Global Consumer Privacy Notice

  1. INTRODUCTION

    Hello, and thank you for stopping by. This Global Consumer Privacy Notice "Notice" explains how your Personal Data is collected, used and disclosed by Uni-Select Inc. and its subsidiaries, many of which operate under GSF Car Parts®, Bumper to Bumper®, FinishMaster® or other store logos (hereinafter referred to collectively as, "Uni-Select" or "we", "our", "us").

  2. USEFUL INFORMATION

    We have included some information here that may be helpful to you as you read through the Notice.

    Our Global Privacy and Data Protection Officer ensures that we are clear and fair about how we use your personal data and comply with any law that may affect your privacy. You can contact the Privacy Officer through email at: privacy@uniselect.com or by mail at: Attn: Global Privacy and Data Protection Officer - Uni-Select, 170 Industriel Blvd. Boucherville QC (Canada) J4B 2X3.

    You are the consumer, data subject or individual. This can be someone who visits our website or stores, or purchases goods or services from us in person, via phone, in writing, or online. You may also be an owner or employee of a company that we conduct business with.

    By personal data (also called data), we mean the information we have gathered about you, either because you've given it to us or we've collected or generated it. This is information that relates to and identifies you or can be used to identify you, like your name, email address, account data or digital identifiers, like IP address and cookies.

    The data controller of your data is the Uni-Select legal entity with which you conduct business or interact, many of which operate under GSF Car Parts® or the Bumper to Bumper®, FinishMaster®, or other store logos. This means that they decide how and why your personal data is processed.

    Processing your data just means anything we do with it - collecting it, using it, storing it, sharing it, and deleting it.

  3. SUMMARY CONSUMER PRIVACY NOTICE

    We encourage you to read the full Consumer Privacy Notice below, but if you just need a quick view of how we collect and process your personal data, it's available to you.

    1. The personal data we collect

      We collect and process a range of data about you. This may include:

      • Basic personal data
      • Contact data
      • Transaction data
      • Digital data
      • Website usage and other technical data
      • Our insights about you based on analytics
      • Financial data
      • Biometric data
    2. How we collect your personal data

      We may collect or receive your personal data in a number of ways:

      • From you directly
      • From you indirectly
      • From other people
      • From monitoring devices
      • From publicly available sources
      • From sources outside our business
    3. How we use your personal data

      We will only use your personal data where we are permitted to do so by applicable law. We may use your data:

      • To communicate with you
      • To provide our products and services to you and otherwise conduct our business
      • To ensure we are paid
      • For marketing and loyalty programs
      • For research and development
      • To address claims, issues or concerns
      • For safety and security
      • To comply with legal or regulatory obligations
      • To make changes to our business
    4. Cookies

      When you log onto or browse one of our websites, we may use a cookie file which is stored on the hard drive of your computer. You can choose to disable cookies by modifying your web browser, however you may be unable to access certain parts of our websites if you do.

    5. Who has access to your personal data

      Personal data may be stored in a range of different places, like your account file and in IT systems. Access to files and systems is limited to our employees and the employees of service providers who have a need to access your personal data to perform their job.

    6. How we safeguard your personal data

      We have technical and organizational measures in place to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and access. You also play a role in safeguarding your data online.

    7. Cross border transfers of yoour personal data

      Regardless of where you live, we will only transfer your data if we are confident that it will be appropriately safeguarded, for example by using contractual or other measures as required by law.

    8. How long we retain you personal data

      We will retain your personal data for as long as we need to in order to fulfill the purposes outlined in this Notice or as required by law. If we no longer have a business or lawful need to process your personal data, we will either delete or anonymize it where possible.

    9. Your rights as a consumer

      Depending on where you are located, you may have the right to require us to:

      • Provide you with further details on how we use your data
      • Provide you with a copy of data that we hold about you
      • Transfer certain pieces of your data to another company in a common electronic format
      • Correct any inaccuracies of incompleteness in the personal data we hold
      • Delete any personal data that we no longer have a requirement to use
      • Restrict or object to how we use our data
    10. Challenging compliance and exercising your rights

      You can contact privacy@uniselect.com, the legal entity with whom you interact, or your local regulatory authority if you have any questions or concerns about this Notice, or to exercise your rights.

    11. Country specific information

      We've added some country specific details about your rights and how to contact your local regulatory data protection authority.

  4. FULL CONSUMER PRIVACY NOTICE

    We are committed to protecting the privacy and security of all personal data, and to being transparent about how and why we collect and process your data. We update this Notice from time to time and encourage you to revisit to stay informed of how we are using personal data.

    In this Notice we cover:

    1. The personal data we collect

      Personal data marked with an asterisk (*) may be considered special category or sensitive data.

