Introduction

Welcome to the “Optimum Response dba vinsyt” Privacy Policy.  Optimum Response provides automotive ecommerce, mobility and data processing services to motor vehicle dealerships, manufacturers and other industry business entities including subsidiaries and affiliates; and processes data collected and purchased by Optimum Response.  

Optimum Response provides consumers and a dealership’s customers (“customer”) with a personalized vinsyt website that is personalized for the customer and the vehicle(s) they purchased from the dealership.  The dealership is the Optimum Response client and we create the dealership's branded, personalized vinsyt on their behalf by using the dealership’s supplied data, ie: VIN number, car sale date, email address and/or phone number. Our personalized websites are referenced as “Vinsyt” throughout this document.

When a customer visits or uses their vinsyt, we may collect the following types of information:

• Personal information you choose to provide to us, for example, when you make requests for information and assistance, such as:
  • Your name;
  • Mailing address;
  • E-mail address; and
  • Telephone number.
• Information about the vehicle you purchased, VIN, price, lender information (if applicable).
• Sensitive information to register for certain products and services.
• Integrations information accessed via third parties
  • Vehicle yr, make and model
  • Photos
  • Service and recall history from the dealership
• Technical information, through our use of cookies, log files, and other technical mechanisms, such as:
  • Browser type;
  • IP address;
  • Mobile device type and identifier;
  • Screen resolution;
  • Operating system;
  • The date and time of a visit or use;
  • The pages visited on the Vinsyt; and
  • The time spent viewing particular pages of the Vinsyt.

To view the Terms of Service for using this Vinsyt, please review our Visitor Agreement at www.vinsyt.com/visitor-agreement/. By visiting the Vinsyt and sharing any information with us, you agree to be bound by this Privacy Policy and the Vinsyt’s Terms of Service.  

Contents of Privacy Policy

1. Scope
2. Data Security
3. Your Choices
4. Information Collection & Use
5. Data Retention
6. Sharing Personal Information
7. Your Rights and Choices
8. Your California Privacy Rights
9. Your Virginia Privacy Rights
10. Changes to our Privacy Policy
11. How to Contact Us

Scope

This Privacy Policy is primarily intended to provide a description of the ways in which we collect and use information to provide ecommerce, mobility, and data processing services. Neither the vinsyt, nor our online activities or services for our clients, are directed toward or intended for children under the age of 18. If you are under eighteen (18), you should not provide any personal information to us. We do not collect Personally Identifiable Information (“PII”) from any person of whom we have actual knowledge is under the age of 18. By using our website (“vinsyt”) for submitting information to us, you consent to our use and sharing of the information collected or submitted as described in this Privacy Policy.

Please be aware that in addition to your vinsyt, we may also collect information from you for various purposes, including, but not limited to, providing advertisements about goods and services likely to be of greater interest to you. Such information collected by such websites and mobile applications and their affiliated or third-party partners may include any PII you choose to provide in registering and transacting with such websites and mobile applications. Although we choose our business partners and clients carefully, Optimum Response is not responsible for the privacy practices of websites and mobile applications operated by such third parties. You should check the applicable privacy policies of such websites and mobile applications you visit to determine how they handle any information collection and use.

In addition to the information we have collected directly about you from our Vinsyt, your personal vinsyt, we may collect information about you through the use of our first-party technology enabled via third-party integrations/websites. When you visit any website, mobile site, app or other digital media property where our technology is enabled (“Client Sites”), we may collect information about your interaction with, and the content on, that Client Site. The information collected via the technology Optimum Response utilizes may use PII that it has collected or that it obtains from related third parties or affiliates to create data segments and intent profiles, based upon User interactions with our Clients as well as other User behavior, such as the websites visited and mobile applications used by a User. We also collect or purchase PII through third parties that can be combined with information we get from you directly or collect through our use of technology. Optimum Response licenses the data collected as described herein to third parties in connection with our business, including to our Customers, our partners and other third parties (collectively our “Business Partners”). This shared information may include PII information. The information we share may also be combined with third-party data to provide an even broader service to our Customers and Business Partners.

