Global Locations

    IAA Privacy Notice

    Effective: August 2023

    Last Updated: September 2023

    Your privacy is important to Insurance Auto Auctions, Inc. ("IAA," "we," or, "us"). We developed this Privacy Notice to provide you with information on how we may collect, share, use and process information about you, including when you visit our websites or our mobile applications ("apps"), when you utilize our services (regardless of how you access or use the services), when you complete forms, when you communicate with us, and when you utilize our other offerings (e.g., newsletters, discussion lists, and announcement lists), and how you can exercise your privacy rights (the "Services"). Throughout this Privacy Notice, our websites and apps may be jointly referred to as our "Sites."

    In this Privacy Notice, "personal information" generally means information that identifies you or makes you identifiable, and will have the meaning throughout as defined under the applicable law. Information that has been anonymized so that it does not identify a specific individual is not "personal information."

    INFORMATION THAT WE COLLECT
    HOW WE USE THE INFORMATION WE COLLECT
    SMS TEXT MESSAGING
    THIRD-PARTY RECIPIENTS OF PERSONAL DATA
    LINKS TO OTHER SITES
    CROSS-BORDER TRANSFERS OF PERSONAL DATA
    DATA PRIVACY FRAMEWORK
    CHILDREN AND MINORS’ PRIVACY
    RETENTION OF PERSONAL DATA
    PROTECTING YOUR PERSONAL DATA
    YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
    YOUR CALIFORNIA PRIVACY DISCLOSURES
    ENTITIES COVERED BY THIS PRIVACY NOTICE
    DATA CONTROLLER
    CHANGES TO THIS PRIVACY NOTICE

    INFORMATION THAT WE COLLECT

    When you use our Services, we collect information about your use of our Services and information that you send us. We may collect and store the following information when running the Service:

    • Information You Provide Voluntarily. We collect information that you voluntarily provide to us, including:

      • when you register for and use an IAA account, such as when you purchase a product or pay your annual account fee;
      • when you donate, consign or sell a vehicle;
      • when you communicate via email or other channels, including apps;
      • when you sign up for and access news, publications and marketing communications and industry reports;
      • when you seek career information or submit an application for a position;
      • when you submit a form to learn more about an IAA service, or register for our contests, newsletters, clubs, activities, discussion lists, or announcement lists;
      • when you sign up for and attend an event, such as one of our tradeshows, buyer forums or buyer seminars;
      • when you respond to our communications or requests for information;
      • when you participate in surveys, sweepstakes or other promotions;
      • when you upload information or content to the IAA website, including videos, comments, feedback, and other information or when you sign into to your IAA account using social media;
      • when you apply to be listed as a transportation vendor, export vendor, or inbound tower.

    • Information We Collect Automatically. We may automatically collect information about you when you use our Services and Sites, which may be aggregated through automated means:

      • Device information. We may collect information about devices you use to access the Services and Sites and how you use the Services, such as your Internet Protocol (“IP”) address and which websites you visited before accessing our Services and Sites.
      • Performance and log data. Our servers may automatically record information created by your use of our Services and Sites, which may include information such as, but not limited to, your IP address, browser type, operating system, command line information, diagnostic information related to the Services (e.g., crash activity reports), the referring web page, pages visited, location, your mobile carrier, device and application IDs, and search terms. For instance, when we send you an email, we may collect certain information including the nature of the email, whether you opened or deleted our email, action you took upon receipt of our email, or your name and contact information.
      • Audio, visual and other electronic data. We may collect audio, visual, and other electronic data, such as through CCTV footage from our premises, and call recordings.
      • Online activity and browsing information. When you search for, bid on, and purchase vehicles through our Sites, we receive information concerning your searching, bidding, and purchasing practices (e.g., vehicle segment, actual cash value (ACV), vehicle class, mileage, vehicle age). If you provide your consent, we may access the microphone on your mobile device to allow you to use voice controls when searching for vehicles. If you provide your consent, we may access the camera on your mobile device, so you can scan vehicle identification number (VIN) barcodes and request information about particular vehicles.
      • Location information. When you grant permission, we may collect physical location information that is sufficiently precise to allow us to locate a specific person or device (“Location Information”). Location Information may be used and provided to third parties to provide you with content and services that are relevant to a particular location, such as advertising, search results, auctions in the area, and directions.
      • Cookies. A cookie is a token that a server gives to your browser when you access an Internet website. Cookies can store many types of data. Cookies can help provide additional functionality to the Sites or help us analyze Site usage more accurately. We use cookies to display information more effectively, store, on a user’s computer or device information about the user’s preferences and settings, gather statistical information about the use of our Services and Sites and to improve our design and functionality, and for security purposes. Information gathered from the use of cookies may be combined with other data sources. For more information on the types of cookies we collect, to control cookie settings and/or to disallow, delete and otherwise manage cookies, please visit our “Privacy Preference Center” with additional information about the different types of cookies used (e.g., strictly necessary, performance, functional, targeting) and your options for setting controls. You may also send an email to Privacy@iaai.com. Additionally, if you reside in the European Union or other jurisdiction that requires us to obtain your consent to use cookies on our Sites, then you will have an opportunity to manage your cookie preferences on our Sites, other than certain cookies required to enable core Site functionality, which you cannot choose to disable.
      • DNT. Please note that we do not currently respond to web browser “do not track” signals or other mechanisms that may allow you to opt out of the collection of information across networks of websites and online services as there is no standard for how online services should respond to such signals. As standards develop, we may develop policies for responding to do-not-track signals that we will describe in this Privacy Notice.

    • Information we receive from Third Parties. When we receive personal information about you from third parties, such as financial institutions, manufacturing companies, and dealerships, we take measures to ensure that these third parties have a lawful or contractual right to collect, use, or disclose your information before providing any data to us.

    • Social Networks. If you connect with us from a social network, such as LinkedIn or Facebook, we will collect personal information from the social network in accordance with your privacy settings on that social network. The connected social network may provide us with information such as your name, profile picture, network, gender, username, user ID, age or age range, language, country, friends list, follower list, and any other information you have agreed it can share or that the social network provides to us. We will assume that such social network or other third parties are entitled to collect and share such personal information with us.

    • Information from other sources. We may combine information that you provide to us with information we receive from our affiliates and other sources, as well as with other information that is automatically collected. The combined information may include information about your use of the Sites, your use of other websites, devices and mobile applications and information from our affiliates and other sources.

    HOW WE USE THE INFORMATION WE COLLECT

    • To provide our Services to you, including creating and managing your accounts and providing customer service;
    • To respond to your inquiries, such as your questions, concerns, feedback, disputes or issues;
    • To offer other products or services and/or the products or services performed by others;
    • To communicate about, and plan, host and administer, special events, programs, surveys, contests, sweepstakes and other offers or promotions;
    • To enable you to interact with the Sites and others through various means, such as through social media;
    • To research and develop our business;
    • To diagnose and address technical and service issues;
    • To ensure the security of the Services.
    • To enforce our terms or agreements;
    • To perform data analyses, including in markets, industries, trends and finance;
    • To personalize your experience with the Services;
    • To engage in marketing activities;
    • To improve, monitor and enhance customer service;
    • To comply with applicable legal requirements and our policies;
    • To provide vehicle sale information, transaction data and other information and material to third parties directly involved in the sale (e.g., consigners);
    • To contact you via telephone, text or chat;
    • To evaluate you for potential employment.

    SMS TEXT MESSAGING

    Personal data collected and shared. Please note that we do not sell the data obtained through SMS texting. We do however collect and may share with our service providers and third-party processors, the below information as it pertains to our customers who engage in texting with us: Personal identifiers such as phone numbers, name, address, email address (“Personal Identifier”), and information concerning when the customer opted into receive text messages or otherwise visited our website (“Opt-In and Web Access Information”). Your opt-in mobile phone number will not be shared with third parties/affiliates for marketing/promotional purposes and your personal information will not be shared or sold to third parties for marketing purposes.

    • Purposes and Legal Grounds: We collect this data to process your requests. For example, if your insurance carrier has instructed us to pick up vehicles and need to coordinate the process of pickup. We may save this information to facilitate providing follow up assistance in the future, for example, to assist with title transfer or other questions.

    In addition to, and consistent with, the uses and sharing described in this section about SMS texting, we may use and disclose the below categories of Personal Data as set forth below:

    Personal InformationWe collect the following subcategories of personal information:We collect such personal information for the following purposes:
    IdentifiersFirst and last name, physical address, telephone number, cellphone number, email address.Performing and providing SMS text messages to you, providing customer services, verifying your information./r/nCommunicating with you when you have requested support, information, services, etc.
    Internet or other electronic network activity informationInformation concerning when the customer opted into receive text messages or otherwise visited our website.Performing and providing SMS text messages to you, providing customer services, verifying your information./r/nTo generate statistical information, to monitor and analyze website traffic and usage patterns, to monitor and help prevent fraud, to investigate complaints and violations of our policies, and to improve our products and service./r/nCommunicating with you when you have requested support, information, services, etc.

    Retention. We may retain data collected pursuant to this SMS section for as long as is needed to serve or fulfill the purposes outlined here or until you ask us to delete your data, pursuant to the procedures below. Further, personal data is retained in accordance with our policies and practices, applicable law, and contractual obligations. We may be required to retain personal data for a longer period of time where required to do so under applicable law or government order.

    For further information, please view our SMS Statement available upon request at Privacy@iaai.com.

    THIRD-PARTY RECIPIENTS OF PERSONAL DATA

    In connection with the purposes set forth in this Privacy Notice, we may share your personal data within the IAA group of companies and external third parties in order to provide you with various products and services you select. We have contracts with third parties with whom we share your personal data for a business purpose. Such contracts describe the purpose of the processing and require the recipient to maintain confidentiality and not use your personal data for any purpose except performing the contract. In the last twelve (12) months we have disclosed the following categories of Personal Data for a business purpose to the third parties indicated below:

    • Our affiliates: Your personal data may be shared with any member or affiliate of our corporate group.
    • Other data subjects: Your personal data may be shared with other users of our Sites (e.g., when you upload videos, comments, feedback, and other information).
    • Select business partners and third-party service providersYour personal data may be shared with our business partners, third-party service providers, contractors and sub-contractors, including:
      • Electronic payment vendors: We use electronic payment vendors to process credit card data and to utilize I-Pay, which enables qualified buyers with company check writing privileges to make payments directly from a U.S.-based bank account via the Internet.
      • Advertising, social media, and analytics partners: We also share information about your use of the Sites with our social media, advertising and analytics partners. Our third-party ad networks and social media companies may use cookies, tags and other technology to collect information about your browsing activities over time and across different websites when you visit our Sites. Third party vendors or ad networks may use cookies, tags and other mechanisms to serve ads on other sites based on a user’s prior visits to our Sites. You may opt out of participation with various third-party networks by visiting the Network Advertising Initiative opt out page. We also share information about your use of our Sites with our third-party providers that assist us with improvement and optimization of our Sites. We use information to better understand how our buyers engage with us and our products and offerings, including behavior and preferences. We administer surveys and questionnaires, such as for market research or buyer satisfaction purposes. We also use information for other research and analytical purposes, such as to evaluate and improve our products and business operations, to develop services and features, and for internal quality control and training purposes. For example, we may use information about how buyers engage with iaai.com to develop products, to better understand the best ways to organize and present product offerings on our Sites.
      • App, platform or other service providers: We share the personal data we collect with third-party app, platform and other service providers, such as database managers/developers, SMS texting platforms, and web developers/hosting companies that assist us with certain processing activities, such as storing/backing up data, enhancing/maintaining databases, publishing content, communicating with you, and developing/offering a variety of products/services. If you use our Sites, your personal data, including name, contact information and any stored biographical/firm information within IAA’s database, may be stored and processed through some of our third-party app vendors. We also use third party providers to distribute organizational emails. We share Personal Identifiers and Opt-In and Web-Access Information with our information technology service providers, which helps us keep track of your communications with us across platforms, including text messages, emails, and mobile applications and otherwise provide SMS texting to you. Personal Identifiers and Opt-In and Web-Access Information may be shared with our telecommunications providers, including SMS text message platforms. For further information, please view our SMS Statement available upon request at Privacy@iaai.com.
      • Transportation vendors: If a buyer chooses to transport a vehicle using IAA Transport services, IAA shares the buyer’s contact information, including shipping address with our transportation vendors for the purpose of obtaining quotes, scheduling transportation, and tracking shipments.
      • Call centers: . If a buyer’s call is routed to a call center, IAA shares your personal data, such as contact information and transaction history, for the purpose of allowing the call center to provide assistance with your transaction.
      • Marketing Alliance Partners: If you register for and/or attend one of our seminars, we may share your personal data with our marketing alliance partners, so they can assist you with your purchase and arranging for transportation and shipping services.
      • Charities: When you donate a vehicle, we may share your personal data with the benefactor charity for the purpose of allowing the benefactor charity to personally thank you for your donation.
      • In other circumstances with your consent: We may ask if you would like us to share your personal data with other unaffiliated third parties who are not described elsewhere in this notice.
    • Governmental entities and third parties in connection with legal obligations, remedies and claims: We may disclose personal data about you to governmental entities, such as regulatory agencies, law enforcement, and judicial authorities, as well as other third parties under any of the following conditions: (a) if we have your valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, warrant, legal process, or other legal obligation; (c) to enforce or apply any of our terms and conditions, policies, or other agreements; (d) exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction; or (e) as necessary to pursue available legal remedies or defend legal claims. We also may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
    • Third parties in connection with a potential reorganization: We may share your personal data to a prospective seller or buyer in the event of a potential reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of IAA’s assets or stock, including without limitation, in connection with any bankruptcy or similar proceeding, provided that such entity will not be permitted to process your personal data other than as described in this Privacy Notice without providing you notice and, if required by applicable laws, obtaining your consent.
    • Third parties in connection with screenings for jobs: We may also share your personal data with third parties who provide services to us such as recruitment agencies, consultants, background services and lawyers. If your personal information is shared in this way, IAA does so only on a “need-to-know” basis and will seek to ensure it is only used in connection with the functions or services these parties will be performing for IAA and that your personal information is treated by them in a confidential manner. These service providers that IAA uses may change over time but we will always seek to ensure that any third parties who handle your personal information will do so in a manner consistent with this Privacy Notice and in accordance with applicable law.

    LINKS TO OTHER SITES

    As a resource to our visitors, our Sites contain offerings from other companies that you can link to through our Sites (such as Automotive Finance Vendors, Licensed Brokers, Transportation/Shipping Vendors, and Inspection Vendors). When you click on such a link on our Sites, you will be taken to the website of the other company, and its privacy practices will govern your use of that website and your interactions with that company.

    We try to carefully choose websites that we believe are useful and meet our standards. However, the presence on our Sites of links to non-IAA websites does not mean that IAA endorses or accepts any responsibility for the content or use of such websites. IAA has no control over such websites, and has no responsibility for the privacy practices of such websites.

    CROSS-BORDER TRANSFERS OF PERSONAL DATA

    We store our data on servers in the United States. If you are located outside the U.S., your personal data will be transferred to servers in the U.S. The data protection laws of the U.S. may not be as comprehensive as the laws of your country. For example, personal data transferred to the U.S. may be subject to lawful access requests by federal and state authorities in the U.S. IAA may transfer your personal information to other countries such as India, Jamaica and the Philippines for the purposes described in this Privacy Policy. In order to provide adequate protection of your personal information, we have in place contractual arrangements (where appropriate) which cover these transfers and we will take all reasonable measures to safeguard your information whenever it is transferred.

    DATA PRIVACY FRAMEWORK

    Any transfers of personal data from the European Union, the United Kingdom and/or Switzerland to the United States are made pursuant to the EU-U.S. Data Privacy Framework (“DPF”) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework.

    IAA complies with the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of non-human resources personal data (as defined below) that is transferred from the European Union (“EU”), the European Economic Area (“EEA”), the United Kingdom (“UK”) and Switzerland to the United States within the scope of its certification. IAA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. IAA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit the DPF site here.

    Please note that for purposes of the DPF Principles, (i) “personal data” means information about an identified or identifiable individual within the scope of the EU General Data Protection Regulation (“GDPR”) GDPR as transposed into UK national law, together with the UK Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) and other data protection or privacy legislation in force from time to time in the UK (collectively, “UK GDPR”), and Swiss Federal Act on Data Protection of 19 June 1992 and the revised version of 25 September 2020 when in force (“FADP”), that is received by IAA in the United States, from the EU, EEA, UK or Switzerland, and recorded in any form. Personal data does not include information collected from an employee of IAA and/or its affiliates within the scope of their employment. Personal data covered by this DPF Notice is collected and processed only as permitted by the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles.

    Your rights and choices. Individuals whose personal data is covered by this DPF Notice have the right to access the personal data that IAA maintains about them as specified in the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles. Individuals may contact us to correct, amend or delete such personal data if it is inaccurate or has been processed in violation of the EU-U.S. DPF Principles and Swiss-U.S. DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Notwithstanding the foregoing, IAA may limit or deny access to personal data to the extent that provided under EU, UK and/or Swiss data protection laws.

    If IAA processes your personal data on the basis of consent, you have a right to withdraw consent at any time.

    To exercise any of the foregoing rights, you may use our Data Subject Access Request Form or contact us via email at Privacy@iaai.com.

    Contacting us with a Complaint. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, IAA commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact IAA by completing a Data Subject Access Request Form or contacting us via email at Privacy@iaai.com.

    Recourse/Alternative Dispute Resolution. If you have a complaint regarding how IAA processes personal data covered by this DPF Notice, please contact us directly and we will endeavor to resolve it directly. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, IAA commits to refer unresolved complaints concerning its handling of personal data received in reliance on the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider which has locations in the United States, EU, the UK and Switzerland. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS by clicking here for more information or to file a complaint. The services of JAMS are provided at no cost to you.

    Under certain conditions, a binding arbitration option may be available to you in order to address complaints not resolved by any other means. For further information, please visit the DPF site by clicking here.

    Third parties. As explained in this Privacy Notice, we sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party’s access, use, and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.

    IAA’s certification. You can review our Data Privacy Framework registration here. IAA is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to all matters associated with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and IAA’s rights, practices and obligations associated therewith. We may be required to disclose personal information that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    If you have any questions or complaints related to IAA’s DPF certification, please contact us at: Privacy@iaai.com.

    If there is any conflict between the terms in this Privacy Notice and the DPF, the DPF shall govern.

    CHILDREN AND MINORS’ PRIVACY

    Our Sites are not directed to individuals under the age of 18. We do not knowingly collect or use any personal data from users under 18 years of age. No information should be submitted to our Sites by visitors under 18 years of age, and visitors under 18 years old are not allowed to register for our contests, newsletter, clubs or activities. You must be 18 years or older to purchase products. If we learn that we have collected personal data from someone under 18, we will take steps to delete the information as soon as possible.

    RETENTION OF PERSONAL DATA

    The personal data that we collect from you is stored on our secure servers for as long as is reasonably necessary for the purposes for which the personal data is processed and to meet IAA’s legal obligations. We keep your personal information to enable your continued use of our services, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, as permitted or as may be required by law, or as otherwise communicated to you. For example, we retain your transaction history so that you can review past purchases and to improve the relevance of products and content we recommend.

    PROTECTING YOUR PERSONAL DATA

    We are committed to protecting the information entrusted to us. We have implemented technical and organizational measures designed to assist in maintaining the security and confidentiality of personal data; safeguarding against anticipated threats to the confidentiality, integrity, and availability of personal data; and protecting your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure.

    However, whenever personal data is processed, there is a risk that such data could be lost, misused, modified, hacked, breached, and/or otherwise accessed by an unauthorized third party. No system or online transmission of data is completely secure. In addition to the technical and organizational measures that IAA has in place to protect your personal data, you should use appropriate security measures to protect your personal data. If you believe that your IAA account or any information you provided to us is no longer secure, notify us immediately at Privacy@iaai.com. In the event that we are required by law to notify you of a breach to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

    YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

    If you reside in the certain jurisdictions, you may have various rights regarding the processing of your personal data, including under certain circumstances, the right to request access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, the right to lodge a complaint with a supervisory authority, and the right to object to the processing of your personal data on certain grounds, including:

    • The right to object when your personal data is processed based on the legitimate interests of IAA or a third party, including profiling related to such legitimate interests.
    • The right to object when your personal data is processed for direct marketing purposes, including profiling related to direct marketing.

    Making requests. If you live in a jurisdiction where these rights are available to you, you can make a request by writing to us at the following local address: Data Privacy Manager, Two Westbrook Corporate Center, Westchester, IL 60154. You may also send an email to Privacy@iaai.com, call us at 877-806-4827 or submit a Data Subject Request form.

    Depending upon the applicable law, access to your rights may be denied, such as: (a) when denial is required or permitted by law; (b) when granting access would have a negative impact on another’s privacy; or (c) to protect our rights and properties.

    Verification of identity. In order to submit a request, we may need to verify your identity. If you have an account with us that is password-protected, we may verify your identity through our existing authentication practices for your account.

    If you do not have an account with us, and your request concerns “categories” of personal data collected, we can request from you two data points of personal data to verify your identity. If you do not have an account with us, and your request concerns specific personal data, we can request from you at least three data points of personal data as well as a signed declaration with penalty of perjury to verify your identity.

    Please note that following your verified request, we will send you your personal data from the following email address: Privacy@iaai.com (Any response to your request, including any personal data may be sent as an encrypted file).

    We will process and respond to your request within a timely manner, as prescribed by law. Please note that you may be limited in the number of requests you can send per calendar year. Some jurisdictions may allow for you to submit an appeal of our decision regarding your request.

    Authorized Agent. California residents may also have the right to designate an agent to exercise these rights on your behalf. If you choose to exercise your rights through the use of an authorized agent, we require that you verify the agent’s identity, and provide written permission granting the agent authority to submit a request on your behalf.

    YOUR CALIFORNIA PRIVACY DISCLOSURES

    This “Your California Privacy Disclosures” supplements the Privacy Notice and contains the disclosures required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”). For individuals who are California residents, the CCPA requires certain disclosures about the categories of personal data we collect and how we use it, the categories of sources from whom we collect personal data, and the third parties with whom we share it.

    Please note that for California residents, the term personal data as used in this section (referred to as personal information under the CCPA) means information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household as defined in the CCPA. All other capitalized terms have the same meanings as given them in the Privacy Notice.

    You have the right to:

    • Know what personal information is being collected and access personal information
    • Know what personal information is sold or shared and to whom
    • Correct
    • Delete, subject to certain exceptions
    • Data portability
    • Opt out of Sale or sharing
    • Limit use and disclosure of sensitive personal information

    NOTE: we do not “sell” your personal data as that term is defined in the CCPA and for this reason we do not provide an opt-out from the sale of your personal data.

    We hereby inform you that if you exercise any of your rights under the CCPA we may not deny you goods or services for that reason, or subject you to different prices than those paid by other consumers, unless provided otherwise under the CCPA, Federal, or State law.

    Notice of Information We Collect. Pursuant to California Civil Section 1798.100(b), this serves as notice of the categories of personal data that we collect through the Site and Services and the commercial purposes for which the information was collected. Please note that all of the categories of personal data we collect about you (as detailed below) come from the following categories of sources:

    • You, including through your use of our services
    • Automatically collected from you
    • Our affiliate companies
    • Third parties

    In particular, we have collected the following categories of personal data from California consumers within the last twelve (12) months:

    CategoryCollectedPurposeCategories of Third Party Recipients to whom Personal Data is Disclosed for a Business Purpose
    Identifiers.YESSee CATEGORIES OF PERSONAL DATA PROCESSED BY IAA above.
    • Advertising networks
    • Affiliates or subsidiaries
    • Business partners
    • Data analytics providers
    • Data brokers
    • Government entities, as may be needed to comply with law or prevent illegal activity
    • Internet service providers
    • Joint marketing partners
    • Operating systems and platforms
    • Other Service Providers
    • Payment processors and financial institutions
    • Professional services organizations, this may include auditors and law firms
    • Social networks
    • SMS texting platforms
    Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).YESSee CATEGORIES OF PERSONAL DATA PROCESSED BY IAA above.
    • Affiliates or subsidiaries
    • Business partners
    • Government entities, as may be needed to comply with law or prevent illegal activity
    • Internet service providers
    • Operating systems and platforms
    • Other Service Providers
    • Payment processors and financial institutions
    • Professional services organizations, this may include auditors and law firms
    Protected classification characteristics under California or federal law.NO
    Commercial information.YESSee CATEGORIES OF PERSONAL DATA PROCESSED BY IAA above.
    • Advertising networks
    • Affiliates or subsidiaries
    • Business partners
    • Data analytics providers
    • Data brokers
    • Government entities, as may be needed to comply with law or prevent illegal activity
    • Internet service providers
    • Joint marketing partners
    • Operating systems and platforms
    • Other Service Providers
    • Payment processors and financial institutions
    • Professional services organizations, this may include auditors and law firms
    • Social networks
    Biometric information.NO
    Internet or other similar network activity.YESSee CATEGORIES OF PERSONAL DATA PROCESSED BY IAA above.
    • Advertising networks
    • Affiliates or subsidiaries
    • Business partners
    • Data analytics providers
    • Data brokers
    • Government entities, as may be needed to comply with law or prevent illegal activity
    • Internet service providers
    • Joint marketing partners
    • Operating systems and platforms
    • Other Service Providers
    • Professional services organizations, this may include auditors and law firms
    • Social networks
    • SMS texting platforms
    Geolocation data.YESSee CATEGORIES OF PERSONAL DATA PROCESSED BY IAA above.
    • Advertising networks
    • Affiliates or subsidiaries
    • Business partners
    • Data analytics providers
    • Data brokers
    • Government entities, as may be needed to comply with law or prevent illegal activity
    • Internet service providers
    • Joint marketing partners
    • Operating systems and platforms
    • Other Service Providers
    • Professional services organizations, this may include auditors and law firms
    • Social networks
    Sensory data.YESSee CATEGORIES OF PERSONAL DATA PROCESSED BY IAA above.
    • Affiliates or subsidiaries
    • Business partners
    • Government entities, as may be needed to comply with law or prevent illegal activity
    • Internet service providers
    • Operating systems and platforms
    • Other Service Providers
    • Professional services organizations, this may include auditors and law firms
    Professional or employment-related information.YESSee CATEGORIES OF PERSONAL DATA PROCESSED BY IAA above.
    • Affiliates or subsidiaries
    • Business partners
    • Government entities, as may be needed to comply with law or prevent illegal activity
    • Internet service providers
    • Operating systems and platforms
    • Other Service Providers
    • Professional services organizations, this may include auditors and law firms
    Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).NO
    Inferences drawn from other personal data.NO

    Notice of Disclosures of Personal Data for a Business Purpose. In the preceding 12 months, we disclosed certain personal data from the following categories of personal information to the categories of recipients listed in the Section entitled THIRD-PARTY RECIPIENTS OF PERSONAL DATA of our Privacy Notice, such as our service providers, for one or more business purposes as described in that Section above.

    We disclose the above categories of personal data to service providers to fulfill the business purposes, such as:

    • Maintaining and servicing your account;
    • Providing you customer service;
    • Processing transactions;
    • Processing applications and payments;
    • Verifying the identity of users;
    • Detecting and preventing fraud;
    • Providing loyalty and promotional programs;
    • Providing marketing and advertising services;
    • Providing analytics services; and
    • Undertaking internal research to develop our services.

    Please note that when we disclose personal data for a business purpose to a third party, we enter a contract that describes the purpose and requires the recipient to both keep that personal data confidential and not use it for any purpose except performing the contract.

    Do Not Track. California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently is no industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time. We await the result of work by the privacy community and industry to determine when such a response is appropriate and what form it should take.

    Third Party Marketing. If you are a California resident, California Civil Code Section 1789.83 permits you to request (once per calendar year) information regarding the disclosure of your personal data (if any) to third parties for the third parties’ direct marketing purposes. If applicable, this information would include a list of the categories of personal data shared and the names and addresses of any third parties with whom such personal data was shared in the immediately preceding calendar year. To make such a request pursuant to Shine the Light, contact us via email at Privacy@iaai.com or by telephone at 877-806-4827.

    ENTITIES COVERED BY THIS PRIVACY NOTICE

    • Auto Disposal Systems Inc
    • Automotive Recovery Services, Inc.
    • Decision Dynamics LLC
    • Impact Texas LLC
    • Insurance Auto Auctions Corp.
    • Insurance Auto Auctions of Georgia LLC
    • Insurance Auto Auctions, Inc.
    • Insurance Auto Auctions Tennessee LLC

    DATA CONTROLLER

    Personal Data collected by IAA is controlled by IAA, which is located at Two Westbrook Corporate Center, Westchester, IL 60154 and which you can contact by email at Privacy@iaai.com.

    CHANGES TO THIS PRIVACY NOTICE

    We may update this Privacy Notice from time to time as we add new products, services, and apps; as we improve our current offerings and technologies; and as laws change. It is our policy to post any changes we make to our Privacy Notice on the Sites. Any changes will become effective upon our posting of the revised Privacy Notice on the Sites. If we make material changes to how we treat the personal data that falls within the scope of this Privacy Notice, we will notify you by email (to the email address specified in your account) or through a notice on the Sites. This Privacy Notice includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.