This Privacy Policy describes what information McGrath RentCorp and its affiliates and subsidiaries and all subdomains (“we” , “our”, “us” or “the Company”) collects from and is related to you, and how we use such information, when you use the Company websites at https://www.mgrc.com, https://www.adlertankrentals.com, https://www.enviroplex.com, https://www.mobilemodular.com, https://blog.mobilemodular.com, https://www.mobilemodularcontainers.com, https://www.trsrentelco.com, https://blog.mobilemodularcontainers.com, https://kitchenstogo.com (collectively, the "Websites").
Please read this
Privacy Policy carefully and in its entirety before using the Websites as it
applies to every visitor to the Websites. We reserve the right to make changes
at any time to this Privacy Policy. We will advise you of material changes to
this Privacy Policy through the Websites or by any other reasonable means of
reaching you. All amended terms shall be automatically effective as of the date
of the amended Privacy Policy. You should regularly check this Privacy Policy.
Your continued use of the Websites constitutes acceptance of any and all changes
to this Privacy Policy.
Collection
of Personal Information
We collect personal
information directly from users of our Websites from correspondence, faxes,
live chats, e-mails, telephone inquiries, web forms, and other means of
communication. We collect such information when we provide online services, and
for other lawful purposes. We (and our affiliates and authorized service
providers) may collect, store and use:
(a) information about
your visits to and use of the Websites;
(b) information about
any transactions carried out between you and us, including information relating
to online education and other services;
(c) any information
you provide to us if you correspond with us, such as when you request a quote
for one of our products or services or contact us;
(d) if you create an
account with us, we may ask you for your name, and other demographic
information, e-mail address, street address or other personal information. You
may, however, visit the Websites without providing that information.
(e) if you sign up to
receive our newsletter, we may ask for your e-mail address.
(f) information by
which you may be personally identified, such as your name, address, and phone
number.
(g) if you purchase
Company products and services, we collect billing and credit card information.
(h) anonymous
demographic information, which is not unique to you.
(i) your search
queries on our Websites.
As you navigate
through and interact with our Websites, we may use automatic data collection
technologies to collect certain information about your equipment, browsing
actions, and patterns, such as your IP address, geographical location, browser
type, domain names, traffic data, logs, referring website addresses, access
times, length of visit and number of page views, error information, clickstream
data, and other communication data and the resources that you access and use on
the Websites. The information we collect automatically may include personal
information, or we may maintain it or associate it with personal information we
collect in other ways or receive from third parties. We may use this
information in the administration of the Websites, to improve the Websites usability,
to provide better service, to send you newsletters, updates, marketing
communications, and other information or that may be of interest to you. We may
sometimes permit our authorized service providers to have access to aggregate
and de-identified statistics about our customers, sales, traffic patterns,
usage and related information.
The automatic data collection
technologies that we use include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. We only place cookies on your hard drive with your consent. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you do not consent to our use of cookies or select this setting you may be unable to access certain parts of our Websites. You can find more information about cookies at http://youronlinechoices.eu.
- Web Beacons. Pages of our Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We use automatic data
collection technologies provided by third parties, including analytics
providers. These third parties may use cookies to collect information about you
when you use our Website. The information that they collect may be associated
with your personal information or they may collect information, including
Personal Information, about your online activities over time and across
different websites and other online services. We do not control these third
parties’ use of cookies or other tracking technologies, or how they may be
used. If you have any questions about the use of this information, you should
contact the responsible party directly.
Details about the
automated data collection technologies and the specific cookies that we use can
be found by following the link entitled “Manage Cookies” on our Websites and
adjusting your preferences in the cookie consent manager, which you may access
by selecting the links. The cookie consent
manager enables you to control the settings of the cookies that we set on your
device and whether we collect information from them.
How
We Use Your Personal Information
We only use the information
that we collect about you or that you provide to us, including any personal
information:
- to present our Websites and their contents to you;
- to provide you with information, products, or services that you request from us;
- for our marketing and analytical purposes, consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable laws;
- to fulfill any other purpose for which you provide it;
- to provide you with notices about your account, including expiration and renewal notices;
- to provide you with our newsletter;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- to notify you about changes to our Websites or any products or services we offer or provide though them;
- in any other way we may describe when you provide the information; and
- for any other purpose with your consent.
With your consent, we may also use your information to
contact you about our own and third parties’ goods and services that may be of
interest to you, such as via e-mail. If you wish to consent to this use, please
check the relevant box or the appropriate button located on the form on which
we collect your data. If you wish to change your choice, you may do so at any
time by selecting the unsubscribe link that is provided in one of our emails or
by sending us an email stating your request at
privacyinquiry@mgrc.com. For more information, see Choices About How We Use and Disclose Your Information.
