Platform Privacy Policy
Last updated: March 20th, 2024
This privacy policy covers the privacy practices with respect to data that DealerX Partners, LLC (“DealerX”, “we”, “our” or “us”) collects, uses, and discloses through the DealerX Platform (the “Platform”). It also describes the choices available to you regarding our use of your personally identifiable information (“PII”) and how you can access and update this information.
We only process your PII when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
Our references to our Platform in this policy only refer to DealerX’s own Platform and do not include the technology or systems of clients or partners that use or integrate with us or the publisher websites on which our advertisements may be placed. Our clients and partners are bound by our policies when they use our Platform. If you are interested in our website privacy policy, you may access it here.
DealerX is a comprehensive aggregator of data relating to automotive shopping behavior. We collect data from our clients’ websites using our data collection script. From these client websites, we collect all website session activity, and maintain upon capturing a user’s PII entered into a form field such as name, phone, email, or when a user arrives at a website through a link containing a unique identifier.
A user’s PII is made available only to DealerX and our client when the user voluntarily disclosed the information, and those third parties designated by the website owner (our client). We may also collect PII from our clients’ websites and CRM platforms through the use of our pixel/tracking scripts as part of DealerX-provided products and services or CRM data.
Shopping activity is aggregated to produce an individual holistic shopping profile and aggregated with all shopping activity data to power information solutions such as industry trends, user demand analysis and platform performance measurements. Our focus is to support the auto buying process for the automotive industry and the user by, in most cases, blindly aggregating and analyzing billions of anonymous shopping sessions to better understand changes in user trends and demands, thus improving the user shopping experience, reducing waste at all levels of the advertising ecosystem, and ultimately providing the right vehicle at the client’s advertised cost to the user.
The Data Our Platform Collects
The Platform collects pseudonymous data about users, households, devices, and ads and where they’re shown as well as PII. This includes:
- Unique cookie and device identifiers
- Mobile device advertising identifiers
- User identifiers from third-party providers
- IP addresses
- Web browsing history from advertising impressions we see.
- Interest information inferred by us from web browsing history.
- Interest information stored and/or used on the Platform by clients and partners.
- General Location information based on IP address or other types of information if provided to us.
- Browser and device type, version, and settings
- Hashed email addresses and other identifying information (or information derived from such)
- Information about ads that are shown such as which ads are shown to a device or user, were (from which web page or app) they are shown, and at what time.
- PII that users enter into form fields on our client’s websites, such as name, phone, email, and when a user arrives at a client website through a link containing a unique identifier or through the client’s customer relationship management (“CRM”) platform.
- PII that is provided by our clients to the Platform through CRM record set imports. These record sets are typically exported from our client via their CRM and including the following information disclosed to our client: first and last name and/or unique identifier, phone number, email address and mailing address.
How the Platform Collects Data
The Platform receives data in several ways, including the following:
- Advertisers and agencies may bring or collect their own information to our Platform (for example, that they collect on their own websites through the use of Platform technology) that we then store and use on their behalf to enhance their advertising campaigns.
- Bid requests, which are sets of information that describe an ad space that is available to be filled. We get these requests from websites, apps, internet-connected TVs, and others, as well as their agents. The requests contain information about the ad space, the device, and sometimes the user, including broad location information. They also usually have an ID that enables us to match the request with information we may already have.
- Third-party suppliers of information used to target, optimize, or measure advertising campaigns.
- Purveyors of connected TV devices and apps can send us information about the video content viewed on the device or app.
- Pixels and cookies, which allow us to recognize web browsers across sites and over time, and therefore to record information about them over time.
- Mobile device IDs, which are made available through the device operating systems, like Apple’s iOS and Google’s Android, for purposes of allowing mobile apps and their advertising partners to recognize a device over time. We use these IDs in a similar way to the way we use cookies.
- After an ad serves, our servers receive a network request from the device on which the ad was shown in order to confirm that the ad was delivered and provide information for us to measure the ad.
