CCPA/CPRA & VCDPA Notice of Collection, Disclosure, & Privacy Policy
Supplemental Privacy Notice for California, Virgnia, Colorado, Connecticut, Nevada and Utah (Notice of Collection, Disclosure, & Privacy Policy)
Effective Date: January 1, 2024
Revised on: January 1, 2024
Privacy Notice for California Residents
This section supplements the information contained in our Privacy Policy and applies solely to clients, visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopted this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act (“CPRA”) as well as other California privacy laws. Any terms defined in the CCPA and CPRA have the same meaning when used in this notice.
Information We Collect and Process
We process the following categories of Personal Information and/or Personal Identifiable Information (hereafter, “Personal Information” or “PII”) as indicated with a “yes” below:
| Category | Whether we collect it or not? | Whether we disclosed it in the preceding 12 months or not? | Whether we disclosed it for a business purpose in the preceding 12 months or not? | Examples |
| Category A – Identifiers | Yes | Yes | Yes | A real name, IP address, postal address, email address, social security number, driver’s license number or other similar identifiers.
|
| Category B – Personal Information as defined in the California Civil Code Section 1798.80(e) and/or any information that identifies, relates to, describes, or is capable of being associated with, a particular individual | Yes | Yes | Yes | A name, signature, contact information such as address and telephone number, employment, employment history, or financial information.
But we do not store any payment or credit card information. We only use payment information in connection with purchases of BRP products.
|
| Category C – Characteristics of Protected Classification under California, Virginia or federal law | Yes | Yes | Yes | We have access to age brackets and gender information on an aggregated basis through Google Analytics, which we use for statistical purposes.
|
| Category D – Commercial information | Yes | Yes | Yes | Transaction information, purchase history such as records of vehicles, product or services purchased or other purchasing or consuming histories or tendencies, financial details and payment information.
But we do not store any payment or credit card information. We only use payment information in connection with purchases of BRP products.
|
| Category E – Biometric information | No | No | No | Fingerprints and voiceprints.
|
| Category F – Internet or other electronic network activity information | Yes | Yes | Yes | Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements.
|
| Category G – Geolocation data | Yes | Yes | Yes | Device location.
|
| Category H – Audio, electronic, visual and similar information | Yes | Yes | Yes | Service call recordings, images and 3D models created in connection with our business activities.
|
| Category I – Professional or employment-related information | Yes | Yes | No | Occupation, job title, or professional association membership information.
|
| Category J – Education information | Yes | Yes | No | Education level on the basis of postal codes.
|
| Category K – Inferences drawn from any of the Personal Information listed above | Yes | Yes | Yes | To create a profile or summary about, for example, an individual’s preferences and likelihood to purchase our vehicles, products or services.
|
Categories A, B, C, D, F, G and K could constitute sensitive Personal Information, depending on the nature of the services and the context.
We collect the categories of Personal Information listed above from you and from other categories of sources, which sources are further detailed in the section “INFO WE COLLECT ABOUT YOU” of our Privacy Policy.
Use of Personal Information
We may use this Personal Information, including any sensitive Personal Information, to accomplish our business purposes and objectives, as further described in the section “PURPOSE FOR WHICH WE PROCESS PII” of our Privacy Policy. We use certain type of Personal Information for profiling purposes.
Disclosing Personal Information
We may disclose the Personal Information we collected on you, as detailed above, to a limited range of third parties. We refer you to the section “RELEASE OF INFO” of our Privacy Policy for more details.
Retention of Personal Information
We may retain this Personal Information, including any sensitive Personal Information, only for as long as necessary for the purpose for which we obtained it and for any other permitted ancillary purposes, as further described in the section “RETENTION OF PII” of the Privacy Policy.
Sales of Personal Information
We do not sell your Personal Information to third parties for their commercial purposes, except when you specifically allow us to do so.
In the preceding twelve (12) months, we have not sold any Personal Information. Please also note that any third parties who would purchase the Personal Information we hold, would be prohibited from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
Your Rights and Choices
You have certain rights regarding your Personal Information, as described in the section “DATA SUBJECT RIGHTS” of our Privacy Policy. Under the CCPA and CPRA you also have the specific rights described below:
CCPA and CPRA:
(a) Right to request that we disclose to you:
(i) if we process your Personal Information and, where applicable, the categories of personal information we collected about you and the categories of sources from which we collected such information;
(ii) the specific pieces of personal information we collected about you;
(iii) the business or commercial purpose for collecting Personal Information about you; and
(iv) the categories of personal information about you that we shared or disclosed and the categories of third parties with whom we shared or to whom we disclosed such information in the preceding 12 months.
(b) Right to request that we delete (and direct our service providers to delete) Personal Information we collected from you subject to certain exceptions. We may deny your deletion request in certain circumstances, including for health or safety related matters, such as safety recall or warranty matters regarding your 505 product(s), in order to comply with a legal obligation or as otherwise provided for in the CCPA and CPRA.
(c) Right to not be discriminated against in pricing and services because you exercise any of your rights under the CCPA and CPRA. We do not offer financial incentives or price or service differences to consumers in exchange for the retention or sale of a consumer’s personal information.
(d) Right to direct us not to sell or share your Personal Information at any time (the “right to opt-out”).
