Privacy Policy

This Privacy Policy was last updated and is effective as of February 18, 2020.

The following Privacy Policy provides an overview of how your data is recorded and processed by GC Leasing AZ LLC (the “Company”).

 

With the following information, we would like to give you an overview of how we process your personal data (also referred to as personal information) as well as certain of your rights under applicable laws. What specific data is processed in detail and how it will be used depends on the requested or agreed services or the basis for which the information was provided to us. In some cases as indicated by the context of the clauses below of this Privacy Policy, certain provisions of our Privacy Policy apply only to individuals and others who are subject to specific laws (such as to persons who are data subjects under the European General Data Protection Regulation (GDPR) or as to persons who are consumers under the California Consumer Privacy Act (CCPA)).

 

1. Who is responsible for data processing and who can I contact concerning such matters?

 

Contact details as follows: 

 

GC Leasing AZ LLC

– GRENKE Franchise –

3200 E Camelback Road #253

Arizona, Phoenix 85018

USA

 

Phone: +1 602 515 8031

E-mail: service@grenke.us 

 

You can reach our operational data protection officer at: 

 

GC Leasing AZ LLC

– GRENKE Franchise –

Attention: Data protection officer

Thomas Sauerteig

 

3200 E Camelback Road #253

Arizona, Phoenix 85018

USA

 

Phone: +1 602 515 8031

E-mail: service@grenke.us 

 

2. What sources and data do we use? 

 

We process personal data that we receive from our customers as part of our business relationship. In addition, we process – as far as necessary for the provision of our services – personal data that we might collect from publicly accessible sources (e.g. debtor directories, land registers, trade and association registers, press, internet) or that was obtained from our distribution partners or from other third parties (e.g. a credit agency).

 

Relevant personal data includes:

 

  • Personal details (name, address, birthday, place of birth and nationality)
  • Contact details (telephone, e-mail address)
  • Verification data (e.g. ID data)
  • Authentication data (e.g. signature sample)
  • Order data (e.g. payment order)
  • Data from the fulfilment of our contractual obligations (e.g. sales data in payment transactions)
  • Information about your financial situation (e.g. creditworthiness data, scoring/rating data, source of assets)
  • Advertising and sales data (including advertising scores), documentation data (e.g. consultation minutes)

and other data comparable to the aforementioned categories.

 

3. What do we process your data for (purpose of processing) and on what legal basis? 

 

We process personal data in accordance with the provisions of applicable law, including U.S. federal, state and local laws and other laws applicable to our activities and processing activities such as the GDPR, with respect to individuals who are data subjects under GDPR: 

 

a. For the fulfilment of contractual obligations

Data is processed in order in order to provide financial services as part of the execution of our contracts with our customers or to carry out pre-contractual actions, which are carried out upon request. The purposes of data processing are primarily geared towards the specific product (e.g. leasing, factoring) and may include, but are not limited to, needs analysis, consulting and to perform transactions. Further details on the purposes of data processing can be found in the relevant contract documents and terms and conditions. 

 

b. In furtherance of our legitimate interests

As far as necessary, we process your data beyond the actual fulfilment of the contract for the protection of our legitimate interests or those of third parties, in particular: 

  • Consultation and exchange of data with credit bureaus to identify credit risk or default risk

For the purposes of examining possible credit risks and default risks as well as preventing criminal offences, we provide various credit bureaus with data on the application and the applicant.  These credit bureaus may then provide us with relevant data about such applicants if we have credibly demonstrated our legitimate interest.
 

In addition, in the context of our contracting with individuals for our products or services we may transfer personal data collected concerning such individual’s application, the execution and termination of the business relationship as well as data on non-contractual or fraudulent behavior to various credit bureaus.

 

Transfers are also made to the extent necessary to safeguard our legitimate interests or those of third parties and provided these interests do not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.


The data exchange with the credit bureaus also serves the fulfilment of legal obligations to carry out creditworthiness checks of customers.


Credit agencies process the data obtained and also use it for the purposes of profiling (scoring) in order to provide their contractors and customers with information in order to, inter alia, make assessments on the creditworthiness of natural persons. As to data subjects under the GDPR, this information is only transferred outside the European Economic Area and Switzerland if there is an adequacy decision by the European Commission or other appropriate assurance mechanism in place (such as certification under the  EU-US Privacy Shield Program).

