Collecting and using Personal Information is necessary to our business as a financial services company in order to offer and administer our products and services and to comply with our regulatory obligations. Your trust is important to us. One way we earn it is by protecting and respecting your Personal Information.
If you are a current or former customer or client of John Hancock, we will also handle your Personal Information in accordance with our other privacy policies, which you may view below.
The Personal Information we collect falls into three general categories:
It is collected on paper forms and written correspondence, by telephone and faxes, and using online means such as the Internet, electronic devices, chatbots, and via mobile applications.
The information that we collect online depends on which of our Websites or Mobile Applications (“Apps”) you are visiting or using, what you request or do on them, your relationship to us, interactions, and whether you can register or need to log in as a customer, client, account owner, care provider, participant, employee, advisor, financial professional, business partner, or other authorized user. Some information is provided by you to us while other data is automatically gathered.
When you visit our Websites or use our Apps, receive and respond to some of our email communications, or if you click on certain advertisements we place on other websites, we and contracted service providers acting on our behalf, may receive and collect certain information from and about you which may include Personal Information.
“Personal Information” means personally identifiable information that you provide via applications, online forms, surveys, and menu options, or that is automatically gathered when you visit our Websites or use our Apps. Personal Information may include (i) personal data such as name, address, email address, telephone number, gender, date of birth, Social Security Number, and citizenship, (ii) financial data such as income, assets, banking information, and investment preferences, (iii) health data, such as medical, and health-related information and habits, and (iv) location data.
Most information about our products and services can be viewed without our collecting or visitors providing Personal Information. However, many of our Websites and Apps do require Personal Information to be entered, such as a contract number, email address, Social Security Number, date of birth, user id, PIN code, or password to ensure only authorized persons can access account information. When interacting with us through your mobile device, we collect data such as unique device identifiers, screen resolution and other device settings, information about your location, and about how you use your mobile device. We typically ask your permission before collecting certain information such as precise geolocation information.
If you are applying for insurance, opening an account, subscribing to an advice service, or performing certain transactions on an existing account or policy, we may need to collect additional information. It may include your employment status, occupation, profession, citizenship status, tax status, opinions, comments, feedback, health-related history and exercise activities, hobbies, lifestyle habits, social values, answers to security questions, and financial information such as your income, net worth, investment preferences, risk tolerances, and financial goals. For some of our products, services and events, we may require you to name and provide the Personal Information of a beneficiary, provide details about other financial accounts you have, and to provide certain financial details such as your bank account or credit card information in order to facilitate the processing of payments. Others may ask to you to provide details about your travel plans and destinations, as well as those of your traveling companions.
Information recorded and collected via our telephone voice portals, email, and our online chat functionality will be retained and monitored in order to respond to your requests or inquiries, comply with certain regulatory obligations, and used for analytics and quality assurance purposes.
We collect and use aggregated data such as statistical, and demographic data for several purposes including operational efficiencies, product development, and marketing. Aggregated data does not directly or indirectly reveal the identify of an individual.
We may combine the information we collect from you with information obtained from other sources to help us improve your John Hancock experience, and to help us better personalize our interactions with you.
We collect various types of anonymous data about visitors to our Websites and users of our Apps. Certain information is collected by web browsers and/or through your device, such as your Internet Protocol (IP) or Media Access Control (MAC) address, device type, screen resolution, operating system version, internet browser type and version, links clicked, and searches conducted on our sites. We use this data for various purposes including to help us better understand user behavior, ensure our Websites and Apps function properly, for fraud detection and prevention, and for security purposes. We also use various technologies applied to your browser or device, including cookies and web beacons.
Cookies are text files containing small amounts of information which are sent to your browser and stored on your computer, tablet, smartphone or other device when you visit a website. There are different kinds of cookies. Persistent cookies remain on your device until they expire or you delete them. Session cookies temporarily remain on your device until you close your browser. Some cookies are those set by us on our own websites. Third-party cookies are set by others when authorized by us to do so. Cookies allow us to collect data about users such as their browser types, the operating system on their devices, their IP addresses, time spent on the website, pages visited and when, user geographical location, and whether they are new or repeat visitors.
If you use an online chat feature on some of our Websites, a cookie will be placed on your device which enables us to determine if you are a new visitor and provides our response team with the history of prior conversations you may have had with us via online chat.
