Last Revised: January 1, 2020
When This Policy Applies to Your Personal Information
When This Policy Does Not Apply to Your Personal Information
Please note that this Policy does not apply to your Personal Information when we already protect it under other laws, such as the Gramm-Leach-Bliley Act (GLBA); the California Financial Information Protection Act; the Health Insurance Portability and Accountability Act (hipaa); the Fair Credit Reporting Act (FCRA); and/or the Driver's License Protection Act. It does not apply to Personal Information collected with respect to the products and services we provide as a service provider, such as insurance products (Life, Disability, Long-term Care, annuities), investment products (e.g., investment funds, retirement, etc.), and financial planning services, or in the context of business-to-business relationships. For a description of our privacy practices as well as your rights and choices in these instances, please go to Privacy Notices .
Also, this Policy does not apply to Personal Information collected in the context of workforce-type relationships. This includes Personal Information of our applicants, employees, directors, officers, members, and contractors. To understand more about our workforce-related privacy practices, go to the Northwestern Mutual California Workforce Privacy Notice .
Who We Are
References to the "Northwestern Mutual Family of Companies," "we," "us," "our," or "ours" within this Policy mean The Northwestern Mutual Life Insurance Company, the Northwestern Long Term Care Company, Northwestern Mutual Investment Services Company, the Northwestern Mutual Wealth Management Company, and the network offices of our Sales Force. Our Sales Force includes the people who sell our products and services, along with their staff.
Information We Collect
We collect Personal Information as defined by the CCPA ("Personal Information") as part of our business. In the year before the date this policy was issued or last updated, we may have collected the following categories of Personal Information from consumers:
|Category of Personal Information ||Examples |
|A. Personal Information and Identifiers ||Name, date of birth, home address, driver's license, passport number, Social Security Number |
|B. Demographics ||Age, race, ethnicity, gender identification, disability status, citizenship |
|C. Professional or Employment Information ||Employment contract, salary, disciplinary action, employment history, performance reviews, professional designations |
|D. Education Information ||School records, school(s) attended, dates attended, degree(s) earned, academic achievements |
|E. Financial Information ||Bank accounts, investment or brokerage accounts, information regarding estate or tax planning, debts, trusts, credit or debit card number(s) |
|F. Medical Information ||Medical history, medical questionnaires; information regarding physical, mental, and behavioral health; genetic information; information regarding payment for health care services |
|G. Biometric Information ||Fingerprints; facial scans; eye scans; voice recognition; typing cadence; ongoing monitoring of sleep, health patterns, and exercise |
|H. Internet or Network Activity ||Browser history; search history; IP address; mobile device identifier; cookies; interaction with website, app, advertisements |
|I. Geolocation Data ||GPS coordinates, location-tracking information |
|J. Profile Information ||Profiles reflecting a person's preferences, such as interests, hobbies, characteristic tendencies, behaviors, attitudes, or aptitudes, including inferences drawn from any Personal Information |
|K. Product Information ||Policy / account number, policy / account values, beneficiary, ownership arrangements, transaction history |
|L. Audiovisual Information ||On-site security cameras, pictures, video and audio recordings |
We receive the categories of Personal Information listed above from the following categories of sources:
- Directly from you
- Indirectly from your interactions with our technologies or our websites
- Personal Information we infer or derive from other Personal Information
- Publicly available information
- Our Northwestern Mutual Family of Companies
- Our Sales Force
- Research/analytics companies
- Marketing/media companies
- Medical providers
- Consumer reporting agencies
- Other service providers
Use of Personal Information
We may use the Personal Information we collect for one or more of the following business or commercial purposes:
- Marketing and advertising of our company and its products and services: information collected to offer products and services of our Northwestern Mutual Family of Companies, personalize an individual's NM website/application experience, and to deliver content and product and service offerings relevant to an individual's interests, including targeted ads and promotional offers.
- Research & strategic development: information collected for business, product, strategy, and technological development, excluding marketing and advertising activities.
- Legal / compliance / regulatory purposes: information collected to meet internal and regulatory compliance requirements, respond to regulatory exams, conduct internal and external audits, respond to subpoenas and other law enforcement requests, and enforce or defend our rights and property.
- Online auditing: auditing related to an interaction with a consumer and a concurrent transaction, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with standards that may apply.
- Detecting and protecting: detecting and protecting against security incidents and malicious, deceptive, fraudulent, or illegal activity.
- Debugging: activities to identify and repair errors in technological functionality.
- Backups and archives: data that is kept to ensure business continuity, for historical reference, and to meet record keeping obligations.
- Analytic activities: analysis of data to improve NM marketing, advertising, products and services; to complete behavioral research; and to do other scientific research, reporting, or evaluation.
