Data Privacy Notice
PURPOSE OF THE PRIVACY NOTICE
XPEL and its affiliated companies (collectively “XPEL”) are committed to maintaining the accuracy, confidentiality, and security of your personal information. This Privacy Notice explains how we collect, use, and disclose personal information that we collect when you visit the XPEL website or communicate with us both on the website and offline.
If you have any questions regarding this Privacy Notice, your rights, or XPEL’s use of your personal data, please contact:
DATA PRIVACY CONTACT
- XPEL, Inc.
- 618 W. Sunset Road
- San Antonio, Texas 78216 United States
- Telephone Number: (833).258.2058
- Email: [email protected]
TYPES OF DATA COLLECTED
Data you provide XPEL
Personal Data is defined as any information that can be used to identify an individual either on its own or when combined with other available data.
Unless specified otherwise, personal data requested by the XPEL website is required for the website to provide its services.
The categories of personal data you may provide include:
- first and last name
- company name
- mailing address
- telephone number
- email address
- vehicle information including license plate number, car make and model, and vehicle identification (VIN) number
- IP address (we may also derive your approximate location from your IP address)
- credit card and payment information
- username and password to register with us and access password-protected areas of our website
- demographic information and any other information provided by you that does not reveal your specific identity, and
- any other identifier that permits XPEL to contact you
XPEL does not generally seek to collect special categories (sensitive) of personal data through our website. Special categories of personal data for purposes of this Privacy Notice is information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sex life, sexual orientation, genetic or biometric information. We ask that you not send us, and you do not disclose to us, any special categories of personal data. If we require any such information, XPEL will, at the time of collection, ask for your explicit consent to the proposed use of that information, as required by applicable law.
Data XPEL Collects from You
XPEL collects information that you provide directly to us or through our website, for example, when you sign up to receive updates, special promotions or newsletters from us, register an account on the XPEL website, visit our installers, request dealership location information, schedule installation, service or repair appointments, attend one of our events, contact our customer service team, place an order over the phone, or make a purchase.
XPEL also automatically collects, stores, and uses information about your visits to our website and about your computer, tablet, mobile or other devices through which you access the website. This includes:
- information collected automatically using common tracking technologies including traffic data, location, logs, referring/exit pages, date and time of your visits to the XPEL website, error information, clickstream data, other communication data, and the resources that you access and use on the website;
- information about your web browser type, operating system, and IP address; and
- real-time information about the location of your device. Please note you may block the collection and use of information about your device location by changing the device’s privacy settings. However, if you block the use of location information, this may cause some parts of the website to be inaccessible or not function properly.
This type of information automatically collected allows XPEL to improve our services and enhance the functionality of the website.
The technologies we use for automatic data collection may include:
- Web Beacons. Certain pages on the XPEL website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit XPEL, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Data Collected from Third Parties
XPEL collects most of the data directly from you. However, we also collect the following information about you through third-parties:
WHEN XPEL COLLECTS YOUR PERSONAL DATA
XPEL collects your personal data as follows:
- when you voluntarily provide it to us on the website or offline
- when you sign up to receive emails, alerts, or other communications
- when you communicate with us either on the website or offline, and
- from third-party sources
XPEL retains your personal data no longer than is reasonably necessary for the purposes for which it was collected and processed and in accordance with XPEL’s data retention policy, except as required by applicable law or to comply with our legal obligations, resolve disputes, and enforce our agreements.
PROTECTING PERSONAL DATA
In accordance with the GDPR and applicable data protection laws, XPEL has implemented appropriate physical, electronic, and administrative safeguards to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, destruction, or modification. These measures are regularly reviewed, evaluated, and updated to proactively identify new or emerging security threats. Where data processing is carried out on XPEL’s behalf by a third-party, XPEL takes steps to ensure that appropriate security measures are in place to prevent unauthorized disclosure of personal information.
LEGAL BASIS FOR PROCESSING YOUR DATA
XPEL may process your personal data if one of the following applies:
- You have given your consent for one or more specific purposes.
