California Privacy Rights Act Privacy Policy

Last updated: January 1, 2023

This California Privacy Rights Act Privacy Policy describes how Nationwide Mutual Insurance Company and its affiliates (“Nationwide”, “we”, “us”, “our”, or “ours”) collect, use, and disclose the personal information of California consumers (“you”, “your”, or “yours”) and the rights prescribed to them in the California Consumer Privacy Act, as amended by the California Privacy Rights Act and its implementing regulations (collectively, “CPRA”). If you are a California resident, you may have rights under the CPRA. Please review those rights, and methods for exercising them, below.

This policy also serves as a Notice at Collection under the CPRA.

You may also read Nationwide’s Online Privacy Policy and Insurance and Financial Product Privacy Notices. Depending on your relationship with us, one or more of these privacy documents may apply to you, in addition to this policy.

You may print or download a PDF version of this policy.

A. Collection of Information

Nationwide may collect the following categories of personal information, including sensitive personal information, about you:

1. Identifiers such as name, address, Social Security number, and driver’s license number.
2. Protected classifications such as medical conditions, military or veteran status, and race or ethnic origin.
3. Commercial information such as products or services purchased, consumer report information, and information from transactions.
4. Internet, browsing, or other network information such as internet protocol (IP) address, session ID, click or touch stream data, movement activity, scroll activity, and in some cases, keystroke activity.
5. Telematics data (excluding geolocation data) are collected in connection with our telematics discount or usage-based pay-per-mile insurance programs.
6. Sensory data such as audio recordings of your calls to our call centers.
7. Professional or employment-related information such as professional licenses or designations, and employment history.
8. Education information such as transcripts.
9. Inferences such as profiles reflecting preferences, characteristics, predispositions, behavior, or attitudes.
10. Financial account information such as account log-in information, financial account number, and debit card or credit card number.
11. Geolocation such as precise physical location.
12. Health information such as electronic health records, lab results and reports, physician reports, diagnostic results, prescription history.

B. Sources of Information

Nationwide may collect your personal information, including sensitive personal information, from the following categories of sources:

1. We may collect identifiers from you directly, your agent, publicly available databases, data aggregators, advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and data brokers and other third parties from whom we have purchased data.
2. We may collect protected classification information from you directly, medical providers, or our vendors.
3. We may collect commercial information from you directly or from your use of our websites or mobile apps, from your agent, from credit reporting companies, and from consumer reporting companies.
4. We may collect internet, browsing, or other network activity from your use of our websites, mobile apps, or telematics devices.
5. We collect telematics data (excluding geolocation data) from your use of telematics devices.
6. We may collect sensory data, such as such as audio recordings of your calls to our call centers.
7. We may collect professional or employment information from job applications, resumes, or recruiters.
8. We may collect education information from job applications, transcripts, resumes, or recruiters.
9. We may collect inferences from recordings of your audio or video calls to our call centers, information provided by credit or consumer reporting companies if you have applied for a financial product or service, or your use of our websites, telematics devices, or mobile apps.
10. We may collect financial account information from you directly.
11. We may collect geolocation from you directly or from your use of our websites or mobile apps.
12. We may collect health information from you directly, medical providers, or our vendors.

C. Purposes of Collection of Information

Nationwide collects and uses your personal information, including sensitive personal information, for our business or commercial purposes.

For all categories of personal information, including sensitive personal information, listed in this policy, our business or commercial purposes include:

1. Auditing;
2. Ensuring the security and integrity of information (such as detecting security incidents and protecting against and prosecuting malicious, deceptive, or illegal activity like fraud);
3. Debugging;
4. Short-term, transient use of personal information;
5. Performing services on behalf of Nationwide, another business, or a service provider (such as maintaining or servicing accounts or providing customer service); 
6. Undertaking internal research; and
7. Verifying or maintaining the quality or safety of a service or device or improving a service or device.

We also use all categories of personal information, including sensitive personal information, listed in this policy to comply with our legal obligations, including to comply with law enforcement or government authority requests, participate in judicial proceedings, and investigate fraudulent activity, resolve disputes, enforce our agreements, provide you with our products or services you have purchased, for everyday servicing purposes, and as otherwise described to you at the point of collection.