Please note that
regardless of your choice, we may always use your information to contact you
about an order or product service experience. For more information, see
Your Choices and Access to Your Personal Information
below.
We do not, as a
condition of providing services to you or on your behalf, or as an
administrative or management requirement, require consent to the collection,
use or disclosure of personal information beyond that reasonably required for
such purposes, or to comply with its obligations under applicable law.
Disclosure of Your Information
We do not share,
sell, or otherwise disclose your personal information, except for the purposes
as outlined in this privacy policy, or new purposes to which you have
consented, or as required or as expressly permitted by applicable law. However,
we may disclose aggregated information about our users without restriction.
We may disclose
personal information that we collect or you provide as described in this
privacy policy:
- to our subsidiaries and affiliates.
- to contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them. These entities provide IT and infrastructure support services, and payment processing services.
- with other business entities in connection with the sale, assignment, merger or other transfer of all or a portion of the Company business or assets to such business entity (including due to a sale in connection with a bankruptcy). We will require any such purchaser, assignee or other successor business entity to honor the terms of this privacy statement.
- in response to a subpoena, search warrant, in connection with judicial proceedings, or pursuant to court orders, legal process or other law enforcement measures.
- when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating any agreement with the Company, or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other Website users, or anyone else that could be harmed by such activities.
- when we believe in good faith that the law requires it, to establish our legal rights or to defend against legal claims, and for administrative and other purposes that we deem necessary to maintain, service and improve our products and services.
- to enforce our agreements, including for billing and collection purposes.
Linking Sites
The Websites contain
links to other websites whose privacy practices may differ from ours. The
Company is not responsible for the privacy practices or the content of such
websites, including any sites that may indicate a special relationship or
partnership with us (such as co-branded pages or "powered by" or
"in cooperation with" relationships). We do not share information we
gather with other websites or any other entities or individuals except as
provided in this privacy policy. Other linked sites, however, may collect personal
information from you that is not subject to our control. To ensure protection
of your privacy, always review the privacy policy of the sites you may visit by
linking from the Websites.
Social
Media
We may collect
information from other sources, such as social media platforms that may share
information about how you interact with our social media content. We do not
control how your personal information is collected, stored or used by such
third party sites or to whom it is disclosed. You should review the privacy
policies and settings on any social networking site that you subscribe to so
that you understand the information they may be sharing. If you do not want
your networking sites to share information about you, you must contact that
site and determine whether it gives you the opportunity to opt-out of sharing
such information. The Company is not responsible for how these third party
sites may use information collected from or about you.
Security
The Company employs
security measures to protect the loss, misuse or alteration of personal
information that you disclose through the Websites. If you have additional
questions regarding security, please feel free to contact us directly at
privacyinquiry@mgrc.com.
To ensure that our
employees comply with our privacy policies, we have developed a training
program that provides our employees with the tools and knowledge to protect
member privacy in all aspects of their work. Any employee who violates our privacy
policies is subject to disciplinary action, including possible termination and
civil and/or criminal prosecution.
We also take
additional cybersecurity measures that include but are not limited to, for
example:
- We have a cybersecurity training and testing program that applies to our geographic locations- employees that use technology are required to complete these trainings and testing, which occurs on a regular monthly basis.
- We brief our Board of Directors on cybersecurity on a regular basis (this occurs minimally on an annual basis, with additional discussion as needed).
- We have purchased cybersecurity insurance.
- We comply with PCI-DSS. We have also implemented multi-layer cyber protections, including engaging a third-party independent cybersecurity company, who does security testing and monitoring for our Company, which includes penetration testing, auditing, and security assessment.
The safety and
security of your information also depends on you. Where we have given you (or
where you have chosen) a password for access to certain parts of our Websites,
you are responsible for keeping this password confidential. We ask you not to
share your password with anyone. Unfortunately, the transmission of information
via the internet is not completely secure. Although we do our best to protect
your personal information, we cannot guarantee the security of your personal
information transmitted to our Websites. Any transmission of personal
information is at your own risk. We are not responsible for circumvention of
any privacy settings or security measures contained on the Websites.
