PRIVACY POLICY

YOUR PRIVACY IS IMPORTANT TO US!

PRIVACY POLICY

I. INTRODUCTION

This Policy specifically outlines the Privacy Policy of I-Car Education Foundation, doing business as the Collision Repair Education Foundation and its affiliates and related entities (“CREF”, “us”, “we”, or “our”) for CREF’s data collection, use, and disclosure practices (“Privacy Policy”).

This Privacy Policy applies to all visitors and users of our Website and also to those Consumers whose Personal Information we may have collected or processed.

By continuing to visit and use our Website, You agree to the terms of this Privacy Policy. If You do not agree, then please exit this Website and close Your browser.

I. DEFINITIONS

“Consumer(s)” means a natural person whose Personal Information that we may have collected and processed.

“Member(s)” means (1) commercial businesses who provide products and services for the motor vehicle repair industry and participate in CREF and (2) Schools and their faculty, staff, and students who utilize CREF services.

“Personal Data” means Personal Information.

“Personal Information” means any information relating to an identified or identifiable individual that is collected via our Website. Personal Information may include a Visitor’s or a Consumer’s: full name, physical address, email address, IP address, or other identifier such as from a cookie.

Personal Information does not include any aggregate or anonymized data that may have been created from Personal Information but can no longer be used to identify, relate to, or could reasonably be linked to a Visitor or Consumer.

“Sensitive Personal Information” means any data about a natural person that reveals a racial or ethnic origin, political opinion, religious belief, philosophical belief or trade union membership. It also includes a natural person’s genetic and biometric data, and data concerning their health, sex life or sexual orientation.

“You” or “Your” means a Consumer and a Visitor.

“Visitor(s)” means a natural person who visits our Website, but is not known to be a Consumer.

“Website” means www.collisionrepaireducationfoundation.org

I. INFORMATION THAT WE COLLECT FROM YOU WHEN YOU VISIT OUR WEBSITE

We collect certain Personal Information from You in order to operate our Website effectively and provide You with the best experiences when You visit and use it.

1. Information Provided

By You When You register or otherwise interact with our Website, including filling out forms on various pages within it [or registering as a User on the Marketplace Website] we will collect certain Personal Information about You such as Your name, e-mail address, phone number, and company name (which may also be Your employer’s name). We will also collect certain Personal Information about You when You fill out a contact form or speak with us, or otherwise provide Your Personal Information to us in order to be in contact or receive information from us.

We may collect the Sensitive Information of Consumers, but only with regards to provide the services or the goods that those Consumers had requested more information about or opted into receiving more information about. If You are a job applicant, we may also need to collect some of Your Sensitive Information in order to process Your application, but we do not use it for any other purpose besides than to vet You as a potential employee and if You are hired, then to support and enable Your employment.

• Information Collected On Our Website And Via Other Automatic Means

We also may use various technologies to collect information from Your computer or device and about Your activities on our Website.

Information Collected Automatically: We may automatically collect information from You when You visit Our Website. This information may include Your IP address, location data, Your browser type and language, access times, the content of any undeleted cookies that Your browser previously accepted from us, referring or exit website address, internet service provider, date/time stamp, operating system, locale and language preferences, and system configuration information.

Google Analytics: We also use Google Analytics on our Website and to help provide our services to Clients. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on our websites available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://www.google.com/intl/en/policies/privacy/

Cookies: When You visit our Website, we may assign Your device one or more cookies to facilitate access to our site and to personalize Your online experience. Through the use of a cookie, we also may automatically collect information about Your online activity on our site, such as the web pages You visit, the links You click, and the searches You conduct on our site. Most browsers automatically accept cookies, but You can usually modify your browser setting to decline cookies.

A cookie is a small text file that is stored on a user’s computer for record keeping purposes. Cookies can be either session cookies or persistent cookies. A session cookie expires when You close your browser and is used to make it easier for You to navigate our website. A persistent cookie remains on your hard drive for an extended period of time.

We may use cookies to personalize content, to provide social media features and to analyze our traffic. We also share information about Your use of our site with our social media, advertising and analytics partners, who may combine it with other information that You’ve provided to them or that they’ve collected from Your use of their services.

Other Technologies: We may use standard Internet technology, such as web beacons, digital visitor management technology, and other similar technologies, to track your use of our Website. We also may include web beacons in promotional e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer to users of our Website to deliver targeted advertisements and to measure the overall effectiveness of our online advertising, content, programming, or other activities. Web beacons (also known as clear gifs, pixel tags or web bugs) are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users or to access cookies. Unlike cookies, which are stored on your device, web beacons are embedded invisibly on the web pages (or in emails) and are about the size of the period at the end of this sentence. Web beacons may be used to deliver or communicate with cookies, to count visitors to certain pages, and to understand usage patterns. We also may receive an anonymous identification number if You come to our Website from an online advertisement displayed on a third-party website.

