1. INTRODUCTION
Thank you for using Our services. We understand that when you use Our services, you’re trusting Us with your Personal Information. The security of your Personal Information is very important to Us and We are committed to protecting your privacy. This Privacy Policy describes the Personal Information We collect and why We collect it. It also explains the options available to you regarding Our use of your Personal Information and how you can exercise your privacy rights regarding this information.
2. SCOPE
This Privacy Policy applies to the operations of: 1) The American Automobile Association (“AAA”) of Northern California, Nevada & Utah, AAA Arizona, Inc., and AAA Mountain West, Inc. (“collectively “AAA NCNU”); and 2) AAA NCNU affiliated companies such as AAA Smart Home and A3 Smart Home, A3 Labs LLC, Gig Car Share, AAA House Manager, and AAA Identity Champion (collectively referred to as the “Company,” or “AAA NCNU Companies”, “We,” “Our,” or “Us”).
This Privacy Policy covers Our websites and their subdomains (collectively, the “Website” or “Site”), and all portals, applications, products, services, events, and interactive features, or other services We provide that post a link to this Privacy Policy. This Privacy Policy also applies to Personal Information We collect from you offline such as Personal Information collected at Our branches, via e-mail, via phone or by other means.
Capitalized terms used but not otherwise defined in this policy should be read to have the same meaning as how the term is defined in the California Consumer Privacy Act (“CCPA”), unless the context requires otherwise.
In some cases, and as described in this Privacy Policy, We may collect, access or receive Personal Information about you from third-party sources, including cases in which We act as their service providers. In these cases, the privacy policy or policies of the third party sources may also apply to your Personal Information and such third parties may be the responsible party for addressing your requests in connection with your consumer privacy rights.
3. CONSENT
In order to provide you with Our products and services (collectively, the “Services”), We collect certain Personal Information from you and your devices. By using the Sites or Services or otherwise engaging with Us in any manner, you are consenting to the collection, use, and disclosure of your Personal Information in accordance with this Privacy Policy. If you do not consent to this Privacy Policy, please do not use the Sites or Services.
4. WHAT INFORMATION DO WE COLLECT?
We may collect the following categories of Personal Information from you and/or about you when you visit Our Websites, applications, or otherwise interact with Us. The categories of Personal Information that We have collected, disclosed for a business or commercial purpose or sold over the past twelve (12) months is outlined below.
4.1 Information You Provide To Us
We collect your Personal Information directly from you when you apply for a AAA Membership, subscribe to Our Services, purchase Our Services, or otherwise provide Personal Information directly to Us. The following are examples of Personal Information that We may collect directly from you:
Identifying Personal Information
- Full Name;
- Contact Information (e-mail address, telephone number, mailing address etc.);
- Account Username and Password;
- Age and Date of Birth;
- Social Security Number;
- Vehicle Identification Information (VIN, vehicle make and model, driver’s license number, license plate information, vehicle registration);
- Geolocation (is collected with your consent, such as when searching for nearby gas stations on Our app); and
- Financial Information (billing name and address, bank and bank account information including routing and account numbers, credit card information, and credit history).
4.2 Information We Collect About You Automatically
We collect your Personal Information indirectly from you when you visit the Site. This information is collected via cookies, log files, and web beacons. The information collected automatically may include the following:
- IP address;
- Device information such as browser type and operating system;
- Browsing history;
- Date and time of your Site visit;
- Information regarding your interaction with Our Site, including the pages accessed and links clicked;
- Inferences about interests and preferences based on analysis of browsing habits and other predictive techniques ; and
- Commercial information including records of products and services viewed or purchased.
4.3 Information We Collect About You From Third Parties
In addition, We may collect and/or may have collected Personal Information about you from third-parties in the past twelve (12) months. For example, when you visit Our Site or use Our Services, Our third-party service providers, can collect information about your visit and share that information with Us. The information that We may collect about you from third parties may include the Personal Information listed above.
This Personal Information can be collected when you visit Our Site. In addition, you may also affirmatively authorize or direct third parties to provide Us with Personal Information through the use of different technologies such as the following:
- Cookies, which are small files stored on your device from the website you are visiting. This includes session cookies which are temporary cookies that are erased when you close your browser and persistent cookies which are used to customize your experience on a website and remain on your device until you delete them. For more information about cookies, including how to manage and delete cookies on your browser, please review Our Cookie Statement. By continuing to use the Sites, you consent to Our use of cookies as explained in this Privacy Policy and Our Cookie Statement.
- Third-party Software Development Kits (“SDKs”) which may be used by some of Our applications to increase functionality.
- Action Tags, such as beacons or pixels, which are tiny images that may be embedded within web pages and e-mails that give Us information about your device and Site activity. We may use action tags to track the effectiveness of advertisements on Our Site and advertisements placed on Our behalf by third party sites as well.
