This California Consumer Privacy Act Privacy Policy (the “CCPA Privacy Policy) describes the ways Amur Equipment Finance, Inc., and its affiliates, subsidiaries and related entities (collectively, “we” or “us” or “Amur”) collect, store, use, disclose, and protect Personal Data received from our actual and prospective customers and clients. This privacy policy is applicable only to California residents, and supplements the Amur Privacy Policy. As required in the California Consumer Privacy Act of 2018 (the “CCPA”), this policy describes the rights available to California consumers (defined as California residents) regarding their personal information, and our practices regarding the collection, use, disclosure, and sale of personal information as defined in the CCPA.
Under the CCPA, California resident rights include:
- Right to Know: This is your right to know what categories of personal information we collect about you, how we use your personal information, whether we share, disclose and/or sell your personal information to third parties, and what other rights you may have under the CCPA with respect to your personal information;
- Right to Delete: This is your right to request that we delete the personal information we have collected from you and maintain in our systems, subject to certain exceptions that permit us to keep your personal information for specific purposes;
- Right to Access: This is your right to request access to the personal information we have collected about you;
- Right to Opt-Out of Sale: This right allows you to opt-out of the sale of your personal information to third parties; and
- Right to Non-Discrimination/Equal Service: This right means that we will not discriminate against you in any manner because you elect to exercise any of your rights under the CCPA.
THE CATEGORIES OF PERSONAL INFORMATION ABOUT YOU THAT WE COLLECT, USE, AND/OR DISCLOSE UNDER THE CCPA
In addition to the disclosures in the Amur Privacy Policy, the CCPA requires that we provide you with certain, additional disclosures.
The Categories of Personal Information We Collect under the CCPA
Amur collects the following categories of personal information, as defined in the CCPA, about California consumers:
- Personal identification information, including: name, date of birth, address, social security number or country identification number, passport number, driver’s license number, home phone numbers, personal cell phone numbers, personal email addresses and country of citizenship information;
- Protected classification characteristics under California or federal law (e.g., age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, veteran, or military status;
- Commercial information (e.g., records of personal property, past business transactions, ownership information, vendor information, financial statements, credit explanations and credit histories, bank account statements, facility lists, and bank account details);
- Internet or other similar network activity while on Amur’s website (e.g. the date and time of visit, the content viewed on our website, your browser type, your operating system, your IP address, and website features accessed); and
- General geolocation data.
The Sources from Whom We Collect Personal Information under the CCPA
We collect personal information about you from a variety of sources. These sources include:
- Information you provide to us directly, indirectly, advertently, and inadvertently (which may be obtained from emails, web forms or in other manners);
- Information we may automatically collect such as your IP address, the name of the domain you used to access the Internet, the link that brought you to our website and any links clicked within our website;
- Information obtained from third parties (e.g. credit bureaus, background check companies, business verification sites such as Secretaries of State, the Federal Department of Transportation’s Safety and Fitness Electronic Records (SAFER) system); and
- Publicly available information about you.
How We Use the Categories of Personal Information We Collect under the CCPA
We may use the personal information we collect about you to:
- Fulfill our contract with you;
- Decide whether to enter into a contract with you;
- Determine the creditworthiness of a prospective customer, help prevent fraud and verify safety records;
- Evaluate and process client transactions;
- Create and administer an Amur account, including billing, invoicing, and debt collection activities;
- Fulfil our legal requirements (e.g. to comply with or respond to respond to a request or requirement pursuant to law, regulation, or from a governmental or judicial body, or to help prevent fraud or for risk management purposes);
- Protect our rights, our personnel, our property, and the safety of others;
- Maintain our accounting, tax, and other records;
- Comply with applicable federal and state laws and regulations, as well as for the general administration of our business;
- Deliver and personalize communications with you;
- Create internal business and marketing reports; and
- provide advertising and marketing to you.
