Skip to Main Content
CarMax Information Privacy & Safeguards Notice

GENERAL PRIVACY POLICY - Your privacy rights

Effective Date: June, 2019

Thank you for visiting the CarMax website (including its mobile device-ready version) or using the CarMax mobile app. In this Privacy Notice, we refer to our websites and mobile app together as our “Online Services.” We hope that you find our Online Services to be a useful part of your car-buying experience. This Privacy Notice describes the types of personal information we collect from consumers through our Online Services and in connection with our products and services, including when you visit our CarMax stores. This notice also describes how we use the information, with whom we may share it, the choices available to you regarding our use of the information, the measures we take to protect the security of the information and how you can contact us about our privacy practices.

Please note that this Privacy Notice describes our overall privacy practices for our Online Services. The Privacy Notice does not apply to any website or mobile app operated by CarMax that has a separate privacy policy or notice. This Privacy Notice also applies to information about consumers collected in CarMax stores and in other ways.

Information We Obtain

We may obtain information from and about you in different ways. The types of personal information we may obtain include:

  • contact information, such as name, phone number, fax number, email and postal address;
  • information contained in content you submit or provide to us through our Online Services (such as when you research a car) or in surveys, registrations, faxes, telephone calls, emails and other correspondence;
  • information you provide when you register for a MyCarMax account, such as your full name, email address, zip code and a password chosen by you;
  • payment information you provide through our Online Services or in our CarMax stores, such as name, billing address and payment card details (including payment card number, expiration date and security code);
  • personal information you provide to us when you apply for financing at our stores or through our Online Services (such as social security number, date of birth and salary information);
  • information you provide to us when you test drive a car, buy a car from a CarMax store, have a car appraised or sell a car to a CarMax store (including driver’s license number); and
  • social media information, such as social media handles, content and other data provided through third-party features (such as apps, tools, payment services, widgets and plug-ins) or posted on social media pages (such as CarMax’s social media page or pages accessible to the public).

We also may collect other information in connection with our Online Services, products and services in ways that we describe at the time of collection or otherwise with your consent. As a reminder, if you are a consumer who provides personal information to us in connection with our financing services, please read our Financial Privacy Policy.

Automated Collection of Data

When you visit or interact with our Online Services or open our emails, we may obtain certain information by automated means. CarMax may use a variety of technologies to collect this information, such as browser cookies, flash cookies, web beacons, mobile device identifiers, server logs, and other technologies. A browser “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. 

The information we obtain in this manner may include your device IP address, identifiers associated with your devices and apps, types of devices, web browser characteristics, device characteristics, language preferences, clickstream data, dates and times of website visits, the site you visited just before coming to our Online Services, and other information about your device or use of our Online Services. These technologies help us (1) remember your information so you will not have to re-enter it; (2) track and understand how you use and interact with our Online Services; (3) tailor our Online Services around your preferences; (4) measure the usability of our Online Services; (5) understand the effectiveness of our communications; (6) identify, diagnose and resolve technical issues; and (7) otherwise manage and enhance our Online Services, products and services.

When you use our mobile device-ready website or mobile app (our “Mobile Services”), we may assign a unique identifier to your mobile device which will enable us to identify your device and send you push notifications. If you wish to turn off push notifications, go to your device’s settings and turn off push notifications from the CarMax mobile app or turn off push notifications directly through the CarMax mobile app. You can stop all collection of information by our mobile app by uninstalling it. You may use the standard uninstall process on your mobile device or the mobile app marketplace or network.

Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies.

In addition, your device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with apps such as with our Mobile Services. Please note that without cookies or the automated collection of certain information, you may not be able to use all the features of our Online Services.

Geolocation Data

With your consent, our Mobile Services may collect precise information about the geographic location of your device. If your device is equipped with GPS or can connect with wireless access points or hot spots, or if your device is also a phone that communicates with cell towers or satellites, then your device is able to use these features to determine its precise geographic location. If you have consented using your device’s user interface, the geographic location of your device will be transmitted to our servers in real time any time that our mobile app is running (even if you are not actively using the app or it is minimized on your device). Once you set your device to transmit its location information to us, your device will continue to transmit its location information to us (when it is open) until you set your device to no longer do so. You may at any time opt out from further allowing us to have access to your device’s location information by accessing our app’s location settings on your device and setting your device not to share its location with us.

