- through our website (the “Website”);
- through our social media pages that we control, if any (collectively, our “Social Media Pages”), and
- through our email messages and through your direct communications with us, including, for example, if you test drive or purchase a vehicle, attend an event organized by us, are one of our suppliers, or submit a job application (collectively, “Direct Communications”).
Collectively, we refer to the Website and our Social Media Pages, together with our Direct Communications with you as the “Services”. Westside Lexus and our affiliates and related entities (together, “Westside Lexus”, “we”, “us”, or “our”) strive to make our Services useful and rewarding for our customers by tailoring the content to your personal needs and interests. This way, the content of our interactions will be as relevant as possible for you, the customer. We hope that you find our Services to be a useful part of your car-buying experience.
Our Services are not directed toward or intended for children under the age of 18. If you are under the age of 18, you should not provide any personal information to us without your parent or guardian’s express written consent. We do not knowingly collect any information from persons under the age of 18 years of age.
WHAT PERSONAL DATA IS COLLECTED BY WESTSIDE LEXUS?
Personal information is data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties.
When you access our Services, at various points we will collect your personal information in accordance with the law. You may choose not to provide certain personal information; however, you may be unable to use a certain product or service or be unable to access certain functionalities of our Services. For example, we may collect information about you if you test drive a vehicle, including your driver’s license information, insurance information, social security number, birthdate, and driver’s license endorsements. If you are unwilling or unable to provide this information to us, you may not be able to test drive a vehicle.
Below we have listed the categories of personal information that we may collect from you.
- Contact Information. Your first and last name, alias, email address, postal address, phone number, username, spouse’s name, social media handle or other similar contact information. We may also collect your signature and professional and employment information.
- Billing Information. Information that you provide us to process your payment if you make purchases, such as your credit or debit card number, or bank information.
- Customer Service Information. Information related to your purchasing experience, such as your preferences, special requests you make or information related to products or services you use.
- Survey Information. The information you provide in response to a survey that you choose to respond to, including opinions on vehicle features or offerings, your interest in other vehicles, and other such comments and suggestions.
- Demographic Information. Demographic information, such as your geographic location, date of birth, anniversary date, or any other significant date.
- Protected or Sensitive Information. Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any protected or sensitive personal information (e.g., social security number, taxpayer identification number, passport number, driver’s license number or other government-issued identification number; credit or debit card details or financial account number, with or without any code or password that would permit access to the account, credit history; or information on race, religion, ethnicity, sex life or practices or sexual orientation, medical or health information, genetic or biometric information, biometric templates, political or philosophical beliefs, political party or trade union membership, background check information, judicial data such as criminal records or information on other judicial or administrative proceedings). Some protected or sensitive information, such as driver’s license number, credit or debit card details or other financial information may be required to fulfill our obligations to you and provide the Services and products you request.
- Audio and Visual Information: During your visit to our location, we may collect your images, and video and audio data, via security cameras located in public areas.
- Online Interactions. We collect aggregated analytics data about website visitors, such as your internet protocol (IP) address, location information, when you use our Website or interact with us through social media.
- Personal Information Received from Third Parties. We may receive some of the above-stated personal information about you from third parties such as from lead generators, through technology such as cookies, and when you use third party agents or third party services to make requests for information.
HOW WE COLLECT PERSONAL INFORMATION
We collect personal information in the following manner:
Personal information that you provide:
- Online Interactions. We collect personal information from you when you visit our website, interact with us on Social Media, or send us requests over emails.
- Direct Interactions. We collect personal information from you when you visit our locations, tell us your preferences, or schedule an appointment or test drive.
- Customer Service. We collect personal information when you purchase or lease a vehicle from us, purchase parts from us, service or repair a vehicle, or otherwise purchase products or services from us.
- IOT Devices. We may collect personal information from IOT Devices (which are devices that are connected to the Internet) that are available at our properties.
- Security Systems. We may collect information from audio or video located in public areas at our properties.
- Other Sources. We collect personal information from other sources, such as public databases, joint marketing partners and other third parties.