 

  • Review and optimization of requirements analysis procedures for direct customer contact
  • Optimization and needs-based design of the website
  • Advertising or market and opinion research, provided that you have not objected to the use of your data
  • Asserting legal claims and defense in legal disputes
  • Ensuring the IT security and IT operation of our company
  • Prevention and investigation of criminal offences
  • Video surveillance for the protection of domiciliary rights, and for the collection of evidence in cases of robbery and fraud
  • Measures for building and plant safety (e.g. access control)
  • Measures to safeguard domiciliary rights
  • Measures for business management and further development of services and products

 

c. On the basis of your consent

Insofar as you have given us your consent to process your personal data for specific purposes (e.g., disclosure of data to affiliated companies, or analysis of payment transaction data for marketing purposes), the legality of this processing is assured on the basis of your consent. Consent that has been issued can be revoked at any time. As to data subjects under the GDPR, this also applies to the revocation of declarations of consent that were issued to us before the GDPR came into effect, i.e. before 25 May 2018; provided that the revocation of consent does not affect the legality of the data processed until the revocation.
 

d. Based on legal requirements, legitimate interests or in the public interest
 
In addition, we are subject to various legal obligations, i.e. legal requirements (e.g., anti-money laundering laws and tax laws) as well as certain bank/financial services-related supervisory requirements. The purposes of the processing include, but are not limited to, the creditworthiness check, identity and age checks, prevention of fraud and money laundering, the fulfilment of tax auditing and reporting obligations, and the assessment and management of risks.

 

4. Who receives my data?

 

Within our organization, the entities that gain access to your data are those who need it in order to fulfil our contractual and legal obligations. Our service providers and vicarious agents may also receive data for these purposes. These are companies in the categories of financial services, IT services, logistics, printing services, telecommunications, debt collection, advising and consulting, as well as sales and marketing.

 

With respect to the disclosure of data to recipients outside our company, we may only disclose information about you if we are required to do so by law or if you have given us your consent to do so. Under these conditions, recipients of personal data may be, for example:

 

  • Public authorities and institutions in the presence of a legal or regulatory obligation.
  • Other credit and financial services institutions or
  • comparable institutions to which we transfer personal data over the course of our business relationship with you (depending on the contract, e.g., correspondent banks, credit bureaus).
  • Other companies within the group
  • for risk management due to legal or regulatory obligations.

 

Other data recipients may be those to whom you have given us your consent for your data to be submitted.

 

5. Is data transmitted to a third-party country?

 

As to data subjects under the GDPR, a transfer of data to third parties in countries outside the European Union (so-called third-party countries) takes place, as far as

 

  • this is required in order to execute your orders (e.g. payment orders),
  • this is required by law (e.g. in order to comply with tax reporting obligations), or
  • you have given us your consent.

 

6. How is my data processed by the Company?

 

Unless otherwise stated, we process your data either to fulfill your requests made with us or based on our legitimate interests as follows:

 

a. Usage data

Every time you access a page on our website and retrieve a file, this process automatically saves general data to a log file. The storage is exclusively system-related and is purely for statistical purposes or to report criminal offences in exceptional circumstances.

 

We use this data to improve our websites and to present content tailored to your interests on various sites in the network and on multiple devices. As part of this process, usage data is not merged with personalized data. Should you decide to provide us with your data, this data will be backed up securely during the entry process. The same applies to the storage in our system. For security reasons, we store your IP address. This can be accessed in case of a legitimate interest.

 

We do not save your browser history. A transfer of data to third parties or any other evaluation does not take place, unless there is a legal obligation to do so.

 

In detail, the following data record is saved each time it is accessed:

 

  • Device used
  • Name of the accessed file
  • Date and time of access
  • Time zone
  • Transferred data volume
  • Report as to whether the access was successful
  • Description of the type of web browser used
  • Operating system used
  • The previously visited site
  • Provider
  • User's IP address

 

b. Contact

In order to be able to give you appropriate information as part of a request made by you via our contact forms, the appropriate affiliated company of ours will be identified after inquiring about your specific interest at the top of the applicable web page. If you contact us (e.g. via contact forms), the designated company will save your data in order to process your request or in case any further correspondence is required. If several companies are listed there, they will process your personal data as joint data processors.  Further information on joint responsibility can be obtained by sending an e-mail to service@grenke.us . 

 

If you expressly agree to be contacted by e-mail, telephone or postal mail within the scope of the contact form, you grant the Company and its affiliated companies the opportunity to inform you in future by telephone, e-mail or post about current products and services, in the selected category. We may also store your data for the purpose of sending you our newsletter. In addition, we store your IP address and the date of your registration in order to be able to prove your newsletter subscription in case of doubt. You can object to the use of your data for advertising purposes at any time or unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the footer of the newsletter. 
 
If you do not give your consent, your data will be deleted after your request has been processed. Excluded from this undertaking is data for which legal or other mandatory storage obligations exist.
 

c. Registration

The data provided by you during registration for use of our website will be used by us to enable you to use our website.

