Collecting and using Personal Information is necessary to our business as a leading financial services company in order to offer and administer our products and services and to comply with our regulatory obligations. Your trust is important to us. One way we earn it is by protecting and respecting your Personal Information.
If you are a current or former customer or client of John Hancock, we will also handle your Personal Information in accordance with our other privacy policies, which you may view below.
The Personal Information we collect falls into three general categories:
It is collected on paper forms and written correspondence, by telephone and faxes, and using online means such as the Internet, electronic devices, and via mobile applications.
The information that we collect online depends on which of our Websites or Mobile Applications (“Apps”) you are visiting or using, what you request or do on them, your relationship to us, interactions, and whether you can register or need to log in as a customer, client, account owner, care provider, participant, employee, advisor, financial professional, business partner, or other authorized user. Some information is provided by you to us while other data is automatically gathered.
When you visit our Websites or use our Apps, receive and respond to some of our promotional emails, or if you click on certain advertisements we place on other websites, we and contracted service providers acting on our behalf, may receive and collect certain information from and about you which may include Personal Information.
“Personal Information” means personally identifiable information that you provide via applications, online forms, surveys, and menu options, or that is automatically gathered when you visit our Websites or use our Apps. Personal Information may include (i) personal data such as name, address, email address, telephone number, gender, date of birth, Social Security Number, and citizenship, (ii) financial data such as income, assets, banking information, and investment preferences, (iii) health data, such as medical, and health-related information and habits, and (iv) geographical location data.
Most information about our products and services can be viewed without our collecting or visitors providing Personal Information. However, many of our Websites and Apps do require Personal Information to be entered, such as a contract number, email address, Social Security Number, date of birth, user id, PIN code, or password to ensure only authorized persons can access account information.
If you are applying for insurance, opening an account, subscribing to an advice service, or performing certain transactions on an existing account or policy, we may need to collect additional information. It may include your employment status, occupation, profession, citizenship status, tax status, opinions, comments, feedback, health-related history and exercise activities, hobbies, lifestyle habits, social values, answers to security questions, and financial information such as your income, net worth, investment preferences, risk tolerances, and financial goals. For some of our products, services and events, we may require you to name and provide the Personal Information of a beneficiary, provide details about other financial accounts you have, and to provide certain financial details such as your bank account or credit card information in order to facilitate the processing of payments. Others may ask to you to provide details about your travel plans and destinations, as well as those of your traveling companions.
Information recorded and collected via our telephone voice portals, email, and our online chat functionality will be retained and monitored in order to respond to your requests or inquiries, comply with certain regulatory obligations, and used for analytics and quality assurance purposes.
We collect and use aggregated data such as statistical, census, and demographic data for several purposes including operational efficiencies, product development, and for targeted marketing. Aggregated data does not directly or indirectly reveal the identity of individual consumers.
We may combine the information we collect from you with information obtained from other sources to help us improve your John Hancock experience, and to help us better personalize our interactions with you.
We collect various types of anonymous data about visitors to our Websites and users of our Apps. Certain information is collected by web browsers and/or through your device, such as your Internet Protocol (IP) or Media Access Control (MAC) address, device type, screen resolution, operating system version, internet browser type and version, links clicked, and searches conducted on our sites. We use this data for various purposes including to help us better understand user behavior, ensure our Websites and Apps function properly, for fraud detection and prevention, and for security purposes. We also use various technologies applied to your browser or device, including cookies and web beacons.
Cookies are text files containing small amounts of information which are sent to your browser and stored on your computer, tablet, smartphone or other device when you visit a website. There are different kinds of cookies. Permanent (“persistent”) cookies remain on your device until you delete them. Temporary (“session”) cookies remain on your device until you close your browser. Some cookies are those set by us on our own websites. Third-party cookies are set by others when authorized by us to do so. Cookies allow us to collect data about users such as their browser types, the operating system on their devices, their IP addresses, time spent on the website, pages visited and when, user geographical location, and whether they are new or repeat visitors.
If you use an online chat feature on some of our Websites, a cookie will be placed on your device which enables us to determine if you are a new visitor and provides our response team with the history of prior conversations you may have had with us via online chat.
Some of our web pages also contain electronic images known as “web beacons”, “clear GIF images”, and “pixel tags”. They are relied upon for many of the same purposes as cookies to gather statistics about how our Websites are used and deliver information to you about our products and services. Web beacons are also embedded in email surveys, marketing messages and our electronic newsletters in order to determine whether messages have been opened and if links are clicked on.
