1. COLLECTION OF PERSONAL INFORMATION
1.1 Personal Information. The following are categories (with non-exhaustive examples) of personal information we may collect about you:
|A. Individual Identifiers and Demographic Information||A real name, alias, postal address, unique personal identifier, phone number, online identifier, Internet Protocol address, email address, account name, social media information, shipping and billing addresses, general location information (such as your zip code or city), or other similar identifiers.|
|B. Sensitive Personal Information||Financial or credit/debit card account information, such as payment details collected during the purchase process.|
|C. Geolocation Data||Precise physical location or movements, if you choose to share that information when using the App.|
|D. Commercial Information||Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. May also include your communications with us and your reviews, posts, blog comments, photos, questions, and other materials posted by you to the Platform or feedback and other content you provide on our social media sites.|
|E. Internet or Network Activity||Browsing history, search history, information on an individual’s interaction with a website, application, or advertisement.|
|F. Inferences Drawn from Personal Information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.|
Personal information does not include:
- Publicly Available Data – Publicly available information from government records.
- Deidentified or Aggregate Information – “Deidentified Information” means information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular individual, and for which BPAG has implemented technical safeguards and business processes that prohibit reidentification of the individual. “Aggregate Information” means information that relates to a group or category of individuals, from which individual identities have been removed, that is not linked or reasonably linkable to any individual or household, including via a device. BPAG may use and share Deidentified Information and Aggregate Information in its discretion.
1.2 Sources of Personal Information. We obtain the categories of personal information listed above on or through our Platform from the following categories of sources:
- Personal Information You Provide. BPAG collects personal information when you voluntarily submit it to us. For example, we may collect or receive personal information from you if you create an account on the Platform; edit registration information; purchase a product; sign up to receive promotional communications; use or access products and services available through the Platform; participate in one of our promotional sweepstakes, contests, or surveys; post a review; submit a request to our customer service team; interact with our social media pages; or otherwise interact with us or other users through the Platform. BPAG also collects any user generated content posted by you to the Platform.
- Personal Information Obtained from Third Parties. In addition to the personal information that we collect from you directly and automatically, BPAG may receive personal information about you from other third party sources. For example, we receive personal information from our business partners, social media sites, third party marketing firms, or companies that provide personal information to supplement what we already know about you. We may merge or combine such personal information with the personal information we collect from you directly or automatically. We may also receive information about you if someone refers you to us or wishes to purchase something on our site for you.
2. USE OF PERSONAL INFORMATION
BPAG’s primary purpose in collecting personal information is to provide the products and services that you request on the Platform. BPAG may also use personal information for various purposes, including without limitation to:
- To Provide and Operate Our Products and Services. This could include fulfilling your requests for products or services, establishing, and maintaining your account, identifying you as a user on the system, processing purchases or other transactions, facilitating deliveries, and processing your returns. For example, if you share your personal information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. This could also include communicating with you about the Platform, including by sending you announcements, updates, security alerts, and support and administrative messages, providing customer support and maintenance for the Platform, enabling security features of the Platform, and using your location to identify pick-up locations (in some jurisdictions).
- To Improve Our Products and Services. We may use personal information to understand and analyze the usage trends and preferences of our users to make our Platform, products, and services better, diagnose technical issues, and develop new features and functionality. We also use it to determine what products and services to offer and to improve site layout and navigation.
- To Create Deidentified Information and Aggregate Information. We may also use your personal information to create Aggregated Information, Deidentified Information, or other anonymous data records from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Platform and promote our business.
- Direct Marketing of Our Products or Services. We may use our personal information to provide you with information about BPAG products, services, or promotions.
- Compliance, Fraud Prevention, and Safety. We use personal information to maintain the safety, security, and integrity of our Platform, products and services, databases and other technology assets, business, and other Users. For example, we may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); audit our internal processes for compliance with legal and contractual requirements; enforce the terms and conditions that govern the Platform; and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, including cyber-attacks and identity theft.
- As Required by Law. We use personal information to respond to requests from law enforcement and as required by applicable law, court order, legal process, or government investigation.
