This privacy policy (“Privacy Policy” or “Policy”) applies to the operations of the American Automobile Association of Northern California, Nevada & Utah, AAA Arizona, Inc., and AAA MountainWest, Inc., including the following businesses: AAA Smart Home and A3 Smart Home¹, A3 Labs LLC, Gig Car Share², AAA House Manager³, AAA Car Subscription⁴, and AAA Identity Champion⁵. For the purposes of this Privacy Policy, these companies are collectively referred to as the “Company,” or “we,” “our,” or “us”.

This Privacy Policy describes how we will collect, use, and share the Personal Information of our members, customers, users or subscribers (collectively, our “Members”), including information related to your use of our websites and mobile applications (each, a “Site,” and collectively, the “Sites”), and your online and offline communications with us by email, over the telephone, or by other means. It also contains important information regarding certain rights that you may have to your Personal Information, including information on how you may request to access your Personal Information, opt out from us selling or disclosing your Personal Information for business purposes to third parties, or delete your Personal Information (collectively, “Consumer Privacy Rights”).

We have adopted this Privacy Policy to address, among other things, the requirements of the California Consumer Privacy Act of 2018 (“CCPA”). Capitalized terms not defined herein such as “Personal Information” or "Service Providers"should be read to have the same meaning as in the CCPA, unless the context requires otherwise. For purposes of this Privacy Policy, Personal Information does not include publicly available information from government records, or de-identified or aggregated information.

In some cases, and as described in this Privacy Policy, we may collect, access or receive Personal Information about you from third-party sources, including cases in which we act as their service providers. In that case, the privacy policy or policies of the third party sources may also apply to your Personal Information and such third parties may be the responsible party for addressing your requests in connection with your Consumer Privacy Rights.  

In order to provide you with our products and services (collectively, the “Services”), we collect certain information from you and your devices. By using the Sites or Services or otherwise engaging with us in any manner, you are consenting to the collection, use, and disclosure of your information in accordance with this Privacy Policy.  

A. Summary

We may collect Personal Information from you directly and by using third-party sources in different ways (“Point(s) of Collection”) and for different purposes, as described further below. The Personal Information about you that we either may collect or may have collected within the prior twelve (12) months is described below. For a comprehensive overview, please see the table in Section VI (“Point of Collection Notice”).

B. Information Collected Directly From You

a.   Information You Provide to Us

We collect from you directly Personal Information in a number of ways. When you use the Sites, we collect from you certain Personal Information you provide to us, such as when you fill out forms, make a purchase or request more information. We also collect from you certain Personal Information you provide to us offline, such as when you provide information to one of our service advisors or sales or customer service representatives over the phone or in person. In addition, if you are a Member or anyone who uses the Services, we may also collect information from you in connection with your use of the Services.

b.   Information Collected from Your Browser or Device

When you visit the Sites, we automatically gather and store (and have automatically collected and stored in the past twelve (12) months) certain information about your visit from your browser or device, such as IP address, geographic information, referral sources, WiFi information, browser type and version, operating system, browser language, and other information relating to your usage of the Sites (“Site Data”). We may collect this information through the use of browser information, log files, web beacons, action tags, unique advertising identifiers, application program interfaces, and other methods.

To the extent we collect or process Site Data that is considered to be a persistent identifier that can be used to identify you, your household, or your device over time and across different services and/or if we use Site Data to gain additional knowledge and insights about you, then we will treat such Site Data as Personal Information under this Privacy Policy.

c. Information Collected Through Cookies

Cookies are small files stored on your device by a website. When you visit the Sites, we use (and have used in the past twelve (12) months) both session cookies (which expire once
you close your web browser) and persistent cookies (which stay on your device until you delete them) to make your experience on our Sites more personal and interactive. For more information regarding cookies, please visit our Cookie Statement. By continuing to use the Sites, you consent to our use of cookies as explained in this Privacy Policy and our Cookie Statement.

Please note that Google and other third parties (including, for example, third parties vendors and service providers that we use in connection with providing you services, advertising networks and providers of external services like web traffic analysis services) may also use cookies as a result of you visiting other websites, over which we have no control.

C. Information Collected from Third Parties

In addition to Personal Information that you provide directly to us, we may also collect and/or may have collected in the past twelve (12) months information about you from third-party sources. When you visit the Sites or use the Services, there may be third parties with whom we conduct business, including any third-party vendors or service providers that we use in connection with providing our Members with the Services that may be collecting your information and sharing it with us.  

