HR California Privacy Notice

California T. Rowe Price Human Resources Privacy Notice

T. Rowe Price Associates, Inc., and its subsidiaries and affiliates have prepared this Privacy Notice (“Notice”) to be provided to individuals like you who are California residents and are either employed by, providing services to, interested in, or applying for a job within a T. Rowe Price entity (individually and collectively, “T. Rowe Price,” “we,” and “us”).¹ This Notice explains the types of personal information we collect, how we use it, who we share it with, and how we protect it. “Personal information” means information that (either in isolation or in combination with other available information) enables you to be identified as an individual or recognized directly or indirectly. Please read the following carefully as it explains our views and practices regarding your personal information and how it is handled. This Notice is provided in accordance with the California Consumer Privacy Act (“CCPA”) (which sometimes also is referred to as the California Privacy Rights Act or CPRA). Nothing in this Notice shall be understood to be a contract for, or offer of, employment.

Collection of Personal Information

We may collect personal information directly from you, or it may be supplied to us by another party. In most cases, we only allow other parties to control the collection of personal information about you when those other parties are acting as a service provider or contractor to us. The retention, use, and disclosure of your personal information by these companies is subject to our contracts and applicable laws. However, we may allow certain third parties to control collections of personal information under certain circumstances, such as the following:

• Certain third parties that have direct relationships with you and these companies handle your personal information in accordance with their own privacy notices and applicable laws. Examples include:
  • Employment services
  • Employee benefits providers, such as health insurance, employee assistance, or financial services benefits
  • Office-related services such as food services, ATMs, or parking garages
  • Publications, trade association memberships, or professional licensing organizations
  • Personalized coaching/training services

In some cases, we may receive personal information in connection with your use of such services, such as when we are paying or reimbursing you for your use of the service.

•  When you visit our websites or mobile apps (“site”), we may store or retrieve information on your browser or device, mostly in the form of cookies and similar technologies—such as web beacons, local storage, tags, and pixels. The site you visit may allow third-party advertising partners to utilize cookies to deliver targeted advertising to you. For more information, please see our Cookie Policy.
• We may engage professional consulting services or research firms to collect data for us. For example, if you participate in a survey we sponsor, the other firm will provide you with its contact information and privacy notice before you are asked to provide any personal information to it.

We may also collect personal information from other publicly or commercially available sources. We may create personal information about you, such as records regarding leaves of absence. We may also collect information about you from coworkers or clients, such as in connection with performance reviews or client satisfaction surveys. In each case, we only collect those data elements that are needed for our legitimate interests. We process all data that we obtain in accordance with this Notice, including data from your previous employer or from you, from other sources, or that we create.

_{¹Certain of our affiliated companies, such as Oak Hill Advisors L.P., may have their own human resources privacy notice or policy that applies to you.}

General Purposes for Collecting, Using, and Disclosing Personal Information

We collect, use, and disclose (“process”) your personal information (and information about others, such as your beneficiaries or dependents) for customary human resources (“HR”) purposes, as needed, to enable our relationship with you, to comply with the law, and for our legitimate interests. The categories of personal information, along with representative data elements, are listed in the chart in Section 3 below. We generally collect, use, and disclose personal information for the purposes described below. While we have grouped the types of individuals with whom we engage when possible—for example, grouping information for individuals who are current employees or contractors—not all examples will be relevant depending on your exact role—for example, administration of insurance benefits programs is relevant for current employees, not contractors.