- With Your Consent. In some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as where required by law.
3. SHARING OF PERSONAL INFORMATION
3.1 Related Companies. We may share your personal information with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with us), including without limitation other companies in the Bestop Premium Accessories Group.
3.2 Business Transactions. If we sell all or part of its business or make a sale or transfer of assets or is otherwise involved in a merger, financing, acquisition, dissolution, or business transfer, we may transfer, share, or disclose all or a portion of your personal information to a third party as part of that transaction, including at the negotiation stage, or in the event of an insolvency, bankruptcy, or receivership.
3.3 Legal Compliance. We may disclose personal information to law enforcement, government authorities, and others in response to subpoenas, warrants, or court orders, in connection with any legal process, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our rights; to defend against a legal claim; to investigate, prevent, or take action regarding possible illegal activities or fraud; to protect the safety and security of other Users; or to prevent a violation of our Terms of Service.
3.5 Interest-Based Advertising Partners. We participate in interest-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our Platform so that we and other parties can provide advertising about products and services tailored to your interest, and/or use hashed customer lists that we share with them to deliver ads to you and similar users on their platforms. That advertising may appear either on our Platform, or on other websites, applications, and services.
3.6 Partner or Client Offerings. We may jointly offer events, promotions, or any other product or service offerings with third party partners or our clients. The personal information that you submit through an event, sweepstakes, promotion, or other product or service offering may be combined and transmitted with the registration information related to your account. Third party partners or clients may collect information directly from you, which may be combined with personal information disclosed by us. If you decide to request, enter into, or participate in an event, sweepstakes, promotion, or other product or service offering that is offered by us and identified as a joint effort with a third-party partner or client, the information that you provide may be shared with us and with that third party.
3.7 Social Networking and Third Party Platforms. The Platform may offer you the ability to share your personal information through a social networking website (e.g., Facebook, Twitter), using such site’s integrated tools (e.g., Facebook “Like” button, or Twitter “Tweet” button), or to use your account information from a third-party platform like Google to register for an Account. The use of some integrated tools may enable you to share personal information about yourself with other individuals or the public, depending on the settings that you have established with such social networking site. For more information about the purpose and scope of data collection and use in connection with such social networking site or a site’s integrated tools, please visit the privacy policies of the entities that provide these social networking sites.
3.8 Public Forum and Messaging. The Platform may provide you with the opportunity to post comments, messages, or reviews in a public forum. If you decide to submit personal information at these locations, that information will be available to other users of the Platform.
3.9 Referrals. Users may recommend other contacts to join the Platform by providing their contact information or selecting friends from a social networking site. Users may also provide information about other users of the Platform such as reviews of the services or products that he or she received, booking or scheduling information, or reference information.
3.10 Professional Advisors. We may share your personal information with our professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
4. SECURITY OF PERSONAL INFORMATION
We take commercially reasonable steps to protect personal information, including efforts to facilitate PCI compliance in connection with the payment information we or our payment processors collect. Please note, no method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.
5. TEXT MESSAGES
If you opt-in, we may send you text messages about our products and services. You understand that you are not required to provide this consent as a condition of receiving information about our products and services. You also understand that you may opt-out of receiving text messages from us at any time, either by texting the word “STOP” in reply to any text message from us using the mobile device that is receiving the messages, or by contacting us at 1-800-845-3567. You are responsible for obtaining the data network access and mobile device necessary to send and receive any text messages. Your mobile network’s data and messaging rates and fees may apply if you send or receive text messages.
6. YOUR CHOICES
You can make the following choices regarding your personal information:
6.1 Access to Your Personal Information. You may request access to your personal information by contacting us as described below. We will grant you reasonable access to the data that we have about you as required by law.
6.2 Changes to Your Personal Information. We rely on you to update and correct the personal information contained in your Account. Note that we may keep historical information in our backup files as permitted by law. If our Platform does not permit you to update or correct certain personal information, please contact us as described below.
