Privacy Policy
Privacy Policy
Last Updated: 10/30/2023
INTRODUCTION
This Privacy Policy pertains to this website, along with the products and services offered on this website, including, but not limited to, NextGear, MyShopManager and the Payment Services (as defined in our Terms of Use) (the “Services”) which are made available by BOLT ON Technology, LLC (“BOLT ON”, “we”, “our”, “us”). This Privacy Policy is intended to inform our users (“user(s)”, “you”, or “your”) about how we may collect and use the personal information that you provide through your use of and access to the Services, the manner in which we may use such information, how we protect it, and the choices available to you regarding our use of your personal information.
We may modify or supplement this Privacy Policy from time to time by posting those changes on this page. Any changes will become effective as of the date of posting. Please review this Privacy Policy often so you are always fully informed of any changes.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us or if you are aware that any personal data, we hold is inaccurate.
This Privacy Policy is binding on all those who access, visit, and/or use the Services, whether acting as an individual or on behalf of an entity. If you do not agree to be bound by this Privacy Policy, then do not access or use the Services.
This Privacy Policy is part of our Terms of Use, which govern your use of the Services. By using the Services, contacting us to inquire about the Services, or otherwise providing us with information, you consent to our Privacy Policy and agree to our Terms of Use.
The Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Services, we encourage you to read the privacy policy of every website you visit.
This Privacy Policy does not apply where we process personal information as a service provider on behalf of a customer or entity who collects such data from you, for example, the customers of our shop management software. When we act as a service provider, the privacy policy of the relevant data controller and our agreements with such business or entity will govern our processing of such personal information.
If you have any questions about this Privacy Policy, please contact us as directed below.
Children’s Data Protection and Parental Responsibility
We recognize the importance of children’s safety and privacy. The Services are not designed to attract children and are not intended for use by any children under the age of 13. We do not request, or knowingly collect, any personally identifiable information from children under the age of 13. Minors under the age of 18 (but older than 12) may use the Services only under the supervision of a parent or legal guardian who agrees to be bound by our Terms of Use. If you are the parent or guardian of a child under 13 who has provided her or his information to us, please contact us at support@boltontechnology.com to request the deletion of that information.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes (but is not limited to) first name, last name, username or similar identifier, title, and date of birth.
- Contact Data includes (but is not limited to) billing address, residential address, email address and telephone numbers.
- Transaction Data includes (but is not limited to) details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes (but is not limited to) internet protocol (IP) address, unique mobile device identification numbers, type of device, login data, browser type and version, time zone setting and geo location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.
- Profile Data includes (but is not limited to) your login details, purchases or orders made by you, preferences, feedback, and survey responses.
- Usage Data includes (but is not limited to) information about how you use the Services.
- Marketing and Communications Data includes (but is not limited to) your preferences in receiving marketing from us and our third parties, news about our products and your communication preferences.
If you decide to make a payment for any of our products and services, your Financial Data, which includes your bank account and payment card details, will be collected and processed by our external payment service provider. We will not have access to, collect, use, store or transfer your Financial Data.
We also collect, use and share Aggregated Data such as statistical data, demographic data and data relating generally to the service and repair of vehicles for any purpose. Aggregated Data may be derived from your personal data but is anonymized and is not considered personal data by law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Services. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your device. This software may record information such as aggregated usage and performance data. We do not link the information we store within the analytics software to any personal information you submit within the Services.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us.
HOW YOUR DATA IS COLLECTED
We use different methods to collect data from and about you including, but not limited to:
- Direct interactions. You may give us your Identity Data, Contact Data and Financial Data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:
- make purchases in the Services;
- create an account;
- subscribe to our newsletter or other publications;
- request marketing to be sent to you;
- request support for the Services; or
- give us feedback.
- Automated technologies or interactions. As you interact with the Services, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, pixels, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Technical Data from analytics providers, advertising networks and search engine providers.
- Identity, Transaction, Financial and Contact Data when shared with us by a business you interact with that uses the Services as part of their business.
- Contact and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from data brokers or aggregators.
- Identity and Contact Data from publicly availably sources.
HOW WE USE YOUR DATA
We will only use your personal data as allowed by law. Most commonly, we will use your personal data in the following circumstances:
- For the performance of a contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
You have the right to withdraw consent to marketing at any time by contacting us at support@boltontechnology.com. The withdrawal of consent will not affect the lawfulness of any processing that took place before the withdrawal.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we may use your personal data, and which of the legal bases we rely on to do so.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Purpose/Activity |
Type of data |
Basis for processing |
To register you as a new user |
(a) Identity |
Performance of a contract with you |
To process and deliver your order including: |
(a) Identity |
(a) Performance of a contract with you |
To manage our relationship with you which will include: (c) Fulfilling our business relationship with you |
(a) Identity |
(a) Performance of a contract with you |
To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity |
(a) Performance of contract |
To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
(a) Identity |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve the Services, marketing, user relationships and experiences |
(a) Technical |
Necessary for our legitimate interests (to define types of users, to keep the Services updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about goods or services that may be of interest to you |
(a) Identity |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
To process your job application to work with us |
(a) Identity |
Performance of a contract with you |
To facilitate a duty of care to you |
(a) Identity |
Necessary for our legitimate interest (to help you manage aspects of your activities when interacting with our products/services) |
We may disclose information where we are required to do so by law, for example, in response to a court order or a subpoena, or where we disclose information to data processors who act on our behalf (service providers or other group companies who provide support for the operations of the Services and who do not use or disclose the information for any other purpose). To the extent permitted by applicable law, we also may disclose personally identifiable information in response to a law enforcement agency’s request or other public agency’s (including schools or children services) request or if we feel that such disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using the Services protect the security or integrity of the Services and networks, and/or enable us to take precautions against liability, misuse or unauthorized use.
