Privacy Policy

Meruelo Group LLC (the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our customers, visitors to our website, job applicants, and independent contractors. This policy describes the personal information we collect, use, and disclose about individual consumers, applicants, and contractors who visit or interact with this website; visit any of our offices, stores, facilities or locations; purchase or inquire about any of our products or services; contract with us to provide services; apply for a position of employment; or otherwise interact or do business with us.

Whenever you visit our website, we will collect some information automatically simply by you visiting and navigating through this site, and some voluntarily when you submit information, for example, by using a form on the website, utilizing the Ethics Hotline, enrolling in or subscribing to newsletters or marketing communications, requesting information, or using any other interactive portions of our website. Through this website, we may collect information that can identify you or your activity.

Additionally, whenever you communicate, interact, or do business with us—whether online or at any of our physical locations or facilities, or whether you are contracted to perform services for us or apply for a position of employment—we may collect personal information from you or about you in the course of our interaction or dealings with you.

This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries. If you are a California resident who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to meruelogroup@meruelocpra.com.

Collection of Personal Information and Sensitive Personal Information

In the last 12 months, we have collected the following categories of personal information about you based on your specific transactions and interactions with us or our website. For each category of information, the categories of third parties with whom we have disclosed the information in the last 12 months are referenced by a letter that corresponds to the list of service providers and third parties that follows this table.

  1. “Personal Data.” Personal Data includes Personal Identifiers, Contact Information, Account Information, Protected Classifications, Financial/Employment Data, Employment and Education History, Professional Related Information, and other Pre-Hire Information. While using our Career page, you may have uploaded or entered Personal Data while applying for one or more positions or may have transmitted Personal Data via Email or in person. While visiting any of our facilities, you may also have been captured on Video Surveillance Footage.
  2. “Usage Data.” Through the use of Tracking Cookies, we may have collected information on how our Website Services were accessed and used. This Usage Data may include Internet, Network, and Computer Activity; Geolocation Data; Mobile Device Data; Online Portal and Mobile App Access; and Usage Information. Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are set to your browser from a website and stored on your device until they are cleared. Other tracking technologies, such as beacons, tags, and scripts, are also used to collect and track information and to improve the quality and performance of our Website. You have the opportunity to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

 

As used in this policy:

