Last updated and effective date: December 1, 2023
This Privacy Notice describes how those entities listed in Section 14: Notice Provided By (“we”, “us” or “our”) collect, use, share and protect member and consumer information. This Notice also informs you regarding your rights and choices regarding your personal information and how to contact us with privacy questions. Our privacy practices are subject to laws in places in which we operate. We may provide additional state specific terms that will only apply to the given state, or as required by applicable law.
Click on the following links to go directly to the applicable section.
- What Our Privacy Notice Covers
- Categories of Personal Information
- Personal Information We Collect
- How We Collect Your Personal Information
- Cookies and Similar Tracking Technologies
- How We Use Your Personal Information
- How and Why We Share Your Personal Information
- How We Protect Your Personal Information
- Your Choices
- Children’s Privacy
- Contacting Us
- Changes to This Notice
- California Privacy Rights
- Notice Provided By
1. What Our Privacy Notice Covers
2. Categories of Personal Information
Personal information refers to information that identifies, relates to, describes, or can be associated with you. For purposes of this Notice, there are 12 categories (A-L) of personal information listed below.
Category A. Identifiers
Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, SSN, driver’s license number, passport number or other similar identifiers.
Category B. Statutory Information
Information set forth in California Civil Code 1798.80 that identifies, relates to, describes, or is capable of being associated with, an individual or household, including:
- social security number
- physical characteristics or description
- telephone number
- passport number
- driver's license or state identification card number
- insurance policy number
- education, employment, employment history
- bank account number
- credit card number, debit card number, or any other financial information
- medical information, or health insurance information
- “Personal information” does NOT include publicly available information that is lawfully made available to the public from federal, state, or local government records.
Category C. Characteristics
Characteristics of protected classifications under California or federal law such as race, color, sex, age, national origin, disability, citizenship status, genetic information, ancestry, sexual orientation, gender identity or expression, religion, medical conditions, AIDS/HIV, marital status, military/vet status, political affiliations or activities, victims of domestic abuse and/or assault/stalking.
Category D. Commercial Information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Category E. Biometric
Records used to uniquely identify a person including fingerprints, retinal scans, facial scans, signatures, handwriting analysis and voice pattern recognition.
Category F. Internet Activity
Internet or other electronic network activity information, including but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
Category G. Geolocation
Used to identify an electronic device’s physical location, such as GPS coordinates.
Category H. Sensory
Audio, electronic, visual, thermal, olfactory, or similar information.
Category I. Employment Related
Professional or employment-related information such as job application, salary, and job performance information.
Category J. Education
Non-publicly available information that pertains to school, grades or years attended.
Category K. Inferences
Inferences drawn from any of the above identified information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Category L. Sensitive Personal Information
Non-publicly available personal information that reveals:
- A consumer’s social security, driver’s license, state identification card or passport number.
- A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- A consumer’s precise geolocation.
- A consumer’s racial or ethnic origin, religious or philosophical beliefs or union membership.
- The contents of a consumer’s mail, email, and text messages unless we are the intended recipient of the communication.
- A consumer’s genetic data.
Sensitive Personal Information also includes:
- The processing of biometric information to uniquely identify a consumer.
- Personal information collected and analyzed regarding a consumer’s health or sex life or orientation.
3. Personal Information We Collect
During the prior 12 months, we would have collected personal Iinformation for each of these 12 categories (A-L). However, the fact that we collected information for a category does not mean that we collected all the information in the category. For example, category A (identifiers) includes name, address, driver’s license, social security number, passport, etc. If we state that we collect this category of information, it does not mean that we collected every one of these identifiers. Frequently, we only collect name and contact information and don’t collect more sensitive information such as driver’s license, social security number or passport unless it is required for the service requested such as a driver’s license for DMV services or a passport for international travel. While category C (characteristics) includes a broad list of characteristics of protected classifications (e.g., genetic information or sexual orientation, etc.) if we collect information for this category, it is generally limited to sex and/or age. Below, we further describe the specific pieces of personal information collected.
A. When Using our Products and Services
Below, you will find a description of our products and services and the specific pieces of information that should generally be collected for each.
