Privacy Policy - Choate Wealth

LAST UPDATED: [March 6, 2025]

Choate, Hall & Stewart LLP, is a firm of lawyers, with its sole office in Boston, Massachusetts. We are subject to Rule 1.6 of the Massachusetts Rules of Professional Conduct, which provides that we shall not reveal confidential information relating to the representation of a client. An affiliate of the law firm, Choate Investment Advisors, is a registered investment advisor. Clients of Choate Wealth receive services from both Choate, Hall & Stewart LLP and Choate Investment Advisors. This Privacy Policy applies to both entities.

This Choate Privacy Policy (“Privacy Policy”) explains how Choate, Hall & Stewart LLP, Choate Investment Advisors, and Choate Wealth (collectively “Choate”, “we”, “us”, “our”) collects, uses, shares, and protects certain personal information obtained from our clients and from visitors to our websites: www.choate.com and www.choateia.com and the Choate WMG portal, www.choateweb.com (collectively, the “Sites”), in connection with the legal, investment advisory, and other services we offer (collectively, the “Services”). By visiting any of the Sites or using any of the Services, you consent to our collection, use, and disclosure of your information as described in this Privacy Policy.

Choate may obtain “Nonpublic Personal Information,” which is personally identifiable information about you that is not publicly available that we obtain and use in connection with providing the Services.

Amendments to this Privacy Policy will be posted to the Sites or in connection with the Services, and will be effective when posted. Your continued use of the Services following the posting of any amendment to the Privacy Policy shall constitute your acceptance of such amendments and the terms of the updated Privacy Policy.

What Nonpublic Personal Information does Choate collect?

The categories and types of Nonpublic Personal Information we collect depends on the Services that Choate provides for you. Nonpublic Personal Information may include, but is not limited to, the following information of yours and/or of a family member:

Contact information, such as name, email address, and mailing address;
Financial information, such as income;
Account information, such as banking and debit cards numbers, investment account numbers, and associated account balances and usage;
Transaction information, such as brokerage and investment transactions;
Identification and demographics information, such as passport number, driver’s license or other state identification numbers, lifestyle information, social security number, and gender; and
Device identifiers, such as IP address.

How does Choate collect Nonpublic Personal Information?

Choate may collect your Nonpublic Personal Information directly from you, via email, mail, telephone, the Sites, in person meetings, and cookies (see our cookies policy, below.) We also may receive Nonpublic Personal Information from others on your behalf, such as banks and other financial institutions, and from transactions with Choate or others.

How does Choate Use Nonpublic Personal Information?

Choate uses your Nonpublic Personal Information it collects in a variety of ways depending on the nature of our relationship with you and the Services we provide. We may use your Nonpublic Personal Information for our everyday business purposes of providing Services, including, but not limited to:

CATEGORIES OF INFORMATION	BUSINESS PURPOSE
Contact information	Providing requested Services; Sending and analyzing communications to you by and about Choate
Account information Financial information Transactional information Identification and demographics	Delivering investment advisory services; Processing, services, and maintaining your accounts and transactions; Providing requested Services
Account information Financial information Transactional information Identification and demographics	Completing the transactions for which the Nonpublic Personal Information was collected
Account information Financial Information Transactional information	Servicing and maintaining accounts and transactions; Responding to your requests
Contact information Device identifiers	Detecting security incidents, protecting against malicious deceptive, fraudulent, or illegal activity Debugging our systems

Choate does not disclose or transfer any Nonpublic Personal Information to any affiliates or third parties, except to affiliates and third party service providers who are necessary for Choate to perform the Services, such as stockbrokers and cloud hosting services providers, and as permitted or required by applicable law, rules or regulations, or pursuant to the terms of this Privacy Policy. We may also disclose or transfer Nonpublic Personal Information to an affiliate or third party as directed by you in connection with the provision of Services. Choate does not have any joint marketing partners. Choate does not sell any Nonpublic Personal Information.

In the event that you decide to close an account with Choate or otherwise become an inactive client, Choate will continue to follow this Privacy Policy with respect to your Nonpublic Personal Information.

Your right to limit sharing.

Federal law gives you the right to limit: (i) our affiliates from sharing information about your creditworthiness; (ii) our affiliates from using your Nonpublic Personal Information to market to you; and (iii) our sharing your Nonpublic Personal Information with non-affiliates to market to you. State laws may give you additional rights to limit sharing. Please direct any questions regarding your rights to limit sharing to: privacy@choate.com.

Cookies

Our Sites use cookies, messages given to a Web browser by a Web server. The browser then stores the cookies in a text file. Our Sites use two types of cookies:

Session cookies, which are temporary cookies that are deleted automatically whenever you close all open Web browser windows. Session cookies are used to ensure that you are recognized when you move from page to page within the Sites and that any information you have entered is remembered. Session cookies do not collect information from your computer. They typically will store information in the form of a session identification that does not personally identify you.