Some of our web pages also contain electronic images known as “web beacons”, “clear GIF images”, and “pixel tags”. They are relied upon for many of the same purposes as cookies to gather statistics about how our Websites are used and deliver information to you about our products and services. Web beacons are also embedded in email surveys, marketing messages and our electronic newsletters in order to determine whether messages have been opened and if links are clicked on.
Account Information from Other Financial Institutions
In order to provide certain advice or services to you, you may direct us to retrieve and aggregate information from accounts you have with other financial institutions. It may include current balances, transaction histories, and holdings from brokerage accounts, investment accounts, bank accounts, credit card accounts, and similar accounts you designate. By providing the name of the other financial institution, your user credentials and other necessary information, you grant John Hancock and its authorized service providers the right, power, and authority to act on your behalf to access and securely transmit your personal and financial information from the relevant financial institution(s) you designate.
Some of our call centers rely on voiceprint authentication to verify callers. It is intended to protect customer accounts from unauthorized access by enabling enhanced verification to allow easier and more secure authentication and faster service. It works by creating a unique digital voiceprint to verify a caller’s identity on future calls, and is used solely:
John Hancock and its service provider will not disclose your voiceprint to any third party for their own use, unless required by law or with your consent. We safeguard it with the same security controls that we use to protect your other highly sensitive Personal Information. You may ask us at any time to stop using your voiceprint for authentication purposes. Read our Frequently Asked Questions sections within the help center to learn more.
We use and share your Personal Information when directed or requested by you, and to operate our business and provide services to you, such as to:
We will also use or disclose your Personal Information in order to comply with legal, regulatory or administrative requirements of governmental authorities, to protect and defend the rights or property of John Hancock, in urgent circumstances to protect the personal safety of users of the Websites or Apps or the public, and as permitted or required by applicable law.
Some of our Websites may include social media buttons or icons (“plug-ins”) that enable users to easily share information on a social media platform. These plug-ins may log certain information such as your IP address, browser type and language, and what webpages you view and when. If you are logged into those social media platforms while using our Websites, they may also link such collected information with your profile on that platform. We do not control these third-party tracking technologies. We encourage you to review the privacy policies on social media platforms where you have an account to better understand how these third parties collect and treat such information. We are not responsible for the privacy or security practices of the social media platforms we use.
We use a combination of security measures and maintain physical, technical, and administrative safeguards designed to keep your Personal Information safe.
For example, we employ encryption techniques such as Transport Layer Security (TLS) and authentication technologies intended to safeguard the transmission of your Personal Information over the Internet. Some of our Websites utilize a timeout feature which will automatically log you out of your account after a period of idle time.
You should be aware that no method of transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure. There are steps you can take to help protect yourself, such as:
Be Aware of Fake Messages
To help protect yourself, do not trust any unsolicited telephone call, email or text message that requests your Personal Information. Fraudsters can make telephone numbers and messages look like they come from legitimate sources, including John Hancock, and include links, QR (quick response) codes, or instructions directing you to a website designed to trick you into revealing information. If you receive a suspicious message that appears to be from John Hancock, do not reply, open any attachment, or click on a link. Instead, contact us directly to confirm the legitimacy of the message you received.
To learn more about protecting yourself on the Internet, visit https://staysafeonline.org/.
Online tracking is the collection of data about an individual’s Internet activity that is used to deliver targeted advertisements and for other purposes. Certain browsers offer users the ability to activate a “Do Not Track” signal. Like many other websites and online services, we do not currently process or respond to “Do Not Track” signals from your browser.
Our products and services are not marketed to or intended for use by minors. We do not knowingly collect Personal Information online from anyone under the age of 13 and request that any individuals under 13 years of age not provide Personal Information through our Websites or Apps. If you believe that we might have any information from a child under age 13, please contact us.
John Hancock’s Websites and Apps are hosted in the United States and Canada and are not directed at users located outside the United States. If you are a resident of other countries, you should note that by providing your Personal Information, you consent to:
What is Personal Information
The CPRA defines and applies to Personal Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. It includes your real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
It does not include:
publicly available information we obtain from government records, or de-identified or aggregated consumer information.
Important Note: The CPRA does not apply to certain Personal Information about our prospective and current clients, customers, participants, and consumers that is regulated by the following federal and state privacy laws:
We do not sell Personal Information about current or former customers (including the personal information of minors under the age of 16) to any third parties. We have not sold consumers’ personal information in the preceding 12 months.
