California privacy rights

The privacy notice(s) that apply to you vary based on the type of relationship you have with State Farm®.

If you have financial products or services (banking, securities, or insurance) which are used primarily for personal, family, or household purposes or State Farm has your information in connection with these types of products, you are subject to the Notice of Privacy Policy which is required by the Gramm-Leach-Bliley Act (GLBA).

If you have insurance products (auto, homeowners, life, or health) or are a claimant or beneficiary related to insurance products primarily for personal, family, or household purposes, you are subject to the California Insurance Information and Privacy Protection Act notice. This notice may apply in addition to the notices described above, which are provided in accordance with GLBA and/or HIPAA.

If you are a State Farm employee or independent contractor agent and have enrolled in a State Farm group health plan or if you are a consumer who has purchased a health insurance policy, you are subject to the Health Insurance Portability and Accountability Act notice.

If you are a resident of California, you may have protections, subject to certain limitations, under the California Consumer Privacy Act (CCPA) notice. In general, consumers subject to this notice will be those who do not have an existing customer relationship with State Farm.

In addition to the information collection and sharing practices described above, State Farm website properties and mobile applications may use common tracking technologies. Learn more about our ads and tracking activities.

Get your Notice of Privacy Policy online

A Good Neighbor is a Green Neighbor

California Consumer Privacy Act

If you are a California resident and would like to exercise your CCPA rights, utilize the applicable link below to access and complete the data access request form.

  • California Consumers without State Farm online access - Request Form
  • California Consumers with State Farm online access - Request Form
California Consumer Privacy Notice

We value your privacy.

This State Farm California Consumer Privacy Notice describes how we collect, use, and disclose the personal information of California consumers and the rights prescribed by the California Consumer Privacy Act (CCPA).

Your Personal Information covered by this notice may also be protected by other laws such as the Financial Services Modernization Act (also known as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA) and the Fair Credit Reporting Act (FCRA), and where applicable, those laws primarily govern how we use and disclose personal information. Our privacy notices concerning personal information protected by state laws, as well as by GLBA and HIPAA, can be found on our website. The website also provides information concerning our online advertisements and mobile applications.

This Notice does not apply to California residents in their capacity as State Farm job applicants, current and former: employees, State Farm agents, agent team members, contractors, or business to business contacts.

In the event of a conflict between this Notice and other State Farm privacy notices or policies, this Notice will prevail as to California consumers’ rights under the CCPA.


The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

We collect personal information from multiple sources, including directly from you or your agent, from other individuals, service providers or other third party vendors, publicly available sources, consumer reporting agencies, government agencies, or other businesses.

We retain personal information according to our retention schedules, which are established by our business needs, along with legal and regulatory requirements. 

We collected and disclosed the following categories of personal information (in the last 12 months) about California consumers:

 

Categories of Personal Information Collected and Disclosed Categories of Third Parties to Whom Personal Information is Disclosed
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number or passport number. We may disclose identifiers to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
2. Personal Records such as physical characteristics or description, signature, telephone number, education, employment, employment history, insurance policy number, or any other financial information, medical information or health insurance information. We may disclose personal records to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
3. Classifications such as sex, marital status, familial status, race and gender. We may disclose classifications to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
4. Commercial Information such as personal property records, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. We may disclose commercial information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
5. Biometric Information such as genetic, physiological, behavioral and biological characteristics, that can be used to establish individual identity, including but not limited to fingerprints, voiceprints, retina scans from which an identifier template can be extracted, other physical patterns and sleep, health or exercise data, that contain identifying information. We may disclose biometric information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
6. Internet Usage Information such as browsing history, search history, and information regarding your interaction with an Internet Web Site, application, or advertisement. We may disclose internet usage information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
7. Geolocation Data such as precise physical location or movements and travel patterns. We may disclose geolocation data to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
8. Sensory Data such as audio recordings of customer care calls, electronic, visual or similar information. We may disclose sensory data to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
9. Professional or Employment Information such as professional licenses or designations, employment history. We may disclose professional or employment information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
10. Education Information such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, education level, transcripts, class lists, student schedules, student identification codes, student financial information or student disciplinary records. We may disclose education information to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.
11. Inferences from Personal Information Collected such as creating a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. We may disclose inferences to third parties such as: other individuals, service providers, other vendors, credit reporting agencies, government agencies or other businesses.

