Updated September 18, 2023
We do not require you to register or provide Personal data just to browse our website. The Data you provide on our Website will be used only for its intended purpose.
This Policy explains:
- what is Personal data;
- what Personal data we collect;
- our information practices when you provide Data to us (whether collected when you visit us online to browse, obtain information, or conduct a transaction);
- whom we can share Personal data with;
- information on users’ privacy rights;
- how to contact us if you have any questions regarding Data processing.
1. Personal data protection statement
Mostly our Website is intended for use in the United States of America and the EU countries. At the same time, we understand that our services can be interesting for users over the World. That’s why the Company makes its Website available almost worldwide.
We do our best to protect all Personal Data of our customers and users of the Website and, of course, we attempt to comply with all local data protection laws to the extent they apply to us.
As a general, we do not collect Personal Data when you just visit our Website, unless you give us special consent or choose to provide some information about you to us. Submitting Data through the Website is voluntary. However, not providing certain Personal Data may result in the Company’s inability to provide you with the service you desire.
All our services that are available for use on the Website to the extent related to Personal Data processing and protection are governed by this Policy. Please be informed that using our services and transferring us any Data you agree with this Policy. If you do not want us to collect and process Data about you under this Policy, you may not, unfortunately, use our services.
We inform you the Company is the “Data Controller1” for the purposes of the EU General Data Protection Regulation (the “GDPR”), the UK Data Protection Act 2018 and any other applicable data protection legislation when we control Data collection methods and identify the goals for which such Data will use.
We will process your Data only upon at least one of the following legitimate grounds for such processing, including but not limited to:
- processing is required to execute or fulfill an agreement with you (including any offer and acceptance), including when you are using our services;
- such processing is required under the legislation of the countries to which we provide our services or make our services available;
- you consented to your data processing;
- processing is required for the purposes of any legitimate interests of the Company as the controller or third party (unless where interests pertaining to fundamental rights and freedoms of the data subject that require data protection prevail over the above interests).
The Company does not request and does not collect special categories of Personal Data (“sensitive data”) of our customers.
Please note that the Policy may be updated from time to time, including if required by applicable law. The Company will notify you about the Policy changes by either sending an email message if you provide to us your email address or by prominently posting a notice on our Website. We suggest that you might want to review this Policy from time to time to see if there are any modifications. Your continued use of our services after this Policy has been updated means your consent to such update. If you do not agree to the updates, you may refuse to use our services.
Anyway, you can always delete or change your Data accordingly.
2. What personal data do we process
(A) The following information about you can be collected and processed by the Company (via our website and/or services used by you):
- IP address and geo-location (country, state or region);
- device information (such as device name/model, operating system, browser information, including browser type and language settings);
- first name, last name, business name;
- contacts (phone number, email address);
- an official identification document (passport or driving license);
- billing or/and shipping address (country, zip code, region, city/town, street);
- Google and/or Facebook ID;
- transaction information;
- vehicle data (VIN number);
(B) In addition to the above, we can also process other Data, if you voluntarily submit it to the Company.
(С) Please only disclose the personal data that is required to provide the selected service, mailing or response to your specific request/claim. If you decide to disclose your additional personal data with us, we will ensure that it is processed with an appropriate level of security. If the Data processing is not required for using our website and/or services by you or is not explicitly required by applicable law, we will delete it.
3. Children’s data
The Children’s Online Privacy Protection Act (COPPA) governs information gathered online from or about children under the age of 132. This Website and our services don't intend to collect information about children under 13 years old. Our services are not intended for use by children.
Acceptance of this Policy and continued use of any of our services means that the user/customer is not a child.
4. How we obtain personal data
The Company may obtain your Data from various sources and with various aims, including, without limitation:
- when you register on our Website;
- when you update an account on our website;
- when you make a purchase our services;
- when you subscribe to our newsletter or/and our promotional mailing;
- when you contact us (via a special form on the Website, via email, by phone).
Also, we can gather information based on the analysis of actions taken during the Website use (by cookies and similar technologies).
5. Purposes of personal data processing
We use personal data for the following purposes:
- to provide you with access to and use of our services (performance of a contract);
- to operate and improve the Company’s services (performance of a contract, legitimate interest);
- to provide customers’ support (performance of a contract, legitimate interest);
- to personalize user’s experience and to allow us to deliver the type of content and product offerings in which you are most interested (consent);
- administrative, analytical and statistic purposes (legitimate interest);
- to provide promotional information about our services (consent);
- direct marketing and efficiency assessment (legitimate interest);
- subscription management and unsubscribing (consent);
- protection against any malicious actions of users and in connection with other security considerations of the Company (legitimate interest);
- the safeguarding of the Company’s legitimate interests (legitimate interest);
- to comply with other legislative requirements, including providing timely feedback to requests of data subjects and supervisory/law enforcement authorities (legitimate interest).
Emailing any advertising/marketing notifications (excluding direct marketing) to you requires your specific consent that may be revoked at any time.
