WolfLawyers.com and its affiliates (collectively, "Wolf Lawyers," "our," "us," or "we") operate websites, provide products and services through mobile and other applications, and develop software. We refer to these as "site(s)," "service(s)," or "our sites and services."
You can contact our Data Protection Officer by sending an email to firstname.lastname@example.org
Personal information is information that can be used to identify, locate, or contact an individual, and includes other information that may be associated with personal information. When you interact with our sites and services, depending on the site or service, we may collect the following personal information directly from you:
In each of the above instances, you will know what personal information we collect through our sites and services because you voluntarily and directly provide it to us.
We or our third-party service providers may collect and store certain technical information when you use our sites and services. For example, our servers receive and automatically collect information about your computer and browser, including, for instance, your IP address, browser type, domain name from which you accessed the site or service, device size and other software or hardware information. If you access our sites and services from a mobile or other device, we may collect a unique device identifier assigned to that device (UDID), type of device, general GPS location, or other transactional information for that device in order to serve content to it and to improve your experience in using the sites or services.
In addition, we or our third-party service providers may collect information about how you use of our sites, including but not limited to, the date and time you visit the sites, the areas or pages of the sites that you visit, the amount of time you spend viewing the sites, the number of times you return to the sites, visits to sites outside our network, preferred language, and other click-stream data.
2.2 Do Not Track
You can opt-out of being targeted by certain third party advertising companies online by visiting the Network Advertising Initiative, Omniture, Aperture, PrivacyChoice, and/or Digital Advertising Alliance.
We currently do not respond to "Do Not Track" browser signals. Accordingly, your navigation on our sites and services may be tracked as part of our efforts to gather user information described above. If you arrive at our sites and services by way of a link from a third-party site that does respond to “Do Not Track” browser signals, such “Do Not Track” browser signal recognition will end as soon as you reach our sites and services.
We will only collect and process personal information, including sharing it with third parties, where we have a legal basis for such collection and processing. We rely on a number of legal bases, including:
4.1 Personal Information that You Provide to Us
We may use the personal information that you provide in one or more of the following ways:
In addition to the uses described above, we may use personal information that we collect for other purposes that are disclosed to you at the time we collect the information, or with your consent.
4.2 Other Information We Automatically Collect Through Cookies and Other Technologies
We may use information collected from you through cookies and other tracking technologies in one or more of the following ways:
We may share your personal information with third parties in the following circumstances:
We may share personal information about you for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
Non-personal information may be shared with our partners who referred you to our site(s) and who may use the data for their market research and measurement purpose. User information may also be shared with our partners who help us deliver ads to you on websites not controlled by us; for instance, when we put a pixel on a conversion page on our site and a marketing partner uses that pixel to optimize the traffic that they send to us.
We are not a lender or a broker. When you submit a loan request form using our services, we may share your loan request and related information with one or more consumer finance lending institutions and/or other lenders and dealers to evaluate your loan request in accordance with their loan terms and requirements. You authorize those consumer finance lending institutions and other lenders or dealers to access your credit report in order to evaluate your credit history and loan request and to verify the information in your loan request.
We may also share the information you provide through a loan request using our services to a third-party broker, aggregator, or other referral service that will send your information to other lenders and/or dealers in connection with your loan request and in accordance with their privacy policies.
7.1 Lender Specific Information
Your loan request and information submitted using our services may be shared with one or more third party consumer finance lending institutions, other lenders, or dealers, including the consumer finance lending institutions listed below, and you consent to be contacted by these third-party consumer finance lending institutions and other lenders or dealers in connection with your loan request, including by autodialer, text messaging, and/or prerecorded messages:
CarFinance Capital LLC
7525 Irvine Center Drive
Irvine, CA 92618
8585 N. Stemmons Freeway
Suite 1100 – North
Dallas, TX 75247
7.2 Consent to Electronic Signatures, Records and Disclosures
When you submit a request using our services to send your information to a third party lender in connection with obtaining a loan, such lender needs your consent to use and accept electronic signatures, records and disclosures related to your loan transaction and other communications with the lender. Below are your rights when receiving such electronic signatures, records and disclosures. By submitting your loan request, you are acknowledging receipt of this disclosure and consent to conduct transactions with the third party lender using electronic signatures, records and disclosures.
7.3 Fair Lending Practices – Regulation B Disclosures
We encourage you to keep your personal information up-to-date and accurate. The methods for accessing, viewing, correcting, and deleting your personal information will depend on which sites or services you use and their features. You have several choices; for instance:
You can also manage certain aspects of information collection and use, including disabling geo-location, by going to the settings of your mobile device and reviewing the permissions of each application.
If you have questions about your options, please fill out our Privacy Contact Form. Protecting your privacy and security is important and we also take reasonable steps to verify your identity before granting access to your data.
Our sites and services may allow us or other users to communicate with you or other users through our in-product instant messaging services, service-branded emails, SMS, and other electronic communication channels.
10.1 Text Messaging
We may make available text messaging services in which you can receive messages from us and send messages to us on your mobile phone, which will be governed by our Text Messaging Services Policy.
