In connection with providing financial products or services to you, as an individual client or someone associated with a corporate or institutional client, and to offer you the best experience possible when visiting our website and mobile application, it is necessary for Oppenheimer & Co. Inc. ("Oppenheimer", “we”, “us”, “our”) to collect nonpublic information that identifies, relates to, describes, references, is capable of being associated with or could reasonably be linked, directly or indirectly, with you or your device ("personal information"). Oppenheimer understands the importance of maintaining the privacy and confidentiality of your personal information. Accordingly, Oppenheimer does not sell your personal information. This Policy addresses Oppenheimer's treatment of your personal information, including how we collect, share, use and protect it. Oppenheimer will not use your personal information for any purposes other than those disclosed in this Policy or collect additional categories of personal information without your notice and consent. This Policy also addresses certain rights that may be available to you in regards to your personal information.
PERSONAL INFORMATION WE COLLECT AND MAINTAIN
Oppenheimer collects much of your personal information directly from you. When opening your account, Oppenheimer will collect from you certain contact and identifying information, such as your name, age, occupation, postal address, citizenship, marital status, phone numbers, e-mail address, and personal identifier, such as a Social Security Number, Taxpayer Identification Number or its equivalent. This information is collected through your new account application and other documents that you may be asked to submit from time to time, as well as through correspondences, such as telephone calls or electronic mail. Furthermore, in order to provide you with financial services and products best suited to your financial needs and in order to meet certain regulatory requirements, Oppenheimer will collect from you information such as income sources, assets, financial objectives, investment goals and investment experience. Additionally, once an account is established,
Oppenheimer collects and compiles commercial information from your account records, such as what investments you hold, the transactions taking place in your account and your account balances. Oppenheimer also collects certain background information from nonaffiliated third parties, such as consumer reporting agencies and other outside vendors who assist us in verifying your creditworthiness and your credit history, to the extent permitted by applicable laws. Further information on the use of these vendors is detailed below under “SHARING YOUR PERSONAL INFORMATION.”
Additionally, if you apply for employment at Oppenheimer, we may collect certain non-public background information from you in order to verify your identity, character, experience, and fitness for employment at Oppenheimer. This information will include, without limitation, your name postal address, phone number, education, military service status, previous employment, references, salary expectation, disciplinary history, criminal history and regulatory history, to the extent permitted by applicable laws. If you are offered employment, we will also collect certain personal information such as your credit history, birthdate, social security number, and political activity.
USE OF YOUR PERSONAL INFORMATION AND LAWFUL BASIS FOR ITS PROCESSING
In connection with our provision of financial services pursuant to applicable laws and meeting our contractual obligations to you, Oppenheimer uses your personal information in a variety of ways. In particular, we use your personal information:
- To establish your account at Oppenheimer and otherwise provide you with the information, financial products or services that you request from us.
- To assist you in meeting with your overall investment objectives. This includes a suitability analysis, as required by the Financial Regulatory Authority (“FINRA”), which requirement is designed to ensure investor protection and promote fair dealings.
- To contact you, or your designated representative, if applicable, in connection with your account(s) and/or any products or investments in which you may have expressed interest or that your Financial Professional believes may of interest to you.
- To respond to law enforcement requests and as required by applicable law, rule, regulation, court order, or regulatory request. For example, the USA Patriot Act requires financial institutions, such as Oppenheimer, to obtain and maintain certain personal information about their clients, including, without limitation, to verify your identity.
- To otherwise operate our business, or for any other purpose that complies with applicable laws, rules and regulations.
Our use and processing of your personal data is based upon our legitimate interest in transacting business in a responsible, commercially prudent, and lawful manner.
SHARING YOUR PERSONAL INFORMATION
From time to time, in the course of providing financial services or conducting business, Oppenheimer may share your personal information with nonaffiliated third parties. These nonaffiliated third parties include service providers that we use to generate statements or reports on your accounts, vendors who verify your creditworthiness or identity, companies that we use to process transactions in your account, companies that provide marketing services for us, and entities that provide legal or consulting services to Oppenheimer. Additionally, we may be required to share your personal information with fraud prevention and law enforcement agencies, courts, and non-governmental regulators, and when we believe, in good faith, that such disclosure is legally required or that we have a legitimate interest in making a disclosure, such as to protect our rights and property. Furthermore, Oppenheimer may enter into joint marketing agreements with nonaffiliated third parties. Please note that, in these cases, Oppenheimer only shares your personal information with nonaffiliated third parties after entering into a contractual relationship that (1) limits the nonaffiliated third party from using your personal information for any purpose other than the purpose Oppenheimer intended, unless it is aggregated and anonymized; and (2) requires the nonaffiliated party to keep your personal information confidential and secure.
Occasionally, some of your personal information, such as your creditworthiness, may be shared with companies that are affiliated with Oppenheimer in connection with marketing their products or services.
Oppenheimer does not sell any of your personal information to third parties.
In certain cases, you may opt out of information sharing. Please see the section entitled “RIGHTS REGARDING YOUR PERSONAL INFORMATION” to learn when and how you can instruct Oppenheimer not to share your personal information.
