Effective Date: July 1, 2024
This Data Privacy Framework Policy ("Policy") describes how SwoopMe, Inc. and its affiliates: Agero Administrative Service Corp., MBSi Corp. and Agero International Services, Inc. (collectively "Swoop", "we" or "us") collect, use, and disclose certain personal data that we receive in the U.S. from the European Economic Area ("EEA") and the United Kingdom (“U.K.”). This Policy applies to SwoopMe, Inc. and its U.S. affiliated entities Agero Administrative Service Corp., MBSi Corp. and Agero International Services, Inc. and supplements our Website Privacy Policy located at www.agero.com/privacy-cookies-policy. Unless specifically defined in this Policy, the terms in this Policy have the same meaning as the Website Privacy Policy.
Swoop complies with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and the UK to the United States. Swoop has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov. For purposes of enforcing compliance with the Data Privacy Framework, Swoop is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.
Customer Complaints Regarding Use or Disclosure of Personal Data (Non-HR Data)
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Swoop commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to TRUSTe, our alternative dispute resolution provider that is based in the U.S. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the following link to our alternative dispute resolution provider for more information or to file a complaint, (free of charge) at: https://feedback-form.truste.com/watchdog/request. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.
Complaints Regarding Use or Disclosure of Human Resources Data
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Swoop commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.
Binding Arbitration
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Swoop and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Data Privacy Framework: Annex I (Binding Arbitration).
Collection of Customer Personal Data (HR Data and Non-HR Data)
We may collect or process various categories of personal data. As an overview, we collect identifiers; personal data found in customer records; characteristics of protected classifications under applicable laws; commercial information; internet or other similar network activity information; sensitive personal data in the form of account log-in and password, precise geolocation information, and mobile device information such as your SMS messages; sensory information; and professional or employment-related information (of applicants and employees that are EU and UK residents). We collect this information to fulfill or meet the reason you provided the information, to comply with contractual requirements with you and our clients, to process your requests, to provide you with support, to help maintain the safety, security, and integrity of our applications and services, to perform analysis to better understand clients and our customers, and other business and commercial purposes outlined throughout this Policy. We only collect sensitive personal data to provide our services. We only keep personal data for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
Sources of Personal Data from Customers (Non-HR Data)
Swoop obtains the categories of personal data listed above from the following categories of sources:
- Directly from you. For example, (i) by calling or communicating electronically with one of our call centers or call center vendors to request services or make inquiries, (ii) by the submission of your information through written or electronic forms you complete, or products and services you request (this includes your purchase of on-demand services at the time of your vehicle’s disablement).
- Indirectly from you. For example, from observing your actions when visiting our website(s) or requesting services through our websites or mobile applications.
- From clients. For example, when you enter into a service agreement with a client, the client will disclose your personal data to us so that we may provide services to you on behalf of the client.
- From independent contractors providing roadside assistance services and emergency towing services. For example, we may receive certain personal data about you, including, without limitation your real-time precise geolocation information, in connection with the towing and/or roadside assistance services provided.
- From dealers, repair facilities, overnight storage facilities, vehicle inspection stations, salvage lots and other third parties that provide similar services. For example, we may receive certain personal data about you, including, without limitation, your name, phone number, vehicle information, and vehicle location as part of a request to pick-up or deliver the disabled vehicle to these types of locations, or information related to repairs, including, without limitation, the date of loss of service, the repair services provided to your vehicle and the costs associated with such repair services.
Use of Customer Personal Data (Non-HR Data)
We may use or disclose the personal data listed in the categories above for one or more of the purposes listed below.
- To fulfill or meet the reason you provided the information. For example, if you provide your personal data to request emergency towing service or roadside assistance service, make customer service-related inquiries, or obtain information related to a recent transaction, we will use and disclose that information to facilitate performance of the requested services.
- To comply with contractual requirements with our clients, including data retention requirements.
- To process your requests, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, reviews, comments or other feedback you provide us, including to investigate and address your concerns and monitor and improve our responses.