(e) Right to direct us to limit our use and disclosure of sensitive personal information at any time, to that use which is necessary to perform the services or provide the goods.
(f) Right to request that we correct inaccurate Personal Information about you, taking into account the nature and the purposes of processing of the Personal Information.
(g) Right to not be retaliated against for exercising your rights.
Shine a Light
California Civil Code Section 1798.83, also known as the “Shine a Light” law, permits California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and address of all third parties with which we shared personal information in the immediately preceding calendar year. If you would like to make such a request, please submit your request in writing to us using the information provided below.
Supplemental Privacy Notice for Colorado, Connecticut, Nevada, Utah and Virginia
We are providing this notice to Colorado, Connecticut, Nevada, Utah and Virginia residents on the basis of:
- Colorado Privacy Act 2021 (“CPA”);
- Connecticut Act Concerning Personal Data Privacy and Online Monitoring 2022 (“CTDPA”);
- Nevada Revised Statutes Chapter 603A 2019 (“Chapter 603A”);
- Virginia Consumer Data Protection Act 2021 (“VCDPA”);
- Utah Consumer Privacy Act of 2022 (the “UCPA”)
Defined terms from the main Privacy Notice are used in this Supplemental Privacy Notice for Colorado, Connecticut, Nevada, Utah and Virginia.
Right to Access
Subject to certain exceptions, you have the right to confirm whether we are processing your personal data and to access your personal data.
Right to Correct
You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing.
Right to Delete
Subject to certain exceptions, you have the right to delete personal data provided by or obtained about you.
Right to Portability
You have the right to obtain a portable copy of the personal data that you provided to us.
Right to Non-Discrimination
If you choose to exercise any of your rights under the CTDPA or VCDPA we will not differentiate our services as a result of your decision.
Right to Opt Out
We are required by law to provide transparency about the personal information we “sell”. For purposes of the Chapter 603A and VCDPA a “sale” means any instance in which we share personal information with third parties in exchange for monetary consideration. Pursuant to the CPA and CTDPA a “sale” is the exchange of personal data for monetary or other valuable consideration by a controller to a third party.
We do not share personal information with third parties for monetary value. To the extent that “sale” under the CPA and CTDPA is interpreted to include data collection on our Services by third-party analytics providers, Colorado and Connecticut residents are entitled to opt out of such “sales”. Colorado, Connecticut, Nevada, Utah and Virginia residents also have the right to opt out of targeted advertising (as defined under the applicable law).
If you are a resident of Colorado, Connecticut, Nevada or Virginia, you can make a request to opt out of our sale of your personal information by emailing us at [email protected]. Please note that certain information may be exempt from such requests in some circumstances.
Disclosure for Colorado, Virginia, Utah, and Connecticut consumers:
We do not sell or share Personal Information to Third Parties or process Personal Information for purposes of targeted advertising, as the terms “sell,” “share,” “process,” and “targeted advertising” are defined in the CPA, VCDPA, UCPA, and CDPA.
Clauses applicable to all states covered in the Supplemental Privacy Notice for California, Virginia, Colorado, Connecticut and Nevada
Financial Incentives
We do not offer financial incentives in exchange for providing your personal information.
Do Not Track Signals
We do not currently change our behavior in response to web browser “do not track” signals. However, you can configure most browsers to reject cookies or to notify you when you are sent a cookie, giving you a chance to decide whether or not to accept it. You can consult the help section of your browser to learn how to do this. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. In the event that a universally accepted standard emerges on how businesses should respond to “do not track” signals, we will re-assess how to respond to those signals.
Minors
We do not knowingly collect personal information of minors under the age of 16, nor are our services developed for, offered to, or directed at children under the age of 16. If you believe that we have collected information of a child under the age of 16, please contact us and we will take appropriate action.
Exercising Your Rights
You can exercise your rights described above, by submitting a verifiable consumer request to us either:
- by email at [email protected]; or
- by faxing us at +39 02 4130399
To exercise the right to opt-out and limit the use and disclosure of sensitive Personal Information, you may submit a request to us by clicking here: Do Not Sell or Share My Personal Information or here: Limit Use and Disclosure of Sensitive Personal Information. Once you make an opt-out request, we will wait at least 12 months before asking you to reauthorize Personal Information sales.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may be required to submit proof of your identity for these requests to be processed as a verifiable consumer request and we may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with Personal Information in our possession.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Appeal
You may appeal our refusal to take action on a request within a reasonable period of time after you have been notified of our decision. This section does not apply to California or Utah consumers To exercise your right of appeal, you may send an email at [email protected] or by fax at +39 02 4130399.
Changes
We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will post the updated Privacy Policy including this Privacy Notice on our websites and update the effective date identified at the top left of this Privacy Notice. Your continued use of our websites following the posting of changes constitutes your acceptance of such changes.
Use of an Authorized Agent
You can appoint a person or a business entity registered with the Secretary of State to act on your behalf. In order to do so, you must provide direct confirmation that you have granted the authorized agent the authority to act on your behalf, or a power of attorney as authorized in the applicable laws. We may request more information from you or the authorized agent if needed to verify the authorized agent’s identity or to avoid any breach of security, or instances of fraud.
Contact Us
If you have any questions regarding this Supplemental Privacy Notice for the USA, or our privacy practices, you can contact us at [email protected] or [email protected].