Last updated: November 19th, 2024

This statement covers the data processing practices that DealerX Partners, LLC (“DealerX”, “Processor”, “we”, “our” or “us”) performs as a data processor on behalf of our clients (the “Data Controllers”) through the DealerX Platform (the “Platform”). It also describes the choices available to you regarding our use of your personally identifiable information (“PII”) and how you can access and update this information.

As a data processor, DealerX processes personal information only under the documented instructions of our Data Controllers and in accordance with our contractual obligations. Data Controllers maintain primary control and responsibility over the collection and use of personally identifiable information (“PII”) from their users, including providing necessary notices and obtaining required consents.

Our Platform processing activities are separate from the technology or systems of Data Controllers or their partners. While Data Controllers may integrate our Platform with their systems, DealerX processes data solely as instructed by the Data Controller and in accordance with our Controller Processor Agreement.

Acting as a data processor, DealerX aggregates automotive shopping behavior data from Data Controllers’ websites using our data collection script. Under Data Controller instructions, we process:

  • Website session activity
  • User PII entered into form fields (e.g., name, phone, email)
  • Data from users arriving through links containing unique identifiers
  • CRM data provided by Data Controllers

PII is processed only as authorized by the Data Controller and made available exclusively to:

  • The Data Controller who owns the website/data
  • Third parties specifically designated by the Data Controller
  • DealerX (solely for processing purposes)

Under Data Controller instructions, website session activity data is:

  • Aggregated to create individual profiles
  • Combined with other data
  • Used to generate industry insights
  • Analyzed to understand user trends and demands
  • Applied to improve user experiences
  • Utilized to optimize advertising efficiency
  • Processed to match users with appropriate products at advertised costs

All processing activities are conducted in accordance with:

  • Our Controller Processor Agreement
  • Data Controller instructions
  • Applicable privacy laws and regulations
  • Industry standard security practices

For information about our corporate website privacy practices (where we act as a data controller), please refer to our separate Website Privacy Policy.


The Data Our Platform Collects

The Platform collects pseudonymous data about users, households, devices, and ads and where they’re shown. This includes:

  • Unique cookie and device identifiers.
  • Mobile device advertising identifiers.
  • User identifiers from third-party providers.
  • IP addresses.
  • Web browsing history from advertising impressions we see.
  • Interest information inferred by us from web browsing history.
  • Interest information stored and/or used on the Platform by clients and partners.
  • General Location information based on IP address or other types of information if provided to us.
  • Anonymously appendeded user time and frequency at automotive retail and automotive service facilities.
  • Browser and device type, version, and settings.
  • Hashed email addresses and other identifying information (or information derived from such).
  • Information about ads that are shown, such as which ads are shown to a device or user, where (from which web page or app) they are shown, and at what time.
  • PII that users enter into form fields on our client’s websites, such as name, phone, email, and when a user arrives at a client website through a link containing a unique identifier or through the client’s customer relationship management (“CRM”) platform.
  • PII that is provided by our clients to the Platform through CRM record set imports. These record sets are typically exported from our client via their CRM and including the following information disclosed to our client: first and last name and/or unique identifier, phone number, email address and mailing address.

We do not collect or store the following data categories: racial or ethnic background, national origin, religious beliefs, mental or physical condition or diagnosis, sexual orientation, status as transgender or nonbinary, status as a victim of crime or citizenship or immigration status; a child’s personal data; genetic or biometric data; past or present precise geolocation data, or data that identifies a consumer’s geolocation within a radius of 1,750 feet.