I. WHY WE COLLECT YOUR PERSONAL INFORMATION

II. To Service Our Website

We use information collected to ensure that Our Website is working as intended and for analytics purposes, to understand how our Website is operating and learn how it can be improved. We also use this information as needed for auditing purposes as well.

• For Interaction Purposes

If You have filled out a contact form or otherwise interacted with the Website, we may use this information to send You communications including newsletters and emails, as well as to provide the services related to the form or other interaction that You submitted. You can opt out of receiving these communications at any time by clicking the “opt out” link at the bottom of these emails or by emailing us directly at info@ed-foundation.org.

• To Provide Our Services To Our Members

We use information collected to provide our services to our Members. We help to support our Members’ efforts by enabling and supporting the provision of information about their business and services to their students and faculty, and potential students and faculty, which may include You.

• To Evaluate And Improve Our Customer Service

We may use this information to ensure we are providing the highest level of customer service, and to identify any potential gaps or potential improvements to the same.

• In Order To Respond From Requests From You

If You have requested further information or in any other way requested that we contact You, we will use Your Personal Information to respond to such a request.

• For Our Legal Purposes

We also collect information in order to comply with certain legal rules and regulations that we are subject to.

V. HOW LONG DO WE STORE AND MAINTAIN YOUR PERSONAL INFORMATION?

We only store and maintain Your Personal Information for as long as is necessary to fulfill the purpose for which it was collected. With regards to Your Personal Information collected for our analytics purposes and used to help maintain and improve our Website, we only store and maintain that information until it is aggregated and used to create a new anonymous data set that no longer contains Your Personal Information, and then delete the underlying Personal Information once that new data set has been created.

VI. WE DO NOT SELL AND SHARE YOUR PERSONAL INFORMATION

CREF does not sell, share or trade our Personal Information with any other entity, nor send mailings to Consumers or Visitors on behalf of other organizations.

This policy applies to all information received by CREF, both online and offline, on any Platform (“Platform”, includes the Website and mobile applications), as well as any electronic, written, or oral communications.

We do not collect, sell, or share the Personal Information of persons under 16 years of age.

VII. WITH WHOM DO WE SHARE COLLECTED PERSONAL INFORMATION?

CREF shares Your Personal Information when necessary to its internal team and service providers.

When we share Your Personal Information with our service providers and other third parties, we ensure that they are either contractually obligated to secure Your Personal Information in the same way that we do and further that they cannot sell or further share Your Personal Information without Your consent, or have legal authority to receive Your Personal Information.

Specifically, the service providers and other third parties that we may also generally share Your Personal Information with are:

• IT service providers for hosting, management of IT systems, backup, provision and maintenance of IT networks, backup networks, etc.; and

• Service providers for archiving, etc.

Depending on the need, We may also have to share Your Personal Information with:

• Our Legal Representatives; and

• Authorized third parties such as Law Enforcement, Courts, Supervisory Authorities and Auditors.

VIII. HOW DO WE SECURE YOUR PERSONAL INFORMATION?

CREF maintains a security program that employs commercially available physical and IT security tools, including but not limited to:

• Commercially available and sufficient firewalls;

• Segmented Data Storage;

• Multi-factor authentication;

• Industry-standard SSL-encryption to enhance the security of the data transmissions; and

• Policies providing for least privileged access to data across our organization.

No method of data storage or data transmission can be guaranteed to be completely secure. If we suffer a data breach, we will report the same to You in compliance with relevant data breach notification laws.

IX. RESIDENTS OF CALIFORNIA AND OTHER STATES WITH PRIVACY LAWS

Several states in the United States have enacted Privacy Laws that apply to Personal Information collected from Consumers and Visitors who are residents of those states. This Privacy Policy is intended to comply with the requirements of those state Privacy Laws, but only to the extent that they apply to CREF. State Privacy Law requirements apply only to those entities that meet its definition of “business” (or equivalent) as defined in those Privacy Laws. CREF does not meet such definitions in most cases, and therefore is not a “business” as defined by the these Privacy Laws. Nonetheless, we will endeavor to act in accordance with the Privacy Laws to the extent that it is reasonable for us to do so. To the extent that the Privacy Laws do not apply to CREF, all of the provisions below are subject to CREF’s sole discretion.

