Privacy Policy
Date Last Updated: February 17, 2022
I. Introduction
This privacy policy (“Privacy Policy” or “Policy”) applies to the operations of the American Automobile Association of Northern California, Nevada & Utah, AAA Arizona, Inc., and AAA MountainWest, Inc., including the following businesses: AAA Smart Home and A3 Smart Home1, A3 Labs LLC, Gig Car Share2, AAA House Manager3, AAA Car Subscription4, and AAA Identity Champion5. For the purposes of this Privacy Policy, these companies are collectively referred to as the “Company,” or “we,” “our,” or “us”.
This Privacy Policy describes how we will collect, use, and share the Personal Information of our members, customers, users or subscribers (collectively, our “Members”), including information related to your use of our websites and mobile applications (each, a “Site,” and collectively, the “Sites”), and your online and offline communications with us by email, over the telephone, or by other means. It also contains important information regarding certain rights that you may have to your Personal Information, including information on how you may request to access your Personal Information, opt out from us selling or disclosing your Personal Information for business purposes to third parties, or delete your Personal Information (collectively, “Consumer Privacy Rights”).
We have adopted this Privacy Policy to address, among other things, the requirements of the California Consumer Privacy Act of 2018 (“CCPA”). Capitalized terms not defined herein such as “Personal Information” or "Service Providers"should be read to have the same meaning as in the CCPA, unless the context requires otherwise. For purposes of this Privacy Policy, Personal Information does not include publicly available information from government records, or de-identified or aggregated information.
In some cases, and as described in this Privacy Policy, we may collect, access or receive Personal Information about you from third-party sources, including cases in which we act as their service providers. In that case, the privacy policy or policies of the third party sources may also apply to your Personal Information and such third parties may be the responsible party for addressing your requests in connection with your Consumer Privacy Rights.
II. Consent
In order to provide you with our products and services (collectively, the “Services”), we collect certain information from you and your devices. By using the Sites or Services or otherwise engaging with us in any manner, you are consenting to the collection, use, and disclosure of your information in accordance with this Privacy Policy.
III. Personal Information We Collect and How We Collect, Use and Share that Information
A. Summary
We may collect Personal Information from you directly and by using third-party sources in different ways (“Point(s) of Collection”) and for different purposes, as described further below. The Personal Information about you that we either may collect or may have collected within the prior twelve (12) months is described below. For a comprehensive overview, please see the table in Section VI (“Point of Collection Notice”).
B. Information Collected Directly From You
a. Information You Provide to Us
We collect from you directly Personal Information in a number of ways. When you use the Sites, we collect from you certain Personal Information you provide to us, such as when you fill out forms, make a purchase or request more information. We also collect from you certain Personal Information you provide to us offline, such as when you provide information to one of our service advisors or sales or customer service representatives over the phone or in person. In addition, if you are a Member or anyone who uses the Services, we may also collect information from you in connection with your use of the Services.
b. Information Collected from Your Browser or Device
When you visit the Sites, we automatically gather and store (and have automatically collected and stored in the past twelve (12) months) certain information about your visit from your browser or device, such as IP address, geographic information, referral sources, WiFi information, browser type and version, operating system, browser language, and other information relating to your usage of the Sites (“Site Data”). We may collect this information through the use of browser information, log files, web beacons, action tags, unique advertising identifiers, application program interfaces, and other methods.
To the extent we collect or process Site Data that is considered to be a persistent identifier that can be used to identify you, your household, or your device over time and across different services and/or if we use Site Data to gain additional knowledge and insights about you, then we will treat such Site Data as Personal Information under this Privacy Policy.
c. Information Collected Through Cookies
Cookies are small files stored on your device by a website. When you visit the Sites, we use (and have used in the past twelve (12) months) both session cookies (which expire once
you close your web browser) and persistent cookies (which stay on your device until you delete them) to make your experience on our Sites more personal and interactive. For more information regarding cookies, please visit our Cookie Statement. By continuing to use the Sites, you consent to our use of cookies as explained in this Privacy Policy and our Cookie Statement.
Please note that Google and other third parties (including, for example, third parties vendors and service providers that we use in connection with providing you services, advertising networks and providers of external services like web traffic analysis services) may also use cookies as a result of you visiting other websites, over which we have no control.
C. Information Collected from Third Parties
In addition to Personal Information that you provide directly to us, we may also collect and/or may have collected in the past twelve (12) months information about you from third-party sources. When you visit the Sites or use the Services, there may be third parties with whom we conduct business, including any third-party vendors or service providers that we use in connection with providing our Members with the Services that may be collecting your information and sharing it with us.
You may also affirmatively authorize or direct third parties to provide us with information, such as through third-party software development kits (“SDKs”), “action tags,” pixel tags, among others. Pixel tags (also called beacons or pixels), which are small blocks of code installed on (or called by) a webpage, app, or advertisement that can retrieve certain information about your device and browser. We may use action tags, which are placed in advertisements that are served on our behalf on the Sites and third-party sites to track interaction, on our Sites and our emails. Some of our applications may incorporate SDKs.
We may also collect and/or may have collected in the past twelve (12) months information about you from our affiliates. More information regarding those third parties may be found on our Cookie Statement and our About Online Advertising disclosures.
IV. How We Use the Information We Collect
We may use your Personal information (including the categories of Personal Information described above) and Site Data (collectively, the “Collected Information”) for the following purposes:
A. Membership Application and Renewal
We may use your Collected Information to process, maintain, and renew your membership, subscription or account as a Member.