  1. “Sold” in whatever tense used means disclosing or otherwise communicating personal information of a person or household to a third party for monetary or other valuable consideration.
  2. “Shared” in whatever tense used means disclosing or otherwise communicating personal information of a person or household to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
  3. “Retention Period” is the maximum length of time that we retain collected information in an electronic or other physically stored form. In some cases, we may delete or anonymize the data sooner than the defined Retention Period. If an electronic information system does not allow for the full purging of retained data, the Company will take reasonable efforts to anonymize the relevant data within the Retention Period.
  4. “Cross-context behavioral advertising” means the targeting of advertising based on personal information obtained from the activity of the person or household across businesses.
Category
Examples
Disclosed in Last 12
Months To (see Provider Key immediately following this Table)
Sold or Shared in Last 12 Months to
Retention Period
Personal Identifiers
Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number.
A, B, D, E, F, G, H. I, J, K, L, M, N
Not Sold or Shared
Duration of our relationship with you plus 5 years
Contact Information
Home, postal or mailing address, email address, home phone number, cell phone number, social media accounts.
A, B, D, E, F, G, H. I, J, K, L, M, N
Not Sold or Shared
Duration of our relationship with you plus 5 years
Account Information
Username and encrypted password for Company accounts and systems, and any required security or access code, security questions, or credentials allowing access to your Company accounts.
K
Not Sold or Shared
Username: permanent; Password or security code: while in use + 1 year
Protected Classifications
Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, disability, medical or mental condition, military status, familial status, union membership.
A, D, K
Not Sold or Shared
Duration of our relationship with you plus 5 years
Commercial Transactional Data
Information regarding products or services provided, purchasing history.
A, B, C, E, F, G, H, N, M
Not Sold or Shared
5 years after transaction, unless necessary to maintain for a longer period for product warranty; OSHA / FDA or other regulatory compliance; or the period in which a claim may be brought under the applicable statute of limitations
Financial / Employment Data
Information collected through credit or financing applications, including employment history, company name, role, salary, dates of employment, bank accounts, income sources.
A, D, I, J, K
Not Sold or Shared
5 years
Pre-Hire Information
Information gathered as part of background screening and reference checks, pre-hire drug test results, information recorded in job interview notes by persons conducting job interviews for the Company, information contained in candidate evaluation records and assessments, information in work product samples you provided, and voluntary disclosures by you.
I, J, K
Not Sold or Shared
If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 5 years from when position is filled or the date we receive your information, whichever is longer.
Employment and Education History
Information contained in your resume regarding educational history, information in transcripts or records of degrees, vocational certifications obtained, and information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations.
I, J, K
Not Sold or Shared
If hired, this data will be retained for duration of employment plus 5 years. If not hired, it will be retained for 5 years from when position is filled or the date we receive your information, whichever is longer.
Professional Related Information
Information contained in tax forms/1099 forms, safety records, licensing and certification records, and performance records, and information related to services provided by independent contractors, including in statements of work.
A, I, J, K
Not Sold or Shared
Duration of our relationship with you plus 5 years
Internet Network and Computer Activity
Date and time of your visit to this website; webpages visited; links clicked on the website; browser ID; browser type; device ID; operating system; form information downloaded; domain name from which our site was accessed; search history; and cookies; internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, including system and file access logs, security clearance level, browsing history, search history, and usage history.
F, H, K, L
Not Sold or Shared
2 years
Geolocation Data
IP address and/or GPS location, latitude & longitude.
K, L
Not Sold or Shared
2 years
Mobile Device Data
Information collected when you navigate, access or use any of our websites via mobile device, including device type, software type; data identifying your device if you access our business networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider.
B, E, F, K, H
Not Sold or Shared
2 years
Online Portal and Mobile App Access and Usage Information
Username and password, account history, usage history, file access logs, and security clearance level.
K, L
Not Sold or Shared
2 years
Visual, Audio or Video Recordings
Your image when recorded or captured in surveillance camera footage or pictures of you taken on our premises or at our events or that you share with us.
K, L
Not Sold or Shared
Surveillance video – 90 days; duration of our relationship with you plus 5 years
Facility & Systems Access Information
Information identifying you, if you accessed our secure company facilities, systems, networks, computers, and equipment, and at what times, using visitor sign-in sheets, keys, badges, fobs, login credentials, or other security access method.
K, L
Not Sold or Shared
2 years

PROVIDER KEY: We may disclose, sell, or share your Personal Information with the following categories of service providers, contractors, or third parties for purposes including employment, providing employment benefits, fulfilling contractual obligations with customers, vendors, or contractors, or for improving our website(s):

A. Financial institutions

B. Lead providers

C. Product manufacturers/administrators

D. Government agencies

E. Promotional or other fulfillment vendors

F. Support vendors for marketing, managing, or hosting the website or the Ethics Hotline

G. Transaction support vendors (e.g., check guaranty, payment processors)

H. Data analytics vendors

I. Professional employer organizations

J. Consumer reporting agencies or credit reporting agencies

K. Third-Party hosted (i.e., SaaS) technology service providers

L. Security and risk management vendors

M. Corporate customers

N. Original equipment manufacturers (OEM) (suppliers and makers of the products we sell or lease to our customers)

Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about consumers, independent contractors, or applicants:

  1. Personal Identifiers: Social Security number, driver’s license or state identification card number, passport number
  2. Account Information: Company account login, in combination with any required security or access code, password, or credentials allowing access to the account
  3. Protected Classifications: Racial or ethnic origin, religious or philosophical beliefs, union membership, or sexual orientation
  4. Biometric Information: Information used to uniquely identifying you
  5. Medical and Health Information
  6. Geolocation Data: IP address and/or GPS location, latitude and longitude

Personal information does not include:

  • Publicly available information from government records
  • Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media
  • Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed it, if the consumer, independent contractor, or applicant has not restricted the information to a specific audience
  • Deidentified or aggregated information