Mixpanel is an analytics tool relied upon to understand how clients use our Twine application, to contact you about your use of our product, and to collect information based on your interaction with our services. Email we send to you through Mixpanel’s services may contain web beacons to track when you open and act upon such emails. You can prevent Mixpanel from using your information for analytics purposes by opting-out at https://mixpanel.com/optout/. To track opt-outs, Mixpanel places a persistent cookie on your devices. If you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers) you may also clear the Mixpanel opt-out cookie, and will need to revisit their opt-out page. For more information on Mixpanel’s privacy practices, visit https://mixpanel.com/privacy/
Account Information from Other Financial Institutions
In order to provide certain advice or services to you, you may direct us to retrieve and aggregate information from accounts you have with other financial institutions. It may include current balances, transaction histories, and holdings from brokerage accounts, investment accounts, bank accounts, credit card accounts, and similar accounts you designate. By providing the name of the other financial institution, your user credentials and other necessary information, you grant John Hancock and its authorized service providers the right, power, and authority to act on your behalf to access and securely transmit your personal and financial information from the relevant financial institution(s) you designate.
Some of our call centers rely on voiceprint authentication to verify callers. It is intended to protect customer accounts from unauthorized access while enabling our customers to conveniently access it. It works by creating a unique digital voiceprint to verify a caller’s identity on future calls, and is used solely:
John Hancock and its service provider will not disclose your voiceprint to any third party for their own use, unless required by law or with your consent. We safeguard it with the same security controls that we use to protect your other highly sensitive Personal Information. You may ask us at any time to stop using your voiceprint for authentication purposes. Read our Frequently Asked Questions sections within the help center to learn more.
John Hancock does not sell your Personal Information.
We use and share your Personal Information when directed or requested by you, and to operate our business and provide services to you, such as to:
We will also use or share your Personal Information in order to comply with legal, regulatory or administrative requirements of governmental authorities, to protect and defend the rights or property of John Hancock, in urgent circumstances to protect the personal safety of users of the Websites or Apps or the public, and as permitted or required by applicable law.
This information will be used to deliver advertisements across different marketing channels online (websites and apps) and by direct mail, email, or telephone that is customized to meet specific interests you may have. It may include the sending of marketing emails based on the fact that a consumer visited a particular website.
We may combine aggregated and de-identified data , along with Personal Information we have about you and your relationship to John Hancock (such as types of accounts, transactional information or the state in which you live), to select which of our advertisements or offers may appeal to you, display them to you, monitor responses, and help us measure brand awareness. To learn more about and to opt-out of the collection and use of data for targeted advertising, visit http://www.aboutads.info/choices and http://www.aboutads.info/appchoices. Your device may also include a feature (“Limit Ad Tracking” on Apple iOS or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that enables you to opt out of having certain information collected through mobile applications for targeted advertising purposes.
Some of our Websites may include social media buttons or icons (“plug-ins”) that enable users to easily share information on a social media platform. These plug-ins may log certain information such as your IP address, browser type and language, and what webpages you view and when. If you are logged into those social media platforms while using our Websites, they may also link such collected information with your profile on that platform. We do not control these third-party tracking technologies. We encourage you to review the privacy policies on social media platforms where you have an account to better understand how these third parties collect and treat such information. We are not responsible for the privacy or security practices of the social media platforms we use.
To help protect your Personal Information from unauthorized access and use, we use a combination of security measures and maintain physical, technical, and administrative safeguards designed to keep it safe.
For example, we employ encryption techniques such as Transport Layer Security (TLS) and authentication technologies intended to safeguard the transmission of your Personal Information over the Internet. Some of our Websites utilize a timeout feature which will automatically log you out of your account after a period of idle time.
You should be aware that no method of transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure. There are steps you can take to help protect yourself, such as:
Be Aware of Phishing Emails
To help protect yourself, do not trust any unsolicited email communication that requests your Personal Information. Criminals can make fraudulent emails look like they come from legitimate sources, including John Hancock, or include links or instructions directing you to a website designed and operated by criminals to trick you into revealing such information. To help protect you, John Hancock will never send an unsolicited email message asking you to provide personal information. If you receive a suspicious message that appears to be from John Hancock, do not reply or click on the link. Instead, contact us directly to confirm the legitimacy of the message you received.
