When This Policy Applies to Your Personal Information
This Policy applies solely to residents of the State of California who are financial representatives; financial representative applicants; and District Agents, General Agents, and their staff (“California sales force,” “you,” or “your”). References to the “Northwestern Mutual Family of Companies,” “NM,” “we,” “us,” or “our” within this Policy mean The Northwestern Mutual Life Insurance Company and its subsidiaries (e.g., Northwestern Long Term Care Company, Northwestern Mutual Investment Management Company, LLC, Northwestern Mutual Wealth Management Company, Northwestern Mutual Investment Services, LLC, and Mason Street Advisors, LLC). The purpose of this Policy is to provide you with a description of your rights and our information practices. This Policy also supplements the information contained in the Online Privacy Statement and related disclosures of NM.
When this Privacy Notice Does Not Apply to Your Personal Information
Please note that this Policy does not apply when your Personal Information is protected under other laws, such as the Gramm, Leach Bliley Act (GLBA); the California Financial Information Protection Act; the Health Insurance Portability and Accountability Act (HIPAA); the Fair Credit Reporting Act (FCRA); and/or the Driver's License Protection Act. Therefore, this Policy does not apply to Personal Information collected in relation to the products and services we provide as a service provider, such as insurance products, investment products and services, or financial planning. For a description of your rights and our information practices in these instances, please read our Privacy Notices.
For purposes of this Policy, the terms “Personal Information,” “Sensitive Personal Information,” “consumer,” “business purpose,” “commercial purpose,” “third party,” “service provider,” “share,” “sell,” and “sold” have the same meanings as provided in the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (collectively, “CPRA”).
Over the prior 12 months we may have collected the following categories of Personal Information from our California sales force:
Category of Personal Information
A. Personal Information and Identifiers
Name, alias, Social Security number, date of birth, physical or electronic signature, home address, email address, telephone number, driver's license number or state identification card, passport number, and other similar identifiers
Age, race, ethnicity, sex, gender identification, disability status, citizenship, marital status, family member information
C. Professional or Employment Information
Compensation, benefits, beneficiary designations, sales, disciplinary action, work contract(s), work history, legal compliance reviews, professional designations, veteran or military status, contract files, training, visa status, business expenses, use of company products, and pre-hire documents (such as sales force applications, resumes, background check information, drug test information, and candidate evaluations)
D. Education Information
School records, school(s) attended, dates attended, degree(s) earned, academic achievements
E. Financial Information
Retirement account information, bank accounts, investment or brokerage accounts, information on personal property and real estate, student loans, insurance, information regarding estate or tax planning, debts, trusts, credit or debit card number(s), legal issues (e.g., child support, alimony, wage garnishments and subpoenas), and benefits information
F. Medical Information
Medical history; medical questionnaires; information regarding physical, mental, and behavioral health; genetic information; physical characteristics or description; wellness activities and subsidies; health insurance information; medical condition; information regarding payment for healthcare services
G. Biometric Information
Fingerprints, facial scans, eye scans, voice recognition, typing cadence, and any other biometric identifier that we may use for security, or other operational purposes
H. Internet or Network Activity
Browser or device information; browsing information; IP address; company device identifiers; cookies, web beacons, pixel tags, and clickstream or other traffic data; use of IT resources; interaction with our websites, mobile app, advertisements
I. Profile Information
Profiles reflecting a person's preferences, such as interests, hobbies, characteristic tendencies, behaviors, attitudes, or aptitudes, including inferences drawn from Personal Information
J. Product Information
Policy/account number(s), policy/account values, beneficiary, ownership arrangements, transaction history
K. Audiovisual Information
On-site security cameras, pictures, video and audio recordings
We receive the categories of Personal Information listed above from the following categories of sources:
Directly from you or your authorized agent
Indirectly from you or your interactions with our technologies, websites, or mobile app
Inferences drawn from other Personal Information to create a profile about, for example, your preferences and characteristics
Publicly available information
Our Northwestern Mutual Family of Companies, including our sales force
Research or analytics companies
Marketing or media companies
Consumer reporting agencies
Other service providers
We may use or disclose the Personal Information we collect for purposes that may be described to you at the time of collection and/or one or more of the following purposes:
California sales force management:
To evaluate you for a sales force position with us when you apply for a position or we receive your information related to a sales force position at NM
To comply with state and federal laws requiring employers to maintain certain records
To process payroll and manage applicable tax withholding and reporting
To administer and maintain group health insurance benefits, additional wellness programs, profit-sharing and/or retirement plans, life insurance, disability insurance, leave programs and additional fringe benefit programs
To analyze aspects of performance of your contractual duties
For surveys, research, analysis, and strategic development to implement, maintain and promote an engaging work experience
To review and audit workforces interactions with you and NM's customers and business partners
For your security and the security of our facility