7. OPTING OUT
You can make the following choices to opt out of certain activities regarding your personal information:
7.1 Promotional E-mails. You may choose to provide us with your e-mail address for the purpose of allowing us to send newsletters, surveys, offers, and other promotional materials related to our Platform, as well as targeted offers from third parties. You can stop receiving promotional e-mails by clicking the “unsubscribe” links in the e-mails or by contacting us as described below. If you decide not to receive promotional e-mails, we may still send you service-related communications, such as those about your Account, to fulfill orders for products and service you have requested, or deliver notifications directly to you through the Platform.
7.2 Behavioral-Based Advertising. We participate in behavioral-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our Platform so that we can provide advertising about products and services tailored to your interest. That advertising may appear either on our Platform, or on other websites and online services. If you wish to limit third parties’ collection of information about your use of our Platform, you can opt-out of such at the Digital Advertising Alliance in the US, the Digital Advertising Alliance of Canada in Canada, or the European Digital Advertising Alliance in Europe. Users of our Applications may opt out of receiving targeted advertising in mobile apps through participating members of the Digital Advertising Alliance by installing the AppChoices mobile app, available here, and selecting the user’s choices. PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE PLATFORM. IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.
7.3 Do-Not-Track. Some web browsers and devices permit you to broadcast a preference that you do not want to be “tracked” online. At this time we do not modify your experience based upon whether such a signal is broadcast.
8. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
BPAG and its affiliates and subsidiaries are based in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in the Terms of Service related to the use of and access to the Platform.
If you are located in the European Union, European Economic Area, or United Kingdom, please see the section below titled “Notice to European Users” for additional information regarding your personal information.
The Platform is not intended for use by children under sixteen (16) years of age. If we learn that we have collected personal information from a child under sixteen (16) without the consent of the child’s parent or guardian as required by law, we will delete it.
10. CONTACTING US
Attn: Privacy Agent
333 Centennial Parkway, Suite B
Louisville, CO 80027
11. RESIDENTS OF CALIFORNIA
The following section applies only to residents of California. It describes how we collect, use, and share personal information of California residents when we act as a “business” as defined under the California Consumer Privacy Act of 2018 (“CCPA”), and their rights with respect to their personal information. For purposes of this section, “personal information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. In some cases we may provide a different privacy notice to certain categories of California residents, in which case that notice will apply instead of this section.
11.1. Notice to California Residents. We describe:
- the categories of personal information we may have collected about you in the preceding 12 months and the sources from which we collect this information in the section above called “COLLECTION OF PERSONAL INFORMATION”;
- the business and commercial purposes for which we collect this information in the section above called “USE OF PERSONAL INFORMATION”; and
- the categories of third parties to whom we disclose this information in the section above called “SHARING OF PERSONAL INFORMATION”.
BPAG must also disclose whether the following categories of personal information are disclosed for a “business purpose” or “valuable consideration” as those terms are defined under California law. The CCPA also calls this latter category a “sale” of personal information. Note that while a category below may be marked, that does not necessarily mean that we have personal information in that category about you. In the preceding twelve months, we have disclosed the following categories of Personal Information in the manner described:
|Category||Information is Disclosed for a Business Purpose||Information is Disclosed for Valuable Consideration|
|A. Individual Identifiers and Demographic Information||Yes||Yes|
|B. Sensitive Personal Information||Yes||No|
|C. Geolocation Data||Yes||No|
|D. Commercial Information||Yes||Yes|
|E. Internet or Network Activity||Yes||Yes|
|F. Inferences Drawn from Personal Information||Yes||Yes|
11.2. Your California Privacy Rights. The CCPA provides California residents with the rights listed below.
- Access. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including:
- The categories of personal information we collected about you.
- The categories of sources of the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you.
- Deletion. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
- Opt-Out of Sales. If we “sell” your personal information as described above, you can opt out.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination in the form of legally prohibited increases in the price or decreases in the quality of our products and services.
Please note, these rights are not absolute and in some cases we may not be able to respond to your request, such as when a legal exemption applies or if we are not able to verify your identity.