John Hancock cannot guarantee and is not responsible for the accuracy or completeness of the information we retrieve, or for technical difficulties and service interruptions which may result in a failure or delay in obtaining data from the accounts you have with other financial institutions. To learn more about protecting yourself on the Internet, visit www.staysafeonline.org.
Online tracking is the collection of data about an individual’s Internet activity that is used to deliver targeted advertisements and for other purposes. Certain browsers offer users the ability to activate a “Do Not Track” signal. Like many other websites and online services, we do not currently process or respond to “Do Not Track” signals from your browser. Both we and our service providers may collect Personal Information about our visitors’ online activities over time and across third-party websites.
Our products and services are not marketed to or intended for use by minors. We do not knowingly collect Personal Information online from anyone under the age of 13 and request that any individuals under 13 years of age not provide Personal Information through our Websites or Apps. If you believe that we might have any information from a child under age 13, please contact us.
John Hancock’s Websites and Apps are hosted in the United States and Canada. If you are a resident of other countries, you should note that by providing your Personal Information, you consent to:
Who is the data controller?
A data controller is an individual or legal entity who controls and is responsible to maintain and use personal data. John Hancock Life Insurance Company (U.S.A.), John Hancock Life & Health Insurance Company, and their respective subsidiaries and affiliates (“John Hancock”, “We”, “Us”, “Our”), is the Data Controller.
What personal data will be collected, how, and why?
Collecting personal data about you helps us serve you, respond to your inquiries and requests, communicate with you, provide relevant products and services, and operate, evaluate, and improve the administration of our business.
We rely on one or more of the following lawful bases permitted by the EU General Data Protection Regulation (GDPR) and the U.K. GDPR:
The type of information we collect varies and depends on your relationship with us, and the contract, agreement, product or service you have with us. Generally, we do not rely on your consent as a lawful basis for processing your personal data except should we need to obtain sensitive personal data (such as medical or biometric data).
We will collect and use personal data that you provide to Us and that We receive about you for a number of purposes:
Categories of personal data collected
What we use it for
Age or Date of Birth
Contact information (email address, telephone numbers, user ids, fax number)
Government Identification Number
Nationality/citizenship Marital status
Financial history, income, assets and investment preferences
Bank account or credit card details.
|The management and administration of your policy or account (eg. payment, billing, withdrawals, distributions, claim adjudication), and the distribution of related correspondence to you.||Processing is necessary for the performance of your contract with us.|
|To report tax information to relevant tax authorities.||Processing is necessary for the purposes of our legitimate interests in complying with legal obligations to which we are subject.|
|To monitor and record calls and electronic communications for quality control purposes, processing and verification of instructions, and investigation and fraud prevention purposes.||Processing is necessary for the performance of your contract with us and for the purposes of our legitimate interests in complying with legal obligations to which we are subject.|
|In connection with legal proceedings, such as responding to a subpoena.||Processing is necessary for the purposes of our legitimate interests in complying with legal obligations to which we are subject.|
|To carry out statistical analysis and market research.||Processing is necessary for the purposes of our legitimate interests in analyzing and researching our industry and the market.|
|To provide personalized experiences and communications about our products and services to you.||Processing is necessary for the purposes of our legitimate interests in providing you with tailored advertising and experiences and in promoting our products and services.|
|To update and maintain our records.||Processing is necessary for the performance of your contract with us and for the purposes of our legitimate interests in complying with a legal obligation to which we are subject and for the purposes of our legitimate interests in maintaining accurate records.|
|Reinsurance purposes.||Processing is necessary for the performance of your contract with us and for the purposes of our legitimate interests in risk management.|
Results of background checks
Financial history, income, assets and investment preferences
Bank account or credit card details
|To prevent fraud and to carry out anti-money laundering checks and related actions in relation to the prevention of fraud, money laundering, terrorist financing, bribery, and corruption.||Processing is necessary for the purposes of our legitimate interests in complying with legal obligations to which we are subject.|
IP addresses when visiting our websites without disabling cookies
|To deliver relevant website content, improved mobile application user experience, and verify user authentication.||Processing is necessary for: the purposes of our legitimate interests in studying how our clients use our products/services, to develop them, grow our business; and for the protection of your vital interests (e.g. confirm your identity, prevent fraud).|
|To measure or understand the effectiveness of our advertising, and use data analytics to improve our website, products/services, marketing, client relationships and experiences.||Processing is necessary for the purposes of our legitimate interests to define types of clients for our products/services, to keep our website updated and relevant, to develop our business and to assess our marketing strategy.|
|Health or medical conditions and lifestyle||We may also collect and process “Sensitive Personal Information ” from and about you such as your exercise and lifestyle habits, health or medical conditions contained in medical reports, claims forms, and death certificates.||For insurance customers, processing is necessary for the performance of your contract with us.|
You are not obliged to provide us with personal data, but if you do not provide it when requested, we cannot continue to provide our products and services to you without it.We may process personal data We receive about you from public databases, third parties such as agents/brokers and business partners, other insurers, medical care providers, your employer, and your plan sponsor.
