Capitalized terms used but not otherwise defined in this policy should be read to have the same meaning as how the term is defined in the California Consumer Privacy Act (“CCPA”), unless the context requires otherwise.
4. WHAT INFORMATION DO WE COLLECT?
We may collect the following categories of Personal Information from you and/or about you when you visit Our Websites, applications, or otherwise interact with Us. The categories of Personal Information that We have collected, disclosed for a business or commercial purpose or sold over the past twelve (12) months is outlined below.
4.1 Information You Provide To Us
We collect your Personal Information directly from you when you apply for a AAA Membership, subscribe to Our Services, purchase Our Services, or otherwise provide Personal Information directly to Us. The following are examples of Personal Information that We may collect directly from you:
Identifying Personal Information
- Full Name;
- Contact Information (e-mail address, telephone number, mailing address etc.);
- Account Username and Password;
- Age and Date of Birth;
- Social Security Number;
- Vehicle Identification Information (VIN, vehicle make and model, driver’s license number, license plate information, vehicle registration);
- Geolocation (is collected with your consent, such as when searching for nearby gas stations on Our app); and
- Financial Information (billing name and address, bank and bank account information including routing and account numbers, credit card information, and credit history).
4.2 Information We Collect About You Automatically
We collect your Personal Information indirectly from you when you visit the Site. This information is collected via cookies, log files, and web beacons. The information collected automatically may include the following:
- IP address;
- Device information such as browser type and operating system;
- Browsing history;
- Date and time of your Site visit;
- Information regarding your interaction with Our Site, including the pages accessed and links clicked;
- Inferences about interests and preferences based on analysis of browsing habits and other predictive techniques ; and
- Commercial information including records of products and services viewed or purchased.
4.3 Information We Collect About You From Third Parties
In addition, We may collect and/or may have collected Personal Information about you from third-parties in the past twelve (12) months. For example, when you visit Our Site or use Our Services, Our third-party service providers, can collect information about your visit and share that information with Us. The information that We may collect about you from third parties may include the Personal Information listed above.
This Personal Information can be collected when you visit Our Site. In addition, you may also affirmatively authorize or direct third parties to provide Us with Personal Information through the use of different technologies such as the following:
- Third-party Software Development Kits (“SDKs”) which may be used by some of Our applications to increase functionality.
- Action Tags, such as beacons or pixels, which are tiny images that may be embedded within web pages and e-mails that give Us information about your device and Site activity. We may use action tags to track the effectiveness of advertisements on Our Site and advertisements placed on Our behalf by third party sites as well.
5. HOW DO WE USE YOUR PERSONAL INFORMATION?
We may use your Personal Information (including the categories of Personal Information described above) and Site Data (collectively, the “Collected Information”) for the following purposes:
5.1 Membership Application and Renewal
When you apply to become a Member of AAA, We collect your Personal Information to process your application. Afterwards, your Personal Information may be used to maintain, and renew your Membership, subscription, or account as a Member.
5.2 Providing You With Services
We may use the Personal Information We collect to provide you with various services, such as the following:
- To provide you with Our Services and other Member benefits, including 24/7 Member support through Our Member support team as described in Section 17 (How to Contact Us) below.
- Facilitating reservations, billing, account management, account maintenance, and any of Our reward and recognition programs you may choose to join.
- To provide you with Our Site features, such as when you grant Us access to certain information on your device (such as geo-location) when you request certain Services.
5.3 Communicating With You and Sending You Materials
We may use the Personal Information We collect to contact you and to respond to your requests. We may also use your Personal Information to communicate with you as needed, including by e-mail, mail, phone call, mobile alerts, and SMS text messaging. The purpose for this communication may include, but is not limited to:
- Upcoming travel notifications;
- Notifications regarding changes to Our agents or office locations;
- Providing and improving Our customer service; and
- Administrative information (e.g., information relating to changes to Our terms, conditions, and policies).
We may also use your collected Personal Information to maintain and improve Our Services, by, for example, sending e-mails to solicit your feedback and to enroll you in Our promotional e-mail programs. Mobile opt-in data will not be shared with any third parties or affiliates. Sharing excludes text messaging originator opt-in data and consent.
We may, to the extent permitted by law, use your Personal Information to market products and services on Our behalf, or on behalf of the AAA companies, including subsidiaries, partners, and/or other third parties.
