California Consumers' Federated DriveSAFE Notice at Collection and Privacy Policy

California Consumers' Federated DriveSAFE^SM Notice at Collection

• Notice at Collection - California

California Consumers' Federated DriveSAFE^SM Privacy Policy

This Policy only applies to California consumers/users (“You”) who are California residents, subject to the California Consumer Protection Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) and who use the Services. The “Services” include the Federated DriveSAFE Mobile Application (“Application”), the hardware telematics tag which will be affixed to a company vehicle (“Tag”), and the Fleet Portal which contains the telematics analytics in connection with the telematics program (“Portal”) as part of his/her employer’s participation in the telematics program with Federated. Further, this Policy only applies to Federated’s collection use or disclosure of Personal Information involving the Services.

The purpose of the Services is to provide you and your employer with information about your driving habits while using company vehicles. The information collected by the Application will be provided to your employer. Detailed information regarding the Services is contained in this Policy. By downloading and activating the Application, using the Portal or otherwise using the Services, you direct Federated to collect, use and disclose Personal Information to your employer. 

Federated Mutual Insurance Company, and our affiliates and subsidiaries (referred to in this Policy as Federated or “We”) is dedicated to safeguarding the privacy of the users of the Services. This Policy is to provide you with a comprehensive description of Federated’s online and offline information practices regarding the collection, use, disclosure and retention of your Personal Information. 

The Application wirelessly connects to a Tag that your employer places in company vehicles. The Services collect and use your driving data to assist your employer in managing your driving behavior and encourages and supports safer driving behaviors while driving a company vehicle. Your decision to participate in the Services is voluntary. If you choose not to participate do not download the Application or otherwise use the Services. By downloading and activating the Application or otherwise using the Services, you are consenting to the provisions of this Policy.

NOTE:  Federated does not sell or share your Personal Information. Federated does not have actual knowledge that it sells or shares the Personal Information of consumers under 16 years of age. Federated does not use or disclose sensitive personal information for purposes other than those allowed under CCPA Regulations §7027, subsection (m).  

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  “Personal Information” does not include:

• Publicly available information from government records or lawfully obtained, truthful information that is a matter of public concern.
• De-identified or aggregate consumer information.
• Information excluded from the CCPA, including information covered by other state and federal laws including HIPAA and the CMIA, FCRA, GLBA, the California FIPA, and the Driver’s Privacy Protection Act of 1994.

1. Right to Know

You have the right to request that Federated disclose certain Personal Information Federated has collected about you during the last 12 months. Federated will not disclose any Personal Information unless it receives a Verifiable Consumer Request (Information on how to complete a Verifiable Consumer Request is found below*). You have the right to request the following:

• Categories of Personal Information Federated has collected about you.
• Categories of sources from which the Personal Information is collected.
• The business or commercial purpose for collecting Personal Information.
• Categories of third parties to whom Federated discloses Personal Information.
• Categories of Personal Information that Federated disclosed for a business purpose about you.
• Specific pieces of Personal Information that Federated has about you.

2. Right to Request Deletion

You have the right to request that Federated delete any of your Personal Information that Federated collected from you and retained, subject to certain exceptions. Once Federated receives a Verifiable Consumer Request — and separately confirms the Verifiable Consumer Request to delete — Federated will delete (and direct its service providers to delete) the Personal Information from its records, unless an exception applies. Federated will not delete personal information about you that belongs to, or the business maintains on behalf of, another natural person. Federated may elect to deidentify or aggregate your information rather than deleting it. Information on how to complete a Verifiable Consumer Request to delete is found below.

Federated may deny a deletion request if maintaining the information is necessary for Federated to:

1. Complete the transaction for which the Personal Information was collected, provide a good or service requested by you, or reasonably anticipated within the context of Federated’s ongoing business relationship with you, or otherwise perform a contract between Federated and you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
3. Debug to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when Federated’s deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if you have provided informed consent.
7. Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Federated and compatible with the context in which you provided the information.
8. Comply with federal, state, or local laws; or comply with a court order or subpoena or other legal obligation; or to comply with a civil, criminal or regulatory inquiry by federal, state or local authorities or law enforcement agencies.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
10. Exercise or defend legal claims.

