The California Consumer Privacy Act of 2018 (“CCPA”) provides consumers (California residents)
with specific rights regarding their personal information. If you are a California resident, this
section describes your CCPA rights and explains how to exercise those rights.
1. PERSONAL INFORMATION
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual consumer, device, or household (“personal information”). Personal information does not include, amongst other things, 1) publicly available information from government records, 2) deidentified data, 3) aggregated data, 4) information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”) or California Financial Information Privacy Act (“CalFIPA”), and the Driver’s Privacy Protection Act of 1994 (“DPPA”).
A. Categories of Personal Information We Collect
In the last 12 months, we collected the following categories of personal information:
- “Identifiers” such as name, alias, address, unique identifier, internet protocol address, email address, account number, Social Security Number, or government identification number;
- “Other Personal Information” such as name, signature, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, or medical information. Some personal information included in this category may overlap with other categories;
- “Protected Characteristics” under California or federal law for classifications such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, or veteran or military status;
- “Commercial Information” such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- “Biometric Information” such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, or gait;
- “Geolocation Data” such as physical location or movements;
- “Sensory Data” such as audio, electronic, or visual information;
- “Internet or Network Activity” such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement;
- “Professional or Employment Related Information” such as current or past job history or performance evaluations; and
- “Inferences” such as profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
B. How We Obtain Your Personal Information
|Directly from you.
|You enter or provide us with information online, by email, by phone, by completing forms, by document upload, or via our mobile app.
For example, when you signup online to pay your bill.
|Directly and indirectly from you based on activity on our website or mobile app.
|For example, from submissions through our website or website usage details collected automatically.
|From service providers or third parties that interact with us in connection with the products and services we provide.
|For example, car dealerships, credit reporting agencies, GPS devices, or other vendors that provide data we use in underwriting or in protecting you and our products from fraud and identity theft.
C. How We Use Your Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
- Performing services on behalf of us or our service providers, such as maintaining or servicing accounts, providing customer service, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of us or our service providers. Examples of such activities:
a. To fulfill or meet the reason for which the information is provided.
b. To provide you with information, products, or services that you request from us.
c. To provide you with email alerts and other notices concerning our products or services,
or events or news, that may be of interest to you.
d. To carry out our obligations and enforce our rights arising from any contracts entered
into between you and us, including for billing and collections.
- Undertaking internal research for technological development and demonstration.
- Debugging to identify and repair errors that impair existing intended functionality.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
- To comply with our legal or regulatory obligations.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice
D. Who We Share Your Personal Information With
We may disclose your personal information to a service provider or third party. When we disclose personal information to a service provider, we enter a contract that describes the purpose and requires the service provider to both keep that personal information confidential and not use it for any purpose except performing the contract or as otherwise allowed under the CCPA. Examples of who we share with include:
- Service providers.
- Third parties:
- With companies that secure collateral we share Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Geolocation Data, Professional or Employment Related Information, and Inferences.
- With our bank / lending partners we share Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Sensory Data, Internet or Network Activity, Professional or Employment Related Information, and Inferences.
- With credit reporting agencies we share Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, and Inferences.
- With advisors such as lawyers, banks, and insurers, we share Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Biometric Data, Sensory Data, Professional and Employment Related Information, Internet or Network Activity, and Inferences.
- With governmental and regulatory agencies, we share Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Biometric Data, Sensory Data, Professional and Employment Related Information, Internet or Network Activity, and Inferences.
- With business review and/or business accreditation companies, we share Identifiers, Other Personal Information, Protected Characteristics, Commercial Information.
- With data analytics providers, we share Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Sensory Data, Professional and Employment Related Information, Internet or Network Activity, and Inferences.
E. Sale of Personal Information
We do not sell your personal information. We do not sell the personal information of minors under 16 years of age without affirmative authorization.
2. YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT OF 2018
The CCPA provides California residents with specific rights regarding their personal information – the Right to Know, the Right to Delete, the Right to Opt-Out, and the Right to Non-Discrimination. This section describes your CCPA rights and explains how to exercise those rights.