We may otherwise disclose information collected from the Vinsyt and through the technology we have if we have a good-faith belief that the disclosure is reasonably necessary to comply with the law, legal process or an enforceable government request; to enforce applicable terms of use for our services; to detect, prevent or otherwise address illegal activity, fraud, or security issues; or to protect the property or safety of our users, Optimum Response, or the public as required or permitted by law.

We may transfer information, including PII, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If Optimum Response is involved in any such transaction, you will be notified via prominent notice on our vinsyt of any change in ownership or uses of your information, as well as any choices you may have regarding your information.

We also provide information to third parties who provide services to Optimum Response in connection with operating and maintaining the vinsyt and the technology. These service providers are prohibited from using the information we provide for purposes other than performing services for Optimum Response. In addition, we may share aggregated information with Business Partners and the general public, such as usage statistics or demographic trends regarding how you and others may interact with the Vinsyt and/or Technology.

Data Security

The security of your information is important to us. Optimum Response has implemented reasonable security measures to protect the information, including without limitation, use of firewalls, encryption, cybersecurity controls, application controls and monitoring. No method of electronic storage or transmission over the Internet is 100% secure. So while Optimum Response strives to use commercially reasonable means to protect your information, we cannot guarantee complete security. If you have any questions about these security practices, please email us at privacy@optimumresponse.com.

Optimum Response does not intend to market to children

Optimum Response Vinsyts and technology are designed for people 18 years of age and older. We do not knowingly collect PII from anyone under the age of 13. If we are made aware that we have received PII from someone under the age of 13, we will use reasonable efforts to remove that information from our records.

Your Choices

You are entitled to make certain choices about how we communicate with you. You may choose not to provide PII, even though that might impact your ability to register or receive a particular product or service.

1. We provide a cookie banner consent notice on our home page to inform visitors about cookies, their purposes, your rights, and to request your consent to activate those cookies.This cookie banner gives you the option to opt in or out of using cookies, adjust cookie settings, and  informs consumers of how they may accept cookies and/or opt-out of the sale of their personal information via a “Do Not Sell My Personal Information” function. ??  HOW DO WE MANAGE COOKIES?? HOW CAN I SEE MY COOKIE SETTINGS FOR VINSYT?
2. We recognize certain Global Privacy Control (“GPC”) browser settings that notify us of your privacy preferences in accordance with applicable state privacy laws.
3. You may choose not to provide PII, even though that might impact your ability to register or receive a particular product or service.  HOW CAN THEY CHOSE NOT TO PROVIDE PII?
4. If you do not want to receive marketing email from us, you can follow the unsubscribe and/or Opt-In or Opt-Out links provided in those emails and/or texts.
5. You have a number of choices regarding certain technologies. Most web browsers automatically accept cookies, but you can usually modify your browser’s setting to decline cookies if you prefer. You may also render some web beacons unusable by rejecting their associated cookies and disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on’s settings or opting out at http://Ghostery.com or the website of the technology provider. If you choose to decline cookies or similar technologies, however, please note that certain features may not function properly or at all as a result. You may be able to adjust the use of advertising identifiers on mobile devices through the settings on your device.
6. If you do not want us to use Location Information, you can decline our initial invitation to provide that information, or opt out by changing the location services settings on your mobile device. However, please note that certain features may not function properly or at all as a result if you opt out.

Your California Privacy Rights

This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement of Optimum Response Inc. and its subsidiaries (collectively, “we,” “us,” or “our”), a Optimum Response Inc. company, and applies solely to consumers who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act (“CCPA), the California Privacy Rights Act (“CPRA”) and other California privacy laws (hereinafter the “California Privacy Laws”).  Any terms defined in the CCPA and CPRA have the same meaning when used in this notice.

‍

Information We Collect

This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement of Optimum Response, Inc. and its subsidiaries (collectively, “we,” “us,” or “our”), a Optimum Response, Inc. company, and applies solely to consumers who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act (“CCPA), the California Privacy Rights Act (“CPRA”) and other California privacy laws (hereinafter the “California Privacy Laws”).  Any terms defined in the CCPA and CPRA have the same meaning when used in this notice.

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

NO??

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

NO

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

YES? NO?

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

I. Professional or employment-related information.

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

NO?