 

We collect the following data for the registration process:

  • E-mail address
  • User name
  • Password

 

d. Newsletter

We are happy to inform you on the basis of your consent about the latest news with our newsletter.

 

In order to receive the newsletter, you must provide us with your name and e-mail address. You can also enter and submit further optional information. After you have submitted your e-mail address, you will receive an e-mail from us to the e-mail address you have specified, in which you must click a confirmation link to verify the e-mail address you provided.

 

Your data will be stored by us only for the purposes of sending our newsletter. In addition, we store your IP address and the date of your registration in order to be able to prove the newsletter subscription in case of doubt.

 

You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the newsletter. 

 

e. Use of cookies

aa) General information

In order to make your visit to our websites more pleasant and to enable the use of certain functions, we use so-called cookies on various sites. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliates to recognize your browser on your next visit (so-called persistent cookies).

 

Cookies cannot access other files on your computer or identify your email address.

 

bb) Use of cookies

Like most websites you visit, our website also uses cookies to improve the user experience on both one-time and repeated website visits. This allows you to quickly and easily switch between sites, save your configurations, and use third-party tools (such as YouTube videos) on the website.

 

Cookies are either placed on our website (first party cookies) or on other websites whose content appears on our website (third-party cookies). These third-party providers (such as Facebook) may set cookies if you are logged in to their pages and visit our website. We have no influence on the cookie settings of these websites. Please visit the third-party websites for more information on their use of cookies.

 

cc) Legitimacy of the storage of cookies

The essential, functional and statistical cookies are stored on the basis of our legitimate interests for the optimization and needs-based design of our website.

 

Cookies are stored for marketing purposes on the basis of the user's consent. These cookies are therefore only set if the user agrees to the storage by issuing their consent to the cookie notification on the website.

 

dd) Deactivating and deleting cookies

The setting you choose on the first visit in response to the cookie notification will be saved. The selected settings can be adjusted here in the privacy settings at any time.

Call us

Get in touch with us via

+1 602 515 8031

Mo–Fr 8.00 am–5.00 pm

Privacy Settings


Most browsers are otherwise set to automatically accept cookies. If the default settings for cookies are stored in your browser, all processes run in the background without any notifications. However, you can change these settings at any time.

 

You can set your browser so that you are informed about the setting of cookies and can decide on a case-by-case basis whether they are to be accepted or deactivated for specific cases or in general.

 

A general objection to the use of cookies for marketing or advertising purposes can be issued for a variety of services via the website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in your browser settings. Please note that this may mean you won’t be able to use all the features of this website.

 

ee) Overview of the cookies we use

 

Essential cookies

Essential cookies are required in order to be able to use our website as they enable basic functions such as site navigation and access to secure areas of the website. The website may not work properly without these cookies.

Name of the cookie
Purpose of the cookie
Storage time
Session or permanent cookie

Bloomreach

Technical cookie for the load balancer

2 years

Permanent

Functional cookies

 

Functional cookies allow a website to store information that has already been entered (such as preferred language), and to provide the user with enhanced, more personalized features. Functional cookies are used for instance to enable requested functions such as playing videos. These cookies collect anonymized information; they cannot track your movements on other websites.

Name of the cookie
Purpose of the cookie
Storage time
Session or permanent cookie

Bloomreach

These cookies collect information that is either used to track the interests of our customers' users and to help improve the experience on their websites or to help us understand how our products and services are used.

2 years

Permanent

Statistical cookies

 

Statistical cookies collect information about the use of a website – such as the user’s most frequently visited pages and whether the user receives error messages when using a website. These cookies do not store information that allows the user to be identified. The information gathered is pooled and therefore evaluated anonymously. These cookies are used exclusively to improve a website's performance and thus the user experience.

Name of the cookie
Purpose of the cookie
Storage time
Session or permanent cookie

Piwik Pro

Piwik

Used to send data about the device and the visitor's behavior to PIWIK.

30 minutes – 1 year

Session or permanent cookie

Piwik Pro

Piwik

To detect if a visitor has deliberately deactivated tracking.

Unlimited

Permanent

Cookies for marketing purposes

 

Cookies for marketing purposes are used to play targeted advertisements relevant to the user and adapted to their interests. They are also used to limit the frequency of an ad and to measure the effectiveness of advertising campaigns. They register whether you have visited a website or not. This information may be shared with third parties, such as advertisers. Cookies to improve targeting and advertising are often linked to third-party site functionalities.

