E. Your California Privacy Rights
The CCPA grants you the privacy rights described in this section, subject to certain limitations and exceptions. Your CCPA rights do not apply to personal information protected by other laws, such as the Fair Credit Reporting Act (“FCRA”), the Gramm Leach Bliley Act (“GLBA”), the Health Insurance Portability and Accountability Act (“HIPAA”), and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).
- Right to Notice. The right to know how we collect, use, disclose, sell, or share your personal information. This policy is intended to satisfy that right.
- Right to Access. The right to know and access what personal information we have collected about you, including the categories of personal information, the categories of sources from which your personal information is collected, the business or commercial purpose for collecting, selling, or sharing your personal information, the categories of third parties to whom we disclose your personal information, and the specific pieces of personal information that we have collected about you.
- Right to Delete. The right to delete personal information that we have collected from you, subject to certain exceptions.
- Right to Correct. The right to correct inaccurate personal information that we maintain about you.
- Right to Opt Out. The right to opt-out of the sale or sharing of your personal information by us if we sell or share personal information.
- Right to Limit. The right to limit the use or disclosure of your personal information by us to purposes permitted by the CCPA, if we use or disclose sensitive personal information.
- Right to Non-Discrimination. The right not to be discriminated against for exercising any of the privacy rights in this section. We do not use the fact that you have exercised or requested to exercise any CCPA right for any purpose other than facilitating a response to your request.
Exercising Your California Privacy Rights
You or your authorized agent may submit a California privacy rights request using one of the designated methods outlined below. When submitting your request, you must provide us with certain information so that we may locate your personal information in our systems and distinguish it from the personal information of others—for example, individuals who may have similar names or addresses to you. You may need to provide us with your name, email address, address, phone number, driver’s license number, Social Security number, or account information, depending on the information you would like to access.
Once we receive your request, we will acknowledge receipt within 10 business days and provide additional information about our verification process and the processing of your request. We will try to process your request within 45 days of receiving it. If we need more time (up to an additional 45 days), we will notify you of our need for additional time and explain the reason why we need more time prior to the end of the initial 45-day period.
We do not generally charge a fee to fulfill any of your requests under CCPA; however, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, including repetitive requests. If we refuse to act on a request, we will notify you of the reason.
Identity Verification Requirements
Before we fulfill any requests submitted by you, we are required to verify that you are the person that is the subject of the request. Our verification process consists of you answering a series of questions correctly to verify your identity. If you experience technical errors with or are unwilling to verify your identity through our verification process, please contact us at 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays) or firstname.lastname@example.org, and we will send to you a notary form that you must sign, notarize, and return to us by mail to the following address:
P.O. Box 182189
Columbus, Ohio 43218-2189
Nationwide will reimburse you for any reasonable notarization fees. Failure to verify your identity may result in the rejection of your request.
Authorized Agent Requirements
You may authorize an agent to submit a privacy request on your behalf. Please note, requests submitted by authorized agent also require verification of your identity before processing. Your authorized agent will need to complete the identity verification process explained in the preceding section. Nationwide may reject a request from an agent that fails to complete the identity verification process.
Third-Party Vendors & Business Partners
This paragraph contains instructions for all third-party vendors providing services to and third-party business partners of Nationwide. This paragraph does not apply to individual consumers.
If a California consumer submits a CCPA rights request directly to one of Nationwide’s third-party vendors or business partners, the vendor or partner must instruct the consumer to visit this policy and submit the request through one of the approved methods listed below (webform or toll-free telephone number).
Right to Access
Consumer: You may submit a request to access using the Personal Information Access Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).
Authorized Agent: Your authorized agent, on your behalf, may submit a request to access using the Personal Information Access Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).
For your security, your request, and our responses to it, will be available for you to access for 30 days, after which they will be deleted. If you would like to access your personal information again, please submit another request.
Please note that the CCPA does not require us to search for personal information if we:
- Do not maintain the personal information in a searchable or reasonably accessible format;
- Maintain the personal information solely for legal or compliance purposes; and
- Do not sell the personal information and do not use it for any commercial purpose.
Right to Delete
Consumer: You may submit a request to delete using the Personal Information Deletion Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).
Authorized Agent: Your authorized agent, on your behalf, may submit a request to access using the Personal Information Deletion Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).
Please note that the CCPA does not require us to delete your personal information if it is necessary for Nationwide to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by you, conduct activities reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between Nationwide and you;
- Ensure the security and integrity of information (such as detecting security incidents and protecting against and prosecuting malicious, deceptive, or illegal activity like fraud);
- Debug to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
- Enable solely internal uses that are reasonably aligned with a consumer’s expectations based on their relationship with Nationwide; or
- Comply with a legal obligation.
Additionally, we may retain your personal information in our backup or archive systems until the retention period of those systems expire, as permitted by the CCPA.
Right to Correct
Consumer: You may submit a request to delete using the Personal Information Correction Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).
Authorized Agent: Your authorized agent, on your behalf, may submit a request to access using the Personal Information Correction Request webform or by calling 1-844-541-4300 (12 p.m. – 6 p.m. ET, weekdays).
In order to effectively evaluate your request, we require that you provide us with documentation supporting your request by uploading it to our secure online portal or via postal mail to the following address:
P.O. Box 182189
Columbus, Ohio 43218-2189
If you provide supporting documentation via postal mail, please do not send us the original; we request that you only send a copy.
We will only use documentation provided by you for the purpose of responding to your request.
Right to Opt-Out of Sale/Sharing
Over the last 12 months, the categories of personal information Nationwide may have shared or sold, as these terms are defined under the CCPA, include: identifiers; internet, browsing, or other network information; inferences; and geolocation.
To opt out of the collection of your personal information using Cookies for advertising or analytics purposes, you can modify your Cookie settings using the Cookie Preference Center, which may be accessed through the banner when first visiting our websites or at any time via the “Do Not Sell or Share My Personal Information” link in the footer of our websites. To effectively manage Cookies via this tool, you must set Cookie preferences on all web browsers that you use. If you clear the Cookies on your web browser(s) or device(s), you may need to set your Cookie preferences again. When using our mobile applications, you may set or alter your preferences at any time in the Preferences section of the Settings within the mobile application.
You can also opt out of the collection of your personal information via Cookies by enabling a Global Privacy Control (“GPC”) signal, which may be accessed by installing a supported web browser or browser extension. Please refer to the help section of your browser or visit the official Global Privacy Control website for more information.
Right to Limit Use/Disclosure
Nationwide does not use or disclose your sensitive personal information for purposes other than as permitted by the CCPA, so there is no need for you to request to limit the use or disclosure of your sensitive personal information.