Child
Online Privacy Protection Act (COPPA) Compliance and Related Information
The Child Online
Privacy and Protection Act (COPPA) regulates online collection of information
from persons under the age of 13. It is our policy to refrain from knowingly
collecting or maintaining personally identifiable information relating to any
person under the age of 18. If you are under the age of 18, please do not
supply any personally identifiable information through the Website. If we learn
we have collected or received personal information from a child under 18
without verification of parental consent, we will delete that information. If
you are under the age of 18 and have already provided personally identifiable
information through the Website, please have your parent or guardian contact us
immediately using the information below so that we can remove such information
from our files.
Opt-In
& Unsubscribe - Your Choices About How We Use and Disclose Your Personal
Information
We do not control the
collection and use of your information collected by third parties described
above in Disclosure of Your Information. When possible, these organizations are
under contractual obligations to use this data only for providing the services
to us and to maintain this information strictly confidential. These third
parties may, however, aggregate the information they collect with information
from their other customers for their own purposes.
In addition, we
strive to provide you with choices regarding the personal information you
provide to us. We have created mechanisms to provide you with control over your
personal information:
- Tracking Technologies . We and third parties may use cookies, action tags, or similar technologies on your computer to provide the Websites and online services and help collect data. You may block or delete cookies and control data collection through your web browser settings and through our cookie consent manager, which you can access through the link on our homepage entitled “Manage Cookies.” However, adjusting your browser settings may impact your experience with the Websites.
- Promotional Offers from the Company . We will only use your contact information to promote our own or third parties’ products and services with your consent as described in our General Privacy Notice.
- Disclosure of Your Information for Third-Party Advertising . We will only share your personal information with unaffiliated or non-agent third parties for promotional purposes with your consent. If you wish to consent to such use, you can check the relevant box located on the form on which we collect your personal information or otherwise seek such consent.
- Targeted Advertising . Our third-party advertising partners may collect data about your visits to the Websites to help them better understand your advertising preferences, and provide you with offers they believe you will be interested in. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You may inform us of whether you would like your data to be used in this way by setting your preferences for advertising cookies through our cookie consent manager, which you can access through the link on our homepage entitled “Manage Cookies,” however if you disable these types of cookies, you may still see advertising on ours or our third-party advertising partner sites, but these advertisements may not be as relevant to your interests. If you would like to learn more about interest-based advertising and your right to opt out of behavioral advertising, please visit:
Please note that the
options you select are browser and device specific.
Accessing,
Correcting, and Deleting Your Information
You may contact us at the
contact information below to request access to, correct, or delete any personal
information that we have collected about you. If you have a registered account
through our Websites, we cannot delete your personal information without also
deleting your account. We may not accommodate a request to change your personal
information if we believe the change would violate any law or legal requirement
or cause the information to be incorrect.
Jurisdiction Specific Privacy Rights The law in some jurisdictions may provide you
with additional rights regarding our use of personal information. To learn more
about any additional rights that may be applicable to you as a resident of one
of these jurisdictions, please see the privacy addendum for your jurisdiction
that is attached to this Data Privacy and Security Policy.
For
Residents of California
If you are a resident of California, you have the additional
rights described in our
California Privacy Addendum.
For
Residents of the Commonwealth of Virginia
If you are a
resident of Virginia, you have the additional rights described in our
Virginia Privacy Addendum.
For
Individuals Located within the European Economic Area
If you are located in the European Economic Area, you have the
additional rights described in our
GDPR Privacy Addendum.
For Individuals Located
within Canada
If you are located in Canada, you have the additional rights
described in our
Canada
Privacy Addendum
.
Contact
Us
Personal information
is generally located at our corporate or divisional offices in the United
States. A list of corporations, divisions, subsidiaries and affiliates to which
this Privacy Policy applies is available upon request. Please direct all
complaints or other inquiries regarding personal information, the Privacy
Policy, and requests related to your personal information pursuant to
applicable laws to our Privacy Director as follows:
privacyinquiry@mgrc.com.
California Privacy Addendum
Effective Date: September 9, 2021
Last
Reviewed on
: September 9, 2021
This Privacy Addendum for California
Residents (the “
California Privacy
Addendum
”) supplements the information contained in McGrath RentCorp’s Data
Privacy and Security Policy (the “
General
Privacy Notice
”) and applies solely to all visitors, users, and others who
reside in the State of California (“
consumers” or “you”). We
adopt this California Privacy Addendum to comply with the California Consumer
Privacy Act of 2018 (“
CCPA”) and the California Consumer Privacy Rights
Act (“
CPRA”), which will go into effect on January 1, 2023. Any terms
defined in the CCPA or CPRA have the same meaning when used in this California
Website Privacy Addendum. If you are a California resident with disabilities,
and need to be provided with an accessible version of this section or the
policy as a whole, please contact us at
privacyinquiry@mgrc.com. This California Privacy Addendum takes precedence over
anything contradictory in our General Privacy Notice.