If you purchased Membership, we should collect your name, gender, contact information and payment information. If you purchased an associate membership for someone else, similar information about these individuals should be collected, too. (Categories A, B and C).
A full listing of member benefits is found in the Member Guide for your motor club. Generally, for any membership service we request your name, proof of membership and contact information. (Categories A and B).
When you request Emergency Roadside Service we collect your phone number, name, breakdown location and the nature of your request. When the independent service provider arrives, you should be asked to provide identification such as a driver’s license for authentication. Information about your transaction (vehicle information and nature of service) is provided to us through the independent service provider. We may also collect information about your membership and transaction from AAA or other AAA motor clubs in the AAA Federation if you belong to another AAA motor club. (Categories A, B and D).
We offer various Automotive Services
- For AAA Approved Auto Repair (AAR), you generally provide your name, contact information, and membership number. We may also collect your transaction history with the AAR facility including your vehicle information (e.g., make and model). (Categories A, B and D).
- For the Car Buying service, we generally collect your name and contact information, membership number, zip code and information about the vehicle(s) you were interested in. (Categories A, B and D).
- For Driver Training, you should provide the name of the driver (such as your teen driver) and contact information. (Categories A and B).
- For Smog Testing Centers, we generally collect your name, contact information, membership number, vehicle information (year, make, model and VIN), results of the test and driver’s license number. (Categories A, B, D and L).
We offer many additional Member Benefits including:
1. Financial Services
2. Branch Services
- If you used Notary Services, you generally would have provided your name, address, signature, driver’s license, and your fingerprints may have also been taken. (Categories A, B, E and L).
- If you requested a Motor Vehicle transaction, we would collect your name, address, phone, vehicle information, and driver’s license to provide to the Department of Motor Vehicles. If you requested a handicap placard, we would also collect medical information. (Categories A, B, C and L).
- If you requested an International Driving Permit, you should have provided your name, contact information, driver’s license, birthplace city, and date of birth. (Categories A, B, C and L).
3. Discounts & Event Tickets
- If you purchased Entertainment & Attraction Tickets, we should have collected your ticket request, name, contact information, and membership number to provide to the service provider honoring your request. (Categories A and B).
4. ID Theft Protection
5. Travel Products & Services
- If you requested a quote or purchased Travel products or services, you could have provided your name, address, phone, date of birth, passport, known traveler number and payment card information to us and/or our travel partners. If travel was purchased for another person, we would have normally collected similar information about them. We would have your travel itinerary. (Categories A, B, C, D and L).
B. When Contacting Us
When you contact us, we should ask you to provide and/or confirm your contact information. (Categories A and B).
If you visited a branch or our administrative offices, video surveillance may have recorded you. We should have asked you to check in by swiping your membership card or otherwise providing your name and contact information. To service your request, we would have collected personal information (as described previously). (Categories A, B, E and H).
If you attended an Auto Club special event such as a motorsports or travel event, we may have collected your name and contact information from you. (Categories A and B).
If you visited online or used the Auto Club App, your internet/online activity and online identifier would have been collected. This includes your geolocation when using the App and your membership number. To service your request, we would have collected personal information (as described previously). (Categories A, B, F, G and L).
If you called, your phone number may have been automatically collected and your call may have been recorded. To service your request, we would have collected personal information (as described previously). (Categories A, B, and H).
C. Conducting Business
1. Marketing & Understanding Consumers
We collect information to better understand our members and to more effectively market membership products and services to existing and potential members.
This includes collecting internet activity information for those online or using the Auto Club App. We collect information for online behavioral advertising and analytics purposes. (Categories A, F, G and L).
We purchase from third party vendors who are in the business of collecting personal information such as name, contact information, date of birth, demographic information and attributes. We may use this information with other collected information to create a profile, model or propensity score. (Categories A, B, C, D, I, J and K).
We may collect from our AAA affiliated partners and providers information about your transaction with them. For example, when you use your membership card for a member discount, the third-party partner could share with us an identifier such as your name, contact information and transaction information. This allows us to better determine the value and use of member benefits and to more effectively offer our products and services. (Categories A, B and D).
As a membership organization, we regularly measure member satisfaction by surveying members. (Categories A, B and D).