Personal Information that we collect from you automatically:
We use certain tracking technologies to improve the functionality of the website and your experience when you access it. We also keep a record of third party websites accessed when you are on our website and click on a hyperlink. However, we do not track users to subsequent sites and do not serve targeted advertising to them. We do not, therefore, respond to Do Not Track (DNT) signals. If you connect to our site using a mobile device, we may collect device information, including the device ID, model and manufacturer; the operating system; the location (to the city level), and the IP address. We also use Google Analytics, a web analytics service provided by Google, Inc, (“Google”) to track how often people gain access to or read our content. We use this information in the aggregate to understand what content our site visitors find useful or interesting, so we can produce the most valuable content to meet their needs. Google Analytics uses “cookies,” which are text files placed on your computer, to help us analyze how uses use the site. The Information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to us. Google will not use this information for cross-context behavioral advertising, nor will Google associate your IP address with any other data held by Google.
ANONYMIZED AND AGGREGATED DATA
We may use anonymized or aggregate customer data for any business purpose, such as to better understand customer needs and behaviors, improve our Services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties. Types of data we may anonymize include contact information, survey information, and demographic information.
HOW DOES WESTSIDE LEXUS PROCESS OR USE PERSONAL DATA?
We use the personal information we collect to communicate with you, provide the products or services you have requested, understand your needs, provide you with a better service, and in particular, for the following purposes:
- To conduct transactions you request.
- To respond to your questions and to contact you, and to provide notice about the status of our website or the specific services you have requested.
- To assist us in providing better information, and to help us improve our website and services.
- To learn more about our website traffic patterns and other use in order to improve the functionality and features of our website, including auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, etc.
- To help us operate, maintain and improve our systems, our website, and your user experience, including debugging to identify and repair errors that impair functionality.
- To maintain security and integrity, for example by collecting audio and visual images from cameras in public areas.
- To facilitate corporate acquisitions, mergers or transactions.
- To comply with the law, legal processes, or an enforceable government request.
- To detect, prevent, or otherwise address illegal activity, fraud, or security issues.
- To provide advertising and marketing services, and to send you commercial offers in e-mails and texts from Westside Lexus or its affiliated companies, which may or may not relate to the products or services you have ordered. You may unsubscribe or opt out of marketing-related communications from us by clicking the unsubscribe link on any email marketing communication you receive; however, you may not be able to opt-out of receiving critical Service-related communications, such as service, warranty or product recall communications, and to provide non-personalized advertising as part of your current interaction with us.
We may also make personal information available to our related entities for the purposes outlined above. Westside Lexus does not collect any categories of personal information beyond the categories of personal information outlined above, and not for the purposes other than outlined above. If Westside Lexus plans to collect and use personal information for any purposes beyond the ones outlined in this notice, additional consent needs to be obtained prior to use.
HOW AND WHY DOES WESTSIDE LEXUS SHARE PERSONAL DATA WITH THIRD PARTIES?
Westside Lexus does not sell, rent, or share personal information to or with any third party not affiliated with or owned by Westside Lexus, except service providers who may assist us in such areas as our promotions, credit checks, data storage and order processing, as further detailed below. Westside Lexus will never give or sell your personal information to unaffiliated third parties to be used for the purposes of sending you unsolicited commercial offers, such as spam. We do not share personal data about you with third parties except as follows:
- With service providers under contract who help with parts of our business operations. Our contracts require these service providers to only use your information in connection with the services they perform for us. Examples of the types of service providers we may share personal information with include: (a) Network infrastructure; (b) Cloud storage; (c) Payment processing; (d) Document repository services; (e) Sales; (f) Booking; (g) Website Management; (h) Accounting; (i) Customer Support; (j) Internet (e.g., ISPs); (k) Data analytics; (l) Information Technology.
- With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
- When required by law, or if we have a good faith belief that such action is necessary to: (a) to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, customers or other users of our website, or anyone else who could be harmed by such activities; (b) to respond to judicial process and provide information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law; or (c) to transfer your information as a business asset in the event we or our related entities sell or buy other businesses or entities, or we or substantially all of our assets are acquired.