You may also affirmatively authorize or direct third parties to provide us with information, such as through third-party software development kits (“SDKs”), “action tags,” pixel tags, among others. Pixel tags (also called beacons or pixels), which are small blocks of code installed on (or called by) a webpage, app, or advertisement that can retrieve certain information about your device and browser. We may use action tags, which are placed in advertisements that are served on our behalf on the Sites and third-party sites to track interaction, on our Sites and our emails. Some of our applications may incorporate SDKs.

We may also collect and/or may have collected in the past twelve (12) months information about you from our affiliates.  More information regarding those third parties may be found on our Cookie Statement and our About Online Advertising disclosures.

We may use your Personal information (including the categories of Personal Information described above) and Site Data (collectively, the “Collected Information”) for the following purposes: 

A. Membership Application and Renewal

We may use your Collected Information to process, maintain, and renew your membership, subscription or account as a Member.

B. Providing You with Services

We may use your Collected Information to provide you with various services, such as:  (1) providing you with the Services and other Member benefits, and 24/7 customer support through our Member support team as described in Section XVI (How to Contact Us) below, (2) facilitating reservations, billing, account management, account maintenance, and any of our reward and recognition programs you may choose to join, and (3) allowing you to utilize features within the Sites by granting us access to certain information on your device (such as geo-location) when you request certain Services.

C. Other Uses in Agreements 

We may also use your Collected Information for the specific uses identified in any agreements you may have with us.

D. Contacting You and Sending You Materials

We may use your Collected Information to contact you and to respond to your requests. We may also use your Collected Information to communicate with you as needed, including through e-mail, text messages or other means, for communications relating to, among others: (1) upcoming travel, (2) changes to our agents or office locations, (3) providing and improving our customer service, and (4) administrative information (e.g., information relating to changes to our terms, conditions, and policies). We may also use your Collected Information to maintain and improve our Services, by, for example, sending e-mails to solicit your feedback and to enroll you in our promotional email programs.

Please note that if you are accessing our Sites and provide your e-mail address to us, you can opt out at any time as indicated in each promotional email. Additionally, if you provide your telephone number, we may use it to initiate an automated or live telephone call from us or a third party, or add your telephone number to a list that our agents may use to contact you. We will only contact you using automated services with your express consent or for the purposes of facilitating a Service that you requested.

E. Marketing

We may, to the extent permitted by law, use your Collected Information to provide you with offers, marketing, and promotional materials on our behalf, or on behalf of the AAA Companies and their and our subsidiaries, partners, or other third parties. For purposes of this Privacy Policy, “AAA Companies” means: (1) the American Automobile Association, Inc.; (2) any entity with “AAA” or “American Automobile Association” in its name or brand, including each AAA auto club; and (3) any entity affiliated with any of the foregoing, including subsidiaries (e.g. A3 Smart Home LP, A3 Labs LLC, A3 Mobility LLC, and A3 P2P LLC) and holding companies (e.g., AAA Club Partners, Inc.).

Should you no longer to wish to receive these marketing or promotional communications, you may opt out as described in Section VIII (Opt-Out from Marketing) below.

F. Conducting and Growing Our Business

We may use your Collected Information to conduct our business, such as conducting data analysis, performing audits, controlling risk, detecting and preventing fraud, and complying with laws, regulations and other legal processes and law enforcement requirements related to our business and obligations.

We may also use your Collected Information to develop new products and services, maintain existing Services, identify usage trends, determine the effectiveness of our promotions campaigns, and operate and expand our business activities. We may also use aggregated and deidentified data, which does not identify you individually, for our business purposes, which may include offering products or services, research, marketing or analyzing market trends, and other purposes consistent with applicable laws. We may use your Collected Information to personalize your experience on the Sites and to improve the security, design, and functionality of our Sites.

G. Confirming Your Identity

We may use your Collected Information to confirm your identity, including in connection with any requests made pursuant to Section XI (C) (Verifying Your Request) below. 

H. DMV Services

Any information we obtain from the Department of Motor Vehicles (“DMV”) in connection with the DMV services is used solely for the purpose of providing the DMV services requested by you. We do not store or disclose such information for any other purpose.