Note that this California Privacy
Addendum does not apply to employment-related personal information collected
from our California-based employees, job applicants, contractors, or similar
individuals. Please contact your local human resources department if you are a
California employee and would like additional information about how we process
your Covered Personal Information (as defined below). It also does not apply to
Covered Personal Information reflecting a written or verbal
business-to-business communication between you and us.
Information We
Collect
Our Websites, as applicable to your use
of the services, collect information that identifies, relates to, describes,
references, is capable of being associated with, or could reasonably be linked,
directly or indirectly, with a particular consumer or device (“
Covered
Personal Information
”). In particular, our Websites have collected the
following categories of Covered Personal Information from its consumers within
the last twelve (12) months:
Category |
Examples |
A. Identifiers. |
A real name, alias,
postal address, unique personal identifier, online identifier, Internet
Protocol address, email address, account name, or other similar identifiers.
|
B. Personal
information categories listed in the California Customer Records statute
(Cal. Civ. Code § 1798.80(e)).
|
A name, address,
telephone number, education, employment, employment history, bank account
number, credit card number, debit card number, or any other financial
information.
|
D. Commercial
information.
|
Records of personal
property, products or services purchased, obtained, or considered, or other
purchasing or consuming histories or tendencies.
|
F. Internet or
other similar network activity.
|
Browsing history,
search history, information on a consumer’s interaction with a website,
application, or advertisement.
|
G. Geolocation
data.
|
Physical location
or movements.
|
L. Sensitive
Personal Information
|
Information that is not publicly available and reveals account log-in number in combination with any required
security or access code, password, or credentials allowing access to an
account.
|
Covered Personal Information does not
include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information or organizations excluded from the CCPA’s scope as set forth in the law.
We will only use
deidentified or aggregated consumer information in deidentified form and will
not attempt to reidentify the information, except as is required by law, and
will contractually obligate any recipients of such deidentified or aggregated consumer
information to follow the same requirements.
Use of Covered
Personal Information
We may use or
disclose the Covered Personal Information we collect for the business purposes
described in the General Privacy Notice.
We limit the
collection of Covered Personal Information to what is adequate, relevant, and
reasonably necessary in relation to the purposes for which the Covered Personal
Information is processed. We may process the Covered Personal Information we
collect, for one or more of the purposes described in the General Privacy
Notice. We will not process Covered Personal Information for purposes that are
neither reasonably necessary to nor compatible with the purposes for which the Covered
Personal Information is processed as described in the General Privacy Notice
without your consent.
Sources of Covered
Personal Information
We obtain the
categories of Covered Personal Information listed above directly from you, or
automatically when you use or interact with our Websites.
Sensitive Personal Information
We collect Sensitive Personal Information solely to enable you to login and access our Websites. We do not use Sensitive Personal Information for an incompatible purpose.
Disclosing Covered
Personal Information
We may disclose your Covered
Personal Information to a third party for a business purpose. When we disclose Covered
Personal Information for a business purpose, we generally enter into a contract
that describes the purpose and requires the recipient to both keep that Covered
Personal Information confidential, maintain reasonable security to protect the Covered
Personal Information, and not use the Covered Personal Information for any
purpose except performing the contract.
In the
preceding twelve (12) months, we have disclosed all of the above categories of
personal information collected for a business purpose to third party vendors
who provide marketing, payment processing, and other services to us.
Company neither “sells”
Covered Personal Information for monetary or other consideration nor “shares” Covered
Personal Information for cross-context behavioral advertising (whether or not
for monetary or other valuable consideration).
Automated Decision
Making
We do not use your Covered
Personal Information with any automated decision making process, including
profiling, which may produce a legal effect concerning you or similarly
significantly affect you.
Data Security
We have implemented measures designed to secure your Covered
Personal Information from accidental loss and from unauthorized access, use,
alteration, and disclosure.
The safety and
security of your information also depends on you. Where we have given you (or
where you have chosen) a password for access to our services, you are
responsible for keeping this password confidential. We ask you not to share
your password with anyone.
Unfortunately, the transmission of information via the
internet is not completely secure. Although we do our best to protect your Covered
Personal Information, we cannot guarantee the security of your Covered Personal
Information transmitted to our Websites. Any transmission of Covered Personal
Information is at your own risk. We are not responsible for circumvention of
any privacy settings or security measures contained on the Websites.
