Privacy Policy
Introduction
At Banister Automotive ("Dealership," "we," or "us"), we value your privacy and the information you entrust to us. This Privacy Policy explains how we collect, use, and share information we may collect from you when you visit our physical locations or websites ("Site" or "Sites"), or when you access any of our products, services, and content ("Services"). Our Privacy Policy applies to all visitors and customers of our Sites, including those who apply for and receive financing for personal, family, or household purposes.
If you become an inactive customer, or if we close or suspend your account, we will continue to abide by the Privacy Policy that was in place when we collected your personal information as long as we keep it in our databases. We may delete some or all of your information at any time, without notice, for any reason or no reason, unless we're required by law to keep it. You may have additional privacy protections under state laws, and we will comply with any relevant state laws when we disclose information about you.
Virginia Privacy Policy
The purpose of this Virginia Privacy Policy is to provide consumers with a comprehensive understanding of our dealership's online and offline practices related to the collection, use, disclosure, and sale of personal information, and of the rights of consumers regarding their personal data under the VCDPA. The tables below outline how we collect, use, and disclose Virginia consumers' personal information. Please note that the categories of personal data collected and shared may depend on how a consumer has interacted with our dealership, and not all of the items listed in the tables below will be relevant to every consumer. For example, we typically only collect veteran status when a consumer qualifies for a military rebate.
Your Rights Under the VCDPA
1. Right to Opt-Out of Targeted Advertising and the Sale of Information
The VCDPA provides consumers with the right to opt-out of processing of the personal data for purposes of targeted advertising and the sale of their personal data. The VCDPA defines a "sale," “sell,” or “sold” as the exchange of personal data for monetary consideration by a controller to a third party. While we do not sell personal data for monetary value, we may disclose personal data to third parties, such as vehicle manufacturers, in such a way that may be considered a “sale” of personal data under the VCDPA. To direct us to stop the sale of your personal data or processing it for targeted advertising, click here to submit a request using our interactive web form.
We do not sell personal data of minors who we know are under 16 years of age.
2. Right to Access and Know About Personal Data Collected, Used or Disclosed
You have a right to request that we disclose the categories of personal data we have collected and processed. You also have the right to request that we disclose the specific pieces of personal data information that we have collected about you. These are referred to collectively as “Right to Know” requests under the VCDPA.
3. Right to Correct Personal Data
You have the right to correct any inaccuracies you find in your personal data.
4. Right to Request Deletion of Personal Data
You have the right to delete the personal data we've collected about you. The “Right to Delete” is subject to several legal exceptions, such as when we are required by another state or federal law to retain your information.
5. Right to Data Portability
You also have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format, which we call a “specific pieces” request. You may exercise this right no more than two times per calendar year per the VCDPA. You have a right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the VCDPA, including denying goods or services, charging different prices or rates of goods or services, or providing a different level of quality of goods and services to the consumer.
Verification of Right to Know and Deletion Requests
To protect against fraud, identity theft, and the unauthorized disclosure or deletion of personal information, we require that consumers submitting requests under the CCPA first verify their identity. This may include a combination of SMS (text message) verification, email verification, and one or more questions regarding the consumer's particular interaction or transaction with our dealership. If the consumer fails to verify their request via these methods, or the information provided by the consumer otherwise does not match our existing records, we will deny the request.
Arbitration Agreements
This Privacy Policy has been made in, and shall be construed in accordance with the laws of Virginia without giving effect to any conflict of law principles. Any disputes or claims not subject to the arbitration provision discussed above shall be resolved by a court located in that state and you agree and submit to the exercise of personal jurisdiction of such courts for the purpose of litigating any such claim or action. In the event of a conflict between this arbitration agreement and any other arbitration agreement between you and the Dealership such as an arbitration agreement contained in a retail installment sale contract, lease agreement, or repair estimate (hereinafter “Other Arbitration Agreement”), the terms of the Other Arbitration Agreement shall govern and prevail in each instance.