- Administrative, technical or marketing purposes: We will share information with third parties, business partners or related entities, subject to confidentiality agreements as appropriate, for research and analytical purposes; for administrative or technical support or other business purposes, or to analyze our data or to maintain and improve our services or your user experience. We may also share aggregated information about our customers with our advertisers and our marketing partners. We may share website usage information about visitors to our website with third party advertising companies; provided, however, that if we do share such personally identifiable information with third party advertising companies, we will provide you with the opportunity to opt out of such disclosure.
- Consent: We also share personal data with third parties, other than those described above, when we have your consent to do so.
HOW LONG IS PERSONAL INFORMATION STORED?
Except as otherwise permitted or required by applicable law or regulation, we retain personal information in the categories set forth above only for as long as we have a legitimate business need to provide our services to consumers and dealers in the automotive marketplace. Because an average consumer usually purchases a vehicle infrequently, we keep some categories of information, such as identifiers, vehicle/commercial information, Internet or network activity, and inferences, longer than others so that we can continue to provide our Services to our customers.
To determine the appropriate retention period, we consider various criteria, including whether the personal information continues to be necessary to provide our Services; the amount, nature, and sensitivity of the personal information; the potential risk of harm to consumers from unauthorized use or disclosure; and the purposes for which we collect the personal information.
We continually review and enhance our retention practices in order to protect consumers while providing our Services.
HOW YOUR INFORMATION IS KEPT SECURE
Westside Lexus takes commercially reasonable precautions, including physical, administrative, and electronic safeguards, to protect and secure the confidentiality and integrity of your personal information. For example, we encrypt communications through our website with commercial strength encryption generally used by our industry. However, given the nature of the Internet and the fact that network security measures are not perfect, we cannot guarantee the absolute security of your information. If we are required to provide notice to you of a data security breach, the notice will be provided in electronic form.
Westside Lexus conducts periodic risk assessments to evaluate the adequacy of its administrative, technical, and physical safeguards.
WHAT PERSONAL DATA RIGHTS DO YOU HAVE?
Depending on applicable law where you reside, you may be able to assert certain rights related to your personal information identified below. If any of the rights listed below are not provided under law for your jurisdiction, we have absolute discretion in providing you with those rights.
- Access and portability. You may request that we provide you a copy of your personal information held by us. This information will be provided without undue delay. In certain circumstances, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another data controller. To request access, see “HOW CAN YOU EXERCISE THESE RIGHTS” below.
- Rectification of incomplete or inaccurate personal information. You may request us to rectify or update any of your personal information that we have that you consider inaccurate or incomplete. You may do this at any time by contacting us at [email protected].
- Erasure or deletion. You may request to erase or delete your personal information, subject to applicable law. To request erasure or deletion, see “HOW CAN YOU EXERCISE THESE RIGHTS” below.
- Withdraw consent. To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of your processing based on consent before your withdrawal. You may withdraw your consent by contacting us at [email protected].
- Restriction of processing. In some jurisdictions, applicable law may give you the right to restrict or object to us processing your personal information under certain circumstances. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Objection. You can object to the processing of your personal information on grounds relating to your particular situation. In cases of opposition to the processing of personal information the Company reserves the right to assess the application, which will not be accepted if there are legitimate reasons to proceed with the processing that prevail over your freedoms, interests, and rights.
- Restrict. you can request the restriction of the processing of your personal information.
- Appeal. In some jurisdictions, applicable law may give you the right to appeal an action by Westside Lexus’s regarding a privacy request.
- Right to Know. You have the right to know and see what personal information we have collected about you over the prior 12-month period, including:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- The business or commercial purpose for collecting your personal information;
- The categories of third parties with whom we have shared your personal information; and
- The specific pieces of personal information we have collected about you.
- Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:
- Complete your transaction;
- Provide you a good or service;
- Perform a contract between us and you;
- Protect your security and prosecute those responsible for breaching it;
- Fix our system in the case of a bug;
- Protect the free speech rights of you or other users;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
- Right to Correct. You have the right to request to correct any inaccurate personal information about you. If any personal information requires correction, we will use commercially reasonable efforts to fulfill your correction request.