Your Rights and
Choices
The CCPA provides
consumers (California residents) with specific rights regarding their Covered
Personal Information. This section describes your CCPA rights and explains how
to exercise those rights.
Access
to Specific Information and Data Portability Rights
To the extent you
provide us with your Covered Personal Information and to the extent we process
the Covered Personal Information by automated means, you have the right to
request that we provide you a copy of, or access to, all or part of such Covered
Personal Information in portable, and to the extent technically feasible,
readily usable format that allows you to transmit the Covered Personal
Information to another entity without hindrance.
We will provide Covered
Personal Information to you that was collected beyond 12 months before the
request unless providing such information is impossible or would involve a
disproportionate effort. Once we receive and verify your request (see
Exercising
Access, Data Portability, and Deletion Rights
), we will disclose to you:
- The categories of Covered Personal Information we collected about you.
- The categories of sources for the Covered Personal Information we collected about you.
- Our business or commercial purpose for collecting that Covered Personal Information.
- The categories of third parties with whom we share that Covered Personal Information.
- The specific pieces of Covered Personal Information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- “sales” for monetary or other valuable consideration and “sharing” for cross-context behavioral advertising (whether or not for monetary or other valuable consideration), identifying the personal information categories that each category of recipient received; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion
Request Rights
You have the right to request that we delete any of your Covered
Personal Information that we collected from you and retained, subject to
certain exceptions. Once we receive and confirm your verifiable consumer
request (see Exercising Access, Data Portability, and Deletion Rights), we
will delete (and direct our service providers and/or contractors to delete)
your Covered Personal Information from our records, unless an exception
applies.
We may deny your deletion request if retaining the information is
necessary for us or our service providers and/or contractors to:
- Complete the transaction for which we collected the Covered Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect bugs or errors in our Website or service, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information are permitted by law or that are compatible with the context in which you provided it.
Correction
Rights
You can review and change your Covered Personal Information by logging
into the Websites and visiting your “Account” page. You may also notify us
through a verifiable consumer request as described below of any changes or
errors in any Covered Personal Information we have about you to ensure that it
is complete, accurate, and as current as possible. We may not be able to
accommodate your request if we believe it would violate any law or legal
requirement or cause the information to be incorrect.
Exercising
Access, Correction, Data Portability, and Deletion Rights
To exercise the access, correction, data portability, correction, and
deletion rights described above, please submit a verifiable consumer request to
us by emailing us at
privacyinquiry@mgrc.com or
contacting us at
1-800-548-0814.
Only you, or a person registered with the California Secretary of State
that you authorize to act on your behalf (an “Authorized Agent”), may make a
verifiable consumer request related to your Covered Personal Information. You
may also make a verifiable consumer request on behalf of your minor child.
Please note that we are not obligated to provide information to a
consumer in response to a request more than twice in a twelve (12) month
period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Covered Personal Information. Before completing your request to exercise the below, we will verify that the request came from you based on information we have for you in our records, or though some other method in compliance with the CCPA.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Covered Personal
Information if we cannot verify your identity or authority to make the request
and confirm the Covered Personal Information relates to you. With few
exceptions, we will only review and fulfill a request from your Authorized
Agent if (a) you grant the Authorized Agent written permission to make a
request on your behalf, (b) you or the Authorized Agent provides us notice of
that written permission, and (c) we are able to verify your and the Authorized
Agent’s identity in connection with that notice and the request.
Making a verifiable consumer request does not require you to create an
account with us.
We will only use Covered Personal Information provided in a verifiable
consumer request to verify the requestor’s identity or authority to make the
request.
Response
Timing and Format
We endeavor to respond to a verifiable consumer request within
forty-five (45) days of its receipt. If we require more time, we will inform
you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to
that account. If you do not have an account with us, we will deliver our
written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12) month period
preceding the verifiable consumer request’s receipt. The response we provide
will also explain the reasons we cannot comply with a request, if applicable.
For data portability requests, we will select a format to provide your Covered
Personal Information that is readily useable and should allow you to transmit
the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable
consumer request unless it is excessive, repetitive, or manifestly unfounded.
If we determine that the request warrants a fee, we will tell you why we made
that decision and provide you with a cost estimate before completing your
request.
Non-Discrimination
You have the right not to receive discriminatory treatment by us for
exercising any of your rights under the CCPA. However, we may offer you certain
financial incentives permitted by the CCPA that can result in different
prices, rates, or quality levels. Any CCPA-permitted financial incentive we
offer will reasonably relate to your Covered Personal Information’s value and
contain written terms that describe the program’s material aspects.
Participation in a financial incentive program requires your prior opt-in
consent, which you may revoke at any time.