How We Use The Information We Obtain

We may use the information we collect to:

  • provide and operate our Online Services, products and services, such as to provide you with the results of your searches;
  • process, evaluate and respond to requests, inquiries and claims we receive in connection with our Online Services, products and services;
  • create, manage and administer your MyCarMax account CarMax Auto Finance account, including identifying and authenticating you so you may access your account or use certain features of our Online Services;
  • provide customer and technical support;
  • provide you with marketing materials, such as to send you information about newly available vehicles and special offers, tell you about new features or updates, and inform you of third-party offers or products we think you might find interesting;
  • provide you with information, notices, offers, brochures and advertising on our websites and mobile apps, by email and text, and in other ways;
  • communicate with you about, and administer your participation in, surveys, special events, and other offers or promotions;
  • perform data analytics, market research and other processing;
  • ·operate, evaluate and improve our business and Online Services (including developing new products and services; enhancing and improving our Online Services, products and services; managing our communications; measuring the effectiveness of our sales, advertising, communications and marketing; analyzing our customer base, Online Services, products and services; and performing accounting, auditing and other internal functions);
  • protect against, identify and prevent fraud and other criminal activity, claims and other liabilities; and
  • comply with and enforce applicable legal requirements, relevant industry standards and our policies, including this Privacy Notice and our Terms of Use.

We also may use the information we obtain about you in other ways for which we provide specific notice and obtain your consent if required by applicable law.

In addition, we may combine information that we obtain about you. For example, we may combine:

  • information that we have obtained offline with information we obtain through our Online Services.
  • information we obtain through automated means with information you submit to us.;
  • information about our transactions and experiences with you with other information we have collected from you;
  • financial information we learn about you with other information we obtain; and
  • information we get from a third party with information we already have.

Third-Party Web Analytics Services

We use third-party online analytics services on our Online Services, including “Google Analytics” and Google reCAPTCHA v3 to collection information about use of our Online Services. Please review Google’s Privacy Notice and Terms of Use.

Online Tracking and Interest-Based Advertising

Through our Online Services, we collect information about your online activities over time and across different websites, apps and devices, including those websites and apps of third parties. We also work with third parties, such as ad networks and other service providers, that collect information about your online activities in this way. To do this, we (including the third parties) may use browser cookies, web beacons, flash cookies, unique identifiers associated with your devices and apps, and other technologies.

We and certain third parties display interest-based advertising using information gathered about you over time and across devices and third-party websites, apps and platforms. Interest-based advertising or “online behavioral advertising” includes ads served to you after you leave our website, encouraging you to return. They also include ads we think are relevant based on your shopping habits or online activities. These ads might be served on websites or on mobile apps. They might also be served in emails or other ways. We might serve these ads, or third parties may serve ads. They might be about our products or other companies’ products.

To decide what is relevant to you, we and certain third parties, such as our ad networks and other service providers, use information you make available to us when you interact with us, our affiliates, and other third parties. We and certain third parties gather this information using tracking tools, such as those described above. For example, we or the third parties may look at your browsing behaviors across devices. We and the third parties also may look at these activities on our apps and platforms and the platforms and apps of others.

We work with third parties who help gather this information and serve ads. These third parties might link your name, email address and other information to data they obtain. That might include past purchases made offline or online. Or, it might include online usage information.

Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to such “do not track” signals from browsers. If you block cookies, certain features on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop. Options you select are browser and device specific.

To learn how to opt out of certain ad network interest-based advertising in the U.S., please visit http://youradchoices.com/control and http://www.networkadvertising.org/choices/. Choices you make may be browser and device-specific. In addition, your mobile device settings may allow you to limit your device from sharing certain information for advertising purposes. For information on these types of settings, please visit: https://support.google.com/googleplay/answer/3405269 and https://support.apple.com/en-us/HT202074.

Information Sharing

We may share information with third parties to the extent permitted by applicable law, including:

  • We may share information within the CarMax family of companies.
  • We may share information with third parties who perform services for us or on our behalf. For example, we share information with vendors who send emails for us. We may also share information with companies that operate our websites or run a promotion. The information we share may include location information. We do not authorize our service providers to use or disclose the information except as necessary to perform services for us or on our behalf or to comply with legal requirements.
  • We may share information if you are a winner of a sweepstakes, contest, or promotion. For example, we may share your information if you win a sweepstakes or contest as part of a winner’s list. We may also publish this winner’s list publicly.
  • We may share information with our business partners. For example, we will share information with third parties who co-sponsor a promotion. These partners may send you information about events and products by mail or email.
  • We may share information if we think we are required to do so or believe that we have to do so in order to protect ourselves. For example, we may share information to respond to a court order or subpoena. We may share it in response to requests by a government agency or investigatory body. We may share information to establish, exercise or defend our legal rights or when we are investigating suspected or actual illegal activity or fraud.
  • We may share information with any successor to all or part of our business. We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution or liquidation).
  • We may share information for other reasons we may describe to you.

