Last Updated: January 1, 2020
TABLE OF CONTENTS
Conflict Between This Policy And Local Laws And Regulations
Information We Collect
How We Collect Information
How We Use And Share Information
Compliance With Laws And Law Enforcement
How Long We Retain Your Data
Additional California Consumer Rights
California “Do Not Track” Disclosure
Additional Information For Individuals In The European Economic Area (“Eea”) And Switzerland
When acting on behalf of our Clients as a service provider, we may collect, use, and disclose information that personally identifies, relates to, describes, or is capable of being associated with you (“Personal Information”) for the purpose of servicing those Clients. The specific categories of Personal Information collected and how that Personal Information is used or disclosed is determined by our Clients and will vary, but may include:
- Personal Identifiers (g., name, IP address);
- Contact Information (e.g., mailing address, email address, phone number)
- Characteristics of Protected Classifications (g., gender, age, nationality);
- Commercial Information (g., records of products and services purchases or considered such as vehicle of interest);
- Internet or Other Electronic Network Activity (g., location of browser request, browser type, search terms, interaction with online advertisement);
- Geolocation data;
- Audio/Visual Information (g., call recordings, photos provided by consumers)
- Inferences drawn from the above categories of Personal Information that relate to your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
The Personal Information collected, used, and disclosed on our Clients’ behalf is governed by their privacy policies.
As part of our business, we engage with other businesses to provide services to us, to provide services for us, and/or to form Client relationships. During this process and the subsequent relationship, we may collect Personal Information related to business contacts such as contact and payment information. This information is not considered Personal Information because it relates to a business or a business contact.
Usage Data and Site Activity
We automatically collect information in connection with the actions you take on the Site (“Usage Data”). For example, each time you use the Site, we automatically collect the type of web browser you use, the type of device you use, your operating system, your Internet Service Provider, the pages you view, referring and exit pages, the date and time of your visit, and the number of clicks to, from, and within the Site, and the duration of your visits to the Site.
We may record calls and retain the content of text messages or other written/electronic communications between our Clients and us. By communicating with us, you consent to such recording and retention of communications.
We may ask you to provide us with Personal Information when you communicate with us (online or offline), when you interact with a Client’s website or social media property, and at other times. You are not required to provide us your Personal Information; however, if you choose not to provide the requested information, you may not be able to use some or all of the features of the Site or Services or we may not be able to fulfill your requested interaction.
Third-Party Data Sources
We may, on behalf of our Clients, collect Personal Information from third-party data sources such as the companies whose products we market and sell, data aggregators/brokers, and lead sources (e.g., Kelley Blue Book® and Autotrader®).
Cookies & Other Automated Tools
We also employ software technology that enables us to track certain aspects of a user’s visit to a Client’s website. This technology helps us better manage content on the website by informing us about what content is effective, how consumers engage with the website, and how consumers arrive at and/or depart from the website. The software typically uses two methods to track user activity: (1) “tracking pixels” and (2) “clear gifs.” Tracking pixels are pieces of executable code that are embedded in a web page that track usage activity including which pages are viewed, when they are viewed, and how long the pages are viewed. Clear gifs are tiny graphics with unique identifiers which are embedded in web pages and email messages that track whether or not a user has viewed a particular web page or email message. User activity information may be associated with additional information about a user’s session and Personal Information, if available.
Online Behavioral Advertising
Information from Advertisements
If you arrive at a Client website via an advertisement (e.g., banner ad), we may collect information regarding the advertisement with which you interacted and your interactions (e.g., item clicked, date and time).
From time to time we may request Personal Information from consumers via surveys on behalf of Clients. Participation in these surveys is completely voluntary. The requested information typically includes personal identifiers, commercial information, and contact information.
Sweepstakes and Contests
We may, on behalf of our Clients, offer opportunities for consumers to participate in sweepstakes or contests. Participation in these sweepstakes or contests is completely voluntary but participation usually requires providing certain Personal Information. The requested Personal Information typically includes personal identifiers and contact information.
Social Media Widgets
Our Site and/or a Client’s website may include social media features, such as the Facebook, YouTube, LinkedIn, and Twitter widgets. These features may collect information about your IP address and the pages you visit on the site as well as other Personal Information. A cookie may be set to ensure that a feature properly functions. Your interactions with features are governed by the privacy policies of the companies that provide them.
Third-Party Personal Information Collection on Site
Certain third parties collect Personal Information and/or Usage Data from users of our Site and the websites of our Clients using automatic information collection tools such as cookies and tracking pixels. The collection, use, and disclosure of Personal Information and/or Usage Data by these third parties is governed by their privacy policies.
We use Personal Information for internal purposes, such as to:
- Provide you with the Site and Services;
- Facilitate our work for and on behalf of Clients;
- Process or complete transactions you requested;
- Improve the Site and Services, including customization and personalization;
- Notify you of our Clients’ products and services via mail, email, telephone, text messaging, web, and/or social media;
- Communicate with you about the Site, the Services, and other matters via mail, email, telephone, and/or text messaging; and
- Compile information and analyses to enhance the customer experience and improve our business.
We may establish a relationship with other businesses to provide services to us or our Clients (“Service Providers”), including:
- Online hosting and maintenance;
- Marketing and promotion design and management;
- Communication facilitation such as printing and mailing or telecommunication services;
- Payment processing;
- Management of access to services;
- Data storage and management;
- Data analytics; and
- Identity and contact information validation.
We only provide our Service Providers with the information necessary for them to perform these services on our behalf or on behalf of our Clients. Each Service Provider is expected to use reasonable security measures appropriate to the nature of the information involved to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Information other than as specified by us or our Clients.