How the Platform Collects Data

The Platform receives data in several ways, including the following:

  • Advertisers and agencies may bring or collect their own information to our Platform (for example, that they collect on their own websites through the use of Platform technology) that we then store and use on their behalf to enhance their advertising campaigns.
  • Bid requests, which are sets of information that describe an ad space that is available to be filled. We get these requests from websites, apps, internet-connected TVs, and others, as well as their agents. The requests contain information about the ad space, the device, and sometimes the user, including broad location information. They also usually have an ID that enables us to match the request with information we may already have.
  • Third-party suppliers of information used to target, optimize, or measure advertising campaigns.
  • Purveyors of connected TV devices and apps can send us information about the video content viewed on the device or app.
  • Pixels and cookies, which allow us to recognize web browsers across sites and over time, and therefore to record information about them over time.
  • Mobile device IDs, which are made available through the device operating systems, like Apple’s iOS and Google’s Android, for purposes of allowing mobile apps and their advertising partners to recognize a device over time. We use these IDs in a similar way to the way we use cookies.
  • After an ad serves, our servers receive a network request from the device on which the ad was shown in order to confirm that the ad was delivered and provide information for us to measure the ad.

How DealerX Uses the Data

The Platform processes data both on our own behalf and on behalf of the Data Controllers for purposes related to targeting, delivering, measuring, and reporting on advertising.

  • Personalizing ads: We use data to increase advertising relevancy and effectiveness.
  • Aggregated profiles: We use data to build anonymous cohort profiles of each of our client’s 1st party and related DealerX-modeled shoppers, while compiling broad statistical, probabilistic, and behavioral data analysis. (Ambiguous to the blending of client data)
  • Ad delivery: We use data to enable the technical delivery of an ad and measure success of delivery.
  • Frequency and other reporting: We use a pseudonymous identifier to keep track of how many times an ad was shown to a user, as well as at what time and on what publisher website.
  • Measurement and analytics: We use a pseudonymous identifier to measure how well ads perform, such as whether users clicked on the ad or went to a client’s store after their ad campaign was shown.
  • Reporting: We may use a pseudonymous identifier to measure, attribute, and report on the performance and success of campaigns. This includes transaction reporting and verification.
  • Clicks and conversions: We may use a pseudonymous identifier to measure actions taken by a user with respect to a particular ad, i.e., a click on an ad, or a download of an app.
  • Attribution: We may use data to match particular ad views to subsequent actions taken by a user. For example, a clothing advertiser might be able to see that someone who saw an ad for gloves subsequently purchased the gloves. This would be done by stitching together the pseudonymous identifiers from the sites where the ad was served and where the online purchase was made.
  • Cross device graphing: We may use a combination of datasets and algorithms to associate pseudonymous identifiers that might be related to each other and to build an identity graph. Such a graph might link various identifiers present on a single device, various identifiers associated with an individual who has multiple devices or multiple device/individuals within the same household.
  • Detection of malicious or invalid activity: We process information in an attempt to prevent malicious activity or invalid ad traffic. This may include identifying and preventing purveyors of malware or bots that try to take advertising dollars for ads that aren’t shown to real users or that try to harm users’ devices.
  • Auditing. We may use the data for internal research and development, including to administer our websites for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • Quality Control: We may use the data to monitor quality control and ensure compliance with any and all applicable laws, regulations, codes and ordinances, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.

How DealerX Discloses the Data

We will disclose your information with third parties only in the ways that are described in this policy.

  • Some of the data processed on the Platform belongs to our clients and partners. When this is the case, our clients and partners can take this data, such as records of advertising impressions, off of the Platform. We also may disclose this data to other parties on the clients’ behalf and pursuant to their instructions.
  • We disclose pseudonymous IDs that we think might be related to other pseudonymous IDs with clients and partners that use our device graphs.
  • We disclose cookie values to other advertising technology platforms so that they may match their value to our value.
  • We may disclose PII in order to investigate or prevent reasonably suspected malicious activity, fake traffic, or other activity that may be harmful to us or our clients.
  • We may disclose data to our service providers that store or process the personal data in furtherance of the services we offer on the Platform on our behalf.
  • We may transfer data to a successor entity in connection with a corporate acquisition, merger, consolidation, sale of assets, bankruptcy, or other corporate change.
  • We may disclose aggregated data that does not include individual-level records to any party or publicly.
  • We may partner with select data collection, targeting, and analytic providers along with other companies at various times to provide anonymously appended data to our clients. As part of such a relationship, we may share with these companies the data collected through the use of certain pixels and data collection mechanisms, interactive website functions as well as general location data tools.
  • We may disclose personal data when required by law, including in response to lawful requests by public authorities.

