PrePass®

Online Privacy Policy.

Last Modified: August 21, 2024

This PREPASS® ONLINE PRIVACY POLICY (“Privacy Policy”) is incorporated by reference into the PrePass® Online Terms of Use (together, with any documents expressly incorporated by reference, the “Terms of Use”) for PrePass^® Safety Alliance, an Arizona non-profit corporation (together with its affiliates and subsidiaries, “PrePass^®”). Capitalized terms used in this Privacy Policy shall have the meaning set forth in this Privacy Policy or the Terms of Use. To the extent there are conflicts between the Privacy Policy and the Terms of Use, this Privacy Policy will control.

DEFINITIONS

“Application” means the PrePass^® Mobile Application (including all related documentation).

“ByPass Event Data” means all data collected during the normal course of PrePass^® site operations.

“Carrier” means the person or entity that has agreed to and qualifies as a customer under the terms of the PrePass^® License Agreement, maintains a master billing account with PrePass^® and is ultimately responsible for any such associated account(s).

“End User” means any individual or entity that accesses and utilizes the functions of the Application.

“End User Data” has the meaning set forth in the “Information PrePass^® Collects About the End User” section.

“Location Information” means location data that is automatically generated on the Application when the Services interact with cell towers and Wi-Fi routers. Location Information may also be generated by Bluetooth services, network devices, and other technology, including GPS satellites.

“PrePass^®” has the meaning set forth in the preamble above.

“PrePass^® Products” means the PrePass^® suite of services including but not limited to PrePass^® Weigh Station Bypass (“PrePass^® Bypass”), PrePass^® Plus, PrePass^® Tolls, PrePass^® Toll Management Services (“Toll Violation Prevention” and/or “Toll Violation Settlement”), PrePass^® app, and/or PrePass^® AG.

“PrePass^® Properties” means the Services, the Software, and all content therein (excluding End User Data).

“Privacy Policy” has the meaning set forth in the preamble above.

“Services” means the PrePass® Products, the Website, the Application, and other services including, but not limited to the features, functionality, and content accessible on or through the Application and which may be hosted on the Website.

“Software” means the programs and other information that operates the Services.

“Telematic Service Provider” means a provider that offers an electronic system used to transmit or receive data from a moving vehicle.

“Terms of Use” has the meaning set forth in the preamble above.

“User Account” means a uniquely identified username and password created by the End User and administered by PrePass^® in order to establish access with the Application, its information and to utilize the services.

“Website” means the PrePass® website located at www.prepass.com.

GENERAL

PrePass® is committed to the privacy and security of the End User Data (see Section 4 below). All End Users are required to register a User Account via the Application to utilize the PrePass® Products. This Privacy Policy describes:

the types of information PrePass® may collect or that the End User provides when the End User downloads, installs, registers with, accesses, or uses the Services.
the types of information PrePass® may collect from the End User when the End User accesses and uses the Services.
the PrePass® practices for collecting, using, maintaining, protecting, and disclosing that information.

This Privacy Policy applies only to information PrePass® collects in the Application, on the Website, and in email, text, and other electronic communications sent through or in connection with the Application.

The Privacy Policy DOES NOT apply to information that:

PrePass® collects offline or on any other PrePass® apps or websites, including websites the End User may access through the Services. through the Services.
The End User provides to or is collected by any third party.

Other third parties have their own privacy policies, which PrePass® encourages the End User to read before providing information on or through them.

Please read this Privacy Policy carefully to understand the PrePass® policies and practices regarding End User information and how PrePass® will treat it. If the End User does not agree with the PrePass® policies and practices, the End User’s choice is to not use the Services.

By using the Services, the End User authorizes PrePass® to gather, parse, and retain data related to the provision of the Services and collect, use and disclose information as described in this Privacy Policy. This Privacy Policy may change from time to time (see Section 8 below). The End User’s continued use of the Services after PrePass®makes changes is deemed to be an acceptance of those chances, so please check the Privacy Policy periodically for updates.

CHILDREN UNDER THE AGE OF 13

The Services are not directed to individuals under the age of thirteen (13), as required by the Children’s Online Privacy Protection Act. PrePass® does not knowingly collect End User Data from children under 13. If the End User is under 13, do not use or provide any information on the Services, or through any of its features. If PrePass® learns PrePass® has collected or received End User Data from a child under 13 without verification of parental consent, PrePass® will take steps to delete that information. If the End User believes PrePass® might have any information from or about a child under 13, please contact PrePass® at [email protected]

INFORMATION PREPASS® COLLECTS ABOUT THE END USER

The Services collect several types of information from and about End Users, including, but not limited to:

“End User Data” means information the End User provided to PrePass®, which is not readily available to the public or accessible through other means and is used for the purpose of accessing or interacting with the PrePass® Properties, Services, the Website, the Software and or the Application; and that alone or in combination with other information may be used to readily identify, contact, or describe the End User. This information includes, but is not limited to:

Legal Name
Mailing Address
Email Address
Phone Number
Date of Birth
Biometric Records
Driver’s License Information
Such other information as PrePass® may request from time to time.

Bypass Event Data

Bypass Event Data is collected and retained to monitor that PrePass® carriers are not subjected to a higher level of regulatory compliance screening than non-PrePass® carriers. Bypass Event Data is attributable to a specific carrier or vehicle and is collected by PrePass® with authorization from the individual carrier.

Location Information

The Application collects and stores real-time information about the End User’s location. The collection of this information is necessary for the proper functionality of the Application and allows notifications to be sent to the End User to ensure proper compliance with weigh station stops, traffic, and other important safety information. End User must allow the Application to collect Location Information to continue using the Application. Collection of this information may improve the provision of the Application and provide End User with full functionality. PrePass® may utilize cookies, automatic data collection, GPS functions, and related technologies. The Application collects and stores information that is generated automatically as End User uses it, including End User’s preferences and anonymous usage statistics. Location Information can be based on things like precise device location, IP addresses, and information from End User and others’ use of the Services.

PrePass® does not consider End User Data to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual. PrePass® collects this information:

directly from the End User when End User provides it to PrePass®.
automatically as the End User navigates through the Services. Information collected may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
from third parties, for example, the PrePass® business partners and Telematic Service Providers

Information the End User Provides to PrePass®

The information PrePass® collects on or through the Services includes, but is not limited to:

information that the End User provides by filling in forms. This includes information that the End User provides when the End User creates User Account required to utilize the Services or requesting further assistance.
information that the End User provides when the End User make payments associated with the Services.
records and copies of the End User’s correspondence (including email addresses) if the End User contacts PrePass®.
the End User’s search queries on the Services.

Information PrePass® Collects Through Automatic Data Collection Technologies

As the End User navigates through and interacts with the Services, PrePass® may use automatic data collection technologies to collect certain information about the End User’s equipment, browsing actions, and patterns, including:

Device Attributes. Information such as the operating system, hardware, software versions, device carrier, and display sizes.
Device Operations. Information about operations and behaviors performed on the Services, such as whether a window is foregrounded or backgrounded, or mouse movements.
Usage Data. Usage data may include information such as the End User’s personal device’s IP address, browser type, browser version, the pages of the Services the End User visits, the time and date of the End User’s visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Identifiers. Unique identifiers, device IDs, and other identifiers such as associated provider account identifiers.
Data from a Mobile Device. PrePass® may collect data including the type of mobile device being used, the End User’s mobile device unique ID, the IP address of the End User’s mobile device, the End User’s mobile operating system, the type of mobile Internet browser the End User uses, unique device identifiers and other diagnostic data.
Data from Device Settings. Information the End User allows PrePass® to receive through device settings, such as access to the End User’s GPS location, camera, or photos.
Network and Connections. Information such as the name of the End User’s mobile operator or ISP, language, time zone, and IP address.
Fleet Tracking Data. Information PrePass® receives about the End User’s vehicle from Telematic Service Providers such as speed, trip distance, fuel consumption, etc.

The information PrePass® collects automatically is only statistical data and does not include End User Data, but PrePass® may maintain it or associate it with End User Data PrePass® collects in other ways or receive from third parties. It helps PrePass® to improve the Services and to deliver a better and more personalized service, including by enabling PrePass® to:

Estimate PrePass® audience size and usage patterns.
Store information about the End User’s preferences, allowing PrePass® to customize the Services according to the End User’s individual interests.
Speed up the End User’s searches.
Recognize the End User when the End User returns to the Services.

The technologies PrePass® uses for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of the End User’s computer. The End User may refuse to accept browser cookies by activating the appropriate setting on the End User’s browser. However, if the End User selects this setting, the End User may be unable to access certain parts of the Services. Unless the End User has adjusted the End User’s browser setting so that it will refuse cookies, the PrePass® system will issue cookies when the End User directs the End User’s browser to the Services.

THIRD-PARTY USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

Some content or applications, including advertisements, on the Services are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies, alone or in conjunction with web beacons or other tracking technologies, to collect information about the End User when End User uses the Services. The information they collect may be associated with End User Data or they may collect information, including End User Data, about the End User’s online activities over time and across different websites and other online services. They may use this information to provide the End User with interest-based (behavioral) advertising or other targeted content.

PrePass® does not control these third parties’ tracking technologies or how they may be used. If the End User has any questions about an advertisement or other targeted content, the End User should contact the responsible provider directly.

