The Information We Collect
When you visit our Service we may collect information regarding your visit from your computer. Such information helps us to determine information about how you found our Service, the date that you visited our Service and search engines that may have led you to our Service. We collect this information in order to continually improve and enhance the functionality of the Service.
Generally, you may provide us with two types of information, User Content, which may include Personally Identifiable Information, and Website Usage Information, both of which are discussed in greater detail below.
Personal Information You Choose to Provide.
Sign-Up Information, Financial Application and Profile. We will ask you to provide certain information if you choose to register with our Service, including your name, email address, your date of birth, address, telephone number, and other information which identifies you (collectively “Personally Identifiable Information”). We may ask for additional Personally Identifiable Information, such as driver’s license information, and social security number, if you elect to submit an application via the Service in connection with your potential lease of a vehicle or your financing of a purchase of a vehicle. Do not supply to us or disclose on the Service any Personally Identifiable Information of any person under 18 years of age, as we do not intend to collect information from anyone under 18 or invite to them to participate in the Service.
User Content. Our Service may offer its users to the opportunity to post User Content, comments, reviews, and tag messages via bulletin boards, blogs, articles, and chat rooms. If you choose to use these features, you should be aware that any Personally Identifiable Information you submit through these public Service features can be read, collected, or used by other viewers and could be used to send you unsolicited messages. We are not responsible for the Personally Identifiable Information you choose to submit in these public forums of the Service.
Questionnaires and Surveys. We may occasionally ask users of our Service to complete online surveys, questionnaires, and opinion polls about the Service and their activities, attitudes, and interests. These surveys help us to better serve you and improve the usefulness and features of the Service. In requesting your participation in these surveys we may ask you to provide your name and email address to us.
Contact Us. If you email us through the contact us link on our Service, we may ask you for information such as your name and email address so we can respond to your questions and comments. If you choose to correspond with us via email, we may retain the content of your email messages, your email address and our response to you. In certain cases, and with your permission, we may post content from your emails to us on the Service.
Website Usage Information.
When you visit our Website, our computer may ask your computer for permission to employ the use of a session cookie or persistent cookie. Our Website will then send a cookie to your browser if your browser’s preferences allow it.
Most web browsers can be adjusted to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. However, refusing a cookie may, in some cases, preclude you from using, or negatively impact the display or function of, our Website or certain areas or features of our Website. You may choose not to receive cookies from the Service by following instructions in your web browser’s “help” file, but this may make certain features of the Services inaccessible to you.
Clear GIFs/Beacons. When visiting our Website, we may also use “Clear GIFs” (aka “web beacons” or “pixel tags”) or similar technologies in our Website and/or in our communications with you. A Clear GIF is typically a one-pixel, transparent image located on a web page or in an e-mail or other type of message, which helps us to verify an individual’s viewing or receipt of a web page or message. Clear GIFs allow us to know whether you have viewed a web page prior to visiting our Website and may enable us to relate such information to other information, including your Personally Identifiable Information. We use information provided from Clear GIFs to enable more accurate reporting, improve the effectiveness of our marketing, and make our Service better for our users.
IP Address and Clickstream Data. Our servers automatically collect data about your Internet Protocol address when you visit us. When you request pages from our Website, our servers may log your IP Address and sometimes your domain name. Our server may also record the referring page that linked you to us (e.g., another website or a search engine); the pages you visit on this Website; the website you visit after this Website; other information about the type of web browser, computer, platform, related software and settings you are using; any search terms you have entered on this Website or a referral website; and other web usage activity and data logged by our web servers. We use this information for internal system administration, to help diagnose problems with our servers, to analyze general usage patterns, and to administer our Website. Such information may also be used to gather broad demographic information, such as country of origin and Internet Service Provider. We may aggregate user information in a nonpersonally identifiable manner to share with advertisers, to enhance the Website with new features, and for our general business purposes.
Any or all of these activities with regard to the above-described Website Usage Information may be performed on our behalf by our third-party service providers.
How We Use Your Information
Personal Information. If you submit information to us through the Service, including registration and profile information, then we use this information to operate, maintain, and provide the features and functionality of the Service. We will use your email address to complete the signup process. By providing your email address to NabThat, you consent to our using the email address to send you Service-related notices, including among other things notices required by law, in lieu of postal mail. You may not opt out of Service-related e-mails. We will also provide your email address to the Dealer so they may contact you concerning a potential automotive vehicle transaction. We may also use your email address to send you other messages, including changes to Service features and special offers.