5. HOW DO WE USE YOUR PERSONAL INFORMATION?
We may use your Personal Information (including the categories of Personal Information described above) and Site Data (collectively, the “Collected Information”) for the following purposes:
5.1 Membership Application and Renewal
When you apply to become a Member of AAA, We collect your Personal Information to process your application. Afterwards, your Personal Information may be used to maintain, and renew your Membership, subscription, or account as a Member.
5.2 Providing You With Services
We may use the Personal Information We collect to provide you with various services, such as the following:
- To provide you with Our Services and other Member benefits, including 24/7 Member support through Our Member support team as described in Section 17 (How to Contact Us) below.
- Facilitating reservations, billing, account management, account maintenance, and any of Our reward and recognition programs you may choose to join.
- To provide you with Our Site features, such as when you grant Us access to certain information on your device (such as geo-location) when you request certain Services.
5.3 Communicating With You and Sending You Materials
We may use the Personal Information We collect to contact you and to respond to your requests. We may also use your Personal Information to communicate with you as needed, including by e-mail, mail, phone call, mobile alerts, and SMS text messaging. The purpose for this communication may include, but is not limited to:
- Upcoming travel notifications;
- Notifications regarding changes to Our agents or office locations;
- Providing and improving Our customer service; and
- Administrative information (e.g., information relating to changes to Our terms, conditions, and policies).
We may also use your collected Personal Information to maintain and improve Our Services, by, for example, sending e-mails to solicit your feedback and to enroll you in Our promotional e-mail programs. Mobile opt-in data will not be shared with any third parties or affiliates. Sharing excludes text messaging originator opt-in data and consent.
5.4 Marketing
We may, to the extent permitted by law, use your Personal Information to market products and services on Our behalf, or on behalf of the AAA companies, including subsidiaries, partners, and/or other third parties.
Should you no longer wish to receive these marketing or promotional communications, you may opt out as described in Section 11 (The Right to Opt-Out From Marketing) below.
5.5 Conducting and Growing Our Business
We may use your Personal Information for one or more of the following business purposes:
- To provide a product or service that you have requested, to complete the transaction for which the Personal Information was collected, to perform a contract that you are involved in, including fulfilling the terms of a written warranty, or otherwise performing a contract between you and Us.
- To help ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes.
- To debug, to identify, and to repair errors that impair existing intended functionality of the requested service.
- To exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
- To comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- To engage in public or peer-reviewed scientific, historical, and/or statistical research that conforms or adheres to all other applicable ethics and privacy laws, with your informed consent.
- To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Us and compatible with the context in which you provided the Personal Information.
- To comply with a legal obligation.
5.6 Confirming Your Identity
We may use your collected Personal Information to confirm your identity, including in connection with any requests made pursuant to Section 12 (Exercising Your Rights As a Consumer) listed below.
5.7 DMV Services
Any Personal Information We obtain from the Department of Motor Vehicles (“DMV”) in connection with the DMV services is used solely for the purpose of providing the DMV services requested by you. We do not store or disclose such Personal Information for any other purpose.
5.8 Site Data
We may use the Site Data to improve the Sites and to help Us understand how users are using the Sites. This information is also collected for statistical analysis, to improve the utility of the Sites, and for other purposes described in this Privacy Policy.
5.9 Security Purposes
We may use your collected Personal Information to detect security incidents, protect against malicious, deceptive, or illegal activity, and prosecute those responsible for that activity.
We may also use your collected Personal Information to debug, to identify, and repair errors that impair existing intended functionality.
5.10 Other Uses In Agreements
We may also use your collected Personal Information for the specific uses identified in any agreements you may have with Us.
5.11 Other Purposes
We may use your Personal Information for other purposes specifically disclosed to you at the time We request your Personal Information. By providing your Personal Information, you consent to all disclosed uses.
5.12 Point of Collection Notice
If you would like to view a summary of the Personal Information provided in the sections above, please view Appendix I - Point of Collection Chart, Main. It identifies the categories of data collected at the various Points of Collection at which you may interact directly with Us. Similarly, it discloses the instances when We collect data about you from third parties, describes by reference to the individual headings of this Section 5, and the intended business or commercial uses for each category of data. Moreover, it also provides information regarding the categories of third parties with whom We may share your Personal Information.
6. WHY WE SHARE YOUR INFORMATION
The Personal Information We collect about you will only be shared as permitted or required by law.
If you are a current or former Member, most of the Personal Information We have collected about you is maintained in your Membership records. This Personal Information is used to process and service your Membership.
The following are some examples of how We may share and/or may have shared your Personal Information in the past (12) months:
6.1 AAA Companies and Subsidiaries, and Company Affiliates
We may share and/or may have shared in the past twelve (12) months your Personal Information with AAA NCNU Companies, Our subsidiaries, and affiliates for the business purposes described in this Privacy Policy.