To support information technology services to our California sales force
For emergency training and emergency response
Research & strategic development:
Information collected for business, product, strategy, and technological development, excluding marketing and advertising activities
Detecting and protecting:
Detecting and protecting against security incidents and malicious, deceptive, fraudulent, or illegal activity, or violations of NM policies or the law
For fraud and crime detection or prevention
For information protection and cybersecurity
To meet additional legal, compliance, and regulatory requirements and to defend NM's rights and property
Auditing related to a current interaction with our California sales force, concurrent transactions, and auditing compliance with standards
To debug errors in systems
Backups and Archives:
For disaster recovery, business continuity and record keeping obligations
Sensitive Personal Information is Personal Information that is not publicly available, is collected for the purpose of inferring characteristics about a consumer and reveals:
Social Security, driver's license, state identification card, or passport number
Account login or financial account number in combination with any required security or access code, password, or credentials allowing access to an account
Racial or ethnic origin, religious or philosophical beliefs, or union membership
Contents of email and text messages, unless NM is the intended recipient
Processing of biometric information for the purpose of uniquely identifying a consumer
Personal Information collected and analyzed concerning a consumer's health, sex life, and/or sexual orientation
When we collect Sensitive Personal Information about you, we only use or disclose it for the following purposes:
To perform services or provide goods reasonably expected by an average consumer who requests those goods or services.
To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information.
To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
To ensure the physical safety of natural persons.
For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer's current interaction with us when Personal Information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer's experience outside the current interaction with us.
To perform services on our behalf, such as maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.
To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
For purposes that do not infer characteristics about a consumer.
Because we do not use or disclose Sensitive Personal Information for the purpose of inferring characteristics about you and because we limit our use and disclosure of Sensitive Personal Information to those purposes specified above, you do not have the right to limit its use and disclosure.
In the preceding 12 months, we have not sold or shared any Personal Information to third parties. This includes Personal Information of California sales force under the age of 16.
In the preceding 12 months, we may have disclosed your Personal Information for a business or commercial purpose, as permitted or required by law or as otherwise set forth in this Policy. When we disclose Personal Information to a service provider, we enter into a contract that describes our business purpose for disclosing and requires the service provider to keep Personal Information confidential and to use it only for purposes of performing the contract between us.
We may disclose all categories of your Personal Information for a business or commercial purpose to the following:
Parties to whom you have directed or authorized our disclosure
Our Northwestern Mutual Family of Companies, including our sales force
Research or analytics companies
Marketing or media companies
Regulators and others with legal authority, such as law enforcement agencies, government authorities, parties with a valid subpoena, and others as permitted or required by law
Other contracted service providers, including individuals, firms, consultants, vendors and technologies-providing services, software, platforms, or tools that are used to perform business functions for our Northwestern Mutual Family of Companies and sales force.
We have policies and practices requiring the secure deletion of Personal Information when there is no applicable regulatory retention requirement and we no longer have a business need to use the information for a purpose that is compatible with our disclosed purposes of collection. Personal Information that has been aggregated or deidentified so that it cannot reasonably be used to infer information about you or otherwise be linked to you may be retained indefinitely.
As detailed in our polices on information security, you have no right to privacy in your use of NM information technology resources, including emails and communications for work purposes that constitute NM business records and are monitored and may be reviewed or disclosed at any time without further prior notice for compliance, legal and other operational needs. However, you do have rights under CPRA to submit requests with respect to your Personal Information.
You have the right to access your specific Personal Information and to know about our collection, use, disclosure, and sharing of your Personal Information.
When you or your authorized agent submit a request to know or access, we will verify the identity and authority of the person making the request, confirm we have Personal Information about you, and validate that the CPRA applies to your information. Once we have taken these steps, we will disclose:
The categories of Personal Information we have collected about you;
The categories of sources from which Personal Information was collected;
Our business or commercial purpose for collecting, selling, or sharing Personal Information;
The categories of third parties to whom we disclose Personal Information;
The specific pieces of Personal Information obtained from you that we are authorized and required to produce under CPRA; and
If we have disclosed, shared or sold your Personal Information, two separate lists identifying:
the categories of Personal Information disclosed for a business purpose and the categories of persons to whom Personal Information was disclosed; and
the categories of Personal Information shared or sold and the categories of third parties with whom Personal Information was shared or sold.
