Effective Date: June, 2019
Thank you for visiting the CarMax website (including its mobile device-ready version) or using the CarMax mobile app. In this Privacy Notice, we refer to our websites and mobile app together as our “Online Services.” We hope that you find our Online Services to be a useful part of your car-buying experience. This Privacy Notice describes the types of personal information we collect from consumers through our Online Services and in connection with our products and services, including when you visit our CarMax stores. This notice also describes how we use the information, with whom we may share it, the choices available to you regarding our use of the information, the measures we take to protect the security of the information and how you can contact us about our privacy practices.
We may obtain information from and about you in different ways. The types of personal information we may obtain include:
Automated Collection of Data
When you visit or interact with our Online Services or open our emails, we may obtain certain information by automated means. CarMax may use a variety of technologies to collect this information, such as browser cookies, flash cookies, web beacons, mobile device identifiers, server logs, and other technologies. A browser “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server.
The information we obtain in this manner may include your device IP address, identifiers associated with your devices and apps, types of devices, web browser characteristics, device characteristics, language preferences, clickstream data, dates and times of website visits, the site you visited just before coming to our Online Services, and other information about your device or use of our Online Services. These technologies help us (1) remember your information so you will not have to re-enter it; (2) track and understand how you use and interact with our Online Services; (3) tailor our Online Services around your preferences; (4) measure the usability of our Online Services; (5) understand the effectiveness of our communications; (6) identify, diagnose and resolve technical issues; and (7) otherwise manage and enhance our Online Services, products and services.
When you use our mobile device-ready website or mobile app (our “Mobile Services”), we may assign a unique identifier to your mobile device which will enable us to identify your device and send you push notifications. If you wish to turn off push notifications, go to your device’s settings and turn off push notifications from the CarMax mobile app or turn off push notifications directly through the CarMax mobile app. You can stop all collection of information by our mobile app by uninstalling it. You may use the standard uninstall process on your mobile device or the mobile app marketplace or network.
Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies.
In addition, your device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with apps such as with our Mobile Services. Please note that without cookies or the automated collection of certain information, you may not be able to use all the features of our Online Services.
With your consent, our Mobile Services may collect precise information about the geographic location of your device. If your device is equipped with GPS or can connect with wireless access points or hot spots, or if your device is also a phone that communicates with cell towers or satellites, then your device is able to use these features to determine its precise geographic location. If you have consented using your device’s user interface, the geographic location of your device will be transmitted to our servers in real time any time that our mobile app is running (even if you are not actively using the app or it is minimized on your device). Once you set your device to transmit its location information to us, your device will continue to transmit its location information to us (when it is open) until you set your device to no longer do so. You may at any time opt out from further allowing us to have access to your device’s location information by accessing our app’s location settings on your device and setting your device not to share its location with us.
We may use the information we collect to:
We also may use the information we obtain about you in other ways for which we provide specific notice and obtain your consent if required by applicable law.
In addition, we may combine information that we obtain about you. For example, we may combine:
Third-Party Web Analytics Services
Online Tracking and Interest-Based Advertising
Through our Online Services, we collect information about your online activities over time and across different websites, apps and devices, including those websites and apps of third parties. We also work with third parties, such as ad networks and other service providers, that collect information about your online activities in this way. To do this, we (including the third parties) may use browser cookies, web beacons, flash cookies, unique identifiers associated with your devices and apps, and other technologies.
We and certain third parties display interest-based advertising using information gathered about you over time and across devices and third-party websites, apps and platforms. Interest-based advertising or “online behavioral advertising” includes ads served to you after you leave our website, encouraging you to return. They also include ads we think are relevant based on your shopping habits or online activities. These ads might be served on websites or on mobile apps. They might also be served in emails or other ways. We might serve these ads, or third parties may serve ads. They might be about our products or other companies’ products.
To decide what is relevant to you, we and certain third parties, such as our ad networks and other service providers, use information you make available to us when you interact with us, our affiliates, and other third parties. We and certain third parties gather this information using tracking tools, such as those described above. For example, we or the third parties may look at your browsing behaviors across devices. We and the third parties also may look at these activities on our apps and platforms and the platforms and apps of others.
We work with third parties who help gather this information and serve ads. These third parties might link your name, email address and other information to data they obtain. That might include past purchases made offline or online. Or, it might include online usage information.
Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to such “do not track” signals from browsers. If you block cookies, certain features on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop. Options you select are browser and device specific.
To learn how to opt out of certain ad network interest-based advertising in the U.S., please visit http://youradchoices.com/control and http://www.networkadvertising.org/choices/. Choices you make may be browser and device-specific. In addition, your mobile device settings may allow you to limit your device from sharing certain information for advertising purposes. For information on these types of settings, please visit: https://support.google.com/googleplay/answer/3405269 and https://support.apple.com/en-us/HT202074.
We may share information with third parties to the extent permitted by applicable law, including:
We offer you certain choices in connection with the personal information we obtain about you. To update your preferences or limit the communications you receive from us, please contact us as specified in the How to Contact Us section of this Privacy Notice.
Subject to certain limits under California law, California residents may ask us to provide them with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, and (2) the identity of those third parties. If you are a current CarMax customer in California, you may make this request for such information from CarMax by sending an email correspondence noting your name, address, and email address. You must also include a request that CarMax provide such information to you using the following or similar verbiage. “I request that CarMax provide its third-party information sharing disclosures required by section 1798.83 of the California Civil Code." Press the link at the end of this sentence to create your message: WebOptOut@carmax.com. The same request may be made by regular mail by sending the above information to CarMax, 12800 Tuckahoe Creek Parkway, Richmond, VA 23238, ATTENTION: Legal Department.
Our Online Services may transfer you or provide links to other online services (such as websites) for your convenience and information, and may include third-party features such as apps, tools, payment services, widgets and plug-ins (e.g., Facebook, LinkedIn or Twitter buttons). These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, CarMax is not responsible for these third parties’ information practices.
We maintain presence on several social networking and blogging platforms, such as Facebook and Twitter, and we also incorporate some third party social networking features into our Online Services. Through these platforms and features, we may receive information about you, and this Privacy Notice applies to that information as well. In addition, third-party social networking platforms and blogging platforms have their own privacy policies which explain how the third parties that provide them will use and protect your information.
We maintain administrative, technical and physical safeguards designed to protect personal information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
The Online Services are not directed to children under the age of thirteen and we do not knowingly collect personal information from children under the age of thirteen through our Services. We encourage parents and legal guardians to help enforce our Privacy Notice by instructing children under the age of thirteen not to download or use the Online Services.
From time to time we may change our privacy practices. This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post an updated copy on our website and indicate at the top of the Privacy Notice when it was most recently updated. Please check our site periodically for updates.
If you have any questions about this Privacy Notice or our privacy practices, or if you would like us to update information we have about you, change your preferences or exercise other applicable privacy rights, please contact us by e-mail at WebOptOut@carmax.com or write to us at: CarMax, 12800 Tuckahoe Creek Parkway, Richmond, Virginia 23238, ATTENTION: Legal Department.