For specific categories of personal information, including sensitive personal information, our business or commercial purposes include:

1. Identifiers are used to respond to questions, requests, social media messages, and emails, track insurance applications, provide customer service, market, and provide products and services to you, set up, manage and service policies and accounts, conduct website or other surveys, verify your identity, and update our records.
2. Protected classifications (medical conditions or military or veteran status) are used to provide products and services to you, and protected classifications (race or ethnic origin) are used to conduct market research or product research to assist in ensuring diverse responses.
3. Commercial information is used to offer our telematics or usage-based insurance programs to you, market our products or services to you, and help predict your future claims.
4. Internet, browsing, or other network activity is used to conduct website and mobile app analysis, conduct research and analytics, develop and improve our websites and mobile apps, market and provide products or services to you, manage our online advertising and its effectiveness, remember your preferences and interactions, respond to questions and emails, manage and service policies and accounts, conduct website and other surveys, fraud prevention, and offer our telematics or usage-based insurance programs to you.
5. Telematics data (excluding geolocation data) are used to offer our telematics discount or usage-based pay-per-mile insurance programs, and the telematics data collected in connection with these programs are only used for determining actual miles driven.
6. Sensory data, such as audio recordings of your calls to our call centers, are used to improve customer service, or for authentication or fraud investigation purposes.
7. Professional or employment information is used to process job applications and to provide offers or denials of employment.
8. Education information is used to process and evaluate your job application and related materials.
9. Inferences are used to market our products or services to you, improve our products and services, and help predict your future claims.
10. Financial account information is used to provide products and services to you, set up, manage, and service policies and accounts, and update our records.
11. Geolocation data are used to conduct website and mobile app analysis, develop, and improve our websites and mobile apps, secure our websites and mobile apps, and provide products or services to you, such as our telematics or usage-based insurance programs.
12. Health information is used to underwrite our products.

D. Disclosure of Information

Nationwide may disclose your personal information to the following categories of third parties for the business or commercial purposes listed above and for the following reasons:

1. Identifiers may be disclosed to vendors that provide us with customer service, account setup, account management and servicing, and data verification services.
2. Protected classifications may be disclosed to vendors that assist us in providing products and services to you.
3. Commercial information may be disclosed to vendors, advertising networks, or data analytics providers that help us offer our telematics or usage-based insurance programs to you, help market our products or services to you, and help predict your future claims.
4. Internet, browsing, or other network information may be disclosed to vendors, advertising networks, internet service providers, data analytic providers, or social networks that help us with conducting website and mobile app analysis, conducting research and analytics, developing our websites and mobile apps, collecting information about our website and mobile app usage and email responses, marketing and providing products or services to you, managing our online advertising and its effectiveness, responding to questions and emails, managing and servicing policies and accounts, and helping to offer our telematics or usage- based insurance programs to you.
5. Telematics data (excluding geolocation data) may be disclosed to vendors or data analytics providers that assist us in providing our telematics discount or usage-based pay-per-mile insurance programs.
6. Sensory data, such as audio recordings of your calls to our call centers, may be disclosed to vendors that provide us with services to improve customer service or for authentication or fraud investigation purposes.
7. Professional or employment information may be disclosed to vendors that assist us with processing job applications or providing offers or denials of employment.
8. Education information may be disclosed to vendors that provide us with human resources, job application, or recruitment services.
9. Inferences may be disclosed to vendors that provide us with services to market our products or services to you and help predict your future claims.
10. Financial account information may be disclosed to vendors that help us provide our products or services to you.
11. Geolocation data may be disclosed to vendors, advertising networks, internet service providers, data analytic providers, or social networks that help us with conducting website and mobile app analysis, developing our websites, mobile apps, or insurance programs, and marketing our products or services to you.
12. Health information may be disclosed to vendors that help us provide our products or services to you or business partners that help us provide our products or services to you.

Nationwide may also disclose all categories of personal information as part of corporate transactions, such as mergers, acquisitions, or divestitures, as well as with our affiliates and subsidiaries. We may be required to disclose all categories of personal information with law enforcement, regulatory agencies, or litigants based on legally enforceable requests for this information.

Nationwide does not knowingly sell or share (“Share”, as defined by the CPRA) the personal information of consumers under 16 years of age.