2. Security Purposes
Our efforts to safeguard personal and company information, facilities, and people require that we monitor and collect information by different means and from many environments. This could include through video surveillance, license plate reader technology or internet/online activity for cyber security purposes. Sources may include from the consumer, third party security providers and/or government entities including law enforcement. (Categories A, B, E, F, H and L).
3. Transactional Purposes
To fulfill a transaction or request or to process a payment, we may collect information from you and service providers. For example, with any purchase we collect payment information depending on the method of payment. This could include payment card information or financial account information from a check or with an ACH enrollment. (Categories A, B and D).
4. Legal, Regulatory, Compliance Purposes
We may collect personal information for legal, regulatory and compliance purposes. For example, we may collect your contact information from third party sources (government entities, law enforcement, regulatory bodies and/or private businesses) to ensure that we have your current contact information (e.g., physical address) and to honor your requests to not be contacted or solicited. For example, we purchase Do Not Call lists to honor the wishes of those who do not wish to be called for marketing purposes. (Categories A, B and C).
5. Other Business Purposes
We collect personal information for other business purposes and to operate as a business and membership organization. For example, we purchase National Change of Address lists to ensure that we have a current mailing address. (Categories A, Band D).
D. When Using Our Website or Mobile Applications
We collect information that you provide directly when you use our website and App. This could include your contact information (such as your name, postal address, email address, and telephone number), membership number, driver’s license, vehicle and property information, financial account information and other information that you provide. When you visit our website, third parties including advertising partners and analytics providers may collect other information over time about your online activity across websites and the various devices you use. (Categories A, B, F, G and L).
We partner with third-party advertising networks to serve our ads when you visit other sites across the Internet. Our partner employs cookies, web beacons and other tracking technologies to gather information about your activity on this and other websites and to then provide you with our ads on other websites. These tracking technologies permit us to analyze, modify, and improve our advertising content. We do not have access to or control over cookies or other features these third-party advertising networks may use, and their information practices are not covered by this Notice.
We may also indirectly gather information about your online visit including your Internet service provider, Internet Protocol (IP) address, unique device ID, browser type, operating system, the date and time the website that referred you and the pages you visit while at our site. We may also use Session Replay scripts to learn how you interact with our website. These scripts track your online movements to learn how you navigate and interact with our site and can be used to improve our website by identifying and correcting confusing and non-functioning parts of a web page. We restrict employee access to such scripts, keep these scripts for only a limited time and redact the display of Personal Information within the scripts in order to protect your information. (Category A and F).
We gather such information using a “cookie” which is a feature of your Internet browser that places a small file on your computer’s hard drive. A cookie facilitates site navigation for Internet sessions and helps maintain security. It can remember your personal settings, pre-fill forms for you, and monitor how you use our website which information we use to improve our services. (If you do not enable cookies on your browser, you may not be able to use some of the services on our website).
If you provide your email address, we may send you email offers (such as for travel or membership benefits) and otherwise conduct business with you. With each marketing offer, we will give you the opportunity to opt out of future email offers. If you opt out of marketing offers, we may still email you for non-marketing purposes. For example, we could send an email confirmation if you request a quote.
4. How We Collect Your Personal Information
We collect personal information about you from various sources including the following:
A. From You
We collect personal information you provide, such as when you request service, make a purchase, register your Account, contact us, respond to a AAA survey, book a reservation, make an appointment, visit a branch, RSVP for an event or travel show, participate in a sweepstakes, contest or similar campaign or promotion, apply for a job or sign up to receive emails, text messages, and/or postal mailings.
We record member service calls for quality assurance. We also use video surveillance in our branches and administrative offices for safety, security, fraud, loss prevention and operational purposes.
B. From AAA Related Sources
We collect information from various AAA related sources when you use your membership including from the AAA Federation, other AAA motor clubs, Emergency Roadside Service (ERS) independent contract stations and AAR shops, for example.
C. From Data Vendors
We collect personal information from companies that may not have a business relationship with you. For example, we may purchase a list with profile information to better market our products.