- Processing your personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
- Processing your personal data is necessary for compliance with a legal obligation to which the XPEL is subject.
- Processing of personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in XPEL.
- Processing your data is necessary for purposes of legitimate interests pursued by XPEL.
If you have any questions about the legal basis for processing your personal data, please contact XPEL using the contact information in the Contact Details section above. We will gladly clarify the specific legal basis that applies to the processing of your personal data.
HOW WE USE YOUR DATA
XPEL uses your personal data for various purposes including:
- Providing website functionality and fulfilling your requests. More specifically XPEL uses your data to:
- provide a tailored website experience including allowing you to access your registered account and providing account-related customer service
- respond to your questions, suggestions, compliments, and/or complaints submitted through XPEL’s online contact forms or otherwise
- respond to requests for dealer information and to schedule installation, service, or repair appointments
- fulfill requests submitted through XPEL’s online portals
- complete transactions, verify your information and provide transaction-related customer service
- provide you with administrative information including updated terms, conditions, and policies
These data processing activities are necessary to manage XPEL’s contractual relationship with you and/or to comply with a legal obligation.
- Providing you with our newsletter and/or other marketing materials. More specifically, XPEL uses your personal data to send you marketing-related emails, with information about XPEL’s services, new products, and other news about the company.
These data processing activities are performed on the basis of a legitimate interest and, where applicable, with your consent.
- Preparing reports and providing personalized services. More specifically, XPEL uses your data to:
- analyze or predict user preferences to prepare aggregated trend reports on how XPEL’s digital content is used and to improve our services and enhance the functionality of the website
- understand your interests and preferences, so that XPEL can personalize our interactions with you and provide you with information and/or offers tailored to your interests
- understand your preferences so that we can deliver content via the website relevant and interesting to you
These data processing activities are performed on the basis of legitimate interests and, where applicable, with your consent.
- Allowing participation in sweepstakes, contests, or other promotions. More specifically, XPEL uses your data to offer you the opportunity to participate in sweepstakes, contests, or other promotions. Some of these promotions have additional rules containing information about how we will use and disclose your personal data. Please read those additional rules before choosing to participate.
These data processing activities are necessary to manage XPEL’s contractual relationship with you.
- Accomplishing XPEL’s business purposes. More specifically, XPEL uses your data for:
- data analysis, for example, to improve the efficiency of our website
- audits, to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements
- fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft
- developing new products and services
- enhancing, improving, repairing, maintaining, or modifying our current products and services, as well as undertaking quality and safety assurance measures
- identifying usage trends, for example, understanding which parts of our website are of most interest to users
- effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and
- operating and expanding our business activities, for example, understanding which parts of our products and services are of most interest to our users so we can focus our energies on meeting our users’ interests.
These data processing activities are necessary to manage XPEL’s contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest.
- Aggregating and/or anonymizing data. More specifically, XPEL may use aggregated and/or anonymize personal data for its business purposes. In such circumstances, all personal identifiers will be removed from the data prior to its use or disclosure.
XPEL will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or as otherwise required by law. If we need to use your personal data for an unrelated purpose, where we are legally permitted, we will notify you promptly and explain the legal basis which allows us to do so.
WITH WHOM XPEL SHARES YOUR PERSONAL DATA
XPEL does not share, sell, or otherwise disclose your personal data with third parties except as provided in this Privacy Notice.
XPEL shares your personal data with the following third parties:
- Affiliated or related entities: XPEL shares your personal data with our affiliated or related entities including wholly-owned or third-party dealers, as necessary, to carry out the purposes for which the information was supplied or collected.
- Service providers: XPEL uses third-parties to assist with the running of the website and providing our services including hosting providers, IT providers, software providers, marketing database providers, payment processing providers, and professional services providers (g., accountants, tax advisors, legal counsel, and consultants). To obtain these services, XPEL needs to share your personal information with such third-parties. Our third-party service providers are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and per our direction.