Some state Privacy Laws provide certain rights to Consumers and Visitors regarding Personal Information collected from them. These may include, to the extent provided in the particular state’s Privacy Laws:

• You, or Your authorized agent, may request information on the specific pieces of Personal Information we have collected about You by emailing info@ed-foundation.org. You may also request that we disclose how we have collected, used and shared Your Personal Information over the past 12 months, including the categories of Personal Information we collected and our purposes for doing so. You may also request the categories of the sources of that information, the categories of the third parties with whom we have shared this information with for a business purpose, and our business purpose for doing so.

• You may have the right to correct inaccurate Personal Information that we have collected or maintain about You.

• You may have the right to opt out of sale and sharing of Your Information.

• You may have a right to be notified when we collect information from You, and we cannot collect new categories of information from You without notifying You first.

• You may have the right to limit our sharing of Your Personal Information.

• You may have the right to not be discriminated against for exercising these rights.

• You may have the right to ask us to delete Your Personal Information.

If You would like to exercise any of the rights listed above with regards to Your Personal Information, then please contact us, or have Your registered agent contact us, at info@ed-foundation.org or via phone at 888-722-3787.

If You want to opt out of the sale and sharing of Your Personal Information, You can do so here: “Do Not Sell My Personal Information” form.

If You want to review and request changes to Your Personal Information, You may also email or call us as noted above, and we will then provide You with detailed instructions on how to do so.

X. RESIDENTS OUTSIDE OF THE UNITED STATES, INCLUDING THE EUROPEAN UNION AND OTHER SIMILAR NATION

If you are visiting our website from outside the United States (“U.S.”), any information you voluntarily provide via our website and any technical information from the browser of your computer, tablet, or mobile device will be transferred out of your country and into the U.S. where we are located. The protections available to the privacy of your personal information in the U.S. may significantly differ from the protections available in your country. If you do not want any personal information to be transferred to the U.S., please do not provide that information to us via our websites.

The European Union has adopted General Data Protection Regulations ((Regulation (EU) 2016/679)(“GDPR”). Other countries, including the United Kingdom and Switzerland, have adopted similar regulations. This Privacy Policy is intended to comply with the requirements of those Privacy Laws.

a. What Information Do We Collect From EU Data Subjects?

We collect the same Personal Information (“Your Data”) from Data Subjects as outlined above.

• How Do We Collected Your Data?

We collect Your Data as outlined above.

• How Will We Use Your Data?

We use Your Data as outlined above.

•How Do We Store Your Data?

We securely store Your Data as detailed above. We only store Your Data for as long as necessary to support and facilitate the provision of our services. Once the legal requirement to store Your Data has expired, we securely delete it.

• What are Your Data Protection Rights?

As an EU Data Subject, You have the following rights:

I. The Right to Access Your Data – including asking for copies of Your Personal Information and Sensitive Information. We are entitled to charge You a small fee to provide You with the same.

1. The Right to Rectification of Your Data – including the right to ask us to correct any inaccurate data and complete any incomplete data.

2. The Right to Erasure of Your Data – including asking us to delete copies of Your Data. Please note that we may not be able to immediately delete certain portions of Your Data based on legal rules and requirements, however, once those restrictions have expired, we will delete the same.

3. The Right to Restrict Processing of Your Data – including the right to request that we restrict processing of Your Data under certain circumstances. Again, legal requirements and obligations may limit our ability to fully restrict the processing of Your Data.

4. The Right to Object to the Processing of Your Data – including the right to request that we stop processing Your Data under certain circumstances. Again, legal requirements and obligations may limit our ability to fully stop processing of Your Data.

5. The Right to Data Portability – including the right to request that we transfer Your Data to another organization or directly to You, under certain circumstances. Again, legal requirements and obligations may require us to also maintain copies of Your Data even if we transfer it as requested.

• How can You Contact Us?

If You have any questions about this Policy, Your Data that we have, or would like to exercise any of Your data protection rights, then please email us at info@ed-foundation.org or via phone at 888-722-3787.

• How to Contact the Appropriate Authority?

If You wish to report a complaint or feel that we have not addressed your concerns in a satisfactory manner, then You may contact Your local Data Protection Authority which may be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

• Reservation of jurisdiction objections.

Notwithstanding the foregoing, under no circumstances shall this Privacy Policy or any obligations undertaken in it be construed as an admission of jurisdiction or waiver of any liability defenses of any kind, all potential objections to which are expressly reserved as to both CREF. To clarify further, CREF’s obligations do not apply to any claims, litigation, or tribunal in the European Union or a Member State or any other nation, nor to any attempt to enforce the ruling or judgment entered by such a tribunal in the United States.

XI. CHANGES TO THIS PRIVACY POLICY

Any changes to the Privacy Policy will be posted directly on our Website and reflected with a new Effective Date at the top of this Privacy Policy. We encourage You to review the Privacy Policy each time You visit our Website to see if it has been updated since Your last visit.

Scroll to Top