D. From Digital Sources
When you visit our website, use our Auto Club App, open or click on emails we send you, or interact with any of our advertisements, we or third parties we work with automatically collect certain information using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools. For more information, please see Section 5: Cookies and Similar Tracking Technologies.
If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks in connection with our website or mobile App, we collect information that you share with us, or that the social media platforms share with us. For more information about the privacy practices of those social media platforms, please review their privacy policies and settings of the social media platforms and networks that you use.
If you call us, we may record member service calls. If you visit a branch or administrative office, depending on the location, we may record you through surveillance technology or collect license plate information.
E. From Government/Legal
We collect personal information from government, regulatory agencies, law enforcement and in litigation. For example, we collect information from Department of Motor Vehicles when processing vehicle registration.
F. From Product Providers
We obtain information from third parties that we partner with, and other third parties we choose to collaborate and work with. For example, when you purchase a travel product (such as air, vehicle, hotel, or cruise), use a Discount & Rewards partner, ID Theft protection or the AAA branded credit card, we may be informed from these providers that you used their product.
G. From Service Providers
We collect personal information about you from service providers such as data analytic providers, marketing or advertising service providers, fraud prevention service providers, financial service providers and other vendors providing services that assist in the operation of our business.
5. Cookies and Similar Tracking Technologies
We use Adobe and Google Analytics for these purposes. To learn more about Adobe Analytics privacy practices or to opt-out of cookies set to facilitate reporting, visit Adobe Privacy Center https://www.adobe.com/privacy.html. For more information about Google Analytics, please refer to “How Google Uses Data When You Use Our Partners’ sites or apps”, located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time. To access and use the Google Analytics Opt-Out Browser Add-On by visiting tools.google.com/dlpage/gaoptout/.
We also permit third parties to use tracking technologies on our websites and Auto Club Mobile App for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, (depending on your communication preferences). The third parties use their technology to provide advertising about products and services tailored to your interests which may appear either on our website or on other websites.
6. How We Use Your Personal Information
We collect and use personal information for many reasons as disclosed throughout this Notice and when:
Communicating with You
We use personal information to communicate with you whether it’s in-person, over the phone, online and/or electronically.
Providing AAA Member Products and Services
We use your personal information to offer and provide our products and services to members. This includes responding to requests for Emergency Roadside Service, using our travel agency, using Member benefit such as notary service, travel passport photos, vehicle registration, AAA Automotive Services, ID Theft Protection, AAA Credit Card and AAA Discounts & Rewards, as examples.
Marketing and Promotional Purposes
We use personal information to market and promote member products and services by various means including by email, mail, text, and phone; to show you advertisements for products or services tailored to your interests on social media and other websites; and to administer contests and similar promotions and events.
Analytics and Personalization
We use personal information for research and analytic reasons in order to understand your online interactions via our website, App, online advertisements, and email communications; to determine how to more effectively offer our products and services; to improve these online features; to personalize your experience and customize our marketing; to provide products and services; and to better understand you.
Core Business Functions
We use personal information for core business functions such as fulfilling & processing purchases and services, maintaining records, for compliance, regulatory and legal purposes, and financial and accounting purposes.
Security and Fraud Prevention
We use personal information to monitor our properties, to detect, investigate, prevent or act upon potential malicious, deceptive, fraudulent, or illegal actions (including cyber and physical security incidents), and to prevent and/or respond to harm to the property or safety of our organization and our members, customers, employees and others.
7. How and Why We Share Your Personal Information
During the prior 12 months, we would have shared personal information for the following business or commercial purpose with the types of third parties and for the categories of personal information listed below.
When Using our Products and Services
In servicing members or those using our services, personal information could be shared within the AAA Federation of motor clubs and companies. For example, transactional information from a service request for an out of territory member would be shared with the national office and that member’s motor club. (Categories A, B and D).
For Emergency Roadside Service (ERS), we generally share your name and contact information, breakdown location, membership information, vehicle information and nature of your request with an independent ERS provider. (Categories A, B and D).
Automotive Service Provider
- For AAA Approved Auto Repair (AAR), we generally share your name and contact information, membership information, vehicle information and nature of your request with an independent AAR facility. (Categories A, B and D).