Cyber Security
We implement reasonable security measures to ensure the security of your personal information. However, no data transmissions over the Internet can be guaranteed to be 100% secure by nature. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to us is done at your own risk. We may attempt to notify you electronically of any security system breach so that you can take appropriate steps. By using the Services or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Services. We may post a notice via our website if a security breach occurs or send an email to you at the email address you provided. You may have a legal right to receive notice of a security breach in writing depending on where you live. While we use encryption to protect online information, we also make all reasonable efforts to secure and protect your information offline. All of our customers' information is restricted in our offices and only employees who need the information to perform a specific job function are granted access to this information. The services that store your personal information are housed in a secure environment.
Third-party Links
This Privacy Policy applies only to our Sites and Services, and information collected for us or by us through various features and online offerings on our Sites. Our Sites contain links to other third-party sites, and our Privacy Policy does not apply to any third-party site or service linked to our Sites or recommended or referred by our Sites or by our staff. We are not responsible for the website, privacy practices or content of any third-party. If you have any questions about how these other sites use your information, you should review their policies and contact them directly.
Authorized Agents
A consumer may designate an authorized agent to make a request under the VCDPA on the consumer's behalf. If a consumer wishes to authorize another person to act as an authorized agent on the consumer's behalf, the consumer must provide the authorized agent permission to do so. An authorized agent can submit a VCDPA request on behalf of a Virginia resident contacting the dealership and submitting a formal request. To help prevent fraudulent requests, we reserve the right to deny a request from an agent that does not submit proof that he or she has been authorized by the consumer to act on the consumer's behalf. As proof that the agent has been duly authorized by the consumer to submit a VCDPA request, the agent will be required to upload either (1) power of attorney signed by consumer, or (2) other signed permission from the consumer. Pursuant to title 64.2, section 64.2-1604 of the Virginia Code , if an agent provides power of attorney signed by the consumer (“principal”) that purports to give the agent authorization to submit the request on the principal's behalf, we may require that the agent provide information reasonably necessary or appropriate to identify the agent and principal and to facilitate the request. This includes, but is not limited to, identification of the agent and principal and the current and permanent residence addresses of the principal. If the agent provides some other signed permission from the consumer, we may require that the consumer (1) verify their identity directly with us through a combination of SMS (text message) verification, email verification, and one or more questions regarding the consumer's particular interaction or transaction with our dealership and (2) confirm that he or she provided the authorized agent permission to submit the request.
Consent and Notification of Revisions
By accessing or using our Sites and/or Services, you consent to this Privacy Policy. If you do not agree with this Privacy Policy or our Terms of Service, please do not access or use the Site(s) or Services. We may periodically modify or update our Privacy Policy with our without notice to you by posting the most updated version on this page. Please see the “Revision Date” at the top of this document to see when the Privacy Policy was last changed. We will update the “Revision Date” in the privacy policy to notify you of any substantive changes to the way we collect and use information. We encourage you to periodically review this Privacy Policy to obtain the most up-to-date information on how we are handling your personal information. If you do not agree to changes to this Privacy Policy, you must stop using the Sites after the last revision date of such changes.
Notice of Collection
The purpose of this Notice of Collection is to inform consumers about the categories of personal data that our dealerships process about them and the purposes for which the personal data will be processed. "Personal data," as defined by the Virginia Consumer Data Protection Act (VCDPA), means any information that is linked or reasonably linkable to an identified or identifiable natural person. We may sell personal data to third parties or process personal data for targeted advertising. We collect the following categories of personal data, as defined in the VCDPA, that relate to Virginia residents.
Categories of Personal Information Collected
1. Audio / Video / Visual / Electronic such as photographs, recorded calls, voicemails, and online & electronic communications, such as those made via a live or automated online chat module.
2. Commercial such as vehicles, products, services, and repairs purchased, obtained or considered; personal property records (e.g., vehicle titles and registration cards); or other purchasing or consuming histories or tendencies.
3. Customer Records such as digital and electronic signatures, telephone numbers, insurance policy numbers, credit and debit card numbers, financial and credit-related information, physical characteristics and descriptions (e.g., government identification), bank account numbers, and medical and health insurance information (in the context of employment).