You have the right to request that we delete Personal Information we collected from you, subject to certain exceptions allowed under applicable law. Once we receive and confirm your verifiable consumer request, we will delete your Personal Information from our records unless an exception applies. We will also notify, if possible, our service providers, contractors and third parties of your deletion request. If we do not delete your Personal Information, we will provide you with an explanation of why and limit our use of your Personal Information to the reasons we are retaining it.
You have the right to request that we correct any Personal Information we maintain about you to ensure that it is complete, accurate, and as current as possible. We may elect to delete your Personal Information rather than correct it, and we may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause information to be incorrect. If you have an online account with us, you can review and correct Personal Information by logging into the website or mobile app and visiting your “Account” page.
We limit our use and disclosure of Sensitive Personal Information to those purposes set forth in this Policy and we do not use or disclose Sensitive Personal Information for the purpose of inferring characteristics about any consumer. Should this change in the future, we will update this Policy and provide you with methods to limit our use and disclosure of Sensitive Personal Information.
We will not discriminate against you for exercising your rights, including by:
Denying you goods or services.
Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Providing you a different level or quality of goods or services.
Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
We may, however, charge you a different price or rate or provide a different level or quality of goods or services to you if that difference is reasonably related to the value your data provides to us.
To exercise the Right to Access, Delete, or Correct, please submit a verifiable consumer request to us by either:
Calling us toll-free at 866-950-4644, when prompted say “California Consumer Privacy Act,” “CCPA,” “California Privacy Rights Act,” or “CPRA”
We are not obligated to provide information to you in response to your access request more than twice in a 12-month period.
Only you or your authorized agent (i.e., a person we can validate as being authorized by you) may make a verifiable consumer request related to your Personal Information. If your authorized agent makes a verifiable consumer request and provides proof that you gave them authority to submit the request on your behalf, we will provide the information to you unless your authorized agent requests and, we approve, disclosure directly to them.
Whether you submit a request directly on your own behalf, or through an authorized agent, we will take reasonable steps to verify your identity prior to responding to your request. Upon receiving a request to access, delete, or correct your Personal Information, we will confirm receipt within 10 business days. For all requests, we will need your first and last name plus the following information: (i) date of birth and (ii) residential address.
When your request is submitted through an authorized agent, we will also take reasonable steps to verify the agent's identity and authorization to make the request on your behalf. To do this, we will need your agent to provide their first and last name, address, telephone number, date of birth, plus documentation verifying they are authorized to act on your behalf. Examples include:
Court Order of Guardianship or Conservatorship
Notice of Retainer
Authorization from you, signed and independently witnessed
Letters of Guardianship or Conservatorship
Power of Attorney provided pursuant to California Probate Code sections 4121 to 4130
To protect the privacy and security of your Personal Information, we may request additional information from you to help us verify your identity and process your request. Of course, we cannot respond to your request or provide you with Personal Information if we cannot (i) verify your identity, or the identify of your authorized agent, and (ii) confirm that Personal Information we have directly relates to you. You will also be asked to make a declaration under penalty of perjury that you are the consumer who is the subject of the request.
Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a request to access, correct, or delete to verify the requestor's identity or authority to make the request and to confirm Personal Information we have directly relates to the person who is the subject of the request.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you in writing of the reason and extension period. We will deliver our response by mail or electronically, at your option. Any response we provide will cover the 12-month period preceding our receipt of the verifiable consumer request unless you specifically request information beyond such period. The response will also explain the reasons we cannot comply with a request, if applicable.
Requests to exercise your privacy rights are generally free. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a reasonable cost estimate before completing your request.
We may change this Policy from time to time. When we make changes to this Policy, we will post the updated Policy on the Privacy pages of our website with a new “Last Updated” date. Any changes will become effective when we post the updated Policy.
We strive to provide you with an accessible digital experience and are committed to providing our California sales force with the same level of access to this Policy, including those with disabilities. Therefore, this Policy is compatible with standard screen readers.
Toll Free Phone: 866-950-4644, when prompted say “California Consumer Privacy Act,” “CCPA,” “California Privacy Rights Act,” or “CPRA”