I. Site Data

We may use the Site Data to improve the Sites and to help us understand how users are using the Sites. This information is also collected for statistical analysis, to improve the utility of the Sites, and for other purposes describe in this Privacy Policy.

J. Other Purposes

We may use your information for other purposes specifically disclosed to you at the time we request your information. By providing your information, you consent to all disclosed uses.

K. Security Purposes

We may use your Collected Information to detect security incidents, protect against malicious, deceptive, or illegal activity, and prosecute those responsible for that activity.

We may also use your Collected Information to debug to identify and repair errors that impair existing intended functionality. 

We may share and/or may have shared in the past twelve (12) months your Collected Information with third parties for the following purposes: 

A. AAA Companies and Subsidiaries, and Company Affiliates

We may share and/or may have shared in the past twelve (12) months your Collected Information with AAA Companies, our subsidiaries, and affiliates for the business purposes described in this Privacy Policy.

B. Service Providers

We may share and/or may have shared in the past twelve (12) months your Collected Information with service providers that are providing services to us and acting on our behalf, such as consultants, professional advisers, data analytics providers, and other service providers. Such services being provided by the service providers include: (i) the provision, operation, maintenance, administration, promotion, improvement, and oversight of the Services, the Sites, and Member benefits; (ii) the provision of advertising services; and (iii) the fulfillment of your requests for information or Services.

C. Other Third Parties

We may also share and/or may have shared in the past twelve (12) months your Collected Information with certain other third parties in the following circumstances:

• If you direct us to share your Collected Information with a certain third party;
• If you authorize us to share your Collected Information with a certain third party as part of our provision of Services to you;
• If you authorize us to share your Collected Information with a certain third party as part of fulfilling your request for other services;
• To comply with laws and regulations (including to fulfill our regulatory obligations relating to our business), respond to legal processes (for example, a court order, search warrant, or subpoena) or requests from law enforcement authorities, or otherwise required by law;
• If we believe the Sites and/or the Services are being or have been used in violation of our Terms and Conditions, other agreements with you, applicable law or otherwise in the commission of a crime;
• If we have a good faith belief that there is an emergency that poses a threat to the safety of you or another person;
• If necessary to protect our rights, safety, security, or property or those of third parties, including to enforce our rights against unauthorized access or attempted unauthorized access to our information technology assets or against other inappropriate use of our Sites;
• To prevent or investigate fraud, security, or technical issues or otherwise manage risks;
• To report to credit bureaus if applicable; or,
• To share or transfer your Collected Information for a business deal, such as a proposed or consummated sale, acquisition, transfer, merger, or consolidation of all or part of our organization.

The following table summarizes the information provided above in Sections III - V. In particular, it identifies the categories of data collected at the various Points of Collection at which you may interact directly with us. Similarly, it discloses the instances, when we collect data about you from third parties, and describes by reference to the individual headings of Section IV above the intended business or commercial uses for each category of data. Moreover, it also provides information regarding the categories of third parties with whom we may share your Personal Information.

We may retain your information for the period necessary to fulfill the purposes outlined in this Privacy Policy, including for regulatory, audit or record-keeping purposes.

When your Personal Information is disposed of, we will dispose of your information in a manner that is consistent with this Privacy Policy and applicable legal requirements.

A. Promotional Communications and Magazine Subscriptions

You may receive transactional communications from us, such as communications regarding the Sites or our Services. You may also receive promotional communications from us, such as communications regarding marketing, promotions, and/or other related topics. To contact you, we may use the information you provide to us, including your email, address, fax, or phone number. You may, at any time, opt out of receiving future promotional communications from us by: (1) following the instructions within the promotional communication you received from us, (2) contacting Member Support using the contact information displayed in Section XVI (How to Contact Us). If you receive magazine subscriptions from us, you may also opt out of receiving such magazine subscriptions by contacting Member Support. To learn more about your choices regarding receiving promotional emails, magazine subscriptions or other communications, please contact Member Support (see Section XVI, How to Contact Us) or review our About Online Advertising page.

All requests to receive no longer any promotional communications will be processed in a timely manner. After your request has been processed, you will no longer receive the promotional communications that you opted out from, but you may continue to receive materials while we process your request to unsubscribe. Please note, even if you unsubscribe as described in this Section VIII (Opt-Out from Marketing), you may continue to receive transactional communications from us, including those related to your account, your use of the Services and Sites, and other important notices.

