Client Privacy Policy

.

Effective Date: June 12, 2024
This Notice was last updated: June 12, 2024

This Privacy Policy (“Policy”) describes how Chevy Chase Trust Company and our brands and subsidiaries (collectively “CCT,” “we,” “us,” and “our”) collect, use, and disclose your Personal Information when you visit any of our websites (the “Sites”) or otherwise interact with any of our features or services that reference this Policy (collectively, the “Services”). This Policy also explains how you can exercise certain rights you may have in connection with your privacy and personal information. 

Your use of our Services, and any dispute over privacy, is subject to this Policy

For ease of reference, you may click on any of the following links to jump to one of the sections addressed below:

  1. Scope of this Privacy Notice
  2. Our Commitment to You
  3. Changes to this Policy
  4. Personal Information We Collect, Use and Share
  5. Information Regarding Children
  6. Your Privacy Rights
  7. Your GDPR Privacy Rights
  8. Retention and Disposal of Personal Information
  9. Securing Personal Information
  10. Legal Disclaimers
  11. Updates to This Policy
  12. Contact Us

Scope of this Privacy Policy

This Policy covers only the Services identified above and does not apply to information that you may send us by other means. We take a layered approach to our privacy statements. This Policy applies to our handling of Personal Information if you are a client of CCT through either a separately managed account, a trust or estate for which CCT serves as fiduciary, a beneficiary of a trust or Individual Retirement Account at CCT, or an investor in a fund, collective investment trust or other investment vehicle for which we act as investment advisor (collectively, “Clients”). 

For more information regarding our general privacy practices, please visit our Website Privacy Notice available at https://www.chevychasetrust.com/privacy-policy/

If you are within or are a resident of a member nation of the EUROPEAN ECONOMIC AREA (the “EEA,” which includes the 27 European Union Member States, Iceland, Lichtenstein and Norway), Switzerland or the United Kingdom (“UK”) (collectively, the “EU”), these Services may apply to you.

Our Commitment to You

Our privacy commitments are fundamental to the way we run our business. These commitments apply to everyone who has a relationship with us – including customers, partners and website visitors. We are committed to providing you with the best overall experiences in all of our products and services. We strive to strike the right balance between using your data to ensure the quality of those experiences and protecting your privacy.

Changes to This Privacy Policy

CCT reserves the right to make changes to this Policy at any time. Our Policy’s effective date will always be set forth at the beginning and end of the Policy. Any changes will be immediately incorporated into this Policy and will be prospective only. We will not make any changes that have retroactive effect unless legally required to do so.

Any material change to this Policy is effective immediately, and Clients will receive notice of this change. Per Federal Law, Clients will be notified at least annually if this Policy changes. Your continued use of the Services after any changes are made to this Policy constitutes your acceptance of the changes. If any changes are unacceptable to you, you should cease all use of the Services.

Personal Information We Collect, Use and Share

Personal information is generally defined as information that, by itself or in combination with other information, identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device, or household (“Personal Information”). Personal Information can include, but is not limited to, your name, address, telephone number, email address, username and password, IP address or other online identifiers, browsing or search history, credit/debit card number or other financial information, professional or employment-related information, office address and other business information, demographic information, consumer preferences, biometric information such as fingerprints, precise location information, or any other type of information that, directly or indirectly, can be linked to or is reasonably capable of being associated with you.

We will only collect, use and share your personal information where we are satisfied that we have a legal basis to do so. In these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights. We will not take any action that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

When using the Services, we may collect, use, and share the following categories of Personal Information from you in the following ways:

Categories of Personal Information We Collect:

  • Contact information such as your name, email, phone number, and address. 
  • We may collect information related to investment goals and preferences, risk tolerance, future financial needs, and any other information that you may, at your option, choose to provide or withhold. 
  • We may collect information such as bank account details, wire-transfer instructions, Tax ID Number or Social Security Number, and other financial or tax-related information.  
  • Message contents if you contact us, such as when you send us an email, included attachments, we may collect records and copies of your correspondence, including your name, email, and any other information you choose to provide or communicate to us while using the Services.
  • Preferences you may select regarding communication and the types of Services you use.  
  • If you login via our business partner portal on the Site, our business partner may collect information such as your username, which is your email address, and password. Refer to the Wealth Access (wealthaccess.com) Security Privacy Policy for more information.  