BUSINESS PURPOSES FOR COLLECTING INFORMATION

How PrePass® Uses End User’s Information.

The Services use End User Data and aggregate information:

To provide requested services to the End User;
To personalize features and content to make suggestions for the End User;
To provide the End User with useful content;
To ensure the proper functioning of the Services;
To analyze site operations;
To conduct state and site activity reports;
To offer and improve the Services;
To conduct product research and development of the Services;
To test the functionality of the Services;
To provide the End User with requested information or technical support;
To facilitate the End User’s movements during the End User’s use of the Services;
To diagnose problems with the End User’s servers or the Services;
To do a better job of advertising and marketing the Services;
To help PrePass® partners measure effectiveness and distribute their ads and services;
To verify accounts and activity;
To detect and prevent spam;
To promote safety and security on and off the Services;
To administer PrePass® websites;
To communicate to the End User;
To bill the End User for the Services;
In any other way PrePass® may describe when the End User provides this information; and
For any other purpose as provided in the updated versions of this Privacy Policy.

PrePass® may share any End User Data collected about the End User through the Services to facilitate and improve the Services along with the internal user site-related purposes including sending background location-based messages regarding app specific messages (such as tolling, weigh station information and road safety information).

Internal and Application-Related Usage

PrePass® uses information, including End User Data, for internal and Service-related purposes and may provide it to third parties. PrePass® may use and retain any data PrePass® collects to make and provide improvements.

Communications

PrePass® may send an email to the email address the End User provides to PrePass® to verify the User Account and for informational and operational purposes, such as account management, customer application, or system maintenance. PrePass® may also email the End User in response to activity on the Services. PrePass® may use information, including End User Data, to enable advertising and marketing, including to others both online and through other means.

Disclosure of Information

PrePass® may disclose aggregated information about PrePass® End Users, and information that does not identify any individual, without restriction.

PrePass® may disclose End User Data that PrePass® collects, or the End User provides, as described in this Privacy Policy:

To Third Parties. PrePass® works with third-party partners who help PrePass® provide and improve the Services. PrePass® will not sell or give End User Data to third parties for their use for purposes unrelated to PrePass® without the End User’s permission.
To Affiliated Companies. PrePass® may share End User Data about the End User with affiliated companies. PrePass® also may share End User Data with PrePass® suppliers, contractors and agents who perform functions on behalf of PrePass®, or in connection with the Services offered by PrePass® or a request made by the End User, including partners who use PrePass® analytics services and measurement partners.
To Vendors and Service Providers. PrePass® provides End User Data and content to vendors and service providers who support PrePass®, such as by providing technical infrastructure services, analyzing how the Services are used, providing customer service, facilitating payments or conducting surveys.
To Legal and Governmental Authorities for Legal Compliance. PrePass® may disclose End User Data as PrePass® considers necessary to comply with the law or governmental authorities, in connection with litigation or dispute resolution. PrePass® may access, preserve, and share End User Data with regulators, law enforcement or others in response to a legal request (like a search warrant, court order, or subpoena) if PrePass® has a good faith belief that the law requires PrePass® to do so. This may include legal requests from jurisdictions outside of the United States when PrePass® has a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.
To Protect PrePass®. PrePass® may access, preserve, and share End User Data with regulators, law enforcement or others when PrePass® has a good faith belief of fraud, violations of the PrePass® terms or policies, or other harmful or illegal activity; to protect PrePass® (including PrePass® rights, property, or products), the End User or others, including as part of investigations or regulatory inquiries, or to prevent death or imminent bodily harm. End User Data PrePass® receives about the End User can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation, or investigations of possible violations of the PrePass® terms or policies, or otherwise to prevent harm.
During a Merger, Sale, or Other Asset Transfers. If PrePass® is involved in a change in control, merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale assets, or transition of PrePass® to another provider, the End User information may be sold or transferred as part of such a transaction as permitted by law and/or contract. PrePass® cannot control how such entities may use or disclose such information. PrePass® will provide notice of any merger, sale, or asset transfer.
For Other Purposes. PrePass® may disclose End User Data for any other purpose disclosed by the End User when the End User provided the End User Data or as provided in the updated versions of this Privacy Policy.
Retention. PrePass® will retain End User Data only for as long as is necessary for the purposes set out in this Privacy Policy. PrePass® will retain and use End User Data to the extent necessary to comply with PrePass® legal obligations, resolve disputes, and enforce PrePass® legal agreements and policies.

Generally, Bypass Event Data collected during Service operations shall be retained for a period not to exceed 90 days beyond the end of the billing period, which normally covers a calendar month period, unless PrePass® is otherwise required by law or regulation to retain End User Data for longer. Bypass Event Data will be anonymized with respect to a specific carrier or vehicle only after (a) payment by or on behalf of the specific carrier of an unprotested billing has been received by the PrePass® Service Center, or (b) a protested billing has been resolved. Other data will be anonymized after the 90-day period.

End User Data is processed at PrePass® operating offices and in any other places where the parties involved in the processing are located. End User Data may be transferred to, and maintained on, computers located outside of the End User’s state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in the End User’s jurisdiction. The End User’s consent to the Privacy Policy followed by the End User’s submission of such information represents the End User’s agreement to that transfer.

Security. PrePass® will take all steps reasonably necessary to ensure that End User Data is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and PrePass® cannot ensure or warrant the security of any information the End User provides to PrePass®. PrePass® does not accept liability for unintentional disclosure. Do not share any information on or through the Services if End User is concerned about the unauthorized access to such information by a third party.

By using the Services or providing End User Data to PrePass®, the End User agrees that PrePass® may communicate with the End User electronically regarding security, privacy, and administrative issues relating to the End User’s use of the Services. If PrePass® learns of a security system’s breach, PrePass® may attempt to notify the End User electronically by posting a notice on the Website and the Application or by sending an email to the End User. The End User may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw the End User’s consent from receiving electronic notice), please notify PrePass® at [email protected].

International Users. By using the Services, the End User agrees to transfer data to the United States.
Choice of Law. By choosing to visit the Services or otherwise provide information to PrePass®, the End User agrees that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the law of the State of Arizona and the dispute resolution provisions set forth in the Terms of Use. If the End User is visiting from the European Union or other regions with laws governing data collection and use, please note that the End User is agreeing to the transfer of End User’s information to the United States and processing globally. PrePass® has employees, customers and suppliers in other countries. The management, operational and technical processes and systems used by PrePass® may involve transfer of information across borders. For example, End User Data the End User gives to PrePass® may be sent to systems outside the country in which the End User initially provided the information, and it may be processed and stored in a different country. Regardless of where the End User provides End User Data, PrePass® will take steps to handle it in a secure manner in accordance with this Privacy Policy and all applicable laws. These protections will be extended to any other future companies in which PrePass® operations take place. By providing the End User’s information the End User consents to any transfer and processing in accordance with this Privacy Policy.

END USER’S RIGHTS & CHOICES.

Cookies & Tracking Data

The Services are using the minimum amount of cookies required without the option to restrict. However, if more cookies are used, the End User may restrict PrePass® ability to use cookies and certain other types of data files by managing the cookie settings on the End User’s device or browser. Please note that if the End User creates such restrictions, all, or parts of the Services may not operate as intended (or at all).

Access

The End User may request information about End User Data PrePass® collected from the End User and how PrePass® used the End User Data in the last 12 months. If the End User makes such a request, then PrePass® will provide the End User with the categories of End User Data PrePass® collected in the last 12 months, along with the categories of any third parties with which PrePass® shared the data, the specific pieces of that data, as well as any other information of which PrePass® is required to provide to the End User by applicable law. PrePass® will respond within 45 days of receiving an End User Data request. Please note that the End User may only make an End User Data request twice within a 12-month period and PrePass® will need to collect information to verify the End User’s identity.

End User Data Used for a Business Purpose

In connection with any End User Data PrePass® discloses to a third party for a business purpose, the End User has the right to know the categories of information disclosed, categories of third parties to whom information was disclosed, and the categories of End User Data that PrePass® disclosed about the End User for a business purpose.

Deletion

The End User may request that PrePass® delete End User Data from PrePass® systems. PrePass® will comply with that request within a reasonable period, unless PrePass® has a legal right to retain that data (for example, to continue providing the Services to the End User, or to complete a transaction which the End User or Carrier initiated in the PrePass® systems).

Exercising End User’s Rights

If the End User wishes to withdraw the End User’s consent for the use and sharing of End User Data pursuant to this Privacy Policy, then the End User will need to cease all use of the User Account via the Services and deactivate the User Account by sending an email to [email protected]. The End User may opt out of having End User Data sold by selecting the “Do Not Sell My Personal Information” link located on the homepages of the Application and the Website.

Update End User’s Information/Pose a Question or Suggestion

If the End User would like to update or correct any End User Data that the End User has provided to PrePass® through the End User’s use of the Application or otherwise, or if End User has suggestions for improving this Privacy Policy, please send an email to [email protected].

Rights Under the European Union’s General Data Protection Regulation (GDPR).

If the End User is a “Data Subject” under the GDPR, then in addition to the rights outlined elsewhere in this Privacy Policy, the End User has the rights outlined in this section. If the End User has questions about any of these rights or if the End User would like to exercise any of these rights, please contact PrePass® using the contact information at the bottom of this Privacy Policy. Also please note that certain portions of the Services will not work for the End User unless the End User provides PrePass® with End User Data.