We may have made available some of your Personal Information to third parties in the context of business transactions in which we have received a financial or other kind of benefit in return, for, among other things, making some of your Personal Information available. Transactions of this nature may be considered a “sale” of Personal Information in certain jurisdictions, including California. The categories of Personal Information about you we may have “sold” or disclosed to third parties for a business or commercial purpose in the past twelve (12) months are the following:

Categories of Personal Information about Consumers sold to third parties for a business or commercial purpose in the past twelve (12) months: All categories of Personal Information identified in Column II of the Table set out in Section VI (Point of Collection Notice) collected directly from consumers.

Categories of Personal Information disclosed to third parties for a business or commercial purpose in the past twelve (12) months: All categories of Personal Information identified in Column II of the Table set out in Section VI (Point of Collection Notice) collected directly from consumers.

However, we did not and do not sell the Personal Information of minors under the age of 16 without affirmative authorization. For more information about your right to opt-out from the sale of your personal information, please see Section X (C)(b) (Right to Opt-Out of Sale of Personal Information) below.

A. Consumer Privacy Rights and Rights to Your Personal Information as a Member

We grant Members certain rights with respect to certain types of Personal Information that we may have collected from or about them. Those rights are granted by us as a matter of policy and are independent of your Consumer Privacy Rights under certain state laws such as the CCPA. Whether and to what extent you may have such Consumer Privacy Rights depends, among other things, on where you live. 

B. Your Rights as a Member to Access, Correct, Update and Remove Personal Information

If you are a Member you have the right to access certain information in your account, such as contact and mailing information and any preferences or payment methods you may have shared with us. You may use your online account to access such information or contact Member Support (see Section XVI, How to Contact Us). This will allow you to update and correct your Personal Information on file with us. For example, in case your Personal Information on file with us is inaccurate or incomplete, you may request that we correct. update and/or remove such inaccurate Personal Information. 

We may ask you to verify your identity and to provide other details before we provide access to, update or remove any of your information. Your right to have Personal Information removed is subject to any retention requirements and/or other legal grounds authorizing or requiring us to retain your information.

C. Your Consumer Privacy Rights

If you are a consumer who has an address in California and lives the major portion of the year in California (a “California Consumer”), you may have certain rights with respect to your Personal Information pursuant to the CCPA. For purposes of this Privacy Policy, a California Consumer does not include persons to the extent they are (i) acting as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit or government agency that is doing business with us or (ii) acting as a job applicant to, an employee of, owner of, director of, officer of, medical staff member of, or contractor of Company.

a. Limited Coverage by Consumer Privacy Rights for Certain Members outside California

It is our policy is to treat all Members of our AAA automobile clubs equally. Those automobile clubs are the American Automobile Association of Northern California, Nevada & Utah, AAA Arizona, Inc., and AAA MountainWest, Inc., (collectively, “Auto Club Members”). Therefore, we are extending certain of the Consumer Privacy Rights applicable to California residents also to our Auto Club Members who are not California residents. Members who are not Auto Club Members enjoy Consumer Privacy Rights to the extent they are California Consumers.

b. Right to Opt-Out of Sale of Personal Information

You have the right to opt-out of our sale of your Personal Information. This means that you have the right to direct us not to sell your Personal Information. We will not ask if you would like to opt back in to the sale of your Personal Information for at least twelve (12) months following the date we receive your request; however, you may change your mind during this time and inform us that you are opting back in.

To exercise your right, you may either submit your request by contacting us using the information in Section XI (A) (Exercising Your Consumer Privacy Rights) below or use the Opt-out button displayed on our home page. We will not require you to verify your identity prior to honoring your opt-out request. However, in certain circumstances the law authorizes us to refuse to comply with your request. In such a case, we will contact you and provide you with an explanation of our refusal to act.

You may also use an authorized agent to submit a request to opt-out on your behalf, as long as you provide the authorized agent with written permission to do so and the agent provides such proof to us when it submits your request.

If you change your mind and wish to opt back in to the sale of your Personal Information or if the sale of your Personal Information is required to complete a transaction, please use the Opt-in mechanism described in Section XI (E) (Opting-in Following an Opt-out) below.

c. Right to Know

You have the right to request that we disclose to you in response to a verifiable consumer request (see Section XI (A) below for further details on how to submit a verifiable request) which Personal Information we collect, use, disclose and/or sell from you or about you.

