California Consumer Privacy Act (CCPA) Disclosure
California Consumer Privacy Act (CCPA) Disclosure
Rights for California Residents
To exercise one or more of your rights, you or someone you authorize, may call us at (800) 573-7138 or click on the following link CCPA Request and follow the instructions provided.
If you are a California resident you may have certain rights under the California Consumer Privacy Act regarding your personal information, including:
- the right to request the specific pieces of personal information we collected about you; the categories of personal information we collected; the categories of sources used to collect the personal information; the business or commercial purposes for collecting your personal information; and the categories of third parties with whom we share your personal information each as it pertains to our activities in the preceding twelve (12) months
- the right to request, on legitimate grounds, deletion of your personal information that we collected;
- the right to have someone you authorize make a request on your behalf; and
- the right, in certain circumstances, to correct inaccurate personal information we collected about you; and
- the right not to be discriminated against for exercising any of these rights.
We also must provide in this online disclosure certain details about our collection and handling of categories of personal information. The information that follows shows the types of personal information we may collect about California residents who are subject to the CCPA, the sources from which we collect it, and the ways in which we use and disclose it.
Our annual CCPA request metrics can be found at this link (PDF).
If you have questions after reviewing this policy, please visit Frequently Asked Questions.
Categories of Personal Information
- Personal identifiers, including those listed in other California statutes: Real name; alias; Social Security number; passport number; other government issued number; Green Card number; driving license number; telephone number; email address; postal address; account name; online identifier; device identifier; IP address
- Characteristics of protected classifications: date of birth/age; gender; military or veteran status; marital status; nationality; citizenship; request for family care leave; request for leave for employee’s own serious health condition; request for pregnancy leave
- Biometric information: fingerprint; voice recordings; keystroke patterns and rhythms
- Professional or Employment: title; salary; employment files; references
- Education information: details of your education and qualifications
- Financial details: bank account numbers; debit/credit card numbers; cardholder or accountholder name and details; transaction details
- Commercial Information: records of personal property; products and service purchased, obtained or considered; purchasing or consuming histories or tendencies
- Internet or other electronic network activity information: browsing history, search history, information regarding your interaction with a website, application or advertisement
- Geolocation data: any information used to identify your physical location
- Communications, recordings, images: audio, electronic, visual
- Inferences: Any derivation of information, data, assumptions, or conclusions drawn from certain of the above categories used to create a profile reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
Our Sources of Personal Information
Category of Sources from which we Collect Personal Information
- We obtain your personal information when you provide it to us (e.g., where you contact us via email or telephone, or by any other means)
- We collect personal information that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), to the extent that you choose to make your profile publicly visible)
- We receive your personal information from third parties who provide it to us (e.g., our customers; credit reference agencies; and law enforcement authorities)
- We collect or obtain personal information when you visit any of our Sites or use any features or resources available on or through a Site. When you visit a Site, your device and browser may automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a Site and other technical communications information), some of which may constitute Personal Data
Use of Information
Business and Commercial Purposes for Use of Personal Information
- Marketing/Prospecting: communicating with you via any means (including via email, telephone, text message, social media, post or in person) subject to ensuring that such communications are provided to you in compliance with applicable law; and maintaining and updating your contact information where appropriate
- Operation of our Sites: operation and management of our Sites; providing content to you; displaying advertising and other information to you; and communicating and interacting with you via our Sites
- IT operations: management of our communications systems; operation of IT security; and IT security audits
- Health and safety: health and safety assessments and record keeping; and compliance with related legal obligations
- Financial management: sales; finance; corporate audit; and vendor management
- Research: conducting market or customer satisfaction research; and engaging with you for the purposes of obtaining your views on our products and services
- Security: physical security of our premises (including records of visits to our premises and CCTV recordings); and electronic security (including login records and access details, where you access our electronic systems)
- Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law
- Legal compliance: compliance with our legal and regulatory obligations under applicable law
- Legal proceedings: establishing, exercising and defending legal rights
- Improving our products and services: identifying issues with existing products and services; planning improvements to existing products and services; and creating new products and services
- Risk Management: Audit, compliance, controls and other risk management
- Fraud prevention: Detecting, preventing and investigating fraud
Disclosure of Information
Categories of Third Parties to Whom Personal Information is Disclosed
- You and, where appropriate, your family, your associates and your representatives
- Anti-fraud services
- Accountants, auditors, financial advisors, lawyers and other outside professional advisors to JPMorgan Chase, subject to confidentiality
- Data aggregation services
- Accreditation bodies
- Third party service providers (such as payment services providers; shipping companies; etc.)
- Credit reporting agencies
- Governmental, legal, regulatory, or other similar authorities and/or local government agencies, upon request or where required
- Any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation)
We take reasonable steps designed to ensure that your personal information are only processed for the minimum period necessary for the purposes set out in this disclosure. The criteria for determining the duration for which we will retain your personal information are as follows:
- We will retain copies of your personal information in a form that permits identification only for as long as:
- We maintain an ongoing relationship with you (e.g., while you remain an employee, or where you are still receiving services from us); or
- Your personal information are necessary in connection with purposes set out in this disclosure
- The duration of any applicable limitation period under applicable law; and where required
- In addition, if any relevant legal claims are anticipated/brought, we may continue to process your personal information for such additional periods as are necessary in connection with that claim.
During the periods noted above we will restrict our processing of your personal information to storage of, and maintaining the security of, that information except to the extent that that information needs to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods above, each to the extent applicable or permitted by applicable law, have concluded, we will 1) permanently delete or destroy the relevant personal information, or 2) archive your personal information so that it is beyond use; or 3) anonymize the relevant personal information.
Sale of Personal Information
J.P. Morgan Chase does not offer an opt-out from the sale of personal information because J.P. Morgan Chase does not engage in the sale of personal information as contemplated by the CCPA. As noted elsewhere in this disclosure, we disclose personal information to other businesses for a variety of reasons. While we often benefit from such disclosure, we do not disclose personal information for the sole purpose of receiving compensation for that information.
Changes to this Disclosure
We may change this disclosure from time to time. When we do, we will let you know by appropriate means such as by posting the revised disclosure on our CCPA web site with a new “Last Updated” date. Any changes to this disclosure will become effective when posted unless indicated otherwise.