B. Providing You with Services
We may use your Collected Information to provide you with various services, such as: (1) providing you with the Services and other Member benefits, and 24/7 customer support through our Member support team as described in Section XVI (How to Contact Us) below, (2) facilitating reservations, billing, account management, account maintenance, and any of our reward and recognition programs you may choose to join, and (3) allowing you to utilize features within the Sites by granting us access to certain information on your device (such as geo-location) when you request certain Services.
C. Other Uses in Agreements
We may also use your Collected Information for the specific uses identified in any agreements you may have with us.
D. Contacting You and Sending You Materials
We may use your Collected Information to contact you and to respond to your requests. We may also use your Collected Information to communicate with you as needed, including through e-mail, text messages or other means, for communications relating to, among others: (1) upcoming travel, (2) changes to our agents or office locations, (3) providing and improving our customer service, and (4) administrative information (e.g., information relating to changes to our terms, conditions, and policies). We may also use your Collected Information to maintain and improve our Services, by, for example, sending e-mails to solicit your feedback and to enroll you in our promotional email programs.
Please note that if you are accessing our Sites and provide your e-mail address to us, you can opt out at any time as indicated in each promotional email. Additionally, if you provide your telephone number, we may use it to initiate an automated or live telephone call from us or a third party, or add your telephone number to a list that our agents may use to contact you. We will only contact you using automated services with your express consent or for the purposes of facilitating a Service that you requested.
E. Marketing
We may, to the extent permitted by law, use your Collected Information to provide you with offers, marketing, and promotional materials on our behalf, or on behalf of the AAA Companies and their and our subsidiaries, partners, or other third parties. For purposes of this Privacy Policy, “AAA Companies” means: (1) the American Automobile Association, Inc.; (2) any entity with “AAA” or “American Automobile Association” in its name or brand, including each AAA auto club; and (3) any entity affiliated with any of the foregoing, including subsidiaries (e.g. A3 Smart Home LP, A3 Labs LLC, A3 Mobility LLC, and A3 P2P LLC) and holding companies (e.g., AAA Club Partners, Inc.).
Should you no longer to wish to receive these marketing or promotional communications, you may opt out as described in Section VIII (Opt-Out from Marketing) below.
F. Conducting and Growing Our Business
We may use your Collected Information to conduct our business, such as conducting data analysis, performing audits, controlling risk, detecting and preventing fraud, and complying with laws, regulations and other legal processes and law enforcement requirements related to our business and obligations.
We may also use your Collected Information to develop new products and services, maintain existing Services, identify usage trends, determine the effectiveness of our promotions campaigns, and operate and expand our business activities. We may also use aggregated and deidentified data, which does not identify you individually, for our business purposes, which may include offering products or services, research, marketing or analyzing market trends, and other purposes consistent with applicable laws. We may use your Collected Information to personalize your experience on the Sites and to improve the security, design, and functionality of our Sites.
G. Confirming Your Identity
We may use your Collected Information to confirm your identity, including in connection with any requests made pursuant to Section XI (C) (Verifying Your Request) below.
H. DMV Services
Any information we obtain from the Department of Motor Vehicles (“DMV”) in connection with the DMV services is used solely for the purpose of providing the DMV services requested by you. We do not store or disclose such information for any other purpose.
I. Site Data
We may use the Site Data to improve the Sites and to help us understand how users are using the Sites. This information is also collected for statistical analysis, to improve the utility of the Sites, and for other purposes describe in this Privacy Policy.
J. Other Purposes
We may use your information for other purposes specifically disclosed to you at the time we request your information. By providing your information, you consent to all disclosed uses.
K. Security Purposes
We may use your Collected Information to detect security incidents, protect against malicious, deceptive, or illegal activity, and prosecute those responsible for that activity.
We may also use your Collected Information to debug to identify and repair errors that impair existing intended functionality.
V. Sharing of Collected Information
We may share and/or may have shared in the past twelve (12) months your Collected Information with third parties for the following purposes:
A. AAA Companies and Subsidiaries, and Company Affiliates
We may share and/or may have shared in the past twelve (12) months your Collected Information with AAA Companies, our subsidiaries, and affiliates for the business purposes described in this Privacy Policy.
B. Service Providers
We may share and/or may have shared in the past twelve (12) months your Collected Information with service providers that are providing services to us and acting on our behalf, such as consultants, professional advisers, data analytics providers, and other service providers. Such services being provided by the service providers include: (i) the provision, operation, maintenance, administration, promotion, improvement, and oversight of the Services, the Sites, and Member benefits; (ii) the provision of advertising services; and (iii) the fulfillment of your requests for information or Services.
C. Other Third Parties
We may also share and/or may have shared in the past twelve (12) months your Collected Information with certain other third parties in the following circumstances:
- If you direct us to share your Collected Information with a certain third party;
- If you authorize us to share your Collected Information with a certain third party as part of our provision of Services to you;
- If you authorize us to share your Collected Information with a certain third party as part of fulfilling your request for other services;
- To comply with laws and regulations (including to fulfill our regulatory obligations relating to our business), respond to legal processes (for example, a court order, search warrant, or subpoena) or requests from law enforcement authorities, or otherwise required by law;
- If we believe the Sites and/or the Services are being or have been used in violation of our Terms and Conditions, other agreements with you, applicable law or otherwise in the commission of a crime;
- If we have a good faith belief that there is an emergency that poses a threat to the safety of you or another person;
- If necessary to protect our rights, safety, security, or property or those of third parties, including to enforce our rights against unauthorized access or attempted unauthorized access to our information technology assets or against other inappropriate use of our Sites;
- To prevent or investigate fraud, security, or technical issues or otherwise manage risks;
- To report to credit bureaus if applicable; or,
- To share or transfer your Collected Information for a business deal, such as a proposed or consummated sale, acquisition, transfer, merger, or consolidation of all or part of our organization.