DealerX does not sell or license consumer data to third parties.


Sensitive Data

Although we do not consider broad location data associated to expanded audiences sensitive, we may collect general location information based on IP address or other types of information that may include broad geolocation information (i.e., latitude/longitude coordinates) if provided to us. In the rare case we obtain precise location information, we do so as part of our KYC initiatives related to various elements of cyber security. Precise location data will only be collected with explicit consent (obtained directly, on behalf of and/or from a client or by a contracted third-party service provider).


Targeted Advertising

Our Platform helps power ad targeting and delivery across many websites and apps with which users interact every day. Many of the activities described in this privacy policy, such as personalizing ads, ad delivery, and cross-device graphing may involve DealerX and our Data Controllers’ and Subprocessors’ data for purposes of “targeted advertising,” or engaging “conversions,” or “sharing” of personal data under certain state privacy laws. See the “Your Privacy Rights and Choices” section below to learn how to opt-out of these activities or visit our Privacy Options page.


Security and Retention

We retain the pseudonymous data collected on our Platform for up to 30 days after identifying a user. If we have not seen a user after 30 days, we will delete all related data. Data may be de-identified and/or aggregated and stored indefinitely. This retention policy does not apply to client or partner data.

We have implemented security measures, including physical, electronic, and administrative safeguards, designed to prevent the unauthorized access to, loss, misuse, or alteration of the information that our Platform collects, but we make no assurances in this policy about our ability to prevent any such event or the possible harm to you or any third party that could arise from it.

Upon termination or expiration of the Agreement between a Data Controller and DealerX, all Personal Information and other data processed on behalf of that Data Controller will be deleted at the date of termination, except where retention is required by applicable laws, regulations, or ongoing legal proceedings. As specified in our Controller Processor Agreement, the Data Controller is contractually obligated to immediately cease all data transmission to DealerX, including removing any DealerX pixels, scripts, or other data collection mechanisms from their properties, and terminating all API connections and data feeds. Written certification of deletion will be provided upon the Data Controller’s request. System backups containing such data are subject to our regular deletion cycles, not exceeding 180 days.


Your Privacy Rights and Choices

Depending upon where you live, you may have certain legal rights with respect to data DealerX collects and processes. These rights may include the right to request access, deletion, and correction of personal data, and the right to opt out of activities that constitute “sales,” “sharing,” and processing personal data for purposes of “targeted advertising,” as well as use of “sensitive data” for advertising purposes, as such terms are defined under certain state privacy laws in the United States. These rights may be limited, for example if fulfilling your request would reveal personal data about another person or infringe the rights of a third party (including our rights) or if you ask us to delete information that we are required by law to keep or have compelling legitimate interest in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make. We will not discriminate against you if you exercise your rights under applicable law.

As described in the Targeted Advertising section above, we process data to personalize and deliver ads, and for other ads-related purposes, including measurement reporting, and building our cross-device graph. Some of these activities may be considered “sales” or “sharing” of your personal information or using your information for purposes of “targeted advertising” under the law that applies to you. You may opt out of these activities, including use of sensitive data for such purposes, by visiting this page. If you opt out on this page, we will not associate new data with your device and will disassociate any device data we already have.

To exercise your rights to access, correct, or delete your data, please go to our Privacy Options page, or send an email to privacy@dealerx.com. We may take reasonable steps to confirm your identity.

If we deny your request, you may appeal our decision by contacting us at privacy@dealerx.com. Depending upon where you live, if you have concerns about the results of an appeal, you may contact the attorney general in the state where you reside. You will not be discriminated against for the exercise of such rights.