Your right to know encompasses the specific pieces of Personal Information we have collected about you in the past twelve (12) months, the categories of sources from which the Personal Information was collected in the preceding twelve (12) months, the business or commercial purposes for collecting, using or selling the Personal Information in the preceding twelve (12) months, and the categories of third parties to whom we have disclosed the Personal Information for business purposes or sold the same to in the preceding twelve (12) months.

A general list of the categories of Personal Information that we have collected, the categories of sources from which the Personal Information was collected, the business or commercial purposes for collecting the Personal Information, and the categories of third parties with whom we share Personal Information is set forth set forth in Section VI of this Privacy Policy. 

d. Right to Request the Deletion of Your Personal Information

You have the right to request that we delete, subject to certain exceptions provided by law, any Personal Information about you that we have collected from you. We will also direct any service providers to which we provided your information to delete such information from their records. We will comply with your request for deletion if you (i) submit a verifiable request and (ii) the information you are asking us to delete does not fall under any of the following exceptions. Specifically, we are not required to delete your Personal Information if we need that information to:

• Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  
• Debug products to identify and repair errors that impair existing intended functionality;
  
• Ensure the exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
  
• Enable us to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
  
• Use your information solely for internal uses that are reasonably aligned with your expectations based on your relationship with us;
  
• Comply with a legal obligation;
  
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it;
  
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.

e. Right to Non-Discrimination

We will not discriminate against you for exercising any of your rights as a consumer described in this Section. Unless permitted by applicable law in your jurisdiction, which may include the California Consumer Privacy Act (CCPA), we will not:

• Deny you goods or services;
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
• Provide you a different level or quality of goods or services;
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

If you are a California Consumer or an Auto Club Member who is not a California resident, you may exercise your right to know and your right to request deletion of your Personal Information by submitting a verifiable consumer request as described in more detail below. You may only make a consumer request to exercise your right to know twice within a 12-month period. The subsections below do not apply to your right to opt-out of a sale of your Personal Information. To exercise your right to opt-out of a sale of your Personal Information, please follow the instructions provided in Section X(C)(b) (Right to Opt-Out of Sale of Personal Information) above.

A. Ways to Submit a Verifiable Consumer Request

You may communicate your verifiable consumer request to us directly by one of the following methods:

• Online at: https://www.aaa.com/privacy-rights

Only you or an authorized agent (as described below) may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. Making a verifiable consumer request does not require you to create an account with us. 

B. Authorizing an Agent

You may designate an authorized agent to submit your verifiable consumer request on your behalf, so long the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us. If you would like to designate an agent, your agent must register as such with the California Secretary of State and submit a copy of this registration along with your verifiable consumer request to us.

You may communicate a verifiable consumer request as an authorized agent by one of the following methods:

• By telephone to: 1 (844) 973-0727

• By mail to: American Automobile Association of Northern California, Nevada & Utah, Attn.: Privacy Requests, 1277 Treat Boulevard, Suite 1000, Walnut Creek, California 94597.

We may only comply with your consumer request(s) if we can reach the degree of certainty required by law that the person submitting a request is authorized to do so, i.e., that he or she is the consumer whose Personal Information is the subject of a given consumer request or an agent duly authorized by that consumer. We will only use Personal Information provided in a consumer request to verify your identity or authority to make that request.

Following the receipt of a request by a California Consumer or an Auto Club Member who is not California resident to exercise his or her privacy rights, we first authenticate the channel of communication used by the requestor by sending a verification code to the device/email address from which the request originated. Depending on the method of communication used by the requestor, we will then require the requestor to provide an online, written or oral declaration under the penalty of perjury “that you are who you are”. 

As a next step, we will require typically three matching data points based on the requestor’s membership status, our relationship with the consumer, and our transactional history with the consumer to determine whether we consider a request verifiable or not. We use a risk-based approach to balance the interests of requestors in exercising their Consumer Privacy Rights with our interest in preventing the access by unauthorized parties to Personal Information and preserving the security and integrity of our systems. Therefore, we may use additional verification procedures in the event we are unable to reach the degree of certainty required by law based on the outcome of our standard process or based on the value or the sensitive nature of the Personal Information involved and the potential for harm in case of an unauthorized disclosure or deletion.

