota, New Hampshire, Oregon, Rhode Island, Texas, and Virginia (“you” or “your”). If you are an ESPS
participant, CDH participant, or retirement plan participant, you will need to contact the plan sponsor (current
or former employer) to submit a request.
Right to access
Subject to exemptions under applicable law, you have the right to request that we disclose certain information to you
about our collection, use, and disclosure of your personal data.
Specifically, you have the right to request all of the following: - The categories of personal information we have collected about you.
- The categories of sources from which the personal information was collected.
- The business or commercial purpose for which we collected or sold the personal information.
- The categories of third parties with whom we share personal information.
- The categories of personal information that we sold and, for each category identified, the categories of third parties to
whom we sold the particular category of personal information. - The categories of personal information that we disclosed for a business purpose and, for each category identified, the
categories of third parties to whom we disclosed that particular category of personal information. - The specific pieces of personal information we have collected about you.
Right to obtain a list of third parties:
If you live in Minnesota or Oregon, you have the right to request a list of third parties to whom we have disclosed your
data. Upon receipt of your request, we will provide you with a list of specific third parties to whom we have disclosed your
personal data or a list of third parties to whom we have disclosed any consumers personal data.
Right to correct
You have the right to request correction of your personal data that is inaccurate. Once we receive your verifiable request,
we will use commercially reasonable efforts to correct the inaccurate personal data as described in your request. You may
be required to provide additional documentation if necessary to determine the accuracy of your personal data.
Right to delete
You have the right to request that we delete any of your personal data that we collected from you and retained, subject
to certain exceptions. Once we receive and confirm your verifiable request, we will deidentify or delete (and, if applicable,
direct our service providers to delete) your personal data from our records, unless an exception applies.
20
Right to limit use and disclosure of sensitive personal information
If you are a California resident, you also have the right to limit the collection and processing of your sensitive personal
information. We limit the collection, use, and disclosure of your sensitive personal information to that which is necessary to
provide our services to you or for another permitted purpose under applicable law (such as detecting security incidents),
and we do not use this information to infer characteristics about you. Our service providers are contractually obligated to
limit their use and disclosure of your sensitive personal information to that which is necessary for the business purpose
set forth in our contract with them. Since we already limit the collection and use of your sensitive personal information, an
opt-out is not necessary.
Right to opt out
You have the right to opt out of the sale of your personal data as well as the processing of your personal data for the
purposes of targeted advertising and certain instances of profiling. If you reside in a state that requires an opt-out for
targeted advertising (as such term may be defined under applicable law), we will not engage in such activities and will not
engage in “profiling” in any way that would require an opt-out.
If you wish to opt out of the sale or sharing of your personal data pertaining to Empower’s use of third-party cookies as
described here, you may do so by clicking on the Do not sell or share my personal information link at the bottom of this
webpage, or if you are using a mobile app, by opting out in the Privacy Preference Center under the Settings section
of your profile. In the future, if you change browsers or devices, or clear your cookies, you will need to opt out again
as described above. You may also opt out of the sale and sharing of your personal information through Global Privacy
Control as described above.
Please note that Empower will continue to share your data with service providers as permitted by law and described in this
Privacy Policy.
Exercising your rights
PARTICIPANTS: If you are a Participant (including ESPS participants, CDH participants, and retirement plan participants),
please contact your plan sponsor (employer or former employer) to submit a request.
USERS: If you are a User and have an Empower dashboard account, you can submit a request via a support ticket through
your account. If you are a resident of California or Texas you may submit a request via a support ticket through your
account or by emailing support@personalwealth.empower.com
ALL OTHER REQUESTS: For all other requests you can exercise your privacy rights by filling out a Privacy Request Form
and emailing it to privacymatters@empower.com or call our toll-free number at 855-756-4738; additionally, if you are
an Advisory Client, you can contact your financial advisor to correct your personal information. In certain circumstances, if
we believe it is necessary to authenticate your request and protect the security of your information, we may require
additional information.
We may deny your request in the event there is an exemption under applicable law that pertains to your request or if we
are not able to verify your identity.
Designating an authorized agent
You may use an authorized agent to submit a request on your behalf. To do so, the authorized agent should provide a
copy of your signed authorization to privacymatters@empower.com. You will also be required to verify your identity
directly with us or confirm that you provided the authorized agent with permission to submit a request on your behalf.
