Last Updated on December 30, 2019
How We Collect Information
Directly from You
- We collect PII from you directly, via our websites including those associated with our SaaS services, like dev.reinventingretention.com and xtime-info.com (the “Sites”), telephone inquiries, and in connection with your interest in our online services (collectively the “General Services”). For example, we collect PII from you when you apply for a job, download a white paper, complete questionnaires, contact us with questions or comments, request information in response to a newsletter or provide us with feedback. The type of PII that we collect depends upon your interactions with us, and may include, but is not limited to, contact information, such as your name, address, email address, telephone number, and other PII that you submit to us.
- We have relationships with third parties, including automotive manufacturers, dealerships, dealer service departments and original equipment manufacturers of passenger cars, vans, cargo trucks and parts and services related to such vehicles (“Business Customers”) and we offer a variety of services to such Business Customers, including SaaS and service retention applications (“Business Services”). We collect PII from the personnel of our Business Customers through their use of the Business Services. For example, we maintain databases comprising PII, such as name, email address, company name, employment title and telephone number about our points of contact at each of our Business Customers.
- As described below, our Business Customers provide PII to us about their current and potential customers and sales leads via their use of the Business Services. However, if you are an individual customer of one of our Business Customers you may also submit PII to us directly. For example, via an online customer service portal that we offer as part of our Business Services to our Business Customers.
From our Business Customers
- Our Business Customers submit information, including PII, to us about their current and potential customers and sales leads via their use of the Business Service. Xtime accesses and uses this information only for the purpose of providing the Business Services, preventing or addressing service or technical problems, at a Business Customer’s request in connection with customer support matters, or as may be required by law. For example, a Business Customer may store contact details such as name and telephone number together with information about an individual’s vehicle repair and maintenance history via our Services. In this context, Xtime acts as a data processor (rather than a data controller), and therefore does not ultimately determine precisely what information, including PII, is processed or how it is utilized. Any access to, or use of, such information by Xtime is incidental to completing Xtime’s contractual obligations as data processor to its Business Customers. Similarly, in connection with Xtime’s professional services operations as part of the Services, Xtime processes information, including PII and acts as a data processor on behalf of its Business Customers.
- Xtime also collects, transfers and uses information, including PII, of current and prospective Business Customers and current and prospective business partners for sales, billing, marketing and business partner recruitment purposes. In this context, Xtime acts as a data controller.
From Third Parties
We may also obtain PII about you from our third party affiliates, or partner companies, and from marketing or advertising companies that provide us with information as a part of their relationship with us. We may combine this with information that we already have collected about you in order to offer Business Services that may be of interest to you.
Automatically Through Our Sites
We use various tracking technologies to collect and store information from or about you as a user of our Sites and Services as described below in the Section entitled “Cookies and Other Tracking Devices.”
How We Use Your Information
We use information, including PII, that we collect from, or obtain about, you to provide and improve our Sites and Services, such as developing new features and services, providing information and support, better understanding your needs and interests, personalizing communications and advertising and promoting a quality experience for you. We will also aggregate and analyze the information, including PII, that we collect from, or obtain about, you for these purposes and to analyze industry trends, and we will share such aggregated, non-personally identifiable information about you with third parties, including our Business Customers, for marketing, advertising, research, analytics or similar purposes.
We may link your information with information that we collect from multiple sources to provide better Services to you and to improve our Services. Once in our possession, PII from other sources will be governed by this Policy. We will always ask you for your permission prior to using your PII for purposes unrelated to the purpose for which we first collected or obtained your PII.
How We Share and Disclose Your Information
- Within Xtime, we will share your PII with Xtime employees, agents and contractors who have a legitimate business reason to obtain access to your PII. For example, we may share your PII with contractors and agents who provide product development services to us.
- We may share your PII with our business partners and our customers for our marketing and administrative purposes. However, we will not sell your PII to unaffiliated third parties for their own marketing purposes (i.e., for purposes unrelated to the business of Xtime).
- We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims, legal process (including subpoenas), to protect our property and our rights or those of a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.
- Information that we collect from, or obtain about, you, including PII, is considered to be a business asset. If we are acquired by, or merged with, another entity, and if all or part of our assets are acquired, or in response to a bankruptcy proceeding, then we may transfer your information to the other entity.
Cookies and Other Tracking Devices Used by Xtime
Most Web browsers automatically accept cookies, but if you prefer, you may edit your browser options to block them in the future. The help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Please note, however, that if you don’t accept cookies, you may not be able to access all portions or features of our Services.
We may use “Web beacons” (electronic images that are also known as pixel tags or clear gifs) to recognize a cookie on your computer when you view or act upon a Web page, an advertisement that we’ve placed on a third-party Web page, or an email or other electronic communication that we’ve sent.
Local Storage Objects (“LSOs”)
We also use LSOs, sometimes referred to as “Flash” cookies. Flash LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete or disable the acceptance of Flash LSOs through your Web browser. For more information about Flash LSOs, or to learn how to manage your settings for Flash LSOs, please visit your Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently on your computer, from within your Adobe Flash Player Help Page, choose “Website Storage Settings Panel” and follow the instructions to review and, if you choose, to delete any specific Flash LSO.