3. Right to Correct Inaccurate Personal Information

You have the right to request that Federated correct inaccurate personal information about you, maintained by Federated, taking into account the nature of the personal information and the purposes of the processing of the personal information.  Once Federated receives a Verifiable Consumer Request, as described below, it will use commercially reasonable efforts to correct the inaccurate personal information, as directed by you.  Federated will not correct personal information about you that belongs to, or the business maintains on behalf of, another natural person.

4. Exercising Right to Know, Right to Delete, and Right to Correct

To exercise the right to know, right to delete or right to correct described above, please submit a Verifiable Consumer Request to Federated by either:

• Completing the form at: www.federatedinsurance.com/verifiable-consumer-data-request-california; or
• Calling Federated TOLL-FREE at: 1-844-929-0147.

Federated needs to verify that the consumer making the request is the consumer about whom the business has collected information. Only you or an Authorized Agent may make a Verifiable Consumer Request related to your Personal Information.  An “Authorized Agent” is a person registered with the California Secretary of State that you have authorized to act on your behalf or an individual granted authority under a written power of attorney issued pursuant to California Probate Code sections 4121 to 4130. If an Authorized Agent is making the request and has not provided registration information or a power of attorney, Federated must receive written permission from you for the Agent to act on your behalf.

Consumers may only make a Verifiable Consumer Request to Know twice within a 12-month period. The Verifiable Consumer Request must: 

• Provide sufficient information that allows Federated to verify, to a reasonably high degree of certainty, that the requestor is the consumer about whom Federated collected Personal Information or an Authorized Agent.
• Describe the request with sufficient detail to allow Federated to properly understand, evaluate, and respond to it.

NOTE: Completing as much information as possible on the Verifiable Consumer Request form will make it more likely that Federated will be able to provide you with a substantive response.

Federated will attempt to match data provided in the Verifiable Consumer Request to data that Federated maintains on you. Federated will require a declaration under penalty of perjury, swearing that the requestor is the consumer (or Authorized Agent) whose Personal Information is the subject of the request. If Federated cannot, to reasonable or reasonably high degree of certainty (depending on the nature of the request), verify a requestor’s identity or authority to make the request and confirm the Personal Information relates to you, the request will be denied. Federated will also deny a request made by an Authorized Agent if the Authorized Agent does not submit proof that they have been authorized by you to act on your behalf, as described above. If this happens, Federated will state so in its response.

Making a Verifiable Consumer Request does not require the requestor to create an account with Federated. Federated will only use Personal Information provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request.

Federated will provide a response either by mail or electronically, at the requestor’s option.

5. Verifiable Consumer Request Response and Timing

Federated will confirm receipt of a Verifiable Consumer Request within 10 days of receipt and, upon verification, provide a response within 45 days. Federated may require an additional 45 days to verify and respond to some requests. If more than 45 days are required, Federated will notify the requestor within the first 45 days, explaining the reason for the delay.

Federated will not charge a fee to process or respond to a Verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If Federated determines that the Request warrants a fee, it will inform the requestor of the fee or refuse the Request and notify the requestor of the reason for refusal.

6. Right to Non-Discrimination

You have the right not to receive discriminatory treatment by Federated for the exercise of privacy rights conferred by the CCPA.  Federated will not discriminate against you because you exercised any of your rights under the CCPA.

7. What Personal Information Do We Collect?

When you download and activate or otherwise use the Services, We may collect the following categories of personal information over the previous 12 months, including:

• Personal Identifiers: Name, e-mail address, IP address, photo (optional),
• Employment Information: Your status as an employee of your employer,
• Internet or other electronic network activity information: information regarding your interaction with the Portal or the Application, 
• Geolocation data, including your precise geolocation while your phone is paired to a Tag and you are driving a company vehicle, but only to provide the Services you reasonably expect when using the Application and that are necessary for the Application to operate.
• Electronic Information: information regarding your phone, including make, model, operating system and capabilities, your use of the phone while driving (e.g., texting, placing or receiving a call in a non-hands free manner, other use), information regarding the Tag’s Bluetooth connection to the Application, and general information about the number of nearby Bluetooth devices detected by your mobile device.

NOTE: We only collect driving information (including your precise geolocation) when your phone is paired to a Tag installed in your employer’s vehicle and you are driving that “tagged” company vehicle. We do not collect any driving information when you are driving your personal vehicle or any other non-work vehicle. Some limited non-trip data may be collected, such as Application settings when the Application is opened by End User, in order to create messaging for End Users to fix their settings and to help troubleshoot scenarios that an End User isn't able to record.

