DealerX takes Business, Dealership and Consumer privacy seriously. We strive to minimize the amount of data collected about consumers while complying with any and all state and federal laws by focusing on data where we represent our clients as a service provider, for their “legitimate Interest”*. Consumer data provided by, or derived from information gathered on behalf of our client’s business(es) as a service provider is gathered by DealerX through; 3rd parties, aggregators, visitors to publisher websites where DealerX receives 1st party ad placement requests, client websites via cookies, device attributes, phone call transcription, lead forms and the business or dealership CRM and more (Please see detailed list below). DealerX has developed a comprehensive privacy statement for our client, their clients and consumers so that they understand the terms and conditions surrounding our collection and use as a service provider of the information gathered. This statement discloses the types of information we collect, how it is used, and how our client or a consumer can gain access to, opt-out, edit, or purge any of the data we’ve collected as a service provider.

*Legitimate interests We process data as necessary for an organization’s legitimate interests (where allowed by law). Even though the concept of “legitimate interest” is specific to GDPR in Europe, DealerX believes that this stringent privacy compliant view coupled with its related requirements should apply to how and when applicable, we process data in the U.S. Some of those “legitimate interests” include, but are not limited to – Ad fraud prevention, customer verification and cyber security.

---

General Provisions For Businesses Leveraging DealerX Products & Services:

By using DealerX Services or any affiliated company inclusive of subcontractor services, or by agreeing to the terms of consent upon entering DealerX’s website herein referred to collectively as “DealerX Services”, your company accepts the terms of this privacy policy, data collection and this data usage agreement. This is a legally binding agreement between your Business Entity a.k.a Dealership and DealerX Partners LLC, affiliated companies inclusive of subcontractors we leverage; Please read carefully. When using DealerX Services, your business may be subject to other posted terms and guidelines applicable to certain services available on dealerx.com in regular updates. All terms, conditions and guidelines outlined by DealerX herein https://dealerx.com/terms-of-service, including our privacy policy are part of both our standard Website Visitor & Data Brokerage/Usage Agreement(s) as well as incorporated into the DealerX client facing agreements applicable to any use of the DealerX products or services. Unless explicitly stated otherwise, any features or services provided by DealerX are subject to our privacy policy, data collection and data usage agreement. Accessing DealerX Services in any manner, even through automated means, constitutes your company’s use of the DealerX Services and agreement to be bound by our privacy policy, data collection and data brokerage/usage agreement. DealerX may change the terms of our privacy policy, data collection and data brokerage/usage agreements from time to time and will revise the effective date when its revisions are made. Your business(es) or dealership(s) continued use of the DealerX products and services after the posted effective date constitutes your agreement to be bound by this agreement as modified, except that modifications do not apply to any dispute arising prior to their effective date. DealerX may change, restrict access to, suspend, or discontinue the DealerX products or services, or any portion thereof, at any time – without notice.

Materials, incentives and specials used to create advertisements whether digital, analog or physical (e.g; direct mail) herein referred to as “creative” which are provided by DealerX, their affiliated companies inclusive of 3rd party subcontractors are for general informational purposes only. While we aim to provide products, services and advertisements which are useful, be mindful that creative may, from time to time, contain errors. DealerX products and services include materials and information collected from an array of third parties which we continually and in an ongoing fashion evaluate and/or review. We make no guarantees regarding the accuracy, completeness, timeliness, or reliability of any of the materials, creative or information encompassed in the DealerX products or services, and you should not rely on them without independent verification.

---

Consumer Privacy

California:

In California, DealerX dramatically limits the data we collect and store. We anonymize and encrypt all personally identifiable information (PII) using a SHA256 email hash as the “identifier” for California residents.

Under California law, we will not share information we collect about any consumer with companies outside of DealerX, DealerX affiliated companies or the original contracting business, unless allowed by law. We treat IP address and precise location data in the State of California as “PII” (Personally Identifiable Information) and precise location data as “sensitive” and thus restrict its use. DealerX leverages SHA256 email hash encryption of our client’s 1st party data to create privacy compliant household profiles. Further, we only collect data which relates to automotive intent or where we bid for, or have served an impression on behalf of our Automotive specific advertiser(s). This data is aggregated into anonymized household profiles. All household profile level data is encrypted using SHA256 email hash as a key for the 1st party Dealership partner on whose behalf we are acting upon.