      We collect and processes a range of data about you. This may include:

      • Basic personal data like your name and if you are a business client your employer and job title.
      • Contact data like your telephone number and shipping, billing or email address. It may also include any records related to your contact with us, such as the phone number or email address you contacted us from.
      • Transaction data related to activities you carry out at our physical locations, online services or in the course of carrying out other services we provide to you.
      • Digital data like your Internet Protocol (IP) address, preferences, operating system and browser type, behavioural and browsing data.
      • Website usage and other technical data, like details of your visits to our websites, marketing communications and whether you open them or click on links, or data collected through cookies and other tracking technologies.
      • Our insights like information about products or services we think you may be interested in based on our analytics and customer profiling.
      • Financial data* like payment related data, bank account details or data required to perform a credit check if you have payment terms with us.
      • Biometric data* like a recording of your image that may be captured on CCTV if you visit one of our stores or your voice if we record a call when you contact us.
      • Any other personal data relating to you that you may provide in the course of your business interactions with us.
      Return to table of contents
    2. How we collect your personal data

      We may collect or receive your data in a number of ways:

      • From you directly during the account sign up or application process, or when you interact with us.
      • From you indirectly when you use our products and services and interact with our website and other online platforms.
      • From other people like your employer, business associates or beneficiaries of our products and services if you are conducting a business to business interaction with us.
      • From monitoring devices like CCTV, telephone logs and recordings. We will do our best to make it clear to you that your data is being collected at that time.
      • From publicly available sources, like company websites or other public platforms like LinkedIn where you have made your data available.
      • From sources outside our business, which may include other business entities within our group of companies or other strategic business partners
      Return to table of contents
    3. How we use your personal data

      We will only use your personal data where we are permitted to do so by applicable law.

      If you live or do business in the United Kingdom (UK) or European Economic Area (EEA), the use of personal data must be justified under one of a number of legal bases. The principal legal bases that justify our use of your personal data are:

      • Contract performance: Where your data is necessary to enter into or perform our contract with you
      • Legal obligation: Where we need to use your data to comply with our legal obligations
      • Legitimate interests: Where we use your data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights
      • Legal claims: Where your data is necessary for us to defend, prosecute or make a claim against you, us or a third party
      • Consent: Where you have consented to our use of your data

      Regardless of where you live or do business, we may use your data for the following purposes:

      To communicate with you

      • To contact you for your views on our products and services
      • To notify you about important changes or development to our business, products or services
      • Where available, to communicate with you in your preferred language
      • UK/EEA Legal bases: Contract performance, legitimate interests

      To provide our products and services to you and otherwise conduct our business

      • To process your order and manage your account
      • To provide you with personalized online experience and tailored communications
      • For record keeping purposes
      • UK/EEA Legal bases: Contract performance, legal claims, legitimate interests

      To ensure we are paid

      • To process credit card, e-transfer, cheque or other types of direct payments made to us
      • To assess the risk of extending you credit through a payment plan
      • If you fail to pay us per our contractual terms, to recover what we are owed through debt collection agencies or taking other legal action
      • To issue payments or credit to you as required
      • UK/EEA Legal bases: Contract performance, legal claims, legitimate interests

      For marketing and loyalty programs

      • To allow you to participate in our reward programs or loyalty schemes
      • To allow you to participate in our roadside assistance program (Canada only)
      • To allow us to manage our warranty program
      • To keep you informed about the products and services that we offer
      • UK/EEA Legal bases: Contract performance, legitimate interests; consent

      We will provide you with the option to unsubscribe from or opt-out of further marketing communication on any electronic communication sent to you.

      For research and development

      • To understand how you interact with our stores, shops or website so that we can make improvements and service you better
      • To understand what you and people or businesses like you require so that we can meet your needs as a consumer
      • UK/EEA Legal bases: Legitimate interests

      We will provide you with the option to unsubscribe from or opt-out of further use of your data for research purposes, or will anonymize your data so that you are unidentifiable.

      To address claims, issues or concerns

      • To investigate concerns or complaints about or from our employees or customers
      • To respond to and defend against legal claims
      • UK/EEA Legal bases: Legitimate interests, legal obligations, legal claims

      For safety and security

      • We may use CCTV and other location and recording devices for safety purposes
      • We conduct monitoring to protect our customers, employees, authorized visitors, and property
      • We may use server log data for security purposes, like detecting intrusions into our network
      • UK/EEA Legal bases: Legitimate interests, legal obligations, legal claims

      To comply with legal or regulatory obligations

      • To comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorized by applicable laws, court orders, government regulations, or regulatory authorities whether within or outside your country
      • UK/EEA Legal bases: Legal obligations; legal claims; legitimate interests

      To make changes to our business

      • At any time, we may sell, transfer or assign any or all of our rights to any part of our business, including our interests, rights or obligations regarding your account with us. If we do so, we may share your personal data with prospective purchasers, transferees or assignees.
      • UK/EEA Legal bases: Legitimate interests

      There may be unique circumstances where we must process your personal data in the vital interest of you or another person, or in the public interest. Where we process special categories of data, we will ensure that we do so only for the allowed legal bases.

