California Consumer Privacy Act Rights

Effective January 1, 2020

If you are a California resident, you may have rights under the California Consumer Privacy Act. Please review those rights below and the FAQs that follow. You may print or download a pdf version of this policy.

A. Collection of Information

B. Sources of Information

C. Purposes of Collection of Information

D. Sharing of Information

E. Your Consumer Rights

F. Authorized Agent

G. Revisions

H. Contact Us

I. Frequently Asked Questions

A. Collection of Information

Nationwide may collect the following categories of personal information about you, such as when we provide you with our products or services:

Personal identifiers, such as name, address, and Social Security number;
Protected classifications, such as medical conditions or military or veteran status;
Commercial information, such as products or services purchased, consumer report information, and information from transactions;
Biometric information, such as your voiceprint when you call our call centers;
Internet, browsing, or other network information, such as internet protocol address, session ID, click or touch stream data, movement, scroll, and in some cases, keystroke activity;
Geolocation data, such as vehicle information collected in connection with the SmartRide Program or other telematics or usage-based insurance programs, or geolocation data collected in connection with your use of our websites or mobile apps;
Audio recordings, such as call center recordings;
Professional or employment information, such as information collected from job applications and resumes;
Education information, such as information collected from job applications, transcripts, or resumes; and
Inferences, such as those drawn from credit reports or motor vehicle reports or from clickstream data.

B. Sources of Information

The following are the categories of sources of personal information we collect about you:

We may collect personal identifiers from you, publicly available databases, government databases, data aggregators, social media networks, and third parties from whom we have purchased data;
We may collect protected classifications information from you or from medical providers;
We may collect commercial information from you directly or from your use of our websites or mobile apps, from credit reporting companies, and from consumer reporting companies;
We may collect biometric information (your voiceprint) from you directly when you call our call centers;
We may collect internet, browsing, or other network activity from your use of our websites, mobile apps, or telematics devices;
We may collect geolocation data from your use of telematics devices or our mobile apps or in connection with your use of our websites;
We may collect audio recordings when you call our customer service call centers;
We may collect professional or employment information from your job applications, resumes, or recruiters;
We may collect education information from job applications, transcripts, resumes, or recruiters; and
We may collect inferences from your use of our websites, telematics devices, our mobile apps, or from information provided by credit or consumer reporting companies if you have applied for a financial product or service.

C. Purposes of Collection of Information

We collect and use personal information for our business purposes. For all categories of personal information listed in this policy, these business purposes include:

Auditing;
Detecting security incidents;
Protecting against and prosecuting malicious, deceptive, or illegal activity (such as fraud);
Debugging;
Short-term, transient use of personal information;
Performing services on behalf of Nationwide, another business, or a service provider (such as maintaining or servicing accounts or providing customer service);
Undertaking internal research; and
Verifying or maintaining the quality or safety of a service or device or improving a service or device.

Other examples of the business purposes include the following:

Personal identifiers are collected and used to respond to questions, requests, social media messages, and emails, track applications, provide customer service, market and provide products and services to you, set up, manage and service policies and accounts, conduct website or other surveys, verify your identity, and update our records;
Protected classifications are collected and used to provide products and services to you;
Commercial information is collected and used to offer our SmartRide Program or other telematics or usage-based insurance programs to you, market products or services to you, and help predict your future claims;
Biometric information (your voiceprint) is collected and used for fraud prevention or authentication purposes;
Internet, browsing, or other network activity is collected and used to conduct website and mobile app analysis, conduct research and analytics, develop our websites and mobile apps, market and provide products or services to you, manage our online advertising and its effectiveness, remember your preferences and interactions, respond to questions and emails, manage and service policies and accounts, conduct website and other surveys, and offer our SmartRide Program or other telematics or usage-based insurance programs to you;
Geolocation data are collected and used to offer our SmartRide Program or other telematics or usage-based insurance programs to you, conduct website and mobile app analysis, develop our websites and mobile apps, and market products or services to you;
Audio recordings are collected and used to improve customer service;
Professional or employment information is collected and used to process job applications and offers or denials of employment;
Education information is collected and used for processing your job application; and
Inferences are collected and used to market products or services to you and help predict your future claims.

