California Workforce Privacy Policy
Last Updated:
When This Policy Applies to Your Personal Information
This Policy applies to California consumers, as defined by the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (collectively, "CPRA"), who are job applicants, employees, independent contractors, corporate officers and directors (referenced in this Policy as "consumer," "California workforce," "you," or "your"). This Policy also supplements our Online Privacy Policy.
When this Privacy Notice Does Not Apply to Your Personal Information
Please note that this Policy does not apply when your Personal Information is protected under other laws, such as the Gramm, Leach Bliley Act (GLBA),the California Financial Information Protection Act, the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), and/or the Driver's License Protection Act. This means that this Policy does not apply to Personal Information collected in relation to the products and services we provide as a service provider, such as insurance products, investment products and services, or financial planning. For a description of your rights and our information practices in these instances, please read our Privacy Notices.
Also, this Policy does not apply to Personal Information collected in the context of any contractual relationship with our sales force, including applicable network offices who are California residents. To understand more about our privacy practices in this instance, go to the California Sales Force Privacy Notice.
Who we are
References to the "Northwestern Mutual Family of Companies," "NM," "we," "us," or "our" within this Policy mean The Northwestern Mutual Life Insurance Company and its subsidiaries (e.g., Northwestern Long Term Care Company, Northwestern Mutual Investment Management Company, LLC, Northwestern Mutual Wealth Management Company, Northwestern Mutual Investment Services, LLC, and Mason Street Advisors, LLC).
Defined Terms
For purposes of this Policy, the terms "Personal Information", "Sensitive Personal Information", "consumer", "business purpose", "commercial purpose", "third party", "service provider", "share", "sell", and "sold" have the same meanings as provided in the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (collectively, "CPRA").
We collect Personal Information as part of our business. The Personal Information we collect will vary depending on your relationship with us. We may collect the following categories of Personal Information from our California workforce:
Categories of personal information we collect Category of Personal Information Examples Identifiers Name, alias, date of birth, home address, driver's license number or state identification card, passport number, Social Security number, email address, contact information, physical or electronic signature Demographics Age, gender identity, sex/gender, sexual orientation, personal pronouns, disability status, birth country, citizenship, race, color, religion, ethnicity, marital status, family member information, military/veteran status Professional or Employment Information Salary/compensation, benefits, beneficiary designations, talent management, disciplinary action, employment contract(s), employment history, performance reviews, professional designations, veteran or military status, personnel files, training, visa status, business expenses, use of company products, and pre-hire documents (such as job applications, resumes, background check information, drug test information, and candidate evaluations) Education Information School(s) attended, dates attended, degree(s) earned, academic achievements, transcripts and other information collected from job applications or resumes Financial Information Retirement account information, bank accounts, investment or brokerage accounts, information on personal property and real estate, student loans, insurance, information regarding estate or tax planning (including tax return or tax-document information), debts, income, trusts, credit or debit card number(s), legal issues (e.g., child support, alimony, wage garnishments and subpoenas), and benefits information Medical Information Medical history, medical questionnaires, information regarding physical, mental, and behavioral health, genetic or disability information within medical records, physical characteristics or description, pregnancy, disability, FMLA and serious health conditions, wellness activities and subsidies, health insurance information, medical condition, information regarding payment for healthcare services Biometric Information Information derived from biometric identifiers, such as fingerprints, or voice recognition, and other psychological, biological, or behavioral characteristics when used for purposes of identifying and individual Internet or Other Electronic Network Activity Information Browsing history, IP address, online identifiers, company device identifiers, cookies, web beacons, pixel tags, and clickstream or other traffic data, use of IT resources, interaction with our websites, mobile app, and advertisements Geolocation Data Information derived from geolocation data such as zip code Profile Information Profiles reflecting a person's preferences, such as interests, hobbies, characteristic tendencies, behaviors, attitude, or aptitudes including inferences drawn from Personal Information including browsing information and clickstream or other website traffic data Commercial Information Policy/account number(s), policy/account values, beneficiary, ownership arrangements, transaction history Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information On-site security cameras, pictures, video and audio recordings Sensitive Personal Information A subset of the Personal Information described above that includes social security number, driver's license number, state identification card number, or passport number, account login or account number in combination with information allowing access to an account, genetic data, biometric information derived from biometric identifiers, health information, sex life or sexual orientation We receive the categories of Personal Information listed above from the following categories of sources:
- Directly from you or your authorized agent
- Indirectly from you using tracking technologies when you interact with our websites, or mobile app
- Inferences drawn from other Personal Information to create a profile about, for example, your preferences and characteristics
- Publicly available information such as from social media platforms
- Our Northwestern Mutual Family of Companies, including our sales force
- Research or analytics companies
- Marketing or media companies and social media platforms
- Medical providers
- Consumer reporting agencies
- Individuals and other third parties from whom we purchase or receive referrals
- From your employer when they seek and for purposes of servicing corporate or bank-owned life insurance products
- Other service providers, such as other companies who provide services relating to your financial security when you request their services through us
We may use or disclose the Personal Information we collect for purposes that may be described to you at the time of collection and/or for one or more of the following purposes:
California workforce management
To evaluate you for a position with us when you apply for a position or we receive your information related to a position with NM
To comply with state and federal laws requiring employers to maintain certain records
To process payroll and manage applicable tax withholding and reporting
To administer and maintain group health insurance benefits, additional wellness programs, 401(k) and/or retirement plans, life insurance, disability insurance, leave programs and additional fringe benefit program
To manage and/or analyze all aspects of performance of your job duties and employment, including, but not limited to, training, talent management, periodic reviews, performance tracking, promotions, and discipline
For surveys, research, analysis and strategic development to implement, maintain and promote an engaging work experience at NM, such as the creation of Employee Resource Groups
To review and audit your interactions with the sales force and NM's customers and business partners
For your security and the security of our facility
To support information technology services of our California workforce
For emergency training and emergency response
Research & strategic development
Information collected for business, product, strategy, and technological development, excluding marketing and advertising activities
Detecting and protecting:
Detecting and protecting against security incidents and malicious, deceptive, fraudulent or illegal activity, or violations of NM policies or the law
For fraud and crime detection or prevention
For information protection and cybersecurity
Legal/Compliance/Regulatory purposes:
information collected to meet internal and regulatory compliance requirements, respond to regulatory exams, conduct internal and external audits, respond to subpoenas and other law enforcement requests, record keeping, and enforce or defend our rights and property
Cross-context behavioral advertising and auditing:
auditing related to an interaction with our California workforce and a concurrent transaction including but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with standards that may apply
Debugging:
activities to identify and repair errors in technological functionality
Backups and Archives:
data that is kept to ensure business continuity, for historical reference, and to meet record-keeping obligations
When we collect Sensitive Personal Information as defined by the California Consumer Privacy Act, about you, we only use or disclose it for the following purposes:
To perform services or provide goods reasonably expected by an average consumer who requests those goods or services.
To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information.
To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
To ensure the physical safety of natural persons.
For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer's current interaction with us when Personal Information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer's experience outside the current interaction with us.
To perform services on our behalf, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.
To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
For purposes that do not infer characteristics about a consumer.
Because we do not use or disclose Sensitive Personal Information for the purpose of inferring characteristics about you and because we limit our use and disclosure of Sensitive Personal Information to those purposes specified above, you do not have the right to limit its use and disclosure.
We do not sell Personal Information for money. We do, though, disclose Personal Information in connection with our online advertising in ways that may be considered a "sale" or "share", as defined by the California Consumer Privacy Act. You have the right to opt-out of this type of sharing by clicking on the "Do Not Sell or Share My Personal Information" link within the footer or by clicking "Opt-Out" on the banner on our website and deselecting "Marketing Cookies," or by using an industry-accepted opt-out preference signal.