6.2 Service Providers
We may share and/or may have shared in the past twelve (12) months your Personal Information with Service Providers that are providing services to Us and acting on Our behalf, such as consultants, professional advisers, data analytics providers, and other service providers. Such services being provided by the service providers include:
- The provision, operation, maintenance, administration, promotion, improvement, and oversight of the Services, the Sites, and Member benefits;
- The provision of advertising services; and
- The fulfillment of your requests for Personal Information or Services.
6.3 Other Third Parties
We may also share and/or may have shared in the past twelve (12) months your collected Personal Information with certain other third parties in the following circumstances:
- If you direct Us to share your Personal Information with a certain third party.
- If you authorize Us to share your Personal Information with a certain third party as part of Our provision of Services to you.
- If you authorize Us to share your Personal Information with a certain third party as part of fulfilling your request for other services.
- To comply with laws and regulations (including to fulfill Our regulatory obligations relating to Our business), respond to legal processes (for example, a court order, search warrant, or subpoena) or requests from law enforcement authorities, or otherwise required by law.
- If We believe the Sites and/or the Services are being or have been used in violation of Our Terms and Conditions, other agreements with you, applicable law or otherwise in the commission of a crime.
- If We have a good faith belief that there is an emergency that poses a threat to the safety of you or another person;
- If necessary to protect Our rights, safety, security, or property or those of third parties, including to enforce Our rights against unauthorized access or attempted unauthorized access to Our information technology assets or against other inappropriate use of Our Sites.
- To prevent or investigate fraud, security, or technical issues or otherwise manage risks.
- To report to credit bureaus if applicable.
- To share or transfer your collected Personal Information for a business deal, such as a proposed or consummated sale, acquisition, transfer, merger, or consolidation of all or part of Our organization.
7. WHY WE MAY “SELL” YOUR INFORMATION TO THIRD PARTIES
Under the CCPA, a “sale” is considered a situation where We share Personal Information with third parties in exchange for money or valuable consideration. Given this definition, We may sell or may have sold your Personal Information to third parties in the past (12) months in exchange for financial benefits or other valuable consideration.
The following are categories of Personal Information that We may have sold in the past twelve (12) months:
- Personal identifiers and contact information;
- Commercial information;
- Internet or other activity information; and
- Inferences resulting from information referenced under the categories listed above.
8. DATA RETENTION
We may retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy, including for regulatory, audit or record-keeping purposes.
When your Personal Information is disposed of, We will dispose of your Personal Information in a manner that is consistent with this Privacy Policy and applicable legal requirements.
9. YOUR RIGHTS AS A MEMBER
If you are one of Our Members, you are entitled to certain rights. These rights include the following:
- The right to access certain information in your account, such as contact and mailing information and any preferences or payment methods you may have shared with Us.
- The right to correct and/or update your Personal Information.
You can access, update, and correct your Personal Information by:
- Logging on to your account; or
- Contacting Member support.
We may ask you to verify your identity and to provide other details before We provide access to, update, and/or remove any of your Personal Information. Your right to have Personal Information removed is subject to any retention requirements and/or other legal grounds authorizing or requiring Us to retain your Personal Information.
10. YOUR RIGHTS AS A CONSUMER
Under the California Privacy Rights Act (“CPRA”) which amended the CCPA, California residents have certain rights with regards to their Personal Information. In appreciation of your valued business, We have expanded these privacy protection rights to all of Our Members, regardless of where they live. The following are the privacy rights available to you under the CCPA and CPRA:
10.1 The Right To Know
You have the right to request that We disclose what type of Personal Information We have collected about you, the purpose for collecting that information, and whether We have shared that information with any third party and for what purpose. The fulfillment of this request is subject to Us receiving a verifiable request (See Section 12, Exercising Your Rights As A Consumer)
10.2 The Right To Delete
You have the right to request that We delete the Personal Information that We have collected from you. The fulfillment of this request is subject to Us receiving a verifiable request from you (See Section 12, Exercising Your Rights As A Consumer) and it is also subject to the deletion exceptions listed below:
- To provide a product or service specifically requested by a consumer, to complete the transaction for which the personal information was collected, to perform a contract to which a consumer is party, including fulfilling the terms of a written warranty, or otherwise perform a contract between the business and the consumer.
- To help ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
- To debug, to identify and repair errors that impair existing intended functionality.
- To exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- To engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the business’ deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if the consumer has provided informed consent.
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer's relationship with the business and compatible with the context in which the consumer provided the information.
- To comply with a legal obligation.
10.3 The Right to Correct
In the situation that you exercise your right to know what Personal Information We have collected about you and discover that the Personal Information We have about you is incorrect, you can submit a request for Us to correct that information. We will use commercially reasonable efforts to correct the Personal Information.
10.4 The Right to Opt Out of the Sale or Sharing of Your Personal Information
You have the right to request to opt out of the sale or sharing of your Personal Information. If you opt-out of the sale of your Personal Information, We will not ask if you would like to opt back in to the sale of your Personal Information for at least twelve (12) months following the date We receive your request; however, you may change your mind during this time and inform Us in writing that you are opting back in.
