California Privacy Policy – Notice at Collection
Introduction
This California Privacy Policy – Notice at Collection (“CA Privacy Policy”) supplements the information contained in Safelite’s Privacy Policy and describes our privacy practices with respect to individuals who reside in the State of California (“consumers” or “you”). You should read this CA Privacy Policy alongside our Privacy Policy.
This CA Privacy Policy does not apply to information we collect when:
- You are acting as a job applicant to or employee or independent contractor of Safelite;
- You have been designated as an emergency contact for a job applicant or employee and your information has been collected for use solely within that context;
- We need your Personal Information to administer benefits obtained through an employee; or
- We are collecting or processing your information as a service provider to a third-party business. If you arrived
at this CA Privacy Policy page through a link located on a website operated by Safelite Solutions on behalf of
your automobile insurance provider and you want to understand how your insurer collects, processes, stores and
shares your personal information, and your rights related thereto, then please go to the home page for your
insurer and search for Privacy Policy.
For information on our privacy practices as they relate to any of the information collected in the above scenarios, contact us at: onlinehelp@safelite.com. Alternatively, you may send a letter to the following address:
Safelite Group, Inc.
Attn. Customer Care
7400 Safelite Way
Columbus, Ohio 43235
We adopt this CA Privacy Policy to comply with the California Consumer Privacy Act (“CCPA”), as may be amended, replaced, or superseded as well as any implementing regulations. Any terms defined in the CCPA have the same meaning when used in this CA Privacy Policy.
Information we collect about California consumers
Safelite collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). However, Personal Information for purposes of this CA Privacy Policy does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA's scope, like: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit
Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act
(FIPA), and the Driver's Privacy Protection Act of 1994.
Specifically, we collect the following categories of Personal Information:
Category Examples Do we collect this information? A. Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. Yes B. Personal Information listed in California Customer Records statute (Cal. Civ Code 1798.80(e)) A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some Personal Information included in this category may overlap with other categories.Yes C. Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). No D. Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes E. Biometric Information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No F. Internet or other similar network activity Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. Yes G. Geolocation data Physical location or movements. No H. Sensory Data Audio, electronic, visual, thermal, olfactory, or similar information. Yes I. Professional or employment related information Current or past job history or performance evaluations. Only for job applicants and employees J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Only for job applicants and employees K. Interferences drawn from other Personal Information Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. No
Sensitive Personal Information
We may also collect and use Sensitive Personal Information, as defined under California law, in limited contexts. Specifically, we at times collect information about a person’s health and a person’s social security number and driver’s license number in connection with processing casualty loss and liability claims and/or pursuing or defending legal claims. We do not use Sensitive Personal Information for purposes other than those permitted by 11 Cal. Code. of Regs. § 7027(l).
Why we collect your Personal Information
We may collect, use, or disclose the Personal Information in the above categories for the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you provide your Personal Information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings we believe are relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via mail, email, telephone calls, or text messages (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, services, marketing, and business processes.
- To respond to governmental and law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To take steps we deem necessary to protect, defend, and enforce our rights and the rights of others, including for billing and collection.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about consumers is among the assets transferred.
Notice of our collection, use, and disclosure of Personal Information in the last 12 months
In the last twelve (12) months, we have collected, used, and disclosed the following categories of Personal Information for a business purpose:
1. Categories of information collected in the last 12 months
- Category A: Identifiers.
- Category B: California Customer Records Personal Information categories.
- Category D: Commercial Information.
- Category F: Internet or other similar network activity.
- Category H: Sensory data.
2. How we collected this information
We collect the above categories of your Personal Information from the following sources:
- Directly from you. For example, from forms you complete or products and services you purchase, when you communicate with us, or when you provide us services.
- Indirectly from you. For example, from observing your actions on our Website.
- From third parties. This includes third party data brokers, web analytics tools.
3. Why we collected Personal Information?
We have collected and disclosed Personal Information in the above categories for the purposes described above.
4. Who we have disclosed this information to for a business purpose
For each of the above categories, in the past twelve months we disclosed Personal Information to our service providers that provide the following services:
- Payment processing
- Marketing and non-marketing communications
- Advertising platforms
- Data aggregation and brokerage
- Business analytics (marketing and non-marketing)
- IT and network administration such as data storage and management, website hosting, and data security
- Professional advice such as legal, accounting, tax, and business advisers
- Day-to-day business operation support such as courier services, document destruction, insurance, and electronic signature platforms
Some of the above disclosures may be considered a disclosure to a non-service provider third party for a business purpose under California law. In the past twelve months we have disclosed Personal Information to the following third parties for business purposes:
Category of Third Party | Business Purpose for Disclosure | Categories of Personal Information |
Advertising platforms (including social media companies) | Cross-context behavioral advertising | A, B, F |
Data aggregators/brokers | Data matching, append, and hygiene services; cross-context behavioral advertising | A, B, D, F |
We occasionally use third-party repair companies to fulfill orders to consumers. If we use a third-party repair company in connection with services provided to you, we may disclose your Personal Information to them for the purpose of fulfilling the service.
We may also share the above categories of Personal Information, excluding Sensitive Personal Information, with advertising platforms and data aggregation and brokerage companies for cross-context behavioral advertising purposes, improving the quality of your website experience, the performance of our advertisements, facilitate engagement with you and display relevant information to you. For more detailed information review the Cookies and Automatic Data Collection Technologies and Third-Party Use of Cookies and Other Tracking Technologies sections of the Privacy Policy.