Other Tracking Technologies
We may collect one or more unique identifiers for any particular device that you use to access the Internet (each, a “Device Identifier”). When analyzed, usage information helps us determine how our Sites and Services are used, such as what features you may find most relevant. If we associate your Device Identifier with other PII that we have collected or obtained about you, we will treat the combined information as PII.
Information Related to Use of the Services
Our servers automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”). Log Data may include information such as a user’s Internet Protocol (IP) address, browser type, operating system, Web page that a user was visiting before accessing our Sites and Services, pages or features of our Sites and Services to which a user browsed, time spent on those pages or features, search terms, links on our Sites and Services that a user clicked on and other statistics. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our users’ needs and preferences. We may use a person’s IP address to fight spam, malware and identity theft. We also use the IP address to generate aggregate, non-identifying information about how our General Services are used.
Cookies and Other Tracking Devices Used by Third Parties
Xtime uses a variety of third-party services to help us understand the use of our Sites and Services (e.g., Google Analytics). Third-party service providers may collect information sent by your browser, such as cookies or your IP address. For example, the information generated by a cookie and other platform-specific technology about your use of our Services (including your IP address) may be transmitted to and stored by Google. In such event, Google will use this information for the purpose of evaluating your use of our Sites and Services, compiling reports on website activity for website operators, and providing other services relating to your website activity and Internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
You may opt out of many third party ad networks. To learn more about this choice, please visit the Network Advertising Initiative (“NAI”) at www.networkadvertising.org/choices or the Digital Advertising Alliance (“DAA”) at www.aboutads.info/choices. Opting out of one or more NAI member or DAA member networks only means that those members will no longer deliver targeted content or ads to you. It does not, however, mean that you will no longer receive any targeted content or see any ads on our Sites or other websites.
Access and Opt-Out
You may review and update the PII we have about you by accessing and modifying the information in your Xtime account, if you have one, or by submitting a request to Xtime at firstname.lastname@example.org. We’ll take steps to delete your information as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law.
If you choose not to receive Xtime-sent emails or our newsletters, you may: (i) opt out or unsubscribe by emailing email@example.com or (ii) follow the opt-out instructions in the email or newsletter.
Please note that while Xtime offers you some control over marketing communication, certain transactional, relationship and legally required communications will not be affected by the choices you have made about marketing communications.
Your PII may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you’re located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there. We have put in place the necessary measures to comply with applicable EU laws on the adequacy of data transfers to non-EU/EEA countries (such as EU Model Clauses). Your use of any of our services followed by your submission of any PII represents your agreement to that transfer.
Links to Third Party Site(s) and Applications
We take reasonable administrative, physical and electronic measures designed to protect the information that we collect from, or obtain about, you (including your PII) from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. We will make any legally required disclosures of any breach of the security, confidentiality or integrity of your unencrypted electronically stored “personal data” (as defined in the applicable statutes) to you via email or conspicuous posting on the Sites in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Our Sites and Services are not directed to children under 13 and we do not knowingly collect PII from children under 13. If we learn that we have collected PII of a child under 13 we will take steps to delete such information from our files as soon as possible.
Your California Privacy Rights
This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement of Xtime, Inc. and its subsidiaries (collectively, “we,” “us,” or “our”), a Cox Automotive, Inc. company, and applies solely to consumers who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual consumer, household, or device (“personal information”). We have collected the following categories of personal information from consumers within the last twelve (12) months:
The following examples are taken directly from California Consumer Privacy Act, Xtime collects at least one of the example items from each category.
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||NO|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our customers or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
- Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
- Directly and indirectly from activity on our client’s website, as well our stagingrefresh.xtime.com website. For example, from submissions through our website portal or website usage details collected automatically.
- From third-parties that interact with us in connection with the services we offer and/or perform.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category D: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activity.
Category I: Professional or employment-related information.
Category K: Inferences drawn of other personal information
We disclose your personal information for a business purpose to the following categories of third parties:
- Our affiliates.
- Service providers.
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
In the preceding twelve (12) months, we have not sold any personal information.
Your Rights and Choices
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
California Civil Code Section 1798.83 entitles California users to request information concerning whether a business has disclosed certain information about you to any third parties for the third parties’ direct marketing purposes. California users who wish to request further information in compliance with this law or have questions or concerns about our privacy practices and policies may contact us as specified in the “How to Contact Us” section below.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected about you and retained, subject to certain exceptions in the CCPA. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, unless an exception applies, and we will direct our service providers to similarly delete your personal information from their records.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a “verifiable consumer request” (defined below) to us by either:
- Calling us at 888-576-0544
- Visiting Xtime.com/CPA
Only you or someone you authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
A verifiable consumer request must:
- Provide enough information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not deny you goods or services, charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, provide you a different level or quality of goods or services, or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Do Not Track
Online Tracking Policy for California Residents. As of the effective date of this Privacy Statement, there is no commonly accepted response for Do Not Track signals initiated by browsers, therefore we do not respond to them.
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Please contact us by writing to us at: firstname.lastname@example.org or Xtime, Inc., 1400 Bridge Parkway, Suite 200, Redwood City, CA, 94065 USA, c/o General Counsel, if you have any questions regarding this Policy.