CCPA Privacy Policy

Expand All

Collapse All

Last Updated: February 1, 2021

For a printable pdf version of this Policy, click here.

This CCPA Privacy Policy for Aperio Group, LLC (“Aperio”, “we,” “us” or “our”) supplements the information contained in the Aperio Privacy Policy, and sets forth our privacy practices as required by the California Consumer Privacy Act (“CCPA”). This CCPA Privacy Policy applies only to individuals residing in the State of California from whom we collect “personal information” and who are considered “consumers,” as each defined under the CCPA. Note that any terms defined in the CCPA have the same meaning when used within this CCPA Privacy Policy. If you are a prospective employee applicant, current employee, or contractor of Aperio, please see Aperio’s Employee CCPA Privacy Notice.

As defined in the CCPA, “personal information” is information that identifies, relates to, describes, or could be reasonably linked, directly or indirectly, with a particular California resident or household. Nonetheless, please note that the CCPA does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”). Accordingly, the CCPA does not apply to information that we collect about California residents who obtain our financial products and services for personal, family, or household purposes.

Regardless of whether CCPA applies to personal information that we collect about you, keeping your data secure is a constant priority for us. Consequently, we maintain various security measures and technical, physical, and organizational safeguards, all designed to protect your personal data from unauthorized or unlawful access, destruction, loss, or disclosure.

Within the last twelve (12) months, Aperio has collected the following categories of personal information from California consumers (note that some example elements overlap with multiple categories):




A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.


B. Customer Records Information

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.


C. Protected Classification Characteristics under California or Federal Law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).


D. Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.


E. Biometric Information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.


F. Internet or Other Electronic Activity Information

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.


G. Geolocation Data

Physical location or movements.


H. Sensory Data

Audio, electronic, visual, thermal, olfactory, or similar information.


I. Professional or Employment-Related Information

Current or past job history or performance evaluations.


J. Non-public Education Information (Family Educational Rights and Privacy Act (FERPA))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.


K. Inferences Drawn from Other Personal Information

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.


The categories of sources from whom we collect the personal information listed above:

  • Directly from a California resident or their representative, both orally over the telephone and in writing (e.g., information that our clients provide related to services for which they engage Aperio)
  • Indirectly from a California resident or their representative, such as information we collect in the course of providing services to clients.
  • Directly and indirectly from activity on our website or client portal, such as submissions or usage details.
  • From client-directed third parties or institutions in connection with the services we provide, such as custodians, broker-dealers, consultants, intermediaries, or other advisors who also provide financial services to our clients.

Please note that “personal information” as defined in the CCPA does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.

Personal information covered by certain sector-specific privacy laws, such as the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA).

Aperio may use or disclose personal information that we collect about you for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information to us – such as to tailor financial advice regarding management of your portfolio, or as required to submit instructions to third parties to conduct securities transactions or other related activities on your behalf.
  • To provide you with other information, products, or services that you request from Aperio.
  • To create, maintain, customize, and secure your account.
  • To process your requests and transactions, and prevent fraud.
  • To provide you with reports, notices, statements, and other messages concerning products, services, events, articles, or other content that you may request or that may be of interest to you.
  • To carry out obligations and enforce our rights arising from contracts between you and us, such as for billing.
  • To improve our website and client portal, and otherwise to present content to you.
  • As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
  • To respond to law enforcement and regulatory agency requests, as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of your personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you any required notice.

When disclosing your personal information to a third party for a business purpose, Aperio enters into a contract with the third party describing the purpose of such disclosure and requiring that such personal information be kept confidential and not used for any purpose except to perform the services under the contract or respond to regulatory or law enforcement requests.

In the preceding twelve (12) months, Aperio has disclosed the following categories of personal information for a business purpose:

Category A: Identifiers

Category B: California Customer Records personal information categories

Category C: Protected classification characteristics under California or federal law

Category D: Commercial information

Category F: Internet or other similar network activity

Category I: Professional or employment-related information

Category K: Inferences drawn from other personal information

We disclose your personal information to the following categories of third parties:

  • Our affiliates, including, for purposes of this section, BlackRock Investment Management, LLC and other companies with the BlackRock name.
  • Our vendors and service providers (e.g., website hosting, information technology and security, payment processing, auditing, cloud storage, etc.).
  • Third parties who provide professional services such as attorneys, tax preparers, auditors, notaries, banks, etc.
  • Third-party clients who conduct periodic due diligence and maintain lists of employees authorized to act or seek information on behalf of Aperio.
  • Third parties to whom you or your representatives authorize us to disclose personal information in connection with products or services we or they provide to you.
  • Government agencies as required by laws and regulations.

In the preceding twelve (12) months, Aperio has not sold any personal information, and we have no future intention of selling such information.

The CCPA provides California consumer residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.  Where Aperio relies on your consent to process your personal data, you can withdraw your consent to our processing your personal data at any time. You can do this by contacting us at  In certain circumstances, we can process your personal data without your consent in line with the lawful processing requirements, such as when processing is necessary to carry out a contractual obligation between us, or to comply with a legal obligation.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • Sales, identifying the personal information categories that each category of recipient purchased; and
  • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You have the right to request us to delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

In accordance with the CCPA, we may deny your deletion request under certain circumstances, and will inform you of the basis for the denial, which may include, but is not limited to, if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction or service for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will strive to respond to a verifiable consumer request within forty-five (45) calendar days of receipt of such request. If we require more time, up to a total of ninety (90) calendar days, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, based on your preference. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt.

The CCPA allows a registered business or an individual who has a valid power of attorney (signed by the California consumer and notarized) or otherwise has an authorization document that contains the consumer’s name, address, and email address, signed by the consumer, to act as an “authorized agent,” and make data access requests and requests to delete personal information on behalf of that consumer. If you submit a request on behalf of another person, we may require proof of authorization, and verify of identity directly from the person for whom you are submitting a request, including asking such person to confirm that permission has been granted to you as an authorized agent to submit a request.

In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the personal information that we maintain about you is not subject to the CCPA’s access or deletion rights.

For data portability requests, we will provide your personal information in a format that is readily useable and should allow you to transmit the information from us to another entity.

In response to a request, we will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.

We do not charge a fee to process or respond to your verifiable consumer request.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, Aperio will not:

  • Deny you services.
  • Charge you different fees for services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of services.
  • Suggest that you may receive a different fee for services or a different level or quality of services.

We reserve the right to amend this CCPA Privacy Policy at our discretion and at any time. When we make changes, we will notify you through a notice on our website homepage and client portal home dashboard and reflect the date it was updated. Please note that your continued use of our website and client portal following the posting of any changes constitutes your acceptance of such changes.

If you are a California resident, or a person authorized to act on such resident’s behalf, in order to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

Only you, or an authorized agent, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information, in response to us asking you for specific and unique pieces of data to match our records related to our business relationship or servicing your account, that allows us to reasonably verify you are the person about whom we collected personal information, or an authorized representative. We will only ask for data that we collect about you, or is accessible to you via our client portal or other communications and statements we share with you.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond. 

Please understand that we cannot respond to your request or provide you with personal information if we cannot fully verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

If you wish to exercise your CCPA rights and wish not to use the online form and telephone methods above, or otherwise have general questions regarding this CCPA Privacy Policy or our data privacy practices, please email us at, or write us at:

Attn: Data Privacy Officer

Aperio Group

3 Harbor Drive, Suite 204

Sausalito, CA 94965