This Policy does not apply to employees or job applicants. If you are a job applicant, employee or contractor of John Hancock, please refer to our Personal Information Privacy Statement for details on how we use your Personal Information.
Information We Collect
One or more of our various businesses have collected the following categories of Personal Information from California residents within the last twelve (12) months:
|Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||Yes|
|Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.||Yes|
|Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, national origin, citizenship, religion, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Yes|
|Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|Biometric information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, and voiceprints, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||Yes|
|Internet or other similar network activity||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||Yes|
|Geolocation data||State and country location.||Yes|
|Sensory data||Audio, electronic, visual, or similar information.||Yes|
|Professional or employment-related information||Current or past job history or performance evaluations.||Yes|
|Education information||Details about your education, training, and qualifications.||Yes|
|Inferences drawn from the above||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes|
|Sensitive Personal Information||As defined by California law, a subset of the above that includes a consumer's: Social Security, driver's license, state identification card, or passport number; account login or financial account number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of email and text messages (unless John Hancock is the intended recipient); genetic information; the processing of biometric information for the purpose of uniquely identifying a consumer; and Personal Information collected and analyzed concerning a consumer's health, sex life, and/or sexual orientation.|
We obtain Personal Information provided voluntarily by you or a family member when you submit an application or other similar forms directly to us or our service providers by mail, email, by telephone and fax, or via our websites and mobile applications. We also gather it from written or verbal inquiries submitted by you, surveys, transactions, and directly and indirectly from online interactions with you.
We also collect information from third parties and publicly available sources, which include data service providers, social media platforms, market research firms, financial professionals, other financial services firms, employers and group plan sponsors, travel companies, and consumer reporting agencies.
Business Purposes for Collecting Personal Information
Collecting and using Personal Information is necessary to our business as a financial services company in order to develop, enhance, and administer our products and services, respond to your requests, inquiries and concerns, inform and educate you about our company and events, support our diversity, equity and inclusion initiatives, for vendor management, and for advertising and marketing purposes. It also helps us to confirm your identity for certain transactions you request or that are initiated on your behalf, improve our website and mobile application user experience, authenticate users, prevent and detect fraud and potential security issues, and fulfill our legal, accounting, and regulatory obligations such as tax reporting.
When we collect Sensitive Personal Information, we only use or disclose it for the following permissible purposes:
We currently do not collect or use Sensitive Personal Information for the purpose of inferring characteristics about consumers.
Disclosures of Personal Information
Depending on which of our businesses collected it, your Personal Information may have been disclosed to:
Business Purposes for Disclosure of Personal Information
How long do We retain your Personal Information?
Depending on the nature of our relationship with you, we may retain your Personal Information for a number of years after our relationship ends. We will retain it in accordance with our Records Management Policy to maintain business records for analysis and audit purposes, to comply with our record retention obligations under applicable law and regulations, and to defend or bring any complaints or legal claims. The length of time will depend on the specific purpose for which we collected and used your Personal Information.
Right to Know
You have the right to request that we disclose certain information to you about our collection of your Personal Information. Upon our receipt of your verified request, we will provide you with the following:
Please note that even if your request is validated, we will not at any time disclose sensitive information such as a Social Security Number, driver’s license number or other government-issued identification number, financial account number, health insurance or medical identification number, account password, or answers to security questions.
You have the right to request that we disclose certain information to you about our disclosures of your Personal Information to third parties. Upon our receipt of your verified request, we will provide you with the following:
Right to Correct
You have the right to request that we correct or update your Personal Information if it is inaccurate. We will use commercially reasonable efforts to correct it upon receiving a verifiable request. We may choose to delete your Personal Information rather than correct it. We may not be able to agree to your request if it may violate any law or regulatory requirement or cause other information to be incorrect.
Right to Opt-Out of Sale or Sharing
You have a right to request a business that sells or shares Personal Information not to sell or share yours. John Hancock does not sell or share Personal Information to third parties
Right to Limit Use and Disclosure of Sensitive Personal Information
We currently limit our uses and necessary disclosures of Sensitive Personal Information only to those purposes permissible under California law as described above in the “Business Purposes for Collecting Personal Information” section of this Policy. Where we also do not use or disclose it for the purpose of inferring characteristics about consumers, we do not offer a right to limit our use and disclosure of your Sensitive Personal Information. In the event our practices change, we will update this Policy and provide you with an option to limit our use and disclosure of your Sensitive Personal Information.
