Broadridge is committed to respecting privacy. Our Global Privacy Program is designed to help ensure that we handle personal information appropriately. The statements below provide information about how we collect and use personal information from our customers and business partners. If you have any additional questions about the privacy or security of your personal information, please contact the Broadridge Privacy Office.

BROADRIDGE PRIVACY STATEMENT
BROADRIDGE CORPORATE ISSUER SOLUTIONS INFORMATION SECURITY PROGRAM
PRIVACY SHIELD STATEMENT AND IMPORTANT INFORMATION FOR EEA AND SWISS RESIDENTS
IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
HOW TO CONTACT US AND OUR CHIEF PRIVACY OFFICER
BROADRIDGE PRIVACY STATEMENT

This Privacy Statement describes the practices that Broadridge will follow with respect to the personal information it collects from visitors to www.broadridge.com and other Broadridge websites, mobile applications, or hosted websites that link to this Privacy Statement. It also describes how we collect and use personal information from our customers, suppliers and others with whom we have a business relationship.

What is personal information?

“Personal information” is information that can be used to identify, locate or contact you. We collect the following types of personal information:

Contact Information that allows us to communicate with you, such as your name, username, mailing address, telephone numbers, email address or other addresses that allow us to send you messages.
Relationship Information that helps us do business with you, such as your professional credentials and affiliates as well as the types of products and services that may interest you or your business.
Transaction Information about how you interact with Broadridge, including your purchase history, customer account information and information about how you use our websites and applications. 
In some cases, we operate or host websites owned by our clients, including banks, brokers, mutual funds and corporations or other business entities (the “Business Owner” of the website). On these hosted sites, we may also collect sensitive personal information that you provide, which for some services may include your account number and Social Security number, as well as information you provide when you access your account online or conduct transactions. All personal information and sensitive personal information collected via these hosted sites is considered Confidential Information of the Business Owner. We also receive Confidential Information directly from Business Owners for processing 

How do we collect, use, and disclose personal information?

On Broadridge websites we collect personal information that you provide so that we may provide you or our clients with, or contact you about, products, services and information, to enhance your site visit or follow up with you after your visit. We may receive personal information about you from your company, such as when a Business Owner provides us with information about professionals who are authorized to receive support or services. We may also collect information about you from third party data suppliers who enhance our files and help us better understand our customers, or through publicly-available social media sites, such as LinkedIn or Twitter. 

When you use our websites, products and applications, we collect transaction information about your session and your activity. In addition to any information that you submit during these sessions, we use cookies and other technological tools to automatically collect information about your computer and your use of our website and applications. We may collect or infer information about you from your use of our products and services. We treat this information as personal information when it is associated with other data elements that allow us to identify you. For more information about cookies and other technologies, please see the section Cookies and Other Data Collection Technologies below.

If you provide personal information to us for our own use, we may use it to provide the products, services or information that you have requested and we may share it with our affiliates. We may also use your personal information for other internal business purposes, such as market research and legal compliance.

If you provide personal information or sensitive personal information to us via a hosted site, we treat that information as confidential and we only use it to perform the services requested by you or the Business Owner of the site. We may share your information with the Business Owner of the site, and also provide the Business Owner with information on your use of the website. If you have any questions regarding the Business Owner’s use of your personal information, please contact the Business Owner directly. Broadridge may use aggregate information or statistics about the use of its sites and the products and services used through its sites, but these statistics would not include personal information.

We may share any personal information, even Confidential Information, with our vendors and other third parties who perform services for us, but we forbid these companies from using your personal information for their own purposes.

Please note that we may always disclose any information as required by law, when necessary for health or safety purposes, or when needed to protect our legal rights, including to law enforcement agencies and courts in the United States and other countries where we operate in accordance with applicable laws. For example, we may disclose information about you in response to a subpoena. We may also disclose information about you in connection with the transfer of assets of our business.

Finally, if you are located outside the United States, your personal information will be maintained by us in the U.S. We may transfer your personal information to countries outside your location or the U.S. However, we assure adequate protection for your personal information in compliance with all applicable laws.