4. Education such as diplomas and transcripts for student rebate eligibility.
5. Geolocation such as tracking and user-enabled location identification.
6. Identifiers such as real name, postal address, IP address, email address, SSN, driver's license number, passport number, cookies, pixel tags, and similar identifiers.
7. Inferences to create a profile about you reflecting your product or vehicle preferences, purchasing tendencies and behaviors.
8. Internet Activity such as interactions with our websites, applications, and advertisements.
9. Professional/Employment such as job title, occupation, company or business name, and employment history information.
10. Protected Classes under state or federal law, such as gender, age, and veteran status.
Business or Commercial Purposes for which the Personal Information was Collected or Sold
1. Advertising & Marketing to send advertisements and marketing material via physical and electronic mail relating to product specials and other promotional events or offers, perform marketing research and data analytics, and perform similar activities.
2. Contextual and Behavioral Targeting to provide contextual customization of ads shown as part of an interaction with our website or application, such as through the use of “first-party” or “session” cookies.
3. Counting Ad Impressions & Website Interactionsto audit interactions with our websites, applications, or advertisements, count ad impressions to unique visitors, verify position and quality of ad impressions, and perform similar activities.
4. Customer Service to provide customer service, maintain and service products and accounts, provide training for quality assurance purposes, and perform similar activities.
5. Defending Against Claims & Litigation to defend against or respond to potential or actual claims and litigation, including, but not limited to, those against the manufacturer of a particular vehicle we've sold.
6. Fraud Prevention to help ensure security and integrity, such as necessary to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to prosecute those responsible for that activity.
7. Processing Transactions to process or fulfill orders and transactions, verify customer information, process payments, confirm eligibility for manufacturer rebates, and perform similar activities.
8. Providing Financing to provide financing in connection with a vehicle purchase, lease or related products or services.
Categories of Sources from which the Personal Information is Collected
1. Advertising Networks & Agencies such as digital advertising companies and other marketing firms.
2. Captive Finance Companies and wholly-owned subsidiaries of automakers that offer loans, lease programs, and other financial services to our customers.
3. Credit Reporting Agencies such as Experian, Transunion and Equifax that gather account information from various creditors and provide that information to dealers in connection with an application for credit.
4. Data Brokers & Analytics Providers such as equity mining, data mining, call tracking, and sales prospecting tools.
5. Directly from Consumers through our website forms and via in-person applications, forms and contracts.
6. Government Entities such as the Department of Motor Vehicles (DMV) and various other state and federal agencies.
7. Insurance Companies that provide us with information relating to vehicle collisions, auto accidents, and other claims.
8. Online Lead Providers and third party websites that collect and share data relating to consumers whose product preferences or inquiries align with the offerings of our dealership.
9. Social Media Networks such as Facebook, Instagram, and other platforms used to run various advertising campaigns.
10. Tow Companies that transport customer vehicles to the dealer's service department.
11. Vehicle Manufacturers for which we are franchised to sell new motor vehicles.
Categories of Third Parties to Whom the Information was Disclosed or Sold
1. Audio / Video / Visual / Electronic: Software Vendors, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, Attorneys & Law Firms, Professional Service Companies, Debt Collection Agencies & Repossession Companies, Records Management Companies, F&I Product Providers & Administrators, Check Guarantee Companies, Advertising Networks & Marketing Agencies, Data Brokers & Analytics Providers.
2. Commercial: Software Vendors, Vehicle Manufacturers, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, F&I Product Providers & Administrators, Data Brokers & Analytics Providers, Insurance Brokers (non-health related), Attorneys & Law Firms, Professional Service Companies, Records Management Companies, Debt Collection Agencies & Repossession Companies, Check Guarantee Companies, Auditors & Consultants, Financial Institutions, Advertising Networks & Marketing Agencies, Website and Hosting Providers, Chat Modules, Reputation Management Companies, Auctions & Wholesalers, Government Entities.