DealerX internal practices adhere to many of the rules detailed in CCPA nationally.

There are currently Five states have enacted comprehensive consumer privacy laws:

• California Consumer Privacy Act of 2018 (Cal. Civ. Code §§ 1798.100 et seq.) and California Consumer Privacy Rights Act, 2020 (Proposition 24)
• Colorado Privacy Act, 2021 S.B. 190 (Effective July 1, 2023.)
• Connecticut 2022 S.B. 6 (Personal Data Privacy and Online Monitoring) (Effective July 1, 2023.)
• Virginia Consumer Data Protection Act, 2021 H.B. 2307|2021 S.B. 1392 (Effective Jan. 1, 2023.)
  • Under Virginia law, DealerX acts as a processor. DealerX Processing Requirements As They Relate To VCDPA:
    • As a processor we:
      • Ensure that each person processing personal data is subject to a duty of confidentiality with respect to the data;
      • At the controller’s direction, delete or return all personal data to the controller as requested at the end of the provision of services, unless retention of the personal data is required by law;
      • Upon the reasonable request of the controller, make available to the controller all information in its possession necessary to demonstrate the processor’s compliance with its obligations;
      • Allow, and cooperate with, reasonable assessments by the controller or the controller’s designated assessor; alternatively, the processor may arrange for a qualified and independent assessor to conduct an assessment of the processor’s policies and technical and organizational measures in support of its obligations using an appropriate and accepted control standard or framework and assessment procedure for such assessments; and
      • Engage any subcontractor pursuant to a written contract to meet the obligations of the processor with respect to the personal data.
• Utah Consumer Privacy Act, 2022 S.B. 227 (Effective Dec. 31, 2023.)

Upon the effective date in each, DealerX will comply with each of these privacy laws.

View The US State Privacy Legislation Tracker Here

Courtesy: The International Association of Privacy Professionals (IAPP) iapp.org

---

GLBA

Activities and Entities Covered by the Privacy Rule

1. Does the Privacy Rule apply to my Dealership’s use of DealerX’s Products or services?

• The Privacy Rule applies to car dealers:
  • Extend credit to someone (for example, through a retail installment contract) in connection with the purchase of a car for personal, family, or household use;
  • Arrange for someone to finance or lease a car for personal, family, or household use; or
  • Provide financial advice or counseling to individuals.

If you engage in these activities, any personal information that you collect to provide these services is covered by the Privacy Rule.

---

Examples & Exemptions

Summarized From FTC Website

Q: I have to give the marketing company my customers’ names and addresses. I’ve provided my customers with a privacy notice, but because I don’t usually disclose their information except as required by law, I haven’t given them an opt-out notice. Do I now need to give an opt-out notice to my customers before disclosing this information to the marketing company?

A: If you want to send a communication to all of your customers, you don’t need to give them an opt-out notice as long as you don’t distinguish between those who financed or leased and those who didn’t. A list of all your customers — without reference to whether they financed their car or paid for it outright — falls outside the Privacy Rule, as long as the list wasn’t derived from information about how they obtained their car.

For additional resources and guidance:

https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act

and

https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act#exceptions

Please see the THE FTC’S PRIVACY RULE AND AUTO DEALERS

Please see the THE FTC’s Privacy Rule and Auto Dealers: FAQs

---

Guiding Principles

DealerX respects the privacy of individuals whose data has been collected through our services, via email, form submission, tracked phone calls, location data or website engagement, impression data, or data collected in any way through advertisements placed or the products the services offered by DealerX on our client’s behalf. Accordingly, our policy regarding privacy (both online and off) has been developed using the following guiding principles:

DealerX maintains a strict “no-spam” policy. Subscribers to our email services (coupled with any other feature or service found on the DealerX Website leveraged by our clients) will not receive emails which do not correspond to activity within the past 6 months and where if there is no opt-in that a piggyback opt-in has not been obtained from a 3rd party partner acting on behalf of our client unless the consumers behavior indicates they are in-market for a product or related client service verified through the use of cookies, mobile device data, lead submissions, location data or CRM captured inquiries provided the consumer has been apprised of our clients privacy policy or has accepted an affiliates and by accepting the terms of such, an in using their website, or any publisher’s website, data aggregator or 3rd party website that clearly details their data collection and data usage policies. DealerX collects information online, through location data, data aggregators, cookies/pixels and 3rd party data appends primarily to provide our client’s existing and potential local shoppers with a more relevant experience while shopping for related products or services. When doing so, we will make every reasonable effort to avoid excessive or irrelevant collection of data that does not relate to the subject matter in which the consumer’s information was originally gathered for. DealerX will take reasonable physical, electronic and managerial measures to safeguard and secure any information both of our client and the consumer which has been collected and/or provided to us (e.g. data will be stored in protected cloud data warehouses on secured servers with restricted access). DealerX will not share or sell any of the consumers or client’s information provided to us from the CRM/Database, phone call tracking or collected while submitting lead forms from the client’s business or dealership website; with anyone, without the written consent of the client who has contracted with DealerX – other than for use in the service originally contracted for at the time your business(es) or dealership registers for any such service, you will be notified of, and asked to consent to the sharing of your clients information with particular third parties necessary to aid in the provisioning of the requested DealerX products and/or services.

---

Non-Personally Identifiable Data:

Anytime a consumer visits your business(es) website, a website which sells ad placements to our 1st party audiences, and/or a website where we have contractual placed a fully disclosed tracking script either 1st, 2nd or 3rd party, we may gather certain non-personally identifiable information. This information may include the type and version of the browser, service provider, [EXCEPT IN CALIFORNIA IP address and precise location data – now deemed under CCPA/CPRA as sensitive data] and any search queries the consumer may have used to locate the products, services they searched for. We use this information to build holistic profiles of our client’s 1st party and related DealerX modeled shoppers, administer our analytics, attribution platform while compiling broad statistical, probabilistic and behavioral data analysis. In addition, we gather certain navigational information about where a consumer goes on our clients website(s) and across any website which sells ad placements against our 1st party or modeled expanded audiences. This information enables us to determine which websites are most frequently visited and helps us to tailor the creative to be served on these sites to fit the needs and interests of our client’s potential local shoppers. Such information is gathered by us in the aggregate and will not be associated with a specific individual if that individual has opted-out of consent or where limited by law.

---

Information Voluntarily Provided:

Any information provided to our client (i.e. name, email address, etc.) when a consumer enrolls in an email reminder service, requests for information, or use of any other interactive portions of our clients website, is securely maintained on our web server and internal data warehousing systems. This information may be used to provide consumers with information requested from our client’s business around their products and services, or to provide the consumer with special notices. Consumers may opt-out of receiving future communications at any time (see opt-out procedures on this website). The data collected may also be used to tailor our ad placements by providing content which is deemed relevant to the consumer based on the indicated behavioral interests in a geographic region or regions.

---

Information Collected from Other Sources:

To help us better understand and respond to consumers’ needs and interests, we may in the future receive information about consumers from other sources. We will ask any provider of such information to represent and warrant that the information has been gathered and maintained in accordance with the select state privacy laws which exist and will readily comply with any federal laws should they be enacted. Any such information will be maintained by us in accordance with the standards set forth in this privacy policy, data usage and collection agreement along with other personal information the consumer has provided.

---

Disclosure of Personal Information:

DealerX understands the importance of consumer privacy. We collect and maintain the personal information of our client’s consumers for our client’s use, our own use and select 3rd parties which help us fulfill our services. We do not sell, rent, or trade consumer information to third parties, other than as described herein, and never without our originating client’s consent, further the consumer’s consent can be withdrawn at any time using the opt-out form found on this website.