INTERNATIONAL TRANSFER OF YOUR PERSONAL INFORMATION
If you are a client based in the European Union (“EU Data Subject”), the personal data collected from you is transferred and processed in the United States, which country is not recognized by the European Commission as providing an equivalent level of protection for personal data as provided in the EU. By submitting your personal information to us, you expressly consent to the transfer of your personal data to recipients located outside of the European Economic Area. You may withdraw your consent to such transfer at any time by contacting us at PrivacyInquiries@opco.com. Please note, however, that we will not be able to maintain your account without such information.
RETENTION OF YOUR PERSONAL INFORMATION
The length of time that Oppenheimer will retain your personal data will depend on the specific type of information contained therein. However, Oppenheimer will not retain your personal data longer than is reasonably necessary to provide you with the requisite services to meet your financial goals and needs, and to fulfil our obligations to you. We may also retain your personal data to the extent necessary to meet our legal obligations related to certain accounting, reporting and various recordkeeping requirements.
PROTECTION OF YOUR PERSONAL INFORMATION
Oppenheimer has procedural, physical and technological safeguards that protect against loss or unauthorized disclosure of your personal information.
Procedurally, Oppenheimer employees are bound by, and held accountable to, a code of conduct and policies regarding confidentiality and the treatment of client information. Furthermore, only those Oppenheimer employees who require access to your personal information in order to provide customary services (investment, administrative, legal) to your account are granted access to your personal information. Additionally, Oppenheimer has a dedicated group that designs, implements, and provides oversight of information security. We also monitor our systems infrastructure in order to detect weaknesses and potential intrusions.
Physically, Oppenheimer has policies that require our employees to store and destroy documents containing your personally identifiable information in accordance with applicable laws, federal guidelines, and industry best practices.
Technologically, Oppenheimer uses methods such as encrypting files, utilizing firewalls to prevent unauthorized access to information, restricting access to client information to prevent removal of information from the firm, and masking of data on computer screens to protect your personal information.
As previously mentioned, before Oppenheimer shares your personal information with a nonaffiliated third party (other than for legal or regulatory purposes), we require that party to enter into a contractual agreement that limits the use of your personal information and requires that party to maintain the confidentiality of your personal information.
Finally, should your relationship with Oppenheimer end, your personal information will remain protected in accordance with our privacy practices as outlined in this Policy.
THIRD PARTY PROVIDERS
PROTECTING CHILDREN’S PRIVACY ONLINE
Our online services are not directed to or intended for individuals under 18 years of age.
RIGHTS REGARDING YOUR PERSONAL INFORMATION
OPTING OUT OF SHARING YOUR INFORMATION
Oppenheimer reserves the right to disclose or share your personal information with the aforementioned nonaffiliated third parties, for the aforementioned purposes, as permitted by applicable laws and regulations.
You may, however, instruct Oppenheimer not to share information with our affiliated companies for marketing purposes or for purposes other than servicing or maintaining your account, as described above.
You may also opt out of information sharing with nonaffiliated parties, except as may be required in order to meet our legal and regulatory requirements with respect to your account, or as may be necessary to service your account.
For your convenience, Oppenheimer provides several methods for you to opt out of sharing your information in the above circumstances and as permitted by law. You may:
- Contact the Financial Professional who services your account and provide him or her with written instructions to add your name to Oppenheimer's "Opt Out" list; or
- Send an email to us at firstname.lastname@example.org with your name and account number requesting that your name be added to Oppenheimer's "Opt Out" list.
EUROPEAN UNION CLIENTS
Under the EU General Data Protection Regulation (“GDPR”), EU Data Subjects are entitled to certain additional rights with respect to their personal data, subject to certain restrictions and limitations. In addition to the “Opt Out” rights described above, these rights include the following:
- The right to object to or restrict the processing of your personal data, including for marketing purposes;
- The right to access, rectify or erase your personal data;
- The right to request that a copy of your personal data be provided to you, or to a third party, in an electronic format;
- The right to file a complaint about the processing of your data with your local data protection authority.
EU Data Subjects may elect, at any time, to exercise any of the foregoing rights with respect to their data. You may do so by emailing us at PrivacyInquiries@opco.com.
Please note that our ability to maintain your account will be impacted if you exercise your right to object to the processing of your personal information. Further, if you request that your personal information be deleted, we will no longer be able to maintain your account. In addition, please note that our compliance with such a request will not extend to data that we are required to maintain as part of our legal and regulatory recordkeeping requirements. We will, however, delete all information subject to such a request once the term of those requirements has expired. Please refer to “RETENTION OF YOUR PERSONAL DATA” above for a description of those terms.
If you are a California resident, the California Consumer Protection Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively the “CCPA”), related regulations, and other California privacy laws may provide you with additional rights regarding your personal information. This section describes those rights and explains how to exercise them. Additionally, the CCPA requires us to make additional disclosures regarding the collection, use, and sharing of your personal information. Any terms defined in the CCPA have the same meaning when used in this Section of the Policy. Please note, however, that the CCPA and any rights provide thereunder do not apply to certain personal information subject to an exemption, including without limitation, personal information collected, processed, sold, and disclosed pursuant to the federal Gramm-Leach-Bliley Act (“GLBA”). Accordingly, please be advised that a determination regarding the applicability of the CCPA to your personal information will be made on a case-by-case basis and that submitting a request to Oppenheimer does not guarantee an accommodation of your request.