Should you no longer wish to receive these marketing or promotional communications, you may opt out as described in Section 11 (The Right to Opt-Out From Marketing) below.
5.5 Conducting and Growing Our Business
We may use your Personal Information for one or more of the following business purposes:
- To provide a product or service that you have requested, to complete the transaction for which the Personal Information was collected, to perform a contract that you are involved in, including fulfilling the terms of a written warranty, or otherwise performing a contract between you and Us.
- To help ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes.
- To debug, to identify, and to repair errors that impair existing intended functionality of the requested service.
- To exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
- To comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- To engage in public or peer-reviewed scientific, historical, and/or statistical research that conforms or adheres to all other applicable ethics and privacy laws, with your informed consent.
- To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Us and compatible with the context in which you provided the Personal Information.
- To comply with a legal obligation.
5.6 Confirming Your Identity
We may use your collected Personal Information to confirm your identity, including in connection with any requests made pursuant to Section 12 (Exercising Your Rights As a Consumer) listed below.
5.7 DMV Services
Any Personal Information We obtain from the Department of Motor Vehicles (“DMV”) in connection with the DMV services is used solely for the purpose of providing the DMV services requested by you. We do not store or disclose such Personal Information for any other purpose.
5.8 Site Data
5.9 Security Purposes
We may use your collected Personal Information to detect security incidents, protect against malicious, deceptive, or illegal activity, and prosecute those responsible for that activity.
We may also use your collected Personal Information to debug, to identify, and repair errors that impair existing intended functionality.
5.10 Other Uses In Agreements
We may also use your collected Personal Information for the specific uses identified in any agreements you may have with Us.
5.11 Other Purposes
We may use your Personal Information for other purposes specifically disclosed to you at the time We request your Personal Information. By providing your Personal Information, you consent to all disclosed uses.
5.12 Point of Collection Notice
If you would like to view a summary of the Personal Information provided in the sections above, please view Appendix I - Point of Collection Chart, Main. It identifies the categories of data collected at the various Points of Collection at which you may interact directly with Us. Similarly, it discloses the instances when We collect data about you from third parties, describes by reference to the individual headings of this Section 5, and the intended business or commercial uses for each category of data. Moreover, it also provides information regarding the categories of third parties with whom We may share your Personal Information.
6. WHY WE SHARE YOUR INFORMATION
The Personal Information We collect about you will only be shared as permitted or required by law.
If you are a current or former Member, most of the Personal Information We have collected about you is maintained in your Membership records. This Personal Information is used to process and service your Membership.
The following are some examples of how We may share and/or may have shared your Personal Information in the past (12) months:
6.1 AAA Companies and Subsidiaries, and Company Affiliates
6.2 Service Providers
We may share and/or may have shared in the past twelve (12) months your Personal Information with Service Providers that are providing services to Us and acting on Our behalf, such as consultants, professional advisers, data analytics providers, and other service providers. Such services being provided by the service providers include:
- The provision, operation, maintenance, administration, promotion, improvement, and oversight of the Services, the Sites, and Member benefits;
- The provision of advertising services; and
- The fulfillment of your requests for Personal Information or Services.
6.3 Other Third Parties
We may also share and/or may have shared in the past twelve (12) months your collected Personal Information with certain other third parties in the following circumstances:
- If you direct Us to share your Personal Information with a certain third party.
- If you authorize Us to share your Personal Information with a certain third party as part of Our provision of Services to you.
- If you authorize Us to share your Personal Information with a certain third party as part of fulfilling your request for other services.
- To comply with laws and regulations (including to fulfill Our regulatory obligations relating to Our business), respond to legal processes (for example, a court order, search warrant, or subpoena) or requests from law enforcement authorities, or otherwise required by law.
- If We believe the Sites and/or the Services are being or have been used in violation of Our Terms and Conditions, other agreements with you, applicable law or otherwise in the commission of a crime.
- If We have a good faith belief that there is an emergency that poses a threat to the safety of you or another person;
- If necessary to protect Our rights, safety, security, or property or those of third parties, including to enforce Our rights against unauthorized access or attempted unauthorized access to Our information technology assets or against other inappropriate use of Our Sites.
- To prevent or investigate fraud, security, or technical issues or otherwise manage risks.
- To report to credit bureaus if applicable.
