Last update: March 18, 2022.
This Policy explains why and how DIT Processes Personal Information in connection with all finance, leasing, insurance, guarantee or warranty applications of an asset or service offered through the suite of Lucy Products, this includes the Lucy F&I Platform and the Lucy Lender Portal (collectively the “Platform”) by a dealer or merchant with whom we do business (the “Dealer(s)”) (collectively, the “Service(s)”). This Policy also describes why and how we Process your Personal Information on behalf of a Dealer, for example, when we Process your Personal Information in order to provide financial pre-qualification to such Dealers.
In this Policy, “Personal Information” means any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person. In general, Personal Information does not include business contact information, such as your name, title, business address or telephone number.
We collect your Personal Information on our Platform and on our Site. Depending on the applicable situation, we will either Process your Personal Information for and on behalf of the Dealer or for our own purposes. Personal Information we collect consists of Personal Information provided to the Dealer when you applied for financing or leasing of an asset, or when the Dealer uses the Services provided by DIT to the Dealer, or when you visit our Site. Such Personal Information includes:
When you visit and/or browse our Site, or when you communicate with us, we collect the Personal Information that we need directly from you.
We also collect Personal Information that is provided or generated by your Dealer when it provides you with the Services, including when the Dealer uses the Platform, and when you have provided consent to such a collection by DIT to your Dealer.
In certain circumstances, we may also collect your mobile and/or computer devices (e.g., mobile advertising identifiers, location information and IP address). For more information, please refer to the Section “How does DIT provide online advertising?”.
For specific and limited purposes
DIT generally collects your Personal Information to:
(Collectively, the “Purposes”).
To send you the Messages
If you have consented to receive such information, DIT may send you newsletters, electronic messages, news on, among others, new features or new products, updates, contests, special offers and/or other written communications (the “Messages”) about DIT’s services and/or products and/or products or services of third parties, including the Dealers. Messages may be sent by DIT for its own Purposes or on behalf of the Dealers. In the latter case, we invite you to contact the Dealers to address your rights or to learn more about how your Personal Information is Processed by them. DIT may also use Direct Push and your geographical information on our mobile application to send you alerts about local promotions.
You may opt out of receiving the Messages as set forth in the Section “How to contact us?” or by following the instructions contained in the Messages. You may also disable the Direct Push notice through your device settings. A delay of ten (10) days may be required to treat your request. However, DIT may continue to send you Messages to inform you about available upgrades or critical technical service issues relating to the Service, or to provide you with important information on your account (if any).
For Secondary Purposes
DIT may also aggregate and anonymize Personal Information that you have provided to create statistical data which DIT may use to improve the Service, examine trends and interests, train machine learning algorithms, or share with its third-party partners including the Dealers, advertising partners and research centers. Such statistical data does not include any Personal Information.
DIT does not rent nor sell any of your Personal Information to third parties and will not share it with third parties without your consent unless it is necessary to do so by law or for the Purposes as set forth below.
With Our Employees
In the course of their work, our employees may need to access your Personal Information, for example, when you contact us or request support. Their access is limited to what is necessary to perform their duties.
With Strategic Partners
DIT may share your Personal Information with its partners such as the Dealers, lenders and credit bureaus to the extent that such disclosure is required for the Purposes.
With Third Party Agents and Service Providers
DIT may use third parties to facilitate its business and to assist us in making available all of the features of our Platform and Site, or for providing customer support services, such as customer relationship management platform providers, payment processors, hosting service providers. In connection with these business operations, DIT’s service providers may have access to your Personal Information for use for a limited time in connection with these business activities. Where DIT utilizes third parties for the Processing of any Personal Information, DIT implements reasonable contractual and technical protections in order for such third parties to keep all Personal Information they Process strictly confidential. Please note that these third parties may be located elsewhere than your location in which case, appropriate measures are taken by DIT as set forth below in the Section “Where is your Personal Information stored and transferred?”.
When Required by Applicable Laws
DIT may also share your Personal Information if required to do so by law or in the good faith belief that such action is necessary to: (i) conform with the law; (ii) comply with the order of a competent judicial authority in any jurisdiction; (iii) comply with legal process served on DIT; (iv) protect and defend the rights or property of DIT; (v) enforce or verify your compliance with any part of the agreements that you have entered into with DIT, if any; (vi) prevent fraud or other illegal activity perpetrated through the Service; or (vii) act in urgent circumstances to protect the personal safety of users of the Platform, the Site or the public at large.
During Business Transfers
We may share your Personal Information without your permission when our operations require it (in the event of a merger, acquisition, bankruptcy, or sale of assets, for example). As part of this kind of event, we may also share some or all of your Personal Information to the relevant third party (or its advisors) as part of a due diligence process.
For Other Purposes With Your Consent
Where you have expressly consented, your Personal Information may be shared with other third parties. For example, there may be specific instances where additional terms apply and, through these, we make clear that specific third parties Process your Personal Information.
DIT will retain your Personal Information only for as long as necessary to fulfill the Purposes for which it was collected, or as instructed by Dealer, or to comply with applicable legal, tax or regulatory requirements. After such time, any Personal Information held by DIT will be destroyed, deleted, or made anonymous. If you would like more information on this topic, we invite you to contact us as set forth in the Section “How to contact us?”.