We share the following types of Personal Information with one or more Service Providers: personal identifiers; contact information; commercial information; audio/visual information; characteristics of protected classifications; internet or other electronic network activity; inferences drawn from the above categories of Personal Information that relate to your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
On behalf of Clients, we may share your Personal Information with third parties to market products or services likely to be of interest to you, or to provide you with special offers and opportunities or to complete transactions you have requested.
We share the following types of Personal Information with one or more third parties: personal identifiers; contact information; commercial information; audio/visual information; characteristics of protected classifications; internet or other electronic network activity; inferences drawn from the above categories of Personal Information that relate to your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
On behalf of Clients, we may use your Personal Information to market products or services likely to be of interest to you, or to provide you with special offers and opportunities, via email, text message, call, and/or online chat. With respect to commercial email communications from us, you may opt out of these emails via a link in the footer of all commercial email messages. You may opt-out of other communication methods by sending us an email at firstname.lastname@example.org. Please include your name, telephone number, and email address in your email along with a clear statement of the type(s) of communication(s) from which you would like to opt-out.
We recognize the importance of safeguarding the confidentiality of Personal Information from loss, misuse, or alteration. Accordingly, we employ commercially reasonable administrative, technical, and physical safeguards to protect such Personal Information from unauthorized access, disclosure, and use. Even with these safeguards, no data transmission over the Internet or other network can be guaranteed 100% secure. As a result, while we strive to protect information transmitted on or through our Site or Services, you transmit information at your own risk.
Please be aware that third-party websites accessible through the Site or recommended through our Services may have their own privacy and data collection policies and practices. We are not responsible for any actions, content of websites, or privacy policies of such third parties. You should check the applicable privacy policies of those third parties when providing information.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate to respond to legal requests (including court orders, investigative demands, and subpoenas); to protect the safety, property, or rights of ourselves, Clients, or any other third party; to prevent or stop any illegal, unethical, or legally actionable activity; or to comply with law.
We may share Personal Information and Usage Data with businesses controlling, controlled by, or under common control with us. If we are merged, acquired or sold, or in the event of a transfer of some, all, or substantially all of our assets, we may disclose or transfer Personal Information and Usage Data in connection with such transaction.
We retain your Personal Information for as long as we have a relationship with you or the Client for whom we acted in collecting, using, or disclosing your Personal Information. We also retain your Personal Information for a period of time after our relationship has ended where there is an ongoing business need to retain it. This includes retention to comply with our legal, regulatory, tax, and/or accounting obligations. Generally, we retain Personal Information for approximately seven (7) years after our relationship with you has ended, but the term for which we retain your Personal Information may be longer or shorter. We do so in accordance with our data retention policies and applicable law.
The Site and Services are not intended for children under the age of 18 and we do not knowingly collect Personal Information from children under the age of 18. If we become aware that we have inadvertently received Personal Information from a child under the age of 18, we will delete such information from our records.
If you are a resident of California, you have additional rights under the California Consumer Privacy Act to access and control your Personal Information, including a right to request that we disclose the Personal Information we collect, use, disclose, and sell. Because we act as a Service Provider to our Clients and only collect Personal Information in our capacity as a Service Provider to them, you must submit your request to exercise your rights to the relevant Client(s). If you submit a request to us, we will provide you with information about how to submit a request to the relevant Client(s).
Do Not Track is a web browser privacy preference that causes the web browser to broadcast a signal to websites requesting that a user’s activity not be tracked. At this time, our Site and Services do not respond to “do not track” signals.
We use the term “Personal Data” in this section as having the same categories of information as Personal Information, above.
You have the following legal rights with respect to your Personal Data:
- The right to request and receive a copy of the Personal Data we hold about you;
- The right to have an inaccurate information we hold about you corrected or deleted;
- The right to object to having your Personal Data processed in certain circumstances such as for direct marketing purposes;
- The right to withdraw your consent at any time if and to the extent we are relying on consent as the basis for using or sharing your Personal Data;
- The right to restrict how we process your Personal Information in certain circumstances, including, but not limited to, certain instances of sharing your Personal Data with third parties or our affiliates for their direct marketing purposes, use of your Personal Data to send non-transactional emails to you, or any other instance in which our processing is based upon your consent;
- The right to have the Personal Data we hold about you deleted in certain circumstances;
- The right to have your Personal Data transferred to your or a third party in certain circumstances.
Because we act as a processor of Personal Data on behalf of our Clients (the controllers), we may only respond to your request if your request is properly filed with the applicable Client. If you contact us to make a request to exercise your rights under the EU General Data Protection Regulation, we will inform you of the applicable Client(s) to whom you should submit your request.
If you feel that your Personal Data is processed in a way that does not comply with the EU General Data Protection Regulation, we encourage you to let us know so that we may address your concern. You also have the right to lodge a complaint with the relevant supervisory authority which is usually the supervisory authority of the EEA Member State (including Switzerland) in which you reside. The supervisory authority will be the point of contact with respect to the progress and outcome of your complaint.
Your Personal Data may be transferred, stored, and accessed within the European Economic Area (including Switzerland) or transferred to, stored in, and accessed from the United States. In the United States, the data protection regime may be different than in the country in which you are located and will therefore be based on a legally adequate transfer method. Whenever we transfer your Personal Data to the United States, we ensure a similar degree of protection is given to it by utilizing standard contractual clauses approved by the European Commission which give Personal Information the same protection it has in Europe. For further details, see the European Commission’s Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of Personal Data to processors established in third countries under Directive 95/46/EC of the European Parliament and Council. Where applicable, you are entitled, upon request, to receive a copy of the relevant safeguard (e.g., EC standard contractual clauses) that have been taken to protect Personal Data during such transfer.
348 E. Maple Rd.
Birmingham, MI 48009
UNITED STATES OF AMERICA