In connection with providing financial products or services to you, as an individual client or someone associated with a corporate or institutional client, and to offer you the best experience possible when visiting our website and mobile application, it is necessary for Oppenheimer & Co. Inc. ("Oppenheimer", “we”, “us”, “our”) to collect nonpublic information that identifies, relates to, describes, references, is capable of being associated with or could reasonably be linked, directly or indirectly, with you or your device ("personal information"). Oppenheimer understands the importance of maintaining the privacy and confidentiality of your personal information. This Policy addresses Oppenheimer's treatment of your personal information, including how we collect, share, use and protect it. It also addresses certain rights that may be available to you in regard to your personal information.
PERSONAL INFORMATION WE COLLECT AND MAINTAIN
Oppenheimer collects much of your personal information directly from you. When opening your account, Oppenheimer will collect from you certain contact and identifying information, such as your name, age, occupation, postal address, citizenship, marital status, phone numbers, e-mail address, and personal identifier, such as a Social Security Number, Taxpayer Identification Number or its equivalent. This information is collected through your new account application and other documents that you may be asked to submit from time to time, as well as through correspondences, such as telephone calls or electronic mail. Furthermore, in order to provide you with financial services and products best suited to your financial needs and in order to meet certain regulatory requirements, Oppenheimer will collect from you information such as income sources, assets, financial objectives, investment goals and investment experience. Additionally, once an account is established, Oppenheimer collects and compiles commercial information from your account records, such as what investments you hold, the transactions taking place in your account and your account balances.
Oppenheimer also collects certain background information from nonaffiliated third parties, such as consumer reporting agencies and other outside vendors who assist us in verifying your creditworthiness and your credit history. Further information on the use of these vendors is detailed below under “SHARING YOUR PERSONAL INFORMATION.”
Additionally, if you apply for employment at Oppenheimer, we may collect certain non-public background information from you in order to verify your identity, character, experience, and fitness for employment at Oppenheimer. This information will include, without limitation, your name postal address, phone number, education, military service status, previous employment, references, salary expectation, disciplinary history, criminal history and regulatory history. If you are offered employment, we will also collect certain personal information such as your credit history, birthdate, social security number, and political activity.
USE OF YOUR PERSONAL INFORMATION AND LAWFUL BASIS FOR ITS PROCESSING
In connection with our provision of financial services and meeting our contractual obligations to you, Oppenheimer uses your personal information in a variety of ways. In particular, we use your personal information:
- To establish your account at Oppenheimer and otherwise provide you with the information, financial products or services that you request from us.
- To assist you in meeting with your overall investment objectives. This includes a suitability analysis, as required by the Financial Regulatory Authority (“FINRA”), which requirement is designed to ensure investor protection and promote fair dealings.
- To contact you, or your designated representative, if applicable, in connection with your account(s) and/or any products or investments in which you may have expressed interest or that your Financial Advisor believes may of interest to you.
- To respond to law enforcement requests and as required by applicable law, rule, regulation, court order, or regulatory request. For example, the USA Patriot Act requires financial institutions, such as Oppenheimer, to obtain and maintain certain personal information about their clients, including, without limitation, to verify your identity.
- To otherwise operate our business, or for any other purpose that complies with applicable laws, rules and regulations.
Our use and processing of your personal data is based upon our legitimate interest in transacting business in a responsible, commercially prudent and lawful manner.
SHARING YOUR PERSONAL INFORMATION
From time to time, in the course of providing financial services or conducting business, Oppenheimer may share your personal information with nonaffiliated third parties. These nonaffiliated third parties include service providers that we use to generate statements or reports on your accounts, vendors who verify your creditworthiness or identity, companies that we use to process transactions in your account, companies that provide marketing services for us, and entities that provide legal or consulting services to Oppenheimer. Additionally, we may be required to share your personal information with fraud prevention and law enforcement agencies, courts and non-governmental regulators, and when we believe, in good faith, that such disclosure is legally required or that we have a legitimate interest in making a disclosure, such as to protect our rights and property. Furthermore, Oppenheimer may enter into joint marketing agreements with nonaffiliated third parties. Please note that, in these cases, Oppenheimer only shares your personal information with nonaffiliated third parties after entering into a contractual relationship that: (1) limits the nonaffiliated third party from using your personal information for any purpose other than the purpose Oppenheimer intended, unless it is aggregated and anonymized; and (2) requires the nonaffiliated party to keep your personal information confidential.