The End User has the right to be informed about what data PrePass® collects and how PrePass® uses it.
The End User has the right to request access to End User Data.
The End User has the right to have PrePass® rectify End User Data if it is inaccurate or incomplete.
The End User has the right to have PrePass® erase, remove, or delete End User Data.
The End User has the right to restrict PrePass® processing of End User Data as provided in the GDPR.
The End User has the right to object to certain uses of End User Data as provided in the GDPR.
The End User has the right to lodge a complaint with a supervisory authority that has jurisdiction over issues related to the GDPR.
To the extent the End User provided consent to PrePass® processing of End User Data, the End User has the right to withdraw that consent at any time. However, such withdrawal will not be effective with respect to lawful processing based upon consent that occurred prior to the End User’s withdrawal. (PrePass® requires only the information that is reasonably required to enter a contract with the End User. PrePass® will not require the End User to provide consent for any unnecessary processing a condition of entering a contract with PrePass®.)
PrePass® will only retain End User Data for as long as necessary for the purposes outlined in this Privacy Policy and the Terms of Use.

Rights Under the Personal Information Protection and Electronic Documents Act (PIPEDA)

If the End User is a resident of Canada, then in addition to the rights outlined elsewhere in this Privacy Policy, the End User has the rights outlined in this section. If the End User has questions about any of these rights or if the End User would like to exercise any of these rights, please contact PrePass® using the contact information at the bottom of this Privacy Policy.

The End User has the right to know the name, title, and contact information of the person who is accountable for the PrePass® privacy policies and practices as outlined under PIPEDA.
The End User has the right to know the name, title, and contact information of the person to whom access requests should be sent.
The End User has the right to any documents that explain the PrePass® policies, standards, or codes.
The End User has the right to know how the End User can gain access to End User Data.
The End User has the right to be informed about what End User Data PrePass® collects and its intended purpose.
The End User has the right to know what End User Data is disclosed to other organizations, including any third parties and subsidiaries, and why.
The End User has the right to withdraw consent, including consent given when privacy practices have been updated (subject to legal or contractual restrictions).
The End User has the right to have PrePass® rectify End User Data if it is inaccurate or incomplete.
The End User has the right to request access to End User Data. PrePass® is required to respond to the End User’s request within 30 days.
The End User has the right to have PrePass® erase, remove, or delete End User Data.
The End User has the right to submit complaints to PrePass® regarding the compliance with any of the Fair Information Principles.

POWER TO AMEND THIS PRIVACY POLICY

PrePass® reserves the right to revise this Privacy Policy at any time, so review it periodically.

Posting of Revised Privacy Policy

PrePass® will post any adjustments to the Privacy Policy on this page of the Website and Application, and the revised version will be effective when it is posted unless otherwise specified as set forth at the top of this Privacy Policy. PrePass® will notify the End User any adjustments to the Privacy Policy via the email address the End User has provided to PrePass®. If the End User is concerned about how the End User’s information is used, bookmark this page and read this Privacy Policy periodically. The End User is responsible for ensuring the End User’s continued acceptance of this Privacy Policy and the End User’s continued use of the Services following a change in the Privacy Policy will subject the End User’s use to any such change to the new provisions of this Privacy Policy.

New Uses of End User Data

From time to time, PrePass® may desire to use End User Data for uses not previously disclosed in the Privacy Policy. If the PrePass® practices change regarding previously collected End User Data in a way that would be materially less restrictive than stated in the version of this Privacy Policy in effect at the time PrePass® collected the information, PrePass® will make reasonable efforts to provide notice and obtain consent to any such uses as may be required by law.

CONTACT

If the End User has any questions or comments about this Privacy Policy, how PrePass® collects and uses the End User’s information, or the End User’s choices regarding the same, then the End User may contact PrePass® at:

Email: [email protected]

Phone Number: 1-800-PREPASS (1-800-773-7277)

By using the Services, the End User agrees that the End User’s use is subject to the terms of this Privacy Policy and the End User consents to the collection, use and storage of End User Data by PrePass® in accordance with this Privacy Policy and as may be more specifically explained on the Website and Application. PrePass® may change this Privacy Policy at any time and will display the changes here. Because the End User’s use of the Services after changes have been posted indicates the End User’s agreement with those changes, PrePass® encourages the End User to visit this Privacy Policy on a regular basis. If the End User is not comfortable with using the Services in accordance with this Privacy Policy, please cease all use of the Services immediately.

This Statement is effective August 21, 2024.

FAQs

I. What kinds of information does PrePass® collect?

Things the End User and others do and provide.

Information and content the End User provides including, but not limited to: End User Data, and the content, communications, and other information the End User provides when the End User creates a User Account. This can include information in or about the content the End User provides (like metadata), such as the date a file was created, file dimensions, file types. PrePass® systems automatically process content and communications the End User and others provide to analyze context and what is in them for the purposes of improving user experience.

Device Information.

As described below, PrePass® collects information from and about the computers, phones, and other web-connected devices the End User uses that integrate with the Services, and PrePass® combines this information across different devices the End User uses.

Information PrePass® obtains from these devices includes, but is not limited to:

Device attributes;
Device operations;
Usage data;
Identifiers;
Data from a mobile device;
Data from device settings;
Network and connections; and
Cookie data.

II. How does PrePass® use this information?

PrePass® uses the information PrePass® has (subject to choices the End User makes) as described below and to provide and support the Services. The information PrePass® collects is used:

To provide requested services to the End User;
To personalize features and content to make suggestions for the End User;
To provide the End User with useful content;
To ensure the proper functioning of the Services;
To analyze site operations;
To conduct state and site activity reports;
To offer and improve the Services;
To conduct product research and development of the Services;
To test the functionality of the Services;
To provide the End User with requested information or technical support;
To facilitate the End User’s movement during the End User’s use of the Services;
To diagnose problems with PrePass® servers or the Services;
To do a better job of advertising and marketing the Services;
To help PrePass® partners measure effectiveness and distribute their ads and services;
To verify accounts and activity;
To detect and prevent spam;
To promote safety and security on and off the Services;
To administer PrePass® websites;
To communicate to the End User;
To bill the End User for the Services;
In any other way PrePass® may describe when the End User provides this information; and
For any other purpose as provided in the updated versions of this Privacy Policy.

III. How is this information shared?

The End User’s information is shared with:

Third-Party Partners.
Affiliate Companies
Vendors and Service Providers
Legal and Governmental Authorities for Legal Compliance
Legal and Governmental Authorities to Protect PrePass®
Companies During Sale or Merger Transfers
Others as provided in the updated versions of this Privacy Policy.

IV. How can End User’s manage information about themselves?

PrePass® provides the End User with the ability to access, rectify, port and erase the End User’s data.
When the End User deletes the End User’s account, PrePass® deletes things the End User has posted, such as the End User’s photos or posts, and the End User will not be able to recover that information later. Information that others have shared about the End User is not part of the End User’s account and will not be deleted.
If the End User wishes to update the End User’s information, pose a question or suggestion, or withdraw the End User’s consent for the use and sharing of End User Data, please send an email to [email protected]

V. How do we respond to legal requests or prevent harm?

We access, preserve and share your information with regulators, law enforcement or others:

In response to a legal request (like a search warrant, court order or subpoena) if PrePass® has a good faith belief that the law requires PrePass® to do so. This may include legal requests from jurisdictions outside of the United States.
When PrePass® has a good faith belief it is necessary to: detect, prevent and address fraud, unauthorized use of PrePass® products, violations of PrePass® terms or policies, or other harmful or illegal activity; to protect PrePass® (including PrePass® rights, property, or products), the End User or others, including as part of investigations or regulatory inquiries, or to prevent death or imminent bodily harm.

VI. How will PrePass® notify End User’s of changes to this policy?

PrePass® reserves the right to update this Privacy Policy at any time. At a minimum, this Privacy Policy is updated annually. PrePass® will post changes on the Website and Application and send an email to the email address the End User provides to PrePass® to notify the End User of any changes to this Privacy Policy. The End User will receive an opportunity to review the revised Privacy Policy.

PREPASS PRIVACY POLICY

Effective (last updated) Date: June 4, 2025

We, PrePass Safety Alliance, an Arizona non-profit corporation (together with its affiliates and subsidiaries, “PrePass”, “we”, “us”, “our”) provide the following notice of our privacy practices.

Key Definitions

Throughout this Privacy Policy, we use the following terms with the following meanings:

State Privacy Laws means the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA”), the Texas Data Privacy and Security Act, Chapter 603A of the Nevada Revised Statutes, the Nebraska Data Privacy Act, and substantially similar state consumer privacy laws that may hereafter be applicable to us, and all laws implementing, supplementing, or amending the foregoing, including regulations promulgated thereunder.
Consumer (or you) an individual acting in a personal or household context who uses the PrePass Services and individuals acting in a business-to-business context, such as Customers and End Users of our PrePass Services who are residents of California.
Customer means the legal entity formed in, or the sole proprietor residing in, the United States or Canada that purchases or subscribes to the PrePass Services.
End Usermeans an individual authorized by a Customer to access and use the PrePass Services under PrePass’ agreement with the Customer. If you are the Customer and a natural person, then you also are an End User.
Customer and End User Data means all content and data (including Personal Information) in any form or medium that is provided by Customer or an End User to the Alliance in connection with access to and use of the PrePass Services but excluding Services Data.
Services Data means data generated by or derived from access to and use of the PrePass Services.
PrePass Services means PrePass Weigh Station Bypass (PrePass Bypass), PrePass Plus, PrePass Tolls, PrePass Toll Management Services, PrePass AG, PrePass app, and the PrePass Site.
PrePass Site means www.prepass.com, as well as any other website offered by PrePass that posts a link to this Privacy Policy.
PrePass Services Personal Information means Personal Information obtained from Customer and End User Data or Services Data.
Personal Information means information that identifies or can be used to identify an individual person or household.
Third-Party Services means third-party websites, apps, locations, platforms, code (e.g., plug-ins, application programming interfaces (“API”), and software development kits (“SDKs”)), or other services.