Who will have access to your personal data?
We will endeavor to ensure that your personal data is processed in a manner that is compatible with the purposes indicated above. Your personal data may be disclosed to the following parties who operate as third-party data controllers: other John Hancock companies, other insurers, reinsurers, insurance intermediaries such as your broker or brokerage firm, plan sponsors, medical professionals, fraud investigators, and regulators.
We may also share your personal data with the following third-party service providers who operate as data processors under our instruction: other John Hancock companies, accountants, actuaries, auditors, consultants, attorneys and similar professional advisors, IT systems, support and hosting service providers, printing, advertising, marketing and market research, and data analysis service providers, banks, custodians, and financial institutions that service our accounts, and similar third party vendors and outsourced service providers that assist us in carrying out our business activities. We do not share your personal data with non-affiliated third parties for their own marketing purposes.
We may also share your personal data in the event of any planned or actual company reorganization, merger, sale, or transfer, and to meet any legal obligation, including to the relevant regulator if you make a complaint about the product or service We have provided to you.
Where will my personal data be processed?
Your personal data will be processed outside of the European Economic Area (EEA) by the parties specified above, subject to contractual restrictions regarding confidentiality and security in accordance with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them. We take steps to ensure that the transfer of your personal data receives an adequate level of protection as it does in the EEA. We may enter into a specific contract with the recipient of your personal data which has been approved by the European Commission or the U.K. which gives the personal data the same protection it has in Europe or the United Kingdom. The main countries to which your personal information may be transferred are the United States and Canada.
What are your rights regarding your personal data?
Under the EU GDPR/U.K. GDPR, you have the right to request:
You may exercise these rights by contacting us and providing your name, email address, account number, and the purpose of your request.
How can you object to the processing of your personal data?
You have the right to object to Us processing your personal data, or request that We stop processing it in certain situations, subject to legal or contractual restrictions. We will review your request and if accepted, will no longer process your personal data unless permitted by applicable laws and regulations. If your request is not accepted, We will let you know and explain why.
How long do We keep your personal data?
Depending on our relationship with you, we may retain your personal data for a number of years after our relationship ends in accordance with our Records Management Policy. The length of time will depend on the specific purpose for which we hold your information. As a regulated financial institution, there are laws and regulations that apply to us which set minimum periods for the retention of personal data. For example, where we maintain it in order to administer your product or service, we will keep it for at least as long as we provide the product or service, and for a number of years after expiry of the policy and the handling of any related claim.
JOHN HANCOCK DOES NOT SELL YOUR PERSONAL INFORMATION AS DEFINED IN THE CCPA.
This notice applies to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers (“Personal Information”).
Personal Information does not include:
Important Note: Personal Information about our clients, customers, participants, and consumers that are regulated by the following federal or state privacy laws to which John Hancock is subject and complies is also exempt from most of the CCPA’s requirements:
Information We Collect
One or more of our various businesses have collected the following categories of Personal Information from consumers within the last twelve (12) months:
|Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||Yes|
|Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.||Yes|
|Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Yes|
|Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|Biometric information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||Yes|
|Internet or other similar network activity||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||Yes|
|Geolocation data||State and country location.||Yes|
|Sensory data||Audio, electronic, visual, or similar information.||Yes|
|Professional or employment-related information||Current or past job history or performance evaluations.||Yes|
|Education information||Education records directly related to a student.||Yes|
|Inferences drawn from the above||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes|
Categories of Sources
We obtain Personal Information provided voluntarily by you or a family member when you submit an application or other similar forms directly to us or our service providers by mail, email, by telephone, or via our websites and mobile applications. We also gather it from written or verbal inquiries submitted by you, surveys, transactions, and from online interactions with you.
We also collect information from third parties and publicly available sources, which include data service providers, social media services, advertising and market research firms, joint marketing partners, financial professionals, other financial services firms, employers and group plan sponsors, travel companies, and consumer reporting agencies.
