Allstate online privacy statement

Allstate collects personal and other information about you. Personal information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with you. Other, non-personal information does not and cannot reveal an individual’s identity such as information that has been de-identified or aggregated. The information we collect varies based on what products and services you have with us.

We collect personal information about you in several ways from several sources. We collect personal information directly from you including when you sign up for services, buy a product, subscribe to a membership or mailing list, set up an account with us, enroll in a mobile app feature such as Allstate Digital Footprint℠ or Drivewise^® or during the quoting, registering, application, claims handling or roadside assistance processes. We and service providers working on our behalf collect personal information from you such as IP address, browsing history and other internet activity information when you use one of our websites, mobile apps, view our emails or otherwise engage with us through a computer or mobile device (“Sites”). We also collect personal information about you from third parties such as consumer reporting agencies, service providers, marketing companies and data providers.

We collect the following categories of personal information:

Sensitive Personal Information: Some personal information we collect is defined under the law as sensitive personal information. Sensitive personal information we collect includes Social Security number, driver’s license number, state identification card number, passport number, customer account log-in, financial account number, debit card number, credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation information, racial or ethnic origin, religious beliefs, union membership, genetic data, biometric information used for identification, personal health information and sexual orientation or sexual history.

We do not sell your personal information. We may share your personal information with our affiliates for business purposes consistent with the uses described in this Privacy Statement. We may also share personal information about you with third parties whenever you consent to or direct such sharing. We strive to work with companies that share our commitment to privacy. We may also share information with others in an aggregated or de-identified form that does not reasonably identify you.

We may also share your personal or other information with service providers and other third parties for business purposes or as required or permitted by law including with:

Companies involved in insurance and other business transactions: We share your personal information with other companies that play a role in an insurance transaction with you such as independent claims adjusters, repair shops, and other claims related companies. We may also share your personal information to participate in insurance support organizations.

Authorized agents or brokers: Allstate operates through agents and brokers who sell our services and products on our behalf. We may share your personal information with those agents or brokers to provide you with the services you’ve requested. They may use your personal information in the manner described in this Privacy Statement.

Service providers: Personal information may be shared with service providers who perform services on our behalf for a business purpose including service providers that:

• help complete transactions, handle a claim, service your policy or service your membership,
• engage in credit reporting or payment processing,
• provide marketing and advertising, email or other communication services,
• provide services that support our online activities including providing tracking technologies, web hosting and analytics,
• provide tax and accounting, legal services, delivery, and data enhancement services,
• provide technology services and enhance security, privacy and fraud protections,
• provide data analytics services or conduct research or actuarial studies, and
• provide support to our operations.

Marketing and advertising partners: We may share personal and other information with third party online and other marketing and advertising partners or permit these partners to collect personal information from you directly on our Sites to personalize online advertising. We may share personal information with other financial institutions or other companies with whom we have a joint marketing agreement. The Cookies and Other Tracking Technologies section below has more details about these activities.

Third parties in connection with a business transaction: Personal information may be disclosed to third parties in connection with a corporate transaction, such as a merger, sale of any or all of our company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by an affiliate or third party, or in the event of a bankruptcy or similar proceedings.

Law enforcement, regulators and other parties for legal reasons: Personal information may be disclosed to third parties, as required by law or subpoena, or if we reasonably believe such action is necessary to:

• comply with the law and the reasonable requests of regulators, law enforcement or other public authorities,
• protect our or others safety, rights or property, and
• investigate fraud or to protect the security or integrity of our Sites or any product or services.

We share the following categories of personal information with the following parties:

Technologies and information collected: When you visit our Sites, we and our service providers automatically collect information about your use of and access to these Sites. We collect this information through a variety of tracking technologies, including cookies, Flash objects, web beacons (also called pixel tags), embedded scripts, location-identifying technologies, and similar technology (collectively, “tracking technologies”). Information we collect automatically about you may be combined with other personal information we collect directly. The information collected in this manner includes:

• The website from where you accessed the Site, where you went to when you left the Site, how frequently you visit the Sites, when and whether you open emails or click the links contained in emails, pages you visit on our Sites, the links you click and ads you view, or your location when you access our Sites,
• Information about the computer, tablet, smartphone or other device you use, such as your IP address, browser type, Internet service provider, platform type, device type/model/manufacturer, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account (including, e.g., a persistent device identifier or an Ad ID), and other similar information,
• Analytics information collected by us or via third party analytics tools, to help us measure traffic and usage trends for the Sites and to understand more about the demographics and behaviors of our users, and
• How often you use a mobile app, from where the app was downloaded, events that occur within the app, aggregated usage, and performance data.