How DealerX Uses the Data
The Platform processes data both on our own behalf and on behalf of clients and partners for purposes related to targeting, delivering, measuring, and reporting on advertising.
- Personalizing ads: We use data to increase advertising relevancy and effectiveness.
- Aggregated profiles: We use data to build anonymous cohort profiles of our client’s 1st party and related DealerX-modeled shoppers, while compiling broad statistical, probabilistic, and behavioral data analysis.
- Ad delivery: We use data to enable the technical delivery of an ad and measure success of delivery.
- Frequency and other reporting: We use a pseudonymous identifier to keep track of how many times an ad was shown to a user, as well as at what time and on what publisher website.
- Measurement and analytics: We use a pseudonymous identifier to measure how well ads perform, such as whether users clicked on the ad or went to a client’s store after their ad campaign was shown.
- Reporting: We may use a pseudonymous identifier to measure, attribute, and report on the performance and success of campaigns. This includes transaction reporting and verification.
- Clicks and conversions: We may use a pseudonymous identifier to measure actions taken by a user with respect to a particular ad, i.e., a click on an ad, or a download of an app.
- Attribution: We may use data to match particular ad views to subsequent actions taken by a user. For example, a clothing advertiser might be able to see that someone who saw an ad for gloves subsequently purchased the gloves. This would be done by stitching together the pseudonymous identifiers from the sites where the ad was served and where the online purchase was made.
- Cross device graphing: We may use a combination of datasets and algorithms to associate pseudonymous identifiers that might be related to each other and to build an identity graph. Such a graph might link various identifiers present on a single device, various identifiers associated with an individual who has multiple devices or multiple device/individuals within the same household.
- Detection of malicious or invalid activity: We process information in an attempt to prevent malicious activity or invalid ad traffic. This may include identifying and preventing purveyors of malware or bots that try to take advertising dollars for ads that aren’t shown to real users or that try to harm users’ devices.
- Auditing. We may use the data for internal research and development, including to administer our websites for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- Quality Control: We may use the data to monitor quality control and ensure compliance with any and all applicable laws, regulations, codes and ordinances, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
How DealerX Discloses the Data
We will disclose your information with third parties only in the ways that are described in this policy.
- Some of the data processed on the Platform belongs to our clients and partners. When this is the case, our clients and partners can take this data, such as records of advertising impressions, off of the Platform. We also may disclose this data to other parties on the clients’ behalf and pursuant to their instructions.
- We disclose pseudonymous IDs that we think might be related to other pseudonymous IDs with clients and partners that use our device graphs.
- We disclose cookie values to other advertising technology platforms so that they may match their value to our value.
- We may disclose PII in order to investigate or prevent reasonably suspected malicious activity, fake traffic, or other activity that may be harmful to us or our clients.
- We may disclose data to our service providers that store or process the personal data in furtherance of the services we offer on the Platform on our behalf.
- We may transfer data to a successor entity in connection with a corporate acquisition, merger, consolidation, sale of assets, bankruptcy, or other corporate change.
- We may disclose aggregated data that does not include individual-level records to any party or publicly.
- We may partner with select data collection, targeting, and analytic providers along with other companies at various times to provide expanded services to our client’s website visitors and local geographic shoppers. As part of such a relationship, we may share with these companies the data collected through the use of certain pixels and data collection mechanisms, interactive website functions as well as general location data tools.
- We may disclose personal data when required by law, including in response to lawful requests by public authorities.
Sensitive Data
Although we do not consider broad location data associated to expanded audiences sensitive; We may collect general location information based on IP address or other types of information that may include broad geolocation information (i.e., latitude/longitude coordinates) if provided to us. In the rare case we obtain precise location information, we do so as part of our KYC initiatives related to various elements of cyber security. Precise location data will only be collected with your explicit consent (obtained directly, on behalf of and/or from a client or by a contracted third-party service provider).
Targeted Advertising
Our Platform helps power ad targeting and delivery across many websites and apps with which users interact every day. Many of the activities described in this privacy policy, such as personalizing ads, ad delivery, and cross-device graphing may involve DealerX and our clients and partners processing data for purposes of “targeted advertising,” or engaging “sales,” or “sharing” of personal data under certain state privacy laws. See the “Your Privacy Rights and Choices” section below to learn how to opt-out of these activities or visit our Privacy Options page.