 

 

Name of the cookie
Purpose of the cookie
Storage time
Session or permanent cookie

Facebook

These cookies enable behavioral advertising and analysis of Facebook

2 years

Permanent

Instagram

These cookies enable behavioral advertising and analysis of Instagram.

2 years

Permanent

Google Adwords

These cookies enable behavioral advertising and analysis on the Google AdWords platform.

30 days–2 years

Permanent

LinkedIn

These cookies enable behavioral advertising and analysis of LinkedIn

2 years

Permanent

Twitter

These cookies enable behavioral advertising and analysis of Twitter.

2 years

Permanent

Bloomreach

These cookies collect information that is either used to track the interests of our customers' users and to help improve the experience on their websites or to help us understand how our products and services are used.

2 years

Permanent

Marketo

These cookies enable behavioral advertising and analysis within the context of email marketing and measuring the effectiveness of email advertising. Tracking is done anonymously until a user identifies him or herself by submitting a form.

2 years

Permanent

f. Range analysis using Piwik

 

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our website), we use Piwik, a software for the statistical evaluation of user access.

 

Your IP address will be abbreviated before it is saved. However, Piwik uses cookies that are stored on users' computers and enable the user’s use of the website to be analyzed. In this case, pseudonymous usage profiles of the users can be created from the processed data. The information generated by the cookie regarding your use of this online content is stored on our server and not passed on to third parties.

 

You can revoke your consent to this data analysis cookie processing as follows:

Privacy Settings


g. Use of Eloqua

We use the Eloqua service to collect statistical data about the use of our website, to send our newsletters and to optimize our services accordingly. The Eloqua servers of the supplier ORA-CLE Nederland B.V., whose address is Hertogswetering 163, 3543 AS Utrecht, P.O. Box 40387, 3504 AD Utrecht, Netherlands, are located in the EU.

 

Eloqua uses "cookies", which are text files placed on your computer, to help the website analyze how users utilize the site. If you have already used a website that uses Eloqua, you may already have an Eloqua cookie. Even if this cookie is set on other websites, the information from your visit to our websites is only visible to us and is not shared with Oracle or any other users of the Eloqua system. It is also not possible for us to use this cookie to record or view information about your visits to any other websites.

If you have not expressly consented to this use, our legal basis for this is our justified interest in optimizing our offers.

 

The information generated by the cookie about your use of this website is transferred to a server and stored there. On our behalf, Eloqua uses this information to evaluate your use of the website and to compile reports on website activity. If you wish to prevent the use of Eloqua cookies or the evaluation of usage behavior on your device in the future, this is possible via the following link: Eloqua Opt-Out.

 

E-mails sent with the help of Eloqua use tracking technologies. We use this information primarily to determine which topics are of interest to you by tracking whether our emails are opened and which links you click. We then use this information to improve the emails we send you and the services we provide, as well as to link them to existing tracking or profiling information. You will not be able to track emails if you have disabled image viewing by default in your email program. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above tracking will take place.

 

You can find further information on data protection in connection with the use of Eloqua here: Oracle Privacy Policy.

 

h) Integration of social media plug-ins

 

We are currently using the following social media plug-ins on our website: Facebook, Instagram, Twitter, LinkedIn.

 

When you visit a web page that contains such a plug-in, the browser will connect to the social media providers' servers and provide the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in section 3 of this declaration will be transmitted, whereby in the case of Facebook and XING, according to the respective providers in Germany, only an anonymous IP is recorded. This happens regardless of whether you have an account with this plug-in provider and are logged in there. If you are logged in to the plug-in provider, this data will be assigned directly to your account. If you click the button, the plug-in provider also stores this information in your user account and informs your contacts publicly. If you do not want your profile to be linked with the plug-in provider, you must log out before click-ing the button.

 

The plug-in provider stores this data as usage profiles and uses it for the purposes of advertis-ing, market research and/or tailored website design. Such an evaluation is carried out in particu-lar (also for non-logged-in users) to present needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the for-mation of these user profiles; you must contact the respective plug-in provider to exercise them.

 

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which can be found below. You will also find further information about your rights and settings options to protect your privacy here.

 

Addresses of the respective providers and URL links to their privacy policies are as follows:

 

 

i) Integration of Google Maps

 

We integrate the maps of the service "Google Maps" provided by Google Ireland Limited, Gor-don House, Barrow Street, Dublin 4, Ireland. The data processed may include, but is not limited to, the IP addresses and location data of users, without their consent (usually performed as part of the settings of their mobile devices). Unless you have expressly consented to the use, our le-gal basis for this data processing is our legitimate interest in order to design our website to meet your needs. The data could also be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/ , Opt-Out: https://adssettings.google.com/authenti-cated 

 

7. How long will my data be stored?

 

Unless explicitly stated in this privacy statement, the usage and registration data stored with us is deleted as soon as it is no longer required for its intended use and the deletion does not con-flict with any statutory retention obligations.