We May Collect This Personal Information When You:

  • Create a new CCT account.  
  • Update an existing CCT account.
  • Need to verify your identity for Services.
  • Send us an email or other correspondence.  
  • Update your account preferences, including preferred billing method and method of communication.  
  • Create a new web portal account.  
  • Log into the web portal online.  
  • Become locked out of your account or forget your login information and need to re-validate login credentials.  

We Collect This Personal Information So That We May:

  • Operate our Business. We use Personal Information to allow you to use our Services and otherwise run our day-to-day operations.
  • Communicate with You. We may use Personal Information to communicate with you about our Services, and to respond to your inquiries, including if you contact us with a question or concern.
  • Evaluate and Improve our Services. We may use the Personal Information we collect to evaluate and improve our Services and to measure, improve, and understand the effectiveness of our Services and their features. We may also use this information to develop new Service offerings.  
  • Conduct Marketing and Advertising. We may use Personal Information to contact you with surveys and information regarding our Services. This may include commercial emails sent on behalf of us.
  • Take Security Measures. We may use Personal Information to mitigate fraud and protect CCT.
  • Comply with Legal Requirements. We may use Personal Information to comply with lawful court orders, law enforcement requests, or other legal requirements.
  • Troubleshoot your online account. In case of any web portal login issues or a forgotten username and/or password, we may require additional information to help you log in. 
  • Conduct Other Operations. We may use Personal Information for purposes not provided for in this Notice, but if we do, we will notify you (and, if necessary, obtain your consent) before using your Personal Information in this way.

Types of Third Parties That May Receive This Personal Information

  • We disclose information we collect from you to service providers, consultants, auditors, attorneys, vendors, contractors, or agents who perform functions on our behalf. This includes entities that host our Site, perform research and development, and assist us in performing analytics on our Site.
  • We disclose the information we collect from you to our affiliates, where a pre-existing relationship already has been established.
  • We may disclose your information to others when it is necessary to provide the Services you requested.
  • If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our shares or assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your personal information with lenders, auditors, and advisors, including attorneys and consultants.
  • We disclose Personal Information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
  • We disclose Personal Information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Policy, or as evidence in litigation in which we are involved.
  • We may disclose Personal Information for a new use or purpose not described in this Policy. We will notify you before disclosure, if necessary, and provide you with the choice of opt-in or opt-out consent.

Information Regarding Children

The Services are intended for individuals 18 years of age and older. Our Services are not directed at, marketed to, nor intended for, children under 16 years of age. CCT does not knowingly collect, use, or sell any information, including Personal Information, directly from children under 16 years of age.

If children under 16 years of age are named as a beneficiary with respect to an account or in a will or trust, personal information may be collected from the parent(s) or legal guardian(s) with their consent. If CCT learns that it has collected any information regarding a person younger than 16 years of age without consent, CCT will delete or destroy the information immediately.

If there is concern that information regarding a person younger than 16 years of age was somehow collected by CCT, any minor, or the parent(s) or legal guardian(s) of such minor, who wishes to request the removal of the minor’s information should submit their request by using the contact details provided in the “Contact Us” section below.

Your Privacy Rights

Under the Gramm-Leach Bliley Act (GLBA), Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. The types of personal information we collect and share depend on the product or service you have with us. All financial companies need to share customers’ personal information to run their everyday business.

Currently, CCT does not share any information regarding a Client’s creditworthiness, we do not share information with affiliates for purposes of marketing, and we do not permit nonaffiliates to market to you.   If this policy should change, you will receive prior written notice, and Federal law gives you the right to limit our sharing in regard to the matters described in this paragraph.

When you are no longer our customer, we continue to share your information as described in this notice. However, you may use the contact details provided in the “Contact Us” section below at any time to limit our sharing.

Affiliates: Companies related by common ownership or control, such as ASB Capital Management LLC.