L. Sensitive Personal Information

Personal information that reveals a person’s social security, driver’s license, state identification card, passport number; an account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;  precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; a person’s genetic data; and/or biometric data processed for the purpose of uniquely identifying a person. Some personal information included in this category may overlap with other categories.

NO?

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from our customers or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
• Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
• Directly and indirectly from activity on our Vinsyts. For example, from submissions through our website (vinsyt) or website usage details collected automatically.
• From third-parties that interact with us in connection with the services we perform.

Data Retention

Except as otherwise permitted or required by applicable law or regulation, we retain Personal Information in the categories set forth above only for as long as we have a legitimate business need to provide our services to consumers and dealers in the automotive marketplace.  Because an average consumer usually purchases a vehicle infrequently, we keep some categories of information longer than others so that we can provide our services, such as vehicle/commercial information, Internet or network activity, and inferences.

To determine the appropriate retention period, we consider various criteria, including whether the Personal Information continues to be necessary to provide our services; the amount, nature, and sensitivity of the Personal Information; the potential risk of harm to consumers from unauthorized use or disclosure; and the purposes for which we collect the Personal Information.

We continually review and enhance our retention practices in order to protect consumers while providing our services.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose.  When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:  (I don’t think we have supplied anything but VIN’s to third parties, what else?)

• Category A: Identifiers.
• Category B: California Customer Records personal information categories.
• Category C: Protected classification characteristics under California or federal law.
• Category D: Commercial Information.
• Category F: Internet or other similar network activity.
• Category G: Geolocation Data.
• Category I: Professional or employment-related information.
• Category K: Inferences drawn from other personal information.
• Category L: Sensitive Personal Information.

We disclose your personal information for a business purpose to the following categories of third parties:

• Our affiliates.
• Service providers.
• Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

In the preceding twelve (12) months, we have sold the following categories of personal information:

• In the preceding twelve (12) months, we have not sold any personal information.

Your Rights and Choices

The California Privacy Laws provide California residents with specific rights regarding their personal information. This section describes your California privacy rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

California Civil Code Section 1798.83 entitles California users to request information concerning whether a business has disclosed certain information about you to any third parties for the third parties’ direct marketing purposes. California users who wish to request further information in compliance with this law or have questions or concerns about our privacy practices and policies may contact us as specified in the “How to Contact Us” section below.

Right to Limit Use and Disclosure of Sensitive Personal Information

You have the right, at any time, to direct us to limit your sensitive personal information to that use which is necessary to perform the services reasonably expected by an average consumer who requests those services. We may decline to limit the use and disclosure of sensitive personal information for the following reasons:

• To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
• To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose.
• To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose.
• To ensure the physical safety of natural persons, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose.
• For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, provided that the personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business.
• To perform services on behalf of the business, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose.
• To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the business, provided that the use of the consumer’s personal information is reasonably necessary and proportionate for this purpose.
• For purposes that do not infer characteristics about the consumer.

Correction Request Rights

You have the right to request that we correct inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information. Once we receive and confirm your verifiable consumer request, we shall use commercially reasonable efforts to correct the inaccurate personal information, pursuant to California Civil Code Section 1798.130 and regulations adopted pursuant to paragraph (8) of subdivision (a) of Section 1798.185.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected about you and retained, subject to certain exceptions in the California Privacy Laws. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, unless an exception applies, and we will direct our service providers to similarly delete your personal information from their records.

Right to Opt-Out of Sales or Sharing of Personal Information  

You have the right to opt-out of our sale or sharing of your personal information. To the extent that we sell your personal information, as the term “sell” is defined under the California Privacy Laws, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You may submit a request to opt-out by clicking Do Not Sell My Data.

Exercising Access, Data Portability, Limiting Use of Sensitive Personal Information, Correction and Deletion Rights

To exercise the access, data portability, limiting use of sensitive personal information, correction and deletion rights described above, please submit a “verifiable consumer request” (defined below) to us by either:

• Calling us at 855-846-7981
• Visiting the Consumer Privacy Request Form

Only you or someone you authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

A verifiable consumer request must:

• Provide enough information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
• Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Non-Discrimination

We will not discriminate against you for exercising any of your rights under the California Privacy Laws. Unless permitted by the California Privacy Laws, we will not deny you goods or services, charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, provide you a different level or quality of goods or services, suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services; or retaliate against an employee, job applicant, or independent contractor.

