California Privacy Notice for Spectrum Collision
Effective Date: January 1, 2024
Last Reviewed: January 1, 2024
This California Privacy Notice (“Notice”) supplements the information contained in Spectrum Collision’s Privacy Policy & Notice and applies solely to all site visitors or customers who reside in California. This Notice is provided pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), as modified by the California Privacy Rights Act of 2020 (“CPRA”). Certain terms used in this Notice have the meaning given to them in the CCPA and CPRA and their implementing regulations.
We are committed to protecting the privacy and security of your Personal Information. This Notice describes how Spectrum Collision collects, uses, and retains your Personal Information, the instances where Spectrum Collision may disclose your Personal Information to third parties, and your privacy rights and choices under California law. “Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Please be advised that “Personal Information” does not include information which is publicly available, anonymized, or aggregated, as well as other information which is excluded from the CCPA/CPRA’s scope (e.g., information covered by other privacy laws such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver’s Privacy Protection Act).
This Notice does not apply to Personal Information that we collect when:
- You are acting as a job applicant to or employee or independent contractor of Spectrum Collision.
- You have been designated as an emergency contact for a job applicant or employee and your information has been collected for use solely within that context.
- We need your Personal Information to administer benefits obtained through an employee.
- We are collecting or processing your information as a service provider to a third party. If you arrived at this Notice through a link located on a website operated or hosted on behalf of your insurance provider, then please refer to your insurer’s Privacy Policy for more information about how your insurer collects, processes, retains, and shares your Personal Information, and your rights related thereto.
We reserve the right to amend this Notice at our discretion, at any time and without sending notice to you. When we make changes to this Notice, we will post the updated Notice on this web page and update the effective date. This Notice is not a contract and does not create any contractual rights or obligations.
​
Collection and Retention of Personal Information
Through our website and services, we collect and process certain categories of Personal Information about you. As permitted by law, we collect, and within the last twelve (12) months have collected, the following categories of Personal Information:
- **Identifiers:** such as your name, phone number, email address, and home address.
- **Information described in California Civil Code § 1798.80(e):** such as your signature, insurance policy number, and credit card or debit card number.
- **Sensitive Personal Information:** such as government identifiers like driver’s license and state identification card numbers.
- **Protected classification characteristics under California or federal law:** such as age and military status, to the extent you enroll in or apply for Spectrum Collision’s promotional programs such as Military Discounts and Senior Discounts.
- **Commercial information:** such as records of services purchased or obtained from Spectrum Collision or its affiliates (e.g., estimates, invoices, and work orders).
- **Internet or other similar network activity:** including date and time of access, URL address of webpages you visited, internet domain and IP address, type of browser and operating system, URL address of the referring page, completion or success status of the request for a webpage or other line item, and file size of the webpage visited.
- **Geolocation data:** such as Internet Protocol (IP) location.
- **Sensory data:** such as call monitoring and video surveillance.
- **Professional or employment-related information:** to the extent you submit an inquiry regarding employment opportunities.
- **Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)):** to the extent you submit an inquiry regarding employment opportunities.
- **Vehicle-related data:** such as license plate number, vehicle identification number, vehicle odometer and mileage data, vehicle systems data (e.g., diagnostic codes), and photographs of your vehicle.
- **Inferences drawn from other Personal Information:** such as a profile reflecting your preferences and attitudes.
We do not collect biometric information or the following categories of Sensitive Personal Information: complete account access credentials; precise geolocation data; racial or ethnic origin; religious or philosophical beliefs; union memberships; genetic data; mail, email or text message content not directed to us; unique identifying biometric information; or health, sex life, or sexual orientation information.
We collect Personal Information directly from you when you or your authorized agent provide the information to us and indirectly from your activities on our website (e.g., from submissions through our website portal or website usage details collected automatically) and through our provision of services. We and our third-party partners may use cookies, web beacons, or other technologies to collect and store information about your visit to, or use of, our websites. In addition, we collect information from other sources such as third parties that interact with us in connection with the services we perform; marketing partners and commercially available third-party sources; and publicly available sources or databases.
We generally keep all categories of Personal Information and Sensitive Personal Information described above for as long as needed or permitted considering the purpose(s) for which the Personal Information or Sensitive Personal Information was obtained, such as to provide services to you, complete our transaction with you, to enable us to communicate with you about our services, for our research, evaluation of use, or troubleshooting purposes, for our analysis to improve the quality of our services, or to satisfy our legal, regulatory, insurance, or contractual obligations. We maintain Personal Information and Sensitive Personal Information in accordance with our record retention policies which are informed by business needs and our legal and contractual obligations. The criteria that we use to determine our retention periods include: (1) for as long as we have an ongoing relationship with you; (2) as required by a legal obligation to which we are subject (e.g., including statutory periods to retain information as well as to fulfill commitments to you through our warranty programs); or (3) as advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations). If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
Purposes for Collecting and Processing Personal Information
We may collect, use, or disclose the above categories of Personal Information and Sensitive Personal Information for the following purposes:
- To fulfill, address, or respond to the reason you provided the information or complete the transaction you requested. For instance, if you share your name and contact information to ask a question about our services or employment opportunities, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase or authorize a service, we will use that information to process your payment, facilitate performance of the service, and to contact you about the status of your service. We may also save your information to facilitate future orders and services, and to facilitate warranty repair services.
- To provide, support, personalize and develop our website and services.
- To process your requests, purchases, transactions, and payments, and prevent fraud in connection therewith.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses and services.
- For testing, research, analysis, and service development, including to develop and improve our website and services.
- To respond to inquiries or investigations of our regulators or other governmental agencies.