General Overview of the Privacy Policy

Part I of this Privacy Policy, the Pre-Collection Notice, describes our collection, use, and disclosure of Personal Information on an enterprise-wide level.

Part II of this Privacy Policy, the Additional Disclosures for PrePass Services, provides additional disclosures regarding our data practices to all users of, and visitors to, our PrePass Services that post a link to this notice, which includes supplements for persons outside of the U.S. (e.g., Canada).

Part III of this Privacy Policy describes Consumers’ privacy rights under State Privacy Laws that apply to us (“State Privacy Rights”) and how to exercise them.

Part IV contains general notices for all Customers, End Users, and Consumers.

Collectively, Parts I-IV are our “Privacy Policy.”

Additional notices may be made at the point of collection, in which case those will supplement this Privacy Policy and govern that collection in the event of a conflict with this main Privacy Policy. Capitalized terms used but not defined herein will have the meanings given to them in applicable laws where we are subject to such laws, which may differ from one applicable jurisdiction to another. Please review our Website Terms of Use (https://prepass.com/terms-of-use) and Terms of Service for PrePass Services (https://prepass.com/prepass-terms), which govern your use of the PrePass Site and PrePass Services (excluding the PrePass Site), respectively. By using the PrePass Services, you acknowledge this Privacy Policy and our collection, use, and disclosure of Personal Information.

Pre-Collection Notice
Additional Disclosures for PrePass Services
State Privacy Rights
General Notices

I. PRE-COLLECTION NOTICE

This Pre-Collection Notice is designed to provide Consumers, as defined under State Privacy Laws, other than our Personnel, with notice of our Personal Information practices over the prior 12 months (from the Effective Date), including through PrePass online and offline business activities (the “Business Activities”), and to meet the notice requirements of the State Privacy Laws.

If PrePass’ processing materially changes between updates to this Pre-Collection Notice, PrePass will provide a supplemental notice when or before the changes apply. Otherwise, this Pre-Collection Notice serves as our notice at collection (i.e., pre-collection notice).

1. Notice of Personal Information Practices

This Pre-Collection Notice does not apply to data that is collected in a HR context. If you are a current or former employee, independent contractor, intern, job applicant, or if we have collected data from you or about you otherwise in the HR context (e.g., emergency contact or beneficiary information) (“Personnel”), and are currently residing in California, or another jurisdiction that requires HR privacy notices, you may request notice of our HR privacy practices by contacting your local HR representative, or contact us as set forth in Part IV.

This Pre-Collection Notice does not apply to data that is not treated as Personal Information, or to the extent the data is subject to an exemption, under applicable State Privacy Laws.

Generally, the processing purposes for which we collect, retain, use, disclose and otherwise Process your Personal Information in connection with our Business Activities, including to provide you, or to promote, our products and services and as otherwise related to the operation of our business, which includes both Business Purposes, and Commercial Purposes such as Sharing with Third-Party Digital Businesses, each as more fully explained in Section 2. This may include disclosing or otherwise making available Personal Information to our vendors that perform services for us in their role as “Service Providers” or “Processors”, as the terms are defined under State Privacy Laws (collectively, “Processors”), as well as to third parties, each as more fully explained in Section 3.

The categories of sources from which we Collect your Personal Information include: you, other Consumers, your employer (in the business-to-business context), our Processors, other of our vendors and Third Parties, including Third-Party Digital Businesses (defined below).

To learn about your State Privacy Rights and how to exercise them see Part III, which includes a notice of how to exercise Do Not Sell/Share/Target Opt-out rights.

2. Processing Purposes

Generally, we collect, retain, use, and disclose your Personal Information to provide you our products and services, or information about them, and as otherwise related to the operation of our business, including for one or more of the following “Business Purposes”:

Providing Products or Services: Operating or distributing PrePass Services; processing or fulfilling transactions; administering accounts; providing customer service; verifying customer information and accounts; and processing payments.
Managing Interactions and Transactions: Performing services on behalf of the business, including maintaining or servicing PrePass Services accounts and providing customer service; providing technical support; verifying customer information; processing payments; providing analytics services; and customizing your experience; features, offers and content.
Security and Debugging: Helping to ensure the security and integrity of our systems and data to the extent the use of the Consumer’s Personal Information is reasonably necessary and proportionate for these purposes; debugging to identify and repair errors that impair existing functionality; detect and prevent spam; and promote safety and security.
Advertising and Marketing: Auditing related to counting ad impressions to unique visitors; verifying positioning and quality of ad impressions; and auditing compliance with State Privacy Laws; short-term transient use including, but not limited to, providing advertising and marketing services, except for cross-context behavioral advertising (i.e., targeted advertising), which is a separate commercial purpose described below for which there is a right to opt-out); and customizing your experience, offers, and content.
Quality Assurance: Undertaking activities to verify or maintain the quality or safety of our products and services; and to improve, upgrade, or enhance our products or services.
Research and Development: Undertaking internal research for technological development and demonstration.
Operation of our Business: For our additional legitimate Business Purposes that are compatible with the purposes of collecting your Personal Information and that are not prohibited by law in the context that is not a “Sale,” “Share” or “Targeted Advertising” under State Privacy Laws, such as disclosing it to a person that processes Personal Information on our behalf, such as our Processors; to the Consumer; or to other parties at the Consumer’s direction or through the Consumer’s action; for additional purposes explained at the time of collection (such as in the applicable privacy policy or notice); as required or permitted by applicable law; to the government or private parties, including litigants, to comply with law or legal process or to protect or enforce legal rights or obligations or prevent harm; and to assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”); or otherwise with your consent (“Additional Business Purposes”). Subject to restrictions and obligations under State Privacy Laws, our Processors may also use your Personal Information for Business Purposes and other purposes permitted by law and may engage their own vendors to enable them to perform services for us.

For more detail on processing purposes and activity details in connection with our PrePass Services, see Part II, below.

We may also use and disclose your Personal Information, regardless of the other purposes for which we collect it, for “Commercial Purposes,” which may be considered a “Sale” or “Share” or “Targeted Advertising” under applicable State Privacy Laws, when Third-Party Digital Businesses collect your Personal Information, including via third-party cookies, or we otherwise make it available to them. Under State Privacy Laws some of these processing disclosure activities do not qualify as Business Purposes disclosures and are subject to a right to opt-out. The specific purpose for this Selling or Sharing is to help us and others provide you with more relevant content and marketing messages (e.g., Targeted Advertising), and related activities and when we and third parties process your Personal Information for certain advertising purposes (e.g., creating profiles and inferences, measurement, some types of analytics, conversion tracking, audience extension, etc.) and the parties we disclose it to are detailed, by type of Personal Information, in Section 3. For more information on the meaning of Selling, Sharing, and Targeted Advertising and how to adjust your preferences with respect to such processing, please refer to the Do Not Sell/Share/Target Opt-out subsection of the State Privacy Rights Section.

The Business Purposes and Commercial Purposes for processing described above may apply to all categories of your Personal Information, other than Sensitive Personal Information (defined below), but we detail our disclosures (including Selling and Sharing), and also detail our Sensitive Personal Information processing purposes, by Personal Information type in the chart that follows in the next section for additional transparency.

3. Collection, Disclosure and Retention of Personal Information – By Category of Personal Information

The table below describes the categories of Personal Information we collect and examples of data types that fit within each category and corresponding categories of recipients of Personal Information to which we disclose for Business Purposes and/or Sale or Share if applicable.

Category of Personal Information	Examples of Personal Information Collected and Retained	Categories of Recipients
Identifiers	First and last name, postal address, unique personal or online identifier, IP address, email address, and account name.	Disclosures for Business Purposes: Processors (e.g., cloud storage vendors, IT vendors, email/messaging, customer support providers, data analytics and marketing vendors) (“Operational Vendors”); Other members of our corporate group, and/or other parties in connection with a Corporate Transaction (“Corporate Recipients”); Governmental entities (e.g., to provide PrePass Services or making requests pursuant to legal or regulatory process) (“Government”); and/or Other parties (e.g., professional advisors (accountants and lawyers), litigants and where you have directed or caused the disclosure) within the limits of Additional Business Purposes (“Other Business Recipients”). Sale/Share: Third-Party Digital Businesses
Personal Records	Name, signature, address, telephone number, financial information (e.g., payment card information), VIN. Some Personal Information included in this category may overlap with other categories.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Third-Party Digital Businesses
Personal Characteristics or Traits	In some circumstances, we may collect Personal Information that is considered protected under U.S. law, such as age, gender, nationality, race, or information related to medical conditions, but only when the information is relevant for our Business Activities. We abide by the legal requirements imposed under applicable law regarding such information.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Commercial Information	Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Third-Party Digital Businesses
Internet or Other Electronic Network Activity Information	Browsing or search history, information regarding the Consumer’s interaction with online services or advertisements.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Third-Party Digital Businesses
Geolocation Data	If you interact with us online, we may gain access to the approximate, and sometimes precise, location of the device you are using.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Audio, Electronic, Visual, or Sensory Information	Such as CCTV recordings in our offices and customer service recordings.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Professional or Employment Information	Professional, educational, or employment-related information	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Inferences from Personal Information Collected	Inferences drawn from Personal Information to create a persona about a consumer reflecting their preferences.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Third-Party Digital Businesses

We collect and process Personal Information that is “Sensitive” under State Privacy Laws (“Sensitive Personal Information”). The table below describes the categories and examples of Sensitive Personal Information we collect and recipients of the same. We process Sensitive Personal Information for the following purposes: Providing Products or Services; Managing Interactions and Transactions; Security and Debugging; Quality Assurance; Research and Development; and Operation of our Business.

Category of Sensitive Personal Information	Examples of Sensitive Personal Information	Categories of Recipients
Government Issued Identifiers	Social Security number, driver’s license, state identification card, or passport information	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Account Log-in	Username and password to PrePass Services account	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Financial Data	Your account log-in, financial account, debit or credit card number in combination with any required security or access code, password, or credentials allowing access to an account	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Precise Geolocation	Any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of between 1,750 – 1,850 feet. Precise geolocation may include, but is not limited to, GPS that provides the Consumer’s latitude and longitude coordinates.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Sensitive Personal Characteristics	A Consumer’s citizenship.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared
Biometric Data	The processing of biometric information for the purpose of uniquely identifying a Consumer in the context of ID verification purposes.	Disclosures for Business Purposes: Operational Service Providers; Corporate Recipients; Government; and/or Other Business Recipients. Sale/Share: Not Sold / Shared

There may be additional information we collect that meets the definition of Personal Information under applicable State Privacy Laws but is not reflected by a category above, in which case we will treat it as Personal Information as required, but will not include it when we describe our practices by Personal Information category. As permitted by applicable law, we do not treat deidentified or aggregate data as Personal Information and we reserve the right to convert, or permit others to convert, your Personal Information into deidentified or aggregate data, and may elect not to treat publicly available information as Personal Information. We will not attempt to reidentify data that we maintain as deidentified.

4. Retention Period

Because there are numerous types of Personal Information in each category, and various uses for each Personal Information type, actual retention periods vary by purpose not by data type and, accordingly, the retention periods cannot be meaningfully provided by category of Personal Information. We retain specific Personal Information pieces based on how long we have a legitimate purpose for the retention, which includes the period of time we need to process the Personal Information to meet the processing purposes, plus limited retention thereafter to comply with law, maintain business and legal records and defend or bring potential legal claims. Our retention practices are more fully outlined in our Retention Schedule (https://prepass.com/retention-policy).

II. ADDITIONAL DISCLOSURES FOR PREPASS SERVICES

This Part II applies to all users of our PrePass Services, regardless of whether you are a resident of a state with State Privacy Laws, including Customers and End Users. It is a supplement to our other privacy policies and notices and is part of our main Privacy Policy. In the event of a conflict between any other PrePass policy, statement, or notice and this Part II, this notice will prevail as to data collected by our PrePass Services, except where additional notices are posted at collection that are said to modify or supplement this notice.

This Part II applies to PrePass Services Personal Information. To the extent we combine your PrePass Services Personal Information with data we receive outside of the PrePass Services or with deidentified data, we will treat the combined data as PrePass Services Personal Information and apply this Part II to such combined data, unless we have disclosed otherwise. As permitted by applicable law, we do not treat PrePass Services Personal Information that has been deidentified or aggregated as Personal Information and we reserve the right to convert, permit others to convert, your PrePass Services Personal Information into deidentified or aggregate data. We will not attempt to reidentify data that we maintain as deidentified.

1. Data We Collect

PrePass and the third parties we have retained to perform or provide certain services or functions to us (“Vendors”) collect PrePass Services Personal Information in a number of ways:

a. Data That You Provide

We collect PrePass Services Personal Information from you when you interact with, or submit your data through, the PrePass Services, such as when you fill out forms (e.g., Contact Us form); correspond with us by phone, e-mail or otherwise; subscribe to notifications (e.g., email alerts); search for content; interact with our social media functions on the PrePass Services; participate in contests, sweepstakes and other promotions; and when you report a problem with our PrePass Services. The PrePass Services Personal Information you give us may include, but is not limited to, your legal name, mailing address, email address, phone number, date of birth, biometric records, driver’s license information, VIN, the content of your communication, and any other data you choose to provide to us. You are responsible for ensuring the accuracy of the data you submit to PrePass. Inaccurate data may affect your ability to use the PrePass Services, the data you receive when using the PrePass Services, and our ability to contact you. For example, your email address should be kept current.

b. Other Data Collected About You

When you access or use the PrePass Services, PrePass, our Vendors, and/or Third-Party Services, may automatically collect the following data (note, however, that the privacy policy of that Vendor and/or Third-Party Service also apply to your interaction):

Usage data, including the URL from which you linked to the PrePass Service, how you use and interact with the Online Service, what pages you visit, and which hyperlinks you click. We and others may collect usage data to analyze usage trends to understand how individuals use the PrePass Service to help us improve the user experience, better serve you more relevant content and ads, and to provide customer assistance and technical support.
Technical data, including data regarding your Internet Protocol (“IP”) address, device type, device operating system, browser type you use to access the Services, the unique device identifier (“UDID”) or mobile equipment identifier (“MEID”) for your mobile device, and other data (“Device Identifiers”). We and others may use such Device Identifiers to associate data collected via different devices, or during separate interactions with us on the PrePass Services on the same device.
Data about you from cookies and other similar tracking technologies (e.g., pixels, embedded scripts, etc.), which may be considered Personal Information under applicable laws, to distinguish you from other users of the PrePass Service, to improve your experience on and off of the PrePass Service, including to serve you more relevant content and ads, to improve the PrePass Service, and our other products and services, and for other functions.

PrePass, and our Vendors and Third-Party Services, may use cookies and other tracking technologies to help us collect data about interactions with the PrePass Service, other online services, and/or our emails, including data about your browsing and information or service request behaviors. These methods enable PrePass to serve you better and more efficiently, and to personalize your experience. These methods may include:

A cookie is a small text file that is stored on a user’s device, which may be session ID cookies or tracking cookies. Session cookies make it easier for you to navigate the PrePass Services and expire when you close your browser. Tracking and other persistent cookies remain longer and help in understanding how you use the PrePass Services, enhance your user experience, and perform other functions such as facilitating analytics and Targeted Advertising and remembering you and your preferences when you return. Persistent cookies may remain on your device for an extended time. The PrePass Services may associate some or all types of these cookies with your devices. If you use your browser’s method of blocking or removing cookies, some but not all types of cookies may be deleted and/or blocked, which may cause some PrePass Services features and functionalities to not work.
Web Beacons/Tracking Pixels (“Pixels”). Pixels are small graphic images, also known as “Internet tags” or “clear gifs”, embedded in webpages and e-mail messages. Pixels may be used, without limitation, to count the number of visitors to the PrePass Services, to monitor how users navigate the PrePass Service, to determine if our emails are opened, and to count content views.
Embedded Scripts. An embedded script is programming code designed to collect information about your interactions with the PrePass Services. It is temporarily downloaded onto your device from PrePass’s web server, or from a third party with which PrePass works, and is active only while you are connected to the PrePass Services and deleted or deactivated thereafter.
Location-Identifying Technologies. Our PrePass Services may provide you the ability to enable location-identifying technologies, for example, to allow our PrePass Site to approximately geolocate you . To stop utilizing, or to change the settings on your browser with respect to location-identifying technologies, you can change your device or browser preference settings.
Device Recognition Technologies. Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID) that attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household) (“Cross-device Data”).
In-App Tracking Methods. There are a variety of tracking technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifiers, or other identifiers such as “Ad IDs,” or may use “SDKs,” to associate app user activity to a particular app and to track user activity across apps and/or devices. SDKs are blocks of code that may be installed in our mobile application by third party companies with which we work. SDKs help us understand how you interact with our mobile application and collect certain information about the device and network you use to access our application, such as the advertising identifier associated with your device and information about how you interact with our application.
Device and Activity Monitoring. Technologies that monitor, and may record, certain of your interactions with the PrePass Services, and/or collect and analyze information from your device, such as, without limitation, your operating system, plug-ins, system fonts, and other data, for purposes such as identification, security, fraud prevention, troubleshooting, tracking and/or improving the PrePass Services and customizing or optimizing your experience on the PrePass Services. This may also include technologies that monitor and record usage sessions to help us better understand, track, and improve the usage of our PrePass Services.

We are giving you detailed notice of the tracking technologies and your choices regarding them so that your consent is meaningfully informed. For information on how to exercise preferences as to our features, functionality, and communications, see Choices: Tracking and Communications Options. For more information on Third-Party Services’ data collection and practices, and the choices they may offer you, please refer to the Third-Party Services section.

c. Data We Receive from Third Parties

PrePass may receive Personal Information about you from third parties, including your contacts and others who use the PrePass Services, when they submit data to us or otherwise interact with the PrePass Services. We may also collect Personal Information about you from other sources, including from companies that can help us correct or supplement our records, improve the quality or personalization of our PrePass Services to you, help prevent or detect fraud, and from third parties that offer an electronic system used to transmit or receive data from a moving vehicle (“Telematic Service Provider”). To the extent we combine this Personal Information with other data, we will treat it as PrePass Services Personal Information and apply this Part II to such combined data, unless we have disclosed otherwise.

2. How We Use Your PrePass Services Personal Information

PrePass may use data about you, including PrePass Services Personal Information, for any purposes not inconsistent with PrePass’s statements under this Part II, or otherwise made by us in writing at the point of collection, to the extent permitted by applicable law including, without limitation, the following:

To provide requested services;
To personalize features and content to make suggestions;
To provide useful content;
To ensure the proper functioning of the PrePass Services;
To analyze site operations;
To conduct and provide state and site activity reports;
To offer and improve the PrePass Services;
To conduct product research and development of the PrePass Services;
To test the functionality of the PrePass Services;
To provide requested information or technical support;
To facilitate the Customer and End User’s movements during the Customer’s and End User’s use of the PrePass Services;
To diagnose problems with the Customer’s and End User’s servers or the PrePass Services;
To do a better job of advertising and marketing the PrePass Services;
To help PrePass partners measure effectiveness and distribute their ads and services;
To verify accounts and activity;
To detect and prevent spam;
To promote safety and security on and off the PrePass Services;
To administer PrePass websites;
To communicate to the Customer and End User;
To bill the Customer and End User for the PrePass Services;
In any other way PrePass may describe when the Customer and End User provides this information;
For auditing, compliance and legal purposes, to protect the rights and property of PrePass, its partners and customers and other users of the PrePass Services and to investigate potential violations of and to enforce our Website Terms of Use and Terms of Service for PrePass Services;
To detect, investigate and prevent activities that may violate our policies, pose safety issues or be fraudulent and illegal;
To respond to requests from legal and regulatory enforcement authorities, as appropriate and to the extent permitted or required by law; and/or
For all other purposes related to our business that are reasonably proportional to the forgoing purposes, or otherwise subject to your consent.

3. How We Disclose Your Online Services Personal Information

We may disclose your PrePass Services Personal Information as described in Part I (Pre-Collection Notice) of our Privacy Policy, and for any purpose not inconsistent with our statements under this Part II, or statements otherwise made by us in writing at the point of collection, and not prohibited by applicable law. We disclose PrePass Services Personal Information to Vendors. Other instances when we may disclose any PrePass Services Personal Information to outside parties include:

When we reasonably believe that such disclosure is permitted or required by law or pursuant to legal process or is necessary in connection with actual or threatened litigation or to protect PrePass or third parties.
We may disclose your PrePass Services Personal Information to third parties in connection with a Corporate Transaction or under similar circumstances.
In connection with the purposes set forth in the How We Use Your PrePass Services Personal Information section, above.

4. Choices: Tracking and Communications Options

a. Tracking Technologies Generally

Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options, so you may need to set them separately. Please be aware that if you disable or remove these technologies, some parts of the PrePass Services may not work and that when you revisit the PrePass Services, your ability to limit browser-based tracking technologies is subject to your browser settings and limitations. Accordingly, you may want to consider the more limited opt-out choices noted in the next section.

Some app-related tracking technologies in connection with non-browser usage (e.g., most functionality of the PrePass app) can only be disabled by uninstalling the PrePass app. To uninstall the PrePass app, follow the instructions from your operating system or handset manufacturer. Apple and Google mobile device settings have settings to limit ad tracking, and other tracking, but these may not be completely effective.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, PrePass currently does not alter PrePass’s practices when PrePass receives a “Do Not Track” signal from a visitor’s browser. However, we do honor browser signals, known as “Global Privacy Controls,” and provide cookie preference tools on our PrePass Site as more fully explained in the Do Not Sell/Share/Target Opt-out subsection of the State Privacy Rights Section.

Some third parties, however, may offer you choices regarding their tracking technologies. For specific information on some of the choice options offered by third party analytics and advertising providers, see the next section. We do not represent that these third-party tools, programs or statements are complete or accurate.

You will need to set preferences on each device that you use to access our PrePass Services and clearing cookies on your browser(s) may disable some preference settings.

b. Analytics and Advertising Tracking Technologies

PrePass may engage and work with Vendors and other third parties to serve advertisements on the PrePass Services and/or on other online services. Some of these ads may be tailored to your interest based on your browsing of the PrePass Services and elsewhere on the Internet, which may include use of precise location and/or Cross-device Data, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”). This may include sending you an ad on another online service after you have left our PrePass Services (i.e., “retargeting”).

You may choose whether to receive some Interest-based Advertising by submitting opt-outs through the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, including use of Cross-device Data for serving ads, visit http://www.aboutads.info/choices/, and http://www.aboutads.info/appchoices for information on the DAA’s opt-out program specifically for mobile apps (including use of precise location for third party ads). Please be aware that, even if you opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads, including Targeted Advertising. Opting out only means that those selected DAA members should no longer deliver certain Interest-based Advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks) or have your Personal Information Sold, Shared or Processed for Targeted Advertising. Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your DAA browser-based opt-out may not, or may no longer, be effective. PrePass supports the DAA’s Self-regulatory Principles for Online Behavioral Advertising and expects that ad networks PrePass directly engages to serve you Interest-based Advertising will do so as well, though PrePass cannot guaranty their compliance. Also note that the DAA program is national and not the same as Do Not Sale/Share/Target Opt-out Rights under State Privacy Laws Residents of states with State Privacy Laws have broader opt-out rights that will more effectively limit Targeted Advertising, as more fully explained in the Do Not Sell/Share/Target Opt-out subsection of the State Privacy Rights Section.

You may exercise choices regarding the use of cookies from Adobe Analytics by going to http://www.adobe.com/privacy/opt-out.html under the section labeled “For End Users of business using Adobe Experience Cloud.”

We may also use Google Ad Services. To learn more about the data Google collects and how your data is used by it and to optout of certain Google browser Interest-Based Advertising, please visit: http://www.google.com/settings/ads.

We may also use Microsoft Advertising Services. To learn about the data Microsoft collects and how your data is used by it and to opt-out of certain Microsoft browser Interest-based Advertising, please visit: https://privacy.microsoft.com/en-us/privacystatement.

In addition, we may serve ads on other online services that are targeted to reach people on those services that are also identified on one of more of our data bases (“Matched List Ads”). This is done by using tracking technologies or by matching common factors between our databases and the databases of the other online services. For instance, we may use such ad services offered by Meta (Facebook and Instagram) or X and other Third-Party Services, which may offer user controls that you can use to limit Matched List Ads. We are not responsible for these Third-Party Services, including without limitation their security of the data or their failure to comply with your or our opt-out instructions, they may not give us notice of opt-outs to our ads that you give to them, and they may change their options without notice to us or you.

PrePass may use Google Analytics or other Vendors for analytics services. These analytics services may use cookies and other tracking technologies to help PrePass analyze users and how they use the PrePass Services. Data generated by these analytics services (e.g., your IP address and usage data) may be transmitted to and stored by these Vendors on servers in the U.S. (or elsewhere) and these Vendors may use the data for purposes such as evaluating your use of the PrePass Services, compiling statistic reports on the PrePass Services’ activity, and providing other services relating to PrePass Services activity and other Internet usage. PrePass is not responsible for, and makes no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Vendors and Third-Party Services associated with the PrePass Services, and encourages you to familiarize yourself with and consult their privacy policies and terms of use.

Residents of certain U.S. states have additional, more comprehensive, rights more fully explained in the Do Not Sell/Share/Target Opt-out subsection of the State Privacy Rights Section. Users from Canada should review Section 6, below for additional rights that may apply to them.

c. Communications

You can opt-out of receiving certain promotional communications (emails or text messaging) from us at any time, as applicable.

Promotional Emails. To opt out of promotional emails, follow the instructions provided in emails or by clicking on the “Unsubscribe” link, or if available by changing your communication preferences by logging into your account.
Text Messages. To opt out of receiving our text messages, text the word “STOP” in response to a text we send you, and follow any other opt-out instructions provided in the text messages we send you.

Please note that your opt-out is limited to the email address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt-out of receiving promotional communications, we may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or our ongoing business relations.

d. PrePass app Features and Functionality

The PrePass app processes the Personal Information outlined in Part I, Section 3 of this Privacy Policy, except for Audio, Electronic, Visual, or Sensory Information, Biometric Data, and Sensitive Personal Characteristics. The PrePass app’s features and functionality, and its related data collection, can be terminated by uninstalling the PrePass app. You may also delete your Account within the PrePass app when available. The deletion of your Account will delete, subject to certain exceptions, the Personal Information processed through the App including data obtained via Third-Party Services. You can also Contact Us to request deletion of your Account. You can use the PrePass app’s or your device’s settings to set and change some settings and control some functions, such as enabling or disabling certain features (e.g., “tracking”, Bluetooth, location-based services, push notifications, etc.).

5. Third-Party Services

This Part II only applies to the processing activities of PrePass through the PrePass Services. The PrePass Services may include or link to Third-Party Services. These Third-Party Services may use their own cookies, web beacons, and other tracking technologies to independently collect data about you and may solicit Personal Information from you.

Certain functionalities on the PrePass Services may permit interactions that you initiate between the PrePass Services and certain Third-Party Services, such as third-party social networks (“Social Features”). Examples of Social Features include: enabling you to send content such as contacts and photos between the PrePass Services and a Third-Party Service; “liking” or “sharing” PrePass’s content; logging in to the PrePass Services using your Third-Party Service account (e.g., using Facebook Connect to sign-in to the PrePass Services); and to otherwise connect the PrePass Services to a Third-Party Service (e.g., to pull or push information to or from our PrePass Service). If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the PrePass Services or by the Third-Party Service that you use. Similarly, if you post information on a Third-Party Service that references the PrePass Services (e.g., by using a hashtag associated with PrePass in a post or status update), your post may be used on or in connection with the PrePass Services or otherwise by PrePass. Also, both PrePass and the third party may have access to certain data about you and your use of the PrePass Services and any Third-Party Service.

6. Additional Notices for Users Outside of the U.S.

Canada:

We may process your residence or citizenship status as a resident of Canada. If you are a resident of Canada you have the right to access your Personal Information and request the correction of inaccurate information (subject to limited exceptions set out in applicable laws), and have other rights in relation to your Personal Information. Depending on which province you reside in, you may also be entitled to request the rectification of your Personal Information, and to have your Personal Information forgotten, anonymized or de-indexed.

We make reasonable efforts to ensure that your Personal Information is accurate and complete when it is under our control, but also depend on you to provide us with accurate information. To access and correct your Personal Information, please contact us at the email address noted at the end of this Privacy Policy. Following receipt of a request from you, we will take reasonable steps to update or correct their information. You can also edit certain information collected about you through our PrePass Services by editing your information and preferences in your account, but this will not change other databases.

If you are a resident of Canada, you may withdraw your consent to the collection, use and disclosure of your Personal Information in accordance with this Privacy Policy at any time by contacting us, in writing, at the address specified at the end of this notice, subject to legal or contractual restrictions. Keep in mind that by withdrawing your consent (in whole or in part) to our collection, use or disclosure of your Personal Information, we may no longer be able to provide you with the products or services you requested.

All non-U.S. Users: We are based in the U.S. and the information we and our Vendors collect via the PrePass Services is governed by U.S. law. If you are accessing our PrePass Services from outside of the U.S., please be aware that information collected through the PrePass Services may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. Your use of the PrePass Services, or provision of any information therefore, constitutes your acknowledgement of the transfer to and from, processing, usage, sharing, and storage of your information, including Personal Information, in the U.S. (and potentially other territories worldwide) as set forth in this Privacy Policy.

7. Data Security and Monitoring

PrePass maintains reasonable administrative, technical and physical safeguards to protect your Personal Information against loss, misuse, unauthorized access, disclosure, alteration or destruction. Nevertheless, transmission via the Internet and online digital storage are not completely secure and PrePass does not guarantee the security of your Personal Information or of the PrePass Service.

To help protect you and others, PrePass and its Vendors may (but make no commitment to) monitor use of the PrePass Service, and may collect and use related information for all purposes not prohibited by applicable law or inconsistent with this Privacy Policy, including, without limitation, to identify fraudulent activities and transactions; prevent abuse of, and investigate and/or seek prosecution for, any potential threats to or misuse of the PrePass Service; ensure compliance with the Website Terms of Use or Terms of Service for PrePass Services; investigate violations of or enforce these policies; improve the PrePass Services and your user experiences, and to protect the rights and property of PrePass, third parties, and other users. Monitoring may result in the collection, recording, and analysis of online activity or communications through our PrePass Services. If you do not accept these conditions, you must discontinue your use of the PrePass Services.

8. Children and Teens

Our PrePass Services are intended for individuals who are of the age of majority in the jurisdiction in which they reside, and are not directed at, marketed to, nor intended for children, teens, or other minors. PrePass does not knowingly collect any data, including PrePass Services Personal Information, from children or other minors. We do not knowingly Sell or Share, or use for Targeted Advertising, the Personal Information of / from Child-Aged or other similar term (as defined by the applicable State Privacy Law) Consumers. If you believe that we have inadvertently collected data from a minor, please contact us, and we will take immediate steps to delete or otherwise treat the data as required by applicable law. Some State Privacy Laws provide additional consideration for children and teens.

III. STATE PRIVACY RIGHTS

Subject to meeting the requirements for a Verifiable Consumer Request (defined below) and limitations permitted by State Privacy Laws, PrePass provides Consumers—which are, for clarity, residents of California, Kentucky, Texas, and states with subsequently enacted applicable laws—the privacy rights described in this section.

1. Consumer Privacy Rights Request Process

We provide rights to Consumers as required by State Privacy Laws. For residents of states without applicable State Privacy Laws, or where we are not subject to a state’s jurisdiction (e.g., we do not meet applicability thresholds) we will consider requests but will apply our discretion with respect to if and how we process such requests. We will consider applying state law rights prior to the effective date of such laws but will do so in our discretion.

a. Making a Request and Scope of Requests

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, complete our Consumer Rights Request Form at https://prepass.com/privacy-center, email us at [email protected], or contact us via phone by calling (800) 773-7277. However, for cookie-data Do Not Sell/Share/Target you must exercise a separate opt-out request via our consent management tool, which is accessible via the “Your Privacy Choices” link on the footer of our websites and the menu of our mobile apps or use GPC signals as explained in the section above. Please respond to any follow-up inquiries we make to help us complete your request. Except as described in the Privacy Policy, we do not accept or process requests through other means (e.g., via fax, chats, or social media, etc.).

b. Verification of Your Request

As permitted or required by State Privacy Laws, certain request you submit to us must be a “Verifiable Consumer Request,” meaning when you make a request, we may ask you to provide verifying information, such as your name, email, phone number, account and/or transaction information. We will review the information you provided and may request additional information (e.g., customer history) via email or other means to ensure we are interacting with the correct individual. We will not fulfill your Right to Know (Categories) / Confirm Processing, Right to Know (Specific Pieces), Right to Delete, or Right to Correct request(s) unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected Personal Information. Only you, or someone legally authorized to act on your behalf (your authorized agent), may make a Verifiable Consumer Request related to your Personal Information or the Personal Information of your child. We do not verify Do Not Sell/Share/Target opt-outs, ADM/Profiling Opt-outs, but we may apply authentication measures if we suspect fraud (such as verifying access to the email address or phone number provided when making the request).

We verify each request as follows:

Right to Know/Access (Categories) (California residents only) / Confirm Processing: We verify your request to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us that we have determined to be reliable for the purpose of verifying you. If we cannot do so, we will refer you to this Privacy Policy for a general description of our data practices.
Right to Know (Specific Pieces) /Access / Transportable Copies: We verify your request to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us that we have determined to be reliable for the purpose of verifying you together with a signed declaration under penalty of perjury that you are the Consumer whose Personal Information is the subject of the request. If you fail to provide requested information, we will be unable to verify you sufficiently to honor your request, but we will then treat your request as a Right to Know (Categories) request.
Do Not Sell/Share/Target: No specific verification required unless we suspect fraud.
Opt-out of Automated Decision Making / Profiling: No specific verification required unless we suspect fraud.
Right to Delete: We verify your request to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, depending on the sensitivity of the Personal Information and the risk of harm posed by unauthorized deletion. If we cannot verify you sufficiently to honor a deletion request, you can still make a Do Not Sell/Share/Target opt-out request.
Right to Correct: We verify your request to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, depending on the sensitivity of the Personal Information and the risk of harm posed by unauthorized correction.

To protect Consumers, if we are unable to verify you sufficiently, we will be unable to honor your request. We will use Personal Information provided in a Verifiable Consumer Request only to verify your identity and authority to make the request and to track and document request responses unless you also gave it to us for another purpose.

c. Authorizing an Agent

Only you, or someone legally authorized to act on your behalf, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you, in accordance with the Verification of Your Request section above, may make a Verifiable Consumer Request where we need to verify the request as explained above. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable laws.

2. Your Consumer Privacy Rights

Subject to state-specific conditions and limitations, we provide Consumers the following rights:

a. Right to Limit Sensitive Personal Information Processing

We only process sensitive Personal Information for purposes that are exempt from Consumer choice under State Privacy Laws. For example, we process your Personal Information to perform the services/provide the goods that you requested. If you enabled location services in our app, you can terminate that service in the app’s settings. In addition, we may process Consumers’ Sensitive Personal Information with their consent where required by State Privacy Laws. If a Consumer provides us with their Sensitive Personal Information for a particular purpose, they will have consented to Processing for that purpose. Consent can be withdrawn by making a request as explained below.

b. Right to Know/Access

Consumers have the right under State Privacy Laws to request access to Personal Information maintained by PrePass. This right may be limited in some circumstances by law.

i. Categories / Confirm Processing

California residents have a right to submit a request for any of the following for the period that is 12-months prior to the request date:

The categories of Personal Information we have collected about you.
The categories of sources from which we collected your Personal Information.
The Business Purposes or commercial purposes for our collecting, Selling, or Sharing your Personal Information.
The categories of third parties to whom we have disclosed your Personal Information.
A list of the categories of Personal Information disclosed for a Business Purpose and, for each, the categories of recipients, or that no disclosure occurred.
A list of the categories of Personal Information sold or shared about you and, for each, the categories of recipients, or that no sale or share occurred.