Right to Request Deletion
You have the right to request that we delete certain Personal Information we collected from you. We will use commercially reasonable efforts to honor your verified request. If we agree to your request, we will also notify, if possible, our service providers, contractors and third parties of your deletion request. However, in many cases we cannot delete all or some of it due to our regulatory obligations to retain certain information, or as required or permitted by other applicable laws, such as for fraud prevention and similar purposes. We will explain to you what we will delete and what we cannot, and the reason for retention.
Right of Non-Retaliation
We will not discriminate against you for exercising your privacy rights, such as denying you products and services, charging you different rates or prices, or suggesting or providing a different level of service to you.
How to Exercise Your Rights
To submit a request to exercise any of your rights provided in this notice, please use our online form, or submit your request by phone by calling us at 1-844-300-7699.
We must be able to verify your identity and relationship to John Hancock before we take action on your request. Please provide sufficient information to assist us, including a transaction date, account or policy number, and state of residence. Let us know if there is anything specific that you are requesting. We may request additional information from you to help us verify your identity and process the request. You do not need to create an account in order to submit a privacy rights request.
You may designate an authorized agent to make a request on your behalf. If your request is submitted by an authorized agent, we will take reasonable steps to verify the agent's identity and authorization to make the request on your behalf.
We will confirm receipt of a request to know, delete, or correct your Personal Information within 10 business days. We will respond to a verifiable request within 45 calendar days after we receive it. If we require more time (up to an additional 45 calendar days), we will provide you an explanation of the reasons why it will take more than the original 45 days to respond to your request. We will deliver our response electronically or by mail, whichever you prefer.
During 2022, the following consumer requests were processed:
|Requests to Know|
The number of requests to know that John Hancock received, complied with in whole or in part, and denied;
|Right to Delete|
The number of requests to delete that John Hancock received, complied with in whole or in part, and denied due to exemptions or inability to verify the request;
|Requests to Opt-Out|
The number of requests to opt-out of sale that John Hancock received, complied with in whole or in part, and denied; and
|Mean Response Time (# of Days)|
The median or mean number of days within which John Hancock substantively responded to requests to know, requests to delete, and requests to opt-out.
As part of our general business activities and interactions with individuals and the entity with whom they are employed or represent such as an agent, broker, financial advisor, financial professional, plan sponsor, third-party administrator, consultant, auditor, attorney, supplier, contractor, service provider or care provider, we may collect your name, work contact details (address, telephone and fax number, email address, and social media handle), employment history, licensing credentials, registrations, designations, and details about the position and role you hold in your professional capacity. We collect information about you, or individuals you represent, such as directors, officers and other key management personnel. For certain business partners, we may also collect your date of birth, age, gender, race, ethnicity, citizenship or national origin, sexual orientation, veteran or military status, government identifiers such as your Social Security number, a copy of your drivers’ license or passport, your photo, CCTV footage or video recording, voice recording, voiceprint, fingerprints, certain financial information (e.g., bank account details), lifestyle demographics, profile information which include your transactions with us, your interests, preferences, opinions, feedback, and survey responses.
If you visit our website or use our mobile applications, we will collect device data including your Internet Protocol (IP) address, your login data (such as a username and password), the domain and host from which you access the Internet, the date and time you access our site, browser and operating system information, general location estimated from your IP address or through your Wi-Fi connection, your precise geolocation (with your permission), details about your mobile device including its unique identifier, and the Internet address of the site from which you came to our site.
We collect this information for purposes of:
We collect your Personal Information directly from you, or your authorized representative, employer, publicly available sources, data service providers, social media services, market research firms, other financial services firms, regulatory databases, and consumer reporting agencies.
If you are a resident of California, we collect the same categories of Personal Information as defined by the California Consumer Privacy Rights Act and its regulations, from similar sources, and for which you have the same privacy rights.
We offer you certain choices about how we communicate with you and what information we collect from you online. Some of our Websites or Apps provide features that allow you to access and update Personal Information you have provided, or manage your communications preferences.
You can opt-out of analytics activity by setting your browser to notify you when a cookie is sent and block analytics cookies if desired. Review your browser's Help Menu for instructions.
If you do not want to continue to receive electronic newsletters or receive marketing materials by email, you can indicate your preference by using the “opt-out” or “unsubscribe” link provided in such email messages.
You also may contact us as described in the How To Contact Us section below with questions or comments about our privacy practices.