With necessary and appropriate security measures
DIT has security measures in place to protect your Personal Information. The standard security measures we use will depend on the type of information collected. However, DIT uses physical, electronic, and procedural safeguards that comply with applicable regulations to protect your Personal Information. We encourage you to be cautious when using the Internet. This includes not sharing your passwords. If you think an unauthorized account has been created using your name, please contact us as set forth in the Section “How to contact us?”.
Our Platform and our Site are designed for individuals aged 13 years or older. DIT does not knowingly Process any Personal Information from children under the age of 13. If you believe that Personal Information has been collected from children under the age of 13, or if you are a parent or legal guardian and think that your child under 13 has provided us with Personal Information, you may contact us as set forth in the Section “How to contact us?”.
A cookie is a small text file that is stored in a dedicated location on your computer, mobile device, tablet or other device when you use your browser to visit an online service. Other tracking technologies, such as web beacons and tracking pixels may be used for similar purposes. In this Policy, all of these tracking technologies are collectively referred to as “Cookie(s)”. Any Personal Information collected with Cookies by DIT or on its behalf are treated with the same level of confidentiality as any other Personal Information held by DIT.
Strictly Necessary Cookies
These Cookies are necessary for the Service to function and cannot be switched off in our systems. Strictly necessary Cookies must be present for the Platform and the Site to provide basic functions that could include signing in. They allow for a user to navigate back and forth between pages without losing their previous actions from the same session.
If you have consented to their use, DIT and/or its third-party partners may also use nonessential Cookies in connection with the Platform, the Site and the Messages, including the following:
How to Manage Cookies
Except for strictly necessary Cookies, we will only place Cookies on your devices if you consent to it, and such Cookies will be kept for a maximum period of thirteen (13) months from when they are placed on your devices. At the end of this period, your consent will be required again.
Cookies can be managed and/or disabled through your browser’s Cookie settings and mobile device’s advertising settings. Social media Cookies (“plugins”) can also be managed by consulting the following networks’ policies (to the extent applicable):
Depending on the preferences that you have expressed in your mobile devices, DIT and its advertising partners may also use your mobile advertising identifier to target and measure the effectiveness of their advertising campaigns. In iOS, this identifier is called “IDFA” (ID for Advertising); in Android (Google Play), this identifier is called “AAID” (Android Advertising ID). You can access and reset your mobile advertising identifier or limit its use through the settings on your mobile devices’ operating system.
In no event will we permit advertising directed at children where we have actual knowledge that the user is under the age of 13. To learn more about our advertising practices, please contact us as set forth in the Section “How to contact us?”.
Your Personal Information may be held by DIT in locations other than your province, territory, state, or country of residence, including in Canada (including in the province of Quebec) and in the United States of America. DIT may also subcontract Processing to or share your Personal Information with third parties located elsewhere, including locations other than your province, territory, state, or country of residence. In such case, DIT will ensure that your Personal Information is transferred to countries that have received an adequacy decision from the competent authority, or that your Personal Information is adequately protected by appropriate technical, organizational, contractual, or other lawful means. If you would like to obtain more information on these security measures, please contact DIT as set forth in the “How to contact us?” Section.
Accessing and Correcting Your Personal Information
It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes. By law you have the right to request access to and to correct the Personal Information that DIT holds about you.
If you want to review, verify, correct, or withdraw consent to the use of your Personal Information you may send us an email as detailed in the “How to contact us?” Section to request access or to correct any Personal Information that you have provided to us.
DIT may request specific information from you to help us confirm your identity and your right to access, and to provide you with the Personal Information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Information that we hold about you, or we may have destroyed, erased, or made your Personal Information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Withdrawing Your Consent
Where you have provided your consent to the collection, use, and transfer of your Personal Information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us using the information detailed in the “How to contact us?” Section, or contact the Dealer to whom you have given your consent for the Services. Please note that if you withdraw your consent, we may not be able to provide you, or your Dealer, with our Services.
DIT has established procedures for receiving complaints and inquiries about its Personal Information management policies and practices. DIT will inform individuals who make inquiries or lodge complaints of the existence of the relevant procedures. DIT will investigate all complaints. If a complaint is found to be justified, DIT will take appropriate measures, including, if necessary, amending its policies and practices. If you wish to make a complaint, we invite you to contact us as indicated in the “How to contact us?”” section.
If you have any questions about any aspect of this Policy, wish to send a comment, make a complaint or exercise any of the rights made available to you according to applicable laws, please do so through the “Contact” link on our Site or on our Platform, when such a link is available, or please contact our Data Protection Officer as follows:
Data Protection Officer Email: email@example.com
Your request may be accepted or denied by DIT based on the applicable laws. DIT will take prompt corrective action when it learns of any failure to comply with this Policy. DIT shall not be liable for any indirect, incidental, consequential or punitive damages relating to this Policy.
DIT frequently revises this Policy to keep it up to date with applicable legislation and its operations. If material changes are made to the Policy, then update notices (such as online notices or emails) may be used to alert you of such changes. Otherwise, the posting of the revised Policy on the Site or the Platform shall be considered sufficient notice to you, and by continuing to use the Site, the Platform or the Messages or by submitting Personal Information to us, you are consenting to any changes to our Policy.