10.2 Opting Out of Requested Communications
Requested communications include, for instance, email newsletters and software updates that may be expressly requested by you or which you consented to receive. After you request such communications, you may "opt-out" of receiving them by using one of the following methods:
10.3 Opting Out of Transactional or Relationship Communications
Communications that are sent by or on behalf of a user are indicated as being from that user. Communications that are sent by us are indicated as being from us or one of our account or support specialists. Either type of communication may be "real time" communications or communications triggered automatically upon the occurrence of certain events or dates, such as appointment reminders. Email communications received from users and our administrative announcements are often transactional or relationship messages, such as appointment requests, reminders, and cancellations. You may not be able to opt-out of receiving certain email messages, although our services may provide a means to modify the frequency of receiving them.
10.4 Opting Out of General or Promotional Communications
General communications provide information about products, services, and/or support and may include special offers, new product information, or invitations to participate in market research. You may opt-out of receiving these general communications by using one of the following methods:
To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical, and administrative safeguards, including: Transport Layer Security (TLS), firewalls, system alerts, and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage, and processing practices. We use reasonable and appropriate administrative, physical, technical, and data security procedures and controls to safeguard your personal and protected health information against unauthorized access, disclosure, loss, misuse, and alteration. Under applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of Protected Health Information (“PHI”), as such term is defined by the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act (collectively referred to herein as HIPAA), residing on and processed by our sites and services.
We use third-party service providers to manage credit card and payment processing. These service providers are not permitted to store, retain, or use billing Information except for the sole purpose of credit card and payment processing on our behalf. When you enter payment information to be processed by our third party service providers, we encrypt the transmission of that information using transport layer security (TLS) technology and do not store it on our systems.
It is important to remember, however, that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our services. We cannot assume responsibility or liability for unauthorized access to our servers and systems. When disclosing any personal or protected health information, you should remain mindful of the fact that it is potentially accessible to the public and, consequently, can be collected and used by others without your consent. Accordingly, you should carefully consider if you want to submit sensitive information that you would not want disclosed to the public and should recognize that your use of the Internet and our sites and services is solely at your risk. You are ultimately responsible for maintaining the secrecy for all your personal information, including your protected health information. Except as provided in a Business Associate Agreement between us and a healthcare provider, we have no responsibility or liability to anyone for the security of your personal or protected health information transmitted via the Internet.
We may also provide social media features on our sites and services that enable you to share personal information with your social network(s) and to interact with our sites and services. Depending on the features, your use of these features may result in the collection or sharing of personal information about you. We encourage you to review the privacy policies and settings on the social media site(s) with which you interact.
Our sites and services may collect, disclose, use, and store PHI that you submit to your healthcare provider or that your healthcare provider submits to us. Our collection, disclosure, use, and storage of PHI, is governed by HIPAA.
13.1 Use and Disclosure of Your Protected Health Information
When you use certain services (for example, appointment request) the PHI that you submit is used and disclosed by us as a Business Associate, as defined by HIPAA, according to the terms of the Business Associate Agreement between us and your healthcare provider. Accordingly, we may only use and disclose your PHI on behalf of, or to provide services to, your healthcare provider according to the terms of the Business Associate Agreement. There are exceptions to this use and disclosure restriction. Under such exceptions, we may use and disclose your PHI (i) for our internal management and administration; (ii) to carry out our legal obligations; and (iii) to perform data aggregation services for your healthcare provider and other healthcare providers; provided that, any disclosures for our internal management and administration or to carry out our legal obligations are either required by law or made after we obtain reasonable assurances from the party to whom the PHI is disclosed that such PHI will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to such party.
We may subcontract some of our services. In doing so, we require our subcontractors to comply with the same terms and conditions for PHI that apply to us as a Business Associate.
13.2 How to Access, Change, or Remove Your PHI
Subject to certain exceptions, HIPAA establishes rights with respect to your PHI. These rights generally include the right to restrict the uses and disclosures of your PHI, the right to access and receive a copy of your PHI, the right to amend your PHI, and the right to receive an accounting of the disclosures of your PHI. If you wish to exercise any of these rights, please contact your healthcare provider.
Please note that you are not entitled to review the content of another user's account. Accordingly, if you have used our sites and services to share personal information with another user or third-party, you may not be entitled to access, update, or delete the information that you shared. Further, please note that other users may submit information that identifies you, and you may not be entitled to access, update, or delete that information. In either case, certain users, such as healthcare providers, may be required by HIPAA and other applicable laws or regulations to retain such information for extended periods of time.
Most of our Business Associate Agreements require us and our subcontractors to either return or destroy PHI received or created pursuant to the business associate relationship upon the termination of the Business Associate Agreement. Accordingly, if the Business Associate Agreement between us and your healthcare provider has been terminated, then any PHI that you submitted to our sites and services, or otherwise maintained by us or a subcontractor in connection with our sites and services, will be returned to the healthcare provider or destroyed by us or such subcontractor.
Children under the age of 13 are not permitted to use our sites and services. We do not knowingly collect personal information from children under the age of 13 or utilize plug-ins or ad networks that collect personal information through child-directed third-party websites or online services. If we learn that we have collected personal information from a child under 13, we will take steps to promptly delete such information.