Subprocessors

DealerX engages third party entities to assist us in connection with DealerX Services. You may obtain a list of our subprocessors here.


Cookies

DealerX may use a browser feature known as a “cookie” as well as other similar tracking technologies (like web beacons and pixels). Cookies are small files placed on a user’s computer that assist us in providing users with tailored ads, and customized browsing experiences. DealerX uses cookies to provide users with the convenience of tailored ads tied to specific browsing behavior, attribution and related data analytic processes. Cookies are also utilized to help us better provide users with information targeted by interests, based upon a user’s prior browsing across websites which have our pixel placed, sell ad placements against our 1st party audience or on our client’s website(s). The “help” section of the toolbar on most browsers will inform users on how to prevent a browser from accepting new cookies, how to have the browser notify a user upon the receipt of a new cookie, or how to disable the use of cookies completely. Our services have been partially designed to take advantage of the use of cookies. Should a user configure their browser to decline the use of cookies, certain features of our client’s websites, analytics and tracking may not function correctly for both our client and the user. You can learn more about cookies at the Internet Advertising Bureau’s website: www.allaboutcookies.org.

California Privacy Information

Important Update: As of September 2024, We no longer track or collect data from California residents

The California Consumer Privacy Act (“CCPA”) requires us to explain some information using definitions and categories set out under the CCPA. If you are a California resident, this section applies to you.

We collect, and in the preceding 12 months we have collected, the following categories of personal information: identifiers (such as cookie identifiers, mobile device advertising identifiers, IP address, or hashed email address), Internet or other electronic network activity information (such as information about sites you visit), broad geolocation data, postal address and phone numbers, inferences we may make about your interests (such as the personalized profiles described above) and data that may reveal demographic information or inferences about your gender.


Information Collection, Sources, Uses, and Sharing

DealerX does not sell or license consumer data to third parties.

During the past 12 months, we have collected the following categories of personal information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. The categories of information include information we collect from our Website visitors, registered users, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals.

Category of information collected Source Business purposes for use Categories of third parties receiving information

Identifiers (name, alias, postal address, email address, phone number, account name, unique personal identifier, IP address)

Individuals submitting information to us.

Information we automatically collect from Website visitors.

Information we may receive from third-party marketing and data partners.

Performing services for you.

Advertising customization.

Auditing relating to transactions.

Internal research and development.

Security detection, protection and enforcement.

Functionality debugging, error and repair.

Quality control.

Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Authentication Platform Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners).

Government regulators upon official request.

Law enforcement upon official request.

Strategically aligned businesses.

Protected classification information (race, gender, ethnicity, religion)

Individuals submitting information to us.

Aggregated anonymous information we may receive from third-party marketing and data partners.

Performing services for you.

Anonymized advertising category customization.

Auditing relating to transactions.

Internal research and development.

Security detection, protection and enforcement.

Functionality debugging, error and repair.

Quality control.

Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Advertising Platform Partners).

Government regulators upon official request.

Law enforcement upon official request.

Strategically aligned businesses.

Commercial information (transaction history, products/services purchased, obtained or considered, product preference)

Individuals submitting information to us.

Information we automatically collect from Site visitors.

Information we may receive from third-party marketing and data partners.

Performing services for you.

Advertising customization.

Auditing relating to transactions.

Internal research and development.

Security detection, protection and enforcement.

Functionality debugging, error and repair.

Quality control.

Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners).

Government regulators upon official request.

Law enforcement upon official request.

Strategically aligned businesses.

Electronic network activity (browsing or search history, Site interactions, advertisement interactions)

Individuals submitting information to us.

Information we automatically collect from Site visitors.

Information we may receive from third-party marketing and data partners.

Performing services for you.

Advertising customization.

Auditing relating to transactions.

Internal research and development.

Security detection, protection and enforcement.

Functionality debugging, error and repair.

Quality control.

Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners).

Government regulators upon official request.

Law enforcement upon official request.

Strategically aligned businesses.