6. Personal data sharing/disclosure and third party links
No Personal data will be disclosed, sold or transferred to any third parties outside the Company and its affiliated entities except in the following cases:
- when we have your consent or according to your request;
- to state, federal or other regulatory and/or administrative authorities/agencies as part of the title or ownership transfer process;
- in response to court orders or an official request in other legal, administrative, regulatory, arbitration or similar process;
- to establish or exercise the Company’s, or an affiliate of the Company, rights or defend against claims;
- to investigate and/or prevent fraud by users/customers;
- if we believe that doing so is required or is in the Company’s best interest to protect its rights or the rights of others affiliated with us.
We do not use third-party websites to solicit and collect Data from individuals. Any Personal data passively collected by the third-party website will not be transmitted or stored by the Company.
If you decide to use Google or Facebook ID to register on our website, this will automatically enable data sharing between the relevant partner and us.
Our Website may contain hyperlinks to other 3rd party websites that are not owned or controlled by the Company. Copart and IAAI websites content is one of them. The Company is providing this content to you only as a convenience, and the inclusion of any link does not imply endorsement by us of the linked website. Please be aware that we are not responsible for the privacy practices of these third-party websites. The Company encourages you to be aware when you leave the website and to read the privacy policies of each third-party website that collects and/or uses your Data.
7. Duration of data processing/storage
We will not keep your data longer than is necessary to achieve the purpose for which it is collected and processed or to comply with regulatory requirements. To identify the relevant storage period, we identify the nature and category of the personal data, the purposes of the processing, and whether we can hit those purposes otherwise.
We store your Personal data to comply with our tax, accounting and/or financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners.
Please be informed, regulations of other countries may impose additional requirements, so the Data storage period may vary. In particular, if a regulation of the country where our service user resides contains the limitation of action provisions defining the period during which you may file your claim or complaint against us, and we, accordingly, need relevant proof of legal relations with you, we may process your Personal data during this limitation of action period.
We also need to consider any periods when we might need to keep your Personal data for complying with our legal commitments to you or supervisory authorities.
Over time, we might minimize your Data that we use, or can even make them anonymous so that they are no longer related to you personally. In this case, we can use this information without further notice as it no longer contains any Personal data.
Anyway, you can always delete or change your Data accordingly. For that purpose, please, contact the data protection specialist (please see contact details below) or just click an 'unsubscribing' button inside our email. If you find out that some of the Data that we process are outdated, please notify us too.
If we process your Personal data under the processing consent (specifically, with the purpose of marketing mailings), any subsequent processing may be terminated at any time. It only takes to revoke your consent to such processing. If an opt-out option is available, you may opt-out by following the instructions included in each communication.
8. Technical, administration and other data protection means
The Company takes the security of all Personal data very seriously. To ensure the secure storage of your Data, we have implemented many technical and administration tools that protect Personal data against any unauthorized or unlawful processing and any unintentional Data loss, destruction or damage. We routinely test our security measures to ensure that they remain operational and effective.
First of all, we use regular Malware Scanning.
The Company uses Secure Socket Layer (“SSL”) encryption when transmitting certain kinds of Personal data. An icon resembling a padlock is displayed on the bottom of most browser windows during SSL transactions that involve credit cards and other forms of payment.
Of course, we use other technical controls to secure the information we collect online including encryption, firewalls and password protections.
The Company adheres to the principle of data minimization. We process only the information related to our users/customers that we need to perform certain functions and for specific purposes or the information that you (upon your consent) share with us beyond the scope of the necessary processing. Your Data is only accessible to a limited number of personnel who need access to the Data to perform their duties. And we train appropriate personnel on our privacy and security policies and compliance requirements.
You should be reminded that email may not necessarily be secure against interception. We suggest that you do not send Personal data (such as your ID, credit card details) to us via email. If your intended email communication is very sensitive or includes information such as your credit card or ID, you should instead submission of Data through a secure web page (via our Website), if available.
The Personal data you provide will be stored securely on our servers that are not available to the public. We do our best to safeguard the Data, however, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If the Company learns of a security systems breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on the website if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
In compliance with the GDPR, the Company provides relevant protection for data disclosure to countries outside the European Economic Area based on the standard contractual clauses for transferring personal data approved by the European Commission, or any other applicable provisions referred to in Article 46 of the GDPR.
9. Privacy of the financial information
We implement a variety of security measures when a user places an order to maintain the safety of your personal information.
After you place an order on our website you will need to make payment for the services you have ordered. All transactions are processed through a gateway provider and credit card details for financial transactions are not stored or processed on our servers.
To process your payment, we use Stripe (by Stripe Inc.), a third party payment processor. Stripe's payment processing services enable our Website to process payments by credit card, bank transfer, or other means.
However, we receive a summary of all purchases made, including the transaction amount, which is necessary to provide you vehicle history report.
10. Cookies and other tracking technologies
Cookies are small text files that are placed on your device such as a computer or mobile device by websites that you visit. The website will, for a certain period, remember your preferences and actions, so that you will not have to set them up again. Our cookies do not identify a specific user and only identify the device that is being used.
To learn more about what are cookies, how they work, how to manage or delete them, please visit www.allaboutcookies.org.