Other
California Privacy Rights
For California residents, California Civil Code Section 1798.83 permits
you to request information regarding the disclosure of your personal
information, as that term is defined in Section 1798.83, to third parties for
the third parties’ direct marketing purposes. To make such a request, you may
contact us by emailing us at
privacyinquiry@mgrc.com.
At this time, the Company does not honor “Do Not Track” signals.
Retention of Covered Personal
Information
If you
create an account with us, we will retain your Covered Personal Information for
the entire time that you keep your account open. After you close your account
(or if you have not created an account), we may retain your Covered Personal
Information for any of the following reasons, whichever is longer: (a) fulfill
the purposes for which it was collected and for legal or business requirements;
(b) in our backup and disaster recovery systems in accordance with our backup
policies and procedures; or (c) for as long as necessary to protect our legal
interests or otherwise pursue our legal rights and remedies.
We
retain data that has been aggregated or otherwise rendered anonymous in such a
manner that you are no longer identifiable, indefinitely.
Changes to This
California Privacy Addendum
Company reserves the right to amend this California Privacy Addendum at our discretion and
at any time. When we make changes to this California Privacy Addendum, we will post the updated addendum on the
Websites and update the addendum’s effective date.
Your continued use of our Websites following the posting of changes
constitutes your acceptance of such changes
.
If
you have any questions or comments about this California Privacy Addendum, the ways in which
Company collects and uses your information described above and in the General
Privacy Notice, your choices and rights regarding such use, or wish to exercise
your rights under California law, please do not hesitate to contact us by emailing
us at
privacyinquiry@mgrc.com.
Virginia Privacy Addendum
Effective
Date:
September 9, 2021
This Privacy Notice Addendum for Virginia
Residents (the “
Virginia Privacy Addendum”) supplements the
information contained in McGrath RentCorp’s Data Privacy and Security Policy
(the “
General Privacy Notice”) and describes our collection and use of
personal data. This Virginia Privacy Addendum applies solely to all visitors of
our Websites (as defined in the General Privacy Notice), users of our goods and
services, and others acting only in an individual or household context, each of
whom reside in the Commonwealth of Virginia (“
consumers” or “you”).
We adopt this notice to comply with the Virginia Consumer Data Protection Act
of 2021 (“
CDPA”) and any terms defined in the CDPA have the same meaning
when used in this notice.
Note that this
Virginia Privacy Addendum only applies to you as an individual and not to you
acting in an em
ployment or commercial context.
Information We
Will Collect
We collect
information that is linked or is reasonably linkable to you and as identified
or identifiable person (“
personal data”)
as described in our General Privacy Notice.
Personal data
does not include, and this Virginia Privacy Addendum does not cover:
- Publicly available information from government records or that we have a reasonable belief is lawfully made available to the general public either by widely distributed media, by you, or by a person to whom you have disclosed the information (unless you have restricted the information to a specific audience).
- Information that has been de-identified such that the information can no longer be reasonably linked to any you or a device linked to you.
- Information excluded from the CDPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), health records for the purposes of Title 32.1 of the Virginia Code, or clinical trial data;
- Records of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance use disorder education, prevention, training, treatment, rehabilitation, or research, which is conducted, regulated, or directly or indirectly assisted by any department or agency of the United States;
- Information and documents created for the purposes of the U.S. Health Care Quality Improvement Act of 1986 and patient safety work product for the purposes of the U.S. Patient Safety and Quality Improvement Act;
- personal data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), the Farm Credit Act (FCA), and the Driver’s Privacy Protection Act of 1994.
Use of Personal Data
We limit the
collection of personal data to what is adequate, relevant, and reasonably
necessary in relation to the purposes for which the personal data is processed.
We may process the personal data we collect, for one or more of the purposes
described in the General Privacy Notice. We will not process personal data for
purposes that are neither reasonably necessary to nor compatible with the
purposes for which the personal data is processed as described in the General
Privacy Notice without your consent.
Sharing Personal
Data
The Company may
share your personal data with our affiliates and other third parties. When we
disclose personal data, we enter a contract that describes the purpose and
requires the recipient to both keep that personal data confidential and not use
it for any purpose except performing the contract. The categories of personal
information that we share with third parties, and the categories of third
parties that we share your personal information with, are described in the
following table:
Category of Personal Data Shared With Third Parties |
Categories of Third Parties the Personal Data are Shared
With
|
Identifiers |
Service
Providers, Data brokers or aggregators, and Internet cookie information
recipients, such as analytics and behavioral advertising services
|
Commercial
information, i.e. records of personal property, products or services
purchased, obtained, or considered, or other purchasing or consuming
histories or tendencies
|
Service
Providers
|
Internet
or other similar network activity
|
Service
Providers, and Internet cookie information recipients, such as analytics
|
Sales of your
Personal Data
We do
not sell your personal data to third parties for their own commercial use.
