Effective Date: July 25, 2024
Charles Schwab & Co., Inc., including its Stock Plan Services division, ("Schwab," "us," "we," or "our") complies with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF") and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF") as set forth by the U.S. Department of Commerce. Schwab has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles ("EU-U.S. DPF Principles") with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Schwab has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles ("Swiss-U.S. DPF Principles") with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
We obtain, process, and use personal data on behalf of and under the instructions of our corporate clients only for purposes of providing services to them. In this context, our corporate clients are the data controllers (each a "Data Controller" and, collectively, "Data Controllers"). Each party's role and responsibilities for processing personal data are defined in our contractual agreements with the Data Controllers.
The types of personal data transferred and processed depend on the services we provide to the Data Controllers.
Our corporate clients typically provide stock plan administration and services to their employees and other individuals, including the offer of stock options, equity grants, investment management, and related services. Corporate clients transfer personal data to us regarding their employees and other individuals to whom they offer stock plan administration and other services. This personal data may include an individual's name or other personal identifier used by their employer; physical address; email address; date of birth; Social Security number, passport, or other government identification number; and financial and employment information such as income, payroll data, and stock plan grants and transactions. We obtain and process this personal data to support a corporate client's stock plan administration and offerings and, to the extent applicable, the client's compliance with applicable laws, rules, and regulations.
Individuals may open brokerage accounts and conduct other business directly with us or our affiliated companies, subject to separate agreements, privacy notices, and other arrangements between Schwab and the individuals. In this context, Schwab is responsible to the individuals as a Data Controller, and we collect and process personal data received directly from individuals or provided on their behalf, including personal data submitted through our publicly available websites and in connection with maintaining and servicing our customer relationships.
We obtain and process this personal data in order to perform services, to help conduct our business, including through affiliate marketing, and, to the extent necessary, to support compliance with applicable laws, rules, and regulations, as well as applicable corporate enterprise standards, policies, and procedures.
We commit to adhering to the EU-U.S. DPF Principles and the Swiss-US DPF Principles with respect to all personal data transferred to us for processing by the Data Controllers from their territories.
We share personal data with affiliated and unaffiliated third parties who assist us (as sub-processors) with the processing of personal data on behalf of the Data Controllers, including, for example, information technology and data storage support providers. We remain liable in cases of onward transfers of such personal data to third parties if the third party processes personal data in a manner inconsistent with the EU-U.S. DPF Principles or the Swiss-US DPF Principles.
We may also share personal data in connection with a corporate reorganization, divestiture, merger, restructuring, or other sale of some or all of our assets, in which personal data held by Schwab is among the assets or business operations transferred.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Schwab commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Schwab as provided below:
For individuals in the U.K. with questions or that need to address a complaint, you may contact us at Tel: 0203 795 2704 or inquiry@schwab.com or, if by mail, please address your communication to Charles Schwab, U.K., Ltd. Attn: Compliance, 33 Ludgate Hill, London, EC4M 7NJ, United Kingdom.
Similarly, for individuals in the EEA and Switzerland, you may contact us through our designated representative MCF Legal Technology Solutions Limited at Tel: 00353 01 829 0000 or schwab@mcf.ie or, if by mail, please address your communication to MCF Legal Technology Solutions Limited, Riverside One, Sir John Rogerson's Quay, Dublin 2, Ireland.
You have the right to access your personal data and to make choices for limiting the use and disclosure of such data. We process personal data on the instructions of Data Controllers. To access or make choices to limit the use and disclosure of your personal data, please first contact the Data Controller providing services to you. We will work to respond to a request pursuant to the Data Controller's instructions. If you are unable to contact your Data Controller, we will assist you and coordinate with the applicable Data Controller to the extent possible to facilitate your rights and requests.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Schwab commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Centre for Dispute Resolution/American Arbitration Association ("ICDR/AAA"), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.
As previously noted, please first contact your Data Controller with any complaints. If you are unable to contact your Data Controller, please contact us and we will assist you to the extent possible.
Your Data Controller may have different dispute resolution processes or providers, and we encourage you to first raise any matter you may have with your Data Controller, as well as bringing any matter to our attention, before proceeding to this independent dispute resolution option.
You may have the option, under certain circumstances, to invoke binding arbitration through the ICDR/AAA.
The Federal Trade Commission has jurisdiction over Schwab's compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
©2024 Charles Schwab & Co., Inc. All rights reserved. (0724-AEE1) REG95742-05 (07/24)