- To help maintain the safety, security, and integrity of our websites, digital services, databases and other technology assets, and our business.
- To respond to lawful requests from public authorities, including to meet national security or law enforcement requirements
- To respond to judicial proceeding, subpoena, court order or other legal process; or as reasonably necessary to (i) investigate, prevent or take action regarding suspected or actual illegal activities; (ii) investigate and defend ourselves against third party claims or allegations; or (iii) protect the security or integrity of our services.
- As described to you, or directed or authorized by you, when collecting your personal data, or as otherwise set forth in applicable law.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about you is among the assets transferred.
- For advertising or marketing purposes.
- To perform analysis to better understand the clients’ customers, our suppliers and customers, and to assist with product testing and product development, including to develop and improve our websites, digital services, and services.
How we Disclose Customer Personal Data (Non-HR Data)
Swoop may disclose your personal data to a third party for a business purpose. We may disclose your personal data with the following categories of third parties.
- Service providers who are towing, roadside, and vehicle repair industry participants, and other service providers that provide support services, including call center services. We may disclose your information to companies we work with in connection with the provision of our Services. These companies provide services that may include towing and roadside assistance, vehicle appraisal, vehicle repair, call center services, customer support, payment processing, cloud computing and communications, data analytics, hiring, document and records management, data backup and recovery, digital communications, and other support services. These companies will only have access to your personal data that is reasonably necessary to perform services on our behalf.
- Third parties who provide customer requested services, such as ride sharing, taxi services, vehicle repair, vehicle transport, concierge services, public emergency and first response services, and membership discount benefits. These parties are responsible for providing you with notice of their privacy practices.
Human Resources Data for EU and UK Applicants and Employees
When you apply for a position with us, we will process your personal data as described in this Policy, as it relates to you as a job applicant. When you apply for a job with us, we ask you to provide personal data that may include sensitive personal data, to evaluate your application. Please note, if you choose not to provide requested personal data, our ability to consider you for a position may be limited. We may also get information about you from public sources or third parties. For example, to verify information in your application or conduct background screenings, as allowed by law. If you choose, you may provide us with personal data on third party sites like LinkedIn. If you choose to authorize us to access this personal data, you agree that we may collect, store, and use this information in accordance with this Policy.
How we use and disclose Human Resources Personal Data
We will use your human resources personal data for the below purposes:
- Recruitment, evaluation and selection of job candidates
- General, human resources administration and management
- Management of employee payroll, health benefits and other employment benefits
- Conducting satisfaction surveys (for example, to manage and improve the recruitment process)
- Verifying your employment reference(s), conducting background checks, and related assessments
- Compliance with legal and company requirements (for example, to monitor diversity)
- Communicating with you regarding your application and interest in working with us
- Identify potential symptoms relating to communicable diseases (including COVID-19), prevent the spread of diseases, and conduct contact tracing
- Future job opportunities if you allow this use
- To respond to lawful requests from public authorities, including to meet national security or law enforcement requirements
- To respond to judicial proceeding, subpoena, court order or other legal process; or as reasonably necessary to (i) investigate, prevent or take action regarding suspected or actual illegal activities; (ii) investigate and defend ourselves against third party claims or allegations; or (iii) protect the security or integrity of our company or Services
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the company’s assets, in which personal data held by us about you is among the assets transferred.
How we Disclose Human Resources Personal Data
Your personal data will only be disclosed with: company employees with a legitimate business need; third parties specific to job applicants and employees, such as recruitment agencies, background service providers, payroll administrators, providers of health benefits, providers of other employee benefits, consultants, and attorneys. These entities may change over time. We request third parties handling personal data do so in a manner consistent with this Policy and in accordance with the law.
Customer, Employee and Applicant Rights and Choices (both HR Data and Non-HR Data)
Applicable law provides customers, applicants and employees who are EU or UK residents with specific rights regarding their personal data.