- For the Car Buying service, your name and contact information, and information about the vehicle you were interested in would have been shared with participating automotive dealers. (Categories A, B and D).
Financial Service Provider
- If you applied for a AAA Credit Card, you would have provided and shared your information to our financial partner directly either online or via a terminal or device that allows you to share your information directly with the provider. We don’t otherwise share your information with the provider directly in this circumstance. The information you share could include your membership number, name, contact information (phone, email and address), citizenship, country of residence, date of birth, employment status, (employment & financial information) total annual income and source, monthly housing payment, and social security number. (Categories A, B, C, I and L).
- If you used Notary Services, you generally would have provided your name, address, signature, driver’s license and we may have taken your fingerprint. Notaries are subject to independent professional notary association standards and your information could be shared with a regulatory body or third party in the event of a professional audit. (Categories A, B, E and L).
- If you requested a Motor Vehicle transaction, we should have collected your name, address, phone, vehicle information, and driver’s license to provide to the Motor Vehicle Department. If you requested a handicap placard, we would also collect and shared your medical information. (Categories A, B, D and L).
Discounts & Event Tickets Provider
- If you purchased Entertainment & Attraction Tickets, we would have collected your ticket request, name, contact information, and membership number to provide to the service provider honoring your request. (Categories A, B and D).
- If you purchased from our Discounts & Rewards partners online through our website, you would have provided your information directly to the partner. The information you share could include your name, member number, contact information and payment information. (Categories A and B).
ID Theft Protection Provider
- If you enrolled in ProtectMyID® identity theft protection, you would have provided your personal information directly to our partner. We don’t otherwise share your information with the ID Theft provider in this circumstance. The type of information you share depends on the product, but can include your name, membership number and zip code, contact information (address, phone), date of birth and social security number and payment information. (Categories A, B, C and L).
Travel Service Provider
- If you requested a quote or purchased Travel products or services, you could have provided your name, address, phone, date of birth, passport, known traveler number and payment card information to us and/or our travel partners. If travel was purchased for another person, we normally would have shared similar information about them, too. (Categories A, B, C, D and L).
Marketing Service Provider
We share information with service providers to market our products and services to members and potential members. Your name, contact information, membership information, age/sex, and a profile about you could be shared depending on the method of solicitation. (Categories A, B, C, D and K).
We share information to market the AAA Credit Card. Information that would normally be shared with our partner’s marketing service provider includes name, membership information, contact information and date of birth. Information would not be sent for those who had requested to not be solicited. (Categories A, B, C and D).
We collect internet activity information for those online or using the Auto Club App and share such information with providers for email marketing, online behavioral advertising and analytics purposes. (Categories A and F).
As a membership organization, we regularly measure member satisfaction by surveying members. We may share your contact information with those who provide these services. (Categories A and B).
Our efforts to safeguard personal and company information, facilities and people require that we monitor and collect information by different means and from many environments and share information with service providers that assist in this regard. This could include through video surveillance or internet/online activity for cyber security purposes. In some circumstances, personal information may be shared with law enforcement, and security providers. (Categories A, B, C, E, F, G, H and L).
To fulfill a transaction or a request or to process a payment, we share information with various service providers. For example, payment information such as payment card information or financial account information from a check or with an ACH enrollment would be shared with financial institutions and those service providers that process payments. (Categories A, B and D).
Legal, Regulatory, Compliance Purposes
We share personal information with third parties (government entities, law enforcement, regulatory bodies and/or private businesses) if required for legal, regulatory and compliance purposes and share with those that assist us in responding in such circumstances. For example, we could be obligated to share your name, contact information, and other information in the event of a regulatory investigation or in the event of litigation. (Categories A, B, C, D and L).
We share personal information for audit, accounting, financial or other professional reasons. (Categories A, B, C, D and L).
Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
8. How We Protect Your Personal Information
Protecting your information is important to us. We maintain physical, electronic, and procedural safeguards to protect your personal information.
For example, we limit access to this information to authorized employees and contractors who need to know. We review the information security practices of vendors with whom we share personal information. We would also notify affected individuals as required by appropriate law in the event of a data breach. Please be aware that although we make every effort to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
9. Your Choices
You may exercise the options described in this section. Additional privacy rights are contained in state specific sections. For example, Section 13: California Privacy Rights lists those privacy rights available for California residents.