We also collect and use all categories of personal information listed in this policy to comply with our legal obligations, resolve disputes, enforce our agreements, provide you with our products or services you have purchased, for everyday servicing purposes, and as otherwise described to you at the point of collection.

We do not sell your personal information to third parties. However, we share your personal information for the business purposes listed above and for the following reasons:

Personal identifiers may be shared with entities that provide us with customer service, account setup, account management and servicing, and data verification services;
Protected classifications information may be shared with entities that provide us with services to provide products and services to you;
Commercial information may be shared with entities that help us offer our SmartRide Program or other telematics or usage-based insurance programs to you, help market products or services to you, and help predict your future claims;
Your biometric information (voiceprint) may be shared with our service providers to assist in authentication and to service your account;
Internet, browsing, or other network information may be shared with entities that assist us with conducting website and mobile app analysis, conducting research and analytics, developing our websites and mobile apps, collecting information about our website and mobile app usage and email responses, marketing and providing products or services to you, managing our online advertising and its effectiveness, responding to questions and emails, managing and servicing policies and accounts, and helping to offer our SmartRide Program or other telematics or usage-based insurance programs to you;
Geolocation data may be shared with entities that assist us in providing our SmartRide Program or other telematics or usage-based insurance programs to you, conducting website and mobile app analysis, developing our websites, mobile apps, or insurance programs, and marketing products or services to you;
Audio recordings may be shared with entities that provide us with services to improve customer service or for authentication or fraud investigation purposes;
Professional or employment information may be shared with recruiters or with entities that help us with processing job applications or offers or denials of employment;
Education information may be shared with entities that provide us with human resources, job application, or recruitment services; and
Inferences may be shared with entities that provide us with services to market products or services to you and help predict your future claims.

Nationwide may also share all categories of personal information as part of corporate transactions, such as mergers, acquisitions, or divestitures, as well as with our affiliates and subsidiaries. We may be required to share all categories of personal information with law enforcement, regulatory agencies, or litigants based on enforceable requests for this information.

E. Your Consumer Rights

You may have a right to notice, opt out, non-discrimination, access, and deletion.

Notice. You may have a right to know about the personal information collected, used, disclosed, or sold. This policy is intended to satisfy that right.
Opt-out. While you may have the right to direct us not to sell your personal information to third parties, Nationwide does not sell your personal information. Therefore, there is no need for you to opt out of the sale of your personal information.
Non-discrimination. You may have the right not to be discriminated against for exercising any of the rights in this section.
Access. You may have the right to access your personal information. You may use this personal information access request form to request access to your personal information or call 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).
Deletion. You may have the right to request that we delete the personal information we have collected about you. You may use this personal information deletion request form to request the deletion of your personal information or call 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).

In order to exercise your rights relating to access and deletion, we need to verify your identity. When you submit a request to access or delete your personal information, we will send you a notary form that you must sign, notarize, and return to us. Nationwide also requires that you verify your email address if you would like to obtain your information electronically. The FAQs below provide you with additional information about this process.

Nationwide does not offer financial incentives for the collection, sale, or deletion of personal information. Therefore, there are no financial incentive programs for you to opt into and no description in this policy of the terms of any such program.

F. Authorized Agent

You have the right to designate an authorized agent to make a request on your behalf. Your designated agent may use the access and deletion links described above to make a request on your behalf. We must also receive a properly executed power of attorney that describes you, your designated authorized agent, and the purpose of the designation. This power of attorney must be sent with the notary form that we use to verify your identity. The FAQs below provide you with additional information about this process.

G. Revisions

Nationwide may revise this policy from time to time as permitted by law. Nationwide will provide you the revised policy on this website, on a website that replaces this website, in person, via email, or using other methods.