Personal information categories and examples Category of Personal Information Sold or Shared Examples Category of Service Providers and/or Third Parties to whom information is sold or shared Business Purpose Internet or Other Electronic Network Activity Information Browsing history, IP address, online identifiers, company device identifiers, cookies, web beacons, pixel tags, and clickstream or other traffic data, use of IT resources, interaction with our websites, mobile app, and advertisements - Marketing, or media companies and social media platforms
- Research or analytics companies
- Cross-context behavioral advertising and auditing
We may disclose all categories of your Personal Information described above for a business or commercial purpose to the following:
- Parties to whom you have directed or authorized our disclosure
- Our Northwestern Mutual Family of Companies, including our sales force
- Research or analytics companies
- Advertising networks, including marketing or media companies and social media networks
- Regulators, government authorities, parties with a valid subpoena, others with legal authority, and when required by law
- Operating systems and platforms
- Other contracted service providers, including individuals, firms, consultants, vendors and technologies-providing services, software, platforms, or tools that are used to perform business functions for our Northwestern Mutual Family of Companies and sales force.
- To others as permitted by law
We have policies and practices requiring the secure deletion of Personal Information when there is no applicable regulatory retention requirement and we no longer have a business need to use the information for a purpose that is compatible with our disclosed purposes of collection. Personal Information that has been aggregated or deidentified so that it cannot reasonably be used to infer information about you or otherwise be linked to you may be retained indefinitely.
As detailed in our polices on information security, you have no right to privacy in your use of NM information technology resources, including emails and communications for work purposes which constitute NM business records and which are monitored and may be reviewed or disclosed at any time without further prior notice for compliance, legal and other operational needs. However, you do have rights under CPRA to submit requests with respect to your Personal Information.
You have the right to access your specific Personal Information and to know about our collection, use, disclosure, and sharing of your Personal Information.
When you or your authorized agent submit a request to know or access, we will verify the identity and authority of the person making the request, confirm we have Personal Information about you, and validate that the CPRA applies to your information. Once we have taken these steps, we will disclose:
- The categories of Personal Information we have collected about you
- The categories of sources from which Personal Information was collected
- Our business or commercial purpose(s) for collecting, selling, or sharing Personal Information
- The categories of third parties to whom we disclose Personal Information
- The specific pieces of Personal Information obtained from you that we are authorized and required to produce under CPRA and
- If we have disclosed, shared or sold your Personal Information, two separate lists identifying:
- the categories of Personal Information disclosed for a business purpose and the categories of persons to whom Personal Information was disclosed and
- the categories of Personal Information shared or sold and the categories of third parties with whom Personal Information was shared or sold.
You have the right to request that we delete Personal Information we collected from you, subject to certain exceptions allowed under applicable law. Once we receive and confirm your verifiable consumer request, we will delete your Personal Information from our records unless an exception applies. We will also notify, if possible, our service providers, contractors and third parties of your deletion request. If we do not delete your Personal Information, we will provide you with an explanation of why and limit our use of your Personal Information to the reasons we are retaining it.
You have the right to request that we correct any Personal Information we maintain about you to ensure that it is complete, accurate, and as current as possible. We may elect to delete your Personal Information rather than correct it, and we may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause information to be incorrect. If you have an online account with us, you can review and correct Personal Information by logging into the website or mobile app and visiting your "Account" page.
If you prefer not to receive cross-context behavioral advertising, you have the right, at any time, to opt out of our sharing of your Personal Information for this purpose.
We limit our use and disclosure of Sensitive Personal Information to those purposes set forth in this Policy and we do not use or disclose Sensitive Personal Information for the purpose of inferring characteristics about any consumer. Should this change in the future, we will update this Policy and provide you with methods to limit our use and disclosure of Sensitive Personal Information.