Our sites and services generally require users to be at least 18 years of age. Unless our sites and services contain the "Privacy Rights for California Minors in the Digital World" supplemental terms, our sites and services do not collect age from users under 18. Without limiting the generality of the foregoing, our services may allow users above the age of 18 (such as healthcare providers, parents, and guardians) to submit personal information of minors. Such users assume full responsibility over their submission, use, and transmission of such information.
We are headquartered in the United States. Our sites and services are intended for users in the United States and hosted and administrated in the United States or hosted with cloud service providers who are headquartered in the United States and in other countries. If you are located outside the United States, be aware that information you provide to us or that we obtain as a result of your use of our sites and services may be processed in, transferred to, and stored in the United States and in any other countries from where our cloud service providers operate. Please be aware that the privacy laws and standards in certain countries may differ from those that apply in the country in which you reside. By using our sites and services or providing us with your information, you consent to the transfer of your information for processing and storage to the United States and any other country from where our cloud service providers operate.
This section is provided pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”) and other applicable California privacy laws. This section applies solely to our users who are California residents as defined under applicable California privacy laws.
16.1 Information We Collect
Within the last twelve (12) months, we have or may have collected the following categories of information from our users and/or consumers:
16.2 Categories of Sources from Which Information is Collected
We obtain the categories of personal information listed above from the following categories of sources:
16.3 Using and Sharing of Personal Information
The personal information described in the categories above may be used for the business purposes listed above under “How We Use Personal Information.”
We disclose your personal information for a business purpose to the following categories of third parties: (a) service providers and (b) third parties to whom you authorize or direct us to disclose your personal information in connection with our sites and services. In the preceding twelve (12) months, we have disclosed the personal information described in the categories above for the business purposes listed above under “Sharing Personal and Non-Personal Information.” We also may share personal information about you for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
16.4 Personal Information “Sold” to Third Parties
We may share information that we have about you, such as a cookie ID or IP address, with third-party marketing partners who may use this information, on our behalf, to help us deliver advertising on our sites as well as on third-party websites.
We do not sell the personal information of consumers that we know are minors under 16 years of age without affirmative authorization as required under the CCPA.
16.5 Your Access and Deletion Rights under the CCPA
As of January 1, 2020, California residents, as defined under applicable California privacy laws, may take advantage of the following rights:
16.6 Exercising Your Access and Deletion Rights under the CCPA
To exercise the access and deletion rights described above, please submit a request to us by either:
You will be asked to provide certain identifying information, such as your name, email, and residency. You will also be asked to validate your request by clicking a validation link in an email that will be sent to the email address you provided. While processing your request, we may ask you to provide further verifying documentation, such as proof of residency and identity. We will only use personal information provided in a request to verify the requestor's identity or authority to make the request.
Your request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or that you have authority to make the request; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide proof of written authorization to do so, and you must verify your identity directly with us, unless such authorized agent provides proof of a power of attorney pursuant to Probate Code sections 4000 to 4465.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
16.7 Opting-out of the Sales of your Personal Information
Subject to certain exclusions under the CCPA, you have the right to opt-out of the sale of your personal information. Once we receive your request, we will not sell your personal information, unless an exclusion applies.
To opt-out of the sale of your personal information that we collected directly from you or other third-parties, please submit a request to us by either:
We may deny your request to opt-out if we have a good-faith, reasonable, and documented belief that the request is fraudulent.
We will not discriminate against you for exercising any of your rights under the CCPA. Accordingly, and unless permitted by the CCPA, we will not:
We may charge a different price or rate or provide a different level of service if the difference is reasonably related to the value provided by your personal information.
16.9 Other Applicable California Privacy Laws
Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of your personal information with third parties. If you reside in California and you have provided us with your personal information, you may request information about our disclosures of certain categories of your personal information to third parties for direct marketing purposes. To make such a request, please fill out our Privacy Contact Form with “California Privacy Rights” in the subject line and allow 30 days for a response. We will not accept requests via the telephone, mail, or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
In accordance with Section 22581 of the California Business and Professions Code if you are a California resident under the age of 18, you may request and obtain the removal of content or information you have publicly posted. To make such a request, please fill out our Privacy Contact Form with “California Privacy Rights” in the subject line. Please specify the site(s) or service(s) to which your removal request relates, including any URLs where the content or information is posted, and the specific content or information you posted for which you are requesting removal. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
FOR RESIDENTS OF NEVADA ONLY. In accordance with SB 220, Nevada consumers may opt-out of the sale of their personal information to third parties. If you reside in Nevada and you have provided us with your personal information, you may choose to opt-out of the sale of such personal information by filling out our Privacy Contact Form or by emailing us at email@example.com with “Nevada Privacy Right” in the subject line. We may request for additional information from you in order to verify your identity and/or the authenticity of your request.
FOR RESIDENTS OF THE EUROPEAN UNION ONLY. Under European data protection law, in certain circumstances, you have the right to:
In addition, you have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your personal information) if we intend to use your personal information for such purposes or if we intend to disclose your information to any third party for such purposes.
Last Updated: May 1, 2020