VI. Point of Collection Notice
The following table summarizes the information provided above in Sections III - V. In particular, it identifies the categories of data collected at the various Points of Collection at which you may interact directly with us. Similarly, it discloses the instances, when we collect data about you from third parties, and describes by reference to the individual headings of Section IV above the intended business or commercial uses for each category of data. Moreover, it also provides information regarding the categories of third parties with whom we may share your Personal Information.

A.
First Point of Collection
a.
We collect the following categories of
Personal Information online when you visit our Sites, including for purposes of
general inquiries and browsing of our Sites:
i. Identifying Personal Information, such
as name, contact information, IP addresses;
ii. Browsing history and information
regarding your interaction with the Sites from your device, browser or cookies;
iii. Inferences about interests and
preferences based on an analysis of browsing habits and other predictive
techniques.
b. To learn about the Business or
Commercial Purposes of Intended Use for those three categories of Personal Information,
please consult the detailed descriptions of purposes and uses provided in subsections
E, F, I, and K set out in Section IV of this privacy notice.
c. The categories of sources from which these
three categories of Personal Information have been collected are as follows:
i. Identifying Personal Information, such
as name, contact information, IP addresses is collected directly from the consumers;
ii. Browsing history and information
regarding your interaction with the Sites from your device, browser or cookies is
collected (i) directly from the respective consumers and (ii) from Third
Parties such as internet analytics providers and marketing research services;
iii. Personal Information containing inferences
about interests and preferences based on the analysis of browsing habits and
other predictive techniques is collected (i) directly from the respective
consumers and (ii) from Third Parties such as internet analytics providers and
marketing research services.
d. All three Categories of Personal
Information collected at this point of collection have been shared with the following
categories of parties (i) AAA Companies and Company Affiliates, (ii) Service Providers
and (iii) other “Third Parties” identified in Section IV C of this privacy
notice.
B.
Second Point of Collection
a.
We are collecting Personal Information
when consumers are signing up on line for News and Information Services. At this point of collection, we are
collecting the following Categories of Personal Information:
i. All Categories of Personal Information that
we collect in connection with the first point of collection mentioned
previously are collected at this point of collection as well.
ii. In addition, we collect commercial
information about consumers. This includes records of the consumers’ purchases
of goods or Services or information with respect to goods and Services
consumers have shown an interest in.
b. To learn about the Business or
Commercial Purposes of Intended Use for those four Categories of Personal Information,
please consult the detailed descriptions of purposes and uses provided in
subsections E, F, I, and K set out in Section IV of this privacy notice.
c. The categories of sources from which these
four categories of Personal Information have been collected are identical to
those identified in connection with the first point of collection for the first
three Categories of collected Personal Information also collected here. The
fourth category of Personal Information, Commercial Information, is collected i)
directly from the respective consumers and (ii) from third parties such as
internet analytics providers and marketing research services.
d. All four categories of Personal
Information collected at this point of collection have been shared with the
following categories of parties(i) AAA Companies and Company Affiliates, (ii) Service
Providers and (iii) other “Third Parties” identified in Section IV C of this
privacy notice.
C.
Third Point of Collection
a.
We are collecting personal information at
the point when consumers are interacting with us online in connection with purchasing
and or using goods or services including memberships, subscriptions, Road Side
Assistance, DMV services and travel services.
b. The Categories of Personal Information
collected by us at this point of collection include all the three Categories of
Personal Information identified in connection with the previously mentioned two
points of collection of Personal Information.
In addition, we are collecting:
i. as a fourth Category, identifying information,
such as vehicle identification information and driver’s license number,
ii. as a fifth Category, geolocation
information; and,
iii. as a sixth Category, Payment and other
financial information, including credit card and bank account information and a
consumers’ credit history.
c. To learn about the Business or
Commercial Purposes of Intended Use for the above mentioned six categories of
Personal Information, excluding payment and other financial information, consult
the detailed descriptions of purposes and uses provided in subsections A, B, C,
D, E, F, H, I, J, and K set out in Section IV of this privacy notice. We are intending to use your payment related
personal information described as the sixth category of Personal Information
collected at this point only for the Business or Commercial Purposes specified
in subsections B, C, F, I and K set out in Section IV of this privacy notice.
d. The categories of sources from which we
collect the above mentioned six categories of Personal Information excluding
payment and other financial information are identical to those identified in
connection with the first point of collection mentioned previously. We collect
your payment related Personal Information described as the sixth category of Personal
Information collected at this point directly from consumers and from service
providers in the consumer payments industry.
e. All six categories of Personal
Information collected at this point of collection excluding payment and other financial
information have been shared with the following categories of parties (i) AAA
Companies and Company Affiliates, (ii) Service Providers and (iii) other “Third
Parties” identified in Section IV C of this privacy notice. We have shared your
payment related personal information with Service Providers, Financial
institutions and AAA Companies and Company Affiliates, to the extent necessary
to perform the services/ deliver the products ordered by a consumer.
D.
Fourth Point of Collection
a.
We collect personal information of
consumers off-line by phone, regular mail, or when consumers are visiting in
our branches, dependent on the type of their inquiry or transaction.