Audio, video or similar information (customer service calls, security monitoring, user submitted media)

Individuals submitting information to us.

Information we automatically collect from Site visitors.

Information we may receive from third-party marketing and data partners.

Performing services for you.

Advertising customization.

Auditing relating to transactions.

Internal research and development.

Security detection, protection and enforcement.

Functionality debugging, error and repair.

Quality control.

Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners).

Government regulators upon official request.

Law enforcement upon official request.

Strategically aligned businesses.

Broad Geolocation (Not Collected in states where prohibited)

Individuals submitting information to us.

Information we automatically collect from Site visitors.

Information we may receive from third-party marketing and data partners.

Performing services for you.

Advertising customization.

Auditing relating to transactions.

Internal research and development.

Security detection, protection and enforcement.

Functionality debugging, error and repair.

Quality control.

Service providers (such as Subscriber Management Partners, Authentication Platform Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners).

Government regulators upon official request.

Law enforcement upon official request.

Strategically aligned businesses.

Inference from the above (preferences, characteristics, behavior, attitudes, abilities, etc.)

Internal analytics.

Performing services for you.

Advertising customization.

Auditing relating to transactions.

Internal research and development.

Security detection, protection and enforcement.

Functionality debugging, error and repair.

Quality control.

Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners).

Government regulators upon official request.

Law enforcement upon official request.

Strategically aligned businesses.

DealerX does not sell personal data related to individuals it knows to be minors under the age of sixteen (16).

Privacy Rights: You have the right to opt out of any sharing or sales of your personal information, to limit use of sensitive personal information for advertising purposes, and to request access to and deletion or correction of your personal information. Please see our Privacy Options page for more information about your privacy rights and how to exercise them. If you exercise your rights, we may require you to provide evidence that the data relates to you (and only to you) and may deny your request if you cannot provide such information. You may also designate an authorized agent to make such requests on your behalf, as permitted under CCPA. If you do so, we will require the agent to provide proof that they are acting on your behalf, and we may ask you to verify your identity and to confirm that you provided the agent with permission to submit the request on your behalf. You will not be discriminated against for the exercise of such rights. Please note that if you wish to exercise any of your rights with DealerX’s clients or partners, you must make your request directly with those clients and partners.

FTC MARCH 4th GUIDANCE

Browsing and location data are sensitive. Full stop.

DealerX values your privacy. Following the FTC’s expanded March 4th guidance DealerX has further depreciated the use of 1st party location data relating to service department defection. We’ve done this by increasing the size of the cohort groups used to indicate database defections. This may impact your advertising spends by increasing the cost associated with sharing your dealership’s value proposition, but we believe it to be a fair exchange to exhibit (“DealerX”) and our clients (“Company”) commitment to privacy.

We’ve also applied the same approach to our ANON website visitor data by expanding the amount of potential cohorts who are retargeted.

At DealerX we continue to strive for consumer privacy rights while mitigating our clients exposure to advertising fraud, cyber threats, unnecessary waste and *KYC requirements.
*KYC = Know your customer.


Changes to Our Policies

We may revise this policy at any time, and we will indicate revisions by updating the date at the top of this policy and providing notice through our websites or services.


Contact Us

You may contact us regarding privacy using any of these methods:

Email: privacy@dealerx.com
Telephone: 844.446.4440 x 3
Mail: DealerX Partners LLC, Global Privacy Office, 105 Reef Lane, Key Biscayne, Florida 33159

If you have a concern regarding our privacy practices, please contact us via your preferred method above. If, after reasonable efforts, you believe your concern has not been satisfactorily addressed by us, you may contact the Federal Trade Commission which regulates our privacy practices.

This website uses cookies to improve your experience. They help the website to remember your preferences and settings so that you don't have to keep entering them every time you visit. Cookies also help us to track how you use the website so that we can improve your experience. You can choose to accept or decline cookies. If you decline cookies, some features of the website may not work properly. To learn more about cookies, please visit our privacy policy.