D. What to Expect After you Submit a Consumer Request

If you are a California Consumer, we will acknowledge the receipt of your request within ten (10) days unless we have already been able to comply with and respond to your request. If you are an Auto Club Member who is not a California resident, we will respond to your request as soon as reasonably possible; however, we cannot commit to a specific turnaround time.

We will endeavor to respond to, or fulfill, a verifiable consumer request submitted by a California Consumer within forty-five (45) days of its receipt. If we need more time (up to forty-five (45) additional days under California law), we will inform any California Consumer making such a request, of the reason and the additional time needed in writing. If you are an Auto Club Member who is not a California resident, we will respond to your request a soon as practicable in the ordinary course of business; however, we cannot promise a specific turn-around time. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. If we cannot fulfill your request, the response we provide will explain the reasons we cannot fulfill your request. In response to a right-to-know request, we will provide you with your Personal Information in a format that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

E. Opting-in Following an Opt-out

If you have opted-out from the sale of your Personal Information and want to again allow us to sell your Personal Information, we will use a two-step process to confirm your decision to opt-in again.

Please inform us of your opt-in decision using any of the methods of communication authorized in Section XI (A) (Ways to Submit a Verifiable Consumer Request) and include a valid e-mail address or a phone number capable of receiving text messages in your request.  We are required to have you reconfirm your opt-in decision and will use this this email address or phone number to send you a link for that purpose.

A. “Do Not Track” Disclosure

Certain web browsers may provide a do-not-track (“DNT”) option. You may be able to ask your browser to inform websites that you not wish your activities to be tracked, either with cookies or other persistent identifiers, commonly called “DNT signals.” At this time, we do not honor do-not-track signals; however, we provide you with the option to opt out from behavioral advertising. Please see our About Online Advertising page for more information.

B.  Third Party Analytics Providers

We work with third party analytics service providers, including Google Analytics, Adobe Analytics, Optimzely, and Tealium (the “Analytics Providers”), to help us better understand how our users use the Sites. Specifically, we use Analytics Providers to learn more about the types of users that visit the Sites and how they use the Sites and to help us improve the Sites. To provide this service, Analytics Providers may collect certain information about you from your computer, including through the use of cookies. Such information may include information regarding your visit (such as the pages you visit and the length of your visit), information about your device (such as your IP address), how you got to the Website, and other information about you.

You can learn more about Google Analytics and how it collects and processes data (including how to control the information sent to Google) by visiting: www.google.com/policies/privacy/partners/. You can opt-out of Google Analytics by using the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout/. 

You can learn more about Adobe Analytics and how it collects and processes data (including how to control the information sent to Adobe) by visiting: https://www.adobe.com/privacy/experience-cloud.html. You can opt-out of Adobe Analytics by visiting https://www.adobe.com/privacy/opt-out.html#customeruse. 

You can learn more about Optimizely and how it collects and processes data (including how to control the information sent to Optimizely) by visiting: https://www.optimizely.com/privacy/. You can learn about how to opt-out of Optimizely by visiting: https://www.optimizely.com/legal/opt-out/. 

You can learn more about Tealium and how it collects and processes data (including how to control the information sent to Tealium) by visiting: https://tealium.com/privacy/. You can update your privacy preferences with Tealium by visiting: https://tealium.com/preferences/. 

The Sites may contain third-party links, include third-party integrations, or offer a co-branded or third-party-branded service. Through these links, third-party integrations, and co-branded or third-party-branded services, you may be providing information (including Personal Information) directly to the third party, us, or both. You acknowledge and agree that we are not responsible for how those third parties collect, share, or use your information. Because we have no control over the privacy practices or content of these linked sites, we recommend that you carefully review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through our Sites and Services

The Sites and the Services are not intended to target individuals under the age of 13 and we do not knowingly collect Personal Information directly from children under the age of 13. If we discover that we have received Personal Information directly from a child under the age of 13, we will delete that information. If you are a parent or guardian of a child under the age of 13 and believe we have collected Personal Information directly from your child, you may contact us using the information provided in Section XVI (How to Contact Us) below to have that information deleted from our records.

We will not sell (and have not sold for the past twelve (12) months the Personal Information of individuals under 16 years of age if we know that the individual is a minor and we do not have affirmative authorization to do so.  Individuals between the ages of 13 and 16 may communicate their affirmative authorization by using the method for opt-in requests described in Section IX (E) (Opting-in Following an Opt-Out).