We will not discriminate against you for exercising your rights, including by:
- Denying you goods, services, employment or a contract on the basis of you exercising any privacy rights conferred by the CCPA
- Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
- Providing you a different level or quality of goods or services
- Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services
We may, however, charge you a different price or rate or provide a different level or quality of goods or services to you if that difference is reasonably related to the value your data provides to us.
To exercise the Right to Access, Delete, or Correct described above, please submit a verifiable consumer request to us by either:
- Completing the California Workforce Right to Access, Correct, or Delete Form
- Calling us toll-free at (866) 950-4644, when prompted say "California Consumer Privacy Act", "CCPA", "California Privacy Rights Act", or "CPRA"
We are not obligated to provide information to you in response to your access request more than twice in a 12-month period.
For websites that use marketing cookies, you may exercise your right to Opt Out of Sharing through:
- The "Do Not Sell or Share My Personal Information" link found in the website footer
- An industry accepted opt-out preference signal (e.g., the Global Privacy Control signal). The opt-out preference signal applies to the browser you are using to visit our website. If you are a known visitor to our site (e.g., you log into your online account), we will association the opt-out preference signal to your account.
For more information consult our Online Privacy Policy.
Only you or your authorized agent (i.e., a person we can validate as being authorized by you) may make a verifiable consumer request related to your Personal Information. If your authorized agent makes a verifiable consumer request and provides proof that you gave them authority to submit the request on your behalf, we will provide the information to you unless your authorized agent requests and we approve disclosure directly to them.
Whether you submit a request directly on your own behalf, or through an authorized agent, we will take reasonable steps to verify your identity prior to responding to your request. Upon receiving a request to access, delete, or correct your Personal Information, we will confirm receipt within 10 business days. For all requests, we will need your first and last name plus the following information: (i) date of birth and (ii) residential address.
When your request is submitted through an authorized agent, we will also take reasonable steps to verify the agent's identity and authorization to make the request on your behalf. To do this, we will need your agent to provide their first and last name, address, telephone number, date of birth, plus documentation verifying they are authorized to act on your behalf. Examples include:
- Court Order of Guardianship or Conservatorship
- Notice of Retainer
- Authorization from you, signed and independently witnessed
- Letters of Guardianship or Conservatorship
- Power of Attorney provided pursuant to California Probate Code sections 4121 to 4130
To protect the privacy and security of your Personal Information, we may request additional information from you to help us verify your identity and process your request. Of course, we cannot respond to your request or provide you with Personal Information if we cannot (i) verify your identity, or the identity of your authorized agent, and (ii) confirm that Personal Information we have directly relates to you. You will also be asked to make a declaration under penalty of perjury that you are the consumer who is the subject of the request.
Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a request to access, correct, or delete to verify the requestor's identity or authority to make the request and to confirm Personal Information we have directly relates to the person who is the subject of the request.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you in writing of the reason and extension period. We will deliver our response by mail or electronically, at your option. Any response we provide will cover the 12-month period preceding our receipt of the verifiable consumer request unless you specifically request information beyond such period. The response will also explain the reasons we cannot comply with a request, if applicable.
Requests to exercise your privacy rights are generally free. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a reasonable cost estimate before completing your request.
We may change this Policy from time to time. When we make changes to this Policy, we will post the updated Policy on the Privacy pages of our website with a new "Last Updated" date. Any changes will become effective when we post the updated Policy.
We strive to provide you with an accessible digital experience and are committed to providing our California workforce with the same level of access to this Policy, including those with disabilities. Therefore, this Policy is compatible with standard screen readers.
If you have any questions or comments about this Privacy Policy or need accommodation to access this Privacy Policy, you may contact us at:
- Toll-Free-Phone: (866) 950-4644 when prompted say "California Consumer Privacy Act", "CCPA", "California Privacy Rights Act", or "CPRA"
- Email: customerservice8200@northwesternmutual.com