Cookies and Other Data Collection Technologies

When you visit our website or use our mobile applications, we may collect certain information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons. We do not, however, use tracking or cookie technology on pages of our websites that provide notice and access hosting services to public companies.

When you visit our website, we place cookies on your computer. Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser.  Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud. In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so visit the “help” section of your browser to learn about the privacy settings that may be available.   

We may also use Flash Cookies (also known as Local Stored Objects) and similar technologies to personalize and enhance your online experience. The Adobe Flash Player is an application that allows rapid development of dynamic content, such as video clips and animation. We use Flash cookies for security purposes and to help remember settings and preferences. We do not use Flash cookies or similar technologies for behavioral or interest-based advertising purposes. To manage Flash cookies, please see Adobe’s website at http://kb2.adobe.com/cps/526/52697ee8.html or visit www.adobe.com. 

In connection with Broadridge marketing efforts, we may use pixel tags, including the Outbrain Pixel, and web beacons. Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions. Information collected using these technologies in our e-mails may be associated with the recipient’s e-mail address.

We collect many different types of information from cookies and other technologies. For example, we may collect information from the device you use to access our website, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs also record the IP address assigned to the device you use to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to Broadridge and the website you visit after you leave our site. 

In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to personal information.  For example, we use information we collect about all website users to optimize our websites and to understand website traffic patterns. In some cases, we do associate the information we collect using cookies and other technology with your personal information. This Privacy Statement applies to the information when we associate it with your personal information.

Browser Tracking Information

On some of our sites, such as www.broadridge.com and Advanced Annual Meeting Solutions’ websites (the Shareholder Forum and Virtual Shareholder Meeting, which may be customized for the Business Owner), and mobile applications Broadridge directly or through third parties uses Google Analytics, Adobe Analytics, and/or Demandbase, Inc.’s (“Demandbase’s”) web analytics to provide Broadridge or its clients with information about the use of Broadridge’s websites. 

Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Using Google Analytics we can view a variety of reports about how visitors interact with our website so that we can improve it. This tool is provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help our website analyze how users use our site. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to our website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google may combine this information with other data held by Google pursuant to Google’s privacy policy available on Google’s website. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of our website. By using the Broadridge websites, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For information on how Google Analytics uses data please visit “How Google uses data when you use our partners’ sites or apps”, located at www.google.com/policies/privacy/partners/.

Broadridge also uses web analytics tools provided by Adobe. These tools provide similar reporting and analytics functions. To learn more about privacy and the Abode analytics products and to exercise your privacy choices with Adobe, please visit the Adobe Privacy Center located at http://www.adobe.com/privacy/marketing-cloud.html.

Broadridge provides Demandbase with the IP addresses recorded by Broadridge’s server logs of visitors to Broadridge’s sites. Demandbase’s web analytics then identify information about visitors to Broadridge’s sites, including, without limitation, industry, size, location and revenue, based on Demandbase’s extensive database of company IP addresses. By using the Broadridge websites, you consent to the processing of your IP address and data about you by Demandbase in the foregoing manner.

Although our websites currently do not have a mechanism to recognize the various web browser Do Not Track signals, we do offer individuals choices to manage their cookie preferences as described above. To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/.

Social Media Interactions and Interest-based Ads

Our websites may enable you to interact with us and others via social media platforms, such as Facebook, Google, Twitter, LinkedIn and Instagram. While we respect each social media platform’s privacy policies, we may collect personal information about you if you choose to use these tools.

We may display interest-based ads to you when you are using these platforms. These platforms allow us to personalize the ads that we display to you. We do not share any of your personal information with these platforms, although we may convert your email address into a unique number which can be matched by the platform with its user to allow delivery of the advertising. Although we do not provide any personal information to these platforms, they may gain insights about individuals who respond to the ads we display.

Mobile Applications

We may offer mobile applications that allow you to access your account, interact with us online and receive other information via your smartphone. All personal information collected by Broadridge via our mobile applications is protected by the terms of this Privacy Statement.   

When you download our mobile applications, you may choose to allow us to obtain your precise location from your mobile device. We use this information to deliver personalized content to you and for our internal analytics purposes.