Your Rights and Choices
The CDPA
provides you as consumer in Virginia with specific rights regarding their
personal data. This section describes your CDPA rights and explains how to
exercise those rights. You may exercise these rights yourself or through your
authorized agent.
- Confirmation and Access. You have the right to confirm whether or not we are processing your personal data and to have access to that personal data. You may exercise this right by emailing us at privacyinquiry@mgrc.com. You may also exercise this right as described below.
- Correction. You have the right to correct any inaccuracies in your personal data processed by us, taking into account the nature of the personal data and the purposes of the processing of your personal data. We may also not be able to accommodate your request to change the personal data if we believe it would violate any law or legal requirement or cause the personal data or the information associated with the personal data to be incorrect.
- Deletion. You have the right to request that we delete all of your personal data. In cases in which you have a user account, we cannot delete your personal data except by also deleting your user account. However we may not accommodate a request to erase your personal data if we believe the deletion would violate any law or legal requirement or cause any information associated with the personal data to be incorrect.
- Portability. To the extent you provide us with your personal data and to the extent we process the personal data by automated means, you have the right to request that we provide you a copy of, or access to, all or part of such personal data in portable, and to the extent technically feasible, readily usable format that allows you to transmit the personal data to another controller without hindrance.
- Opt-Out of Certain Processing. You have the right to opt-out of processing your personal data for the purposes of: (i) targeted advertising; (ii) the sale of your personal data; or (iii) profiling in furtherance of decisions that produce legal effects or similarly significant affects concerning. These decisions include decisions that results in the provision or denial by the controller of financial and lending services, housing, insurance, education enrollment, criminal justice, employment opportunities, health care services, or access to basic necessities, such as food and water.
To exercise the
right to opt-out, you (or your authorized representative) may adjust your
cookie preferences by selecting the link entitled “Manage Cookies” on one of
our Websites. You may also opt-out of
receiving cookie’s by setting your browser to refuse all or some browser
cookies, or to alert you when cookies are being sent. However, if you do not
consent to our use of cookies or select this setting you may be unable to
access certain parts of our Websites or other websites. You can find more
information about cookies at
http://youronlinechoices.eu.
Exercising
Your
Rights
To exercise the
rights described above, please submit a request to us by contacting us through
the contact information provided in our General Privacy Notice.
You may only
make a request to exercise the above rights twice within a 12-month period. The
request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot
respond to your request or provide you with personal data if we cannot
authenticate that the personal data that is the subject of your request relates
to you through commercially reasonable efforts. In this case, we may request
additional information, which we will only use to authenticate you.
Making a
verifiable consumer request does not require you to create a
password-protected, online account with us. However, if you do have such an
account, we may require you to use it in order to make your request. Doing so
will enable us to consider your requests through that account to authenticate
that the personal data that is the subject of your request relates to you.
To exercise the right to opt-out of
targeted advertising, you (or your authorized representative) adjust your
cookie preferences by visiting the following Internet Web page link: entitled “Manage
Cookies” on one of our Websites. You may
also opt-out by setting your browser to refuse all or some browser cookies, or
to alert you when cookies are being sent. However, if you do not consent to our
use of cookies or select this setting you may be unable to access certain parts
of our Websites or other websites.
We will
generally process these requests within forty-five (45) days of its receipt. If
we require more time (up to 45 days), we will inform you of the reason and
extension period in writing. If we cannot comply with your request, we will
provide you with an explanation of the reasons we cannot comply with a request.
We do not charge
a fee to process or respond to your verifiable consumer request unless it is
excessive, repetitive, or manifestly unfounded. If we determine that the
request warrants a fee, we will tell you why we made that decision and provide
you with a cost estimate before completing your request.
Appeals
Process
You may appeal a
refusal by us to take action on your request to exercise any of the above
rights within a reasonable period of time after we provide you notice of such
refusal by contacting us through the contact information listed in the General
Privacy Notice. Within sixty (60) days after we receive your appeal, we will
inform you in writing of any action taken or not taken in response to your
appeal, including any explanations for the reasons for the decision. If your
appeal is denied, you may lodge a complaint with the Virginia Attorney General
through his/her contact information available at:
https://www.oag.state.va.us/contact-us/contact-inf....