Occasionally, some of your personal information, such as your creditworthiness, may be shared with companies that are affiliated with Oppenheimer in connection with marketing their products or services.
Oppenheimer does not sell any of your personal information to third parties.
In certain cases you may opt out of information sharing. Please see the section entitled “RIGHTS REGARDING YOUR PERSONAL INFORMATION” to learn when and how you can instruct Oppenheimer not to share your personal information.
INTERNATIONAL TRANSFER OF YOUR PERSONAL INFORMATION
If you are a client based in the European Union (“EU Data Subject”), the personal data collected from you is transferred and processed in the United States, which country is not recognized by the European Commission as providing an equivalent level of protection for personal data as provided in the EU. By submitting your personal information to us, you expressly consent to the transfer of your personal data to recipients located outside of the European Economic Area. You may withdraw your consent to such transfer at any time by contacting us at PrivacyInquiries@opco.com. Please note, however, that we will not be able to maintain your account without such information.
RETENTION OF YOUR PERSONAL INFORMATION
Oppenheimer will retain your personal data for as long as it is reasonably necessary to provide you with the requisite services to meet your financial goals and needs, and to fulfil our obligations to you. We may also retain your personal data for purposes of meeting certain accounting and reporting requirements. Additionally, we are legally obligated to preserve records related to your account in accordance with various recordkeeping requirements, specifically for three (3) to seven (7) years, depending on the record type. Certain U.S. state jurisdictions, however, may have longer recordkeeping requirements, in which case Oppenheimer will comply with those requirements.
PROTECTION OF YOUR PERSONAL INFORMATION
Oppenheimer has procedural, physical and technological safeguards that protect against loss or unauthorized disclosure of your personal information.
Procedurally, Oppenheimer employees are bound by, and held accountable to, a code of conduct and policies regarding confidentiality and the treatment of client information. Furthermore, only those Oppenheimer employees who require access to your personal information in order to provide customary services (investment, administrative, legal) to your account are granted access to your personal information. Additionally, Oppenheimer has a dedicated group that designs, implements and provides oversight of information security. We also monitor our systems infrastructure in order to detect weaknesses and potential intrusions.
Physically, Oppenheimer has policies that require our employees to store and destroy documents containing your personally identifiable information in accordance with federal guidelines and industry best practices.
Technologically, Oppenheimer uses methods such as encrypting files, utilizing firewalls to prevent unauthorized access to information, restricting access to client information to prevent removal of information from the firm, and masking of data on computer screens to protect your personal information.
As previously mentioned, before Oppenheimer shares your personal information with a nonaffiliated third party (other than for legal or regulatory purposes), we require that party to enter into a contractual agreement that limits the use of your personal information and requires that party to maintain the confidentiality of your personal information.
Finally, should your relationship with Oppenheimer end, your personal information will remain protected in accordance with our privacy practices as outlined in this Policy.
THIRD PARTY PROVIDERS
PROTECTING CHILDREN’S PRIVACY ONLINE
Our online services are not directed to or intended for individuals under 18 years of age.
RIGHTS REGARDING YOUR PERSONAL INFORMATION
OPTING OUT OF SHARING YOUR INFORMATION
Oppenheimer reserves the right to disclose or share your personal information with the aforementioned nonaffiliated third parties, for the aforementioned purposes, as permitted by applicable laws and regulations.
You may, however, instruct Oppenheimer not to share information with our affiliated companies for marketing purposes or for purposes other than servicing or maintaining your account, as described above.
You may also opt out of information sharing with nonaffiliated parties, except as may be required in order to meet our legal and regulatory requirements with respect to your account, or as may be necessary to service your account.