 

We may disclose any or all of the categories of personal information collected for business purposes such as offering, developing and maintaining products and services, completing transactions with individuals or other businesses, preventing fraud, for our everyday business operations, or as required or permitted by law.

Personal information does not include public information lawfully made available from governmental records or de-identified or aggregate consumer information. We will implement technical safeguards to prohibit re-identification of de-identified information about you. We also reserve the right to create or allow others to create aggregate consumer information data sets by ensuring that individual consumer identities have been removed and are not linked or reasonably linkable to any consumer or household, including via a device. The CCPA does not require that such information be re-identified in response to a request made pursuant to the CCPA.


We collect, use, and disclose personal information to offer, provide, or maintain insurance and financial products and services and as otherwise related to the operation of our business, or as required or permitted by law.

We may collect, use, and disclose the personal information we collect for one or more of the following business purposes:

  • Processing Interactions and Transactions such as customization of advertisements as a result of visiting one of our web pages.
  • Managing Interactions and Transactions such as auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  • Performing Services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
  • Research and Development for technological development and demonstration.
  • Quality Assurance to verify or maintain the quality or safety of a service or device that is owned, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
  • Security such as detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.

We restrict the use of personal information that is shared with our vendors for business purposes.

We may collect, use, and disclose personal information for commercial purposes such as marketing. As described in the section below (“Sale of Personal Information”), we may also collect, use and disclose personal information for interest-based advertising.


The CCPA requires us to state how we handle and process Global Privacy Control (“GPC”) signals, which is referred to in the CCPA as opt-out preference signal (“OOPS”). GPC/OOPS are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the Sale and Sharing of personal information. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC. As of January 1, 2023, the CCPA’s updated regulations, which are supposed to set forth requirements as to OOPS/GPC, have not yet been finalized. We will process OOPS/GPC as required when the regulations are finalized. In the meantime, to our knowledge, we have configured the settings of our consent management platform to receive and process GPC signals on our websites. Similar to when you configure cookies manually, GPC/OOPS will only apply to the browser and device you are currently using to visit our websites. It will not apply to a different browser or device. If you visit our webpages using a different browser or device, you will need to exercise your choice for each browser or device.


The California Consumer Privacy Act (CCPA) gives California residents the right to opt out of the “sale” or “sharing” of personal information.

We do not sell your personal information (PI) for monetary consideration. Third-Party digital businesses (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that collect personal information about you on our website, or otherwise collect and process personal information that we make available about you, including digital activity information. Giving access to personal information on our website, or otherwise, to Third-Party Digital Businesses could be deemed a “sale” and/or “sharing”. Therefore, we will treat such PI collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the PI we make available about you is collected directly by such Third-Party Digital Businesses using cookies or other tracking technologies on our website or our advertisements that are served on third-party sites (which we refer to as “cookie PI").

Please refer to the section “Sale or Sharing of Personal Information" in the CCPA Notice for more details.

Opt-out for cookie PI: You can exercise this right with respect to cookie PI by clicking on the “Do Not Sell or Share My Personal Information” link below, which will cause the cookie preferences pop-up menu to appear. You will need to click on each “toggle” within the cookie preferences pop-up menu and move it to the left, then click “save” in order to stop the collection of your personal information by the cookies and trackers. Your choice will only apply to the browser and device you are currently using to visit our websites. It will not apply to a different browser or device. If you visit our webpages using a different browser or device, you will need to exercise your choice for each browser or device. If you have a cookie blocker or similar tool enabled, it may prevent our cookie banner and the cookies preferences pop-up menu from appearing. Your preferences are saved via an essential cookie, so if you clear cookies from your browser, it will also clear the opt-out preferences that you have made.

If you do not wish to exercise your opt-out right with respect to all cookies, you can manage individual cookie preferences. However, you must follow the above instructions as to all cookie categories presented to you in order to opt out of the “sale” or “sharing” of your personal information. Please be aware that when you toggle off all cookies, the way our website functions may change. If at any point you want to update your cookie preferences, you may do so by clicking on the Do Not Sell or Share My Personal Information link which you can find on our cookie banner or at the bottom of each webpage.