To exercise your right to opt out of the sale or sharing of your Personal Information, you can use the Opt-Out button displayed on Our home page. You can also submit your request online at https://www.aaa.com/privacy-rights or over the phone at 1 (844) 973-0727.
We will not require you to verify your identity prior to honoring your opt-out request. However, in certain circumstances the law authorizes Us to refuse to comply with your request. In such a case, We will provide an explanation of why are unable to honor your request.
You may also use an authorized agent to submit a request to opt-out on your behalf, as long as you provide the authorized agent with written permission to do so and the agent provides such proof to Us when the agent submits your request.
If you change your mind and wish to opt back in to the sale of your Personal Information or if the sale of your Personal Information is required to complete a transaction, please use the opt-in mechanism described in 12.6 Opting-In Following an Opt-Out below.
10.5 The Right to Limit Use and Disclosure of Sensitive Personal Information:
You have the right to limit the sharing of your Sensitive Personal Information. Specifically, you have the right to opt out of the disclosure of your Sensitive Personal Information to a third party in the context of behavioral advertising regardless of whether there is an exchange of monetary or other valuable consideration. The CPRA introduces “sensitive personal information” as a subcategory of Personal Information. Sensitive Personal Information includes the following:
- Social security, driver’s license, state identification card, or passport number;
- Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
- Precise geolocation;
- Racial or ethnic origin, religious or philosophical beliefs, or union Membership;
- The contents of a consumer’s mail, e-mail, and text messages unless the business is the intended recipient of the communication;
- A consumer’s genetic data;
- The processing of biometric information for the purpose of uniquely identifying someone such as Personal Information collected and analyzed concerning health and/ or personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
We will not require you to verify your identity prior to honoring your request to limit the use and disclosure of your Sensitive Personal Information. However, the fulfillment of this request is subject to the exceptions outlined in the CCPA. In the case that we cannot fulfill your request due to those exceptions, we will contact you and provide you with an explanation of why we are unable to honor your request.
10.6 The Right to No Retaliation
The CCPA provides consumers with a right to no retaliation when they exercise their privacy rights. This means that We cannot and will not discriminate against you in any of the following ways when you exercise your privacy rights:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through the use of discounts, other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services;
- Suggest that you may receive a different price or rate for goods and services, or a different level/quality of goods and services; and
- Reduce the quality of your experience on the web page, you intend to visit after exercising the right to opt-out.
10.7 The Right to a Private Right of Action
You have the right to a Private Right of Action in the event of a data breach, if the data breach is a result of Our failure to “implement and maintain reasonable security procedures and practices”.
11. THE RIGHT TO OPT- OUT FROM MARKETING
You may receive promotional content from Us periodically via e-mail, mail, or by other means. However, you can always opt out of receiving marketing content from Us.
- To opt out from receiving promotional content via e-mail, please follow the opt-out instructions provided in the e-mail. There is an “unsubscribe” button in the footer of Our marketing e-mails, and you can click on this button to opt out of receiving further marketing e-mails from Us.
- You can also opt out of receiving promotional content whether by e-mail, mail, or by other means by contacting Member Support. This also includes unsubscribing from Our magazine. You can contact Member Support by:
- Calling 1 (800) 922-8228
- E-mailing [email protected]
You may continue to receive promotional content while We process your opt out request. You will also continue receiving transactional content from Us, including communications related to your account, your use of the Services and Sites, and other important notices.
12. EXERCISING YOUR RIGHTS AS A CONSUMER
If you are a California consumer or an AAA Member who is not a California resident, you may make a request to correct, disclose, and delete Personal Information We collected from you.
12.1 Methods For Submitting Requests
You can submit a verifiable consumer request to Us, using one of the following methods:
- Calling (844) 973-0727; or
- Visiting /privacy-rights
12.2 Limitations
You may only make a consumer request to exercise your right to know twice within a 12-month period. The subsections below do not apply to your right to opt-out of a sale of your Personal Information. To exercise your right to opt-out of a sale of your Personal Information, please follow the instructions provided in Section 10.4 The Right to Opt Out of the Sale or Sharing of Your Personal Information above.
In addition, only you, or your authorized agent, may make a verifiable consumer request related to your Personal Information.
If you would like to authorize someone to exercise your CCPA rights on your behalf, you must register this person with the California Secretary of State and submit a copy of this registration with your verifiable consumer request to Us.
12.3 Verification of Request
Before We can fulfill your request to correct, disclose, and/or delete your Personal Information, We must verify your identity either through Our Site or by telephone utilizing Our security mechanisms (such as a verification code sent to your e-mail or phone). Depending on the method of communication used by the requestor, We may then require the requestor to provide an online, written or oral declaration under the penalty of perjury to confirm “that you are who you are”.