Security and Retention
We retain the pseudonymous data collected on our Platform for up to 30 days after identifying a user. If we have not seen a user after 30 days, we will delete all related data. Data may be de-identified and/or aggregated and stored indefinitely. This retention policy does not apply to client or partner data.
We have implemented security measures, including physical, electronic, and administrative safeguards, designed to prevent the unauthorized access to, loss, misuse, or alteration of the information that our Platform collects, but we make no assurances in this policy about our ability to prevent any such event or the possible harm to you or any third party that could arise from it.
Your Privacy Rights and Choices
Depending upon where you live, you may have certain legal rights with respect to data DealerX collects and processes. These rights may include the right to request access, deletion, and correction of personal data, and the right to opt out of activities that constitute “sales,” “sharing,” and processing personal data for purposes of “targeted advertising,” as well as use of “sensitive data” for advertising purposes, as such terms are defined under certain state privacy laws in the United States. These rights may be limited, for example if fulfilling your request would reveal personal data about another person or infringe the rights of a third party (including our rights) or if you ask us to delete information that we are required by law to keep or have compelling legitimate interest in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make. We will not discriminate against you if you exercise your rights under applicable law.
As described in the Targeted Advertising section above, we process data to personalize and deliver ads, and for other ads-related purposes, including measurement reporting, and building our cross-device graph. Some of these activities may be considered “sales” or “sharing” of your personal information or using your information for purposes of “targeted advertising” under the law that applies to you. You may opt out of these activities, including use of sensitive data for such purposes, by visiting this page. If you opt out on this page, we will not associate new data with your device and will disassociate any device data we already have.
To exercise your rights to access, correct, or delete your data, please go to our Privacy Options page, or send an email to privacy@dealerx.com. We may take reasonable steps to confirm your identity.
If we deny your request, you may appeal our decision by contacting us at privacy@dealerx.com. Depending upon where you live, if you have concerns about the results of an appeal, you may contact the attorney general in the state where you reside. You will not be discriminated against for the exercise of such rights.
Subprocessors
DealerX engages third party entities to assist us in connection with DealerX Services. You may obtain a list of our subprocessors by emailing privacy@dealerx.com.
Cookies
DealerX may use a browser feature known as a “cookie” as well as other similar tracking technologies (like web beacons and pixels). Cookies are small files placed on a user’s computer that assist us in providing users with tailored ads, and customized browsing experiences. DealerX uses cookies to provide users with the convenience of tailored ads tied to specific browsing behavior, attribution and related data analytic processes. Cookies are also utilized to help us better provide users with information targeted by interests, based upon a user’s prior browsing across websites which have our pixel placed, sell ad placements against our 1st party audience or on our client’s website(s). The “help” section of the toolbar on most browsers will inform users on how to prevent a browser from accepting new cookies, how to have the browser notify a user upon the receipt of a new cookie, or how to disable the use of cookies completely. As our services have been partially designed to take advantage of the use of cookies. Should a user configure their browser to decline the use of cookies, certain features of our client’s websites, analytics and tracking may not function correctly for both our client and the user. You can learn more about cookies at the Internet Advertising Bureau’s website: www.allaboutcookies.org.
California Privacy Information
The California Consumer Privacy Act (“CCPA”) requires us to explain some information using definitions and categories set out under the CCPA. If you are a California resident, this section applies to you.
We collect, and in the preceding 12 months we have collected, the following categories of personal information: identifiers (such as cookie identifiers, mobile device advertising identifiers, IP address, or hashed email address), Internet or other electronic network activity information (such as information about sites you visit), broad geolocation data, postal address and phone numbers, inferences we may make about your interests (such as the personalized profiles described above) and data that may reveal demographic information or inferences about your gender.