The Categories of Personal Information collected by us at this
point of collection include all Categories of Personal Information identified
in connection with the previously mentioned points of collection of Personal
Information except
for information as to browsing history and Site use and any inferences drawn
directly from the browsing history or habits of consumers.
b. To learn about the Business or
Commercial Purposes of Intended Use for the Categories of Personal Information,
please consult the detailed descriptions of purposes and uses provided in
subsections A, B, C, D, E, F, H, I, J, and K set out in Section IV of this
privacy notice.
c. The categories of sources from which we
collect the categories of Personal Information collected at this Point of
Collection are identical to those identified in connection with three previously
mentioned points of collection.
All categories of Personal Information collected
at this point of collection have been shared with the following categories of
parties (i) AAA Companies and Company Affiliates, (ii) Service Providers and
(iii) other “Third Parties” identified in Section IV C of this privacy notice.
VII. Data Retention
We may retain your information for the period necessary to fulfill the purposes outlined in this Privacy Policy, including for regulatory, audit or record-keeping purposes.
When your Personal Information is disposed of, we will dispose of your information in a manner that is consistent with this Privacy Policy and applicable legal requirements.
VIII. Opt-Out from Marketing
A. Promotional Communications and Magazine Subscriptions
You may receive transactional communications from us, such as communications regarding the Sites or our Services. You may also receive promotional communications from us, such as communications regarding marketing, promotions, and/or other related topics. To contact you, we may use the information you provide to us, including your email, address, fax, or phone number. You may, at any time, opt out of receiving future promotional communications from us by: (1) following the instructions within the promotional communication you received from us, (2) contacting Member Support using the contact information displayed in Section XVI (How to Contact Us). If you receive magazine subscriptions from us, you may also opt out of receiving such magazine subscriptions by contacting Member Support. To learn more about your choices regarding receiving promotional emails, magazine subscriptions or other communications, please contact Member Support (see Section XVI, How to Contact Us) or review our About Online Advertising page.
All requests to receive no longer any promotional communications will be processed in a timely manner. After your request has been processed, you will no longer receive the promotional communications that you opted out from, but you may continue to receive materials while we process your request to unsubscribe. Please note, even if you unsubscribe as described in this Section VIII (Opt-Out from Marketing), you may continue to receive transactional communications from us, including those related to your account, your use of the Services and Sites, and other important notices.
IX. Sale to Third Parties
We may have made available some of your Personal Information to third parties in the context of business transactions in which we have received a financial or other kind of benefit in return, for, among other things, making some of your Personal Information available. Transactions of this nature may be considered a “sale” of Personal Information in certain jurisdictions, including California. The categories of Personal Information about you we may have “sold” or disclosed to third parties for a business or commercial purpose in the past twelve (12) months are the following:
Categories of Personal Information about Consumers sold to third parties for a business or commercial purpose in the past twelve (12) months: All categories of Personal Information identified in Column II of the Table set out in Section VI (Point of Collection Notice) collected directly from consumers.
Categories of Personal Information disclosed to third parties for a business or commercial purpose in the past twelve (12) months: All categories of Personal Information identified in Column II of the Table set out in Section VI (Point of Collection Notice) collected directly from consumers.
However, we did not and do not sell the Personal Information of minors under the age of 16 without affirmative authorization. For more information about your right to opt-out from the sale of your personal information, please see Section X (C)(b) (Right to Opt-Out of Sale of Personal Information) below.
X. Your Rights to Your Personal Information
A. Consumer Privacy Rights and Rights to Your Personal Information as a Member
We grant Members certain rights with respect to certain types of Personal Information that we may have collected from or about them. Those rights are granted by us as a matter of policy and are independent of your Consumer Privacy Rights under certain state laws such as the CCPA. Whether and to what extent you may have such Consumer Privacy Rights depends, among other things, on where you live.
B. Your Rights as a Member to Access, Correct, Update and Remove Personal Information
If you are a Member you have the right to access certain information in your account, such as contact and mailing information and any preferences or payment methods you may have shared with us. You may use your online account to access such information or contact Member Support (see Section XVI, How to Contact Us). This will allow you to update and correct your Personal Information on file with us. For example, in case your Personal Information on file with us is inaccurate or incomplete, you may request that we correct. update and/or remove such inaccurate Personal Information.
We may ask you to verify your identity and to provide other details before we provide access to, update or remove any of your information. Your right to have Personal Information removed is subject to any retention requirements and/or other legal grounds authorizing or requiring us to retain your information.
C. Your Consumer Privacy Rights
If you are a consumer who has an address in California and lives the major portion of the year in California (a “California Consumer”), you may have certain rights with respect to your Personal Information pursuant to the CCPA. For purposes of this Privacy Policy, a California Consumer does not include persons to the extent they are (i) acting as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit or government agency that is doing business with us or (ii) acting as a job applicant to, an employee of, owner of, director of, officer of, medical staff member of, or contractor of Company.
a. Limited Coverage by Consumer Privacy Rights for Certain Members outside California
It is our policy is to treat all Members of our AAA automobile clubs equally. Those automobile clubs are the American Automobile Association of Northern California, Nevada & Utah, AAA Arizona, Inc., and AAA MountainWest, Inc., (collectively, “Auto Club Members”). Therefore, we are extending certain of the Consumer Privacy Rights applicable to California residents also to our Auto Club Members who are not California residents. Members who are not Auto Club Members enjoy Consumer Privacy Rights to the extent they are California Consumers.
b. Right to Opt-Out of Sale of Personal Information
You have the right to opt-out of our sale of your Personal Information. This means that you have the right to direct us not to sell your Personal Information. We will not ask if you would like to opt back in to the sale of your Personal Information for at least twelve (12) months following the date we receive your request; however, you may change your mind during this time and inform us that you are opting back in.