Nonaffiliates: Companies not related by common ownership or control. They can be financial and nonfinancial companies.

We provide you with certain rights regarding your personal data, subject to certain exceptions and limitations. Those rights include –

  1. Right to request access to the personal data we have collected about you, restrict the processing of specific pieces of personal information we collected about you and learn how we collect this information, our purpose in collecting it,
  2. Right to correct or delete the personal data we have collected from you,
  3. Right to opt-out of the sale or sharing of your personal data,
  4. Right to limit use and disclosure of sensitive personal information, if applicable, and
  5. Right not to receive discriminatory treatment for the exercise of [the relevant] privacy rights conferred by applicable laws.

If applicable under the California Privacy Rights Act (CPRA), “Sensitive personal information” means: (A) personal information that reveals your social security, driver’s license, state identification card, or passport number; account log‐in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of your mail, email and text messages, unless we are the intended recipient of the communication; genetic data; and the processing of biometric information for the purpose of uniquely identifying you; (B) personal information collected and analyzed concerning your health; or (C) personal information collected and analyzed concerning your sex life or sexual orientation. Note that “Sensitive personal information” excludes information that is made publicly available.

We do not use or disclose sensitive personal information for purposes to which the right to limit use and disclosure applies under the California Consumer Privacy Act (CCPA).

If you would like to access, review, edit, delete or have us properly dispose of any copies of the Personal Information that CCT collected about you (subject to any applicable legal exceptions), or if you would like to exercise the above rights in any other way, please contact us at [email protected] or use the mailing address provided in the “Contact Us” section below.

You may be able to opt out of CCT sharing your Personal Information with the entities identified in this Policy by sending us an email at the address above, unless the sharing of your Personal Information is necessary to perform one of the following business purposes: to count ad impressions and evaluate their effectiveness; to detect, protect against, and prosecute security incidents; to debug or troubleshoot functional errors that may arise with the Services; to complete short-term tasks related to an existing interaction you have with CCT; to maintain or service your account; to process payments and fulfill orders or other transactions you authorize; to verify your customer information; and to ensure the safety and quality of the Services.

CCT will attempt to accommodate any request to delete or properly dispose of any copies of your Personal Information, but we cannot guarantee we can eliminate all Personal Information from the specified uses. Therefore, please be as specific as possible in any request to delete or dispose of copies of your Personal Information. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise to perform a contract we entered into with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546);
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • Comply with a legal obligation; or
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

If you choose to delete certain portions of your Personal Information, it may affect your ability to use certain Services. If the request relates to information that CCT needs to make the Site or other Services function properly for you, you may no longer be able to use those Services. Any removal of content by CCT does not ensure or guarantee complete or comprehensive removal of the content in all places. The content may have been shared or reposted by other parties, or federal or state law may require maintenance of the content or information.

You may grant an authorized agent written permission to submit requests regarding your Personal Information, but we may deny authorized agent requests absent proof that you authorized such agent to act on your behalf, or if we are unable to verify your identity.

CCT is required to verify the identity of any person or entity that requests the disclosure or deletion of Personal Information. If you have a password-protected account with us, we will use our existing authentication procedures to verify your identity. For most other consumer requests, CCT will ask you to provide information that matches at least two pieces of personal information we store about you before responding to your request. If you would like to request the specific pieces of your personal information that CCT has collected, or if you would like us to delete highly sensitive information, you will need to match at least three pieces of information we store about you, and you must provide a signed declaration under penalty of perjury that you are the consumer whose personal information you are requesting.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We may send periodic promotional emails to you. You may opt out of promotional emails by following the opt-out instructions contained in the email. If you opt out of receiving promotional emails, we may still send you emails about other services you have requested to receive from us.