Retention
We maintain Personal Information in accordance with our record retention policies which are informed by business needs and our legal and contractual obligations. For more detailed information, review the Data Retention sections of the Privacy Policy.
Your Rights and Choices
California law provides consumers with specific rights regarding their Personal Information. This section describes your privacy rights and explains how to exercise those rights.
A. Right to Know– Specific Pieces of Personal Information and/or Categories of Personal Information
You have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Introduction), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you.
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
B. Right to Delete Personal Information
You have the right to request that we delete any of your Personal Information that we collected and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Introduction), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny a deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms or a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Help to ensure security and integrity to the extent the use of the Personal Information is reasonably necessary and proportionate for those purposes.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and that are compatible with the context in which you provided the information.
- Comply with a legal obligation.
C. Right to Correct Inaccurate Personal Information
You have the right to request that we correct inaccurate Personal Information we maintain regarding you. You may provide us with documentation to support your request and we will consider it. We will provide you with instructions for supplying supporting documentation after you make your request.
We may decline to correct the Personal Information if we determine based on the totality of the circumstances that the Personal Information we have on file is more likely than not accurate. We may also deny the request if we determine it is likely fraudulent or abusive. If we decline to correct the Personal Information, you may request that we note in our records and notify any service providers and third parties to whom we disclosed the allegedly erroneous information that its accuracy has been disputed.
We may choose to delete the contested Personal Information instead of correcting it.
D. Exercising Your Know, Deletion, and Correction Rights
- How to submit requests. The fastest and most efficient way to exercise your rights described above, is to submit a verifiable consumer request to us by clicking here to submit the request online or copy and pasting this into your browser: https://privacyportal.onetrust.com/webform/d3b95a93-e22e-4d4d-a806-482052406557/draft/48f5d98d-2135-41f2-a54a-701815a0247a. If you are having difficulty with the weblinks then call us at the number below.
- Who may submit requests. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may designate an authorized agent in writing to make a request on your behalf.
- How often can you submit requests. You may only make a Right to Know request twice within a 12-month period. You may not make a Correction request if we previously denied a Correction request in the prior six months regarding the same alleged inaccuracy unless you provide new or additional documentation to support your claim that the information is inaccurate.
- How we verify and respond to requests.
- Your request must be verifiable. That means that you, or your authorized agent, must provide sufficient information that allows us to reasonably verify that you are the person about whom we collected Personal Information or an authorized agent of that person with written permission from the consumer or a power of attorney to act on their behalf.
- We may verify your request:
- Through our existing authentication practices for your password-protected account with us, if you have one. Making a verifiable consumer request does not require you to create an account with us, if you do not make a request through an account with us.
- If you do not have a password-protected account with us, we may require you to provide certain information such as first name, last name, phone number, service address, and/or invoice number to verify your identify.
- Regardless of whether or not you have a password-protected account with us, if we are required by law to verify your identity to a reasonably high degree of certainty, we may require you to verify additional pieces of information and/or sign a declaration under penalty of perjury verifying your identity and request.
Your verifiable consumer request must also describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
We will only use Personal Information provided in a request to verify the requestor's identity or authority to make the request and fulfill or deny the request. We may retain Personal Information provided in connection with your request for at least two (2) years as required by law.
Response Timing and Format.
We will acknowledge receipt of your request within ten (10) business days from its receipt.
We endeavor to respond to a verifiable consumer request within forty-five (45) days from its receipt. If we require more time, up to a maximum of ninety (90) days from receipt, we will inform you of the reason and extension period in writing.
If you have a password-protected online account with us, we will deliver our written response to that account. If you do not have a password-protected online account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. If you requested a copy of the specific Personal Information we have on file about you, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We will not provide certain Personal Information in response to a request when the information is too sensitive, for example your social security number, financial account number, or account passwords.
- We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
E. Opting Out.
If you would like to opt out of the sale or sharing of your Personal Information, you may do so using our Do Not Sell/Share My Personal Information online form by clicking here or copy and pasting this into your browser: https://privacyportal.onetrust.com/webform/d3b95a93-e22e-4d4d-a806-482052406557/draft/48f5d98d-2135-41f2-a54a-701815a0247a. We will also recognize browser-based opt-out signals as provided under law. If we receive an opt-out signal and are able to identify the consumer to whom the signal relates, we will treat the signal as a request to opt out related to all Personal Information we have on file for the consumer. If we receive an opt-out signal and are not able to identify the consumer to whom the signal relates, we will treat the signal as a request to opt out limited to the Personal Information we collect from the consumer during the online session during which the signal is present.
If you do not want us to use your contact information to promote our own products and services, or third parties’ products or services, via email you can opt-out by submitting your information here: https://www.safelite.com/email-unsubscribe, or by sending us an email with your request to onlinehelp@safelite.com. You may also opt-out of further email marketing communications by replying to any promotional email we have sent you or following the opt-out links on that message.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. You have a right not to receive discriminatory treatment by us for exercising your privacy rights.
Other California Privacy Rights
California’s "Shine the Light" law (Civil Code Section § 1798.83) permits users of websites that are California residents to request certain information regarding a website operator’s disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for those third parties to use for their own direct marketing purposes.
Who to Contact for more information
For questions or concerns about our privacy policy and practices, you can contact us at the method set forth below.
Email: onlinehelp@safelite.com
Phone: 1-800-270-5679
Mailing Address:
Safelite Group, Inc.
Attn. Customer Care
7400 Safelite Way
Columbus, Ohio 43235