3. Customer Records: Software Vendors, Vehicle Manufacturers, Advertising Networks & Marketing Agencies, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, F&I Product Providers & Administrators, Data Brokers & Analytics Providers, Insurance Brokers (non-health related), Attorneys & Law Firms, Professional Service Companies, Records Management Companies, Debt Collection Agencies & Repossession Companies, Check Guarantee Companies, Rideshare Companies, Auditors & Consultants, Financial Institutions, Website and Hosting Providers, Chat Modules, Reputation Management Companies, Auctions & Wholesalers, Credit Reporting Agencies (CRAs), Government Entities, Claims & Benefits Administrators.
4. Education: Software Vendors, Vehicle Manufacturers, Attorneys & Law Firms, Professional Service Companies, Records Management Companies, Debt Collection Agencies & Repossession Companies, F&I Product Providers & Administrators, Financial Institutions, Website and Hosting Providers, Advertising Networks & Marketing Agencies, Digital Retailers & eCommerce Platforms
5. Geolocation: Software Vendors, Vehicle Manufacturers, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, Data Brokers & Analytics Providers, Records Management Companies, F&I Product Providers & Administrators, Financial Institutions, Website and Hosting Providers, Advertising Networks & Marketing Agencies, Chat Modules.
6. Identifiers: Software Vendors, Vehicle Manufacturers, Advertising Networks & Marketing Agencies, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, F&I Product Providers & Administrators, Data Brokers & Analytics Providers, Insurance Brokers (non-health related), Attorneys & Law Firms, Professional Service Companies, Records Management Companies, Debt Collection Agencies & Repossession Companies, Check Guarantee Companies, Rideshare Companies, Auditors & Consultants, Financial Institutions, Website and Hosting Providers, Chat Modules, Reputation Management Companies, Auctions & Wholesalers, Credit Reporting Agencies (CRAs), Government Entities, Claims & Benefits Administrators.
7. Inferences: Software Vendors, Vehicle Manufacturers, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, Data Brokers & Analytics Providers, Records Management Companies, F&I Product Providers & Administrators, Advertising Networks & Marketing Agencies, Website and Hosting Providers, Chat Modules.
8. Internet Activity: Software Vendors, Vehicle Manufacturers, Advertising Networks & Marketing Agencies, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, Data Brokers & Analytics Providers, Records Management Companies, F&I Product Providers & Administrators, Website and Hosting Providers, Chat Modules, Reputation Management Companies.
9. Professional/Employment: Software Vendors, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, Insurance Brokers (non-health related), Attorneys & Law Firms, Professional Service Companies, Records Management Companies, Debt Collection Agencies & Repossession Companies, F&I Product Providers & Administrators, Financial Institutions, Advertising Networks & Marketing Agencies, Data Brokers & Analytics Providers, Website and Hosting Providers, Chat Modules, Credit Reporting Agencies (CRAs), Government Entities, Claims & Benefits Administrators, Auditors & Consultants.
10. Protected Classes: Software Vendors, Vehicle Manufacturers, Digital Retailers & eCommerce Platforms, Repair & Sublet Facilities, Insurance Brokers (non-health related), Attorneys & Law Firms, Professional Service Companies, Records Management Companies, Debt Collection Agencies & Repossession Companies, F&I Product Providers & Administrators, Check Guarantee Companies, Financial Institutions, Advertising Networks & Marketing Agencies, Data Brokers & Analytics Providers, Website and Hosting Providers, Chat Modules, Credit Reporting Agencies (CRAs), Government Entities, Claims & Benefits Administrators.
Disclosure of any data collection
We may share or transfer your information in the course of any direct or indirect reorganization process such as, but not limited to, mergers, acquisitions, divestitures, bankruptcies, and sales of all or a part of our assets. Your information may be shared as a result of such transaction and/or during the assessment process pending transfer. In the event your information is transferred due to one of these events, know that your information would remain subject to this Privacy Policy or a privacy policy that protects your privacy to an equal degree as this Privacy Policy. To opt out of data collection or transfer call us (757) 500-0647.
Submit a VCDPA Request / Contact Us
For questions or concerns about our Virginia Privacy Policy, please contact us by email at cesar@banisterauto,com or by phone at (757) 500-0647. To exercise any of your rights under the VCDPA and submit any one of the noted requests, call us (757) 500-0647.