We do not collect any data regarding the specific contents of your use of the phone. For example, we do not access or collect the text messages, phone calls/recordings, internet browser data, other application data, etc…. Only that the phone was used, other than hands-free, in some manner during driving.

8. Categories of Sources from Which We Collected the Categories of Personal Information Describe Above

• From you when you use the Services or when you contact us regarding an issue related to the Services.
• Third party service providers who assist us, pursuant to a written contract, in providing and supporting the application.
• Internet service providers, data analytics providers, government entities, operating systems and platforms and data brokers.

9. Business or Commercial Purposes for Which Federated has Collected Your Personal Information

We use your information, including Personal Information in order to:

• Provide you with the Services you requested.
• Administer and maintain the Services, provide customer service, process or fulfill requests and transactions, verify your information, administer changes or amendments to the Services, provide analytic services and for Federated’s operational purposes which are reasonably necessary and proportionate to achieve the operational purpose for which the information was originally collected. 
• Assist us in creating and developing safe driving programs for you and your employer.
• Track your driving over time, identify potentially hazardous driving, and report results to you and your employer via the Application and Portal.
• Confirm your identity and to assist you by providing customer and technical support regarding the application or Portal when you call Us to report a problem. 
• Detect, prevent, and investigate potential security incidents that compromise the availability, authenticity, integrity or confidentiality of stored or transmitted personal information.
• Protect against malicious, deceptive, fraudulent or illegal activity directed at Federated, and prosecuting those responsible for that activity. 
• Undertake activities to verify or maintain the quality or safety of the Services, and to improve, upgrade, or enhance the Services.
• Perform debugging to identify and repair errors that impair existing intended functionality.
• Undertake internal research for technological development and demonstration.
• Advance Federated’s lawful commercial or economic interests.

10. Categories of Personal Information That Federated Has Disclosed for a Business Purpose to Third Parties

All Categories of Personal Information identified above.

11. Categories of Third Parties To Whom Federated has Disclosed Personal Information Described Above

Federated may disclose consumer Personal Information to a third party service provider for a business or commercial purpose. When Federated discloses Personal Information for a business or commercial purpose, it enters into a contract, as required, that describes the purpose and requires the service provider recipient to both keep the Personal Information confidential and not use it for any purpose except performing the contract.

Federated discloses your Personal Information with the following categories of third parties:

• Service Providers
• Internet Service Providers
• Government Entities

12. Business or Commercial Purpose for Disclosing Personal Information

Federated discloses personal information for various purposes, including:

• Having Service Providers assist Us with verifying and maintaining the Services, providing customer and technical support, and maintaining the quality or safety of the Services, and to improve, upgrade, or enhance the Services.
• Other operational purposes.
• We disclose your driving trends and trip details to You, via the Application.
• We disclose your driving activity and company vehicle GPS location data with your employer via the Portal. We may disclose your information to comply with regulatory and law enforcement authorities and to respond to subpoenas, court orders or as otherwise permitted or required by law.

13. Changes to This Notice

Changes to this Notice will be posted at: www.federatedinsurance.com/drivesafe/california-privacy-policy. You can review this Policy and Notice at Collection from within the DriveSAFE application by navigating More > FAQs > Privacy > California Privacy Policy. The CCPA Policy may be printed as a separate document by accessing the policy online and utilizing your browser’s print function.

13. How to Contact Us

You can request additional information or obtain a copy of this Privacy Notice in an alternative format by contacting Federated at:  

• consumerdatarequest@fedins.com or
• TOLL FREE at: 1-844-929-0147

Privacy Contacts

If you have specific questions about your rights or about this notice, you may contact us at:

• Phone TOLL-FREE:  1-800-533-0472 and ask to speak to the Privacy Officer
• Postal Address: 

Federated Mutual Insurance Company
Attn:  Privacy Official – Legal
121 East Park Square
Owatonna, MN 55060

NOTICE:  Nothing in this CCPA Policy shall limit Federated’s ability to comply with applicable laws; comply with civil, criminal, or regulatory inquiries by federal, state or local authorities; cooperate with law enforcement concerning any potential violations of law; or otherwise exercise or defend legal claims.

This CCPA Policy was last updated: 10-17-2024