Please note that the setting of certain browsers allows prohibiting cookies and other tracking technologies. Please be aware that switching some cookies off will result in loss of functionality of our website or application, and, accordingly, you will not be able to use all of their options, and some features/services might not be working correctly.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. Read here.
The Company uses Google AdSense to publish ads on the Website. When you view or click on an ad, a cookie will be set to help better provide advertisements that may be of interest to you on our Website and other websites. You may opt out of the use of this cookie by visiting Google’s Advertising and Privacy page.
11. Rights of personal data subjects
Please be advised that when you contact us you have through the identification process and submit your specific requirements, so that we can process your request and provide a response on legitimate grounds. The list of data that we must provide to you is contained in Article 13 and Article 14 of the GDPR.
Please note that where we cannot identify you through messaging or your request to the support service, or if we have reasonable suspicions about your identity, we may request you to provide your Identity Document. Only this way we can avoid disclosing your Personal data with an individual claiming they are you. Any additional information collected for verification will only be used to verify the individual.
We process requests as quickly as possible, but at the same time, we ask you to remember that providing a complete and legitimate response regarding personal data is a complex process that may take up to a month or even longer. If we need more time to prepare a complete response, we will let you know.
Rights of Data subjects under the GDPR
The GDPR has secured the following additional rights of data subjects to safeguard their Personal data.
The right to be informed
The right to rectification
If you find out that some of your personal data that we process are incorrect or outdated, please notify us accordingly, including via the Company’s data protection specialist.
In certain cases, we cannot modify your personal data. For example, when your personal data has already been used in the offer and acceptance agreement and/or is contained in any written instrument executed and submitted to any state agency or otherwise according to applicable law.
The right to data portability
In certain cases, you may obtain or request that we provide your personal data to any third party in a structured, commonly used and machine-readable format.
The right to restrict processing
You may request to restrict your data processing so that only we can keep it. This means demanding that we terminate any of your data processing, other than storage under certain circumstances.
Revocation of data processing consent and the right to erasure
If we process your personal data under the processing consent (specifically, with the purpose of marketing mailings), any subsequent processing may be terminated at any time. It only takes to revoke your consent to such processing. If an opt-out option is available, you may opt-out by following the instructions included in each communication.
The Company reserves the right to send you certain communications relating to our services, including without limitation notifications, service announcements, and administrative messages. Generally, you may not opt-out of these communications, which are not promotional/marketing in nature.
You may also exercise your right to erasure. In cases referred to in Article 14 of the GDPR, the Company will delete the personal data being processed, other than the data that we are obliged to keep under applicable law. If personal data collected from a user/consumer is needed to comply with a legal obligation (e.g., a statute that requires that the Company maintain documentation relating to the user/consumer, a preservation hold issued as part of legal process, or a statute that requires that the Company maintain some data as part of its overall security), we are not required to delete the data.
If you are a parent of a child under 13 (or any other age established by applicable law), and you believe that your child disclosed any information to us, please notify us immediately and we will erase this information.
Rights in relation to automated decision making and profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
We don't use personal information for marketing and creating online profiles.
Our users residing in the EEA may file a complaint with the European Supervisory Authority for Data Protection.
If you are a resident of the UK (the UK is no longer a Member State of the EU), you may direct your request/complaint to the UK Information Commissioner’s Office.
Rights of Data subjects under California Online Privacy Protection Act (CalOPPA)
The California Online Privacy Protection Act (the “CalOPPA”), was drafted to protect the privacy rights and Personal data of California residents.
According to the CalOPPA, we agree to the following:
- Users can visit our site anonymously.
- We added a link to this Policy on our home page, or as a minimum on the first significant page after entering our Website.
Users are able to change their personal information:
- by emailing us,
- by logging in to their account on the Website.
A Do Not Track (DNT) request is a setting any user can trigger from their device. The purpose is to allow consumers to limit or prevent the collection of their personal data.
There is no law requiring websites to respect a DNT setting. The CalOPPA does require websites to acknowledge whether they do or do not respect DNT settings.
Because we do not track our Website users over time and across third-party websites, we do not respond to browser do-not-track signals.
At the same time, even if we follow the DNT, we cannot control the DNT handling of third parties interacting with the Website, such as Google Analytics, AdWords, and others.
Rights of Data subjects under California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (the “CCPA”) gives consumers certain rights over their data. In particular, California residents have the right to request access to their personal information, the right to request the deletion of their personal information, and the right to opt-out of the sale of their personal information.
At the same time, we inform you that CCPA does not apply to the Company and does not cover our business activities.
The CCPA only applies to for-profit businesses that do business in California and meet any of the following:
- have a gross annual revenue of over $25 million;
- buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
- derive 50% or more of their annual revenue from selling California residents’ personal information.
12. Contact us
If you have any questions or complaints about this Policy, please contact us electronically or send physical mail.
We have designated a Data Protection Specialist (DPS) who is a single point of contact for any questions or comments regarding your data protection and processing.
You may contact DPS at:Grand Auto Solutions Inc
18580 East Colonial Drive #619
Orlando, FL 32820 USA
E-mail: [email protected]