H. Contact Us

You may contact us at consumerprivacy@nationwide.com if you have any questions or concerns about this policy or your rights.

I. Frequently Asked Questions

Expand all

1. What is Nationwide’s privacy policy?

You may read Nationwide’s Online Privacy Policy, California Consumer Privacy Act Rights policy, and Insurance and Financial Product Privacy Notices. Depending on your relationship with us, one or more of these privacy documents may apply to you.

2. What are my rights under Nationwide’s privacy policies?

Depending on your relationship with us, you may have a right of access and correction relating to your personal information.

If you use our websites, you will have the rights we describe under our Online Privacy Policy. These rights include your right not to provide us with personal information, opting out of targeted ads, or opting out of cookies.

If you also obtain financial services products from us, you may also have the rights described in our Insurance and Financial Product Privacy Notices. Those rights include the right of access and correction and opting out of affiliate marketing, where applicable.

3. What is the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Act (GLBA) is a federal act that created various federal privacy and security requirements for financial institutions in 1999. For example, you have the right to opt out of affiliate sharing as a result of this act. GLBA also allows for State Insurance Commissioners to pass similar regulations. Therefore, where the products you purchase from us are regulated at the state level, you may have similar privacy rights under state law.

4. What is the California Consumer Privacy Act?

The California Consumer Privacy Act (CCPA) is an act that was passed by the California legislature in 2018. It took effect on January 1, 2020. It provides individuals with privacy rights that are similar to existing rights under GLBA. However, the rights under CCPA apply to all California residents, unlike GLBA rights, which apply to customers or consumers of financial institutions.

5. What is the relationship between California Consumer Privacy Act and Gramm-Leach-Bliley Act?

The CCPA includes an exception for personal information that is collected, processed, or disclosed pursuant to GLBA. This is because, as a consumer of our GLBA products or services, you already have many of the rights under the CCPA. Therefore, when Nationwide collects, processes, or discloses your personal information pursuant to our financial products, we provide you with your rights under GLBA, because CCPA would not apply. Where GLBA does not apply, we provide you with your rights under CCPA. Substantively, your rights under GLBA and CCPA are similar and you have the opportunity to exercise them whenever you wish.

6. What are my rights under the California Consumer Privacy Act?

You have the rights of notice, opt out, non-discrimination, access, and deletion. You may find additional information about these rights in our California Consumer Privacy Act Rights policy.

7. Where can I exercise my rights under the California Consumer Privacy Act?

You may exercise your rights under CCPA by visiting Your Privacy Preferences section of our landing page or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).

You may exercise your right to opt out under GLBA by calling 1-866-280-1809. You may exercise your right to access or correct personal information by sending a written and notarized request that reasonably describes the information you would like to access or correct to Nationwide, 1000 Yard Street GH-2D-OCA1, Columbus, OH 43212.

8. Does Nationwide sell my personal information?

Nationwide does not sell your personal information.

9. How do I opt out of Nationwide selling my personal information?

You need not opt out of the selling of your personal information because Nationwide does not sell your personal information. However, if you are a customer that obtains financial products from us, you may opt out of the sharing of your personal information with our affiliates by calling 1-866-280-1809.

10. What is the Fair Credit Reporting Act and its relationship with California Consumer Privacy Act?

The Fair Credit Reporting Act (FCRA) is a federal act that created various privacy rights for individuals and obligations for consumer reporting agencies and users of consumer reports. For example, you have the right to opt out of affiliate sharing of your consumer reports.

The CCPA includes an exception for activities involving the collection, maintenance, disclosure, sale, communication, or use of any personal information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by users or furnishers of consumer reports or by consumer reporting agencies.

Therefore, when Nationwide collects, discloses, communicates, or uses any personal information bearing on these criteria, Nationwide provides you with your rights under the FCRA, because CCPA would not apply. Substantively, your rights under the FCRA and CCPA are similar and you have the opportunity to exercise them whenever you wish.