We may collect your Personal Information from the following sources:

  • You, the consumer, independent contractor, or job applicant, when you visit the website and voluntarily submit information through forms on the website or social media, visit any of our stores or physical locations, purchase or inquire about our products or services, enter into a contract to perform services for us, or apply for a position of employment
  • Our employees and contractors, when you interact with them
  • Other customers and visitors, when you interact with them or when they observe you
  • Cookies and other tracking technologies, which automatically collect information about website visitors
  • Surveillance cameras at our physical locations
  • Lead generators and referral sources
  • Credit and consumer reporting agencies
  • Recruiters
  • Social media platforms
  • Company-issued computers, electronic devices, and vehicles
  • Company systems, networks, software applications, and databases you log into or use

We may collect your Personal Information for the following business purposes:

  • To fulfill or meet the purpose for which you provided the information
  • To process and submit financing applications, including applications for credit or credit pre-qualification
  • To process, complete, and maintain records of transactions
  • To provide warranty coverage on products and services
  • To retain your Text opt-in/opt-out to ensure customers who opted out are not sent any text messages
  • To provide and communicate recall notifications to customers
  • To schedule, manage, and track customer appointments
  • To complete appraisals
  • To maintain records when customers decline a service or sale
  • To respond to consumer inquiries, including requests for information, customer support online, via the Ethics Hotline, phone calls, or in-facility inquiries
  • To provide interest-based and targeted advertising
  • To improve user experience on our website
  • To understand the demographics of our website visitors
  • To detect security incidents
  • To debug, identify, and repair errors that impair intended functionality of our website
  • To protect against malicious or illegal activity and prosecute those responsible
  • To verify and respond to consumer requests
  • To prevent identity theft

JOB APPLICANT PURPOSES:

  • To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to apply for a job with the Company, we will use that Personal Information in connection with your candidacy for employment.
  • To comply with local, state, and federal law and regulations requiring employers to maintain certain records, as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to COVID-19.
  • To evaluate your job application and candidacy for employment.
  • To obtain and verify background check and references.
  • To communicate with you regarding your candidacy for employment.
  • To reduce the risk of spreading infectious diseases in or through the workplace.

INDEPENDENT CONTRACTOR PURPOSES:

  • To fulfill or meet the purpose for which you provided the information.
  • To comply with state and federal law and regulations requiring businesses to maintain certain records (accident or safety records, and tax records/1099 forms).
  • To engage the services of independent contractors and compensate them for services.
  • To evaluate, make, and communicate decisions regarding an independent contractor, including decisions to hire and/or terminate.
  • To grant independent contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon.
  • To implement, monitor, and manage electronic security measures on independent contractor devices that are used to access Company networks and systems.
  • To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.
  • To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
  • To reduce the risk of spreading infectious diseases in or through the workplace.

We may disclose your personal information for the following business purposes as numbered above: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19(a), 19(b), 19(d), 20(a), 20(e), 20(f), 20(g), 20(h), and 20(i).

We do NOT and will not sell your Personal Information in exchange for monetary or other valuable consideration. We do not share your Personal Information for cross-context behavioral advertising.

We do NOT and will not use or disclose your sensitive Personal Information for purposes other than the following:

  1. To perform the services reasonably expected by an average employee who requests those services
  2. To detect security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information
  3. To resist malicious, deceptive, fraudulent, or illegal actions directed at the Company and to prosecute those responsible
  4. To ensure the physical safety of natural persons
  5. For short-term, transient use
  6. To perform services on behalf of the Company
  7. To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance that product, service, or device that is owned, manufactured, manufactured for, or controlled by the Company
  8. For purposes that do not involve inferring characteristics about the consumers, contractors, or applicants

Retention of Personal Information

We will retain each category of Personal Information in accordance with our established data retention schedule as indicated above. In determining how long to retain each category of Personal Information, we consider multiple criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state, and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal obligations to preserve evidence.

We apply our data retention procedures annually to determine whether the business purposes for collecting the Personal Information and legal reasons for retaining it have both expired. If so, we will purge the information in a secure manner.