---

Business Partners:

DealerX may partner with select data collection, targeting and analytic providers along with other companies at various times to provide expanded services to our client’s website visitors and local geographic shoppers. As part of such a relationship, we may share with these companies the data collected through the use of certain pixels and data collection mechanisms, interactive website functions as well as location data tools. The information captured and provided by these mechanisms about the visitors and local shoppers is available to DealerX, our client and select members of their employ and 3rd party partners.

---

DealerX Subprocessors:

DealerX and its affiliates engage third-party entities to assist them in connection with DealerX Services. View the DealerX Subprocessor list here

---

Agents:

DealerX may use other companies and individuals to perform certain functions on our behalf. Such parties only have access to (rarely) the personal information and generally the anonymous information needed to perform these functions and may not use or store the information for any other purpose.

---

Business Transfers:

In the event that DealerX and or an affiliated company sells or transfers a particular portion of its business assets, derived data from consumer information may be one of the business assets transferred as part of the transaction. If substantially all of the assets of DealerX are acquired, derived consumer information may be transferred as part of the acquisition.

---

Compliance with Law/Safety:

DealerX may disclose specific personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect the users (our clients) of our services, their websites and/or businesses, or the public.

DealerX will not sell or share the personal information of consumers if we or the business (our client) have actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the case of consumers at least 13 years of age and less than 16 years of age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale or sharing of the consumer’s personal information.

---

With Consent:

Other than as set forth in this Privacy Policy, consumers will be notified when any personally-identifiable information about them may be shared with third parties (outside of the data usage and privacy policies disclosed herein), and the consumer has the right to decline the sharing of that information at any time.

---

Use of Cookies:

DealerX may use a browser feature known as a “cookie.” Cookies are small files placed on a consumer’s computer that assist us in providing consumers with tailored ads, and customized browsing experiences. DealerX uses cookies to provide consumers with the convenience of tailored ads tied to specific browsing behavior, attribution and related data analytic processes. Cookies are also utilized to help us better provide consumers with information targeted by interests, based upon a consumers prior browsing across websites which have our pixel placed, sell ad placements against our 1st party audience or on our client’s website(s). The “help” section of the toolbar on most browsers will inform consumers on how to prevent a browser from accepting new cookies, how to have the browser notify a consumer upon the receipt of a new cookie, or how to disable the use of cookies completely. As our services have been partially designed to take advantage of the use of cookies. Should a consumer configure their browser to decline the use of cookies, certain features of our client’s websites, analytics and tracking may not function correctly for both our client and the consumer.

---

Use of Location Data:

EXCEPT IN CALIFORNIA OR WHERE PROHIBITED BY LAW; DealerX and our partners may use location data derived from our client’s website visitors’ browsers, publisher ad placements and apps on a consumer’s mobile device. DealerX website analytics, products and services have been designed to leverage consumer location data to better optimize and personalize the consumers experience with our automotive partners. Consumers can opt-out of their location data being captured, collected and analyzed by generally limiting data sharing capabilities of the apps on their mobile device, along with disabling or opting out of location based web browsing data collection here. When consumers configure their mobile devices and web browsers to decline the collection of location data, they may limit important functions or features of DealerX’s products and services. This may cause suboptimal advertising performance and potentially denigrate our ability to provide the consumer with a personalized experience. DealerX treats location data as PII, whether implicit or implied, as such DealerX will act in compliance with all known laws and regulations while following CCPA | CPRA not just in the state of California, but as a framework for all DealerX’s privacy compliance.

---

Accessing Our Services from Outside of the United States:

If you are a prospective client looking to leverage DealerX services for a business whose location is outside of the U.S., there may be laws, ordinances and regulations which dramatically affect the performance or even preclude the use of our offerings (e.g. GDPR). Please consult with your DealerX representative before contemplating any engagement if your business is located outside the U.S.

