CCPA/CPRA & VCDPA Notice of Collection, Disclosure, & Privacy Policy
Effective Date: January 1, 2023
Last Reviewed: January 9, 2023
Revised on: January 1, 2023
Privacy Notice for California and Virginia Residents
This section supplements the information contained in our Privacy Policy and applies solely to clients, visitors, users, and others who reside in the State of California or in the State of Virginia (“consumers” or “you”). We adopted this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act (“CPRA”), other California privacy laws, as well as the Virginia Consumer Data Protection Act (“VCDPA”). Any terms defined in the CCPA, CPRA and VCDPA have the same meaning when used in this notice.
Information We Collect and Process
We process the following categories of Personal Information and/or Personal Identifiable Information (hereafter, “Personal Information” or “PII”) as indicated with a “yes” below:
| Category | Whether we collect it or not? | Whether we disclosed it in the preceding 12 months or not? | Whether we disclosed it for a business purpose in the preceding 12 months or not? | Examples |
| Category A – Identifiers | Yes | Yes | Yes | A real name, IP address, postal address, email address, social security number, driver’s license number or other similar identifiers.
|
| Category B – Personal Information as defined in the California Civil Code Section 1798.80(e) and/or any information that identifies, relates to, describes, or is capable of being associated with, a particular individual | Yes | Yes | Yes | A name, signature, contact information such as address and telephone number, employment, employment history, or financial information.
But we do not store any payment or credit card information. We only use payment information in connection with purchases of BRP products.
|
| Category C – Characteristics of Protected Classification under California, Virginia or federal law | Yes | Yes | Yes | We have access to age brackets and gender information on an aggregated basis through Google Analytics, which we use for statistical purposes.
|
| Category D – Commercial information | Yes | Yes | Yes | Transaction information, purchase history such as records of vehicles, product or services purchased or other purchasing or consuming histories or tendencies, financial details and payment information.
But we do not store any payment or credit card information. We only use payment information in connection with purchases of BRP products.
|
| Category E – Biometric information | No | No | No | Fingerprints and voiceprints.
|
| Category F – Internet or other electronic network activity information | Yes | Yes | Yes | Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements.
|
| Category G – Geolocation data | Yes | Yes | Yes | Device location.
|
| Category H – Audio, electronic, visual and similar information | Yes | Yes | Yes | Service call recordings, images and 3D models created in connection with our business activities.
|
| Category I – Professional or employment-related information | Yes | Yes | No | Occupation, job title, or professional association membership information.
|
| Category J – Education information | Yes | Yes | No | Education level on the basis of postal codes.
|
| Category K – Inferences drawn from any of the Personal Information listed above | Yes | Yes | Yes | To create a profile or summary about, for example, an individual’s preferences and likelihood to purchase our vehicles, products or services.
|
Categories A, B, C, D, F, G and K could constitute sensitive Personal Information, depending on the nature of the services and the context.
We collect the categories of Personal Information listed above from you and from other categories of sources, which sources are further detailed in the section “INFO WE COLLECT ABOUT YOU” of our Privacy Policy.
Use of Personal Information
We may use this Personal Information, including any sensitive Personal Information, to accomplish our business purposes and objectives, as further described in the section “PURPOSE FOR WHICH WE PROCESS PII” of our Privacy Policy. We use certain type of Personal Information for profiling purposes.
Disclosing Personal Information
We may disclose the Personal Information we collected on you, as detailed above, to a limited range of third parties. We refer you to the section “RELEASE OF INFO” of our Privacy Policy for more details.
Retention of Personal Information
We may retain this Personal Information, including any sensitive Personal Information, only for as long as necessary for the purpose for which we obtained it and for any other permitted ancillary purposes, as further described in the section “RETENTION OF PII” of the Privacy Policy.
Sales of Personal Information
We do not sell your Personal Information to third parties for their commercial purposes, except when you specifically allow us to do so.
In the preceding twelve (12) months, we have not sold any Personal Information. Please also note that any third parties who would purchase the Personal Information we hold, would be prohibited from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
Your Rights and Choices
You have certain rights regarding your Personal Information, as described in the section “DATA SUBJECT RIGHTS” of our Privacy Policy. Under the CCPA, CPRA and VCDPA you also have the specific rights described below:
CCPA and CPRA:
(a) Right to request that we disclose to you:
(i) if we process your Personal Information and, where applicable, the categories of personal information we collected about you and the categories of sources from which we collected such information;
(ii) the specific pieces of personal information we collected about you;
(iii) the business or commercial purpose for collecting Personal Information about you; and
(iv) the categories of personal information about you that we shared or disclosed and the categories of third parties with whom we shared or to whom we disclosed such information in the preceding 12 months.
(b) Right to request that we delete (and direct our service providers to delete) Personal Information we collected from you subject to certain exceptions. We may deny your deletion request in certain circumstances, including for health or safety related matters, such as safety recall or warranty matters regarding your 505 product(s), in order to comply with a legal obligation or as otherwise provided for in the CCPA and CPRA.
(c) Right to not be discriminated against in pricing and services because you exercise any of your rights under the CCPA and CPRA. We do not offer financial incentives or price or service differences to consumers in exchange for the retention or sale of a consumer’s personal information.
(d) Right to direct us not to sell or share your Personal Information at any time (the “right to opt-out”).
(e) Right to direct us to limit our use and disclosure of sensitive personal information at any time, to that use which is necessary to perform the services or provide the goods.
(f) Right to request that we correct inaccurate Personal Information about you, taking into account the nature and the purposes of processing of the Personal Information.
(g) Right to not be retaliated against for exercising your rights.
VCDPA:
You have all the above rights, as well as the following:
(a) Right to obtain a copy of your Personal Information that you have previously provided us in a portable and, to the extent technically feasible, readily usable format, where the processing is carried out by automated means.
(b) Right to opt out of the processing of your Personal Information for purposes of targeted advertising, sale of your Personal Information or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
Exercising Your Rights
You can exercise your rights described above, by submitting a verifiable consumer request to us either:
- by email at privacy.505games@505games.it; or
- by faxing us at +39 02 4130399
To exercise the right to opt-out and limit the use and disclosure of sensitive Personal Information, you may submit a request to us by clicking here: Do Not Sell or Share My Personal Information or here: Limit Use and Disclosure of Sensitive Personal Information. Once you make an opt-out request, we will wait at least 12 months before asking you to reauthorize Personal Information sales.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may be required to submit proof of your identity for these requests to be processed as a verifiable consumer request and we may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with Personal Information in our possession.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Appeal
You may appeal our refusal to take action on a request within a reasonable period of time after you have been notified of our decision. To exercise your right of appeal, you may send an email at privacy.505games@505games.it or by fax at +39 02 4130399.
Changes
We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will post the updated Privacy Policy including this Privacy Notice on our websites and update the effective date identified at the top left of this Privacy Notice. Your continued use of our websites following the posting of changes constitutes your acceptance of such changes.