Updating & Correcting Your Information
You can update or correct your contact information by:
- Logging on your online account (My Account) and updating your personal and contact information;
- Calling your local AAA branch or the membership services number on the back of your membership card; or
- Visiting a branch office and speaking with a representative.
AAA Solicitation and Marketing
If you do not want offers from us or our affiliates, please request to be placed in our Do Not Solicit file by visiting or calling your local AAA branch, by going to your online account to manage your communication preferences, or by writing to us: Attention: Membership Privacy, PO Box 25001 Mail Stop A112, Santa Ana, CA 92799-5001 and provide your full name and street address, membership number, telephone number and email address along with your request to be placed in our Do Not Solicit file. Your request will take effect within 60 days of receipt. During this time, you may receive mailings that were already in progress. You will continue to receive your member magazine, other communications directly related to your membership, and promotional offers with your bills and renewal notices.
Managing Communication Preferences.
You can manage how we communicate with you by logging into your online account (My Account), which first requires you to set up an account online.
Online Behavioral Advertising Opting Out
Our advertisements that appear on third party sites with the AdChoices icon provide the means for you to opt-out of our targeted online ads. You can do so by clicking on the blue AdChoices icon on one of our online advertisements and then following its instructions. Opting out does not opt you out of being served advertising. You may continue to receive generic non-targeted ads.
We also comply with the Self-Regulatory Program for Online Behavioral Advertising managed by Digital Advertising Alliance (DAA). When you opt out, your election is conveyed to the applicable advertising network that then places a cookie on your specific computer and browser. Please note that clearing your browser of cookies will require you to opt out again. To opt out from all participating DAA companies, please visit http://www.aboutads.info/choices/.
An additional right for California residents to opt-out of the sharing of personal information for cross context behavioral advertising is found in Section 13: California Privacy Rights.
10. Children’s Privacy
We do not intend to collect personally identifiable information from persons less than 13 years of age; however, if a primary member purchases an associate membership for their child or when consumer purchases travel related products for their children, in those circumstances information about the child would be collected from the adult purchasing the associate membership or travel product. If your child provides us with their personal information, as the parent/guardian, you can contact us at the address in Section 11: Contacting Us, to request that your child’s information be deleted from our records. We will make every reasonable effort to accommodate any such request.
11. Contacting Us
If you have questions regarding this Notice and/or our information practices, please contact us at:
Automobile Club of Southern California
Attention: Privacy & Data Security Counsel
Office of General Counsel, A451
3333 Fairview Road, Costa Mesa, CA 92626
By email. email@example.com
12. Changes to This Notice
We may amend this Privacy Notice at any time. Please review it periodically. Any changes are effective upon the date at the top of this Notice and upon our posting of the revised Notice. Your use of our website following any such change constitutes acceptance.
13. California Privacy Rights
California Consumer Privacy Act
California adopted groundbreaking privacy legislation, the California Consumer Privacy Act (CCPA), that provided new privacy rights to California residents effective January 1, 2020, and which was amended through the California Privacy Rights Act (CPRA) that provides additional privacy rights for California residents as well as privacy rights in employment and business-to-business circumstances effective January 1, 2023. Throughout this Notice, CCPA and CPRA will be referenced collectively as “CCPA.” California residents have privacy rights to their personal information including the right to not be discriminated against for exercising any of these rights. Employees, applicants and independent contractors have a right to not be retaliated against for exercising any of their CCPA rights. You, as a California resident, have a right to:
- a copy of your personal information (subject to statutory exceptions) that we collected since January 1, 2022, including a disclosure of the categories of personal information collected, sold and shared for a business purpose;
- delete personal information we collected from you unless we need to keep it as permitted by the CCPA. For example, if you are a member, we need your personal information to provide your membership. We can also keep your personal information when we generally use it internally for business purposes;
- to correct your personal information; and
- to opt-out of the sale or sharing of your personal information if we sell it, or share it for cross context behavioral advertising.