Usage Information. We use non-Personally Identifiable Information, such as anonymous Website use data and IP addresses, to improve the quality and design of the Service and to create new features and services by storing, tracking, and analyzing your preferences and trends. We may use such information to: (a) remember information so that you will not have to re-enter it during your current or subsequent visits to the Service; (b) provide customized content and information; (c) monitor the effectiveness of our marketing campaigns and aggregate metrics such as total number of visitors and traffic; (d) diagnose or fix technology problems; (e) access your information after you sign in; (f) market our Service to advertisers and other third parties; (g) aggregate general User and Member statistics including demographic and geographic information; and (h) other purposes for which your personal identity is not revealed.
Location-Based Services. We collect location-based information in order to provide the specific location-based services which you request. You understand that certain location-based services require a location to function properly and your use of our Service on your mobile device with such features enabled signifies your agreement to use your location for the purposes of the Service.
When We Share Information
Other than the Dealer and its affiliates, NabThat will not share your email address with advertisers or unaffiliated third parties without first obtaining your express permission.
We may share non-Personally Identifiable Information (such as anonymous Website and/or mobile application use data) with third-parties to assist them in understanding our Service, including Users’ use of our Service and the services we provide and the success of advertisements and promotions.
We may share non-personally identifiable aggregated user data, such as aggregated gender, age, geographic, and usage data (without the inclusion of a user’s name or other identifying information) to advertisers and other third parties for their marketing and promotional purposes.
We may share location-based information with third parties for their marketing and promotional purposes if you have allowed location-based services as described above.
Rights to Opt-In / Opt-out
You have the right to “opt in” and/or “opt out” of certain of our uses of your Personally Identifiable Information. For example, you may have the opportunity to elect whether you would like to receive correspondence from us and/or third party service providers. Your personal information will not be shared with third party service providers unless consent is given by you. You will have the opportunity to opt out of our promotional e-mails by clicking the “opt out” or “unsubscribe” link in the e-mail you receive. You can also request this by sending an e-mail to firstname.lastname@example.org specifying whether: (i) you would like to opt out of receiving promotional correspondence from NabThat in general, or just via e-mail, postal mail and/or by phone, and/or whether (ii) you would only like to opt out of certain of our e-newsletters or correspondence. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your relationship, activities, transactions and communications with us.
Our Commitment to Children's Privacy
Protecting the privacy of young children is especially important and is mandated by U.S. law. For these reasons, NabThat does not knowingly collect Personally Identifiable Information on the Service from persons under 18 years of age, and no part of our Service is directed to persons under 18. If you are under 18 years of age, then you must not use or access the Service at any time or in any manner or provide any information to the Service. If we become aware that we have inadvertently received personal information from a visitor under the age of 18 on our Service, we will delete the information from our records.
Rights to Access and Control Your Data
You can access or delete your personal data. You have many choices about how your data is collected, used and shared. We offer you settings within your Account to control and manage the personal data we have about you.
For personal data that we have about you, you can:
- Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide services to you).
- Change or Correct Data: You can edit some or your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- Object to, or Limit or Restrict, Use of Data: you can ask us to stop using all or some of your personal data (e.g., if NabThat has no legal right to keep using it) or to limit our use of it (e.g., if your data is inaccurate or unlawfully held).
- Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of the personal data you provided in machine readable form.
- You may contact us at email@example.com, and we will consider your requests in accordance with applicable laws.
- Residents in Designated Countries may have additional rights under the laws of those countries.
Information you have shared with others (e.g. comments, posted reviews, group posts) will remain visible after you closed your account or deleted the information from your own profile, and we do not control the data that other Account holders copied out of our Service. User Content associated with closed accounts will show an unknown user as the source.
The Service is hosted in the United States and are intended for and directed to Users in the United States. The Service is void where prohibited. If you are accessing the Service from outside the United States, your use of the Service is governed by U.S. law, you are transferring your Personally Identifiable Information to the United States, and you consent to that transfer.
Users from the EU, EEA and Switzerland
We have lawful bases to collect, use and share data about you. You have choices about the use of your data. We will only collect and process Personally Identifiable Information about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the NabThat services you have requested)) and our legitimate interests, provided that such processing shall not outweigh your rights and freedoms. NabThat will seek to obtain your additional consent where required by applicable law. At any time, you can withdraw the consent you have provided by going to settings.