To protect your Personal Information from unauthorized access and use, we maintain reasonable security procedures and practices appropriate to the nature of the information you provide to us and the type of processing activities performed by us. However, please note that there is always some risk in transmitting information over the Internet. Because the Sites are provided through the Internet, when you use the Sites, your communications may be intercepted by others. For this reason, we cannot guarantee the security and privacy of transmissions via the Internet, and we will not be liable for any lack of security relating to the use of the Sites by you. You agree that you will not hold us liable for any damages resulting from any loss of privacy or security occurring in connection with any communications over such networks.

If you have any questions regarding this Privacy Policy or our privacy practices, or would like more information regarding how to exercise your rights pursuant to Section X (Your Rights to Your Personal Information) and Section VIII (Opt-Out from Marketing) of this Privacy Policy, or would like to obtain a copy of this Privacy Policy in a different format, please contact us using one of the methods provided below:

• By email to: [email protected]

• By mail to: American Automobile Association of Northern California, Nevada & Utah, Attn.: Privacy Requests, 1277 Treat Boulevard, Suite 1000, Walnut Creek, CA 94597

For Member Support services, please contact us at: 1 (800) 922-8228 or by [email protected].com

This Policy also applies to the operations of AAA Car Subscriptions, (“Car Subscriptions”), subject to the supplemental disclosures set out below. Due to the nature of its businesses – Car Subscriptions makes available a motor vehicle forming part of the subscription fleet to subscribers for a given period of time along with certain related services (“Subscription Services”) - Car Subscriptions collects from consumers additional categories of personal information and interacts with consumers at additional Points of Collection compared to those set out in Section VI above. Therefore, the information presented in the below table does not replace but supplements the information made available in Section VI and elsewhere in this Policy.

In addition to accessing your Personal Information as part of exercising your Consumer Privacy Rights described in Section X of this Policy, you may view and correct your account at any time by logging into your Account through our website https://carsubscription.calstate.aaa.com/ or our mobile app. You may also call our subscription support as described below either by:

· Telephone: 1 (800) 360-2228, or,

· Email: [email protected], or,

· Through the mobile app, by clicking the “Contact Us” button.

This Policy also applies to the operations of Gig Car Share (“Gig”), subject to the supplemental disclosures set out below. Due to the nature of its businesses – Gig makes the use of shared motor vehicles available to its active Members (“Gig Services”) - Gig collects from consumers additional categories of personal information and interacts with consumers at additional Points of Collection compared to those set out in Section VI above. Therefore, the information presented in the below table does not replace but supplements the information made available in Section VI and elsewhere in this Policy.

In addition to accessing your Personal Information as part of exercising your Consumer Privacy Rights described in Section X of this Policy, you may correct any errors in your information by contacting Member Support, which will be available 24 hours a day, 7 days a week either by:

· Telephone: (800) 464-0889, or,

· Email to: [email protected], or,

· Through the Mobile App, by clicking the “Member Support” button.

When you register with and use the AAA Identity Champion service, we collect information from you directly when you enroll, automatically when you visit our web pages, and sometimes from third parties. This information includes Personal Information. For instance, we may ask you to provide contact information (your name, phone number, and/or email address), banking and financial information, Social Security Number, and other information about you in order for us to provide you with the Identity Champion service.

We use information we collect for Identity Champion specifically to process your registration, including verifying that your information is current and valid and to allow you to participate in Identity Champion features. We may exchange information about you, including Personal Information, with third party service providers to enable them to perform services on our behalf and for us to provide the Identity Champion services to you, which include:

1. Verifying your identity;
2. Processing your payments; and
3. Monitoring data sources, including national credit bureau reports and web activity, to detect attempted identity theft or similar threats to your data and to provide you with identity monitoring services.

Note that we do not share the information you provide for purposes of registering for Identity Champion, such as banking and financial information, Social Security Number, and other information required for providing the service, with third parties for marketing purposes. We also do not use this information for marketing and advertising purposes. Other Personal Information, such as name, contact information, and AAA Membership number, that was previously provided to us in connection with your AAA Membership and/or that you provided to us for purposes of initiating your Identity Champion registration, will only be used in accordance with this Privacy Policy.