To exercise your right, you may either submit your request by contacting us using the information in Section XI (A) (Exercising Your Consumer Privacy Rights) below or use the Opt-out button displayed on our home page. We will not require you to verify your identity prior to honoring your opt-out request. However, in certain circumstances the law authorizes us to refuse to comply with your request. In such a case, we will contact you and provide you with an explanation of our refusal to act.
You may also use an authorized agent to submit a request to opt-out on your behalf, as long as you provide the authorized agent with written permission to do so and the agent provides such proof to us when it submits your request.
If you change your mind and wish to opt back in to the sale of your Personal Information or if the sale of your Personal Information is required to complete a transaction, please use the Opt-in mechanism described in Section XI (E) (Opting-in Following an Opt-out) below.
c. Right to Know
You have the right to request that we disclose to you in response to a verifiable consumer request (see Section XI (A) below for further details on how to submit a verifiable request) which Personal Information we collect, use, disclose and/or sell from you or about you.
Your right to know encompasses the specific pieces of Personal Information we have collected about you in the past twelve (12) months, the categories of sources from which the Personal Information was collected in the preceding twelve (12) months, the business or commercial purposes for collecting, using or selling the Personal Information in the preceding twelve (12) months, and the categories of third parties to whom we have disclosed the Personal Information for business purposes or sold the same to in the preceding twelve (12) months.
A general list of the categories of Personal Information that we have collected, the categories of sources from which the Personal Information was collected, the business or commercial purposes for collecting the Personal Information, and the categories of third parties with whom we share Personal Information is set forth set forth in Section VI of this Privacy Policy.
d. Right to Request the Deletion of Your Personal Information
You have the right to request that we delete, subject to certain exceptions provided by law, any Personal Information about you that we have collected from you. We will also direct any service providers to which we provided your information to delete such information from their records. We will comply with your request for deletion if you (i) submit a verifiable request and (ii) the information you are asking us to delete does not fall under any of the following exceptions. Specifically, we are not required to delete your Personal Information if we need that information to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Ensure the exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Enable us to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
- Use your information solely for internal uses that are reasonably aligned with your expectations based on your relationship with us;
- Comply with a legal obligation;
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
e. Right to Non-Discrimination
We will not discriminate against you for exercising any of your rights as a consumer described in this Section. Unless permitted by applicable law in your jurisdiction, which may include the California Consumer Privacy Act (CCPA), we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services;
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
XI. Exercising Your Consumer Privacy Rights
If you are a California Consumer or an Auto Club Member who is not a California resident, you may exercise your right to know and your right to request deletion of your Personal Information by submitting a verifiable consumer request as described in more detail below. You may only make a consumer request to exercise your right to know twice within a 12-month period. The subsections below do not apply to your right to opt-out of a sale of your Personal Information. To exercise your right to opt-out of a sale of your Personal Information, please follow the instructions provided in Section X(C)(b) (Right to Opt-Out of Sale of Personal Information) above.
A. Ways to Submit a Verifiable Consumer Request
You may communicate your verifiable consumer request to us directly by one of the following methods:
• Online at: https://www.aaa.com/privacy-rights
Only you or an authorized agent (as described below) may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. Making a verifiable consumer request does not require you to create an account with us.
B. Authorizing an Agent
You may designate an authorized agent to submit your verifiable consumer request on your behalf, so long the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us. If you would like to designate an agent, your agent must register as such with the California Secretary of State and submit a copy of this registration along with your verifiable consumer request to us.
You may communicate a verifiable consumer request as an authorized agent by one of the following methods:
• By telephone to: 1 (844) 973-0727
• By mail to: American Automobile Association of Northern California, Nevada & Utah, Attn.: Privacy Requests, 1277 Treat Boulevard, Suite 1000, Walnut Creek, California 94597.
We may only comply with your consumer request(s) if we can reach the degree of certainty required by law that the person submitting a request is authorized to do so, i.e., that he or she is the consumer whose Personal Information is the subject of a given consumer request or an agent duly authorized by that consumer. We will only use Personal Information provided in a consumer request to verify your identity or authority to make that request.
Following the receipt of a request by a California Consumer or an Auto Club Member who is not California resident to exercise his or her privacy rights, we first authenticate the channel of communication used by the requestor by sending a verification code to the device/email address from which the request originated. Depending on the method of communication used by the requestor, we will then require the requestor to provide an online, written or oral declaration under the penalty of perjury “that you are who you are”.
As a next step, we will require typically three matching data points based on the requestor’s membership status, our relationship with the consumer, and our transactional history with the consumer to determine whether we consider a request verifiable or not. We use a risk-based approach to balance the interests of requestors in exercising their Consumer Privacy Rights with our interest in preventing the access by unauthorized parties to Personal Information and preserving the security and integrity of our systems. Therefore, we may use additional verification procedures in the event we are unable to reach the degree of certainty required by law based on the outcome of our standard process or based on the value or the sensitive nature of the Personal Information involved and the potential for harm in case of an unauthorized disclosure or deletion.
D. What to Expect After you Submit a Consumer Request
If you are a California Consumer, we will acknowledge the receipt of your request within ten (10) days unless we have already been able to comply with and respond to your request. If you are an Auto Club Member who is not a California resident, we will respond to your request as soon as reasonably possible; however, we cannot commit to a specific turnaround time.