For your convenience, Oppenheimer provides several methods for you to opt out of sharing your information in the above circumstances and as permitted by law. You may:
(1) Contact the Financial Advisor who services your account and provide him or her with written instructions to add your name to Oppenheimer's "Opt Out" list; or
(2) Send an email to us at firstname.lastname@example.org with your name and account number requesting that your name be added to Oppenheimer's "Opt Out" list;
EUROPEAN UNION CLIENTS
Under the EU General Data Protection Regulation (“GDPR”), EU Data Subjects are entitled to certain additional rights with respect to their personal data, subject to certain restrictions and limitations. In addition to the “Opt Out” rights described above, these rights include the following:
- The right to object to or restrict the processing of your personal data, including for marketing purposes;
- The right to access, rectify or erase your personal data;
- The right to request that a copy of your personal data be provided to you, or to a third party, in an electronic format;
- The right to file a complaint about the processing of your data with your local data protection authority.
EU Data Subjects may elect, at any time, to exercise any of the foregoing rights with respect to their data. You may do so by emailing us at PrivacyInquiries@opco.com.
Please note that our ability to maintain your account will be impacted if you exercise your right to object to the processing of your personal information. Further, if you request that your personal information be deleted, we will no longer be able to maintain your account. In addition, please note that our compliance with such a request will not extend to data that we are required to maintain as part of our legal and regulatory recordkeeping requirements. We will, however, delete all information subject to such a request once the term of those requirements has expired. Please refer to “RETENTION OF YOUR PERSONAL DATA” above for a description of those terms.
If you are a California resident, the California Consumer Protection Act of 2018 (“CCPA”) may provide you with additional rights regarding your personal information. This section describes those rights and explains how to exercise them. Please note however that the CCPA and any associated rights do not apply to certain personal information collected, processed, sold and disclosed pursuant to the federal Gramm-Leach-Bliley Act (“GLBA”). Accordingly, please be advised that a determination will be made on a case by case basis and that submitting a request to Oppenheimer does not guarantee an accommodation of your request.
Access to specific information and data portability rights
You may request that we disclose the categories and/or specific pieces of your personal information that we collected over the past 12 months. Once we receive and confirm your verifiable consumer request and if we determine that your personal information is not otherwise exempt from the CCPA’s requirements, we will provide you with a summary of such information. For details on the categories of personal information that we collect, the category of sources for that personal information and our business or commercial purpose for collecting such information, please refer to the sections above titled, “PERSONAL INFORMATION WE COLLECT AND MAINTAIN” AND “USE OF YOUR PERSONAL INFORMATION AND LAWFUL BASIS FOR ITS PROCESSING.”
You may request that we delete any of your personal information that we collected from you and that we retained, subject to certain statutory and other exceptions. Once we receive and confirm your verifiable consumer request, we will purge, and direct our service providers to purge, to the extent applicable, your personal information from our records, unless an exception applies. Please note that if you request that your personal information be deleted, we will no longer be able to maintain your account. In addition to certain data exceptions, please note that our compliance with such a request will not extend to data that we are required to maintain as part of our legal and regulatory recordkeeping requirements. We will, however, delete all information subject to such a request once the term of those requirements has expired. Please refer to “RETENTION OF YOUR PERSONAL DATA” above for a description of those terms.
Exercising your rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by:
- Sending us an email at PrivacyInquiries@opco.com;
- Calling us at the following toll-free number: 833-515-0739; or
- Submitting a request at your regular Oppenheimer branch.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information to enable us to reasonably verify that you are the person about whom we collected personal information, or an authorized representative thereof.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
For security purposes, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. If you are a client of Oppenheimer, we will call the number that we have on file for you in an effort to verify your request. Making a verifiable consumer request does not require you to create an account with us. However, before we comply with your request for access or deletion, you may have to answer some questions about you and your relationship with us, along with providing us additional identification documentation. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response timing and format
Oppenheimer will acknowledge receipt of your request in writing within 10 days of its receipt. A response to a verifiable consumer request will then be provided within 45 days of its receipt. If we require more time to process your request (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
This Policy may change on occasion to reflect changes in our practices and in regulations concerning the collection and use of personal information. Please refer to this Policy from time to time so that you are aware of any changes or updates to the Policy. The date that this Policy was last revised is identified below. If you have any questions or would like more information, please do not hesitate to contact us at PrivacyInquiries@opco.com or 833-515-0739.
Last updated: December 27, 2019