 

We process and store other personal data as long as it is necessary for the fulfilment of our con-tractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed to last for years. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is necessary for the following purposes:

 

  • Fulfilment of commercial and tax-related retention obligations under laws to which the Com-pany is subject. The deadlines for retention and documentation vary by the applicable law, but generally range between two to ten years.
  • Preservation of evidence in the context of the applicable statutory limitation periods.

 

8. Which data protection rights do I have if I am covered by the GDPR?

 

Every data subject under the GDPR has the following rights with respect to us:

  • the right to information under Art. 15 GDPR,
  • the right to a correction under Art. 16 GDPR,
  • the right to deletion under Art. 17 GDPR,
  • the right to restrict the processing under Art. 18 GDPR,
  • the right to object from Art. 21 GDPR,
  • and the right to data portability under Art. 20 GDPR.

 

With regard to the right to information and the right to deletion, there may be certain restrictions under applicable law. In addition, there is a right to appeal to a competent data protection supervisory authority (Article 77 GDPR). You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into effect, i.e. before 25 May 2018. Please note that the revocation is only applicable for the future. Processing that took place before the revocation is not affected.

 

9. Am I obligated to provide data?

 

As part of our business relationship, you must provide the personal data required in order to en-ter into a business relationship and perform its associated contractual obligations, or the per-sonal data that we are required to collect by law. Without this information, we will generally not be able to conclude or execute the contract with you. In particular, according to the money laundering regulations, we are obligated to identify you prior to entering into a business relationship with you on the basis of your identification docu-ment and to record and save your name, place of birth, date of birth, nationality, address and identification data. In order for us to be able to fulfil this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and im-mediately notify us of any changes during the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue your desired business relationship.

 

10. To what extent is there an automated decision-making process?

 

In principle, we do not use any fully automated decision-making processes in order to justify or maintain the business relationship. If we do use these procedures in individual cases, we will in-form you about this separately, if such notification is required by law.

 

11. Does profiling take place with any of your data?

 

We sometimes process your data automatically with the aim of evaluating certain personal as-pects (profiling). For example, we use profiling in the following cases:

  • Due to legal and regulatory requirements, we are committed to combating money launder-ing, the financing of terrorism, and property-related offences. At the same time, data evalu-ations are also carried out (inter alia in payment transactions). These measures are also in place for your protection.
  • In order to provide you with targeted information and advice on products, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
  • We use the scoring to assess your creditworthiness. This calculates the probability with which a customer will meet their payment obligations in accordance with the contract. The calculation may include, for example, income, expenses, existing liabilities, occupation, em-ployer, duration of employment, past business experience, past repayment of the loan, and information from credit reporting agencies. The scoring is based on a mathematically-statis-tically recognized and proven procedure. The calculated scores help us make decisions within the context of product sales and are part of ongoing risk management.

 

12. Information about your right of revocation of consent to processing according to Art. 21 GDPR

 

1. Case-specific right of revocation

You have the right at any time, for reasons arising from your particular situation, to revoke your consent for the processing of personal data relating to you, which takes place on the basis of Ar-ticle 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data pro-cessing on the basis of a balance of interests); this also applies to profiling based on this provi-sion within the meaning of Art. 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compel-ling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the establishment, exercise or defense of legal claims.

 

2. Right to revoke your consent to the processing of data for direct advertising purposes

In individual cases, we process your personal data in order to perform direct advertising. You have the right to object at any time to the processing of personal data concerning you for such advertising, which includes profiling to the extent that it is related to such direct advertising. If you object to the processing for direct advertising purposes, your personal data will no longer be processed for such purposes. You can revoke your consent to such processing by sending such a written request to: GRENKE AG Attention:

Data protection officer

GC Leasing AZ LLC

– GRENKE Franchise –


Attention: Data protection officer

Thomas Sauerteig

 

3200 E Camelback Road #253

Arizona, Phoenix 85018

USA

 

or by E-mail: service@grenke.us 

 

13. What security measures do we employ?

 

We are committed to safeguarding the personal information you provide to us, and we maintain procedures and use technology designed for this purpose. We take several steps to protect the information we have about you, including the following:

  • We update and test our technology on a regular basis in order to improve the protection of customer information.
  • We require outside companies and independent contractors to whom we provide cus-tomer information for our business purposes to restrict the use of the information to those purposes and we prohibit independent use of such information.
  • Access to your information is controlled by reasonable internal procedures, including policies about the proper physical security of our workplace and records.