12.4 Verification Criteria
Our verification process consists of comparing the identifying information you provide to Us during your request with the Personal Information We already have on file for you. In order for a request to be considered verifiable, at least three of the data points must match.
We use a risk-based approach to balance the interests of requestors in exercising their Consumer Privacy Rights with Our interest in preventing access to Personal Information by unauthorized parties and preserving the security and integrity of Our systems. Therefore, We may use additional verification methods in the event that We are unable to reach the degree of certainty required by law. These additional verification methods are based on the outcome of Our standard process, the value or the sensitive nature of the Personal Information involved, and the potential for harm in the case of unauthorized disclosure or deletion
12.5 Processing of Request
If you are a resident of California, We will confirm the receipt of your request within 10 days, unless We have already been able to comply with and respond to your request. If you are an AAA Member who is not a California resident, We will respond to your request as soon as reasonably possible; however, We cannot commit to a specific turnaround time.
We will respond to your request no later than 45 calendar days after We receive it. However, We may deny your request if We cannot verify the request within a 45-day time period. If necessary, We may take up to an additional 45 calendar days to respond to your request, for a maximum of 90 calendar days from the date on which your request is received. If We need additional time to process your request, We will contact you to explain why additional time is needed.
12.6 Opting-In Following an Opt-Out
If you decide to opt back in, after opting out from the sale of your Personal Information, We will use a two-step process to confirm your decision to re opt-in.
Please inform Us of your opt-in decision using any of the methods authorized in Section 12.1 Methods For Submitting Requests and include a valid email address or a phone number capable of receiving text messages with your request. We are required to have you reconfirm your opt-in decision and will use the provided e-mail address or phone number to send you a link for this purpose.
13. TRACKING; THIRD PARTY ANALYTICS PROVIDERS
13.1 “Do Not Track” Disclosure
Certain web browsers may provide a do-not-track (“DNT”) option. You may be able to ask your browser to inform websites that you do not want your activities to be tracked, either with cookies or other persistent identifiers, commonly called “DNT signals.” At this time, We do not honor do-not-track signals; however, We provide an option to opt out from behavioral advertising. Please see Our About Online Advertising page for more information.
13.2 Third Party Analytics Providers
We work with third party analytics service providers, including Google Analytics, Optimzely, and Tealium (the “Analytics Providers”), to help Us better understand how Our users use the Sites. Specifically, We use Analytics Providers to learn more about the types of users that visit the Sites and how they use the Sites and to help Us improve the Sites. To provide this service, Analytics Providers may collect certain information about you from your computer, including through the use of cookies. Such information may include information regarding your visit (such as the pages you visit and the length of your visit), information about your device (such as your IP address), how you got to the Website, and other information about you.
- You can learn more about Google Analytics and how it collects and processes data (including how to control the information sent to Google) by visiting: www.google.com/policies/privacy/partners/.
- You can opt-out of Google Analytics by using the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout/.
- You can learn more about Optimizely and how it collects and processes data (including how to control the information sent to Optimizely) by visiting: https://www.optimizely.com/privacy/. You can learn about how to opt-out of Optimizely by visiting: https://www.optimizely.com/legal/opt-out/.
- You can learn more about Tealium and how it collects and processes data (including how to control the information sent to Tealium) by visiting: https://tealium.com/privacy/. You can update your privacy preferences with Tealium by visiting: https://tealium.com/preferences/.
14. LINKS TO OTHER SITES AND OTHER PRIVACY POLICIES
The Sites may contain third-party links, include third-party integrations, or offer a co-branded or third-party-branded services. Through these links, third-party integrations and co-branded or third-party-branded services may be providing your information (including Personal Information) directly to the third party, Us, or both. You acknowledge and agree that We are not responsible for how these third parties collect, share, or use your information. Because We have no control over the privacy practices or content of these linked sites, We recommend that you carefully review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through Our Sites and Services
15. CHILDREN’S PRIVACY
The Sites and the Services are not intended to target individuals under the age of 13 and We do not knowingly collect Personal Information directly from children under the age of 13. If We discover that We have received Personal Information directly from a child under the age of 13, We will delete that Personal Information. If you are a parent or guardian of a child under the age of 13 and believe that We have collected Personal Information directly from your child, you may contact Us using the information provided in Section 12.1 Methods For Submitting Requests above.
We will not sell (and have not sold for the past twelve (12) months) the Personal Information of individuals under 16 years of age if We know that the individual is a minor and We do not have affirmative authorization to do so. Individuals between the ages of 13 and 16 may communicate their affirmative authorization by using the method for opt-in requests described in Section 12.6 Opting-In Following an Opt-Out.