Use of the information: The information collected through tracking technologies allows us to provide you with an improved, enhanced and personalized customer experience, to monitor and improve our Sites and for other internal purposes such as:

• Remembering information so that you will not have to re-enter it during your visit or the next time you visit the Sites,
• Provide custom, personalized content and information, including targeted content, communications and advertising,
• Identify and contact you across multiple devices,
• Provide and monitor the effectiveness of our Sites,
• Perform analytics and detect usage patterns on our Sites,
• Diagnose or fix technology problems,
• Detect or prevent fraud or other harmful activities, and
• Otherwise to plan for and enhance our Sites.

Our service providers include Adobe and Google. To learn about Adobe Analytics privacy practices or to opt-out of cookies set to facilitate reporting, click here. To learn more about Google's privacy practices, click here. To access and use the Google Analytics Opt-out Browser Add-on, click here.

We participate in the Adobe Marketing Cloud Device Co-op to better understand how you use our website and apps across the various devices you use, and to deliver tailored promotions. Learn more at https://cross-device-privacy.adobe.com about how Adobe does this.

Your choices regarding cookies: If you prefer not to accept cookies, most browsers will allow you to manage cookies in your browser settings to disable or block cookies, remove existing cookies, automatically accept cookies or to notify you when you receive a cookie. Options available may vary by browser. However, if you disable, modify, or reject cookies, some parts or functionalities of our Site may be inaccessible or not function properly. For example, disabling cookies may require you to repeatedly enter information to take advantage of services or promotions.

Opting out of online personalized advertising and do not track: We or our marketing and advertising service providers may use information about your activities on our Sites or other websites, to help tailor our advertisements or offers to what may interest you — also called interest-based advertising. The information is collected using the tracking technologies explained above. To limit interest-based advertising click here.

You may continue to see generic or non-targeted ads about our products and services if you opt-out of interest-based advertising. Although we do our best to honor the privacy preferences of our visitors, we are currently not able to respond to “Do Not Track” signals from your browser.

California residents have certain rights under CCPA to access and delete personal information described in this section, and other rights described below. While these CCPA rights do not apply to all personal information collected by Allstate, such as personal information that is subject to certain federal or state laws, for transparency and for your convenience we have extended these rights to personal information we believe may be relevant to your request.

Verified requests: To protect you and your personal information, we will only respond to access or deletion requests that we have been able to properly verify through our authentication processes. To verify your identity, you will be asked to provide several pieces of personal information, such as name and demographic information, which we only use to verify your identity or authority to make the request.

Submitting a request: To submit an access or deletion request, please click here to submit an online request or call us at 1-800-624-4419. Responses to a verified request may take up to 45 calendar days, or longer depending on the nature of the request. If additional time is needed, we will notify you of the additional time. We may only respond to two access requests within a 12-month period. Requests from authorized agents must be submitted via the same online portal or toll-free number but to protect your privacy, consumers will be required to verify their identity directly with us via our online portal or toll-free number.

Right to access your personal Information: You have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months including:

• the specific pieces of personal information we have collected about you,
• the categories of personal information collected,
• the categories of sources from which personal information was collected,
• the business purpose for collecting the personal information, and
• the categories of third parties with whom we share personal information.

Right to deletion of personal Information: You have the right to request we delete personal information we collected. We will delete your personal information in response to a verifiable request unless needed to:

• Complete a transaction for which we collected the personal information, provide a good or service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you,
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities,
• Debug products to identify or repair errors that impair functionality,
• Exercise free speech ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law,
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us,
• Comply with a legal obligation, or
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Non-Discrimination rights: You have the right not to receive discriminatory treatment by us for the exercise of your California privacy rights.

Consumer Request Metrics: The chart below lists the number of access and deletion requests Allstate received, complied with and denied from residents of California in 2021 along with the average amount of days it took to complete a request.

Links to other company’s websites may be provided on the Allstate Sites as a convenience to you. If you choose to go to these external websites, you will be subject to the privacy practices of those external websites; Allstate is not responsible for the privacy practices of those websites. We encourage you to be aware when you leave our Site to read the privacy policies or statements of every website you visit, as those privacy policies or statements may differ from ours. Our Privacy Statement applies solely to the Sites where this Privacy Statement appears.

Our website includes Social Media features, such as the Facebook Like button and widgets, such as the Share This button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social Media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing it.

If you enroll in the Allstate Digital Footprint℠ feature through the mobile app, you provide Allstate access to your Microsoft and/or Google email accounts. We will only use the data accessed from your Microsoft and Google accounts to read, write, modify, or control email message bodies (including attachments), metadata, headers, and settings (“email data”) to:

• identify certain online accounts,
• notify you of known security breaches related to those accounts, and
• send data privacy requests, unsubscribe requests or deletion requests from your email account at your request.

We will not:

• transfer email data to others unless it is necessary to provide and improve features, comply with applicable law, or otherwise provide the services, use email data for serving advertisements, or
• allow a person to read your email data unless we have your affirmative agreement regarding specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for an Allstate product’s internal operations.

We may periodically update or revise this Privacy Statement. The effective date at the top of the document shows when this Privacy Statement was last revised. We will let you know when we update the Privacy Statement by changing the date or other appropriate means.