Frequency & Method of Request
You can request your information twice in a 12-month period. We must respond and provide your information within 45 days unless we inform you that we need more time in which event we will have 90 days to respond.
You can exercise your privacy rights and make a CCPA request. If necessary, we will first confirm that you are a California resident and authenticate your identity through a third party that asks you questions that you would know.
Please call (833) 612-6032 if:
- you have issues with the authentication process;
- to designate an agent to make a CCPA request on your behalf;
- to correct your personal information; or
- to make a CCPA request over the phone.
Designating an Agent on Your Behalf
You may designate an authorized agent to submit a request on your behalf to access, correct or delete your personal information by calling (833) 612-6032. To do so, you must 1) provide that authorized agent written and signed permission to submit such a request, and 2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit such proof.
Effective January 1, 2023, the CCPA will apply to, employee, job applicant and business-to-business personal information. For information regarding our CCPA Worker Privacy Notice, visit our Career Site or email firstname.lastname@example.org to make an employment related CCPA request. The CCPA Notice link located in the footer of the Career Site also provides a phone number for employees to call for their request. To make a business-to-business CCPA request, please email email@example.com.
Sensitive Personal Information Statement
The CCPA also provides a right to limit the use and disclosure of sensitive personal information unless the business uses such information within legally permitted purposes or doesn’t use it to infer characteristics about you. For example, we can use such information to i) perform the services or provide the goods requested by you; ii) detect security incidents; iii) perform services on behalf of us; and iv) verify or maintain the quality of services we provide. Since we use sensitive personal information within legally permitted purposes, and/or not to infer characteristics about you, we are not required to offer you the option to limit or opt-out of the use of such information through a “Limit My Sensitive Personal Information” option. However, if our practices change so that we use such information outside a legally permitted purpose, then we would offer such an option at that time.
Categories of Personal Information We Collect and Our Purpose for Collection and Use
- Please find a list of the categories of personal information that we collect in Section 3: Personal Information We Collect.
- For details regarding the sources from which we obtain personal information, see Section 4: How We Collect Your Personal Information.
- We collect and use personal information for the business or commercial purposes described throughout this Notice and above in Section 3: Personal Information We Collect and in Section 6: How We Use Your Personal Information.
Categories of Personal Information Disclosed and Categories of Recipients
During the prior 12 months, we disclosed the following categories of personal information for business or commercial purposes to the types of recipients listed below:
We share Category A information (Identifiers) with AAA related sources, digital providers, government/legal sources, product providers and service providers.
We share Category B information (Statutory as set forth in California Civil Code 1798.80) with AAA related sources, digital providers, government/ legal sources, product providers and service providers.
We share Category C information (Characteristics) with government/ legal sources and service providers.
We share Category D information (Commercial Information) with AAA related sources, digital providers, product providers and service providers.
We share Category E information (Biometric) with government/legal sources and service providers.
We share Category F information (Internet Activity) with digital providers such as advertising networks and social media platforms and service providers.
We share Category G information (Geolocation) with digital providers, product providers and service providers.
We share Category H information (Sensory) with service providers.
We share Category I information (Employment related) with service providers.
We share Category J information (Education) with service providers.
We share Category K information (Inferences) with service providers.
We share Category L information (Sensitive Personal Information) with government/legal sources and service providers.
For more information regarding how your information is shared, see Section 7: How and Why We Share Your Personal Information. We may also need to share any of the above categories of information pursuant to legal process and as described and as described elsewhere in this Notice.
CCPA Exempt Information
Please note that certain information is exempt from the CCPA. For example, personal information collected subject to a federal law called the Gramm-Leach-Bliley Act is exempt. As a result, insurance information would not be disclosed. Other exceptions include medical information and protected health information; personal information used to generate a consumer report and personal information under the Driver Privacy Protection Act.
Categories of Personal Information Disclosed and Third Parties to whom Personal Information was Disclosed that may be Considered “Sale/Sharing” under California law
During the prior 12 months, we would have sold personal information for Categories A-D to a Financial Product Provider in order offer a Club benefit (the AAA Visa Signature® credit cards) to members. The Auto Club receives a monetary benefit when members use their AAA Credit Card which is offered to members through our partner as a member benefit. Such arrangements help to keep annual membership dues low. For purposes of the CCPA this could be considered to be a “sale” of personal information. Our partner can only use the information we share to offer you the credit card. In this instance, information shared with our partner’s marketing service provider should include name, membership information, contact information, and date of birth. Information would not be sent for those who had requested to not be solicited.