Personal information we collect and for what purpose
In the preceding 12 months, we have collected the following categories of personal information, including sensitive personal information: identifiers; information subject to Cal. Civ. Code § 1798.80(e); characteristic of protected classifications under California or federal law; commercial information; internet or similar activity; geolocation data; professional or employment-related information; education information; social security, driver’s license, state identification card or passport numbers; and any inferences drawn from the forgoing. Please note, the preceding sentence merely describes but does not expand the previously disclosed categories of information we collect described in the section titled “PERSONAL INFORMATION WE COLLECT AND MAINTAIN” above.
We only use or disclose your personal information, including sensitive personal information, in the ways described in this Policy, including helping ensure security and integrity of your information, performing other essential business functions such as maintaining or servicing accounts, providing customer service, and processing transactions.
We do not sell your personal information or share it for cross-context behavioral advertising. We may share your personal information with third parties as described in the section titled “SHARING YOUR PERSONAL INFORMATION” above. In the preceding 12 months, we have disclosed the following categories of personal information for business or commercial purposes to the following categories of recipients:
Categories of Personal Information Disclosed for a Business Purpose
- Identifiers like your name, address, or contact information
- Information subject to Cal. Civ. Code § 1798.80 like computerized information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to name or signatures
- Protected Classifications Characteristics under California or U.S. law
- Commercial Information
- Internet or other similar network activity
- Geolocation Data
- Employment-Related Information
- Social Security, Driver’s License, State Identification Card or Passport Numbers
Categories of Third Parties
- Third-party administrators, investment advisers, custodians, transfer agents, securities brokers, and other third-party businesses, and their affiliates
- Our affiliates
- Credit reporting agencies
- Legal or professional consultants
- Marketing Partners
- Essential information and technology providers
Access to specific information and data portability rights
You may request that we disclose the categories and/or specific pieces of your personal information that we collected over the past 12 months. Once we receive and confirm your verifiable consumer request and if we determine that your personal information is not otherwise exempt from the CCPA’s requirements, we will provide you with a summary of such information. For details on the categories of personal information that we collect, the category of sources for that personal information and our business or commercial purpose for collecting such information, please refer to the preceding table as well as the sections above titled, “PERSONAL INFORMATION WE COLLECT AND MAINTAIN” AND “USE OF YOUR PERSONAL INFORMATION AND LAWFUL BASIS FOR ITS PROCESSING.”
You may request that we delete any of your personal information that we collected from you and that we retained, subject to certain statutory and other exceptions. Once we receive and confirm your verifiable consumer request, we will purge, and direct our service providers to purge, to the extent applicable, your personal information from our records, unless an exception applies. Please note that if you request that your personal information be deleted, we will no longer be able to maintain your account. In addition to certain data exceptions, please note that our compliance with such a request will not extend to data that we are required to maintain as part of our legal and regulatory recordkeeping requirements. We will, however, delete all information subject to such a request once the term of those requirements has expired. Please refer to “RETENTION OF YOUR PERSONAL DATA” above for a description of those terms.
Correction of your personal information
You may request that we correct any inaccurate personal information that we maintain about you, considering the nature of the personal information and the purposes of the processing of that personal information.
Right against Discrimination
You may exercise your rights under the CCPA without discrimination. For example, unless the CCPA provides an exception, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you with a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising your rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by:
- Sending us an email at PrivacyInquiries@opco.com;
- Calling us at the following toll-free number: 833-515-0739; or
- Submitting a request at your regular Oppenheimer branch.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information to enable us to reasonably verify that you are the person about whom we collected personal information, or an authorized representative thereof.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
For security purposes, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. If you are a client of Oppenheimer, we will call the number that we have on file for you in an effort to verify your request. Making a verifiable consumer request does not require you to create an account with us. However, before we comply with your request for access or deletion, you may have to answer some questions about you and your relationship with us, along with providing us additional identification documentation. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Additional data privacy rights
Oppenheimer recognizes that the state where you live may provide its residents with additional data privacy rights that are not specifically addressed in this Policy. If you which to exercise a data privacy right provided to you by your state of residence, please reach out to us in the manners described above. Please note that all such requests will be reviewed on a case-by-case basis and that submitting a request to Oppenheimer does not guarantee the Oppenheimer will volunteer to accommodate of your request.
Response timing and format
Oppenheimer will acknowledge receipt of your request in writing within 10 days of its receipt. A response to a verifiable consumer request will then be provided within 45 days of its receipt. If we require more time to process your request (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
This Policy may change on occasion to reflect changes in our practices and in regulations concerning the collection and use of personal information. Please refer to this Policy from time to time so that you are aware of any changes or updates to the Policy. Changes to this Policy become effective when posted, so please check periodically for updates. The date that this Policy was last revised is identified below. If you have any questions or would like more information, please do not hesitate to contact us at PrivacyInquiries@opco.com or 833-515-0739.
Last updated: January 3, 2023