Privacy Policy

Introduction

Thank you for doing business with Private Auto, Inc, a Utah corporation dba DealNow (“DealNow,” “Company,” “our,” “us,” or “we”). We respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”) to help our website visitors, contractors, employees, current and potential customers, end users, and other business partners (“you” or “your,”) understand what Data we process, how and why we do so, and what your rights are regarding that Data. This Policy describes the types of Data we may process from you or that you may provide when you visit our websites, web applications, mobile applications, or other services and tools (collectively, our “Services”) and our practices for processing such information.

This Policy applies to Data we process on the Services and in email, text, and other electronic messages between you and us through the Services.

This Policy does not apply to information processed by us offline or through any other means, including on any other website operated by Company, its affiliates, or subsidiaries (which website(s) have their own privacy policy) or any third party including through any application or content (including advertising) that may link to or be accessible from or on the Services. 

In this Policy, we use the word “Data” to describe all the information we process that relates to you and your use of our Services. “Data” is broken into different categories, which are defined throughout this Policy. We may refer to the different categories separately, but when we use the word “Data,” we mean all the different categories described in this Policy. Because of the nature of our Services, the term “Data” also includes the information, including personally identifiable information, you gather, upload, or is otherwise processed when you use the Services. We do not process such Data without your consent. We rely on your compliance with our Terms of Use or other agreement(s) you may have with us to process your Data.

The term “Data” does not apply to information which does not relate to an identified or identifiable individual or to personal information or data rendered anonymous in such a manner that the individual is not or no longer identifiable (“Anonymized Data”). We hold all rights in and may use Anonymized Data for our own purposes in any legal manner and without attribution or compensation to any person.

Please read this Policy carefully to understand our policies and practices regarding your information and how we will process it. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using the Services, you acknowledge and consent to our processing of your information as detailed in this Policy and our Terms of Use. This Policy may change from time to time (see Changes to Our Policy section). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

Lawful Basis for Processing

Many jurisdictions require that we disclose to you the lawful basis for our processing of your Data. We do that throughout this Policy. In general, our lawful basis for processing your Data is based on your specific consent or your contract with us.  

By accessing or using any of the Services or by otherwise interacting with us online, you consent to our processing of your Data as described in this Policy. If our processing of your Data is based on your consent, you may withdraw your consent at any time, and we will cease processing your Data. However, in some cases, this may result in your inability to receive partial or full access to the Services, and your withdrawal of consent does not limit our ability to use Anonymized Data for use by us in connection with our legitimate business efforts in the future. In addition, your withdrawal of consent may not prevent us from processing Data if we have processed such Data pursuant to a different lawful basis or to preserve legal claims. For example, if you give your consent for us to process your Data, but we are also required by law to process your Data, that separate “lawful basis” will still apply, even if you withdraw your consent.

When you enter into an agreement with us, either by registering for and accessing the Services, by executing an agreement in hard copy, or by clicking “I Accept” or similar language online, we will process your Data for the purposes of fulfilling the terms of our contract with you. In that case, our processing of your Data is based on the contract, so your withdrawal of consent will only be effective after the purposes for processing that Data have been fulfilled and after we no longer have a legal obligation to process that Data.

In all cases, we will comply with applicable law and we will cease processing your Data after the legal right, obligation, or other lawful basis expires.

Data We Process About You 

We process several types of Data from and about you, including

• Personally identifiable information that you provide to us on the Services regrading you or your vehicle when you create a user account, which may include first and last name, home or other physical address, an email address, phone number or other contact information, vehicle registration/titling information, information regarding your vehicle and its history;
• Data about your internet connection, the equipment you use to access our Services, and usage details;
• Data you provide directly to us when you type information into our forms online, including Data provided at the time of registering to use our Services, posting material, or requesting further services;
• Records and copies of your correspondence (including email addresses), if you contact us via email or other messaging platforms.
• Your responses to surveys that we might ask you to complete for research purposes.
• Details of transactions you carry out through our Services.

We may also process supplemental mobile Data including: 

• Your voice data. If you give us permission, this enables us to process the voice commands captured via your device microphone to enable you to interact with the Services with your voice. Please note you will always have the ability to turn off the microphone feature.
• Your precise mobile device location. If you give us permission to access your precise location, this enables us to access your GPS or Bluetooth to provide location-aware functionality in the Services. Please note that this does not include your IP address. We use your IP address to determine non-precise location, for example, what country you are in to comply with our licensing and other agreements.
• Your photos and videos. If you give us permission to access your photos, videos, or camera, we will only access images and videos that you specifically choose to share with us and metadata related to those images, such as the type of file and the size of the image. We will never scan or import your photo library or camera roll.

