Click here to view our Privacy notice for California residents.
Our commitment to our customers
You trust Vanguard to safeguard your assets and protect your personal, financial, and business information. We recognize that your relationship with Vanguard is based on trust, and that you expect us to act responsibly and in your best interests. When we share current, prospective, or former client or participant information—whether it is personal information or the fact that an organization is, was, or may become a Vanguard client—we do so under the circumstances described in this policy.
We use the personal and other information provided to us primarily to respond to inquiries or requests; to maintain and protect accounts; to process transactions; to provide education related to retirement plans and financial goals; to fulfill our legal obligations; for research and analytical purposes; and to develop and provide the financial products and services that we offer or sponsor.
The personal information we collect
Vanguard may collect client, plan, and participant information from the client, the participant, their representatives, and third-party service suppliers not affiliated with Vanguard (service suppliers). For example, we may collect information about participants when they request information or materials from Vanguard and when they enter information into an online application or enrollment process.
For representatives of clients or prospective clients, we may receive information such as contact name, address, phone number, email address, and title, as well as information about the organization, its business, and the retirement plan(s) that the organization sponsors.
To provide 403(b) retirement plan recordkeeping and administration services, information we may collect about participants includes, among other things, name, address, Social Security or taxpayer identification number, employee identification number, phone number, email address, date of birth, account balances, investment activity, and accounts at other institutions.
We may combine the information collected on our websites with information collected from or about our clients or participants in other contexts. This may include information collected online, such as on our websites or through our email exchanges, from publicly available sources, or from offline sources, such as when clients or participants establish an account with us or call customer service. We will treat such combined information in accordance with this policy. If clients or participants do not wish to provide information to Vanguard, we may be unable to provide certain products or services to them.
How we handle personal information
We do not share personally identifying information about our investors or prospective investors with unaffiliated third parties for use in marketing their own products and services. We may share personal information when needed to complete requested transactions or to raise awareness about the financial products and services that we offer. Here are the details:
Cookies, web beacons, and online privacy
Our concern for the privacy of our clients and participants naturally extends to those who use our 403(b) website, vanguard403bservices.com. Our website uses some of the most secure forms of online communication available, including data encryption, transmission encryption, and user names and passwords. These technologies provide a high level of security and privacy when plan sponsors and participants access account information, initiate online transactions, or send secure messages.
We use a variety of technologies, such as cookies, web beacons, and similar mechanisms, as described further below, to collect information that helps us understand how our site is used. Specifically, when clients or participants visit our website, we or our service suppliers may automatically collect a variety of technical and navigational information via these technologies, including, as applicable: computer or device type; operating system version; browser type and version; user agent string; internet connection type; mobile network provider; date and time of visit; time since last visit; pages viewed; links clicked; searches conducted; the internet protocol (IP) address used to access our site; the user’s general geographic location (e.g., city, state, or zip code); and the website visited before our site. We also may use similar tracking technologies in emails that we or our service suppliers send to clients and participants, as further described below. This information may be used, for example, to alert users of software compatibility issues, to resolve technical or service problems, and for security purposes. We also analyze this information, with the assistance of our service suppliers, to improve our web design and functionality, to enhance our ability to serve our clients and participants and their accounts, and to tailor our communications to clients and participants regarding our products and services.
Cookies: A cookie is a small file of letters and numbers that is stored on the user’s computer or other device when visiting a website. Cookies contain information that is transferred to or read on the device and allow websites to recognize devices and store certain information, such as user preferences. Cookies are used to distinguish a user from other users of our website. This helps us to provide a useful experience when users browse and also allows us to improve our site. We and our service suppliers use session cookies, which link a user’s actions during a particular online session and expire at the end of that session, as well as persistent cookies, which remain on the user’s device and allow us to remember user actions or preferences across multiple browser sessions.
Web beacons: Our website and the emails that clients and participants receive from Vanguard use an application known as a web beacon (also known as a pixel tag or clear gif). A web beacon is an electronic file that usually consists of a single-pixel image, embedded in a webpage or an email to measure usage and activity. In some cases, a web beacon triggers the placement of a persistent cookie on a user’s device.
We and our service suppliers use web beacons and cookies to determine whether and when clients and participants receive and open our emails; these beacons and cookies may also capture information such as the type of device, operating system, email program, and web browser used to view the email, the IP address from which the email was opened, and whether the recipient clicked any links in the email. These technologies enable us to gauge the effectiveness, relevance, and value of our email communications.
With regard to clients and participants who have registered for secure online access to their Vanguard accounts, we may be able to combine the information we collect about website usage during a secure (logged-on) session with other information we know about the client or participant, such as any account transactions conducted during the web session. We can also identify a user’s computer or device on each visit to our website, even if the user does not log on, and link information about that visit to that user. We may use this combined information to assess the appeal and usefulness of the information and tools offered on our website, as well as to identify Vanguard products and services that may be of interest to our clients and participants.
Although our website currently does not respond to "do not track" browser headers, users can limit tracking by taking the opt-out steps discussed above.
How we safeguard information
Within Vanguard, we restrict access to personal information to those Vanguard and service supplier employees who need to know the information in order to perform their jobs, such as servicing accounts, providing requested information, or notifying clients and participants of new products and services. To protect this information, we maintain physical, electronic, and procedural safeguards in accordance with applicable law and industry standards and practices, and we review and adjust these safeguards regularly in response to advances in technology.
What you can do
For the protection of client and participant information, please do not provide Vanguard account information, user names, or passwords to anyone. Please be aware that despite our best efforts, no information security measures can guarantee 100% security all of the time. If you become aware of any suspicious activity relating to your account or information, it is your responsibility to contact us immediately.
We'll keep you informed
Revised January 2020