      Return to table of contents
    4. Cookies

      When you log onto or browse one of our websites, we may collect data about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies help us to improve our website and to deliver a better and more personalized experience to you. This data is used to analyze trends, to administer the website you are visiting, to track movement around the website and to gather general demographic data about our visitor base. Cookies identify you as a number - no other personally identifiable data will be collected through them.

      You can choose to disable cookies by modifying your web browser, however you may be unable to access certain parts of our websites if you do so.

      There are four types of cookies that we may use:

      • Essential cookies, that help us to distinguish each user of our websites and allow our websites to function as they should
      • Functional cookies remember any preferences you've set or purchases you've made and are there to improve your online experience
      • nalytics cookies are analytical cookies that collect anonymous data about how visitors use the website, allowing us to make improvements to ensure our websites are easy to use
      • Advertisement cookies are used to provide visitors with customized advertisements based on the websites you've visited and how you have interacted with the websites. These cookies also allow us to track who has visited our website by clicking on our affiliate links

      Our advertisers or other third party websites where we post content, like LinkedIn or Twitter, may also use cookies over which we have no control. Please check out the privacy notice on their websites for information about how they use cookies and otherwise manage your personal data.

      Return to table of contents
    5. Who has access to your personal data

      Personal data will be stored in a range of different places, like your account file and other IT systems. Access to files and systems is limited to our employees and the employees of service providers who have a need to access them to perform their role.

      Internal Access
      We take the security of your personal data seriously. We have appropriate policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed by our employees except as required for their job.

      • Our group of companies may share your personal data internally to any legal entity within our group of companies
      • Sales and Marketing team members who may require access to your personal data to perform general sales, marketing and account management functions
      • Front Line Workers who may interact with you in person if you visit one of our stores or call our customer service numbers
      • Information Technology team members who may require access to your personal data to perform general information technology functions, such as to provide IT support to you, administration of IT systems and monitoring, analytics, to support the investigation of consumer or employee concerns, or for other purposes as described in this Notice.
      • Others, like employees supporting the finance, audit, legal, or other functions, if access to the data is necessary for the performance of their job

      Service providers
      Where we engage service providers to process personal data on our behalf, we only use service providers who limit their processing to the purpose described in the agreement and implement appropriate technical and organizational measures to meet the privacy requirements of the jurisdiction in which they are providing the service, and our requirements.

      • IT platforms who own or manage the platforms that we use, like for customer management and sales management
      • IT services who may perform data analytics and infrastructure provisioning
      • Website service providers who perform web hosting, web analytics and integration and other website activities necessary for the purposes described in this Notice
      • Order fulfillment service providers from who we ship products you have purchased direct to you, or the couriers used to make the delivery or otherwise fulfill our obligations set our in our agreement with you
      • Customer Service providers may be used to support our web chat (where available), issue ticketing or other customer support as required to meet the needs of our customers
      • Marketing providers may manage marketing emails, opt-outs or other marketing related activities
      • Payment networks who manage our secure payment platform and credit card processing

      Third parties
      We may share your personal data with our affiliates and partner networks to enable them to serve you better. We may also share your data with a third party in the context of a sale of some or all our business. In those circumstances the data will be subject to confidentiality arrangements.

      If you are a business, we may share your contact data like company phone and address (but not your email) with the third parties with which we have a relationship, so they may offer you the services they already provide to us, like uniforms or stationary. We do not sell your data.

      You can opt-out of this disclosure of your personal data by contacting us as described in Section 10 - Challenging Compliance and Exercising Your Rights, but it may mean that we can't provide you with the service you are requesting.

      Return to table of contents
    6. How we safeguard you personal data

      We have technical and organizational measures in place, including but not limited to policies, physical, and technical safeguards, all designed to protect the personal data collected from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and access.

      You can also help us to protect your personal data. If you receive an email that looks like it is from us asking for your personal data, do not respond. We will never request your password, username, credit card data through email. You should never share your login credentials or password with anyone.

      Even though we have put mechanisms and procedures in place for the protection of your personal data that are considered effective, because there are bad actors out there, no data transmission (including over the internet or on any website) can be guaranteed to be secure.