- To share or transfer your collected Personal Information for a business deal, such as a proposed or consummated sale, acquisition, transfer, merger, or consolidation of all or part of Our organization.
7. WHY WE MAY “SELL” YOUR INFORMATION TO THIRD PARTIES
Under the CCPA, a “sale” is considered a situation where We share Personal Information with third parties in exchange for money or valuable consideration. Given this definition, We may sell or may have sold your Personal Information to third parties in the past (12) months in exchange for financial benefits or other valuable consideration.
The following are categories of Personal Information that We may have sold in the past twelve (12) months:
- Personal identifiers and contact information;
- Commercial information;
- Internet or other activity information; and
- Inferences resulting from information referenced under the categories listed above.
8. DATA RETENTION
9. YOUR RIGHTS AS A MEMBER
If you are one of Our Members, you are entitled to certain rights. These rights include the following:
- The right to access certain information in your account, such as contact and mailing information and any preferences or payment methods you may have shared with Us.
- The right to correct and/or update your Personal Information.
You can access, update, and correct your Personal Information by:
- Logging on to your account; or
- Contacting Member support.
We may ask you to verify your identity and to provide other details before We provide access to, update, and/or remove any of your Personal Information. Your right to have Personal Information removed is subject to any retention requirements and/or other legal grounds authorizing or requiring Us to retain your Personal Information.
10. YOUR RIGHTS AS A CONSUMER
Under the California Privacy Rights Act (“CPRA”) which amended the CCPA, California residents have certain rights with regards to their Personal Information. In appreciation of your valued business, We have expanded these privacy protection rights to all of Our Members, regardless of where they live. The following are the privacy rights available to you under the CCPA and CPRA:
10.1 The Right To Know
You have the right to request that We disclose what type of Personal Information We have collected about you, the purpose for collecting that information, and whether We have shared that information with any third party and for what purpose. The fulfillment of this request is subject to Us receiving a verifiable request (See Section 12, Exercising Your Rights As A Consumer)
10.2 The Right To Delete
You have the right to request that We delete the Personal Information that We have collected from you. The fulfillment of this request is subject to Us receiving a verifiable request from you (See Section 12, Exercising Your Rights As A Consumer) and it is also subject to the deletion exceptions listed below:
- To provide a product or service specifically requested by a consumer, to complete the transaction for which the personal information was collected, to perform a contract to which a consumer is party, including fulfilling the terms of a written warranty, or otherwise perform a contract between the business and the consumer.
- To help ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
- To debug, to identify and repair errors that impair existing intended functionality.
- To exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- To engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the business’ deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if the consumer has provided informed consent.
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer's relationship with the business and compatible with the context in which the consumer provided the information.
- To comply with a legal obligation.
10.3 The Right to Correct
In the situation that you exercise your right to know what Personal Information We have collected about you and discover that the Personal Information We have about you is incorrect, you can submit a request for Us to correct that information. We will use commercially reasonable efforts to correct the Personal Information.
10.4 The Right to Opt Out of the Sale or Sharing of Your Personal Information
You have the right to request to opt out of the sale or sharing of your Personal Information. If you opt-out of the sale of your Personal Information, We will not ask if you would like to opt back in to the sale of your Personal Information for at least twelve (12) months following the date We receive your request; however, you may change your mind during this time and inform Us in writing that you are opting back in.
To exercise your right to opt out of the sale or sharing of your Personal Information, you can use the Opt-Out button displayed on Our home page. You can also submit your request online at https://www.aaa.com/privacy-rights or over the phone at 1 (844) 973-0727.
We will not require you to verify your identity prior to honoring your opt-out request. However, in certain circumstances the law authorizes Us to refuse to comply with your request. In such a case, We will provide an explanation of why are unable to honor your request.
You may also use an authorized agent to submit a request to opt-out on your behalf, as long as you provide the authorized agent with written permission to do so and the agent provides such proof to Us when the agent submits your request.
If you change your mind and wish to opt back in to the sale of your Personal Information or if the sale of your Personal Information is required to complete a transaction, please use the opt-in mechanism described in 12.6 Opting-In Following an Opt-Out below.