Persistent cookies, which remain permanently on the cookie file of your computer. Persistent cookies contain the user ID used to access the Sites, together with encrypted identification values associated with the user ID in conjunction with the particular device (e.g., the PC, mobile device or other computer from which you accessed the Sites). These persistent cookies are used to provide enhanced security measures, personalize your experience on the Sites, monitor overall Site performance, enable multifactor authentication, recognize the preferences of returning users, and provide overall Site usage reporting. Cookies placed on your devices do not contain any personal information, such as an email address or name.

Although your browser may permit you to reject cookies, cookies are required to login and navigate within our Sites. If you choose to disallow cookies you will be required to respond to challenge questions each time you log on to our Sites. View our cookie policy for more information.

How we protect your Nonpublic Personal Information.

We protect your account information from unauthorized access, to the best of our ability, which is why you must enter a unique user name and password as well as multi-factor authentication when you access the portal affiliated with Choate Investment Advisors (the “Choate WMG Portal”). Your password should never be shared with anyone.

None of our other clients can access your Nonpublic Personal Information, and only a restricted set of our employees can access your Nonpublic Personal Information in order to provide our Services to you. When you access password protected portions of our Choate WMG Portal using a web browser, Secure Sockets Layer (SSL) technology is used to protect your communications through server authentication and data encryption. We upgrade and maintain our technology on an ongoing basis.

Although the Sites may link to external third-party websites, we are not responsible for the privacy practices of those websites. You may wish to review the privacy policy of those third party external websites.

Minors

We only collect, use, or retain Nonpublic Personal Information from or about individuals under the age of 18 with prior written parental consent. If a parent or guardian believes that Choate has in its database the Nonpublic Personal Information of a child under the age of 18 for which consent was not provided, please contact us immediately at privacy@choate.com, and we will use our best efforts to promptly remove such information from our records. Minors under the age of 18 must provide us with written permission of their parent(s) or legal guardian(s) before accessing the Choate WMG Portal or using our Services.

California Consumers Only

The privacy policies and practices described above comply with applicable federal law. California laws place additional limits on collecting, using, selling, and sharing Nonpublic Personal Information about California consumers. If you are a California consumer, Choate will limit the disclosure of Nonpublic Personal Information to third parties and service providers as permitted or required by applicable law or regulation.

California consumers have additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”), with respect to Nonpublic Personal Information that is not covered under certain federal laws and that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household under the CCPA (“Personal Information”), including Personal Information revealing a consumer’s social security number, driver’s license and passport numbers, and account numbers and credentials (“Sensitive Personal Information”). If you are a California consumer, this section summarizes your rights under the CCPA to the extent it applies, how you may exercise them, and what Choate will do in response.

As a law firm, much of the data Choate collects and processes is not subject to CCPA consumer rights. Without limiting the foregoing:

Personal Information subject to an evidentiary privilege, such as the attorney-client privilege and/or attorney work product protection, is not subject to consumer rights to know (consumer-specific information and copies), delete, modify, or opt-out under the CCPA as described below; however, we do include this Personal Information in our description of Personal Information, below.
Publicly available information (as defined by the CCPA) is not Personal Information under the CCPA and not included in the disclosures described below and is not data to which consumers have rights under the CCPA.

California consumers have the right to request:

Disclosure of
- The categories of Personal Information, including Sensitive Personal Information, collected by Choate;
- The categories of sources from which the Personal Information is collected;
- Our business or commercial purpose for collecting, selling, or sharing Personal Information;
- The categories of third parties to whom we disclose Personal Information, if any; and
- The specific pieces of Personal Information we have collected about you.
Disclosure of categories of Personal Information sold or shared, and the categories of third parties to whom the Personal Information was sold or shared;
Disclosure of categories of Personal Information sold, shared or disclosed for a business purpose, and the categories of persons to whom the Personal Information was disclosed;
Deletion of the Personal Information from our records, and that we direct any service providers or contractor to delete your Personal Information from their records, unless this proves impossible or involves disproportionate effort;
Limitation of our use and disclosure of Sensitive Personal Information, and you have a right to know if your Sensitive Personal Information may be used by or disclosed to a service provider or contractor, for additional, specified purposes; and
Correction of inaccurate Personal Information about you.

We will require a verifiable request from the California consumer before we comply with a CCPA request. You may use an authorized agent to submit a right to know request or a request to delete. To use an authorized agent, you must provide the agent with written authorization. In addition, we may require that you verify your own identity, and we may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. Such requirements will not apply where you provided the authorized agent with a power of attorney pursuant to Cal. Prob. Code Section 4000 to 4465.

Please note that we are not required to:

Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
Provide the personal information to you more than twice in a 12-month period.