We may also offer automatic (or “push”) notifications. We will provide push notifications only to those individual who opt-in to receive such notifications from Broadridge. You do not have to provide location information to Broadridge or enable push notifications to use any of our mobile apps. If you have questions about location and notification privacy, please contact your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

Do we collect your information for marketing communications?

Broadridge is a business to business service provider and does not market its services to individual consumers. However, Broadridge does provide certain information by subscription and uses an opt-in format for choosing future e-mail communications in specified subject areas. These e-mail communications contain links to unsubscribe from future e-mail communications. Broadridge also may use the personal information you provide on Broadridge websites to contact you to respond to your inquiries or to contact your business about information relating to Broadridge’s or its affiliate’s products and services from time to time.  Please email us at info@broadridge.com if you do not want your information used for further marketing contact.  Broadridge does not send Broadridge marketing communications to individuals who provide us with personal information via a hosted website for a Business Owner.

How can you correct, access, and update your information?

You may view and edit the personal information you have provided on any of our websites by contacting us using the link provided on such website. Our customer support department can also reasonably assist you with other requests related to information about you that may be maintained by us. Please send requests to privacy@broadridge.com.

How do we protect your information?

We take reasonable steps to help prevent the loss, misuse and alteration of the information under our control. For example, we have implemented physical, logical, and administrative procedures to protect and secure the information we process and maintain. We also use encryption and firewall technologies to protect sensitive information during online transmissions.

How can you help protect your information?

If you have registered at a Broadridge website or a hosted website, we recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited e-mail. Also remember to sign out of the registered site and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if others have access to your computer.

Can we change this Privacy Statement?

From time to time, we may update this Privacy Statement to reflect new or different privacy practices. We will place a notice online when we make material changes to this Privacy Statement. Additionally, if the changes will materially affect the way we use or disclose previously-collected personal information, we will notify you about the change.

Privacy Protection Policy for Social Security Numbers

Broadridge may collect Social Security numbers in the ordinary course of certain of its businesses. Broadridge has implemented reasonable technical, physical and administrative safeguards to help protect the Social Security numbers from unlawful use and unauthorized disclosure. All Broadridge associates and service providers are required to follow these established procedures. 

In particular:

Access to Social Security numbers is limited to those associates and service providers who have a need to access the information to perform tasks for Broadridge
Social Security numbers are only disclosed to third parties in accordance with Broadridge’s established policies.  Broadridge will only disclose Social Security numbers to those service providers, auditors, advisors, and/or successors in interest who are legally or contractually obligated to protect them or as required or permitted by law
Other sites

Broadridge sites may contain links to other sites, including those of our business partners. While we seek to link only to sites that share our high standards and respect for privacy, we are not responsible for the privacy practices employed by other sites.

Job Applicants and Human Resources (HR) Data

If you have applied for employment with Broadridge, the Personal Information submitted with your job application will be used only for recruitment and other customary human resources purposes. Prospective, current and former employees and others whose data are processed in connection with our human resources activities may contact the Broadridge Privacy Office or your local Human Resources contact to get information about our HR Privacy Program.

Broadridge Corporate Issuer Solutions Information Security Program

Broadridge Corporate Issuer Solutions, a registered transfer agent, maintains an information security program to address the risk that customer information acquired in the course of its business is disclosed inadvertently without authorization, misused, altered, destroyed, or otherwise compromised. As part of this information security program, Corporate Issuer Solutions has designed and implemented safeguards to prevent such disclosure, misuse, alteration, destruction, or compromise and has implemented appropriate measures to oversee its service providers’ compliance with the program. Corporate Issuer Solutions also has adopted protocols for the proper disposal of any consumer report information acquired in the course of its business.