The Categories of Personal Information We Disclose or Sell to Third Parties under the CCPA
Amur does not sell your personal information to third parties for monetary consideration or for any purpose, including advertising or marketing. In some limited situations, Amur may disclose or make available certain personal identifiers, as defined by the CCPA, to service providers who perform services on our behalf for specific business purposes. In those instances, these service providers will be given only the Personal Data needed to perform the tasks we request of them and they are not authorized by us to use or disclose your information except as necessary to perform services on our behalf or to comply with legal requirements. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed. Amur engages service providers for the following business purposes:
- To fulfill your requests and service your account, improve our services, and to inform you about and provide you with offers about our products, services, events, as well as those of our affiliates and business partners;
- Obtaining credit and reporting credit information with credit bureaus, banks, and financing sources involved in transactions with you, particularly for transactions that are syndicated;
- Digital advertising bid management systems, which may be integrated with customer relationship management (CRM) software to pull customer data. Such data may also be made available to a third-party agency for optimization. All information that is collected by means of email is stored with our CRM providers. We may also share information with third parties for services that we believe may be of interest to clients/customers;
- Analytics and performance data – such as application counts, funded dollars related to vendor, losses, reasons for losses, and customer satisfaction data – with vendor partner companies for the purpose of establishing credit eligibility (such as to obtain your FICO score) and determining potential eligibility for additional credit;
- Auditing; and
- Performing business activities and functions on our behalf to support our interactions with you, such as billing and collections, payment processing, analytics and research, marketing, and fraud prevention;
The CCPA does not restrict Amur’s ability to disclose the personal information identified earlier in this policy to third parties for the following purposes, including to:
- Comply with federal, state, or local laws;
- Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
- Cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate federal, state, or local law;
- Exercise or defend legal claims;
- Collect, use, retain, sell, or disclose consumer information that is deidentified or in the aggregate consumer information; and/or
- Collect or sell a consumer’s personal information if every aspect of that commercial conduct takes place wholly outside of California.
YOUR RIGHTS TO KNOW, REQUEST ACCESS TO AND/OR DELETION OF PERSONAL INFORMATON AND HOW TO EXERCISE THOSE RIGHTS
With certain limitations, the CCPA establishes your right to request access to the personal information we collect about you, and the right to request the deletion of the personal information we collect from you. In order to submit a verifiable consumer request, please visit the “How You Can Submit A Verifiable Consumer Request for Access to and/or Deletion of Your Personal Information” section below.
Right to Know What Personal Information We Have Collected About You under the CCPA and Other California Law
The CCPA requires that, upon request, we provide you with the following information:
- the categories of personal information we have collected about you;
- the categories of sources from which the personal information is collected;
- the business or commercial purpose for collecting, disclosing or selling, if applicable, the personal information;
- the categories of third parties with whom we have shared or sold, if applicable, your personal information; and
- the specific pieces of personal information we have collected about you.
This is known as your “right to know” under the CCPA.
Right to Request Access to the Personal Information We Have Collected About You
The CCPA also provides that we provide you with access to the actual personal information we have collected about you in the preceding twelve (12) months; this is known as your “right to access.” The CCPA requires us to comply with up to two (2) access requests in a twelve (12)-month period, which are subject to limitations for manifestly unfounded or excessive requests. In addition, there are some types of personal information that we will not return to you in response to your access request because of the inherently sensitive nature of such information which could create a substantial, articulable, and unreasonable risk to the security of that personal information. This includes your Social Security number, driver’s license number or other government-issued identification number, financial account number, health insurance or medical identification number, account password, or security questions and answers.
Right to Request Deletion of the Personal Information We Have Collected from You
If you want us to delete the personal information we have collected from you, subject to a verifiable consumer request, we will delete your personal information from our systems, subject to certain exceptions for which it is necessary for us to continue to retain such information. We will also notify any service providers and third parties with whom we have shared your personal information of your request. As noted above, your deletion request is subject to certain exceptions which we may rely on where it is necessary for us to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- Identify and repair errors that impair existing intended functionality of our services;
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research if you have provided informed consent;
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with us;
- Comply with a legal obligation; or
- Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
If any of these exceptions apply, Amur is not required to delete your personal information. In the event that we deny your request to delete based on any of these exceptions, we will inform you, in writing, of the reason.