You play a significant role in protecting your personal information. If you have registered on our website you are responsible for protecting the security of your user name and pass-word and you are responsible for any transaction made using your user name and pass-word.

Although we will take reasonable security precautions regarding your personal information collected from and stored on the website and otherwise held by us, because of the open nature of the Internet, we cannot guarantee that any of your personal information stored on our services or on those of our third parties, or transmitted to or from the Company, will be free from unauthorized access or disclosure. Accordingly, we disclaim any liability for any unauthorized access to, disclosure or damage to, interception of, theft, or loss of any data communications and/or person information. By providing personal information to us and/or using the website, you acknowledge that you understand and agree to assume these risks.

 

14. Disclaimers as to Links to Third Party websites

 

The privacy policy of an advertiser or promotional service and related websites or mobile apps that are linked to from or on our website may differ from ours. We encourage you to read such third party privacy policies before visiting such third party sites or responding to any related offer. We are not responsible for the data collection and use practices of nonaffiliated third parties to which our website may link.

 

15. Changes to Our Privacy Policy

 

The practices and policies contained in this Policy are subject to change and may be modified by the Company at any time. Any such material changes will be communicated through the website or through other reasonable means. For this reason, the Company encourages you to review this Policy each time you visit the website. Information collected before changes are made will be secured according to the previous Policy. The practices and policies in this Policy replace all previous notices or statements with respect to the same subject matter. We will post at the top of this Privacy Policy the date that modifications were last made, which should alert you to any changes since your last use of or visit to the website. Your continued use of the website is your agreement to the revised Privacy Policy.

 

16. Applicable Law

 

This Privacy Policy and any disputes 17arising between you and the Company related in any way to this Policy or the Company’s products, including but not limited to disputes over billing, service, privacy, advertising, or the Company’s or its Associates' communications with you, whether based on contract, tort, statute, or common law, will be governed by the laws of the State of Arizona, without regard to choice of law principles and shall follow the arbitration provision set forth in the Terms of Use for this website.

 

17. Additional Privacy Notices for California Residents

 

The following additional privacy notices for California residents (the “California Notice”) sup-plement the information contained in the other portions of the Company’s Privacy Policy and apply solely to individuals who reside in the State of California ("California consumer" or "you"). The Company adopts this California Notice to comply with the CCPA and its related regulations and other applicable California laws.

I. Overview of Consumer Rights Under the CCPA

Under the CCPA, California consumers have certain rights regarding their personal information, including:

 

  • The right to know the categories of personal information that the Company has collected and the categories of sources from which we obtained such information.

 

  • The right to know the Company’s business purposes for sharing personal information.

 

  • The right to know the categories of third parties with whom the Company shared personal information.

 

  • The right to access the specific pieces of personal information that the Company has collected and the right to delete your personal information.

 

  • The right to not be discriminated against if a California consumer exercise their rights under the CCPA.

 

The provisions below of this California Notice provide further details about these rights and how you may exercise them.

 

II. Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer, household or device (collectively, "personal information").

 

Personal information does not include:

 

  • Publicly available information from government records.

 

  • De-identified or aggregated California consumer information.

 

  • Information excluded from the CCPA's scope, including:

 

  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and

 

  • Personal information covered by certain other laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

 

We have collected the following categories of personal information from California consumers within the last twelve (12) months: 

 

Category

Examples

Identifiers

An individual’s name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number or other similar identifiers

Personal information categories described in Cal. Civ. Code § 1798.80(e)

A name, signature, Social Security number, address, telephone number, passport number, driver's license or state identification card number, education, employment, employment history, bank account number, or any other financial information, medical information

Protected classification characteristics under California or federal law

marital status, sex, veteran or military status

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Internet or other similar network activity

Browsing history, search history, information on a California consumer's interaction with a website, application, or advertisement

Geolocation data

Physical location or movements

Sensory data

Audio, electronic, visual-related information

Professional or employment-related information

Current or past job history or performance evaluations

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g; 34 C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, student schedules, student identification codes, student financial information or student disciplinary records

III.           Sources of Personal Information

 

In addition to sources of personal information addressed elsewhere in this Privacy Policy, we obtain the categories of personal information listed above from the following categories of sources:

 

  1. Directly From You. For example, from forms you complete or products and services you purchase or from communications with you such as when you contact the Company (whether in person, by mail, by phone, online, via electronic communication or by other means) including our customer support service.

 

  1. Indirectly From You. For example, from observing your actions on our website or from products or services that you have purchased from the Company, if you have enabled such functionality, such as telemetry services.