- To respond to law enforcement requests and as required by applicable law, court order, or regulations.
- To seek payment from insurers or to respond to insurance investigations.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about consumers is among the assets transferred.
- As described to you when collecting your personal information or as otherwise permitted by the CCPA/CPRA.
We will not collect additional categories of Personal Information or Sensitive Personal Information or use the Personal Information or Sensitive Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice. We only use Sensitive Personal Information collected about you (e.g., driver’s license number) for purposes expressly permitted under the CPRA (namely, to perform our services or complete our transaction with you).
Disclosure of Personal Information
Spectrum Collision does not sell, trade, or rent your Personal Information to unaffiliated third parties, such as sellers of goods or services, for their own business or commercial purposes. Spectrum Collision will only disclose or share your Personal Information to our affiliates and certain trusted parties—specifically:
- **Affiliates and subsidiaries,** when permissible under relevant laws and regulations, for various purposes, such as to improve our existing suite of products and services across all our related businesses, or for marketing vehicle-related products and services to you.
- **Service providers and vendors** to perform functions and provide services, such as services related to: payment processing; marketing and non-marketing communications; business analytics (marketing and non-marketing); IT and network administration such as data storage and management, website hosting, and data security; professional advice relating to legal, accounting and/or tax; and day-to-day business operation support such as courier services, document destruction, and electronic signatures.
- **Governmental authorities or other entities** as required by law or regulation.
- **Other third parties** to whom you or your authorized agent authorize us to share personal information in connection with services provided by us.
In the last twelve months, we have disclosed the following categories of Personal Information to our affiliates and/or service providers for the business purposes described above: (1) identifiers; (2) information described in California Civil Code § 1798.80(e); (3) commercial information; (4) internet or other similar network activity; (5) sensory data (e.g., call recordings and vehicle photographs); (6) inferences drawn from other Personal Information; and (7) Sensitive Personal Information limited to your driver’s license number. (We do not disclose Sensitive Personal Information for purposes other than what the CPRA specifically permits.)
We may also share certain categories of Personal Information, excluding Sensitive Personal Information, with third parties such as marketing/advertising platforms (including social media platforms) and data aggregation and brokerage companies for cross-context behavioral advertising purposes, to improve the quality of your website experience, evaluate the performance of our marketing/advertisements, facilitate engagement with you and display relevant information to you. In the preceding twelve months, we have shared the following categories of Personal Information for these purposes: (1) identifiers (your name, phone number, email address, and mailing address); and (2) internet or other similar network activity.
Your Rights and Choices
Right to Know. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve months. Once we receive and verify your request, we will disclose to you:
- Categories of Personal Information and Sensitive Personal Information we collected about you.
- Categories of sources for the Personal Information and Sensitive Personal Information we collected about you.
- Business purpose for collecting or disclosing/sharing that information.
- Categories of third parties with whom we disclose/share that information.
- Specific pieces of Personal Information and Sensitive Personal Information we collected about you (a “data portability request”).
- If we shared/disclosed your Personal Information or Sensitive Personal Information for a business purpose, a list identifying the personal information categories that each category of recipient obtained.
Deletion. You have the right to request that we delete your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your Personal Information from our records unless retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, fulfill the terms of our written warranty in accordance with the Magnuson-Moss Warranty Act or other federal law, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, resist malicious, deceptive, fraudulent or illegal actions, and to help prosecute those responsible for such actions.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informal consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with regulatory requirements or other legal obligations.
- Respond to regulatory, law enforcement, or insurance investigations, or to respond to a subpoena.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We may maintain a confidential record of deletion requests solely for the purpose of preventing your Personal Information from being sold, for compliance with applicable law, or for other purposes permitted under the CCPA/CPRA.
Correction.You may at any time direct us to correct any inaccuracies in the Personal Information that we maintain about you. Upon receiving and verifying your request to correct, we will use commercially reasonable efforts to correct the inaccuracy in your Personal Information. We may decline to correct the Personal Information if we determine based on the totality of the circumstances that the Personal Information we have on file is more likely than not accurate, or if we determine the request is likely fraudulent or abusive. If we decline to correct the Personal Information, you may request that we note in our records and notify any service providers and third parties to whom we disclosed the allegedly erroneous information that its accuracy has been disputed.
Restrict Use or Disclosure/Sharing of Personal Information for Advertising & Marketing. We may use, or disclose/share to our service providers and marketing providers, Personal Information about you for our own advertising and marketing purposes. You have the right, at any time, to request that we not use or disclose/share your Personal Information for advertising and marketing purposes. Once we receive and verify your request, we will no longer use or share your Personal Information for advertising or marketing purposes. We also will recognize browser-based opt-out signals as provided under law. If we receive an opt-out signal and are able to identify the consumer to whom the signal relates, we will treat the signal as a request to opt out related to all Personal Information we have on file for the consumer. If we receive an opt-out signal and are not able to identify the consumer to whom the signal relates, we will treat the signal as a request to opt out limited to the Personal Information we collect from the consumer during the online session during which the signal is present.
How to Exercise Rights & Choices. To exercise the access, data portability, correction, deletion, and advertising use restriction rights described above, please submit a verifiable consumer request to us either by:
- Telephone us toll-free at (949) 597-8200.
- Submit a completed CA Privacy Act Request Form.
- Mail or Email at the addresses provided at the end of this Notice (see “Contact Us”).
Only you, or a person legally authorized to act on your behalf, may make a verifiable request related to your Personal Information. You may also make a verifiable request on behalf of your minor child. You may only make a request for access or data portability twice within a 12-month period. Your request must (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, and (2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.