Information Collection, sources, Uses, and Sharing
During the past 12 months, we have collected the following categories of personal information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. The categories of information include information we collect from our Website visitors, registered users, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals.
| Category of information collected | Source | Business purposes for use | Categories of third parties receiving information |
|---|---|---|---|
|
Identifiers (name, alias, postal address, email address, phone number, account name, unique personal identifier, IP address) |
Individuals submitting information to us. Information we automatically collect from Website visitors. Information we may receive from third-party marketing and data partners. |
Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control. |
Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Authentication Platform Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses. |
|
Protected classification information (race, gender, ethnicity, religion) |
Individuals submitting information to us. Aggregated anonymous information we may receive from third-party marketing and data partners. |
Performing services for you. Anonymized advertising category customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control. |
Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Advertising Platform Partners). Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses. |
|
Commercial information (transaction history, products/services purchased, obtained or considered, product preference) |
Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners. |
Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control. |
Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses. |
|
Electronic network activity (browsing or search history, Site interactions, advertisement interactions) |
Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners. |
Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control. |
Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses. |
|
Audio, video or similar information (customer service calls, security monitoring, user submitted media) |
Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners. |
Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control. |
Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses. |
|
Broad Geolocation (Not Collected in states where prohibited) |
Individuals submitting information to us. Information we automatically collect from Site visitors. Information we may receive from third-party marketing and data partners. |
Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control. |
Service providers (such as Subscriber Management Partners, Authentication Platform Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses. |
|
Inference from the above (preferences, characteristics, behavior, attitudes, abilities, etc.) |
Internal analytics. |
Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control. |
Service providers (such as Electronic Payment Processors, Subscriber Management Partners, Customer Data Platform Partners, Email Service Providers, Advertising Platform Partners). Government regulators upon official request. Law enforcement upon official request. Strategically aligned businesses. |
DealerX does not sell personal data related to individuals it knows to be minors under the age of sixteen (16).
Privacy Rights: You have the right to opt out of any sharing or sales of your personal information, to limit use of sensitive personal information for advertising purposes, and to request access to and deletion or correction of your personal information. Please see our Privacy Options page for more information about your privacy rights and how to exercise them. If you exercise your rights, we may require you to provide evidence that the data relates to you (and only to you) and may deny your request if you cannot provide such information. You may also designate an authorized agent to make such requests on your behalf, as permitted under CCPA. If you do so, we will require the agent to provide proof that they are acting on your behalf, and we may ask you to verify your identity and to confirm that you provided the agent with permission to submit the request on your behalf. You will not be discriminated against for the exercise of such rights. Please note that if you wish to exercise any of your rights with DealerX’s clients or partners, you must make your request directly with those clients and partners.
FTC MARCH 4th GUIDANCE
Browsing and location data are sensitive. Full stop.
DealerX values your privacy. Following the FTC’s expanded March 4th guidance DealerX has further depreciated the use of 1st party location data relating to service department defection. We’ve done this by increasing the size of the cohort groups used to indicate database defections. This may impact your advertising spends by increasing the cost associated with sharing your dealership’s value proposition, but we believe it to be a fair exchange to exhibit (“DealerX”) and our clients (“Company”) commitment to privacy.
We’ve also applied the same approach to our ANON website visitor data by expanding the amount of potential cohorts who are retargeted.
At DealerX we continue to strive for consumer privacy rights while mitigating our clients exposure to advertising fraud, cyber threats, unnecessary waste and *KYC requirements.
*KYC = Know your customer.
Changes to Our Policies
We may revise this policy at any time, and we will indicate revisions by updating the date at the top of this policy and providing notice through our websites or services.
Contact Us
You may contact us regarding privacy using any of these methods:
Email: privacy@dealerx.com
Telephone: 844.446.4440 x 3
Mail: DealerX Partners LLC, Global Privacy Office, 105 Reef Lane, Key Biscayne, Florida 33159
If you have a concern regarding our privacy practices, please contact us via your preferred method above. If, after reasonable efforts, you believe your concern has not been satisfactorily addressed by us, you may contact the Federal Trade Commission which regulates our privacy practices.
Privacy Options