- NM-provided products and services: issuing and servicing of NM products and services including but not limited to customer service; verifying consumer information; responding to consumer requests; illustrations; applications; underwriting; issuance; transactions; claims processing; and account maintenance related to NM's insurance products (life, disability, LTC, annuities), investment products (e.g., investment funds, retirement, etc.), and financial planning services.
- Short-term, transient use: data collected, but not retained, other than to facilitate a one-time transaction when information is not disclosed to another party or used to build a profile or to alter consumer experience.
*For information about how we use Personal Information collected in the context of an actual or potential workforce relationship, see our Northwestern Mutual California Workforce Privacy Notice .
Sharing Personal Information
We may disclose your Personal Information to a third party for a business or commercial purpose. When we disclose Personal Information, we enter into a contract that describes our purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except to perform the contract.
We may disclose all categories of your Personal Information for a business or commercial purpose to the following categories of third parties:
- Parties to whom you have directed or authorized our disclosure
- Our Northwestern Mutual Family of Companies
- Our Sales Force
- Research/analytics companies
- Marketing and/or media companies
- Regulators and others with legal authority, such as law enforcement agencies, government authorities, parties with a valid subpoena, and others as permitted or required by law
- Other service providers, including individuals, firms, consultants, vendors and technologies-providing services, software, platforms, or tools that are used to perform business functions for our Northwestern Mutual Family of Companies and Sales Force.
In the preceding twelve (12) months we have not sold any Personal Information as defined by the CCPA. This includes Personal Information of minors under 16 years of age.
Your Rights and Choices
When it applies, the CCPA provides California residents with certain rights to know about and request deletion of their Personal Information. Please remember, these rights do not apply to workforce-related Personal Information or information collected in a business-to-business context.
Request to Know
You have the right to request that we tell you about our collection, use, and sharing of your Personal Information over the past 12 months. When you submit this type of request, we will verify the identity and authority of the person making the request, confirm we have Personal Information about you, and validate that the CCPA applies to your information. Once we have taken all of these steps, we will disclose:
- The categories of Personal Information we have collected about You;
- The categories of sources of the Personal Information we collected about You;
- Our business or commercial purpose for collecting Personal Information;
- The categories of Personal Information we shared with third parties for a business or commercial purpose;
- The categories of third parties with whom we shared Personal Information;
- The business or commercial purposes for which we shared Personal Information; and
- The specific pieces of Personal Information we collected about you that we are both authorized and required to produce under the CCPA.
Request to Delete Personal Information
You have the right to request deletion of your Personal Information that we collected from You, subject to certain exceptions. When you submit this type of request, we will ask that you confirm that you would like your information deleted, verify the person making the request, confirm we have Personal Information relating to you, validate that CCPA applies to your Personal Information, and determine whether a recognized exception to deletion applies to any of your Personal Information. We will delete (and direct our service providers to delete) your Personal Information from our records unless a recognized exclusion or exception to deletion applies.
How to Exercise Your Request to Know and Request to Delete Rights
To exercise the Request to Know or Request to Delete rights as described above, please submit a verifiable consumer request to us by either:
Calling us toll-free at 1-866-950-4644, when prompted say California Consumer Privacy Act
Online by completing the: California Consumer Privacy Act (CCPA) Request to Know and/or Delete Form
Only you or a person we can validate as being authorized by you may make a verifiable consumer request related to your Personal Information. If someone authorized by you makes a verifiable consumer request and provides a notarized copy of the authorization or an active power of attorney, we will provide the information. You may also make a verifiable consumer request on behalf of your minor child.
We allow consumers or their authorized agents to submit a Request to Know or Request to Delete up to two times within a 12-month period. All requests must:
- Provide enough information for us to reasonably verify you are the person you say you are and have the proper authority to make the request.
- Provide enough information for us to validate whether any information we have relates to you.
When you use our online form, it will ask you for certain information. When information is designated as being mandatory, that means we know we can't verify your identity (or the identity of your authorized agent) without it. Non-mandatory information is requested to help us verify, understand, and respond to your request. Should we have any questions regarding verification, we will reach out to you to see whether there is additional information you can provide to help us complete the verification. Of course, we cannot respond to your request or provide you with Personal Information if we cannot both verify your identity or authority to make the request and confirm that Personal Information we have relates to you.
Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a Request to Know or Request to Delete to verify the requestor's identity or authority to make the request and to confirm Personal Information we have relates to the person who is the subject of the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you in writing of the reason and extension period. We will deliver our response by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding our receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. When you select electronic delivery, we will, if it is technically feasible, provide your Personal Information in a format that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
Requests to exercise your privacy rights are generally free. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights.
Notice for Consumers With Disabilities
If you have any questions or comments about this policy, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or if you wish to exercise your rights under the CCPA, please do not hesitate to contact us at:
Toll Free Phone: 866-950-4644, when prompted say California Consumer Privacy Act
Online: California Consumer Privacy Act (CCPA) Request to Know and/or Delete .