-
What is the California Consumer Privacy Act?
California Consumer Privacy Act (CCPA) is an act that was passed by the
California legislature in 2018. It took effect on January 1, 2020. It
provides individuals with privacy rights that are similar to existing
rights under the Gramm-Leach-Bliley Act (GLBA). However, the rights
under CCPA apply to all California residents, unlike GLBA rights, which
apply to customers (and in some cases consumers) of financial
institutions.
-
What is the Gramm-Leach-Bliley Act?
The Gramm-Leach-Bliley Act (or GLBA) is a federal act that created
various federal privacy and security requirements for financial
institutions in 1999. For example, you have the right to opt out of
affiliate sharing as a result of this act. GLBA also allows for State
Insurance Commissioners to pass similar regulations. Therefore, where
the products and services you purchase from us are regulated at the
state level, you may have similar privacy rights under state law.
-
What is the relationship between California Consumer Privacy Act
and Gramm-Leach-Bliley Act?
The CCPA includes an exception for personal information that is
collected, processed, or disclosed pursuant to GLBA. This is because, as
a consumer of our GLBA products or services, you already have many of
the rights under the CCPA. Therefore, when Nationwide collects,
processes, or discloses your personal information pursuant to our
financial products and services, we provide you with your rights under
GLBA, because CCPA would not apply. Where GLBA does not apply, we
provide you with your rights under CCPA. Substantively, your rights
under GLBA and CCPA are similar and you have the opportunity to exercise
them whenever you wish.
-
What are my rights under the California Consumer Privacy
Act?
You have the rights of access, deletion, notice, opt out, and
non-discrimination.
-
Where can I exercise my rights under the California Consumer
Privacy Act?
You have the right to access your personal information. You may use this personal information access request form to
request access to your personal information or call 1-844-541-4300. You
have the right to request that we delete the personal information we
have collected from you. You may use this personal information deletion request form
to request the deletion of your personal information or call
1-844-541-4300. You must provide us with your personal information so
that we may locate your information in our systems and distinguish it
from the information of others—for example individuals who may have
similar names or addresses to you. After you provide us with your
personal information, you must also notarize then send back a document
that is based on the information you have provided us. If we do not
receive this document with the notary seal and signatures in 30 days, we
will cancel your request and you may need to create another request.
-
How do I opt out of Nationwide selling my personal
information?
You need not opt out of the selling of your personal information because
Nationwide does not sell your personal information.
-
Who can I contact regarding other questions for California
Consumer Privacy Act and Nationwide?
You may read more about the CCPA by visiting the California Attorney General's
website. You may also contact Nationwide with any remaining
privacy questions at consumerprivacy@nationwide.com.
-
Why must I obtain a notarized document?
Nationwide must comply with the requirements of CCPA and the regulations
promulgated by the California Attorney General regarding verifiable
consumer requests while allowing you to exercise your rights under the
law. In order to preserve the privacy and the security of the
information you are trying to access or delete, we require proof that
you are who you say you are. We have determined that obtaining a
notarized form that includes your name provides us reasonable assurances
that you are who you say you are.
-
When I access my information, why is my personal information
displayed in the manner it is displayed in?
In allowing you to access your information, we request information from
various business units that may store your personal information. Some of
this information may include some variation as a result of the manner in
which it was provided to us or during the time it was provided to us For
example, one product may have your work phone number and work address,
another product may have your home phone number and home address or a
product may have an old address associated to you. In order to provide
you with a comprehensive report, we provide you with the information
from your various business units as we obtain it and we do not run
additional filters on this information.
-
How do I correct my information?
You may correct your information by calling us at 1-877-669-6877.
However, depending on the product that your request relates to, you may
need to contact your agent or broker dealer to correct it.
-
Does Nationwide charge a fee to respond to requests under
CCPA?
Generally, no. However, we may charge a reasonable fee for or refuse to
act on requests that are manifestly unfounded or excessive, including
repetitive requests. If we refuse to act on a request, we will notify
you of the reason.
-
How long will it take to access my personal information?
It may take up to 90 days to provide you with the information. However,
if you have not provided us with the notarized document, we may be
unable to verify that you are in fact the person who has made the
request.
-
Why didn’t I get any information?
It may be that we were unable to find you in our systems with the
information you provided to us. If you make a subsequent request and
provide additional information about yourself, we may be able to find
out more information about you in our systems. It is also possible that
any information you may have provided us has since been deleted as a
part of our records retention policies.
-
Why did I get so little information?
If the information you provided was not adequate to match you across all
of our databases, then we provided you with the information that was
available in our databases.
-
What happens when I request that you delete my data?
We delete your data subject to our legal obligations and related records
retention policies.
Please note that, under the CCPA, we are not required to comply with your
request to delete your personal information if it is necessary for
Nationwide to maintain your personal information in order to:
(1) Complete the transaction for which the personal information was
collected, provide a good or service requested by you, or reasonably
anticipated within the context of our ongoing business relationship with
you, or otherwise perform a contract between Nationwide and you;
(2) Detect security incidents, protect against malicious, deceptive,
fraudulent, or illegal activity; or prosecute those responsible for that
activity;
(3) Debug to identify and repair errors that impair existing intended
functionality;
(4) Exercise free speech, ensure the right of another consumer to
exercise his or her right of free speech, or exercise another right
provided for by law;
(5) Comply with the California Electronic Communications Privacy Act;
(6) Engage in public or peer-reviewed scientific, historical, or
statistical research in the public interest that adheres to all other
applicable ethics and privacy laws, when the businesses’ deletion of the
information is likely to render impossible or seriously impair the
achievement of such research, if you have provided informed consent;
(7) Enable solely internal uses that are reasonably aligned with a
consumer’s expectations based on their relationship with Nationwide;
(8) Comply with a legal obligation; or
(9) Otherwise use your personal information, internally, in a lawful
manner that is compatible with the context in which you provided the
information.
-
For what purposes do you use the information provided in my
request?
We use the information you provide us during the access or deletion
requests to process your request.
-
How long do you retain my information about my request?
We retain this information in accordance with our legal obligations and
records retention policies. We may retain the information about your
request to track and fulfill your request. We collect, store, or process
your information in compliance with our Privacy Policy.
-
How long do you retain my information?
We retain your information in accordance with our legal obligations and
records retention policies. For example, we may have a legal obligation
to retain information relating to your agreements with us or claims
relating to your products or services. We delete your data once the
legal obligation expires or after the period of time specified in our
records retention policies.
-
How long do I have access to my request?
For your security, your request will be available for you to access for
one week after which it will be deleted. If you would like to access
your personal information again, please make another request.
-
Why was my request denied?
We may have rejected your request for several reasons. Because it is
important for us to verify your identity for security purposes, we need
to ensure that you are who you claim to be. If signatures or seals in
your verifiable request were missing or invalid, we may reject your
request. If your notarized form had items removed or not matching to
your request, we may reject your request. If you already have an open
request, we may reject your request. If you did not confirm your email,
we may reject your request. We may have rejected your request because we
were unable to determine that you are a California resident.
-
How many requests may I make in one year?
You may make two requests to access your personal information in a
12-month period under the CCPA. You may make more than two requests;
however, we are not required under the CCPA to respond to them.