A. Right to Know
You have the right to request that we disclose certain information to you about our collection, use, and disclosures of your personal information over the past 12 months (“Right to Know”). Once we receive and verify your request, we will disclose to you:
- Categories of Personal Information Collected and Shared
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our purpose for collecting, using, and/or sharing that personal information.
- The categories of third parties with whom we share that personal information.
- If we disclosed your personal information, the categories of personal information shared with each category of third party recipients.
- Specific Information
- The specific pieces of personal information we collected about you.
We may deny your Request to Know if we are unable to verify your identity or have reason to believe that the request is fraudulent. We may also deny your request if the information is subject to an exemption under FCRA, GLBA, FIPA, or DPPA.
B. Right to Delete
You have the right to request that we delete any of your personal information that we collected and retained, subject to certain exceptions (“Right to Delete”). Once we receive and verify your request, we will delete, de-identify, or aggregate your personal information (and direct our service providers to do the same), unless an exception applies.
We may deny your Request to Delete if retaining the personal information is necessary for us or our service providers to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
- Comply with a legal obligation.
- Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
- The personal information is subject to an exemption under FCRA, GLBA, FIPA, or DPPA.
Additionally, we may deny your Request to Delete if we are unable to verify your identity or have reason to believe that the request is fraudulent.
C. Right to Opt-Out
The CCPA gives consumers the right to opt-out of the sale of their personal information (“Right to Opt-Out”). However, we do not sell your personal information. We do not sell the personal information of minors under 16 years of age without affirmative authorization.
D. Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
3. SUBMITTING A REQUEST TO KNOW OR REQUEST TO DELETE
A. How to Submit a Request
To make a Request to Know or Request to Delete, please contact us by:
Only 1) you, 2) a person authorized by you to act on your behalf, or 3) an entity registered with the California Secretary of State and authorized by you to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a request on behalf of your minor child.
You may only make a Request to Know twice within a 12-month period.
A Request to Know or Request to Delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Given the sensitivity of your personal information that we collect and retain, we will need to verify your identity with at least 3 separate pieces of information such as name, address, account number, date of birth, last 4 of your Social Security Number, phone number, etc.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- If you are submitting a Request to Know specific pieces of personal information (rather than categories), you will also need to submit a declaration under the penalty of perjury confirming that you are only requesting information about yourself.
B. Authorized Agents
Before we can respond to a Request to Know or Request to Delete submitted by an authorized agent, we need to verify not only that person or entity’s authority to act on your behalf but also verify the identity of the authorized agent.
If you are authorized to submit a request on behalf of a California resident, please email us at: firstname.lastname@example.org and provide the following information:
- To verify your authorization to request on behalf of a California resident, please attach a copy of one or more of the following to your request email:
- California Secretary of State entity details and written permission from the California resident (if the authorized agent is a business),
- written permission from the California resident (if the authorized agent is an individual), or
- a valid power of attorney
- To verify your identity, please attach copies of the following to your request email:
- Valid Government Issued ID (not expired) AND
- a utility bill, bank statement, or similar documentation to verify your name and address.
- To verify the identity of the consumer for whom you are submitting the request, please include three or more of the following with your request email:
- date of birth,
- email address,
- phone number,
- last 4 of the Social Security Number, or
- last 4 of the account number
- If you are submitting a Request to Know specific pieces personal information (rather than categories), the authorized agent will also need to submit a declaration under the penalty of perjury signed by the consumer whose information is being requested.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.
C. Response Timing and Delivery Method
We will acknowledge receipt of the request within 10 days of its receipt. We will respond to a request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
4. DO NOT TRACK SIGNALS
Our site does not respond to Do Not Track signals configured in your web browser.
5. SOCIAL MEDIA
We encourage you to review your privacy options and settings with the social media platforms and networks you use to understand what choices you have about sharing information from those platforms and networks with us.
7.HOW TO CONTACT US
If you have any questions or comments about this policy, the ways in which we collect and use your personal information, your rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Privacy Support Phone: (800) 910-8180
Privacy Support E-Mail: email@example.com
Postal Address: Quality Acceptance, LLC
14546 Hamlin Street, 3rd Floor
Van Nuys, California 91411
Version 2.0- Effective Date 5/1/2021