Corporate Issuer Solutions has implemented numerous physical, electronic, and procedural safeguards to prevent the unauthorized sharing of personal shareholder information, including the limiting of information to necessary employees and the encryption of sensitive website transmissions using Secure Sockets Layer (SSL) protection. Corporate Issuer Solutions may maintain some or all of the following personal information with respect to individual shareholders:

Shareholder name and address(es)
Shareholder taxpayer identification number
Information related to the shareholder’s share ownership, history, and/or dividends
In some cases, shareholder telephone numbers and/or e-mail addresses
In some cases, shareholder bank or brokerage account information
In some case, information from tax-related documents that is required to process tax reports and statements, stock transfers, and other securities transactions
Corporate Issuer Solutions maintains its records of securities and shareholders as an agent for the issuer of the security, and, accordingly, will provide the above-referenced information to the issuer or its designees.  Corporate Issuer Solutions does not provide the aforementioned information about current or former shareholders to any third party except to provide the services or as permitted by law.  Corporate Issuer Solutions will provide personal information:

When necessary to effect, administer, or enforce a transaction requested by the shareholder
When the shareholder requests or authorizes that the information be shared
When the disclosure is necessary to prevent fraud
When the disclosure is necessary for Corporate Issuer Solutions to perform its duties
When providing information necessary for third parties to perform services on behalf of Corporate Issuer Solutions
When the disclosure is required by law.
Privacy Shield Statement and Important Information for EEA, United Kingdom and Swiss Residents

Broadridge is providing this supplemental privacy notice to give individuals in the European Economic Area (EEA), United Kingdom and Switzerland the additional information required by the EU General Data Protection Regulation and to explain our commitment to the EU-US and Swiss-US Privacy Shield Framework. These provisions, together with the statements in the Broadridge Privacy Statement, explain our practices with regard to European Economic Area (EEA) United Kingdom and Swiss personal data.

Information about Broadridge
Broadridge Financial Solutions, Inc.
Attn: General Counsel
5 Dakota Drive
Suite 300
Lake Success, New York 11042
USA

Email: privacy@broadridge.com

The Purposes and Legal Basis for Processing, including Legitimate Interests
We only process personal information when we have a legal basis for the processing, such as:

To fulfill a contract with you
With your consent (where required and provided you have not objected, as may be applicable)
We may also process your personal information for our legitimate interests, provided that such processing shall not outweigh your rights and freedoms. In particular, we may process your personal information as needed to:

protect you, us or others from threats (such as security threats or fraud)
comply with the laws that are applicable to us around the world
enable or administer our business, such as for the provision of services to our customers, quality control, consolidated reporting, and customer service
market our products and services to existing and prospective customers
manage corporate transactions, such as mergers or acquisitions
understand and improve our business or customer relationships generally
The Purpose for which we Process your Personal Information
We process your personal information for the legitimate interests we have referred to above and for the following purposes:

processing of customer data in accordance with our client contracts
payment processing and financial account management, contract management, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance
Your Rights
You always have the right to object to our marketing communications. To opt-out of emails, simply click the link labeled “unsubscribe” at the bottom of any email we send you. To revoke permissions that you may have given to send text messages, text STOP in response to any message.  

Broadridge also respects the rights of EEA, United kingdom and Swiss residents to access, correct and request erasure or restriction of their personal information as required by law. This means:

you generally have a right to know whether or not Broadridge maintains your personal information.  If we do have your personal information, we will be provide you with a copy (subject to the rights of others). If your information is incorrect or incomplete, you have the right to ask us to update it 
you have the right to object to our processing of your personal information
you may also ask us to delete or restrict your personal information
you may also have the right to data portability in some circumstances
To exercise these rights, please contact us via email at privacy@broadridge.com or write us at the address above, and a member of our Privacy Team will assist you. Please understand that we may need to verify your identity before we can process your request.  

If you believe that we have processed your personal information in violation of applicable law, you may file a complaint with the Broadridge Chief Privacy Officer at privacy@broadridge.com or with a supervisory authority.

International Transfers & Privacy Shield
Your personal information may be transferred to, stored at or processed in the United States and other countries which may not have equivalent privacy or data protection laws.

For non-HR data, Broadridge has certified its compliance with the EU-US and Swiss-US Privacy Shield Frameworks. To learn more about Privacy Shield, please visit https://www.privacyshield.gov/welcome.

Broadridge Financial Solutions, Inc. and the following of its US affiliates have certified to the Privacy Shield Framework:

Access Data Corp.

