Effective Date: May 7, 2020

Effective Date: May 7, 2020

This Privacy Shield Policy ("Policy") describes how Agero, Inc.’s subsidiary, SwoopMe, Inc. and its affiliates in the United States ("US") ("Swoop", "we" or "us") collect, use, and disclose certain personally identifiable information that we receive in the US from the European Economic Area ("EEA") and the United Kingdom (“UK”) ("Personal Data"). This Policy applies to the following US affiliated entities: SwoopMe, Inc. This Policy supplements our Website Privacy Policy located at www.agero.com/privacy, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the Website Privacy Policy.

The majority of our services are provided on behalf of our clients, who may be your vehicle manufacturer, insurance carrier, financial institution, motor club, or other company that offer you roadside assistance services and benefits (in such capacity, a “Client”) through an endorsement to your insurance policy, warranty coverage under your new vehicle, services or maintenance agreements, motor club or subscription arrangements (“Service Agreement”) between you and a Client. In these cases, we are acting as a “Processor” under the EU General Data Protection Regulation (“GDPR”), and the party that is the controller of the Personal Data is the Client. If you are accessing our services through one of our Clients, we suggest that you direct your requests for data access, data deletion or other privacy requests to the Client by going to the Client’s website. Please see the Section titled “Access Rights” below to understand your rights.

Swoop recognizes that the EEA and UK have established strict protections regarding the handling of Personal Data, including requirements to provide adequate protection for Personal Data transferred outside of the EEA or the UK. To provide adequate protection for certain Personal Data about our clients, their customers, our employees and job applicants received in the US from the EEA or the UK, Swoop has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce ("Privacy Shield"). 

Swoop complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Swoop has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

For purposes of enforcing compliance with the Privacy Shield, Swoop is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
 
Information We Collect / Disclose
Through our website and/or the provision of Services, we may collect or receive information that may be deemed Personal Data. In particular, through the provision of Services, Swoop has collected the following categories of Personal Data from consumers, and/or disclosed for a business purpose such categories to third parties:
 
Category Examples Collected Disclosed

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers. 

YES YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, address, telephone number, insurance policy number, or credit card number. Some personal information included in this category may overlap with other categories.

YES YES

C. Protected classification characteristics under California or federal law.

In obtaining information to identify consumers for the roadside services, at times we may collect the consumers’ identifying characteristics or special need requirements, such as gender, physical disability, or similar identifying information. 

YES YES

D. Commercial information.

Records of personal property (such as the VIN, year, make, model, and color for the disabled vehicle), products or services purchased, obtained, or considered.

YES YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

YES YES

G. Geolocation data.

Physical location of the disablement location, and (if you are using a mobile application) the movement of the towed vehicle to the tow-to location. 

YES YES

H. Sensory data.

Audio recordings are made of your communications with our contact centers.

YES YES

I. Professional or employment-related information.

Current or past job history or performance evaluations.

NO NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO NO
K. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

NO NO

Personal Data does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information specifically excluded from the scope of the GDPR.
     

Purpose and Use of Personal Data
We may process, use, or disclose the Personal Data we collect from consumers for one or more of the following purposes set forth below. 

  • To fulfill or meet the reason you provided the information. For example, if you provide your Personal Data to request emergency towing service or roadside assistance service, make customer service-related inquiries, or obtain information related to a recent transaction, we will use and disclose that information to facilitate performance of the requested services.
  • To comply with contractual requirements with our Clients, including data retention requirements.
  • To process your requests, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, reviews, comments or other feedback you provide us, including to investigate and address your concerns and monitor and improve our responses.
  • To help maintain the safety, security, and integrity of our website(s), digital services, databases and other technology assets, and our business.
  • To perform analysis to better understand the Clients’ customers, our suppliers and customers, and to assist with product testing and product development, including to develop and improve our website(s), digital services, and Services.
  • To comply with legal, regulatory or administrative requirements of governmental authorities.
  • To respond to judicial proceeding, subpoena, court order or other legal process; or as reasonably necessary to (i) investigate, prevent or take action regarding suspected or actual illegal activities; (ii) investigate and defend ourselves against third party claims or allegations; or (iii) protect the security or integrity of our Services.
  • Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
  • As described to you, or directed or authorized by you, when collecting your Personal Data, or as otherwise set forth in applicable law, including the GDPR.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Swoop’s or its affiliates’ assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Swoop about you is among the assets transferred.
     

Swoop will only process Personal Data in ways that are compatible with the purpose that Swoop collected it for, or for purposes the consumer later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out.

Swoop maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.

Sharing / Transferring Personal Data
Swoop may disclose your Personal Data to a third party for a business purpose.

We share your Personal Data with the following categories of third parties.

  • Service providers who are towing, roadside, and vehicle repair industry participants, and other service providers that provide support services. We share your information with companies we work with in connection with the provision of our Services. These companies provide services that include towing and roadside assistance, vehicle appraisal, vehicle repair, call center services, customer support, payment processing, cloud computing and communications, data analytics, document and records management, data backup and recovery, digital communications, and other support services. These companies will only have access to your Personal Data that is reasonably necessary to perform services on our behalf.
  • Third parties who provide customer requested services, such as ride sharing, taxi services, vehicle repair, vehicle transport, concierge services, public emergency and first response services, and membership discount benefits.
  • Third-Party Agents or Service Providers. Where required by the Privacy Shield, we enter into written agreements with third-party agents and service providers requiring them to provide the level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to contractually require third-party agents and service providers to process Personal Data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.
  • Third-Party Data Controllers. In some cases, we may transfer Personal Data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your Personal Data to third-party data controllers for the provision of certain services, including mapping services, location services and other purposes. We will only provide your Personal Data to third-party data controllers where you have not opted-out of such disclosures. We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the level of protection for Personal Data the Privacy Shield requires. We also limit their use of your Personal Data so that it is consistent with any consent you have provided and with the notices you have received.
  • If we transfer your Personal Data to one of our affiliated entities within our corporate group, we will take steps to require that your Personal Data is protected with the level of protection the Privacy Shield requires.
     

Security
Swoop maintains reasonable security measures designed to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield. While such security measures are used, we cannot guarantee the security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over wireless communication, and any information you transmit to Swoop you do at your own risk.

Access Rights
You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below or by submitting a request to: www.gdprrequest.agero.com.  We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.

Questions or Complaints
In compliance with the Privacy Shield Principles, Swoop commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Swoop at:

Postal Address:
Agero/Swoop
PO Box 9105
Medford, MA 02155
Attn: Legal/Consumer Privacy Inquiries Mailbox

Email: consumerprivacyinquiries@agero.com

Swoop has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request.

Binding Arbitration
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Swoop and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Privacy Shield Framework: Annex I (Binding Arbitration).

Contact Information
If you have any questions or comments about this policy, the ways in which Swoop collects and uses your information, your choices and rights regarding such use, or wish to exercise your rights, please do not hesitate to contact us at:

Email: consumerprivacyinquiries@agero.com
Postal Address: Agero/Swoop, PO Box 9105, Medford, MA 02155, Attn: Legal/Consumer Privacy Inquiries Mailbox

Changes to Our Privacy Shield Policy
Swoop reserves the right to amend this policy at our discretion and at any time. When we make changes to this policy, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.

SwoopMe, Inc. is a subsidiary of Agero, Inc.
©2020 Agero, Inc. All rights reserved.