If you obtain financial services or products from us, you may also have the rights described in our Insurance and Financial Product Privacy Notices. Those rights include the right of access and correction and opting out of affiliate marketing, where applicable.

11. How do I access my credit reports?

We may collect information about you from credit reporting agencies as permitted under the FCRA for permissible purposes (such as underwriting insurance). If you would like to obtain a copy of your credit report, please contact a credit reporting agency of your choice. You may also obtain a free credit report by visiting the annual credit report website.

12. Who can I contact regarding other questions for California Consumer Privacy Act and Nationwide?

You may read more about your rights under CCPA by reading our California Consumer Privacy Act Policy. You may also read more about the CCPA by visiting the California Attorney General’s website. You may also contact Nationwide with any remaining privacy questions at consumerprivacy@nationwide.com.

13. What must I do to access my personal information under CCPA?

You must either use this personal information access request form or call us at 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays). You must provide us with your personal information so that we may locate your information in our systems and distinguish it from the information of others—for example, individuals who may have similar names or addresses to you. You may need to provide us with your name, email address, address, phone number, driver’s license number, Social Security number, or account information, depending on the information you would like to access. After you provide us with your personal information, you must also sign, notarize, and submit the notary form so that we may verify your identity. If we do not receive this form with the notary seal and signatures in 30 days, we will cancel your request and you may need to create another request. Nationwide also requires that you verify your email address if you would like to obtain your information electronically.

14. What if I am a job applicant?

Nationwide’s California Consumer Privacy Act Rights policy is intended to provide you with your right to know the categories of personal information we collect and the purposes for which personal information is to be used under the CCPA. However, please note that job applicants do not currently have rights to access or delete personal information under the CCPA. Furthermore, please note that Nationwide does not sell your personal information in the context of your job application. Therefore, you don’t have to opt out of the sale of your personal information.

15. Why must I submit a notarized form?

Nationwide must comply with the requirements of CCPA and the regulations promulgated by the California Attorney General regarding verifiable consumer requests while allowing you to exercise your rights under the law. In order to preserve the privacy and the security of the information you are trying to access or delete, we require proof that you are who you say you are. We have determined that obtaining a notarized form that includes your name provides us reasonable assurances that you are who you say you are.

16. Why did I receive more than one report?

If you are California resident and you provide us with your notarized access form, as a courtesy to you, we may also provide you with personal information under GLBA. Therefore, you may receive a personal information report under CCPA and a personal information report under GLBA. These laws have different time periods for responding to such requests. Therefore, you may receive your GLBA report before your CCPA report.

17. When I access my information, why is my personal information displayed in the manner it is displayed in?

In allowing you to access your information, we request information from various business units that may store your personal information. Some of this information may include some variation as a result of the manner in which it was provided to us or during the time it was provided to us. For example, for one product, we may have your work phone number and work address, while for another product, we may have your home phone number and home address. We may have an old address for a product that you have not used for some time, while we may have a current address for a product that you are currently using. In order to provide you with a comprehensive report, we provide you with the information from your various business units as we obtain it and we do not run additional filters on this information.

18. How do I correct my information?

You may correct your information by calling us at 1-877-669-6877. However, depending on the product that your request relates to, you may need to contact your insurance agent or broker dealer to correct it.

19. What is an authorized agent?

An authorized agent is a person or business registered with the California Secretary of State to conduct business in California that you have authorized to act on your behalf for the purposes of exercising your rights under this policy.

20. Are there any authorized agent designation requirements?

Yes. When using an authorized agent, you must provide the agent with written and signed permission to act on your behalf that includes a power of attorney. Nationwide may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. Acceptable proof includes a properly executed power of attorney from you to your authorized agent that describes you and your authorized agent in a verifiable manner and the purpose of your request.

Additionally, you must also verify your own identity directly with Nationwide. You may do so by notarizing then sending back a form that is based on the information you have provided us. If we cannot verify your identity, we will let you know and may deny the request. The power of attorney and the notarized form to verify your identity must be sent together.