You may, of course, decline to submit Personally Identifiable Information to the Service, in which case you may not be able to register or NabThat may not be able to provide certain services to you.
You may access, update or correct your Personally Identifiable Information by using your account settings to edit, delete, update, or change the Personally Identifiable Information you have provided to this App. You may also request that we correct, update, or remove your information from the current App by contacting us at firstname.lastname@example.org. We will respond to your request within 30 days. However, before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and provide other details to help us to respond to your request.
To protect your privacy and security, we take reasonable steps (such as requesting a password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your password and account information at all times.
You may decline to utilize location-based services on your mobile device. If you do not want us to use location-based information, please refrain from using a location-based service or click “Don’t Allow” when your mobile device requests your location-based information.
Online Tracking Disclosures - "Do Not Track" Settings
You may be accessing the Service via a browser that has a “Do Not Track” setting. Under AB 370 of CalOPPA, we are required to disclose our response to a browser’s “do not track” signal. If you have turned this setting in your browser on, or if you are using a browser with the default setting of “Do Not Track”, please be advised that all features of the Service may not function in such setting. As detailed above, we collect a variety of functional and analytic cookies in order for you to completely engage with our services.
If you wish to opt-out of the collection of tracking information you may do so according to your browser settings; however, please be advised that such an election may limit the functionality of the Website available to you.
Our Commitment To Data Security
We have implemented commercially reasonable technical and organizational measures designed to secure your Personally Identifiable Information from accidental loss and from unauthorized access, use, alteration or disclosure. Such measures include, but are not limited to, the utilization of Secure Sockets Layer (SSL) encryption to transmit sensitive information through the Service. However, we cannot guarantee that unauthorized third parties will never be able to defeat those measures or use your personal information for improper purposes. You acknowledge that you provide your Personally Identifiable Information at your own risk.
While NabThat strives to protect the security and integrity of Personally Identifiable Information on its Service, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that your information, during transmission through the Internet or while otherwise in our care, will be safe from intrusion of others. You should also be aware that if you contact us by email or a “contact us” or similar feature on the Service, your transmission might not be secure. An unaffiliated third party could view information you send by these methods in transit. You should also be aware that if you are accessing the Service via a mobile device, your transmissions may not be secure due to the inherent nature of mobile data carrier networks. We will have no liability for disclosure of your information due to errors or unauthorized acts of third parties during or after transmission.
Compromise of Personal Information
In the event the breach involves your online account credentials, we will provide notification in electronic form and direct you to promptly change your password and security question, as applicable, or to take other appropriate steps to protect the online account as well as any other online accounts for which you use the same credentials or security question and answer. You consent to our use of e-mail as a means of such notification. If you would prefer us to use another method to notify you in this situation, please e-mail us at email@example.com with the alternative and/or additional contact information you would like us to use.
California Privacy Rights: Privacy Notice for California Residents
Information We Collect
Our Service collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”). In particular, in accordance with the CCPA, please find the following categories of Personal Information which our Website has collected from its Consumers within the last twelve (12) months, as well as those categories of Personal Information which we have not collected:
|A. Identifiers.||A real name, postal address, unique personal identifier, Internet Protocol (IP) address, email address, social security number, driver’s license number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)).||A name, first initial and last name, Social Security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, employment, employment history, other financial information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions).||YES|
|D. Commercial information.||Records of personal property, records of products or services purchased, obtained, or considered, or records of other purchasing or consuming histories or tendencies.||NO|
|E. Biometric information.||Genetic (DNA), physiological, behavioral, and biological characteristics, or activity patterns that can be used singly or in combination with each other or with other identifying information to establish identity; activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, handprints, bein patterns, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns; and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.s||Browsing history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information to any of the foregoing.||NO|
|I. Professional or employment-related information.||Current job history, past job history.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
|L. Information from Children under the age of 16||Information from minors under 13 years of age, Information from minors between 13 and 16 years of age||NO|
Personal Information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope due to the primacy of other federal regulations:
- Health Information: Protected or health information that is collected by a covered entity governed by the privacy, security, and breach notification rules issued by the federal Department of Health and Human Services, Parts 160 and 164 of article-Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Availability Act of 1996 (“HIPAA”).
- Personal information reported in, or used to generate, a consumer report as defined by subdivision (d) of Section 1681a of article-Title 15 of the United States Code, where use of that information is limited by the federal Fair Credit Reporting Act (15 U.S.C. Sec. 1681 et seq.).