21
Responding to requests and your appeal rights
Upon receiving your request, we will confirm receipt of your request as required by applicable law. Such confirmation will
include our verification process and when you should expect a response. We will respond to a verifiable consumer request
as required by law. If we require more time (if permitted by applicable law), we will inform you of the reason and extension
period in writing.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or
manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and
provide you with a cost estimate before completing your request.
If we decline to take action on your verifiable request, we will provide you with a notice that includes our reason for not
taking action and instructions for submitting an appeal. Should you wish to submit an appeal, you will have 60 days from
the date of the notice to do so. You may submit your appeal by emailing us at privacymatters@empower.com.
Nondiscrimination
We will not discriminate or retaliate against you for exercising any of your rights under applicable consumer privacy laws.
To the extent prohibited by applicable law, we will not: - Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or
imposing penalties. - Provide you with a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services, or a different level or quality of goods or
services.
However, we may offer you certain financial incentives permitted by applicable law that can result in different prices, rates,
or quality levels. Any legally permitted financial incentive we offer will reasonably relate to your personal information’s
value and contain written terms that describe the program’s material aspects. Participation in a financial incentive
program requires your prior consent, which you may revoke at any time.
International data transfers
EU-U.S. Data Privacy Framework (EU-U.S. DPF) and UK Extension
This section only applies to you if you are an ESPS participant and reside in the United Kingdom, a member state of the
European Union, or the European Economic Area.
“Data Protection Legislation” means, as applicable to a party and its Processing of Personal Data: (i) CCPA and any state or
national data protection laws made under the CCPA, and (ii) EU Data Privacy Framework, including the UK Extension to the
EU-U.S. DPF;
“EU/UK Data Privacy Framework” means: (i) Regulation 2016/679 of the European Parliament and of the Council on the
protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data
(General Data Protection Regulation) (the “GDPR”); (ii) the GDPR as saved into United Kingdom law by virtue of section 3
of the United Kingdom’s European Union (Withdrawal) Act 2018 (the “UK GDPR”); (iii) the EU e-Privacy Directive (Directive
2002/58/EC); and (iv) all applicable national data protection laws made under, pursuant to or that apply in conjunction with
any of (i), (ii) or (iii); in each case as may be amended or superseded from time to time;
22
“Personal Data” means any information that (i) is protected as “personal data,” “personal information,” or “personally
identifiable information” under Data Protection Legislation.
Empower Stock Plan Services (“ESPS) complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) and the
UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. ESPS is responsible for the processing
of personal data it receives, under these data protection legislation frameworks, and subsequently transfers to a third
party acting as an agent on its behalf. In addition to compliance with current Data Protection Legislation, ESPS complies
with the EU-U.S. DPF Principles for all onward transfers of personal data from the EU, and to the UK Extension to the
EU-U.S. DPF Principles with regards to onward transfers of personal data from the UK, including the onward transfer
liability provisions.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, ESPS commits to cooperate and comply
respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK
Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human
resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the
employment relationship.
Onward Transfers
ESPS may provide Personal Data to third parties performing services on ESPS’s behalf for the benefit of such individuals
whose Personal Data is being disclosed (agent third parties) provided that such third parties have agreed in writing with
ESPS that they will provide at least the same level of privacy protection as is required by the Principles. Such agent third
parties may include the following: - Web hosting service providers that host Empower Stock Plan Services software and servers,
- Financial brokers where the client entity or individual has a brokerage account and authorized Empower Stock Plan
Services to share data for equity transaction execution, - Client entity transfer agent/ share registrars providing share settlement and delivery services,
- Client entity payroll/ HR system providers,
- Client entity accounting system or service providers,
- Data exchange service providers where the client entity has requested system integration and a data exchange service
provider is used to format, configure, or exchange the data as requested.
Other than as permitted in the prior paragraph, prior to disclosing Personal Data for any other purpose, ESPS shall
notify the individual or company administrator employee of such disclosure and allow the individual the choice (opt out)
of such disclosure. ESPS shall ensure that any third party for which Personal Data may be disclosed subscribes to the
Data Protection Legislation or are subject to law providing the same level of privacy protection as is required by the Data
Protection Legislation and agree in writing to provide an adequate level of privacy protection.
