Privacy - California

BNY Mellon Privacy Notice for California Residents

Effective Date: January 1, 2023
Last Reviewed on: December 7, 2022


Information We Collect
Where We Collect Your Personal Information From
Use of Personal Information
Disclosures of Personal Information For a Business Purpose
Storing and Retaining your Personal Information
Sale and Share of Personal Information
Rights Available to help Manage your Privacy
Exercising Your Right to Access, Correct, and Delete
Authorized Agent
Other California Privacy Rights
Contact Us



This Privacy Notice for California Residents supplements the information contained in any other Privacy Statement or Notice provided by The Bank of New York Mellon Corporation and its affiliates (“BNY Mellon” or “we”) and applies solely to residents of the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”), and any implementing regulations and subsequent supplements, amendments, or replacements to the same. Any terms defined in the CCPA and CPRA have the same meaning when used in this notice.

Please note that certain exemptions apply to your rights and BNY Mellon’s obligations pursuant to the CCPA and CPRA. These rights and requirements may not apply in certain situations depending on your relationship with BNY Mellon, BNY Mellon’s other legal obligations, and as otherwise provided for in the CCPA and CPRA.

BNY Mellon reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our services, products, websites and/or mobile apps following the posting of changes constitutes your acceptance of such changes.



We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). Under the CPRA, personal information further includes “sensitive personal information” such as Social Security number, driver’s license number, passport number, financial data, biometric data, racial and ethnic origin, and information collected concerning a consumer’s health. In particular, we may have collected the following categories of personal information from our consumers within the last twelve (12) months:

Category Examples
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, signature, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Identifiers listed in the preceding category A and physical characteristics or description, telephone number, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law. Age (e.g., 40 years or older as defined in the Age Discrimination in Employment Act of 1967), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, and veteran or military status.
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information. Physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data. Physical location or movements.
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment related information. Current or past job history or performance evaluations.
J. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
K. Household Information. Information pertaining to household age, estimated income identifier, number of persons in household, number of cars owned, household college education, dwelling type, among other information capable of being linked to a household.
L. Sensitive Personal Information categories. A Social Security number, driver’s license, state identification card, passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; consumer’s precise geolocation; consumer’s racial or ethnic origin; union membership; the processing of biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health.

Some sensitive personal information included in this category may overlap with other categories.

We limit the use of sensitive personal information to only the purposes necessary to perform the services you receive.


We will collect the personal information described above from one or more of the below sources:


  • Directly from you throughout our relationship, including when you sign up for, and/or use, our products, services, and websites, or when you visit our offices or attend a BNY Mellon event;
  • Indirectly from you, for example, from observing your actions on our websites or mobile apps;
  • From our parent entities, affiliates, subsidiaries, and partners;
  • From third parties that are authorized to share your information with us, such as intermediaries, broker dealers, our institutional clients and service providers; and
  • From publicly available sources of information.


We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information;
  • To provide, support, personalize, and develop our websites, mobile apps products, and services;
  • To create, maintain, customize, and secure your account with us;
  • To process your requests, transactions, payments, and prevent transactional fraud;
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
  • To personalize your website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our websites, third-party sites, and via email or text message (with your consent, where required by law);
  • To help maintain the safety, security, and integrity of our websites, software, systems, networks, products, services, databases other technology assets, and business;
  • For testing, research, analysis, and product development, including to develop and improve our websites, mobile apps, products, and services;
  • To manage our relationship with you or your business;
  • To develop new ways to meet our clients’ needs and to grow our business, for example by seeking client feedback or sharing our market research;
  • To develop and carry out marketing activities in order to keep our clients informed about our products and services;
  • To develop and manage our brand;
  • To respond to requests by law enforcement and our regulators and as may otherwise be required by applicable law, court order, or governmental regulations;
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of BNY Mellon’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by BNY Mellon is among the assets transferred; and
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA and/or CPRA.

BNY Mellon will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.


In the preceding twelve (12) months, BNY Mellon has disclosed the following categories of personal information for a business purpose:

California Customer Records personal information categories.
Protected classification characteristics under California or federal law.
Commercial information.
Biometric information.
Internet or other similar network activity.
Geolocation data.
Sensory data.
Professional or employment-related information.
Inferences drawn from other personal information.
Household Information.