E. Your California Privacy Rights

The CPRA grants you the privacy rights described in this section, subject to certain limitations and exceptions. Your CPRA rights do not apply to personal information protected by other laws, such as the Fair Credit Reporting Act (“FCRA”), the Gramm Leach Bliley Act (“GLBA”), the Health Insurance Portability and Accountability Act (“HIPAA”), and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).

• Right to Notice. The right to know about how we collect, use, disclose, sell, or Share your personal information. This policy is intended to satisfy that right.
• Right to Access. The right to know and access what personal information we have collected about you, including the categories of personal information, the categories of sources from which your personal information is collected, the business of commercial purpose for collecting, selling, or Sharing your personal information, the categories of third parties to whom we disclose your personal information, and the specific pieces of personal information that we have collected about you.
• Right to Delete. The right to delete personal information that we have collected from you, subject to certain exceptions.
• Right to Correct. The right to correct inaccurate personal information that we maintain about you.
• Right to Opt Out. The right to opt-out of the sale or Sharing of your personal information by us if we sell or Share personal information.
• Right to Limit. The right to limit the use or disclosure of your personal information by us to purposes permitted by the CPRA, if we use or disclose sensitive personal information.
• Right to Non-Discrimination. The right not to be discriminated against for exercising any of the privacy rights in this section. We do not use the fact that you have exercised or requested to exercise any CPRA right for any purpose other than facilitating a response to your request.

Identity Verification Requirements

You or your authorized agent may submit a California privacy rights request using one of the designated methods outlined below. When submitting your request, you must provide us with certain information so that we may locate your personal information in our systems and distinguish it from the personal information of others—for example, individuals who may have similar names or addresses to you. You may need to provide us with your name, email address, address, phone number, driver’s license number, Social Security number, or account information, depending on the information you would like to access.

Once we receive your request, we will acknowledge receipt within 10 business days and provide additional information about our verification process and the processing of your request. We will try to process your request within 45 days of receiving it. If we need more time (up to 45 days), we will notify you of our need for additional time and explain the reason why we need more time prior to the end of the initial 45-day period.

We do not generally charge a fee to fulfill any of your requests under CPRA; however, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, including repetitive requests. If we refuse to act on a request, we will notify you of the reason.

Exercising Your California Privacy Rights

Before we fulfill any requests submitted by you, we are required to verify that you are the person that is the subject of the request. Our verification process consists of you answering a series of questions correctly to verify your identity. If you experience technical errors with or are unwilling to verify your identity through our verification process, please contact us at 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays) or consumerprivacy@nationwide.com, and we will send to you a notary form that you must sign, notarize, and return to us by mail to the following address:

Consumer Privacy
P.O. Box 182189
Columbus, Ohio 43218-2189

Nationwide may reject a request from an agent that fails to submit proof that they have been authorized by you to act on your behalf.

Third-Party Vendors & Business Partners

This paragraph contains instructions for all third-party vendors providing services to and third-party business partners of Nationwide. This paragraph does not apply to individual consumers.

If a California consumer submits a CPRA rights request directly to one of Nationwide’s third-party vendors or business partners, the vendor or partner must instruct the consumer to visit this policy and submit the request through one of the approved methods listed below (webform or toll-free telephone number).

Right to Access

Consumer: You may submit a request to access using the Personal Information Access Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).

Authorized Agent: Your authorized agent, on your behalf, may submit a request to access using the Personal Information Access Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).

For your security, your request, and our responses to it, will be available for you to access for 30 days, after which they will be deleted. If you would like to access your personal information again, please submit another request.

Please note that the CPRA does not require us to search for personal information if we:

1. Complete the transaction for which the personal information was collected, provide a good or service requested by you, conduct activities reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between Nationwide and you;
2. Ensure the security and integrity of information (such as detecting security incidents and protecting against and prosecuting malicious, deceptive, or illegal activity like fraud);
3. Debug to identify and repair errors that impair existing intended functionality;
4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
5. Comply with the California Electronic Communications Privacy Act;
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
7. Enable solely internal uses that are reasonably aligned with a consumer’s expectations based on their relationship with Nationwide; or
8. Comply with a legal obligation; or

Additionally, we may retain your personal information in our backup or archive systems until the retention period of those systems expire, as permitted by the CPRA.