We will endeavor to respond to, or fulfill, a verifiable consumer request submitted by a California Consumer within forty-five (45) days of its receipt. If we need more time (up to forty-five (45) additional days under California law), we will inform any California Consumer making such a request, of the reason and the additional time needed in writing. If you are an Auto Club Member who is not a California resident, we will respond to your request a soon as practicable in the ordinary course of business; however, we cannot promise a specific turn-around time. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. If we cannot fulfill your request, the response we provide will explain the reasons we cannot fulfill your request. In response to a right-to-know request, we will provide you with your Personal Information in a format that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
E. Opting-in Following an Opt-out
If you have opted-out from the sale of your Personal Information and want to again allow us to sell your Personal Information, we will use a two-step process to confirm your decision to opt-in again.
Please inform us of your opt-in decision using any of the methods of communication authorized in Section XI (A) (Ways to Submit a Verifiable Consumer Request) and include a valid e-mail address or a phone number capable of receiving text messages in your request. We are required to have you reconfirm your opt-in decision and will use this this email address or phone number to send you a link for that purpose.
XII. Tracking; Third Party Analytics Providers
A. “Do Not Track” Disclosure
Certain web browsers may provide a do-not-track (“DNT”) option. You may be able to ask your browser to inform websites that you not wish your activities to be tracked, either with cookies or other persistent identifiers, commonly called “DNT signals.” At this time, we do not honor do-not-track signals; however, we provide you with the option to opt out from behavioral advertising. Please see our About Online Advertising page for more information.
B. Third Party Analytics Providers
We work with third party analytics service providers, including Google Analytics, Adobe Analytics, Optimzely, and Tealium (the “Analytics Providers”), to help us better understand how our users use the Sites. Specifically, we use Analytics Providers to learn more about the types of users that visit the Sites and how they use the Sites and to help us improve the Sites. To provide this service, Analytics Providers may collect certain information about you from your computer, including through the use of cookies. Such information may include information regarding your visit (such as the pages you visit and the length of your visit), information about your device (such as your IP address), how you got to the Website, and other information about you.
You can learn more about Google Analytics and how it collects and processes data (including how to control the information sent to Google) by visiting: www.google.com/policies/privacy/partners/. You can opt-out of Google Analytics by using the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout/.
You can learn more about Adobe Analytics and how it collects and processes data (including how to control the information sent to Adobe) by visiting: https://www.adobe.com/privacy/experience-cloud.html. You can opt-out of Adobe Analytics by visiting https://www.adobe.com/privacy/opt-out.html#customeruse.
You can learn more about Optimizely and how it collects and processes data (including how to control the information sent to Optimizely) by visiting: https://www.optimizely.com/privacy/. You can learn about how to opt-out of Optimizely by visiting: https://www.optimizely.com/legal/opt-out/.
You can learn more about Tealium and how it collects and processes data (including how to control the information sent to Tealium) by visiting: https://tealium.com/privacy/. You can update your privacy preferences with Tealium by visiting: https://tealium.com/preferences/.
XIII. Links to Other Sites and Other Privacy Policies
The Sites may contain third-party links, include third-party integrations, or offer a co-branded or third-party-branded service. Through these links, third-party integrations, and co-branded or third-party-branded services, you may be providing information (including Personal Information) directly to the third party, us, or both. You acknowledge and agree that we are not responsible for how those third parties collect, share, or use your information. Because we have no control over the privacy practices or content of these linked sites, we recommend that you carefully review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through our Sites and Services
XIV. Children’s Privacy
The Sites and the Services are not intended to target individuals under the age of 13 and we do not knowingly collect Personal Information directly from children under the age of 13. If we discover that we have received Personal Information directly from a child under the age of 13, we will delete that information. If you are a parent or guardian of a child under the age of 13 and believe we have collected Personal Information directly from your child, you may contact us using the information provided in Section XVI (How to Contact Us) below to have that information deleted from our records.
We will not sell (and have not sold for the past twelve (12) months the Personal Information of individuals under 16 years of age if we know that the individual is a minor and we do not have affirmative authorization to do so. Individuals between the ages of 13 and 16 may communicate their affirmative authorization by using the method for opt-in requests described in Section IX (E) (Opting-in Following an Opt-Out).
XV. Protecting Your Personal Information
To protect your Personal Information from unauthorized access and use, we maintain reasonable security procedures and practices appropriate to the nature of the information you provide to us and the type of processing activities performed by us. However, please note that there is always some risk in transmitting information over the Internet. Because the Sites are provided through the Internet, when you use the Sites, your communications may be intercepted by others. For this reason, we cannot guarantee the security and privacy of transmissions via the Internet, and we will not be liable for any lack of security relating to the use of the Sites by you. You agree that you will not hold us liable for any damages resulting from any loss of privacy or security occurring in connection with any communications over such networks.
XVI. How to Contact Us
If you have any questions regarding this Privacy Policy or our privacy practices, or would like more information regarding how to exercise your rights pursuant to Section X (Your Rights to Your Personal Information) and Section VIII (Opt-Out from Marketing) of this Privacy Policy, or would like to obtain a copy of this Privacy Policy in a different format, please contact us using one of the methods provided below:
• By email to: [email protected]
• By mail to: American Automobile Association of Northern California, Nevada & Utah, Attn.: Privacy Requests, 1277 Treat Boulevard, Suite 1000, Walnut Creek, CA 94597
For Member Support services, please contact us at: 1 (800) 922-8228 or by [email protected].com
XVII. Additional Information for Car Subscriptions Users
This Policy also applies to the operations of AAA Car Subscriptions, (“Car Subscriptions”), subject to the supplemental disclosures set out below. Due to the nature of its businesses – Car Subscriptions makes available a motor vehicle forming part of the subscription fleet to subscribers for a given period of time along with certain related services (“Subscription Services”) - Car Subscriptions collects from consumers additional categories of personal information and interacts with consumers at additional Points of Collection compared to those set out in Section VI above. Therefore, the information presented in the below table does not replace but supplements the information made available in Section VI and elsewhere in this Policy.