- Personal information collected, processed, sold or disclosed pursuant to the federal Gramm-Leach-Bliley Act (Public Law 106-102), and implementing regulations.
- Personal information collected, processed, sold or disclosed pursuant to the federal Driver’s Privacy Protection Act of 1994 (18 U.S.C. Sec. 2721 et. seq.).
- Information excluded from the CCPA’s scope due to other California regulations which may supersede the CCPA:
- Health Information: Protected or health information that is collected by a covered entity governed by the California Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56 of Division 1)).
- Personal financial information governed by the California Financial Information Privacy Act (FIPA).
How we collect Personal Information
We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete on our Website; from documents which you complete at our Dealership, or from email messages which you transmit to us.
- Indirectly from you. For example, from observing your actions on our Website or interactions with our advertisers.
Use of Personal Information
We may use, or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. We collect your Personal Information for the purposes of facilitating a vehicle purchase transaction or scheduling a vehicle service appointment. If you share your name and contact information to ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you provide your Personal Information to receive a price quote on a vehicle, we will use that information to process your request. We may also save your Personal Information in connection with our legal obligations.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
- We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Notice of Financial Incentives
From time to time we may offer financial incentives for you to disclose certain Personal Information to us. Such incentives: (i) are in the form of coupons on products or services, (ii) provide a percentage discount on the price of a vehicle, in exchange for your completion of an initial online finance application where we collect Identifiers, Personal Information categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)), protected classification characteristics under California or federal law, and professional or employment related information, (iii) the ability for a Consumer to opt-in to such incentive via clicking on a unique link or call to action (iv) that you may withdraw from the incentive at any time by discontinuing the vehicle purchase process and by contacting us, and (v) that such financial incentive/price difference is permissible under the CCPA, as in good faith Dealership estimates the value of the data provided relates to the customer acquisition cost for the incentive offered.
Sharing Personal Information
We may disclose your Personal Information to a third party for a business purpose, or sell your personal information, subject to your right to opt-out of those sales (see Personal Information Sales Opt-Out and Opt-In Rights). When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing such contract. The CCPA prohibits third parties who purchase the Personal Information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
We share your Personal Information with the following categories of third parties: vendors and service providers who may provide certain services in connection with our automotive dealership (e.g., financial services companies, insurance companies, and the like), and third party advertisers who may market related services to you.
Disclosures of Personal Information for a Business Purpose
- In the preceding twelve (12) months, NabThat has disclosed Personal Information for a business purpose.
Sales of Personal Information
- In the preceding twelve (12) months, NabThat has sold Personal Information.
Your Rights and Choices as a California Resident
The CCPA provides Consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we disclosed your Personal Information for a business purpose, a separate list identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that NabThat delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
You are hereby advised that as a service provider to the Dealership, the Dealership and by extension NabThat customarily have legal obligations dictated by the applicable state or federal court concerning records retention.
Exercising Access, Data Portability, and Deletion Rights: Submitting a Verifiable Consumer Request
Who Can Submit a Verifiable Consumer Request: Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
How to Submit a Verifiable Consumer Request: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by:
- Sending us a message on our Service; or
- By contacting us via the toll-free telephone number listed on our Service.
What Your Verifiable Consumer Request Must Contain: The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or are an authorized representative of such person.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or your authority to make the request or if we cannot confirm the Personal Information relates to you.
We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Frequency of Submitting a Verifiable Consumer Request: You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to a total of 90 days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the date of our receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that your request is excessive, repetitive, or manifestly unfounded, we may either: (a) tell you why we made that decision and refuse to respond to your request, or (b) provide you with a cost estimate of reasonable fees reflecting administrative costs involved before completing your request, and if you still wish to proceed, collect such fees from you prior to carrying out such request.
Personal Information Sales Opt-Out and Opt-In Rights
If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information at any time (the “Right to Opt-Out”). We do not sell the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “Right to Opt-In”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Shine the Light
Under California’s “Shine the Light” law (California Civil Code §1798.83), California residents who provide personal information in obtaining products or services for personal, family or household use are entitled once per calendar year to request and obtain from us information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2019 will receive details concerning 2018 sharing activities).
To obtain this information, please send an email message to firstname.lastname@example.org with “Request for California Privacy Information – Shine the Light” on the subject line and in the body of your message. We will in turn provide the requested information on covered sharing to you at your e-mail address.