10.5 The Right to Limit Use and Disclosure of Sensitive Personal Information:
You have the right to limit the sharing of your Sensitive Personal Information. Specifically, you have the right to opt out of the disclosure of your Sensitive Personal Information to a third party in the context of behavioral advertising regardless of whether there is an exchange of monetary or other valuable consideration. The CPRA introduces “sensitive personal information” as a subcategory of Personal Information. Sensitive Personal Information includes the following:
- Social security, driver’s license, state identification card, or passport number;
- Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
- Precise geolocation;
- Racial or ethnic origin, religious or philosophical beliefs, or union Membership;
- The contents of a consumer’s mail, e-mail, and text messages unless the business is the intended recipient of the communication;
- A consumer’s genetic data;
- The processing of biometric information for the purpose of uniquely identifying someone such as Personal Information collected and analyzed concerning health and/ or personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
We will not require you to verify your identity prior to honoring your request to limit the use and disclosure of your Sensitive Personal Information. However, the fulfillment of this request is subject to the exceptions outlined in the CCPA. In the case that we cannot fulfill your request due to those exceptions, we will contact you and provide you with an explanation of why we are unable to honor your request.
10.6 The Right to No Retaliation
The CCPA provides consumers with a right to no retaliation when they exercise their privacy rights. This means that We cannot and will not discriminate against you in any of the following ways when you exercise your privacy rights:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through the use of discounts, other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services;
- Suggest that you may receive a different price or rate for goods and services, or a different level/quality of goods and services; and
- Reduce the quality of your experience on the web page, you intend to visit after exercising the right to opt-out.
10.7 The Right to a Private Right of Action
You have the right to a Private Right of Action in the event of a data breach, if the data breach is a result of Our failure to “implement and maintain reasonable security procedures and practices”.
11. THE RIGHT TO OPT- OUT FROM MARKETING
You may receive promotional content from Us periodically via e-mail, mail, or by other means. However, you can always opt out of receiving marketing content from Us.
- To opt out from receiving promotional content via e-mail, please follow the opt-out instructions provided in the e-mail. There is an “unsubscribe” button in the footer of Our marketing e-mails, and you can click on this button to opt out of receiving further marketing e-mails from Us.
- You can also opt out of receiving promotional content whether by e-mail, mail, or by other means by contacting Member Support. This also includes unsubscribing from Our magazine. You can contact Member Support by:
- Calling 1 (800) 922-8228
- E-mailing [email protected]
You may continue to receive promotional content while We process your opt out request. You will also continue receiving transactional content from Us, including communications related to your account, your use of the Services and Sites, and other important notices.
12. EXERCISING YOUR RIGHTS AS A CONSUMER
If you are a California consumer or an AAA Member who is not a California resident, you may make a request to correct, disclose, and delete Personal Information We collected from you.
12.1 Methods For Submitting Requests
You can submit a verifiable consumer request to Us, using one of the following methods:
You may only make a consumer request to exercise your right to know twice within a 12-month period. The subsections below do not apply to your right to opt-out of a sale of your Personal Information. To exercise your right to opt-out of a sale of your Personal Information, please follow the instructions provided in Section 10.4 The Right to Opt Out of the Sale or Sharing of Your Personal Information above.
In addition, only you, or your authorized agent, may make a verifiable consumer request related to your Personal Information.
If you would like to authorize someone to exercise your CCPA rights on your behalf, you must register this person with the California Secretary of State and submit a copy of this registration with your verifiable consumer request to Us.
12.3 Verification of Request
Before We can fulfill your request to correct, disclose, and/or delete your Personal Information, We must verify your identity either through Our Site or by telephone utilizing Our security mechanisms (such as a verification code sent to your e-mail or phone). Depending on the method of communication used by the requestor, We may then require the requestor to provide an online, written or oral declaration under the penalty of perjury to confirm “that you are who you are”.
12.4 Verification Criteria
Our verification process consists of comparing the identifying information you provide to Us during your request with the Personal Information We already have on file for you. In order for a request to be considered verifiable, at least three of the data points must match.
We use a risk-based approach to balance the interests of requestors in exercising their Consumer Privacy Rights with Our interest in preventing access to Personal Information by unauthorized parties and preserving the security and integrity of Our systems. Therefore, We may use additional verification methods in the event that We are unable to reach the degree of certainty required by law. These additional verification methods are based on the outcome of Our standard process, the value or the sensitive nature of the Personal Information involved, and the potential for harm in the case of unauthorized disclosure or deletion
12.5 Processing of Request
If you are a resident of California, We will confirm the receipt of your request within 10 days, unless We have already been able to comply with and respond to your request. If you are an AAA Member who is not a California resident, We will respond to your request as soon as reasonably possible; however, We cannot commit to a specific turnaround time.