• Personal information pertaining to individuals while they are job applicants or prospective employees or contractors:
  • Recruitment and staffing, including evaluation of skills and job placement;
  • Hiring decisions, including negotiation of compensation, benefits, relocation packages, etc.;
  • Determining an individual’s eligibility to work and assisting with work permits or visas;
  • Risk management, including background checks, drug screenings, vetting, and verification; and
  • Everyday Business Purposes (defined below).
• Personal information pertaining to individuals while they are current employees or contractors:
  • Staffing and job placement, including scheduling and absence management;
  • Administration of compensation, insurance, and benefits programs;
  •  Time and expense management and other workplace administration tasks (such as managing our computers and other assets, providing communication and social media tools, facilitating relationships within T. Rowe Price and with our clients and others, and offering community programs);
  • Diversity programs;
  • Health and wellness programs, including offering on-site medical care and accommodation of disabilities;
  • Occupational health and safety programs (including required reporting, disaster and pandemic planning, and incident management);
  • Talent and performance development, skills management and training, performance reviews (including client feedback), engagement surveys, and recognition and reward programs;
  • Succession planning and tasks related to retention or reductions in force;
  • HR support services, such as responding to inquiries and resolving disputes;
  • Risk management, including employee and premises monitoring;
  • As requested by individuals, such as providing employment and income verification;
  • To perform services on behalf of us or a service provider, including maintaining or servicing HR administrative matters, processing payments, providing analytic services, or providing similar services on behalf of us or a service provider;
  • For relationship purposes, such as use or future use of photos and videos for publication purposes; and
  • Everyday Business Purposes.
• Personal information pertaining to individuals while they are former employees or contractors:
  • Potential re-employment or re-engagement;
  • Administration of compensation, insurance, and benefits programs, including retiree and alumni programs;
  • As requested by individuals, such as providing employment and income verification; and
  • Everyday Business Purposes.
•  Personal information pertaining to individuals whose information is provided to T. Rowe Price in connection with our HR functions (such as family members, beneficiaries, dependents, emergency contacts, etc.) may be collected, used, and shared for:
  • Administration of compensation and benefit programs;
  •  Workplace administration, such as maintenance of directories and to comply with child support orders or garnishments;
  • Legal compliance (such as in connection with required screening programs);
  • To maintain emergency contact lists and similar records; and
  • Everyday Business Purposes.

Everyday Business Purposes means the following purposes for which any personal information may be collected, used, and disclosed:

• Identity and credential management, including identity verification and authentication, issuing ID card and badges, system administration, and management of access credentials;
• To protect the security and integrity of systems, networks, applications, and data, including debugging activities to identify and repair errors; detecting, analyzing, and resolving security threats and incidents; using data loss prevention tools to help guard against unauthorized disclosures or downloading of data; and collaborating with cybersecurity centers, consortia, regulators, and law enforcement regarding the same;
•  To maintain safe, secure, and well-functioning information technology (IT) and communications systems and equipment, which may include tracking and analyzing activities you conduct on systems, networks, or devices we make available to you, including your use of the internet, and which may be conducted using security logging and monitoring tools. This includes processing browsing log files to help identify malware or other risks in associates’ web surfing traffic;
• For legal and regulatory compliance, including all uses, disclosures, and retention of personal information that are required or permitted by law or reasonably needed for compliance with company policies and procedures, security and incident response programs, intellectual property protection programs, and corporate ethics and compliance hotlines, including disclosures to tax or other regulatory authorities supporting employment-related requirements along with the administration of those requirements;
• For legal matters, including litigation and regulatory matters, including for use in connection with civil, criminal, administrative, or arbitral proceedings or before regulatory or self-regulatory bodies, including service of process, investigations in anticipation of litigation, or execution or enforcement of judgments and orders;
• Corporate audit, analysis, and consolidated reporting;
• Making backup copies for business continuity and disaster recovery purposes;
• As needed to facilitate corporate governance, including mergers, corporate reorganization, acquisitions, and divestitures;
• For internal business purposes, such as service provider management, finance, security, IT and physical infrastructure, record retention, corporate audit, analysis, training, quality assurance, and reporting;
• To undertake internal research and activities related to maintaining and improving our workforce, including changes to our services and benefits;
• To enforce our contracts and internal policies and to protect against injury, theft, legal liability, fraud, or abuse, and to protect people or property, including physical security programs; and
• To de-identify personal information or create aggregated datasets, such as for consolidating reporting, research, or analytics.

Categories of Personal Information

This chart describes the categories of personal information that we collect in connection with our potential, current, or former work relationships. In the first column below, for California residents, we have noted the corresponding category from the CCPA.

Sensitive Personal Information

Some of the personal information described in Section 3 above also constitutes “sensitive personal information” under the CCPA. We use and disclose sensitive personal information for our HR, workforce, and compliance functions and for other legally authorized purposes. We do not use or disclose it in a manner that would give rise to a right to limit its use or disclosure under the CCPA.

Disclosures to Service Providers, Contractors, and Third Parties

Your personal information is intended for T. Rowe Price and may be disclosed to T. Rowe Price affiliates and subsidiaries and, in certain circumstances, to other parties, including to other parties as directed by you. We do not disclose your personal information to other parties except as appropriate in the context of your relationship with us or as otherwise permitted by law.