You also may provide Data to be published or displayed (hereinafter, “posted”) on public areas of the Services, or transmitted to other users of the Services or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Additionally, we cannot control the actions of other users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Process Through Automatic Data Processing Technologies

As you navigate through and interact with our Services, we may use automatic data processing technologies to process certain Data about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Services.
• Data about your computer and internet connection, including your IP address, operating system, and browser type.

   

The Data we process automatically may include personally identifiable information and we may process it with personal information we process in other ways or receive from third parties. Such Data helps us to improve our Services and deliver a better and more personalized Service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Process Data about your preferences, allowing us to customize our Services according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Services.

The technologies we use for this automatic data processing may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept some browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services.
• Web Beacons. Pages of the Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
• Geolocation. We may process geolocation (or other similar) technology when you use our Services to determine your current location. If you do not want us to process your location to provide you the Services, you can turn off your location services in your device’s settings.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Services are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to process information about you when you use our Services. The Data they process may be associated with your personally identifiable information or they may process Data about your online activities over time and across different websites and other online services. They may process this Data to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly or use a web browser or browser extension that limits tracking technology (such as the Brave browser). For information about how you can opt out of this processing, you can visit our Do Not Sell or Share My Personal Information webpage located here.

Third Party Services

We utilize Plaid Inc. (“Plaid”) to process your Data from your financial institutions to perform the Services. By using the Services, you grant us and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial Data from your relevant financial institution. You agree to your personal and financial Data being processed by Plaid in accordance with the Plaid end user privacy policy. Additionally, if you choose to open an account with USAlliance Federal Credit Union, you understand that such account is issued by USAlliance Federal Credit Union and you conform acceptance of USAlliance Federal Credit Union’s privacy policy.

How We Process Your Data

We process Data about you or that you provide to us, including any personally identifiable information:

• To present our Services and its contents to you.
• To provide you with information, products, or services that you request from us.
• To fulfill any other purpose for which you provide such Data.
• To provide you with notices about your account, including expiration and renewal notices.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Services or any products or services we offer or provide through it.
• In any other way we may describe when you provide the Data.
• For any other purpose, but only after notice to you, and with your consent.

We may process the Data from you to enable us to display advertisements to our advertisers’ target audiences.

Disclosure of Your Information

We may disclose Anonymized Data without restriction. We may disclose Data that we process

• To our subsidiaries, affiliates, contractors, and service providers to the minimal extent necessary to support the fulfillment of the Services and for no other purpose or disclosure.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Data processed by us about our Service’s users is among the assets transferred.

We may also disclose your Data:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our customers, or others.
• In the event of an unforeseen circumstance, only with your explicit consent.

“Do Not Track” Options

Your web browser(s) may offer a “Do Not Track” option, which allows the individual to signal to operators of websites and web applications and services (including behavioral advertising services) that he or she does not wish such operators to track certain of his or her online activities over time and across different websites. We do our best to support Do Not Track requests but cannot guarantee full support based on the variety of internet browsers and technologies which means that we may process Data about your online activity both while you are using the Services and after your use of the Services.

Your Rights Regarding Your Data

Under applicable data protection, privacy, and other laws, you may have certain rights related to your access and control of your Data. Such rights may include the following:

1. The right to access, correct, update, or request deletion of your Data. 
2. The right to object to processing or restrict the processing of your Data (Please note that if you exercise this right, it may limit or eliminate our ability to provide you the Services).
3. The right to request portability of your Data.
4. The right to opt-out of marketing communications we send you. You can exercise this right by clicking the “Unsubscribe” or “Opt-Out” link found in these communications.
5. The right to not be subject to a decision based solely on automated processing, including profiling, known as Automatic Decision Making. 
6. The right to submit a complaint to any applicable regulatory authority about our processing activities.
7. The right to opt-out of us sharing (as defined in the CPRA) your Data, including for direct marketing purposes, subject to certain legal exceptions.
8. The right to limit use, disclosure, and restrict sensitive personal information (as defined in the CPRA).

We may use additional processes to verify your identity before we reveal or delete any of your Data, including two-factor or two-step authentication measures to ensure we can identify you.

This list may not include all of your rights under applicable laws. If you believe you have additional rights, please contact us using the methods in this Policy.

Please note that exercising any of the above rights may limit or eliminate our ability to provide you the Services. If so, we may terminate the Services due to such requests.

We will try to comply with your request(s) as soon as reasonably practicable and at the very least as required under applicable law. Upon receipt of your written request, we will provide you with a copy of your Data, although in certain limited circumstances we may not be able to make all relevant Data available to you, such as where that Data also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request.

Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages while continuing to use the Services.

Further, you may opt-out or disable certain functions on your particular device, preventing us from processing Data. For example, you may disable geolocation or GPS functionality on your mobile device or disable push notifications. If you disable such features, your ability to use and access the Services may be limited.

To exercise any of these rights, or if you have any questions about our processing of your Data, please contact us at support@privateauto.com or at our toll-free number: 855-704-3998.

A. Privacy for EU/UK Residents

The Regulation (EU) 2016/679 (General Data Protection Regulation) made effective in Europe on May 25, 2018 (“GDPR”) requires that we clearly describe to data subjects the Data we process and how we use that Data. This Policy does that and if you have any questions for us regarding our data processing, please contact us at support@privateauto.com. We comply with the GDPR requirements to the extent they apply to us.

We are based in the United States. By accessing or using the Services or otherwise providing information to us, you understand that your Data will be subject to processing in and to the United States and in our other locations.

Due to the nature of our Services, we act as either a “controller” or a “processor” as defined under the GDPR and depending on your relationship with us. If you believe that this role should be defined differently, please contact us at support@privateauto.com.

Pursuant to the GDPR, residents of the EU (and the EEA, as applicable) have the right to obtain our confirmation of whether we maintain personal information relating to them in the United States. If you are a resident of Europe, upon request from you, we will provide you with access to the Data that we process about you. Please contact us if you have any questions.

Further, if you are a resident of the United Kingdom (“UK”), to the extent the GDPR as incorporated into UK law pursuant to s.3 of the European Union (Withdrawal Act) 2018 (as amended, the “UK GDPR”) applies to us, we will follow all supplemental requirements under the UK GDPR and you have all rights as a UK citizen under the UK GDPR.

B. Privacy for California Residents

California adopted the California Consumer Privacy Act (“CCPA”), which took effect at the beginning of 2020 and has now adopted the California Privacy Rights Act (“CPRA”), which fully took effect January 1, 2023. We comply with the requirements of the CCPA and CPRA to the extent they apply to us.  

If you are a California resident, you may request to exercise your rights for any Data we have processed in the 12 months prior to your request. Such request covers any categories, sources, purposes, and, if applicable, third parties to whom we share the Data. Further, you can exercise any of your rights free of discrimination, for example, we cannot increase the price of the Services or decrease the quality of the Services because you exercise your rights.

Due to the nature of our Services, we typically may act as a “business” or “service provider” as defined under the CCPA and CPRA and depending on your relationship with us. If you believe that this role should be defined differently, please contact us at support@privateauto.com or at our toll-free number: 855-704-3998.

For more information, please direct your questions to us at support@privateauto.com or at our toll-free number: 855-704-3998.

C. Other Data Privacy and Protection Laws

We strive to comply with all data protection and privacy laws in applicable jurisdictions, to the extent such laws apply to us and our Services. We strive to be transparent about our data processing activities and have disclosed our practices throughout this Policy. If you have any questions about your rights under any applicable data protection and privacy laws, please contact us support@privateauto.com or at our toll-free number: 855-704-3998.

Security

The security of your Data is important to us. We use commercially reasonable efforts to process your Data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Data that you provide to us. We have implemented procedures designed to limit the dissemination of your Data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

Data Retention

We will process your Data for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may process certain Data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of Anonymized Data, account recovery, or if required by law. All retained information will remain subject to the terms of this Policy.

Amendments to this Policy

We reserve the right to change this Policy at any time. If we decide to change this Policy in the future, we will post or provide appropriate notice. Unless stated otherwise, our current Policy applies to all Data that we have about you and your account. The date on which the latest update was made is indicated at the top of this document. We recommend that you print a copy of this Policy for your reference and revisit this Policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.

Our Partners and their Privacy Policies

We use VINdata to provide vehicle values, VIN information, and vehicle history reports for vintage vehicles. View here

We use Plaid IDV to verify drivers licenses. View here

We use Google Analytics for general site traffic management. View here

We use Twilio and Plaid for verifying phone numbers. View here

We use Plaid to connect your financial institution with USALLIANCE Financial. View here

We use USALLIANCE Financial for our account processing services. View here

We use ActiveCampaign for our email campaigns and account notifications. View here

We use AutoCheck to provide our vehicle history reports. View here

We use RunBuggy to provide car shipping and transport services. View here

We use Hotjar to provide visual behavior insights and in-the-moment feedback for product development. View here

We use LemonSquad to provide used car inspection services. View here

We use Prove to verify your identity via your wireless carrier. View here