Third Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering email services and running special promotions. Such parties only have access to the Personal Information necessary to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited email messages from vendors working on our behalf.

Business Transfers

In the event we sell or transfer a particular portion of our business assets, the information of consumers, contractors, and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, this information of consumers, contractors, and applicants may be transferred as part of the acquisition.

Compliance with Law and Safety

We may disclose specific personal and sensitive Personal Information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Use of Cookies and Other Tracking Technologies

Cookies are small files that a website may transfer to a user’s computer. They may reside on the computer for the duration of the browsing session (session cookies) or on a permanent basis until deleted (persistent cookies). Cookies may be used to identify a user, a user’s device, or a user’s behavior.

We use cookies under the following circumstances and for the following purposes:

  1. To provide you with services available through the website and enable the use of certain features
  2. To authenticate users and prevent fraudulent use of user accounts
  3. To identify whether users have accepted the use of cookies on the website
  4. To compile data about website traffic and how users interact with the website, in order to offer a better website experience
  5. To understand and save visitor preferences for future visits—such as remembering login details or language settings—and provide a more personalized experience without requiring preferences to be re-entered each time the website is used
  6. To track browsing habits in order to display advertising more likely to be of interest, including third-party advertising on the website

Users can delete cookies from their web browser at any time or block cookies on their device; however, doing so may affect website functionality or even block the website. Users can configure browser settings to prevent the saving of cookies (disable or delete them) at any time. Some functions on our website may not be available when cookies are deactivated. Check the browser settings.

Below is guidance for common browsers:

External Links

Our website may contain links to other sites. We are not responsible for the privacy practices or the content of such websites. To help protect your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.

Passwords

The personal data record created when you register on our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained within this record, you should not disclose or otherwise reveal your password to third parties.

Children Under the Age of 16

We do not knowingly sell or share the Personal Information of consumers under 16 years of age.

How We Protect the Information that We Collect

The protection of the information that we collect about visitors to this website is of the utmost importance, and we take every reasonable measure to ensure that protection, including:

  1. Keeping automatically collected data and voluntarily collected data separate at all times
  2. Using internal encryption on all data stores that house voluntarily captured data
  3. Using commercially reasonable tools and techniques to protect against unauthorized access to our systems
  4. Restricting access to private information to those who need such access in the course of their duties

International Visitors

We do not target, market to, or offer our products or services to consumers outside of the United States. You agree not to submit your personally identifiable information through the website if you reside outside the United States. If we become aware that a person residing in the European Economic Area, the European Union, Great Britain, or Switzerland has submitted their personal information to us, we will delete it.

Rights Under the CCPA and CPRA

This section of the Privacy Policy applies only to California residents who are natural persons; it does not apply to any entities (whether business, non-profit, or governmental). If you are a California resident, you have the following rights:

  1. Right to Know. The right to request, up to two (2) times in a 12-month period, that we identify (1) the categories of Personal Information we have collected about you since January 1, 2022, unless doing so would be impossible, involve disproportionate effort, or you request a specific time period; (2) the categories of sources from which the Personal Information was collected; (3) the business or commercial purpose for collecting, selling, or sharing this information; (4) the categories of third parties with whom we share or have shared your Personal Information; (5) the categories of Personal Information that we have sold or shared about you, and the categories of third parties to whom the Personal Information was sold or shared, by category of Personal Information for each category of third parties to whom the Personal Information was sold or shared; and (6) the categories of Personal Information that we have disclosed about you for a business purpose, and the categories of persons to whom it was disclosed for a business purpose;
  2. Right to Access. The right to request, up to two (2) times in a 12-month period, that we disclose to you, free of charge, the specific pieces of Personal Information we have collected about you since January 1, 2022, unless doing so would be impossible, involve disproportionate effort, or unless you request a specific time period;
  3. Right to Delete. The right to request, up to two (2) times in a 12-month period, that we delete Personal Information that we collected from you, subject to certain exceptions;
  4. Right to Correct. The right to request that we correct inaccurate Personal Information (to the extent such an inaccuracy exists) that we maintain about you;
  5. Right to Opt-Out. The right to opt out of the selling or sharing of your Personal Information to third parties;
  6. Right to Limit. The right to limit the use or disclosure of your sensitive Personal Information for purposes other than those expressly set forth in this policy;
  7. The right to designate an authorized agent to submit one of the above requests on your behalf. See below on designating an authorized agent; and
  8. The right not to be discriminated against or retaliated against for exercising any of the above rights, including an applicant’s and independent contractor’s right not to face retaliation for exercising the above rights.

