Last updated: July 15, 2020
Information Collected by MBSi
PII is captured when MBSi services are installed or accessed. Information that is collected depends in part on the type of service for which a customer engages MBSi. For example, customers that engage with MBSi for newsletters, or use of the MBSi “Contact Us” tool or make specific inquiries regarding any of MBSi’s products or services, PII, such as your name, company name, e‐mail address, phone number, may be collected.
Data collected will be stored for no longer than necessary. The length of time MBSi retains said information will be determined based upon the following criteria:
- the length of time the personal information remains relevant;
- the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations;
- any limitation periods within which claims might be made;
- any retention periods prescribed by law or recommended by regulators, professional bodies or
- the type of contract, the existence of customer consent, and our legitimate interest in keeping
- such information as stated in this Policy.
MBSi’s definition of PII does not include “aggregate” information. Aggregate information is data we collect about a group or category of products, services or customers, from which individual customer identities have been removed. In other words, information about how an end user uses a product and/or service may be collected and combined with information about how others use the same product and/or service, but no PII will be included in the resulting data. Likewise, information about the products and/or services purchased and/or used may be collected and combined with information about the products and/or services purchased and/or used by others. MBSi may disclose to third parties aggregated information about users, such as aggregated user statistics and log data and other information that does not identify any individual or Device, without restriction.
MBSi maintains security standards that are designed to help protect end user information. While MBSi uses such security standards, MBSi does not guarantee that PII submitted through MBSi’s website will be secure, or that the services will be uninterrupted or error‐free.
Notice to Persons Accessing this Website Outside the United States
MBSi is headquartered in Phoenix, Arizona in the United States. Information collected will be processed in the United States. Any information provided to MBSi will be transferred out of the end user’s country and into the U.S. By providing PII, the end user explicitly consents to the transfer of their information to the U.S. II collected on MBSi sites and services may be stored and processed in the U.S. or any other country in which MBSi or its affiliates, subsidiaries or service providers maintain facilities. With respect to PII collected by MBSi regarding an European Union (EU) resident, such person may contact our Compliance Department with any questions regarding accessing or correcting their data.
Notice to California Residents
If you are a California resident, please see MBSi’s Supplemental Privacy Notice for California Residents for more information on your privacy rights.
SUPPLEMENTAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
Effective Date: January 1, 2020
If you are receiving Services directly from MBSi and you are looking to make a data access, data deletion or other CCPA request, please see the Section titled “Exercising Access, Data Portability, and Deletion Rights” below to understand your rights.
- Information We Collect / Disclose
Through our website and/or the provision of Services, we collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, through the provision of Services, MBSi has collected the following categories of personal information from consumers, and/or disclosed for a business purpose such categories to third parties, within the last twelve (12) months:
|A. Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers.||YES||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|A name, signature, Social Security number, address, telephone number, insurance policy number, or credit card number. Some personal information included in this category may overlap with other categories.||YES||YES|
|C. Protected classification characteristics under California or federal law.
|In obtaining information to identify consumers for services, at times we may collect the consumers’ identifying characteristics or special need requirements, such as gender, physical disability, or similar identifying information.||NO||NO|
|D. Commercial information.
|Records of personal property (such as the VIN, year, make, model, and color for the vehicle), products or services purchased, obtained, or considered.||YES||YES|
|E. Biometric information.
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity.
|Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
|G. Geolocation data.
|Physical location (if you are using a mobile application).
|H. Sensory data.
|Audio recordings are made of your communications with our contact centers.
|I. Professional or employment‐related information.
|Current or past job history or performance evaluations.
|J. Non‐public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
|Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information specifically excluded from the CCPA’s scope.
- Sources of Personal Information
MBSi obtains the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, by the submission of your information through written or electronic forms you complete, or products and services you request.
- Indirectly from you. For example, from observing your actions when visiting our website(s) or requesting Services through our website(s) or mobile applications.
- From Clients. For example, when you enter into a Service Agreement with a Client, the Client will share your personal information with us so that we may provide Services to you on behalf of the Client.
- From independent contractors providing repossession services. For example, we may receive certain personal information about you, including, without limitation your real‐time geolocation, in connection with the repossession services provided.
- Use of Personal Information
We may use, or disclose the personal information we collect from consumers for one or more of the following purposes:
- To fulfill or meet the reason you provided the information.
- To comply with contractual requirements with our Clients, including data retention requirements.
- To process your requests, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, reviews, comments, or other feedback you provide us, including to investigate and address your concerns and monitor and improve our responses.
- To help maintain the safety, security, and integrity of our website(s), digital services, databases and other technology assets, and our business.
- To perform analysis to better understand the Clients’ customers, our suppliers and customers, and to assist with product testing and product development, including to develop and improve our website(s), digital services, and Services.
- To comply with legal, regulatory, or administrative requirements of governmental authorities.
- To respond to a judicial proceeding, subpoena, court order or other legal process; or as reasonably necessary to (i) investigate, prevent or take action regarding suspected or actual illegal activities; (ii) investigate and defend ourselves against third party claims or allegations; or (iii) protect the security or integrity of our Services.
- As described to you, or directed or authorized by you, when collecting your personal information, or as otherwise set forth in applicable law, including the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of MBSi’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by MBSi about you is among the assets transferred.
MBSi will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
- Sharing Personal Information
MBSi may disclose your personal information to a third party for a business purpose.
- Your Rights and Choices
The CCPA provides consumers who are California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how California residents may exercise those rights.
A. Access to Specific Information and Data Portability Rights
You have the right to request that MBSi disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (please see the Section titled “Exercising Access, Data Portability, and Deletion Rights” below), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- Sales, identifying the personal information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You have the right to request that MBSi delete any of your personal information that we collected from you and retained, subject to certain permitted exceptions. Once we receive and confirm your verifiable consumer request (please see the Section titled “Exercising Access, Data Portability, and Deletion Rights” below), we will delete your personal information from our records, unless an exception applies. We may deny your deletion request if permitted under the CCPA, including situations in which retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide the services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Other situations as may be permitted by law.
B. Exercising Access, Data Portability, and Deletion Rights
If you are receiving services and benefits through a Service Agreement between you and a Client, to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request directly to the Client by visiting the Client’s website. For California residents with direct agreements with MBSi, to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either emailing us or mailing a written request to the addresses provided below. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12‐month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, including the information and documentation required on the Data Access, Portability and Deletion Request Form. We may ask you to have such documentation notarized under California state law.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, along with such other required information as specified on the Data Access, Portability and Deletion Request Form to validate and verify the authenticity of the request.
C. Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty‐five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period. Any disclosures we provide will only cover the 12‐month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
Making a verifiable consumer request does not require you to create an account with us. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Changes to Our Privacy Notice
MBSi reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
- Contact Information
If you have any questions or comments about this notice, the ways in which MBSi collects and uses your information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
ATTN: Compliance Department
10851 North Black Canyon Highway
Phoenix, AZ 85029