Marketing
We provide you with choices regarding our use of your personal data for marketing and advertising purposes. You will receive marketing communications from us if you have subscribed for an account with us or purchased goods or services from us and you have not opted out of receiving that marketing. All of our marketing communications to you contain an opt out option and you can opt out at any time. Please note that the opt out will not affect the lawfulness of processing that has taken place before the opt out.
Third-Party Marketing
We will get your explicit opt-in consent before we share your personal data with any company outside of BOLT ON for marketing purposes.
Opting Out
You can ask us to stop sending you marketing messages at any time by contacting us at support@boltontechnology.com at any time.
Opting Out of Geolocation
If you have previously allowed us to access your geolocation data, you can stop making geolocation available to us by visiting your mobile device’s settings for the Services or the “settings” page for the Services.
Opting Out of Other Communications
When you install the Services on your mobile device you can choose to receive push notifications, which are messages our games send you on your mobile device even when the mobile app is not on. You can turn off notifications by visiting your mobile device’s “settings” page.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and obtain your consent to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
DATA SECURITY
We incorporate commercially reasonable safeguards to help protect and secure your personal information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the Services, and you provide us with your information at your own risk.
If you have any questions about security on the Services or if you become aware of any unauthorized use of an account or suspect a security breach, notify us immediately via email at support@boltontechnology.com. If our security system is breached, we will notify you of the breach only if and to the extent required under applicable law.
DATA RETENTION
We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Data Protection Rights Under the General Data Protection Regulation (GDPR)
If you are a resident of or located within the European Economic Area (EEA), you have certain additional data protection rights. These rights include:
- The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your personal information.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
Legal Basis for Processing Personal Information Under GDPR
Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal information we collect and the specific context in which we collect it.
We may process your personal information because:
- We need to perform a contract with you;
- You have given us permission to do so;
- The processing is in our legitimate interests and it is not overridden by your rights; or
- To comply with the law.
Retention of Information
We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
We will also retain usage data for internal analysis purposes. Usage data is data collected automatically either generated by the use of the Services or from the Services’ infrastructure itself (for example, the duration of a page visit). Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Services or we are legally obligated to retain this data for longer periods.
Transfer of Information
Your information, including personal information, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
We will take all the steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Disclosure of Personal Information
Disclosure for Law Enforcement - Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
Legal Requirements
We may disclose your personal information in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend our rights or property
- To prevent or investigate possible wrongdoing in connection with the Services
- To protect the personal safety of users of the Services or the public
- To protect against legal liability
Security of Information
The security of your personal information is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Please note that we may ask you to verify your identity before responding to such requests.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your personal information first.
For more information, please contact your local data protection authority in the EEA.
STATE PRIVACY RIGHTS
Under some U.S. state laws, including the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act CPRA), residents may have the following rights:
- Right to Know: The right to request the personal data that we collect, uses or discloses and information about our data practices;
- Right to Request Deletion: The right to request that we delete the personal data we have collected about a user;
- Right to Opt-Out of Data Sales: The right to restrict the sale to third parties of a user’s personal data that we have collected;
- Right to Non-Discrimination: The right to not be discriminated against for exercising any of these rights;
- Right to Correct Information: The right to update or correct the personal data that we collect;
- Right to Limit Use or Disclosure of Sensitive Personal Information: The right to limit the use and disclosure of Sensitive Personal Information (as defined under the CPRA);
- Right to Access Information Related to Automated Decision Making: The right to inquire about our logic involved in automated decision-making applied to personal data we collect; and
- Right to Opt-Out of Automated Decision-Making Technology: The right to request a user’s removal from having automated decision-making applied to a user’s personal data that we collect.
To request further information pursuant to a user’s “right to know” or to request deletion of personal data pursuant to the user’s “right to request deletion”, please contact us at support@boltontechnology.com.
We will acknowledge receipt of such request within 10 business days, and provide a substantive response within 45 calendar days, or inform the user of the reason and extension period (up to 90 days) in writing.
Only a user or an authorized agent may make a request related to such user’s personal data. Note that to respond to a user’s requests to access or delete personal data as outlined in applicable state laws, we must verify the user’s identity.
California’s Shine the Light Law
California Civil Code Section 1798.83 permits California residents to request and obtain a list of what data (if any) that we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to support@boltontechnology.com.
Changes in this Privacy Policy
We reserve the right to modify and update this Privacy Policy at any time by posting an amended version of the statement on the Services. Please refer to this policy regularly. If at any time we decide to use personal information in a manner different from that stated at the time it was collected, we will notify you either on the Services or via email.
QUESTIONS AND COMMENTS
If you would like to provide feedback to us about this Privacy Policy, or if you have any questions, please contact us at support@boltontechnology.com.