We may disclose your personal information to:

• T. Rowe Price’s family of companies. As the T. Rowe Price entity that you applied to or work for is part of a wider group of companies with headquarters in the U.S. and offices located across the globe, which all partially share management, IT, human resources, legal, compliance, finance, and audit responsibility, we may share your personal information among our family of companies, including our subsidiaries and affiliates.
  

We may also disclose your personal information with the following types of other organizations:

• External auditors, accountants, legal, and other professional advisors.
• Our service providers. We use other companies or contractors to perform services on our behalf or to assist us with the operation of T. Rowe Price products or business operations. For example, when you use our online portal to apply for employment, to correspond with us, or to perform a self-evaluation, the HR information database currently is operated by a service provider. While we may use a service provider to assist us in relation to any of the purposes for which we may collect personal information, they generally fit into one or more of the following categories of service providers:
  • Infrastructure and technology service providers;
  • Analysis, research, event, and communications providers; and
  • Providers of administrative services for T. Rowe Price, such as recruiting agencies, talent and educational services, benefits providers, and travel services.

In providing such services, these service providers may have access to your personal information. However, we will only provide our service providers with the information that is necessary for them to perform the services; they will act under our instructions, and we instruct them not to use your personal information for other purposes. We will always use our best efforts to ensure that all the service providers we work with will keep your personal information secure.

• Other parties permitted by law. In certain circumstances, we may be required to disclose your personal information to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, regulators, government agencies, or judicial or administrative authorities). We may also disclose your personal information to other parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, or to enforce our agreements or protect your rights or those of the public.
• Other parties in connection with ordinary business activities. We may transfer your personal information, such as your business contact details, photo, and biographical information, to other parties with which we or another member within the T. Rowe Price family interact in the ordinary course of business, such as when you are included on an email with others or to confirm your details or role.
• Other parties connected with business transfers. We may transfer your personal information to other parties (including existing or newly formed companies in the T. Rowe Price family of companies) in connection with a reorganization, restructuring, merger, acquisition, or transfer of assets, provided that the receiving party agrees to treat your personal information in a manner consistent with this Notice.

Security of Personal Information

We have implemented technical and organizational security measures to safeguard personal information in our custody and control. Such measures we have implemented include limiting access to personal information only to employees, contractors, and authorized service providers who need to know such information for the purposes described in this Privacy Notice; training for our employees and contractors; as well as other technical, administrative, and physical safeguards. While we endeavor to always protect our systems, sites, operations, and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.

The personal information that we collect may be accessed from or stored in the United States. Due to the nature of our global business and the technologies used, personal information may be accessed from, or transferred to and stored in, other jurisdictions. Regardless of location, we will put into place appropriate protections and controls to help keep your personal information secure and treated in line with this Privacy Notice and applicable privacy/data protection laws.

Your California Privacy Rights

This section applies solely to current or former employees or contractors, job applicants, and prospective employees or contractors who reside in California and for whom we have data that are subject to the CCPA. Any terms defined in the CCPA have the same meaning when used in this section. You may have various rights in connection with our processing of your personal information. These are explained in the “Individual rights requests” and the “Sale/share of personal information and right to opt out” subsections below. You have the right to receive nondiscriminatory treatment for the exercise of any privacy rights conferred by the CCPA.

Individual rights requests

What they are:

• Right to know and access personal information we have about you. You may have the right to confirm with us whether your personal information is processed and, if it is, to request access to that personal information, including the categories of personal information processed, the purpose of the processing, and the recipients or categories of recipients. We do have to consider the interests of others though, so this is not an absolute right and there are additional exceptions under the CCPA. Also, we are not obligated to respond to more than two access requests for the same individual’s personal information within a 12-month period.
• Right to request deletion of personal information we have about you. You may have the right to ask us to erase personal information concerning you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims or under other exceptions under the CCPA.
• Right to correct personal information we have about you. You may have the right to ask us to correct inaccurate personal information that we maintain about you. If you are a current T. Rowe Price employee, you can always access and update key aspects of your personal information by using the tools available on Workday.

How to make your own privacy rights request: To exercise one or more of these rights, please contact us as explained below. Please note that we may need to verify your identity before we can fulfill your request.

• Use the online form at troweprice.com/CCPA
• Call us at 1-877 HR SERVE (1-877-477-3783)
• Email us at benefits@troweprice.com

How your authorized agent can make a request for you: A request also may be made by someone else you authorize specifically to make such a request under the CCPA or by someone you have named as your agent under a power of attorney that is valid under the California Probate Code. Click here for authorized agent instructions and appropriate forms.