Residents of other applicable states are entitled to confirm our processing of their Personal Information. They can do so by making a Categories request.

ii. Specific Pieces / Access / Transportable Copies

Consumers have a right to obtain a transportable copy, subject to applicable request limits, of their Personal Information that we have collected and are maintaining. For your specific pieces of Personal Information, as required by applicable State Privacy Laws, we will apply heightened verification standards. We have no obligation to re-identify data or to keep Personal Information longer than we need it or are required to by applicable law to comply with access requests.

c. Do Not Sell/Share/Target Opt-out

Consumers of certain states have a right to opt-out of Personal Information “Sales”; provided, however, that Nevada residents are only entitled to the non-cookie opt-out explained below. California also has an opt-out for “Sharing” for cross-context behavioral advertising (i.e., the use of Personal Information derived from different businesses or services to target advertisements). Non-California State Privacy Laws provide for an opt-out of Targeted Advertising (defined differently but also addressing tracking, profiling and targeting of advertisements).

Third-party digital businesses may associate cookies and other tracking technologies that collect Personal Information about you on our PrePass Site, or otherwise collect and process Personal Information that we make available about you, including digital activity information and identifiers (“Third-Party Digital Businesses”). We understand that giving access to Personal Information on the PrePass Site or otherwise, to Third-Party Digital Businesses could be deemed a sale/sharing under the State Privacy Laws and as such, we will treat such Personal Information (e.g., cookie ID, IP address, and other online IDs and Internet or other electronic activity data) collected by Third-Party Digital Businesses, where not limited to acting as our Processor, as a sale/sharing that is subject to a Do Not Sell/Share/Target opt-out request under applicable State Privacy Laws.

Opt-out for Non-Cookie Personal Information: If you would like to submit a Do Not Sell/Share/Target request for your non-cookie Personal Information (e.g., your email address), you must submit an opt-out request as explained in the Consumer Privacy Rights Request Process section.

Opt-out for Cookie Personal Information: If you would like to limit our processing of your cookie-related Personal Information for Targeted Advertising or opt-out of the Sale/Sharing of such data, you must exercise a separate opt-out request via our consent management tool, which is accessible via the “Your Privacy Choices” link on the footer of our websites and the menu of our PrePass app. This is because we must use different technologies to apply your opt-out of cookie Personal Information and opt-out of non-cookie Personal Information. Our consent management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our PrePass Services you use, from each browser you use, and on each device you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective, and you will need to enable them again via our consent management tool. Note that if you use ad blocking software, our cookie banner and/or the “Your Privacy Choices” link may not appear when you visit our PrePass Services. Also note that if you visit our PrePass Services from outside of the U.S. non-essential cookies will be on an opt-in rather than opt-out basis, thereby not constituting a sale or share and even if you opt-in to Targeted Advertising cookies you can always change that to reject them.

Opt-out Preference Signals (also known as global privacy control) (collectively, “GPC”): We currently look for and recognize GPC signals as an opt-out of Sale, Sharing, or the processing of Personal Information for Targeted Advertising on the specific browser on which you enable GPC. We do not process GPC for opt-outs in other contexts (e.g., non-cookie Personal Information) because we lack the ability to match that data to your browser. We do not: (i) charge a fee for use of the Service if you have enabled GPC; (ii) change your experience with any product or service if you use GPC; or (iii) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the GPC.

We may disclose your Personal Information for the following purposes, which are not a Sale or Sharing: (i) if you direct us to disclose Personal Information; (ii) to comply with a Consumer rights request you submit to us; (iii) disclosures amongst the entities that constitute PrePass as defined above, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.

d. Right to Delete

Consumers have the right to request that we delete any of your Personal Information that we have collected and retained, subject to certain exceptions; provided, however, that depending on where you reside (e.g., California), we may not be required to delete your Personal Information that we did not collect directly from you. Once we receive and confirm your Verifiable Consumer Request, we will delete (and direct our Processors / Service Providers to delete) your Personal Information, unless an exception applies. If an exception applies, we will limit Processing to permitted purposes and to the duration of those purposes.

We may deny your request to delete your Personal Information if retaining the data is necessary for us or our Processor(s) / Service Provider(s): to complete transactions and services, you have requested; for security purposes; for legitimate internal business purposes (e.g., maintaining business records); to comply with law and to cooperate with law enforcement; to exercise or defend legal claims; and certain other permitted purposes under State Privacy Laws. Please be aware that making a deletion request does not ensure complete or comprehensive removal or deletion of Personal Information or content that you may have posted.

e. Right to Correct Your Personal Information

Consumers may bring inaccuracies they find in their Personal Information that we maintain to our attention, and we will act upon such complaint as required by applicable law.

f. Automated Decision Making (“ADM”) / Profiling

You have the right to opt-out of ADM / Profiling. We may engage in ADM / Profiling, as defined by applicable State Privacy Laws, for purposes of assessing credit.

g. Appeals

You may appeal PrePass’ decision regarding a Consumer privacy rights request you submitted (or that was submitted on your behalf by your authorized agent) by following the instructions provided in our response to your request.

3. Response Timing and Formats

We endeavor to respond to Verifiable Consumer Requests within the applicable timeframe under the State Privacy Laws. As permitted by State Privacy Laws, if we require more time, we will inform you of the reason and extension period in writing.

Any disclosures we provide will cover the 12-month period preceding our receipt of the Verifiable Consumer Request, or longer if we are able to do so. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily usable and that allows you to transmit the information from one entity to another without hindrance.

We do not charge a fee to process or respond to your Verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We will not provide Sensitive Personal Information in response to a request, but you may access this data in your PrePass Services account.

4. Non-Discrimination / Non-Retaliation

We will not discriminate or retaliate against you for exercising any of your Consumer privacy rights. Unless permitted by applicable State Privacy Laws, we will not do the following if you exercise your Consumer privacy rights:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

5. Notice of Financial Incentives

We may offer discounts or other rewards (“Incentive(s)”) from time-to-time to Consumers who provide us with Personal Information, such as name, phone number, email address, IP address, or location. You may opt-in to Incentives by entering a competition, promotion, or survey or other loyalty Incentive programs we may offer from time-to-time (“Program(s)”). Each Program may have additional terms, available on the Program page or at Program sign-up. The Incentives will be described in the Program page or at Program sign-up.

We measure the value of your Personal Information collected from Programs by the cost of operating the applicable Program (excluding Incentive costs) and/or the cost of providing the Incentive, unless otherwise set forth in the Program terms. We deem the value of the Personal Information to be reasonably related to the value of the Incentive, and by subscribing to these Programs, you indicate you agree. If you do not agree, please do not subscribe to the Programs. If you subsequently wish to withdraw from the Programs, the method for doing so will be explained in the applicable Program terms. We do not limit participation in our financial incentive programs to Consumers who do not exercise their Consumer privacy rights. A deletion request will not delete Program Personal Information because the information is necessary to maintain your participation in the Program. If you desire to delete Program Personal Information, terminate your participation in the Program before making a deletion request pursuant to State Privacy Laws.

6. Our Rights and the Rights of Others

Notwithstanding anything to the contrary, we may collect, use, and disclose your Personal Information as required or permitted by applicable law and this may override your rights under State Privacy Laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

IV. GENERAL NOTICES

1. Additional Notice for California Residents

California’s “Shine the Light” law (Civil Code section 1798.83) permits California residents to request certain information regarding our disclosure of Personal Information to third parties (including our affiliates) for those third parties’ own direct marketing purposes. We do not currently disclose Personal Information to third parties other than our affiliates for those third parties’ direct marketing purposes. To make such a request, please send an email to [email protected] or write us at PrePass^® Service Center 2500 South 3850 West (2500 Waterton Place), Suite C West Valley City, UT 84120. You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, the State Privacy Rights, and must be requested separately. We will not accept Shine the Light requests by telephone or by fax and are not responsible for requests not labeled or submitted properly, or that are incomplete.

We disclose our tracking and “do not track” practices in the Choices: Tracking and Communications Options section above. Any California residents under the age of eighteen (18) who have registered to use the Service, and who have posted content or information on the Service, can request that such information be removed from the Service by contacting us at Postal Mail: PrePass^® Service Center 2500 South 3850 West (2500 Waterton Place), Suite C West Valley City, UT 84120, Attn: General Counsel; or by e-mail at [email protected], stating that they personally posted such content or information and detailing where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished the post and archived copies of it may be stored by search engines and others that we do not control.

2. Changes to These Policies

We reserve the right to change this Privacy Policy prospectively effective upon the posting of the revised Privacy Policy. However, at our discretion, we may also notify you by email, pop-up, or otherwise, when appropriate. Additional or different practices may be disclosed at the point of collection without changing the main Privacy Policy. However, we will not use your previously collected Personal Information in a manner materially different than represented at the time it was collected without your consent. Please check frequently to see any updates or changes to this Privacy Policy. To the extent any provision of this Privacy Policy is found by a court of competent jurisdiction, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.

3. Contact Us

If you have any questions or comments about this Privacy Policy or the Service, please contact us at [email protected] or 1-800-PREPASS (1-800-773-7277).