Your Virginia Privacy Rights

This section applies to Virginia residents that use our Services for individual or household purposes. Capitalized terms used in this section shall have the same meaning as under applicable Virginia law.

This section describes our collection, use, and disclosure of information that is linked or reasonably linkable to an identified or identifiable national person, excluding de-identified or publicly available information (“Personal Data”). You can learn more about the Personal Data we process and the purpose for processing such information in the “The Information We Collect” section above. You can also learn more about our disclosure of Personal Data and the categories of third parties we disclose Personal Data to in the “How We May Use the Information We Collect” section above.

Some of the ways that we disclose Personal Data may constitute a Sale. You have the right to opt-out of the Sale of your Personal Data, as described below. We may also process your Personal Data for Targeted Advertising, as described in the “Information Collection and Use” section above. You have the right to opt-out of the processing of your Personal Data for Targeted Advertising, as described below.

If you are a Virginia Consumer, subject to certain conditions and restrictions, you have the following rights with regard to your Personal Data:

1. Right to Access. You have the right to know the Personal Data that we may hold about you and access such Personal Data.
2. Right to Correct. You have the right to request that we correct inaccuracies in your Personal Data.
3. Right to Delete. You have the right to request that we delete all Personal Data that we have collected from or obtained about you.
4. Right to Opt-Out of Sales. You have the right to opt-out of the Sale of Personal Data. You can learn more about your right to opt-out of the Sale of Personal Data in the “Information Collection and Use” section above.
5. Right to Opt-Out of Targeted Advertising. You may request that we stop disclosures of your Personal Data for Targeted Advertising. You can opt out of delivery of targeted advertising to you by multiple companies by https://youradchoices.com/, http://www.networkadvertising.org/managing/opt_out.asp, and http://www.ghostery.com
6. Right to Opt-Out of Profiling. You have the right to opt-out of our processing of Personal Data for the purposes of profiling. Our profiling does not result in decisions that produce legal or similarly significant effects however we still provide you the right to opt-out.
7. Right to Appeal. If you are unsatisfied with our actions related to the exercise of one of your privacy rights above, you may appeal our decision.
8. Sensitive Data. Our processing of your Sensitive Data will be based on your consent. For example, in the course of using our Services, you may allow us to use your precise geolocation. You may be able to limit or disallow this use of location data by adjusting the settings for our applications on your device’s privacy settings.

You may submit requests related to these rights by visiting this link: Virginia Consumer Privacy Request Form. Please note that, depending on the nature of your request, you may be asked to provide information to verify your identity before your request can be processed. We will confirm receipt of your request and respond to your request as soon as we reasonably can and no later than legally required. You may exercise your privacy rights under the VCDPA free of charge up to no more than twice annually. If you make a privacy rights request, we will retain the Personal Data provided to us to fulfill your privacy rights request for our record keeping purposes.

Changes to our Privacy Policy

We may modify this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will post the modified Privacy Policy to your vinsyt with an updated “Last Updated” date at the top of the Privacy Policy, and other places we deem appropriate. We reserve the right to modify this Privacy Policy at any time.

How to Contact Us

If you have any questions or comments about this Privacy Policy, or if you would like us to update information we have about you or your preferences, please contact us by the following:

Website: https://www.vinsyt.com/contact
Email: privacy@vinsyt.com
Postal Address: Optimum Response, Inc.
Attn: Paul Burkemper, Chief executive Officer
Address
City, State, ZIP

‍

The information provided on the Site is not intended for distribution to or use by any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation or which would subject us to any registration requirement within such jurisdiction or country. Accordingly, those persons who choose to access the Site from other locations do so on their own initiative and are solely responsible for compliance with local laws, if and to the extent local laws are applicable. The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.), so if your interactions would be subjected to such laws, you may not use this Site. You may not use the Site in a way that would violate the Gramm-Leach-Bliley Act (GLBA). The Site is intended for users who are at least 18 years old. Persons under the age of 18 are not permitted to use or register for the Site.