---

External Links, Brand Compliance and Whitelist:

Our advertisements are placed on various publisher websites. DealerX is not responsible for the privacy practices or the content of such websites. To help ensure the protection of a consumer’s privacy, we recommend that you the client review the privacy policy and related content to comply with your business’s brand safety requirements of any site we provide in our whitelist where we may serve ads on your behalf.

---

Passwords:

lient – The personal data record created through your registration with our platform can only be accessed with the unique password associated to that record. To protect the integrity of the information collected on behalf of your account, you should not disclose or otherwise reveal your password to anyone, and your username or password is NOT permitted to be shared with any third parties whether you have contracted with them for a similar service or otherwise.

---

DealerX’s Privacy and Data Integrity Policies provide foundational framework for our business decisions and data solutions.

Our focus is to support the auto buying process for the automotive industry and the consumer by, in most cases, blindly aggregating and analyzing billions of anonymous shopping sessions to better understand changes in consumer trends and demands. Thus improving the consumer shopping experience, reducing waste at all levels of the advertising ecosystem, and ultimately providing the right vehicle at the client’s advertised cost to the consumer. DealerX provides these benefits while protecting the rights of all consumers and data owners.

---

Overview of DealerX Data Collection

DealerX is a comprehensive aggregator of data relating to automotive shopping behavior.

Among other placements defined extensively herein, we collect data from our clients websites using our data collection script. We collect all website session activity, and maintain upon capturing a consumer’s personally identifiable information entered into a form field such as name, phone, email, or when a consumer arrives at a website through a link containing a unique identifier.

A consumer’s personally identifiable information is made available only to DealerX and their affiliates, the website owner (our client) where the consumer disclosed the information, and those third parties designated by the website owner (our client). We do from time to time collect Personally Identifiable Information (PIII) from our clients website and CRM through the use of our pixel/tracking scripts as part of a DealerX provided products and services or CRM data.

Shopping activity is aggregated to produce an individual holistic shopping profile, and aggregated with all shopping activity data to power information solutions such as industry trends, consumer demand analysis and platform performance measurements.

---

Data Collected

Data collected by DealerX includes interactions with the website where our data collection scripts are present. Examples of the types of data we collect include:

• Links clicked
• Pages viewed
• Form field selections (NO CREDIT APPS)
• Videos Played
• Content Interacted with
• Precise Location – Except in California, Virginia or where prohibited by law.
• Mobile device identifiers, CTV Hashes, Email Hashes
• Profitability Score – Which is an anonymized aggregated Credit Range Scores

We collect all website session activity, and often capture personally identifiable information entered into the form fields such as name, phone, email, and when a consumer arrives at a website through a link containing a unique identifier or through the client’s CRM.

We do NOT collect Social security numbers, credit card numbers and passwords or data outside of the United States.

As described briefly above, personally identifiable information may also be introduced into the DealerX system through CRM record set imports. These record sets are typically exported from our customer via their lead database (CRM), and include the following consumer information disclosed to a business/dealership/website owner:

• First and last name and/or unique identifier
• Phone numbers
• Email addresses
• Mailing Address

---

Information collection, sources, uses and sharing

During the past 12 months, we have collected the following categories of personal information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. The categories of information include information we collect from our Site visitors, registered users, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals.

Category of information collected	Source	Business purposes* for use	Categories of third parties receiving information
Identifiers (name, alias, postal address, email address, phone number, account name, unique personal identifier, IP address)	Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners.	Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Authentication Platform Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Affiliated companies. Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses.
Sensitive Information (credit range score, name and select financial information)	Credit bureau provided information.	Internal research and development. Security & ad fraud detection. Functionality debugging, error and repair. Quality control.	Affiliated companies. Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses.
Protected classification information (race, gender, ethnicity, religion)	Individuals submitting information to us. Aggregated anonymous information we may receive from third-party marketing and data partners.	Performing services for you. Anonymized advertising category customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Advertising Platform Partners). Affiliated companies. Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses.
Commercial information (transaction history, products/services purchased, obtained or considered, product preference)	Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners.	Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Affiliated companies. Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses.
Electronic network activity (browsing or search history, Site interactions, advertisement interactions)	Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners.	Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers (such as Electronic Payment Processors, Authentication Platform Partners, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Affiliated companies. Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses.
Audio, video or similar information (customer service calls, security monitoring, user submitted media)	Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners.	Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Affiliated companies. Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses.
Geolocation (Not Collected in California)	Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners.	Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers (such as Subscriber Management Partners, Authentication Platform Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Affiliated companies. Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses.
Inference from the above (preferences, characteristics, behavior, attitudes, abilities, etc.)	Internal analytics.	Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Affiliated companies. Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses.