Right to Know / Access. If you are a customer, applicant or employee who is a resident of the EU or UK, you have the right to request that we disclose certain information to you about our collection and use of your personal data over the past twelve months, subject to certain exceptions. Once we receive and confirm your verifiable data subject request, we will disclose to you the categories of personal data we collected about you, the categories of sources of personal data collected about you, our business or commercial purpose for collecting, disclosing or sharing that personal data, and the categories of third parties with whom we disclose or share that personal data.
Right to Delete. If you are a customer, applicant or employee who is a resident of the EU or UK, you have the right to request that we delete your personal data that we collected from you and retained, subject to certain permitted exceptions. Once we receive and confirm your verifiable data subject request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies. We may deny your deletion request if permitted under applicable law, including situations in which retaining the information is necessary for us or our service provider(s) to:
- Complete the purpose for which we collected the personal data, provide the services that you requested, take actions reasonably anticipated within the context of our ongoing applicant / employment relationship with you, or otherwise perform our employment with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Enable solely internal uses that are reasonably aligned with expectations based on your applicant or employment relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Other situations as may be permitted by or required by law.
Right to Correct. If you are a customer, applicant or employee who is a resident of the EU or UK, you have the right to request to correct your personal data if inaccurate.
Choice (both HR Data and Non-HR Data)
You have the right to choose (opt out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. Subject to the exceptions set forth below, if you wish to opt out, please follow the instructions in the section titled “Exercising Your Rights” below.
Applicable law allows certain exceptions to your ability to opt out, such as where we are parties to a contract that is still being performed, where we need the information to provide the service you purchased, the law requires us to maintain your information, or otherwise. Where applicable law permits us to retain and continue to use such information and we do so, we will do so only to the extent permitted or required by law.
If you contact us to opt out, we will explain the options available and comply with your request as required by the Principles and applicable law.
The above choice / opt-out does not apply where the sharing of your personal data is with a third party who is acting as our agent (such as our service providers who perform services that help us to run our business). We will not provide your personal data to a third party under these circumstances, unless we have a contract in place with that third party that requires the third party to protect your information.
Sensitive Information. We will obtain your affirmative express consent (opt in) from you if we collect sensitive information and that information is to be (xi) disclosed to a third party or (xii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice.
We also treat as sensitive any personal data received from a third party where the third party identifies and treats it as sensitive.
Subject to the exceptions set forth in the Choice section above, if you wish to opt out, please follow the instructions in the section titled “Exercising Your Rights” below.
Exercising your Rights
EU Customers (Non-HR Data)
Our services in the EU are provided on behalf of corporate clients, who may be your vehicle manufacturer, auto insurance carrier, financial institution, or other company that offers you towing and roadside assistance services and benefits. Under this model, we are acting as a ‘service provider’ on behalf of our client and the privacy terms related to your data are provided through your agreement with our client. If you are accessing our services through one of our clients, we suggest that you direct your requests for data access, data deletion, data modification, to exercise your choice, or other requests to the client (privacy terms will often be available through their websites).
EU Applicants or Employees (HR Data)
If you are an applicant or employee who is a resident of the EU or UK, you have the right to exercise your rights noted above by emailing: HRserviceCenter@agero.com or using this mailing address:
Agero / Swoop
Attn: HR Department
PO Box 9105
Medford, MA 02155
Questions or Complaints (both HR Data and Non-HR Data)
In compliance with the Data Privacy Framework Principles, Swoop and its affiliates in the United States commit to resolve complaints about our collection or use of your personal data. Individuals in the European Union or U.K. with inquiries or complaints regarding our Data Privacy Framework Policy should first contact Swoop at:
Postal Address:
Agero / Swoop
Attn: Legal/Consumer Privacy Inquiries Mailbox
PO Box 9105
Medford, MA 02155
Email:
consumerprivacyinquiries@agero.com
Changes to Our Data Privacy Framework Policy
Swoop reserves the right to amend this policy at our discretion and at any time. When we make changes to this policy, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
SwoopMe, Inc., Agero Administrative Service Corp., MBSi Corp. and Agero International Services, Inc. are subsidiaries of Agero, Inc.
©2024 Agero, Inc. All rights reserved.