 

  1. From Others.
    1. From third party service providers. For example, if you choose to make an electronic payment directly to the Company, or through a linked website or app, or through an affiliate of ours, the Company may receive personal information about you from third parties such as payment services providers, for the purposes of that payment.
    2. From affiliates. We may collect personal information about you from our affiliates or others acting on their behalf.

 

  1. From Public Sources. For example, we may collect information from public records.

 

IV.           Uses of Personal Information

 

In addition to uses of personal information addressed elsewhere in this Privacy Policy, we may use or disclose the personal information we collect for one or more of the following business purposes:

 

  1. To fulfill the reason that you provided the information. For example, if you share your name and contact information to request a price quote, request to be contacted by an affiliate, or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we may use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product or service orders or to process returns.

 

  1. To perform services such as customer service, order fulfillment, payment processing, financing and advertising, marketing or analytic services.

 

  1. To advance our commercial or economic interests, such as by helping you to buy, rent, lease, join, subscribe to, provide, or exchange products, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.

 

  1. To verify or maintain quality or safety standards or improve or upgrade a product or service provided or controlled by or for us.

 

  1. To provide, support, personalize and develop our website, products and services such as to perform warranty related services or other post-sale activities such as product or service monitoring or repairs.

 

  1. To create, maintain, customize and secure your account with us.

 

  1. To process your requests, purchases, transactions and payments and prevent transactional fraud.

 

  1. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.

 

  1. To personalize your website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our website, third-party sites and via mail, email or text message (with your consent, where required by law).

 

  1. To help maintain the safety, security and integrity of our website, products and services, databases and other assets and business.

 

  1. For testing, research and analysis purposes, including to develop and improve our website, products and services.

 

  1. To respond to law enforcement requests and as required by applicable law, court order or governmental regulations.

 

  1. As described to you when collecting your personal information or as otherwise set forth in the CCPA or applicable law.

 

  1. To send you information relevant to your past purchases and interests, subject to compliance with applicable laws regarding direct marketing.

 

  1. To otherwise use as reasonably necessary and proportionate to achieve our operational or notified purpose for collecting personal information and as compatible with the context in which we collected the information.

 

  1. To perform services on behalf of a CCPA-covered business or its service provider, such as customer service, order fulfillment, payment processing, financing and advertising, marketing, or analytic services.

 

  1. To review and audit our business interactions with you.

 

  1. To detect or prevent security incidents or other illegal activity.

 

  1. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our website users, including California consumers, is among the assets transferred.

 

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated or incompatible purposes without providing you notice.

 

V.            Sharing Personal Information

 

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

 

Disclosures of Personal Information for a Business Purpose

 

In the preceding twelve (12) months, the Company has disclosed the following categories of personal information for a business purpose: 

 

  • Identifiers
  • Personal information categories described in Cal. Civ. Code § 1798.80(e)
  • Protected classification characteristics under California or federal law
  • Commercial information
  • Internet or other similar network activity
  • Geolocation data
  • Sensory data
  • Professional or employment-related information
  • Non-public education information

 

The categories of third parties to which we may disclose personal information collected by us include the following: 

 

  • Service providers
  • Recipients of data from cookies placed on website (such as PIWIK PRO)

 

Sales of Personal Information

 

The Company does not sell personal information to third parties. 

 

VI.           Exercising Your CCPA Rights and Choices

 

The sections below describe how you may exercise your rights under the CCPA.

 

Access to Specific Information and Data Portability Rights

 

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability and Deletion Rights” below), we will disclose to you:

 

  • The categories of personal information we collected about you.

 

  • The categories of sources for the personal information we collected about you.

 

  • Our business or commercial purpose for collecting that personal information.

 

  • The categories of third parties with whom we share that personal information.

 

The specific pieces of personal information we collected about you (also called a data portability request).

 

If we disclosed your personal information for a business purpose, a list disclosing:

 

the personal information categories that each category of recipient obtained.

 

As allowed by the CCPA, we do not provide these access and data portability rights (i) for business-to-business personal information or (ii) as to personal information collected from the Company’s California-based employees, job applicants or contractors when provided or collected in such employee, job applicant or contractor capacities.

 

Deletion Request Rights

 

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability and Deletion Rights” below), we will delete (and direct our service providers to delete) your personal information from our (and service provider) records, unless an exception applies.

 

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

 

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.

 

  1. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

 

  1. Debug products or services to identify and repair errors that impair existing intended functionality.

 

  1. Exercise free speech, ensure the right of another California consumer to exercise their free speech rights, or exercise another right provided for by law.

 

  1. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

 

  1. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.