16. PROTECTING YOUR PERSONAL INFORMATION
To protect your Personal Information from unauthorized access and use, We maintain reasonable security procedures and practices appropriate to the nature of the Personal Information you provide to Us and the type of processing activities performed by Us. However, please note that there is always some risk in transmitting information over the Internet. Because the Sites are provided through the Internet, when you use the Sites, your communications may be intercepted by others. For this reason, We cannot guarantee the security and privacy of transmissions via the Internet, and We cannot be responsible or liable for any security issues that may be related to your use of the Sites. You agree that you will not hold Us liable for any damages resulting from any loss of privacy or security occurring in connection with any communications over such networks.
17. HOW TO CONTACT US
If you have any questions or comments about Our privacy policies and practices, or would like more information regarding how to exercise your rights as described in this Privacy Policy, or would like to obtain a copy of this Privacy Policy in a different format, please contact Us using one of the methods provided below:
- By e-mail to: [email protected]
- By mail to: American Automobile Association of Northern California, Nevada & Utah, Attn: Privacy Requests, 1277 Treat Boulevard, Suite 1000, Walnut Creek, CA 94597
For Member Support services, please contact Us at: 1 (800) 922-8228 or visit [email protected].
18. ADDITIONAL INFORMATION FOR GIG CAR SHARE USERS
This Policy also applies to the operations of Gig Car Share (“Gig”), subject to the supplemental disclosure and point of collection chart found below. This disclosure describes how Gig collects and uses your Personal Information. In addition, it also describes how your Personal Information is stored and situations when your Personal Information might be shared with others.
In addition to accessing your Personal Information as part of exercising your Consumer Privacy Rights described in Section 12 of the Privacy Policy, you may correct any errors in your information by contacting Member Support, which will be available 24 hours a day, 7 days a week by:
- Telephone: (800) 464-0889, or,
- E-mail to: [email protected], or,
- Through the Mobile App, by clicking the “Member Support” button.
The information Gig collects:
Under the CCPA, “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Given this definition, the chart below describes how and when Gig collects your Personal Information. Please keep in mind, the information presented below does not replace but supplements the information made available elsewhere the Privacy Policy.
Table 1 - Gig Point of Collection Chart
Online Sign-Up for Using Gig Services
Categories of Personal Information Collected | Business or Commercial Purpose of Intended Use ( as described in detail in section 5 above) | Categories of Sources from which Personal Information has been Collected | Categories of Third Parties with which Personal Information has been shared |
|---|---|---|---|
Identifying Information, such as First and Last Name, Date of Birth, phone number (s), email address, address, driver's license information, physical characteristics ( found on the DL), credit/ debit card information,AAA Membership Number (Optional) | Please see the following sections:
| Directly obtained from consumers |
|
Protected Classification Characteristics, such as age and gender | Please see the following sections:
| Directly obtained from consumers | We do not share those categories of Personal Information with other entities |
Information affecting licensing status contained in motor vehicle records, including:
| Please see the following sections:
|
| We do not share those categories of Personal Information with other entities |
Information required to comply with any federal, state, or local law including:
| Please see the following sections:
| Directly obtained from consumers | We do not share those categories of Personal Information with other entities |
Interaction with Motor Vehicles made available by Gig
Categories of Personal Information Collected | Business or Commercial Purpose of Intended Use ( as described in detail in section 5 above) | Categories of Sources from which Personal Information has been Collected | Categories of Third Parties with which Personal Information has been shared |
|---|---|---|---|
| Please see the following sections:
| Obtained from GPS and other electronic surveillance services | Service Providers used for providing the Gig Services |
Electronic, audio, visual, and thermal data collected through electronic surveillance, such as
| Please see the following sections:
| GPS and other digital information services | Service Providers used for providing the Gig Services |
19. ADDITIONAL INFORMATION FOR CAR BUYING USERS
Our car buying service allows users to purchase their new or used vehicles from the convenience of their own home. The summary outlined below tells you what kind of information is collected from you when you use Our car buying service. Please keep in mind, this disclosure is meant to supplement our Privacy Policy. You should read the entire privacy policy for full details.
As part of the initial process we may collect the following information from you:
- First and Last Name
- Zip/Postal Code
- Phone Number
- E-mail address
The initial information is used to help you find the vehicle you’re looking for. If you decide to move forward with the car buying process, we may collect additional information from you such as the information outlined below:
Driver's license information (front and back of the Driver’s license card)
- The driver’s license would contain your first and last name
- Birth date
- Address
- And your physical characteristics (height, weight, eye color, etc.)
Proof of Car Insurance (Your car insurance card)
- Your car insurance card would contain your policy number
- Insured's name and contact information
- Vehicle information: year, make, and Vehicle Identification Number (VIN)
If you decide to purchase a vehicle and finance it with us, we may collect the following additional information from you and your cosigner if applicable:
- Social Security Number (SSN)
- Residential Status
- Previous address (if applicable)
Employment information including:
- Employment type (e.g. employed, self- employed)
- Salary
- Other Income sources
- Occupation
- Length of Employment
- Previous Employment information
- We may pull Credit Report/s to determine creditworthiness
- Signature
20. ADDITIONAL INFORMATION FOR AAA IDENTITY CHAMPION USERS
When you register with and use the AAA Identity Champion service, We collect information from you directly when you enroll, automatically when you visit Our web pages, and sometimes from third parties. This information includes Personal Information. For instance, We may ask you to provide contact information (your name, phone number, and/or e-mail address), banking and financial information, Social Security Number, and other information about you in order for Us to provide you with the Identity Champion service.