How You Can Submit A Verifiable Consumer Request for Access to and/or Deletion of Your Personal Information
Amur takes the responsibility of protecting your privacy and the information it collects about you seriously. Given the sensitive nature of the information under the CCPA and as proscribed by the law itself, it is essential that we verify your identity in order to process your request. Amur has trained dedicated team members to conduct the identity verification process. If we cannot verify your identity, we cannot fulfill your request.
It may take up to forty-five (45) days to fulfill your request, or up to a total of ninety (90) days if additional time is needed. In the event that we cannot complete your request within the initial forty-five (45) day period, we will notify you in writing within the initial forty-five (45) day period.
To exercise one or more of your CCPA rights, please submit a verifiable consumer request:
- Via our dedicated CCPA request email address at ccpacompliance@goamur.com;
- By calling our toll-free number at 888-272-1154; or
- By chatting with us at goamur.com;
The CCPA allows you to authorize another person to make a verifiable consumer request on your behalf. If an authorized agent will be submitting a request for access to or deletion of personal information on your behalf, the authorized agent should submit the request via the methods described above. As part of the authorized agent request process, Amur will use reasonable efforts to verify your identity, as well as the identity of your authorized agent to ensure that your agent has been properly authorized by you to request information on your behalf.
HOW WE PROTECT YOUR PERSONAL INFORMATION
Amur has established multiple avenues of protection to safeguard Personal Data. We use a variety of reasonable physical, technical, and administrative measures to safeguard information against loss. Our employees are only given access to files on an as-needed basis, thus limiting exposure of client information. Technologies and processes to protect Personal Data collected on our website include firewalls, strict role-based file security, security for servers and workstations (with managed patching and managed antivirus), SSL certificates for secure remote access and encryption technology for transmission of Personal Data. Our computer systems utilize password protection to prevent access by unauthorized personnel, and we employ other physical, electronic and procedural safeguards to help protect your non-public Personal Data.
However, no security technology is completely secure, and you should remember that email is not a secure means of communication. While we strive to protect the information that we maintain, due to the inherent nature of the Internet, we cannot (and do not) guarantee, and make no representation or warranty about, the security of any information that you transmit to us or which is stored by us.
Amur understands the importance of your privacy rights and takes their protection seriously. We recognize that you have placed your trust in us, and we strive to preserve that trust as a priority. Amur arranges for its employees to be educated on Amur’s privacy policies and procedures and, among other things, directs employees to adhere to Amur’s established guidelines. Amur will monitor the effectiveness of its privacy policies and procedures.
HOW WE PROTECT CHILDREN’S PRIVACY
This Site is not directed to nor is it intended for individuals under the age of 16 and we do not knowingly solicit or collect information from children.
WHAT HAPPENS IF WE CHANGE THIS PRIVACY POLICY
We reserve the right to modify or supplement this Privacy Policy at any time. If we make any material change to the Privacy Policy, we will notify you by email (sent to the e-mail address you specified) and/or update this Privacy Policy to include such changes. We recommend that you review this Privacy Policy regularly for changes. The date of this Privacy Policy, noted above, indicates the last time it was revised or materially changed. Checking the date allows you to determine whether there have been changes made since the last time you reviewed this Privacy Policy. By continuing to use our website after we make changes, you indicate your consent to each of those changes.
HOW TO CONTACT US WITH QUESTIONS ABOUT THIS CALIFORNIA CONSUMER PRIVACY POLICY AND AMUR’S OVERALL PRIVACY PRACTICES
You may contact us by email at ccpacompliance@amuref.com by calling our toll-free number at 888-272-1154 or by regular mail at:
Amur Equipment Finance
304 W 3rd St, Grand Island, NE 68801