We are not required to delete Personal Information if it is necessary for our business to maintain the Personal Information to:

Complete the transaction, engagement or services for which the Personal Information was collected;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for the activity;
Debug to identify and repair errors that impair existing intended functionality;
Comply with applicable federal or state law;
Carry out solely internal uses that are aligned with your expectations based on your relationship with Choate; or
Use internally the Personal Information in a lawful manner that is reasonably aligned with your expectations based on your relationship with us.

Please also note that we are not obligated to comply with consumer requests to the extent that doing so would infringe on our, or any other person’s or party’s rights, or conflict with applicable law.

We may disclose your Personal Information for the following purposes: (i) if you direct us to share Personal Information; (ii) to comply with your requests; and (iii) as otherwise required or permitted by applicable law, and this may override your rights under the CCPA or other applicable privacy laws.

Choate may not discriminate or retaliate against you for exercising any of the rights cited above.

In the preceding 12 months, Choate has collected the following categories of Personal Information about California consumers from the following sources and for the following purposes. The CCPA requires that Choate reference specific categories of Personal Information specified in the CCPA. Choate may collect only certain pieces of Personal Information described in a given category and may not collect certain pieces of Personal Information described in each category.

Category of Personal Information Collected	Category of Source of Collection	Business Purpose of Collection
Identifiers, including real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or similar identifiers. Commercial information, including records of personal property, products or services purchased, obtained, or considered. Geolocation data. Audio, electronic, visual or similar information. Professional or employment-related information. Education information.	Choate may collect such Personal Information when you, your organization, or a third party that holds your Personal Information retains Choate to provide legal advice or other services or makes inquiries regarding our services. Choate may also gather identifiers about non-clients from other sources during the representation of a client (e.g., from documents turned over during a litigation, by third-party witnesses, through research on the Internet, etc.)	Choate uses your Personal Information for a number of purposes and activities, e.g., to provide legal advice and other services for our clients; to evaluate prospective clients in accordance with our professional and legal obligations; to manage our business relationship with our clients and service providers; to analyze and improve the Choate website and our marketing services and communications; to evaluate and interview job applicants, service providers, or other third parties; to comply with our legal obligations, including conducting due diligence, know-your-client, and other compliance obligations; and responding to legal requests for information or court orders; and to protect and manage our business, including analyzing and improving data security, acquiring insurance and managing liability, assessing compliance with our policies, and defending our legal rights.
Internet browsing history, search history and other information regarding interaction with our website.	Data is collected by automated means when you use the Choate website or provide personal information during Choate events; when you register for professional events or other events and provide us with your personal information; when you or a person who holds your personal information provide information to us for the purpose of recruitment; and when you or your organization provides or offers services to us.	Choate uses information collected directly from website users to provide the services that users request, including subscribing for events and legal updates, contacting Choate professionals, or applying for a position at the firm. Other data collected via cookies is used to administer Choate websites or analyze our business.
Sensitive Personal Information, including social security number, driver’s license and passport numbers, and account numbers and credentials	Choate may collect such Sensitive Personal Information when you, your organization, or a third party that holds your Sensitive Personal Information retains Choate to provide legal advice or other services or makes inquiries regarding our services.	Choate uses your Sensitive Personal Information for a number of purposes and activities, e.g., to provide legal advice and other services for our clients; to evaluate prospective clients in accordance with our professional and legal obligations; to manage our business relationship with our clients and service providers; to comply with our legal obligations, including conducting due diligence, know-your-client, and other compliance obligations; and responding to legal requests for information or court orders.

In the preceding 12 months, Choate has not sold any Personal Information about California consumers.

In the preceding 12 months, Choate has shared or disclosed for a business purpose the following categories of Personal Information about California consumers:

Category of Personal Information Disclosed for Business Purpose

Category of Third Party to Which Personal Information Was Disclosed, to the Extent Disclosed to a Third Party

Identifiers, including real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number or similar identifiers.

Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, or health insurance information

Commercial information, including records of personal property, products or services purchased, obtained, or considered.

Geolocation data.

Audio, electronic, visual or similar information.

Professional or employment-related information.

Sensitive Personal Information.

Choate may disclose identifiers about California consumers to opponents or others (e.g., courts, agencies) as required in the course of litigation.

Choate may share information during the course of legal representations with third-party processors with which we have an agreement in place as part of legal service delivery.

We will keep your Personal Information while you have an account with us or otherwise engage us or while we are providing services to you. Thereafter, we will keep your Personal Information for as long as is necessary:

To respond to any questions, complaints or claims made by you or on your behalf;
To show that we treated you fairly; or
To keep records required by law.

We will not retain your Personal Information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of Personal Information.

When it is no longer necessary to retain your personal information, we will delete it.

If you have any questions regarding our Privacy Policy, or would like to exercise any of your rights as described in this Privacy Policy, you can do so by sending your requests to:

Email address: privacy@choate.com; or

Toll-free number: 1-833-590-0125

You may also send an email via the Contact page provided on the Sites.

Choate, Hall & Stewart LLP
Two International Place
Boston, MA 02110