You can submit any of the above types of consumer requests through any of the 3 options below:

  1. Submit an email request to privacy@meruelocpra.com.
  2. Leave a detailed message on our privacy toll-free line at +1-866-303-0790.
  3. Complete a paper form, which can be requested in person at the Company Human Resources Department.

Gramm-Leach-Bliley Act Exemption

Portions of our services may be subject to the Gramm-Leach-Bliley Act. When we are extending credit, or providing financial advice or counseling, those activities are covered by the Gramm-Leach-Bliley Act. The CCPA does not apply to Personal Information to the extent that we collect, process, sell, or disclose it, subject to the Gramm-Leach-Bliley Act. Therefore, certain rights under the CCPA may be limited to the extent such requests to exercise CCPA rights relate to the collection, processing, selling, or disclosure of Personal Information in connection with financial activities covered by the Gramm-Leach-Bliley Act.

How We Will Verify That It Is Really You Submitting the Request

If you are a California resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, IP address, browser ID, or the date of your last transaction with the Company.

Responding to Your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests

Upon receiving a verifiable request from a California resident, we will confirm its receipt no later than ten (10) business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional forty-five (45) calendar days, or ninety (90) calendar days total from the date we receive your request), we will inform you  in writing of the reason and extension period. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain any reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will explain why we made that decision and provide you with a cost estimate before completing your request.

For a request to correct inaccurate Personal Information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own records if we believe the Personal Information is accurate. You should make a good-faith effort to provide us with all necessary information at the time that you submit the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we will inform you of our decision not to comply and provide an explanation for why we believe the request is fraudulent.

Responding to Your Request to Opt Out of the Selling or Sharing of Your Personal Information

We will act upon a verifiable request to opt out within fifteen (15) days of its receipt. We will notify all third parties to whom we have sold or shared Personal Information of your request and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

A request to opt out need not be a verifiable consumer request. However, we may deny a request to opt out if we have a good faith, reasonable, and documented belief that a request to is fraudulent. If we deny your request to opt out, we will inform you of our decision not to comply and provide an explanation for why we believe the request is fraudulent.

Responding to Your Request to Limit the Use of Sensitive Personal Information

We will act upon a verifiable request to limit the use of sensitive Personal Information for purposes other than those expressly set forth in this policy within fifteen (15) business days of its receipt. We will notify all third parties that use or disclose sensitive Personal Information of your request to limit and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.

A request to limit need not be a verifiable request. However, we may deny a request to limit if we have a good faith, reasonable, and documented belief that a request to limit is fraudulent. If we deny your request to limit, we shall inform you of our decision not to comply and provide an explanation for why we believe the request is fraudulent.

If You Have an Authorized Agent:

If you are a California resident, you can designate an authorized agent to submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney; or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf. We will also contact you and ask you directly for information to verify your own identity, rather than relying solely on your authorized agent.

We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

Consent to Terms and Conditions

By using this website, you consent to all terms and conditions expressed in this Privacy Policy.

Changes to Our Privacy Policy

As our services evolve, or as we identify new ways to use the information we collect, we may amend this Privacy Policy from time to time. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to it. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the updated effective date on this website. Please check back periodically or contact us at the address listed at the end of this Privacy Policy.

Consumers With Disabilities

This policy is provided in a form that is accessible to consumers with disabilities.

Questions About the Policy

This website is owned and operated by Meruelo Group LLC. If you have any questions about this Privacy Policy, please contact us at meruelogroup@meruelocpra.com or call +1-866-303-0790.

**This policy was last updated February 12, 2024.