In addition to accessing your Personal Information as part of exercising your Consumer Privacy Rights described in Section X of this Policy, you may view and correct your account at any time by logging into your Account through our website https://carsubscription.calstate.aaa.com/ or our mobile app. You may also call our subscription support as described below either by:
· Telephone: 1 (800) 360-2228, or,
· Email: [email protected], or,
· Through the mobile app, by clicking the “Contact Us” button.

A.
Car Subscription -
Additional Points of Collection
a.
We are collecting the following Categories
of Personal Information when you submit an online Application for creating an
account to use our Subscription Services:
i. Identifying Information such as phone number(s).
email address, driver’s license information, driver’s license number, physical
characteristics, credit and/or bank account/card number.
1. We are collecting this category of Personal
Information for purposes of initial and ongoing determination of eligibility
for Subscription Services and the provision, maintenance and improvement of
Subscription Services. To learn more about
the Business or Commercial Purposes of intended use for this category of
Personal Information, please consult the detailed descriptions of purposes and
uses provided in subsections A, B, C, D, E, F, G, I and K in Section IV of this
privacy notice.
2. We obtain this category of Personal Information
directly from consumers.
3. We share this category of Personal Information
with Service Providers used for providing the Subscription Services and
advertisers and other “Third Parties” identified in Section IV C of this
privacy notice
ii. We are also collecting protected
classification characteristics, such as age and gender when we obtain images
(selfies) and copies of your driver’s license.
1. The collection of this category of
Personal Information is incidental to our collection of information for the
purpose of allowing us to perform an initial and ongoing determination of eligibility
for Subscription Services and the provision, maintenance and improvement of
Subscription Services. To learn more
about the Business or Commercial Purposes of intended use for this this
category of Personal Information, please consult the detailed descriptions of
purposes and uses provided in subsections B, C and G in Section IV of this
privacy notice.
2. This category of Personal Information
is obtained directly from consumers.
3. We do not share this category of
Personal Information with other parties.
iii. We are also collecting Commercial
Information resulting from motor vehicle and consumer reports.
1. We are collecting this category of
personal information for purposes of initial and ongoing determination of eligibility
for Subscription Services and the provision, maintenance and improvement of
Subscription Services. To learn more
about the Business or Commercial Purposes of intended use for this category of
Personal Information, please consult the detailed descriptions of purposes and
uses provided in subsections B, C and K set out in Section IV of this privacy
notice.
2. We obtain this category of information
from third party sources such as DMV databases and consumer reporting agencies.
3. We share this category of personal
information with Service Providers used for providing the Subscription Services
and advertisers and other “Third Parties” identified in Section IV C. of this
Privacy Policy.
b. We are collecting the following Categories of Personal Information when
you interact with Motor Vehicles made available by Car Subscription Services:
i. Commercial Information, such as mileage
use, maintenance requests, roadside service requests.
1. We are collecting this category of
personal information for purposes of providing, maintaining, and improving the
Subscription Services
2. We obtain this data from GPS and other
electronic surveillance services and technologies
3. We share this category of personal
information with Service Providers used for providing the Subscription Services,
insurance companies and other “Third
Parties” identified in Section IV C of this Privacy Policy.
ii. Geolocation data, i.e., location and
speed of vehicles.
1. We are collecting this category of
personal information for purposes of providing, maintaining, and improving the
Subscription Services
2. We obtain this data from GPS and other
electronic surveillance services and technologies
3. We share this category of personal
information with Service Providers used for providing the Subscription Services,
insurance companies and other “Third
Parties” identified in Section IV C of this Privacy Policy.
XVIII. Additional Information for Gig Car Share Users
This Policy also applies to the operations of Gig Car Share (“Gig”), subject to the supplemental disclosures set out below. Due to the nature of its businesses – Gig makes the use of shared motor vehicles available to its active Members (“Gig Services”) - Gig collects from consumers additional categories of personal information and interacts with consumers at additional Points of Collection compared to those set out in Section VI above. Therefore, the information presented in the below table does not replace but supplements the information made available in Section VI and elsewhere in this Policy.
In addition to accessing your Personal Information as part of exercising your Consumer Privacy Rights described in Section X of this Policy, you may correct any errors in your information by contacting Member Support, which will be available 24 hours a day, 7 days a week either by:
· Telephone: (800) 464-0889, or,
· Email to: [email protected], or,
· Through the Mobile App, by clicking the “Member Support” button.

XIX. Additional Information for AAA Identity Champion Users
When you register with and use the AAA Identity Champion service, we collect information from you directly when you enroll, automatically when you visit our web pages, and sometimes from third parties. This information includes Personal Information. For instance, we may ask you to provide contact information (your name, phone number, and/or email address), banking and financial information, Social Security Number, and other information about you in order for us to provide you with the Identity Champion service.