Additionally, our use of tracking technologies for cross context behavioral advertising is considered as a “sale/sharing” under California law. During the prior 12 months, we would have “shared” personal information for Categories A, D, F & G for online behavioral advertising purposes with digital sources that include advertising networks.
Sale and Sharing of Personal Information and the Right to Opt-Out
You may opt-out of this practice (being tracked by these third parties) for cross context behavioral advertising purposes by
1). Clicking the “Do Not Sell or Share My Personal Information” link at the bottom of our website’s homepage and following the required CCPA process; or
2). Broadcasting the Global Privacy Control (GPC) for those browsers and browser extensions that support such a signal. This is an opt-out at the browser and device level. For example, if you turn on GPC on your iPad or laptop, you have opted out for information while on this device, but not if you visit our website on your mobile phone. You will need to turn on GPC for each device. Click here to learn how to turn on GPC. If you turn on GPC, your opt-out of sharing is accepted automatically.
Your request to opt-out of sale/sharing will be linked to your browser identifier only specific to the device you are currently using. If you would like to completely opt-out of cross context behavioral advertising you will need to proceed with a request to opt-out through our CCPA Application that requires authentication.
Selling or Sharing Personal Information of Those Under 16 years of Age
We do not sell personal information of consumers under 16 years of age. We do not have actual knowledge of sharing personal information for cross context behavioral advertising purposes for consumers under 16 years of age, although consumers under 16 that use our website could have their personal information shared for cross context behavioral advertising purposes.
However, there are circumstances when we offer a service that benefits a consumer under 16 years and in these events personal information could be shared with a third party. For example, if a primary member purchases an associate membership for their child or when a consumer purchases travel related products for their children, in those circumstances information about the child would be collected from the adult purchasing the associate membership or travel product and may also be shared with the following sources: AAA related entities, the purchaser, digital providers, government/legal entities, and third party service and product providers. See Section 10: Children’s Privacy to learn more.
How Long Do We Retain Each Category of Personal Information?
We retain your personal information in line with our legal obligations, record retention policy, or as otherwise permitted by law. We will delete your personal information once the legal obligation expires or after the period of time specified in our record retention policy. The period of retention is subject to our review and alteration.
No Account Needed
You are not required to create an account with us to exercise your CCPA rights. We will only use personal information provided in a request to review and comply with your request.
California Financial Information Privacy Act Rights
To restrict the sharing of your nonpublic personal information with our credit card provider Comenity Capital Bank, please visit the online preference center and opt out of credit card offers.
California Shine the Light Law Rights
Apart from the CCPA, California residents can request information regarding the personal information that a company they do business with shares with third parties for direct marketing purposes during the past year. To request a copy, please contact firstname.lastname@example.org and include “SB27 Request" on the subject line.
California Do Not Track Rights
We do not currently respond to a web browser’s “Do Not Track” signal. Such a signal enables a person to opt out from having information about their web browsing activities monitored and collected; however, since there is not uniform industry agreement as to how to respond, we do not currently honor such a request.
14. Notice Provided By
This Notice is provided on behalf of our companies that link to this Notice.
AAA is a national federation of independently chartered local AAA motor clubs and organizations. The companies listed below are part of the Automobile Club of Southern California family of companies that include, but are not necessarily limited to, the companies listed below. They offer membership, automotive, insurance, and travel services. The list may change from time to time.
- AAA East Central
- AAA Hawaii, LLC
- AAA New Mexico, LLC
- AAA Northern New England
- AAA Texas, LLC
- Alabama Motorists Association, Inc. (dba AAA Alabama)
- Automobile Club of Southern California
- Automobile Club of Missouri (dba AAA Missouri)
- Auto Club Services, LLC
- Tidewater Automobile Association of Virginia, Incorporated (dba AAA Tidewater Virginia)