California and Nevada Residents: We do not sell your Personal Information that’s submitted for purposes of providing you with the Identity Champion services. If you are a California Consumer or an Auto Club Member who is not a California resident, please see Section XI (Exercising Your Consumer Privacy Rights) for additional information on exercising your privacy rights.

Data may be collected from devices installed or used in your residence or business for the purpose of providing you with the A3 Smart Home monitoring and alarm services (collectively, “Smart Home Device” or “Device”). Information collected may include:

• Location Information. Information about your location, your personal device location, or the physical location of your Smart Home Devices;
• Audio, Video and Still-image Information. Depending upon how you configure your Smart Home Device, we may collect certain still-images as well as audio and video;
• Smart Home Device Information. Information about motion detection, door and window usage, utility usage, and climate data (including temperature and moisture data);
• Monitoring Information. Information about arming and disarming the Smart Home Device;
• Aggregate Usage Information. Information that helps us track patterns and improve our Devices in order to meet your smart home needs; and
• Biometric Information. Information about your physical characteristics that helps us identify you, including facial recognition.

We may use Device Data to do any or all of the following:

• provide you with our Services;
• facilitate your interactions and transactions with us;
• respond to your requests, communications, suggestions, comments, inquiries, and requests (including your feedback about our Devices and Services);
• provide you with relevant notifications;
• administer our relationship with you, including managing your account;
• maintain and improve our Devices and Services, including measuring our performance;
• develop new products, features, and services;
• better understand the preferences of our customers;
• facilitate your participation in our surveys and promotions;
• respond to legally binding requests from law enforcement, regulatory authorities, or other third parties;
• defend, protect or enforce our rights or applicable terms of service or to fulfill our legal or contractual obligations;
• to prevent fraud or the recurrence of fraud;
• assist in the event of an emergency;
• comply with applicable law; or
• any other purposes specifically disclosed to you at the time we request, and you provide, the information.

We may also combine Device Data with other Personal Information collected from your use of our Services and develop a customer profile that will be used for the purposes above.

Camera-Enabled Services. If you enable smart monitoring camera-enabled services, we may record, stream, store, or process video and/or recordings pursuant to your account instructions and camera-enabled device configuration settings (visit https://a3smarthome.com/installation/indoor-hdr-camera for more information on using and enabling your smart monitoring camera). If you enable the recording features during your subscription term, we will capture, process and retain video and audio data recordings from the Device pursuant to your settings or until the storage limit is reached (older videos will be deleted once the storage limit is reached) and you will be able to access those recordings during that time.

Identity Verification. We may use the Device Data to verify your identity or the identity of other persons. If you choose to upload the photos and identity of other persons to the Smart Home Device, we will process this information for the purpose of enabling the Smart Home Device to recognize familiar faces and to notify you of both familiar and unknown people. Using the mobile application and your account, you control whether this biometric processing and analysis occurs. Only upload photos of individuals who have consented to have their information used in accordance with this Privacy Policy.

We may retain Device Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, including, but not limited to, regulatory, audit, or record-keeping purposes.

Finally, we may use Device Data to create anonymized and aggregated information that does not personally identify an individual (“non-personal information"). We may use non-personal information for any legitimate business purpose.

Except as disclosed in this Privacy Policy, we do not share Device Data with any companies other than our partners and affiliates and their directors, officers, employees, agents, consultants, advisors or other representatives.

We may share Device Data with our third party service providers, suppliers, vendors, and business partners to help us in the operation, management, improvement, research and analysis of our Devices and/or Services, and to comply with your directions or any consent you have provided us.

We may share Device Data with law enforcement and regulatory authorities or other third parties as required or permitted by law for the purpose of:

• responding to a subpoena, court order, or other legal processes;
• preventing or investigating fraud, security, or technical issues or otherwise manage risks;
• defending, protecting, or enforcing our rights, safety, security, or property;
• reporting to credit bureaus (if applicable);
• assisting in the event of an emergency; and
• complying with applicable law.

From time to time, we may update this Privacy Policy, including at least once annually. If we do, we will note near the top of this page the date that any changes are made and/or when they become effective. If the changes being made are material, we may alert you to the changes in a more prominent way. Your inaction or continued use of the Sites or Services, or your provision of Personal Information to us after any such notices, will tell us that you agree to these changes.