DO NOT SELL OR SHARE MY PERSONAL INFORMATION (CA Residents Only)

In addition, third party tools enable you to search for and opt-out of some of these tracking devices, such as the Ghostery browser plug-in available at https://www.ghostery.com/. Further, we endeavor to comply with industry guidelines on behavioral advertising, and you can learn more about your choices regarding certain kinds of online interest-based advertising here. We do not represent that these third party tools, programs or statements are complete or accurate.


California consumers have the privacy rights described in this section, subject to certain limitations. Personal information protected by other laws such as the Financial Services Modernization Act (also known as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Fair Credit Reporting Act (FCRA) is exempted from the following CCPA rights. Personal information provided to us or collected by us in connection with insurance or financial products and services are protected by these laws and not subject to the following rights granted by the CCPA.

You may submit a request described below or submit one through an authorized agent (examples of an authorized agent may include a power of attorney, guardian, conservator or one registered with the California Secretary of State). Requests submitted to us are subject to review, identification, and verification. We will acknowledge receipt of your request and provide information about processing the request and the verification process. We may ask you for information which allows us to confirm your identity in relation to information we currently have. In addition, we may require notarization of any forms submitted. We will reimburse you for reasonable fees incurred for the notarization of documents. We may also ask for documentation verifying that your designated agent is authorized to act on your behalf. We may not be able to fulfill your request if we are unable to verify you are the consumer that is the subject of the request, or that the agent is, in fact, authorized to act on your behalf.

We will make reasonable efforts to identify personal information that we collect, use, and disclose to respond to your request. In some instances we may not be able to process a request because, for example, we may not be able to sufficiently verify your identity based on the information you provide to us in response to our verification process. In such instances, we will provide you with a written explanation as to the reason we cannot process your request.

In some cases, we may suggest that you receive the most recent or a summary of your personal information and give you the opportunity to elect whether to receive the rest of your personal information. We reserve the right to direct you to where you may access and copy responsive personal information.

The CCPA contains several exemptions which may impact State Farm’s obligation to comply with any request made pursuant to CCPA. State Farm retains the right to apply any of the exemptions provided under CCPA to any request, at any time.

Instructions on making a request for personal information that is not provided to us or collected by us in connection with insurance or financial products and services and protected by law such as GLBA, HIPAA and/or FRCA are contained in the Contact Us section.


You have the right to request the following, which will be provided for the period that is 12 months prior to the request date:

  • The specific pieces of personal information we have collected about you and are maintaining;
  • The categories of personal information we have collected about you;
  • The categories of sources from which we collected your personal information;
  • The business or commercial purposes for our collecting or selling your personal information;
  • The categories of third parties to whom we have shared your personal information;
  • A list of the categories of personal information disclosed for a business purpose in the prior 12 months, or a confirmation that no disclosure occurred.

You may request we delete your personal information we collected directly from you and are maintaining. There may be instances where we are unable to delete personal information. The personal information may be:

  • Necessary to complete a transaction or service you requested;
  • Needed for security purposes;
  • Needed to identify and repair system errors;
  • Needed for the exercise of free speech or exercise another right provided for by law;
  • Necessary for compliance with the California Electronic Communications Privacy Act;
  • Necessary for internal business purposes; or
  • Needed to comply with laws or legal obligations.

The CCPA gives California consumers the right to request a business to correct their inaccurate personal information, considering the nature of the personal information and the purposes for processing the personal information. We make commercially reasonable efforts to correct your personal information and may ask you for additional documentation to process your request.


The California Consumer Privacy Act (CCPA) gives California residents the right to opt out of the “sale” or “sharing” of personal information.

We do not sell your personal information (PI) for monetary consideration Third-Party digital businesses (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that collect personal information about you on our website, or otherwise collect and process personal information that we make available about you, including digital activity information. Giving access to personal information on our website, or otherwise, to Third-Party Digital Businesses could be deemed a “sale” and/or “sharing”. Therefore, we will treat such PI collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the PI we make available about you is collected directly by such Third-Party Digital Businesses using cookies or other tracking technologies on our website or our advertisements that are served on third-party sites (which we refer to as “cookie PI”).