An updated list of these third-parties with whom your personal data is shared may be requested from XPEL by using the contact information in the Contact Details section above.
In addition, XPEL may disclose information about you in the following circumstances:
- If XPEL sells or buys any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets, including to permit the due diligence required to decide whether to proceed with a transaction,
- If all or substantially all of XPEL’s assets are acquired by a third party, personal information held by XPEL about its customers will be one of the transferred assets,
- If XPEL is under a duty to disclose or share your personal information to comply with any legal or regulatory obligation,
- If necessary, to protect the vital interests of a person,
- To enforce or apply our terms and conditions or to establish, exercise, or defend the rights of XPEL, our employees, customers, or others,
- To third-party sponsors of sweepstakes, contests, and similar promotions, and
- With your consent
TRANSFER OF DATA ABROAD
If you are located in the European Economic Area (“EEA”) the following applies:
To deliver services and products to you, XPEL must transfer your personal data outside of the EEA to our related or affiliated entities and our third-party service providers located outside the EEA. This includes the USA.
Where personal data is transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal information, XPEL takes the necessary steps to provide appropriate safeguards to protect your personal data. If you want further information on the specific mechanism used by XPEL when transferring your personal data out of the EEA, please contact us using the contact information in the Contact Details section above.
YOUR DATA PROTECTION RIGHTS
Unless otherwise provided in applicable data protection laws, you have the following rights related to your personal data:
- Right to withdraw consent at any time. You have the right to withdraw consent where you have previously given your consent to the processing of your personal data.
- Right to object. You have the right to object to the processing of your personal data if the processing is carried out on a legal basis other than consent.
- Right to access. You have the right to learn if your personal data is being processed by XPEL, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the personal data undergoing processing.
- Right to rectification. You have the right to verify the accuracy of your personal data and ask for it to be updated or corrected.
- Right to restriction of processing. You have the right, under certain circumstances, to restrict the processing of your personal data. In that case, XPEL will not process your personal data for any purpose other than storing it.
- Right to be forgotten. You have the right, under certain circumstances, to request your personal data to be deleted by XPEL.
- Right to data portability. You have the right to receive personal data that you provided to XPEL in a structured and commonly used format so that it can be transferred to another data controller. This right only applies where your personal data is processed by XPEL with your consent or for the performance of a contract and when processing is carried out by automated means.
Please note that the above rights are not absolute, and XPEL may be entitled to refuse or limit the requests, where exceptions under applicable law apply.
EXERCISING YOUR RIGHTS
You can exercise any of your rights as described in this Privacy Notice and under applicable data protection laws by contacting XPEL as provided in the Contact Details section above.
Except as described in this Privacy Notice or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, XPEL may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.
Where XPEL has reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
This website is not directed at children, and XPEL will not knowingly accept or request personal information from individuals under the age of 16 years. If we learn that we have collected personal information from a child under 16, subject to applicable law, we will either (i) delete this information from our databases, in accordance with our deletion procedures; or (ii) obtain verifiable parental consent, in accordance with the Children’s Online Privacy Protection Act.
This website may, from time to time, contain links to and from the websites of our advertisers and affiliates, including social media networks. If you follow a link to any of these websites, please note that these websites have their own data privacy policies, and XPEL does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
LODGING A COMPLAINT
XPEL only processes your personal information as described in this Privacy Notice and in accordance with applicable data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information please contact us as provided in the Contact Details section below.
You also have the right to complain to your local Data Protection Authority. A full list of National Data Authorities can be found here: European Data Protection Board.
CHANGES TO THIS PRIVACY NOTICE
XPEL may change this Privacy Notice from time to time. Any changes will be posted on this page with a last updated date. If we make any material changes to this Privacy Notice, we will notify you by email or by means of a prominent notice on the website before the change becomes effective. If new Notice terms materially affect only registered users of the website, those users will be notified separately.
Effective Date: 08/06/2020
Last Updated: 08 /19/2020