We use information we collect for Identity Champion specifically to process your registration, including verifying that your information is current and valid and to allow you to participate in Identity Champion features. We may exchange information about you, including Personal Information, with third party service providers to enable them to perform services on our behalf and for us to provide the Identity Champion services to you, which include:
- Verifying your identity;
- Processing your payments; and
- Monitoring data sources, including national credit bureau reports and web activity, to detect attempted identity theft or similar threats to your data and to provide you with identity monitoring services.
Note that we do not share the information you provide for purposes of registering for Identity Champion, such as banking and financial information, Social Security Number, and other information required for providing the service, with third parties for marketing purposes. We also do not use this information for marketing and advertising purposes. Other Personal Information, such as name, contact information, and AAA Membership number, that was previously provided to us in connection with your AAA Membership and/or that you provided to us for purposes of initiating your Identity Champion registration, will only be used in accordance with this Privacy Policy.
California and Nevada Residents: We do not sell your Personal Information that’s submitted for purposes of providing you with the Identity Champion services. If you are a California Consumer or an Auto Club Member who is not a California resident, please see Section XI (Exercising Your Consumer Privacy Rights) for additional information on exercising your privacy rights.
XX. Smart Home Device Privacy Policy
Data may be collected from devices installed or used in your residence or business for the purpose of providing you with the A3 Smart Home monitoring and alarm services (collectively, “Smart Home Device” or “Device”). Information collected may include:
- Location Information. Information about your location, your personal device location, or the physical location of your Smart Home Devices;
- Audio, Video and Still-image Information. Depending upon how you configure your Smart Home Device, we may collect certain still-images as well as audio and video;
- Smart Home Device Information. Information about motion detection, door and window usage, utility usage, and climate data (including temperature and moisture data);
- Monitoring Information. Information about arming and disarming the Smart Home Device;
- Aggregate Usage Information. Information that helps us track patterns and improve our Devices in order to meet your smart home needs; and
- Biometric Information. Information about your physical characteristics that helps us identify you, including facial recognition.
We may use Device Data to do any or all of the following:
- provide you with our Services;
- facilitate your interactions and transactions with us;
- respond to your requests, communications, suggestions, comments, inquiries, and requests (including your feedback about our Devices and Services);
- provide you with relevant notifications;
- administer our relationship with you, including managing your account;
- maintain and improve our Devices and Services, including measuring our performance;
- develop new products, features, and services;
- better understand the preferences of our customers;
- facilitate your participation in our surveys and promotions;
- respond to legally binding requests from law enforcement, regulatory authorities, or other third parties;
- defend, protect or enforce our rights or applicable terms of service or to fulfill our legal or contractual obligations;
- to prevent fraud or the recurrence of fraud;
- assist in the event of an emergency;
- comply with applicable law; or
- any other purposes specifically disclosed to you at the time we request, and you provide, the information.
We may also combine Device Data with other Personal Information collected from your use of our Services and develop a customer profile that will be used for the purposes above.
Camera-Enabled Services. If you enable smart monitoring camera-enabled services, we may record, stream, store, or process video and/or recordings pursuant to your account instructions and camera-enabled device configuration settings (visit https://a3smarthome.com/installation/indoor-hdr-camera for more information on using and enabling your smart monitoring camera). If you enable the recording features during your subscription term, we will capture, process and retain video and audio data recordings from the Device pursuant to your settings or until the storage limit is reached (older videos will be deleted once the storage limit is reached) and you will be able to access those recordings during that time.
Identity Verification. We may use the Device Data to verify your identity or the identity of other persons. If you choose to upload the photos and identity of other persons to the Smart Home Device, we will process this information for the purpose of enabling the Smart Home Device to recognize familiar faces and to notify you of both familiar and unknown people. Using the mobile application and your account, you control whether this biometric processing and analysis occurs. Only upload photos of individuals who have consented to have their information used in accordance with this Privacy Policy.
We may retain Device Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, including, but not limited to, regulatory, audit, or record-keeping purposes.
Finally, we may use Device Data to create anonymized and aggregated information that does not personally identify an individual (“non-personal information"). We may use non-personal information for any legitimate business purpose.
Except as disclosed in this Privacy Policy, we do not share Device Data with any companies other than our partners and affiliates and their directors, officers, employees, agents, consultants, advisors or other representatives.
We may share Device Data with our third party service providers, suppliers, vendors, and business partners to help us in the operation, management, improvement, research and analysis of our Devices and/or Services, and to comply with your directions or any consent you have provided us.
We may share Device Data with law enforcement and regulatory authorities or other third parties as required or permitted by law for the purpose of:
- responding to a subpoena, court order, or other legal processes;
- preventing or investigating fraud, security, or technical issues or otherwise manage risks;
- defending, protecting, or enforcing our rights, safety, security, or property;
- reporting to credit bureaus (if applicable);
- assisting in the event of an emergency; and
- complying with applicable law.
XXI. Updates to Privacy Policy
From time to time, we may update this Privacy Policy, including at least once annually. If we do, we will note near the top of this page the date that any changes are made and/or when they become effective. If the changes being made are material, we may alert you to the changes in a more prominent way. Your inaction or continued use of the Sites or Services, or your provision of Personal Information to us after any such notices, will tell us that you agree to these changes.
1 AAA Smart Home and A3 Smart Home are operated by A3 Smart Home LP.
2 Gig Car Share is operated by A3 Mobility LLC.
3 AAA House Manager is operated by A3 Labs LLC.
4 AAA Car Subscription is operated by A3 P2P Services LLC.
5 AAA Identity Champion is operated by A3 Labs LLC.
* Online Sign-up for Using Gig Services
** Interaction with Motor Vehicles Made Available by Gig