Please refer to the section “Sale or Sharing of Personal Information" in the CCPA Notice for more details.

Opt-out for cookie PI: You can exercise this right with respect to cookie PI by clicking on the “Do Not Sell or Share My Personal Information” link below, which will cause the cookie preferences pop-up menu to appear. You will need to click on each “toggle” within the cookie preferences pop-up menu and move it to the left, then click “save” in order to stop the collection of your personal information by the cookies and trackers. Your choice will only apply to the browser and device you are currently using to visit our websites. It will not apply to a different browser or device. If you visit our webpages using a different browser or device, you will need to exercise your choice for each browser or device. If you have a cookie blocker or similar tool enabled, it may prevent our cookie banner and the cookies preferences pop-up menu from appearing. Your preferences are saved via an essential cookie, so if you clear cookies from your browser, it will also clear the opt-out preferences that you have made.

If you do not wish to exercise your opt-out right with respect to all cookies, you can manage individual cookie preferences. However, you must follow the above instructions as to all cookie categories presented to you in order to opt out of the “sale” or “sharing” of your personal information. Please be aware that when you toggle off all cookies, the way our website functions may change. If at any point you want to update your cookie preferences, you may do so by clicking on the Do Not Sell or Share My Personal Information link which you can find on our cookie banner or at the bottom of each webpage.

DO NOT SELL OR SHARE MY PERSONAL INFORMATION (CA Residents Only)

Please refer to the section entitled “Sale or Sharing of Personal Information” for more detail on your right to opt-out as well as other choices we offer relative to the use of cookies and tracking devices generally.


CCPA gives you the right not to be discriminated against or retaliated against because you exercised any of your rights under this title. State Farm does not unlawfully discriminate or retaliate against you against you for exercising your CCPA rights.


Under the CCPA, sensitive personal information may include such data as racial or ethnic orientation, religious beliefs, union membership, financial account information, geolocation, government issued ID numbers, sexual orientation, biometric or genetic data. State Farm only collect, uses, discloses or processes sensitive personal information within the scope of the CCPA and corresponding regulations. You should be aware that some of the information California defines as “sensitive” is also subject to other exemptions within the CCPA and would not be regulated by the CCPA.


You may submit requests pursuant to the California Consumer Privacy Act (Right to Know or Delete) by one of the methods outlined below. Once a request is received, we will acknowledge receipt of the request. In addition to acknowledging your request, we may ask you for additional information, including information to verify your identity. In order to submit a request:

  • Call us toll free at 1-800-865-60351-800-865-6035 and we will assist you including verifying your identity. We may ask you for personal information such as name, phone number, address and/or date of birth. In order to complete authentication, we will send a verification code to the phone number or email you previously provided, or you may provide the Personal Identification Number associated with your State Farm account.
  • Use your State Farm online account:
    • Go to statefarm.com and log into your account using your user ID and password at the top right of the home page. Go to the CCPA section of the Privacy & Security page and then click on the “California Consumers with State Farm Account online access” link. Some of your personal information will pre-populate once the form is accessed. Follow the instructions on the form, then submit.
    • An online State Farm account is not required to submit a CCPA request. However, you may be able to create an online account at statefarm.com by clicking on “Manage Your Accounts” under the Customer Care section. Once created, you can access the form and submit it electronically as noted above.
  • Complete, print, notarize and return the Data Access Request Form via U.S. Mail. Attach any relevant documentation to the form.
    • You must verify your identity by having the form notarized. We will reimburse you for reasonable fees incurred for notarization of forms/documents for identity verification. Please send the original receipt for notary services along with the notarized forms/documents to us at the address listed on the Data Access Request Form for reimbursement.

For more information on your California privacy rights contact us at 1-800-865-60351-800-865-6035 or email us. Or, write to us at:

State Farm
Attention: Enterprise Compliance & Ethics - Office of Privacy, C-2
PO Box 2322
Bloomington, IL 61704-2322

Statistics regarding State Farm’s handling of CCPA related requests can be found here.

If you need a copy of this notice in an alternative accesible format, please contact us using any of the above contact methods.

Si desea recibir una copia de esta notificación en español, por favor, póngase en contacto con su agente de State Farm o visite es.statefarm.com.

 

Last Updated 05/2023