Business Purposes for Collection of Personal Information
Collecting and using Personal Information is necessary to our business as a financial services company in order to develop, enhance, and administer our products and services, respond to your requests, inquiries and concerns, inform and educate you about our company and events, and for advertising and marketing purposes. It also helps us to confirm your identity for certain transactions you request or that are initiated on your behalf, improve our website and mobile application user experience, authenticate users, prevent and detect fraud and potential security issues, and fulfill our legal and regulatory obligations such as tax reporting.
Disclosures of Personal Information
Depending on which of our businesses collected it, your Personal Information may have been disclosed to:
Business Purposes for Disclosure of Personal Information
Your CCPA Rights
Right to Know
You have the right to request that we disclose certain information to you about our collection of your Personal Information. Such information shall cover the 12-month period preceding our receipt of your request. Upon our receipt of your verified request, we will provide you with the following:
Please note that even if your request is validated, we will not at any time disclose sensitive information such as a consumer’s Social Security Number, driver’s license number or other government-issued identification number, financial account number, health insurance or medical identification number, account password, or answers to security questions.
You have the right to request that we disclose certain information to you about our disclosures of your Personal Information to third parties. Such information shall cover the 12-month period preceding our receipt of your request. Upon our receipt of your verified request, we will provide you with the following:
Right to Opt-Out of Sale
John Hancock does not sell your Personal Information to third parties, so you do not need to request an opt-out of the sale of your Personal Information.
Right to Delete
You have the right to request that we delete certain Personal Information we collected from you. We will use commercially reasonable efforts to honor your verified request, in compliance with the CCPA. However, in many cases we cannot delete all or some of it due to our regulatory obligations to retain certain information, or as required or permitted by other applicable laws, such as for fraud prevention and similar purposes. We will ensure that you understand what we will delete and what we cannot, and the reason for retention.
Right to Non-Discrimination
We will not discriminate against you for exercising your rights under the CCPA, such as denying you products and services, charging you different rates or prices including use of discounts or penalties, or suggesting or providing a different level of service or quality of products to you.
How to Exercise Your CCPA Rights
To submit a request to exercise any of your rights provided in this notice, please use our online form, or submit your request by phone by calling us at 1-844-300-7699.
We must be able to verify your identity and relationship to John Hancock before we take action on your request. Please provide sufficient information to assist us, including a transaction date, account or policy number, and state of residence. Let us know if there is anything specific that you are requesting.
You may designate an authorized individual to make a request on your behalf. To do so, you must provide a valid Power of Attorney, and a valid copy of the authorized individual’s government-issued identification.
During 2020, the following consumer requests were processed:
|Requests to Know|
The number of requests to know that John Hancock received, complied with in whole or in part, and denied;
|Right to Delete|
The number of requests to delete that John Hancock received, complied with in whole or in part, and denied due to exemptions or inability to verify the request;
|Requests to Opt-Out|
The number of requests to opt-out of sale that John Hancock received, complied with in whole or in part, and denied; and
|Mean Response Time (# of Days)|
The median or mean number of days within which John Hancock substantively responded to requests to know, requests to delete, and requests to opt-out.
As part of our general business activities, we may collect your name, work contact details, employment history, licensing credentials and designations, and details about the position and role you hold in your professional capacity. We collect information about you, or individuals you represent, such as directors, officers and other key management personnel. For certain business partners, we may collect your date of birth, government identifiers such as your Social Security number, a copy of your drivers’ license, and profile information which includes your transactions with us, your interests, preferences, feedback, and survey responses. If you visit our website or use our mobile applications, we will collect device data including your Internet Protocol (IP) address, your login data (such as a username and password), the domain and host from which you access the Internet, the date and time you access our site, browser and operating system information and the Internet address of the site from which you linked to our site on the devices you use to access our websites.
We collect this information for purposes of:
We offer you certain choices about how we communicate with you and what information we collect from you online. Some of our Websites or Apps provide features that allow you to access and update Personal Information you have provided, or manage your communications preferences.
You can opt-out of analytics activity by setting your browser to notify you when a cookie is sent and block analytics cookies if desired. Review your browser's Help Menu for instructions.
If you do not want to continue to receive electronic newsletters or receive marketing materials by email, you can indicate your preference by using the “opt-out” or “unsubscribe” link provided in such email messages.
You also may contact us as described in the How To Contact Us section below with questions or comments about our privacy practices.