Your GDPR Privacy Rights

European Economic Area (EEA) residents should be aware that you may be entitled under applicable data protection laws to the following rights with regard to CCT’s collection, use and sharing of your Personal Information:

  • Right to object to certain data processing: To the extent that CCT is relying upon the legal basis of legitimate interest to process your personal data, then you have the right to object to such processing, and CCT must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where CCT needs to process the data for the establishment, exercise or defense of legal claims. Where CCT relies upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
  • Information and access: You have the right to be provided with certain information about CCT’s processing of your personal data and access to that data (subject to exceptions). 
  • Rectification: If your personal data changes, we encourage you to inform us of the change. You have the right to require inaccurate or incomplete personal data to be updated or corrected. 
  • Erasure: You have the right to require that your data be erased in certain circumstances, including where it is no longer necessary for us to process this data in relation to the purposes for which we collected or processed the data, or if we processed this data on the basis of your consent and you have since withdrawn this consent.
  • Data portability: Where we process your personal data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, you may have the right to have the data transferred to you or another controller in a structured, commonly used and machine-readable format, where this is technically feasible.
  • Right to restriction of processing: You have the right to restrict CCT’s processing of your personal data while your request for data rectification or objection to personal data processing is being considered, if we no longer need to process your data but you need that data in connection with a legal claim, or if our processing is unlawful but you do not want us to erase the data. If this right applies, we will continue to store your data but will only further process it with your consent, for the establishment, exercise or defense of legal claims, to protect the rights of another person, or for reasons of important public interest.
  • Right to withdraw consent: If we require your consent to process any of your information, we will request this consent separately. To the extent that CCT relies on your consent to process any of your personal data, you have the right to withdraw your consent to such processing at any time.
  • Complaint: You also have the right to lodge a complaint with a supervisory authority, in particular that in your Member State of residence, where applicable.

If you would like to exercise the above rights in any way, please contact us at [email protected] or use the mailing address provided in the “Contact Us” section below.

Retention and Disposal of Personal Information

CCT retains collected information for a reasonable amount of time in order to fulfill the stated purpose for why the information was collected. CCT will also retain collected information connected to business records for periods of time required by law. If CCT determines that collected information is no longer needed, it will delete such information.

Securing Personal Information

CCT is committed to protecting the privacy and confidentiality of your personal information. We maintain physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:

  • A dedicated group that designs, implements and provides oversight to our information security program;
  • The use of specialized technology such as firewalls;
  • Testing of the security and operability of products and services before they are introduced to the Internet, as well as ongoing scanning for publicly known vulnerabilities in the technology;
  • Internal and external reviews of our Internet sites and services;
  • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
  • Implementing controls to identify, authenticate and authorize access to various systems or sites;
  • Protecting information during transmission through various means including, where appropriate, encryption; and
  • Providing CCT personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

Legal Disclaimers

Nothing in this Notice restricts our ability to:

  • Comply with federal, state, or local laws;
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
  • Cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local law;
  • Exercise or defend legal claims;
  • Detect security incidents and protect against fraudulent or illegal activity and prosecute those responsible for such activity; or
  • Transfer Personal Information as part of a merger or acquisition, dissolution, bankruptcy, or any other transaction in which a third party assumes control of all or part of our business.

Updates to This Policy

This Policy is current as of the Effective Date set forth above. Per the Gramm-Leach-Bliley Act (GLBA), CCT Clients are considered “customers” and will receive updates of this Policy before any changes are put into effect, as well as disclosure on an annual basis. CCT does not need to send annual privacy notices if:

  • CCT shares non-public information (NPI) with nonaffiliated third parties only under the exceptions of Subpart C of 12 CFR Part 1016 (Regulation P), which do not require a consumer opt-out; and
  • CCT’s practice of sharing NPI has not changed since the last annual privacy notice was sent. Changes to elements of the annual privacy notice that do not address information sharing, including information collection, confidentiality, and security practices, do not affect the exception. Changes in affiliate sharing practices and opt-outs covered by the Fair Credit Reporting Act (FCRA) are also excluded from this provision.

Contact Us

If you have questions about this Policy, the privacy aspects of our Site or Services, or would like to make a privacy-related inquiry, complaint, or dispute, please contact us at:

Chief Data Privacy Officer
Chevy Chase Trust Company
7501 Wisconsin Avenue
Suite 1300W
Bethesda, MD 20814

Email: [email protected]

CCT intends to strictly enforce this Policy.

If you believe there has been some violation of this Policy, please contact CCT.

This Policy was last updated: June 12, 2024