- Right to Opt-Out. You may opt out of allowing us to sell your personal information or share your personal information for cross-context behavioral advertising.
- Right to Opt-In. You may change your mind and opt-in to personal information sales and cross-context behavioral advertising at any time.
- Other Rights. To the extent we sell your personal information to third parties, you also have the right to request that we disclose to you: (i) the categories of your personal information that we sold, and (ii) the categories of third parties to whom your personal information was sold. You have the right to direct us not to sell your personal information. We do not sell your personal information in the ordinary course of business and will never sell your personal information to third parties without your explicit consent.
You will not receive discriminatory treatment by Westside Lexus for exercising the above individual rights. Prohibited discriminatory treatment includes denying goods or services, charging different prices or rates for goods or services (including discounts or other benefits or imposing penalties), providing a different level or quality of goods or services to you, or even suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Your rights to personal information are not absolute. Depending upon the applicable law, access may be denied:
- when denial of access is required or authorized by law;
- when granting access would have a negative impact on another’s privacy;
- to protect our rights and properties; or
- where the request is frivolous or vexatious, or for other reasons.
HOW TO MAKE A PRIVACY REQUEST OR LODGE A COMPLAINT
To make a privacy request, you can contact us at [email protected] or follow the process outlined below.
You, or someone legally authorized to act on your behalf, may make a request to know, delete or correct your personal information. Depending on your jurisdiction, your ability to submit multiple requests within the same twelve-month period may be limited.
To exercise access and deletion rights, please click here or call us at (844) 628-4802. You will be asked for personal information such as name, phone number and/or email address to verify your identity, as well as the type of right you want to exercise, such as access or deletion.
For access requests, we must first verify your identity by using identifiers. Verification identifiers may include but are not limited to name, address, email, and phone number. Once we verify your identity, we will search for personal data collected and provide you a report with:
- list of categories of personal data we collected
- sources we collected from
- purposes of collecting
- categories of third parties with whom we share data.
For deletion requests, once we verify your identity, we will confirm receipt of the deletion requests and provide an estimated timeline for deletion completion unless the processing of your personal information falls under a regulatory exception to deletion, in which case we will notify you of such exception. For deletion requests initiated through our web form, an additional confirmation question will be asked to confirm that you want to delete your data.
California Authorized Agent: If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. We will respond to your authorized agent’s request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf or are unable to verify their identity.
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us as provided.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
How to lodge a complaint:
If you believe that we have infringed your rights, we encourage you to first submit a request by sending us an email at [email protected], so that we can try to resolve the issue or dispute informally.
If you reside in the EU, you can file a complaint with your relevant data protection authority.
FOR EEA DATA SUBJECTS
If you reside in the European Economic Area, United Kingdom, or Switzerland (collectively, “EEA Residents”), you have additional rights with respect to your personal data, which include rights under the EU’s General Data Protection Regulation (“GDPR”).
Legal Basis for Processing Your Information
For individuals who are EEA Residents at the time their personal data is collected, we rely on legal basis for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”). We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business or to protect us, or you, property, rights, or safety, or where we have obtained your consent to do so. Below is a list of the purposes described in our policy with the corresponding legal basis for processing.
- Based on our contract with you or to take steps at your request prior to entering into a contract with us so that we can provide you with our Services:
- To provide you Services
- To provide you with personalized Services
- Third party booking
- To communicate with you
- To ensure quality
- To ensure security
- Based on our legitimate interests. When we process your personal data for our legitimate interests we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.
- To enhance your experience
- To facilitate corporate acquisitions, mergers, or transactions
- Based on our legal obligations, the public interest, or in your vital interests.
- To ensure security
- Based on your consent.
- To enhance your experience
- To engage in marketing activities
- For any purpose
Right to Withdraw Consent
If you have given us consent in relation to particular processing or activities, you can withdraw your consent at any time by contacting us as indicated in the “HOW TO MAKE A PRIVACY REQUEST” section.
We may provide additional “just-in-time” disclosures or additional information about the data collection, use and sharing practices of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your personal information.
QUESTIONS OR CONCERNS