 

  1. Enable solely internal uses that are reasonably aligned with California consumer expectations based on your relationship with us, such as future field campaigns or product safety issues.

 

  1. Comply with a legal obligation.

 

  1. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

As allowed by the CCPA, we do not provide these deletion rights (i) for business-to-business personal information or (ii) as to personal information collected from the Company’s California-based employees, job applicants or contractors when provided or collected in such employee, job applicant or contractor capacities.

 

Exercising Access, Data Portability and Deletion Rights

 

To exercise the access, data portability and deletion rights described above, you should submit a verifiable consumer request to us by one of the following methods:

 

  • Calling us at toll free at: +1 602 515 8031
  • Emailing us at: service@grenke.us 
  • Visiting the following page on our website:   https://www.grenke.us/contact
  • By postal mail at: Grenke Leasing AZ LLC, 3200 E Camelback Road #253, Arizona, Phoenix 85018, USA
  • Accessing an online account that you maintain with us

 

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of a minor child for whom you are a parent or legal guardian.

 

You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period. The verifiable consumer request must:

 

  • Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative, which may include:
  •  
  • Your name
  • Your address
  • Additional information depending upon the type of request and the sensitivity of the information involved with such request

 

  • Describe your request with sufficient detail to enable us to properly understand, evaluate and respond to such request.

 

We cannot respond to your request or provide you with personal information if we cannot verify your identity or your authority to make the request and confirm that the personal information involved with the request relates to you.

 

Making a verifiable consumer request does not require you to create an account with us. However, we will consider requests made through a password-protected online account that you maintain with us to be sufficiently verified when the request relates to personal information associated with that  online account, provided such online account functionality is then made available by us on the website.

 

We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

 

Response Timing and Format

 

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

 

If you have an online account with us, we may deliver our written response to that online account, provided that such online account functionality is then made available by us on the website. If you do not have an online account with us, or such functionality is not available for your online account we will deliver our written response by mail or electronically, at your option.

 

Any disclosures we provide will only cover the twelve (12) month period immediately preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

VII.          Non-Discrimination

 

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA or other applicable law, we will not as a result of you exercising any of your rights under the CCPA:

 

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

 

VIII.         Other California Privacy-Related Disclosures

 

Sharing Personal Information for Direct Marketing Purposes

Before sharing personal information of California consumers with third parties for direct marketing purposes we will obtain opt-in consent from the applicable California consumers or provide such California consumers with a cost-free method to opt out.

 

California Do-Not-Track Disclosure

At this time, the website is not set up to honor web browser do-not-track settings.  Do-not-track is a privacy preference that users can set in their web browsers. When a user activates the do-not-track settings in browsers that offer this setting, the browser sends a message to websites or applications requesting them not to track the user. For more information about do-not-track matters, please visit www.allaboutdnt.org.

 

Information on Marketing Disclosures

California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at:

GC Leasing AZ LLC

– GRENKE Franchise –


Thomas Sauerteig

 

3200 E Camelback Road #253

Arizona, Phoenix 85018

USA

 

or by E-mail: service@grenke.us 

 

Content Removal Requests for website Users Under 18 Years Old

If you are a website user under 18 years of age and reside in California, you may request and obtain removal of, content or information that you have posted on the website.    You may send us any such requests by one of the following methods: (i) by email (writing “Privacy Policy – Removal Request” in the subject line) at service@grenke.us ; or (ii) by writing to us at:

GC Leasing AZ LLC

– GRENKE Franchise –


Thomas Sauerteig

 

3200 E Camelback Road #253

Arizona, Phoenix 85018

USA

 

We will review the request and respond promptly.  You should be aware that a request to remove content or information posted by you on the website does not ensure or require complete or comprehensive removal of such content or information from our databases.

 

Complaints

If you have any complaint about use of the website, you may contact us by email at service@grenke.us, or by postal mail at:

GC Leasing AZ LLC

– GRENKE Franchise –


Thomas Sauerteig

 

3200 E Camelback Road #253

Arizona, Phoenix 85018

USA

Furthermore you can reach out to us through our internal Whistleblower plattform:

https://grenke.integrityline.org/index.php

In accordance with California Civil Code Section 1789.3, California residents may also file complaints with the Complaint Assistance Unit, Division of Consumer Services, California Department of Consumer Affairs by postal mail at 1625 North Market Road, Suite N112, Sacramento, CA 95834 or by telephone at 800-952-5210.

 

IX.           Changes to Our California Notice

 

We reserve the right to amend this California Notice at our discretion and at any time. When we make changes to this California Notice, we will post the updated California Notice on the website and update the California Notice's effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.