We use information We collect for Identity Champion specifically to process your registration, including verifying that your information is current and valid and to allow you to participate in Identity Champion features. We may exchange information about you, including Personal Information, with third party service providers to enable them to perform services on Our behalf and for Us to provide the Identity Champion services to you, which include:
- Verifying your identity;
- Processing your payments; and
- Monitoring data sources, including national credit bureau reports and web activity, to detect attempted identity theft or similar threats to your data and to provide you with identity monitoring services.
Note that We do not share the information you provide for purposes of registering for Identity Champion, such as banking and financial information, Social Security Number, and other information required for providing the service, with third parties for marketing purposes. We also do not use this information for marketing and advertising purposes. Other Personal Information, such as name, contact information, and AAA Membership Number, that was previously provided to Us in connection with your AAA Membership and/or that you provided to Us for purposes of initiating your Identity Champion registration, will only be used in accordance with this Privacy Policy.
California and Nevada Residents: We do not sell your Personal Information that’s submitted for purposes of providing you with the Identity Champion services. If you are a California Consumer or an AAA Member who is not a California resident, please see Section 12 (Exercising Your Consumer Privacy Rights) for additional information on exercising your privacy rights.
21. SMART HOME DEVICE PRIVACY POLICY
Data may be collected from devices installed or used in your residence or business for the purpose of providing you with the A3 Smart Home monitoring and alarm services (collectively, “Smart Home Device” or “Device”). Information collected may include:
- Location Information. Information about your location, your personal device location, or the physical location of your Smart Home Devices;
- Audio, Video and Still-image Information. Depending upon how you configure your Smart Home Device, We may collect certain still-images as well as audio and video;
- Smart Home Device Information. Information about motion detection, door and window usage, utility usage, and climate data (including temperature and moisture data);
- Monitoring Information. Information about arming and disarming the Smart Home Device;
- Aggregate Usage Information. Information that helps Us track patterns and improve Our Devices in order to meet your smart home needs; and
- Biometric Information. Information about your physical characteristics that helps Us identify you, including facial recognition.
We may use Device Data to do any or all of the following:
- Provide you with Our Services;
- Facilitate your interactions and transactions with Us;
- Respond to your requests, communications, suggestions, comments, inquiries, and requests (including your feedback about Our Devices and Services);
- Provide you with relevant notifications;
- Administer Our relationship with you, including managing your account;
- Maintain and improve Our Devices and Services, including measuring Our performance;
- Develop new products, features, and services;
- Better understand the preferences of Our customers;
- Facilitate your participation in Our surveys and promotions;
- Respond to legally binding requests from law enforcement, regulatory authorities, or other third parties;
- Defend, protect or enforce Our rights or applicable terms of service or to fulfill Our legal or contractual obligations;
- To prevent fraud or the recurrence of fraud;
Assist in the event of an emergency;
- Comply with applicable law; or
- Any other purposes specifically disclosed to you at the time We request, and you provide, the information.
We may also combine Device Data with other Personal Information collected from your use of Our Services and develop a customer profile that will be used for the purposes above.
Camera-Enabled Services. If you enable smart monitoring camera-enabled services, We may record, stream, store, or process video and/or recordings pursuant to your account instructions and camera-enabled device configuration settings (visit https://a3smarthome.com/installation/indoor-hdr-camera for more information on using and enabling your smart monitoring camera). If you enable the recording features during your subscription term, We will capture, process and retain video and audio data recordings from the Device pursuant to your settings or until the storage limit is reached (older videos will be deleted once the storage limit is reached) and you will be able to access those recordings during that time.
Identity Verification. We may use the Device Data to verify your identity or the identity of other persons. If you choose to upload the photos and identity of other persons to the Smart Home Device, We will process this information for the purpose of enabling the Smart Home Device to recognize familiar faces and to notify you of both familiar and unknown people. Using the mobile application and your account, you control whether this biometric processing and analysis occurs. Only upload photos of individuals who have consented to have their information used in accordance with this Privacy Policy.
We may retain Device Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, including, but not limited to, regulatory, audit, or record-keeping purposes.
Finally, We may use Device Data to create anonymized and aggregated information that does not personally identify an individual (“non-personal information"). We may use non-personal information for any legitimate business purpose.
Except as disclosed in this Privacy Policy, We do not share Device Data with any companies other than Our partners and affiliates and their directors, officers, employees, agents, consultants, advisors or other representatives.
We may share Device Data with Our third party service providers, suppliers, vendors, and business partners to help Us in the operation, management, improvement, research and analysis of Our Devices and/or Services, and to comply with your directions or any consent you have provided Us.