Right to Delete

Consumer: You may submit a request to delete using the Personal Information Correction Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).

Authorized Agent: Your authorized agent, on your behalf, may submit a request to delete using the Personal Information Correction Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).

Please note that the CPRA does not require us to delete your personal information if it is necessary for Nationwide to:

1. Complete the transaction for which the personal information was collected, provide a good or service requested by you, conduct activities reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between Nationwide and you;
2. Ensure the security and integrity of information (such as detecting security incidents and protecting against and prosecuting malicious, deceptive, or illegal activity like fraud);
3. Debug to identify and repair errors that impair existing intended functionality;
4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
5. Comply with the California Electronic Communications Privacy Act;
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
7. Enable solely internal uses that are reasonably aligned with a consumer’s expectations based on their relationship with Nationwide; or
8. Comply with a legal obligation; or

Additionally, we may retain your personal information in our backup or archive systems until the retention period of those systems expire, as permitted by the CPRA.

Right to Correct

Consumer: You may submit a request to correct using the Personal Information Correction Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).

Authorized Agent: Your authorized agent, on your behalf, may submit a request to correct using the Personal Information Correction Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).

In order to effectively evaluate your request, we require that you provide us with documentation supporting your request by uploading it to our secure online portal or via postal mail to the following address:.

Consumer Privacy
P.O. Box 182189
Columbus, Ohio 43218-2189

If you provide supporting documentation via postal mail, please do not send us the original; we request that you only send a copy.

We will only use documentation provided by you for the purpose of responding to your request.

Right to Opt-Out of Sale/Sharing

Nationwide does not believe that it sells or shares the personal information of California consumers. However, we, our vendors, and third parties, such as advertising networks, social networks, and data analytics providers, may use cookies and related tracking technologies, such as web beacons, pixel tags, and flash objects (collectively, “Cookie(s)”), to collect information about your visits to our websites and third-party websites and then use that information to deliver advertisements relevant to your interests. Information collected about you on our websites by third parties could be combined with other information that you have provided to them or that they have collected from your use of their services. To opt out of the collection of your personal information using Cookies for advertising purposes, you can modify your Cookie settings using the Cookie Preference Center, which may be accessed through the banner on our websites. To effectively manage Cookies via this tool, you must set Cookie preferences on all web browsers that you use. If you clear the Cookies on your web browser(s), you may need to set your Cookie preferences again.

You can also opt out of the collection of your personal information via Cookies by enabling a Global Privacy Control (“GPC”) signal, which may be accessed by installing a supported web browser or browser extension. Please refer to the help section of your browser or visit the official Global Privacy Control website for more information.

This information may also be reviewed in our Notice of Right to Opt-out of Sale/Sharing, which may be accessed by selecting “Manage settings” on the Cookie Preference Center banner when first visiting our websites. On subsequent visits to our websites, the Notice may be accessed by clicking the Do Not Sell My Personal Information link in the footer of our websites. It may also be viewed in the Preferences section within the Settings on our mobile app.

Right to Limit Use/Disclosure

F. Retention of Information

We may retain the information relating to your CPRA request in accordance with our legal obligations and records retention policies. We may retain the information about your request to track and fulfill your request. Please note that we will maintain a record of your request and all correspondence for at least 24 months. We collect, store, or process your information in compliance with our privacy policies.

We may retain your personal information in accordance with our legal obligations, our records retention policies, or as otherwise permitted by law. For example, we may have a legal obligation to retain information relating to your agreements with us or claims relating to your products or services. We will delete your information once the legal obligation expires or after the period of time specified in our records retention policies.

G. Revisions

Nationwide may revise this policy from time to time as permitted by law. Nationwide will provide you the revised policy on this website, on a website that replaces this website, in person, via email, or using other methods. Changes are effective on the date they are posted.Nationwide may revise this policy from time to time as permitted by law. Nationwide will provide you the revised policy on this website, on a website that replaces this website, in person, via email, or using other methods. Changes are effective on the date they are posted.

H. Contact Us

You may contact us at consumerprivacy@nationwide.com if you have any questions or concerns about this policy or your privacy rights under the CPRA.