21. Does Nationwide charge a fee to respond to requests under CCPA?

Generally, no. However, we may charge a reasonable fee for or refuse to act on requests that are manifestly unfounded or excessive, including repetitive requests. If we refuse to act on a request, we will notify you of the reason.

22. How long will it take to access my personal information?

It may take up to 90 days to provide you with the information. However, if you have not provided us with the notarized form, we may be unable to verify that you are the person who has made the request.

23. Why didn’t I get any information?

It may be that we were unable to find you in our systems with the information you provided to us. If you make a subsequent request and provide additional information about yourself, we may be able to find out more information about you in our systems. It is also possible that any information you may have provided us has since been deleted as a part of our records retention policies. Your information may be in a record that is exempted from disclosure under the CCPA or other applicable privacy law.

24. Why did I get so little information?

The information you provided may not have been adequate to match the information in our databases. Your information may be in a record that is exempted from disclosure under the CCPA or other applicable privacy law.

25. Does my personal information access report include everything that you have about me?

Not necessarily. Some types of information are exempt from the CCPA. Generally, CCPA does not apply to credit reports under the Fair Credit Reporting Act, financial records under GLBA, or medical records under Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act.

In addition, please note that the CCPA regulations do not require us to search for personal information if we:

Do not maintain the personal information in a searchable or reasonably accessible format;
Maintain the personal information solely for legal or compliance purposes; and
Do not sell the personal information and do not use it for any commercial purpose.

The types of records we did not search include records relating to litigation and claims, among others.

As a result, these types of personal information or records are not included in your personal information access report.

26. For what purposes do you use the information provided in my request?

We use the information you provide us during the access or deletion requests to process your request.

27. How long do you retain the information about my request?

We retain the information relating to your request in accordance with our legal obligations and records retention policies. We may retain the information about your request to track and fulfill your request. Please note that we will maintain a record of your request as allowed by CCPA § 1798.105. We collect, store, or process your information in compliance with our privacy policies.

28. What happens when I request that you delete my data?

We delete your data subject to our legal obligations and related records retention policies.

Please note that, under the CCPA, we are not required to comply with your request to delete your personal information if it is necessary for Nationwide to maintain your personal information in order to:

Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between Nationwide and you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
Debug to identify and repair errors that impair existing intended functionality;
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act;
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
Enable solely internal uses that are reasonably aligned with a consumer’s expectations based on their relationship with Nationwide;
Comply with a legal obligation; or
Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Please note that, as permitted under the CCPA regulations, we may retain your personal information in our backup or archive systems until the retention period of those systems expire.

29. How long do you retain my information?

We retain your information in accordance with our legal obligations, our records retention policies, or as otherwise permitted by law. For example, we may have a legal obligation to retain information relating to your agreements with us or claims relating to your products or services. We may delete your data once the legal obligation expires or after the period of time specified in our records retention policies.

30. How long do I have access to my request?

For your security, your request will be available for you to access for 30 days after which it will be deleted. If you would like to access your personal information again, please make another request.

31. Why was my request denied?

We may have rejected your request for several reasons. Because it is important for us to verify your identity for security purposes, we need to ensure that you are who you claim to be. If signatures or seals in your verifiable request were missing or invalid, we may reject your request. If your notarized form had items removed or not matching to your request, we may reject your request. If you already have an open request, we may reject your request. If you did not confirm your email, we may reject your request. We may have rejected your request because we were unable to determine that you are a California resident.

32. How many requests may I make in one year?

You may make two requests to access your personal information in a 12-month period under the CCPA. You may make more than two requests; however, we are not required under the CCPA to respond to them.

Table of Contents

A. Collection of Information

B. Sources of Information

C. Purposes of Collection of Information

D. Sharing of Information

E. Your Consumer Rights

F. Authorized Agent

G. Revisions

H. Contact Us

I. Frequently Asked Questions

Share: