Privacy Policy

We know that you care how information about you is used and shared, and so do we. That is why at CARFAX Canada we are committed to protecting your privacy, and we support a general policy of openness about how we collect, use and disclose your Personal Information.

This Privacy Policy applies to the collection, use and sharing of any Personal Information collected by CARFAX Canada while doing business in Canada. The purpose of this Privacy Policy is to inform you about our practices relating to the collection, use and disclosure of Personal Information through your access to or use of our Offerings. It explains how we handle and protect Personal Information, including information collected through our Digital Channels.

This Privacy Policy applies for as long as we hold your Personal Information, including after the end of our business relationship. By giving us your Personal Information, you consent to the collection, use and sharing of your information as described in this Privacy Policy.

This Privacy Policy also explains how you can contact us if you have a question about, want to make a change to or delete any Personal Information that we may be holding about you. We strongly recommend that you take the time to read this Privacy Policy and retain it for future reference. When reading this Privacy Policy, please note that any capitalized terms not defined in this Privacy Policy are defined in our Conditions of Use accessible online here (the "Conditions of Use").

To help you understand our Privacy Policy, here are some important terms you should know.

“CARFAX Canada”, “we”, “our” or “us” means collectively CARFAX Canada ULC and any of its Affiliates

“Personal Information” or “information” means information about an identifiable individual, such as contact information, account numbers, home address, financial information, photographs and signatures. This can also include information collected through your activities on our Digital Channels, such as your phone or computer model, browser type and IP address when it is connected to you. Information about a business or company is generally not considered Personal Information, nor is business contact information.

“Digital Channels” means our Website, mobile apps, social media accounts, virtual assistant, and other digital channels.

“Partners” means companies we have carefully selected to provide benefits, products or services under, or to participate in, a CARFAX partner program.

The type of Personal Information we collect depends on various factors, such as the Offerings you use, any applicable legal and regulatory obligations, and the channel you use to communicate with us.

We collect Personal Information from you, or from third parties you authorize us to collect such information from, only when you voluntarily provide it or authorize us to collect it (or in rare cases, we are permitted by law to collect it without your consent).

Typically, we will seek consent for the use or disclosure of your Personal Information at the time of collection. In certain circumstances, consent may be sought after the information has been collected but before use (for example, when we want to use information for a purpose not previously identified). The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the Personal Information and the reasonable expectations of the individual in the circumstances.

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. If you wish to withdraw your consent, please to the Your Rights section of this Privacy Policy to find out how to do so.

We will not, as a condition of the supply of a Product or Service, require you to consent to the collection, use or disclosure of your Personal Information beyond that required to fulfill the explicitly specified and legitimate purposes for which the information is being provided.

We may collect Personal Information that you upload, post or input into any of our Offerings or give to us in any other way in the course of you accessing or using any of our Offerings (including when you post, upload or input any content or information to the Website or input any content or information into a Service or Product), and other Personal Information you may transmit to us on your behalf or on behalf of a third party, or authorize us to obtain from you. You can choose not to provide certain Personal Information, but then you might not be able to take advantage of some of the features in our Offerings.

• Contact information that we use to communicate with you, such as your address, telephone number, email or other electronic address, and social media account username.
• Transaction information that tells us how you use Products or Services, such as your purchase and payment history.
• Information collected when you use our Digital Channels, including:
  • Profile information, such as your digital IDs, passwords, and service preference, like your language choice.
  • Web browser information, such browser type and version, operating system, and platform. We may also collect the address of the site where you clicked on a CARFAX Canada ad
  • Device information, such as device ID, model, operating system, notification status, privacy settings and other device configurations or settings. We may also collect your device’s IP address, which is a number automatically assigned to your computer or device when you browse the Internet. Based on the IP address, we can identify the general location of the device.
  • Location information, such as general location information based on your IP address and geolocation information from your browser or mobile device if you have allowed your devices to share this data.
  • Other information collected through web technology tools, such as cookies and web beacons. For example, we may use these tools to collect information that shows us how you use Digital Channels. This information also shows us how many people click on our advertisements on our Website and mobile apps, and on third-party websites. We also collect the full Uniform Resource Locators (URL) clickstream to, through, and from our Website, including date and time, and Products or Services you viewed or searched for.
• Other information you give us by various means, such as when you fill out forms or surveys, or contact us by telephone, email or through Digital Channels. This information may include feedback on our services, questions about technical support and other information that helps us respond to your questions, concerns or requests.
• Information about your preferences and interests, such as language and communication preferences, demographics and interests that help us learn more about you, including how you like to do business with us, and what types of Products, Services or offers you may like or be interested in.
• Login credentials that you create and use to access any Offering.
• To manage your cookie settings, click here.

We use the Personal Information that you provide for such purposes as responding to your search requests, communicating with you and enabling certain functionalities in our Offerings for your use.

We may use the Personal Information that we collect to:

• provide you with, or make available to you, the Products and Services, including respond to your search requests;
• set up and manage your Products and Services;
• enable certain functionalities in our Offerings for your use;
• do all the things necessary to administer the Services and the Website;
• personalize the user experience of certain of our Offerings;
• research, develop, manage, protect and/or improve our Offerings; and
• develop and maintain our relationship with you and communicate with you.

• Send communications to you by email, text message, telephone, other telecommunication channels, social media or other methods
• These communications include marketing or service communications about benefits, features or other details about Products or Services. You can choose to stop receiving marketing communications from us.

• Personalize your experience with us by analyzing data. This includes reviewing and analyzing your Product and Service applications, transactions, and other information to:
  • Understand who you are, your needs and activities, and the Products, Services, promotions, offers and advice that may be of interest to you
  • Predict or generate insights about your vehicle needs and preferences
  • Find out if you are eligible for incentives, such as discounts or fee waivers to encourage continued use of your existing Products and Services or to try new ones
• Target or personalize Products, Services, promotions, offers, advice, tips and articles based on information that we have collected, including information collected through your activities on our Digital Channels.

• Use de-identified data such as transaction data and demographics to help personalize ads and offers on third party websites or our Digital Channels
• Promote and market Products and Services offered by CARFAX Canada and its Affiliates, our program partners or other third parties we have carefully selected
• This includes marketing our Products and Services on another company's site. For example, if you show interest in a specific CARFAX Product or Service when using our Website, we may present you with a CARFAX ad for that Product or Service on another company’s website.
• We may tailor our marketing and promotions using information like your browsing behaviour on our Website and third-party sites with CARFAX Canada ads, your CARFAX Products and Services, and the information you have given us.
• Better manage and improve your overall relationship with us, including monitoring, reviewing, analyzing or improving client services and business processes to make it easier to do business with us

• Perform our everyday business and operations, such as meeting our contractual obligations, recordkeeping and internal reporting
• Understand and better manage our business
• Use market research or analysis of data we hold about you to help us improve the performance of Products and Services.
• To conduct business transactions, such as acquisitions, divestitures, partnerships and joint ventures
• Administer referral arrangements
• Manage our insurance, credit, business and other risks so that we operate as an effective, efficient and financially prudent business
• Meet tax, legal and regulatory obligations
• Protect you and us from error and criminal activity. This includes preventing, detecting and investigating fraud, money laundering, cyber threats and other such risks and threats.

We may share information within CARFAX and with Affiliates to:

• Manage your relationship with us and our Affiliates, including opening and servicing your accounts and maintaining information about you
• Make doing business with us and our Affiliates easier, such as pre-populating forms with your name or contact information
• Prevent and detect fraud or other unauthorized activity
• Offer or promote Products and Services that suit you
• Analyze your activities with us
• Make it easier to operate, administer and support our internal processes and Services
• Comply with legal or regulatory obligations

The information shared with our Affiliates is subject to the privacy policies of those affiliates, and the laws of the countries where they are located.

We may employ third parties to perform certain functions on our behalf. Examples include fulfilling orders and payments, delivering packages, sending postal mail and email, removing repetitive information from customer lists, analyzing data, providing marketing and advertising assistance, processing credit card payments, providing customer service, providing IT services (such as IT support, information storage, cloud and web-hosting services), human resources management, contact centre services, and fraud prevention and detection, among other services. These third parties may receive access to your Personal Information, but only as required to perform their functions, and cannot use the Personal Information for any other purposes.

To help us make e-mails more useful and likely of interest to you, we may receive a confirmation when you open e-mail from us if your computer supports such capabilities. We may also compare our customer list to lists received from third parties, in an effort to avoid sending unnecessary messages to our customers.

We share information with analytics and advertising partners to better understand how our clients use our Products and Services and to personalize advertising based on your preferences and interests. These partners also measure how well our marketing and ad campaigns are working and help us improve them. These partners may use web technologies, such as cookies, to collect information about your activities on our Website and other third-party sites.

If you have not opted out of receiving marketing materials or communications, we may also use (but will not disclose) your Personal Information to promote and market additional goods, services and special offers from us and/or our business associates, including by means of direct marketing. We may also disclose your name and mailing address to these affiliates and/or third party business associates so that they can send you promotional materials directly.

We collect, use and share information to protect you and your rights as well as to protect our rights and interests, including in the following circumstances:

• Where we are involved in judicial, administrative or regulatory proceedings or investigations, or other similar processes
• To enforce our rights
• To comply with legal and regulatory obligations, including any:
  • subpoena, warrant, judicial or administrative orders, or valid demands or requests from governments, regulators, courts and law enforcement authorities in Canada or other jurisdictions or countries
  • rules, codes and guidelines that apply to our business (including expectations or guidance from regulators or self-regulatory organizations)
• To investigate a breach of an agreement or law
• To detect, suppress or prevent fraud. For example, when you apply for a Product or Service, or when we investigate a suspicious transaction, we may check for fraud by running your information through fraud databases used by CARFAX and other organizations to detect, suppress and prevent fraud
• To identify threats and risks such as credit, fraud and money laundering. This may involve reviewing and analyzing your applications, transactions and other information. We also may pool your information with data belonging to other individuals so we can analyze the combined data
• To prevent you from becoming a victim of fraud, including by using or offering technologies that help us Protect you on our Digital Channels. For example, we may use session cookies that make sure that your session is secure while you are signed on.

We may also collect, use and share information without consent if we are allowed to do this under the laws that apply to us.

We may share information with our Partners, such as the Canadian Automotive Association (CAA). If you join a CARFAX Canada Partner program, we and the Partner may share information to administer, develop, manage and promote the program

If you withdraw your consent to this sharing, you may not be able to participate in the partner program as the sharing may be necessary to receive the benefits and features of the program. We and our program partners may provide you with a privacy notice that explains how your information will be handled for a particular partner program.

If we enter into a business transaction involving Personal Information or are considering one, such as selling or securitizing assets, we may share information with the other organizations or people involved in the transaction. For example, we may share information so a purchaser can do their due diligence before the transaction. We may also share information when the transaction is completed. These other parties must keep this information confidential and limit its use to the purposes of the transaction.

Where we buy information as part of a business transaction, this Privacy Policy applies to our collection, use and sharing of the Personal Information (which may include information we continue to hold after the end of your relationship with us). If we sell assets, the purchaser may be allowed or required by law to keep some Personal Information for a defined length of time.

We may de-identify your information by removing information that identifies you, such as your name, address, and account numbers. We may then combine this information with other information, and use it for internal business purposes, such as:

• Analysis and reporting
• Developing and improving our Products and Services
• Understanding and predicting client needs and preferences
• Preventing and detecting fraud
• Identifying trends like purchasing patterns, fraud trends, or
• Enhancing our marketing. Refer also to section 4(C) “Provide you with value”

When you visit our Website, we may place a text file called a “cookie” in the browser directory of your computer’s hard drive. A cookie is an alphanumeric identifier that enables our systems to recognize your browser and to provide more efficient service of our Website.

Tracking pixels can also be used to check if you have accessed content, monitor web traffic and provide metrics similar to cookies. Below, we describe how we use cookies and similar technologies. Please refer to section 11 “Your rights” for information on how to manage your preferences on our use of these technologies.

We use persistent cookies to measure site and mobile app usage, including browsing behaviour. We do this to improve how our sites work and to measure the effectiveness of our sites, communications and promotional offers. For example, we use persistent cookies to track the CARFAX web and mobile pages you visit, which CARFAX online marketing ads you click and your response rate, and the keywords you searched to find our site. If the CARFAX ad is on a third-party site, we may collect the address of the site where you click the ad, but we won’t track or create a profile of your activity on third-party sites.

We may also use cookies and work with third party service providers who use cookies to collect traffic data and other information about your use of our Website. We and our service providers will use this information in aggregated and anonymous form to analyze usage of our Website and to improve the operation of our Website, Services and/or Products.

We also use persistent cookies to save your digital personal preferences. You must allow persistent cookies if you want your browser to remember your preferences such as card number, language or default home page each time you sign on.

Software applications, such as videos, may create cookies to store configuration information on your computer. These cookies allow you to view videos or other rich media on CARFAX sites. Certain CARFAX online tools, such as calculators, use cookies to save the information you enter, such as odometer reading, so you don’t have to re-enter this information each time you use the tool.

Some browsers can be set to reject all cookies. The "help" portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and/or how to disable cookies altogether. If you choose to modify your browser in this manner, some pages of our Website may not function properly. Cookies allow you to take full advantage of some of our most advanced features, and we recommend that you leave them turned on.

We are committed to ensuring that the Personal Information collected in the course of you accessing or using any of our Offerings is protected against loss, theft and unauthorized use, sharing, or access. This protection applies in relation to information stored in both electronic and hard copy form, and access to collected Personal Information is restricted to selected employees, representatives and third parties as described above. For example, when we transmit your information via the Internet or other electronic means, we encrypt it, which helps protect it.. We also reveal only the last five digits of your credit card numbers when confirming an order.

• Records Retention and Disposal Policy, which guides the handling, storage and secure disposal of your information throughout its life cycle, while maintaining data quality and integrity
• Record Retention Schedules, which defines how long we keep different types of information and help make sure we don’t keep it any longer than necessary
• Acceptable Use Policy, which outlines the responsibilities of employees in maintaining the security and privacy of your information and set the guidelines for how we use company information and systems

• Defining roles and responsibilities for handling your information from the moment we gather it until it is destroyed
• Limiting access to information based on employees’ roles and responsibilities
• Requiring all employees to complete annual mandatory training on privacy and information security
• Carefully selecting the service providers who handle Personal Information on our behalf, and making sure they have privacy and security standards that meet our requirements. We use contracts and other measures with our service providers to keep your information secure and to make sure it is only used for the intended purposes
• Protecting the security of your Personal Information and the transactions you conduct online, including implementing multiple layers of protection when you access any of our digital Products or services. For example:
  • Web browser encryption: all browsers supported by digital services offer industry standard encryption. This provides a high level of protection for transmitting confidential data over the Internet.
  • Monitoring: we monitor activity on our Digital Channels to enhance security and to protect your Personal Information.
• Implementing other physical, technological and administrative security safeguards to protect your information
• Regularly auditing our security safeguards and assessing that they remain effective and appropriate
• We also have policies and practices in place to handle privacy complaints, as described in more detail in section 11 “Your Rights”

The Website may offer links to third party websites. You should be aware that operators of linked websites may also collect your Personal Information (including information generated through the use of cookies) when you access their websites. We are not responsible for how such third parties collect, use or disclose your Personal Information, so it is important to familiarize yourself with their privacy policies before providing them with your information.

We retain your Personal Information for as long as necessary to fulfill the purpose(s) for which it was collected, and to comply with applicable laws, enforce our Conditions of Use and other agreements we have entered into with you, and protect or enforce our rights. This may include exchanging information with other companies, governmental and quasi-governmental institutions and crime prevention organizations for fraud investigation, detection, prevention and/or protection purposes. Your consent to such purposes remains valid after you leave the Website and/or cease using any of our Offerings.

For these reasons, we keep your information beyond the end of your relationship with us. When we don’t need your information any longer, we securely destroy it or (where permitted) make it anonymous, following all applicable laws, so that the information can no longer identify you. We have record retention policies and schedules that set out retention periods depending on the type of information, and the process that must be followed when a retention period expires. For the purposes set out in this Privacy Policy, we or one of our affiliates or an unaffiliated service provider may process and store your Personal Information outside of the province in which you reside and/or outside of Canada, and under the laws of those other jurisdictions, in certain circumstances courts, law enforcement agencies, regulatory agencies or security authorities in those other provinces or foreign jurisdictions may be entitled to access your Personal Information.

You have the right to access personal information we hold about you. You can do this by contacting us at the contact information below in section 13, “Contact Us”.

You will need to put your request in writing (email or letter) and give us enough details to help us understand the information that you want to access. We must verify your identity before we start our search, or before we give you access to your information. We will tell you if there is a fee to access your information. We may also ask you for more information to confirm the scope of your request, such as the time period or a more specific description of the information you want to access.

After we receive your written request, verify your identity and understand the scope of your request, we will give you a written response to your access request within the timeframe set by applicable privacy law (usually 30 days, but laws may differ).

There may be limits to your right to access your information. For example, if the information is subject to legal privilege, contains confidential commercial information, relates to an investigation of a breach of an agreement or law, or contains information about other individuals that cannot be separated.

If we have information about you that we got from others, you can ask us for the source of that information, subject to certain restrictions under applicable law. If you ask for it, and where legally permitted and required, we will also give you certain details about how we handle your personal information, such as the types of third parties to whom we have, or may have, disclosed your information.

You can help us maintain the accuracy of your Personal Information by notifying us of any changes to this information. You may contact us to request a correction or update of your Personal Information using the contact information provided in section 13, “Contact Us”.

You can withdraw your consent to our collection, use and sharing of information at any time by giving us reasonable notice, subject to legal, business, or contract requirements. However, withdrawing your consent may limit or prevent us from providing you with specific Products and Services. For example, if you don’t give us your email address, we can’t provide you with any Product or Services that we deliver electronically. If you withdraw your consent to exchange Personal Information with insurers, we will not be able to provide you with certain Products or Services.

In some circumstances, you can’t withdraw your consent. For example, you can’t withdraw your consent if the collection, use and sharing of information without consent is permitted or required by law or necessary to manage our business, comply with legal and regulatory obligations, assign our rights to others for business transactions, or as otherwise described in section 4(E)XX “Manage our business”

If you have any questions, concerns or complaints about this policy or our privacy practices, let us know right away (you can use the contact information found in section 13, “Contact Us”). In most cases, you can resolve a question, concern or complaint simply by talking to us about it. If you choose to send us an email, don’t include sensitive information such as payment card or account numbers.

Be sure to include your name and contact information where you prefer to be reached, the nature of your complaint, question or concern, details relevant to the matter and the names of any individuals whom you have already discussed the issue with.

We may update this Privacy Policy and our other privacy-related documents. Any changes we make to this Privacy Policy take effect when we post the updated Privacy Policy on our Website and any other channels where this Privacy Policy appears. In some cases, we will also notify you of changes we make to the Privacy Policy in accordance with applicable law, for example, by posting a notice of the changes on our Website or using other appropriate ways to reach you.

When you continue to use our Products and Services after we post the modified version of the Privacy Policy, you accept the changes to the Privacy Policy. The date at the top of this Privacy Policy indicates when it was last updated.

In the event that you have any questions about this Privacy Policy or if you have reason to believe that we may have failed to adhere to this Privacy Policy, you may contact our Chief Privacy Officer by email at privacy@carfax.ca, or by mail at:

CARFAX Canada ULC
CARFAX Canada, 100 Kellogg Lane Suite #301
London, ON N5W 0B4
Attn: Chief Privacy Officer