Business purposes also include:

1. Advertising customization

• To offer our Service to you in a personalized way;
• To send you personalized marketing communications, in order to keep you informed of our and our selected partner’s’ products and services, which we consider may be of interest to you;
• To provide you, or allow selected third parties to provide you, with information about products or services, that may be of interest to you;
• To create services that may meet your needs.

2. Auditing relating to transactions; internal research and development

• To administer our Site for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To provide for internal business administration and operations, including troubleshooting, website customization, enhancement or development, testing, research, administration and operation of our Sites and data analytics;
• To develop and improve our Service, for example, by reviewing visits to the website and various subpages; and
• To measure performance of marketing initiatives, ads, and websites “powered by” another company on our behalf.

3. Security detection, protection and enforcement; functionality debugging, error repair.

• To resolve any disputes and to protect, enforce or defend our rights;
• As part of our efforts to keep our Site safe and secure; and
• To ensure the security of your account and our business, preventing or detecting fraud, malicious activity or abuses of our Site, for example, by requesting verification information in order to reset your account password (if applicable).

4. Quality control.

• To monitor quality control and ensure compliance with any and all applicable laws, regulations, codes and ordinances, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.

---

Data Maintained

DealerX manages all data collected under a comprehensive information security program. Personally identifiable information is limited to those employees/contractors with a need to access basis, and specific protocols are defined for the access, use and transfer of this data. Most data transfers, storage are done so using SHA256 Encrypted email hashes.

---

Data Usage

If disclosed, a consumer’s personally identifiable information such as name, phone, email or other unique identifiers is only made available to DealerX and closely held affiliates, designated 3rd parties and the contracting business/dealership client who may share this information with other designated third parties related to the original intended and defined use.

You can inquire here for a continually updated list of “data processors” DealerX works with.

Behavioral and location data is used to create a profile of a consumer’s shopping, vehicle(s) of interest and related shopping preferences. Coupled with millions of data points, profiles contain how long a consumer has been shopping and what they’re most likely to purchase.

An individual’s behavioral and location data is also aggregated with shopping activity data from all consumer behavior collected, to power information solutions such as industry trends, consumer demand analysis and platform performance measurements. This data is summarized in a “household” of which PII is encrypted in the form of SHA256 email key. This SHA256 email hashed is used as a “key” to the client to unlock the matching SHA256 into a clear email address in their own database.

---

Establishing our status as a “Service Provider”

As a service provider, we…

• Operate for profit
• Receive personal information from a business
• Process personal information on behalf of a business
• Operate under a service provider contract

We have:

• Entered into a written contract for a business purpose authorized by the CCPA.
• Provided notice to consumers in its terms and conditions consistent with Section 1798.135

	The answers in this column are relevant to determining the purposes and means of the processing of personal information.	The answers in this column are relevant to processing personal information on behalf of a business.
Did you decide to process personal information?		No. We were instructed or to do so by a business
Did you decide on the reason or goal of the processing?		No. The processing is for a business’s own purposes
Did you decide what types of personal information to process		No. The business decided
Did you decide how to carry out the processing		Yes, but the business must approve of these methods
Will you gain direct benefit from the personal information?		No, except for the payment we receive for it.
Do you have a direct relationship with the consumers whose personal information you are processing?		No. We only communicate with the business about the processing
If the other company told you to stop this project, would you comply?		Yes. We would have to find a new client and process different consumers’ personal information

Request Your Consumer File

You can request a copy of your consumer file by calling 844.446.4440 ext 3 or filling out this form