Your Choices

We offer you certain choices in connection with the personal information we obtain about you. To update your preferences or limit the communications you receive from us, please contact us as specified in the How to Contact Us section of this Privacy Notice.

Notice to California Residents

Subject to certain limits under California law, California residents may ask us to provide them with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, and (2) the identity of those third parties. If you are a current CarMax customer in California, you may make this request for such information from CarMax by sending an email correspondence noting your name, address, and email address. You must also include a request that CarMax provide such information to you using the following or similar verbiage. “I request that CarMax provide its third-party information sharing disclosures required by section 1798.83 of the California Civil Code." Press the link at the end of this sentence to create your message: WebOptOut@carmax.com. The same request may be made by regular mail by sending the above information to CarMax, 12800 Tuckahoe Creek Parkway, Richmond, VA 23238, ATTENTION: Legal Department.

Other Online Services and Third-Party Features

Our Online Services may transfer you or provide links to other online services (such as websites) for your convenience and information, and may include third-party features such as apps, tools, payment services, widgets and plug-ins (e.g., Facebook, LinkedIn or Twitter buttons). These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, is subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, CarMax is not responsible for these third parties’ information practices.

We maintain presence on several social networking and blogging platforms, such as Facebook and Twitter, and we also incorporate some third party social networking features into our Online Services. Through these platforms and features, we may receive information about you, and this Privacy Notice applies to that information as well. In addition, third-party social networking platforms and blogging platforms have their own privacy policies which explain how the third parties that provide them will use and protect your information.

How We Protect Personal Information

We maintain administrative, technical and physical safeguards designed to protect personal information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

Financial Privacy

If you are a consumer who uses our financial services, please review our Financial Privacy Policy.

Children’s Privacy

The Online Services are not directed to children under the age of thirteen and we do not knowingly collect personal information from children under the age of thirteen through our Services. We encourage parents and legal guardians to help enforce our Privacy Notice by instructing children under the age of thirteen not to download or use the Online Services.

Updates To Our Privacy Notice

From time to time we may change our privacy practices. This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post an updated copy on our website and indicate at the top of the Privacy Notice when it was most recently updated. Please check our site periodically for updates.

How To Contact Us

If you have any questions about this Privacy Notice or our privacy practices, or if you would like us to update information we have about you, change your preferences or exercise other applicable privacy rights, please contact us by e-mail at WebOptOut@carmax.com or write to us at: CarMax, 12800 Tuckahoe Creek Parkway, Richmond, Virginia 23238, ATTENTION: Legal Department.


{"Expedited-Pickup":{"WhiteList":[],"BlackList":[]},"Finance-Application":{"WhiteList":[7106,7242,6021,7103,7104,7117,7243,7171,7197,6042,7150,7284,7218],"BlackList":[]},"Finance-Application-CoApp":{"WhiteList":[7117,7106,7171,7150,7218,7284,7242,6042,6021,7103,7104,7243,7197],"BlackList":[]},"Finance-Application-Suppress-Search-Results":{"WhiteList":[1],"BlackList":[]},"Home-Delivery":{"WhiteList":[7106,7171,7197],"BlackList":[]}} {"HP Article Promo":{"Regex":{"__interceptors":[{}],"Regex":"[0123456789abcdef]$"}},"Prequal":{"Regex":{"__interceptors":[{}],"Regex":"[0123456789abcdef]$"}}}
{"auto-address-switch":{"Enabled":false},"holdformvariantswitch":{"Enabled":false},"paidsearchurlitemsavingswitch":{"Enabled":true},"prequal-employment-and-income-switch":{"Enabled":false},"prequal-monthly-payment-preview-switch":{"Enabled":true},"prequal-on-calculator-switch":{"Enabled":true},"prequal-overtime-rate-switch":{"Enabled":false},"prequal-section-one-variant-switch":{"Enabled":true},"recommendedvehiclessearchresults":{"Enabled":true},"rendermakemodelresearchresultsonserver":{"Enabled":true},"rendermakemodelyearresearchresultsonserver":{"Enabled":true},"rendermakeresearchresultsonserver":{"Enabled":true},"research-pages-redirector-toggle":{"Enabled":true},"robots-txt-toggle":{"Enabled":true}}