BR NYC Solutions, Inc.

Bonaire Software Solutions, LLC

Broadridge Business Process Outsourcing, LLC

Broadridge Corporate Issuer Solutions, Inc.

Broadridge FX and Liquidity Solutions, LLC

Broadridge Fluent Solutions, LLC

Broadridge Investor Communication Solutions, Inc.

Broadridge Mail, LLC

Broadridge Managed Solutions, Inc.

Broadridge Output Solutions, Inc.

Broadridge Securities Processing Solutions, LLC

Investigo Corporation

QED Financial Systems, Inc.

Our certification covers those services where we act as data processor for our clients, to authorize the transfer of personal information contained in Confidential Information from the European Economic Area, United Kingdom and Switzerland to the United States. To view our certification, please visit https://www.privacyshield.gov/. Broadridge protects other data that we transfer from the European Economic Area and Switzerland, such as our human resources data, using other mechanisms, such as standard contractual clauses.

We process client data as needed to provide services to our clients, in accordance with our contracts. For example, our clients use our services to communicate with, manage and build relationships with their customers, investors or shareholders. We use information about the individuals as needed to provide these services and otherwise support our clients account management and compliance functions. 

As permitted by our client contracts, we rely on some third parties to provide services to us, such as data hosting that have access to client data. Broadridge has contracts with these third parties to assure that client data is protected at all times with appropriate privacy and security controls, comparable to those provided by the Privacy Shield Framework.  Broadridge may also disclose client data as directed by our clients or as needed to comply with legal or national security requirements. In cases of onward transfers of data, received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield, Broadridge is potentially liable.

Broadridge takes the security of client data very seriously. We have implemented physical, logical, and administrative procedures to protect and secure the information we process and maintain. For example, we use encryption and firewall technologies to protect sensitive information during online transmissions.

We also respect individual privacy rights, such as access, correction and objection. Because we are a data processor for our clients, we generally need to refer individual requests to our clients so that they can respond. Broadridge supports our clients as needed to help them respond to your request.

If you have any inquiries or complaints about our handling of your personal data under Privacy Shield, or about our privacy practices generally, please contact us by sending an email to privacy@broadridge.com. 

If we cannot resolve a Privacy Shield-related complaint, you may contact the American Arbitration Association International Centre for Dispute Resolution (“ICDR-AAA”), which provides an independent third-party dispute resolution service for us. To contact ICDR-AAA, please visit: http://go.adr.org/privacyshield.html. In some cases, you may also be able to invoke binding arbitration through the Privacy Shield Panel run by the US Department of Commerce and the European Commission. Broadridge’s commitments under the Privacy Shield Framework are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Data Retention
We will retain your personal information for as long as the information is needed for the purposes set forth in Section 3 above and for any additional period that may be required or permitted by law. You may request that we delete your personal information by contacting us via email at privacy@broadridge.com. Unless we are required by law to retain your information, where we are the (i) data controller we will delete your personal information upon your request; and (ii) data processor, we will delete personal information per the instruction of the data controller.

Disclosure of Your Personal Information
Other than as set out below, your information will not be sold, shared or provided to any third party:

we may share your personal information with our affiliates and subsidiaries
we may share your personal information with our subprocessors in connection with delivery of our services and products
Important Information for California Residents

The California Consumer Privacy Act (“CCPA”) provides California residents with specific privacy rights, including the right to receive a privacy notice, the right to know what information we have collected about you during the past 12 months, and the right to know what categories of personal information we have shared with third parties. Broadridge generally operates as a service provider to financial institutions and other companies. As a service provider, we only collect and use personal information as authorized by our contracts with our clients. You should reach out to the companies with whom you have accounts to learn more about their privacy practices and how to exercise your rights. These companies can authenticate you and provide information about the rights that you may have under CCPA or other applicable laws.

How to Contact Us and Our Chief Privacy Officer

Please contact us if you have any questions or comments about our privacy practices or this Privacy Statement. You can always reach us via email at privacy@broadridge.com. You can also reach us via mail at the address provided above.

This Privacy Statement was last updated December 16, 2019.