      Return to table of contents
    7. Cross border transfers of your personal data

      As a global company, we cannot limit our processing of your personal data to the country where you are based. Your personal data may be transferred outside the country where you are based but only if certain conditions are met.

      If you are based in the UK or EEA, your data may be transferred to countries outside the UK or EEA, only if we are confident that the same data protection safeguards that we deploy will be deployed, for example we may take contractual or other measures to ensure that your personal data is protected in accordance with applicable data protection laws.

      If you are based in Quebec, you should know that your data may be transferred outside of Quebec for processing, including storage and hosting. The transfer will be preceded by a formal or informal assessment of privacy protection, taking into consideration a number of factors like the sensitivity of the data, the purposes for which it is to be used, the protection measures (including contractual) that would apply to it, and the data protection principles applicable in the jurisdiction.

      Return to table of contents
    8. How long we retain your personal data

      Unless a longer retention period is required by law, we will keep your personal data for as long as we need to in order to fulfill the purposes outlined in this Notice. Generally, this means we will keep your personal data so we can respond to your requests when you interact with us in any way, to provide you with products and services or to send you updates on our products and services for as long as you want us to. We are required to keep some records for a longer period of time to meet our legal obligations. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it in accordance with our retention processes wherever possible. We will only use anonymization where we have a reasonable need to retain the data

      Return to table of contents
    9. Your rights as a consumer

      We have summarized your rights in this section and added additional details by country in the "Country specific information" section at the end of this document. You may have the right to require us to:

      • Provide you with further details on how we use your data
      • Provide you with a copy of data that we hold about you
      • Transfer certain pieces of your data to another company in a common electronic format
      • Correct any inaccuracies or incompleteness in the personal data we hold
      • Delete any personal data that we no longer have a requirement to use
      • Restrict or object to how we use your data

      Because your rights vary based on where you are located, if you contact us to exercise any of these rights, we will ask for identification and check your entitlement. We do our best to respond within a month, however it may take us longer than a month if your request is complex. We may also ask you for clarification about your request to speed up our response and to make sure that we meet your needs. If we expect our response to take more than a month, we will let you know. We do not discriminate against consumers who exercise their rights.

      In some instances, we may refuse to comply with your request. For example, where the data relates to another individual or where an exception applies, like legal privilege. Remember, if you are a business customer, we can only share data we hold that is about you as an individual, not business data. If we refuse your request, we will inform you of the reason. You can challenge our refusal.

      We want to keep your data accurate and up to date, so if you think any personal data that we hold about you is incorrect or incomplete, please contact us.

      Return to table of contents
    10. Challenging compliance and exercising your rights

      You can make a request to exercise your privacy rights, ask any questions about this Notice or challenge our compliance with applicable privacy laws by contacting the Global Privacy and Data Protection Officer at privacy@uniselect.com or in writing to:

      Attn: Global Privacy and Data Protection Officer - Uni-Select
      170 Industriel Blvd. Boucherville QC (Canada) J4B 2X3

      You have the right to contact your local regulatory authority, but we would like to have the opportunity to address your concern before you do. We have provided you with the details of key privacy regulators for each country in the "Country specific information" section below.

      Return to table of contents
    11. Country specific information

      Further information about data protection practices, consumer rights and contact information for privacy regulatory authorities is included below for each of the countries in which we operate. Exercising your rights may be subject to legal or contractual restrictions or regulatory exceptions.

      Return to table of contents

UK/EEA

Your rights

Exercising your rights should be free of charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Privacy Regulators

UK - Information Commissioners Office at https://ico.org.uk/global/contact-us; or
EEA- The data protection authority in the European Economic Area where you are located

US

Your rights

State Effective Date Right of Access Right of Rectification Right of Deletion Right of Restriction Right of Portability Right to Opt-Out of Sales Right Against Automated Decision Making

California
(CCPA)

July 1, 2020

X

X

X

X

California
(CPRA)

January 1, 2023

X

X

X

X

X

X

X

Colorado
(CPA)

July 1, 2023

X

X

X

X

X

X

X

Connecticut
(CTDPA)

July 1, 2023

X

X

X

X

X

X

X

Virginia
(VCDPA)

January 1, 2023

X

X

X

X

X

X

X

Utah
(UCPA)

December 31, 2023

X

X

X

X

X


General description of privacy rights


Privacy Regulators

Canada

Your rights

If you are a resident of Quebec, as of September 23, 2023.

Privacy Regulators

Canada - Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/en/contact-the-opc/;
Quebec - Commission d'accès à l'information du Québec at https://www.cai.gouv.qc.ca/english/; or
Other Provinces - The privacy commissioner of your province