The Shyft Group, Inc and its subsidiaries are committed to protecting the privacy and security of the personal information they receive. This Policy describes how the Company collects, uses, retains, secures, and discloses personal information about you (our “Information Practices”). This Policy is in addition to our more general privacy policy. This Policy is intended to comply with the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), applicable regulations, as well as other applicable data privacy laws.
It is important that you understand this Policy, along with any other privacy notices we may provide to you, so that you are aware of how and why we are using such information. If you have any questions about this Policy or our Information Practices, please contact us at: [email protected]. If you wish to access this Policy in an alternate format or require an accommodation to access this Policy, please contact us at: [email protected].
The personal information the Company collects about you is: (i) used lawfully, fairly and in a transparent way; (ii) collected only for valid purposes that are clearly explained to you and not used in any way that is incompatible with those purposes; (iii) reasonably necessary and proportionate to achieve these purposes; (iv) accurate and kept up to date; (v) kept only as long as necessary for these purposes; and (vi) kept securely. If we intend to collect, use, retain, or share your personal information for any purpose that is incompatible with the reason your personal information was collected, we will first obtain your consent.
Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Sensitive Personal Information is a subcategory of personal information. It means personal information that reveals: (i) an individual’s social security, driver’s license, state identification card, or passport number; (ii) an individual’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (iii) an individual’s precise geolocation; (iv) an individual’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (v) the contents of an individual’s mail, email, and text messages unless the Company is the intended recipient of the communication; (vi) an individual’s genetic data; (vii) an individual’s biometric information used to uniquely identify the individual; (viii) personal information collected and analyzed regarding an individual’s health; and (ix) personal information collected and analyzed regarding an individual’s sex life or sexual orientation.
We collect, receive, use, and retain personal information in the following ways:
| Collected | Sources | Purposes | Retain |
|---|---|---|---|
| Identifiers – name, address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers | You, analytics tools, and our service providers and business partners | Provide and promote our products and services; manage our business relationship; perform accounting other internal business functions; comply with applicable laws; exercise and defend our legal rights; and other short-term transient use. | As long as necessary to fulfill the purposes for the collection. Generally, personal information is retained for the duration of our relationship with you, plus any legally required record or data retention period and/or any period of time necessary to exercise our legal rights |
|
You, analytics tools, and our service providers | ||
| Audio, electronic, visual, thermal, or similar information | You and our recording devices | ||
| Internet or other electronic network activity information – browsing history, search history, and information regarding your interaction with an internet website, social media site or application | You, analytics tools, and IT service providers | Provide and promote our products and services; manage our business relationship; perform accounting other internal business functions; comply with applicable laws; exercise and defend our legal rights; detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; comply with applicable laws; exercise and defend our legal rights |
We never collect, sell, or share the personal information for individuals under the age of 16.
We may disclose your personal information to the following categories of recipients, including for the business purposes described above:
As a California resident, you have the following privacy rights regarding your personal information:
You can exercise your right to know, delete, or correct your Personal Information by submitting a request to us by using The Shyft Group Consumer Access Request Form. You may also email the completed form to us at: [email protected]. You may also call us at: 844-848-3800. To protect the security of your personal information, we will require you to verify your identity by providing us with identifying information such as your personal email address, personal telephone number, home address, and/or other information that we can match with the personal information we have already collected about you to verify your identity.
You may use an authorized agent to exercise your right to know, delete, or correct your Personal Information. We will require your authorized agent to provide us with either (1) a power of attorney authorizing the authorized agent to act on your behalf or (2) your written authorization permitting the authorized agent to request access to your personal information on your behalf. Further, we will require you or your authorized agent to provide us with identifying information to verify your identity. We may also require you to either verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request.
The Company offers programs, benefits, and other offerings to consumers related to the collection or retention of personal information that may be deemed a “financial incentive” under the CCPA. These offerings may involve the collection of the following categories of personal information for consumers who participate: identifiers, professional or employment-related information, and commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. We are providing you with this information so that you may make an informed decision on whether to participate in our programs. Detailed information of any financial incentive will be explained in the program terms. You can opt into the financial incentive by submitting the personal information. If you wish to opt-out of the financial incentive, do not submit the personal information. If you subsequently wish to withdraw from a financial incentive, you may request a withdrawal by submitting a request to us by using The Shyft Group Consumer Access Request Form. You may also email the completed form to us at: [email protected]. You may also call us at: 844-848-3800.
Each financial incentive related to the submission and use of consumer personal information is based upon our reasonable but sole determination of the estimated value of such information, which takes into consideration estimates regarding the anticipated revenue generated from such information, the anticipated expense which might be incurred in the collection, storage, and use of such information in the operation of our business and other relevant factors related to the estimated value of such information to our business, as permitted under the CCPA. Our estimated value of the consumer personal information ranges from $0 to $13,000 per product, depending on the promotion and products sold.
The Company has implemented reasonable safeguards and controls to protect personal information from unauthorized data breaches, consistent with its legal obligations under California and other local, state, and federal laws. The Company is committed to: (i) seeking to safeguard all personal information that you provide to us; (ii) seeking to ensure that it remains confidential and secure; and (iii) taking all reasonable steps to ensure that personal privacy is respected. All our data is stored in written or electronic form on our servers and computers and in various physical locations. We maintain physical, electronic and procedural safeguards to protect your personal information from misuse, unauthorized access or disclosure and loss or corruption by computer viruses and other sources of harm. We restrict access to personal information to those staff members of the Company and our services providers who need to know that information for the purposes identified in our privacy policy and privacy notices.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Generally, we retain personal information for the duration of our relationship with you plus any legally required record or data retention period and/or any period of time necessary to exercise our legal rights. Thereafter, we will securely destroy your personal information in accordance with the Company’s record retention policies.
In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
We may revise this Policy from time to time. This Policy is not a contract, and we reserve the right to change it at any time and notify you of those changes by posting an updated version of this Policy. It is your responsibility to check this Policy for any changes. This Policy was last revised on January 1, 2023.