How we handle requests we receive: If we need additional information to verify your identity, we will let you know. We will endeavor to respond to a verified request no later than 45 days after receipt, unless there are grounds for extending our response time frame by up to an additional 45 days. In the event of an extension, we will explain to you why the extension is necessary. In some cases, your ability to know/access, delete, or correct your personal information will be limited, as required or permitted by applicable law, even when the CCPA applies to the personal information we have for you. If we cannot fulfill your request because we cannot verify your identity or due to exceptions under the CCPA (or when the CCPA does not apply to the personal information), we’ll let you know in our response.

Sale/share of personal information and right to opt out* 

We do not sell personal information for monetary consideration, but we may provide personal information to our digital advertising partners for targeted advertising consideration, which is a “sale” and “sharing” of personal information under the CCPA. For visitors to our U.S. troweprice.com website (including our Careers page on our corporate website (troweprice.com/corporate/us/en/careers.html)) where we have advertising cookies, in the preceding 12 months, we have sold/shared personal information to our digital advertising partners that fall within the following CCPA categories: Other Unique Identifiers, Geolocation Data, Inferred and Derived Information, and Online and Technical Information. We sold/shared these categories of personal information to deliver targeted T. Rowe Price ads that may be of interest to you. We do not have actual knowledge that we sell or share the personal information of California residents under 16 years of age.

If you (or your authorized agent) wish to opt out of the sale/sharing of your personal information for targeted digital advertising, please follow the opt-out instructions at the cookie consent center, available here: Do Not Sell or Share My Personal Information. 

As explained in the cookie consent center, we also honor opt-out preference signals when you navigate to our digital properties as a valid request to opt out of sale/sharing as required by the CCPA. To learn more about opt-out preference signals, please visit the Global Privacy Control website at globalprivacycontrol.org.

_{*This subsection is for visitors to our U.S. troweprice.com website, except as noted in the next sentence. It does not apply to our digital properties that do not have advertising cookies (such as our mobile app or the Workplace Retirement area of our troweprice.com website) or when the CCPA does not apply (such as college savings plans (529) websites).}

Data Retention

The retention periods for personal information vary depending on the nature of the business records in which the data elements are maintained. The criteria used to determine data storage are: (1) the length of time that the record is needed for the purposes for which it was created; (2) the time the record is needed for other operational purposes, such as audits, reporting, data integrity, and cybersecurity purposes; and (3) the length of time the record is needed for legal compliance, including maintenance of opt-out/in lists, legal defense, and legal holds.

In the course of doing business with T. Rowe Price, you share personal and financial information with us. We treat this information as confidential and recognize the importance of protecting access to it.

You may provide information when communicating or transacting with us in writing, electronically, or by phone. For instance, information may come from applications, requests for forms or literature, and your transactions and account positions with us. On occasion, such information may come from consumer reporting agencies and those providing services to us.

We do not sell information about current or former customers to any third parties, and we do not disclose it to third parties unless necessary to process a transaction, service an account, or as otherwise permitted by law. We may share information within the T. Rowe Price family of companies in the course of providing or offering products and services to best meet your investing needs. We may also share that information with companies that perform administrative or marketing services for T. Rowe Price, with a research firm we have hired, or with a business partner, such as a bank or insurance company, with whom we are developing or offering investment products. When we enter into such a relationship, our contracts restrict the companies’ use of our customer information, prohibiting them from sharing or using it for any purposes other than those for which they were hired.

We maintain physical, electronic, and procedural safeguards to protect your personal information. Within T. Rowe Price, access to such information is limited to those who need it to perform their jobs, such as servicing your accounts, resolving problems, or informing you of new products or services. Our Code of Ethics, which applies to all employees, restricts the use of customer information and requires that it be held in strict confidence.

Effective Date and Changes to Privacy Notice

The effective date of this Notice is April 26, 2024. We reserve the right to change our Notice from time to time. If we decide to make a material change to our Notice, we will endeavor to make you aware of that fact by, for example, notifying you of these changes via email and/or posting an alert on an applicable internal or external website. If we make a change that we are required by law to inform you of in other ways (such as by mail), we will do so.

Contact Us

If you have concerns or questions regarding this Notice, please use one of the following methods depending upon your relationship with T. Rowe Price:

• Use MyHR to submit an inquiry if you are a current employee
• Submit an inquiry via email to benefits@troweprice.com if you are a former employee, current or former contractor, job applicant, or prospective employee or contractor