Privacy Policy Best Practices

 

Privacy Law Considerations For PureCars Customers

PureCars allows you to identify your website visitors and make their interactions with your online properties meaningful.

As data is being collected from individual interactions with your website, implementing a privacy policy and consent mechanisms on your website will help keep you and your business safe.  It is important to note that privacy laws vary by jurisdiction and your privacy policy and your opt-out or opt-in consent mechanisms should be reviewed in light of the tools that you use (such as Chatbots or targeting pixels) and updated with a lawyer to ensure compliance with the laws that apply to your business. 

While we understand that the language of the policy may be set by OEMs, to the extent possible, we recommend providing notice to customers about your information handling practices and collecting consent for activities like targeted marketing or, at minimum, an option to opt-out of these activities. The PureCars Data Protection Addendum also requires compliance with data privacy laws. 

Adding a Website Privacy Policy

A privacy policy should be drafted with your lawyers. While not legal advice, it should include information about the personal data you collect, how you use it, and to whom you disclose it, such as addressing the following:

  • Types of personal data collected: This should include a list of the types of personal data you collect from consumers directly or indirectly, such as name, address, email, phone number, etc. This should also call out more sensitive data types, such as precise geolocation data, if you collect this.
  • Purpose of collection: Explain the reasons why you collect personal data, such as for account creation, to provide services, or for targeted marketing, etc. Certain purposes, such as targeted marketing, may require the user to know and agree to that use. 
  • Data storage and retention: Explain which geographic location and for how long the personal data will be stored. 
  • Data disclosures: Explain to whom you may disclose the personal data, such as service providers, third-party advertisers, etc.  Disclosing personal data to a third party for targeted personal advertising purposes is called “sharing” personal data and should be called out under California law. Ensure that you disclose to consumers that you provide their information to third parties, such as PureCars, Meta, or Google, to perform ad measurement services and targeted marketing, if applicable. 
  • User rights: Explain the rights of the users regarding their personal data, such as the right to access, correct, delete, or restrict the processing of their personal data. These rights may vary by state law or may be considered best practices based on enforcement actions and caselaw. 
  • Data security: Explain the measures you have taken to protect personal data from unauthorized access, misuse, and unauthorized disclosure.
  • Changes to the privacy policy: Explain the process for updating the privacy policy and the steps you will take to inform users of any changes.

Your privacy policy should make all required disclosures about how you work with PureCars. Typically, PureCars serves as a service provider or processor to our clients. However, if you use PureIdentity, you should disclose our role as a third party that provides targeted marketing services. You should disclose that you share data with us and how we use tools, such as Google enhanced conversions or Meta pixel, to provide these services. Please note that you must obtain all required consents for targeted advertising, profiling, automated decision making, or similar tools. 

As required under certain data privacy laws, you must also honor data subject requests and offer opt-out and non-discrimination rights to individuals. 

PureCars is available to assist you as necessary in your efforts to comply with the relevant privacy laws, including opt-out and other requests from consumers. 

It is advisable to consult a legal expert to determine the specific requirements that apply to your business.

Collecting Consent

Certain state laws require various levels of consent when website operators use pixels or targeted advertising. The laws that apply depend on the state of residence of the individual visiting your site. 

To the extent that you control your website, we recommend alerting visitors about the use of PureCars services in a manner that complies with applicable law. Sometimes this may include mentioning PureCars in your privacy policy or posting a link to your privacy policy in a popup Chatbot service and potentially requiring customers to acknowledge and agree to its terms. You may also be required to capture consent through a cookie banner. To meet the most stringent state privacy laws, cookie banners should include buttons for “Accept All,” “Reject All,” or “Customize” and offer a link to your privacy policy. 

If SMS messaging plays a part in consumer communication and the services you rely on from PureCars, best practices may include recording the consent specific to SMS messaging and the date given. While PureCars honors opt-out messaging, consumer information provided to vendors should be limited or indicate specifically SMS messaging consent has been provided. You should ensure that consumer SMS messaging opt-outs are forwarded to PureCars, and be sure to check state law SMS messaging requirements as they may be more stringent than the federal law requirements.

Not Legal Advice

This document is not legal advice. It is drafted to ensure that PureCars and its customers can adhere to and comply with our legal obligations regarding consumer privacy. It is advisable to consult a legal expert to determine the specific requirements that apply to your business.

© Copyright 2025. All Rights Reserved. PureCars Technologies

Last Updated: April 9, 2025