- How to Exercise Your California Privacy Rights. Access and Deletion Rights. To exercise the access and deletion rights described above, please submit a request to us and provide the information we request that is required to verify your request by:
- Emailing us at [email protected]; or
- Calling us at 1-800-845-3567.
- Right to Opt-Out of the “Sale” of Personal Information. Under California law, some of the data we share with our affiliate advertising partners may qualify as a “sale” as defined under the CCPA. To exercise your right to opt-out of such “sale”, please:
- Email us at [email protected]; or
- Click here: Do Not Sell My Personal Information.
When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure we do not disclose personal information to any person who is not entitled to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. You may also designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide the requester’s proof of identification, the authorized agent’s proof of identification, and any other information that we may request in order to verify your request.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive.
We try to respond to all legitimate requests within 45 days of your request. Occasionally it may take us longer than 45 days to respond, for instance if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.
11.3. Notice of Disclosure for Direct Marketing. Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with BPAG and/or BPAG brands are entitled to ask us for a notice describing what categories of personal information we share with third parties for their direct marketing purposes. This notice will identify the categories of information shared with and will include a list of the third parties with which it is shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit your request to the address listed in the section titled “CONTACTING US” above.
12. NOTICE TO EUROPEAN USERS
The information provided in this “Notice to European Users” section applies only to individuals in the European Union, the European Economic Area, or the United Kingdom (collectively, “Europe”).
12.3. Lawful basis for processing. BPAG is required to inform you of the lawful basis of our processing of your personal information, which are described in the table below. If you have questions about the lawful basis of how we process your personal information, contact us at the address listed in the section titled “CONTACTING US” below.
|Processing Purpose (for more information, see the corresponding descriptions above in the section titled “USE OF PERSONAL INFORMATION”)||Lawful Basis|
|• To Provide and Operate Our Products and Services||Processing is necessary for the performance of a contract. You are subject to a contract with us and we need to use your personal information to provide products and services.|
|• To Improve Our Products and Services.|
• To Create Deidentified Information and Aggregate Information.
• Compliance, Fraud Prevention, and Safety.
|Processing activities constitute our legitimate interests. We consider and balance the potential impact on your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent, or we are otherwise required to perform a contract or by law).|
|• Direct Marketing of Our Products or Services.||Processing activities constitute our legitimate interests. In some jurisdictions, processing may instead be based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated on the Platform.|
|• Other Advertising.|
• With Your Consent.
|Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated on the Platform.|
|• As Required by Law.||Processing is necessary to comply with our legal obligations.|
We will use your personal information only for the purposes for which we collected it, unless we reasonably determine we need to use it foranother reason and that reason is compatible with the original purpose. For example, we consider deidentification, aggregation, and anonymization of personal information to be compatible with the purposes listed above and in your interest, because the deidentification, aggregation, and anonymization of such information reduces the likelihood of improper disclosure of that information.
PLEASE NOTE WE MAY PROCESS YOUR PERSONAL INFORMATION WITHOUT YOUR KNOWLEDGE OR CONSENT, IN COMPLIANCE WITH THE ABOVE RULES, WHERE THIS IS REQUIRED OR PERMITTED BY LAW.
12.4. Sensitive Information. Unless we specifically request it, we ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Platform, or otherwise to us.
12.5. Retention. BPAG retains your personal information:
- For so long as your Account is active or as needed to provide you with the Platform or to fulfill our contractual obligations;
- As necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; and
- For so long as is necessary for the purposes for which we collected such personal information.
12.6. Your Rights.European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Correct. Update or correct inaccuracies in your personal information.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our lawful basis as the basis of our processing of your personal information that impacts your rights.
- Delete. Delete your personal information.
When we receive your request, we may ask you to verify your identity before we can act on your request. We may withhold information where we are required by law to do so or if the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested.
If you are a resident of Europe and would like to exercise any of these rights, please submit your request to the address listed in the section titled “CONTACTING US” above. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection authority in your jurisdiction. You can find your data protection regulator here.
12.7. Cross-Border Data Transfer. If we transfer your personal information out of Europe to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so.
Effective Date: February 11, 2021