We may disclose your personal information for a business purpose to the following categories of third parties:

  • Parent entities, affiliates, and subsidiaries that help provide services to you;
  • Business partners that help provide services to you;
  • Service providers who help manage, develop, and analyze our business and/or deliver services to us and our clients. These service providers have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us;
  • Agencies and organizations working to prevent fraud in financial services to protect the interests of BNY Mellon and to comply with law and regulations;
  • Law enforcement, regulatory and other governmental agencies to comply with applicable laws, court orders, or governmental regulations;
  • Advertisers and Social Media Companies including Google, Oracle, Facebook, LinkedIn, and Twitter (click on each respective link to see that party’s privacy policy) to provide tailored online advertisements that are more relevant to you and your interests, subject to your cookies preferences; and
  • Any potential or actual third-party purchasers of BNY Mellon assets where consumer information may be among those assets transferred.


BNY Mellon will retain your personal information for as long as required for the purposes for which it was collected and in compliance with our obligations under legal, regulatory, tax, accounting, and necessary technical requirements. BNY Mellon may retain your personal information for longer periods of time if required to do so according to our regulatory obligations or where we believe necessary to establish, defend, or protect our legal rights or those of others.

Your personal information will be subject to a corporate retention schedule which incorporates the factors above. For more information on the retention of your personal information, please send an email to or call us at 1-844-545-1259.


BNY Mellon does not sell personal information. We may share personal information when we participate in online advertisements using third party cookies on our websites. You can opt out of the use of such third party cookies through the “Do Not Share My Personal Information” or “Manage Cookies” link that is specified in the relevant BNY Mellon website’s footer.


Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you.

Subject to legal and other permissible considerations, we will use reasonable efforts to honor your request promptly or inform you if we require further information to fulfill your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access your personal information
You have the right, subject to certain exceptions defined in the CCPA, CPRA, and other applicable laws and regulations, to request that BNY Mellon disclose certain information to you about our collection and use of your personal information over the past 12 months. We will disclose to you:

  • The categories of personal information we collected about you,
  • The categories of sources for the personal information we collected about you,
  • Our business or commercial purpose for collecting that personal information,
  • The categories of third parties with whom we share that personal information,
  • The categories of personal information that each recipient received, and
  • The specific pieces of personal information we collected about you.

Right to correct or delete your personal information
You have the right to request correction of any inaccurate information relating to you and deletion of any personal information we hold about you, subject to certain exceptions defined in the CCPA, CPRA, and other applicable laws and regulations.

For example, we are not required to comply with your request to delete personal information if the processing of your personal information is necessary for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.


To exercise the access, correction, and deletion rights described above, please submit a verifiable consumer request to us by either:

  • Visiting the Individual Request Page; or
  • Calling us at 1-844-545-1259; or
  • Emailing us at

You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to verify, to a reasonably high degree of certainty, that you are the person about whom we collected personal information. This may include requesting that you provide us with at least two or more pieces of personal information to match against personal information about you that we may or may not maintain and which we have determined to be reliable for the purpose of verification.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.


Only you, or a person you have designated in writing as your authorized agent, or who is registered with the California Secretary of State to act on your behalf, or whom you have provided power of attorney pursuant to California Probate Code sections 4000 to 4465, (“Authorized Agent”), may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

If you wish to have an Authorized Agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your Authorized Agent and we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal information.


You have the right not to receive discriminatory treatment for exercising any of your CCPA and CPRA rights.

Unless permitted by the CCPA and/or CPRA, we will not:

  • Deny you services;
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of services; or
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

However, we may offer you certain financial incentives permitted by the CCPA and/or CPRA that can result in different prices, rates, or quality levels. Any CCPA and/or CPRA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.


Websites operated by BNY Mellon currently do not respond to “do not track” signals or similar mechanisms. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to or call us at 1-844-545-1259.


Please do not hesitate to contact us if you have any questions or comments about this notice, the ways in which BNY Mellon collects and uses your personal information, your choices and rights regarding such use, wish to exercise your rights under California law (click here), or wish to receive a written copy of this notice.

Phone: 844-545-1259
Website: Individual Request Page