With respect to our agents, we will transfer only the Personal Data covered by this Privacy Policy needed for an agent
to deliver to ESPS the requested product or service. Furthermore, we will (i) permit the agent to process such Personal
Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection
as is required by the Data Protection Legislation; (iii) take reasonable and appropriate steps to ensure that the agent
effectively processes the Personal Data transferred in a manner consistent with ESPS’s obligations under the Data Privacy
Legislation; and (iv) require the agent to notify ESPS if it makes a determination that it can no longer meet its obligation
to provide the same level of protection as is required by the Data Privacy Legislation. Upon receiving notice from an
agent that it can no longer meet its obligation to provide the same level of protection as is required by the Data Privacy
Legislation, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.
23
ESPS remains liable under the Data Privacy Legislation if an agent processes Personal Data covered by this Privacy Policy
in a manner inconsistent with the Data Privacy Legislation, except where ESPS is not responsible for the event giving rise
to the damage.
Recourse, Enforcement, and Liability
With respect to personal data received or transferred pursuant to the EU-U.S. DPF or the UK Extension to the EU-U.S. DPF,
ESPS is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. With respect to personal
data received or transferred pursuant to the EU-U.S. DPF or the UK Extension to the EU-U.S. DPF, in certain situations,
ESPS may be required to disclose personal data in response to lawful requests by public authorities, including to meet
national security or law enforcement requirements.
In compliance with the EU-U.S. Data Privacy Framework program and the UK Extensions to the EU-U.S. DPF Principles,
ESPS commits to resolve complaints about your privacy and our collection or use of your personal information transferred
to the United States pursuant to the DPF Principles. European Union, United Kingdom individuals with DPF inquiries or
complaints should first contact ESPS at:
Empower
Attn: Vice President, Privacy Compliance
8525 E Orchard Rd, 2T3
Greenwood Village, CO 80111
ESPS has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute
resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely
acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.
org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This
service is provided free of charge to you.
Finally, as a last resort and under limited circumstances, if your DPF complaint cannot be resolved through the above
channels, EU and UK individuals may invoke binding arbitration for some residual claims not resolved by other redress
mechanisms. See Data Privacy Framework.
24
Notice to Nevada residents
We are providing you this notice under Nevada state law. You may ask to be placed on our internal Do Not Call List by
contacting us.
In addition to contacting us, Nevada residents can contact the Bureau of Consumer Protection, Office of the Nevada
Attorney General, in writing at 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; by calling 702-486-3132; or by
emailing AgInfo@ag.nv.gov.
Modifications to our Privacy Policy
We may modify or amend this privacy policy from time to time as the need arises. We advise you to visit our website
regularly to check for any amendments. Any material changes will be communicated to you in accordance with applicable
law through an appropriate channel, depending on how we normally communicate with you.
Requests, questions, or complaints
To submit privacy-related questions, requests, or complaints, please call our toll-free number at 855-756-4738 or send
us an email at privacymatters@empower.com. Please do not put any confidential or personal account information in an
email request. In addition, you may contact us by mail via the address below:
Empower
Attn: Vice President, Privacy Compliance
8525 E. Orchard Rd., 2T3
Greenwood Village, CO 80111
25
About us
The policy is applicable to the following family of companies and brands: - Empower Retirement, LLC
- Empower Annuity Insurance Company of America
- Empower Life & Annuity Insurance Company of New York
- Empower Plan Services, LLC
- Empower Advisory Group, LLC
- Empower Financial Services, Inc.
- The Canada Life Assurance Company (U.S. operations)
- Great-West Life & Annuity Insurance Company of South Carolina
- Empower Capital Management, LLC
- Empower Funds, Inc.
- Empower Trust Company, LLC
- Empower Holdings, LLC
- Empower Annuity Insurance Company
- TBG Insurance Services Corporation
- MC Insurance Agency Services, LLC
- Mullin TBG Insurance Agency Services, LLC
- COMOSA REIT Corp.
- Empower Personal Wealth, LLC
- Personal Capital Services Corporation
- Empower Services Holdings US, LLC
- PAFI, LLC
- PAFL, LLC
- Empower Stock Plan Services, LLC
Last updated: February 13, 2026
Securities, when presented, are offered and/or distributed by Empower Financial Services, Inc., Member FINRA/SIPC. EFSI is an affiliate
of Empower Retirement, LLC; Empower Funds, Inc.; and registered investment adviser Empower Advisory Group, LLC. This material is for
informational purposes only and is not intended to provide investment, legal, or tax recommendations or advice.
“EMPOWER” and all associated logos and product names are trademarks of Empower Annuity Insurance Company of America.