We may share Device Data with law enforcement and regulatory authorities or other third parties as required or permitted by law for the purpose of:
- Responding to a subpoena, court order, or other legal processes;
- Preventing or investigating fraud, security, or technical issues or otherwise manage risks;
- Defending, protecting, or enforcing Our rights, safety, security, or property;
- Reporting to credit bureaus (if applicable);
- Assisting in the event of an emergency; and
- Complying with applicable law.
We may also transfer or assign Device Data to third parties as a result of, or in connection with, a sale, merger, consolidation, and change in control, transfer of assets, bankruptcy, reorganization, or liquidation. If We are involved in defending a legal claim, We may disclose Device Data about you that is relevant to the claim to third parties as a result of, or in connection with, the associated legal proceedings.'
22. ADDITIONAL INFORMATION FOR LIVERAMP
When you use Our website, We may share information that We collect from you, such as your email (in hashed form), IP address or information about your browser or operating system, with our identity partners/service providers (including LiveRamp, Inc.). These partners return an online identification code that We may store in our first-party cookie for our use in online, in-app, and cross-channel advertising and it may be shared with advertising companies to enable interest-based and targeted advertising. To opt out of this use, please click here https://liveramp.com/opt_out/ .
23. UPDATES TO PRIVACY POLICY
From time to time, We may update this Privacy Policy, including at least once annually. If We do update this Privacy Policy, We will post the revised version here and note near the top of this Privacy Policy the date that any changes are made and/or when they become effective. If the changes being made are material, or if it is appropriate to do so under applicable law(s), We may provide a more prominent notice. You should check here regularly for the most up-to-date version of this Privacy Policy. Your continued use of the Sites or Services, or your provision of Personal Information to Us after any such notices, represents your agreement, acceptance, and consent to these Privacy Policy changes. If you do not agree to the Privacy Policy changes, please do not use the Sites or Services.
Appendix I – Point of Collection Chart, Main
A) Visit of Sites, including general inquiries and browsing of our Sites
Categories of Personal Information Collected | Business or Commercial Purpose of Intended Use (as described in detail in Section 5 of the Privacy Policy) | Categories of Sources from which Personal Information has been Collected | Categories of Third Parties with which Personal Information has been Shared |
|---|---|---|---|
Identifying Personal Information, such as name, contact information, and/or IP address | See Section 5 of the Privacy Policy (How do we use your Personal Information) | Directly obtained from consumer |
|
Browsing history and information regarding your interaction with the Sites from your device, browser or cookies | See the following sections:
|
|
|
Inferences about interests and preferences based on analysis of browsing habits and other predictive techniques | See the following sections:
|
|
|
B) Signing up for News and Information Services
Categories of Personal Information Collected | Business or Commercial Purpose of Intended Use (as described in detail in Section 5 of the Privacy Policy) | Categories of Sources from which Personal Information has been Collected | Categories of Third Parties with which Personal Information has been Shared |
|---|---|---|---|
See Section A ( Visit of Sites) | See the following sections:
| See section A (Visit of Sites) |
|
Commercial Information, including records of products and services viewed/ or purchased | See the following sections:
|
|
|
C) Online Purchase and/or use of goods and Services including memberships, subscriptions, road side assistance, DMV and travel services
Categories of Personal Information Collected | Business or Commercial Purpose of Intended Use (as described in detail in Section 5 of the Privacy Policy) | Categories of Sources from which Personal Information has been Collected | Categories of Third Parties with which Personal Information has been Shared |
|---|---|---|---|
See Section A ( Visit of Sites) and Section B (Signing up for News and Information Services). Additional identifying information may include
| See the following sections:
|
|
|
Payment and other Financial information, including credit card and bank account information, credit history | See the following sections:
|
|
|
D) Off-line by phone, regular mail, or visit in our branches
Categories of Personal Information Collected | Business or Commercial Purpose of Intended Use (as described in detail in Section 5 of the Privacy Policy) | Categories of Sources from which Personal Information has been Collected | Categories of Third Parties with which Personal Information has been Shared |
|---|---|---|---|
May include sections A-C above, excluding browsing history and Site use | May include sections A-C above, excluding browsing history and Site use | May include sections A-C above, excluding browsing history and Site use | May include sections A-C above, excluding browsing history and Site use |
Appendix II - California Consumer Privacy Act (CCPA) — 2022 Privacy Metrics Report
1 AAA Smart Home and A3 Smart Home are operated by A3 Smart Home LP.
2 Gig Car Share is operated by A3 Mobility LLC.
3 AAA House Manager is operated by A3 Labs LLC.
4 AAA Car Subscription is operated by A3 P2P Services LLC.
5 AAA Identity Champion is operated by A3 Labs LLC.
* Online Sign-up for Using Gig Services
** Interaction with Motor Vehicles Made Available by Gig