We will respond to your request no later than 45 calendar days after We receive it. However, We may deny your request if We cannot verify the request within a 45-day time period. If necessary, We may take up to an additional 45 calendar days to respond to your request, for a maximum of 90 calendar days from the date on which your request is received. If We need additional time to process your request, We will contact you to explain why additional time is needed.
12.6 Opting-In Following an Opt-Out
If you decide to opt back in, after opting out from the sale of your Personal Information, We will use a two-step process to confirm your decision to re opt-in.
Please inform Us of your opt-in decision using any of the methods authorized in Section 12.1 Methods For Submitting Requests and include a valid email address or a phone number capable of receiving text messages with your request. We are required to have you reconfirm your opt-in decision and will use the provided e-mail address or phone number to send you a link for this purpose.
13. TRACKING; THIRD PARTY ANALYTICS PROVIDERS
13.1 “Do Not Track” Disclosure
Certain web browsers may provide a do-not-track (“DNT”) option. You may be able to ask your browser to inform websites that you do not want your activities to be tracked, either with cookies or other persistent identifiers, commonly called “DNT signals.” At this time, We do not honor do-not-track signals; however, We provide an option to opt out from behavioral advertising. Please see Our About Online Advertising page for more information.
13.2 Third Party Analytics Providers
14. LINKS TO OTHER SITES AND OTHER PRIVACY POLICIES
The Sites may contain third-party links, include third-party integrations, or offer a co-branded or third-party-branded services. Through these links, third-party integrations and co-branded or third-party-branded services may be providing your information (including Personal Information) directly to the third party, Us, or both. You acknowledge and agree that We are not responsible for how these third parties collect, share, or use your information. Because We have no control over the privacy practices or content of these linked sites, We recommend that you carefully review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through Our Sites and Services
15. CHILDREN’S PRIVACY
The Sites and the Services are not intended to target individuals under the age of 13 and We do not knowingly collect Personal Information directly from children under the age of 13. If We discover that We have received Personal Information directly from a child under the age of 13, We will delete that Personal Information. If you are a parent or guardian of a child under the age of 13 and believe that We have collected Personal Information directly from your child, you may contact Us using the information provided in Section 12.1 Methods For Submitting Requests above.
We will not sell (and have not sold for the past twelve (12) months) the Personal Information of individuals under 16 years of age if We know that the individual is a minor and We do not have affirmative authorization to do so. Individuals between the ages of 13 and 16 may communicate their affirmative authorization by using the method for opt-in requests described in Section 12.6 Opting-In Following an Opt-Out.
16. PROTECTING YOUR PERSONAL INFORMATION
To protect your Personal Information from unauthorized access and use, We maintain reasonable security procedures and practices appropriate to the nature of the Personal Information you provide to Us and the type of processing activities performed by Us. However, please note that there is always some risk in transmitting information over the Internet. Because the Sites are provided through the Internet, when you use the Sites, your communications may be intercepted by others. For this reason, We cannot guarantee the security and privacy of transmissions via the Internet, and We cannot be responsible or liable for any security issues that may be related to your use of the Sites. You agree that you will not hold Us liable for any damages resulting from any loss of privacy or security occurring in connection with any communications over such networks.
17. HOW TO CONTACT US
- By e-mail to: [email protected]
- By mail to: American Automobile Association of Northern California, Nevada & Utah, Attn: Privacy Requests, 1277 Treat Boulevard, Suite 1000, Walnut Creek, CA 94597
For Member Support services, please contact Us at: 1 (800) 922-8228 or visit [email protected].
18. ADDITIONAL INFORMATION FOR GIG CAR SHARE USERS
This Policy also applies to the operations of Gig Car Share (“Gig”), subject to the supplemental disclosure and point of collection chart found below. This disclosure describes how Gig collects and uses your Personal Information. In addition, it also describes how your Personal Information is stored and situations when your Personal Information might be shared with others.
- Telephone: (800) 464-0889, or,
- E-mail to: [email protected], or,
- Through the Mobile App, by clicking the “Member Support” button.
The information Gig collects:
Under the CCPA, “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.