Non-Discrimination
We will not
discriminate against you for exercising any of your CDPA rights. Unless
permitted by the CDPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
However, we may
offer you certain financial incentives permitted by the CDPA that
can result in different prices, rates,
or quality levels, or selection of goods and services (including the
possibility of offering our goods and services for no fee), if you have
exercised your rights to opt-out of certain processes as described above or if
the offer is related to your voluntary participation in a bona fide loyalty,
rewards, premium features, discounts, or club card program.
Changes to This Virginia Privacy Addendum
Company reserves
the right to amend this Virginia Privacy Addendum at our discretion and at any time. When we make changes to this
Virginia Privacy Addendum, we will post the updated addendum on the Websites
and update the addendum’s effective date.
Your
continued use of our Websites following the posting of changes constitutes your
acceptance of such changes
.
Contact Information
If you have any
questions or comments about this Virginia Privacy Addendum, the ways in which
the Company collects and uses your information described above and in the
General Privacy Notice, your choices and rights regarding such use, or wish to
exercise your rights under the CDPA, please do not hesitate to contact us
through the contact information provided in the General Privacy Notice.
GDPR Privacy Addendum
Effective Date: September 9, 2021
Introduction
This GDPR Privacy Addendum (the “GDPR
Privacy Addendum
”) supplements the information contained in the McGrath
RentCorp Data Privacy and Security Policy (“
General Privacy Notice”) and applies solely to all users who are
located in the European Economic Area. We adopt this GDPR Privacy Addendum to
comply with the General Data Protection Regulation (2016/679) and any
implementing acts of the foregoing by any of the member states of the European
Economic Area, the United Kingdom, or Switzerland (“
GDPR”) and any terms
defined in the GDPR or our Privacy Notice have the same meaning when used in
this GDPR Privacy Addendum. This GDPR Privacy Addendum takes precedence over
anything contradictory in our General Privacy Notice.
Data Controller
The
Company is the data controller of your personal information. At this time, the
Company is not required to appoint a Data Protection Officer or a
representative in the EU, and has elected not to do so. The Company may be
contacted by email at
privacyinquiry@mgrc.com.
Lawful Basis for Processing Your Personal
Information
The
processing of your personal information is lawful only if it is permitted under
the applicable data protection laws. We have a lawful basis for each of our
processing activities (except when an exception applies as described below):
- Performance of a contract . We may need to collect and use your personal information to in order to fulfill our obligations to you or your employer pursuant to our contract with you or your employer to deliver our goods and services to you or your employer.
- Consent. By using our Websites, you consent to our collecting, using, and sharing your personal information as described in this privacy policy. If you do not consent to this privacy policy, please do not use the Websites.
- Legitimate interests . We may use your personal information with our third party vendors and service providers for our legitimate interests to deliver the services you have requested and to improve our services. Our legitimate interests are balanced against your rights and freedoms and we do not process your personal information if your rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between the Company and you or your employer; detect and correct bugs and to improve our Websites; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other financial crime; promote and market our business; check your credit and perform risk assessments; develop our products and services and perform employment screening and to manage our workforce, assets, and business.
- As required by law . We may also process your personal information when we are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.
Special Categories of Information
The Company does not ask you to provide, and we
do not knowingly collect, any special categories of personal information from
you.
Automated Decisions Making
The
Company does not use your personal information with any automated decision
making process, including profiling, which may produce a legal effect
concerning you or similarly significantly affect you.
Your Rights Regarding Your
Information and Accessing and Correcting Your Information
Applicable data protection laws may provide you
with certain rights with regards to our processing of your personal
information.
- Access and Update . You can review and change your personal information by emailing us at privacyinquiry@mgrc.com. You may also notify us of any changes or errors in any personal information we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
- Restrictions. You have the right to restrict our processing of your personal information under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your personal information is determined to be unlawful, or if we no longer need your personal information for processing but we have retained it as permitted by law.
- Portability. To the extent the personal information you provide the Company is processed based on your consent or that we process it through automated means, you have the right to request that we provide you a copy of, or access to, all or part of such personal information in structured, commonly used and machine-readable format. You also have the right to request that we transmit this personal information to another controller, when technically feasible.
- Withdrawal of Consent . To the extent that our processing of your personal information is based on your consent, you may withdraw your consent at any time by closing your account. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your personal information.
- Right to be Forgotten . You have the right to request that we delete all of your personal information. We cannot delete your personal information except by also deleting your user account, and we will only delete your account when we no longer have a lawful basis for processing your personal information or after a final determination that your personal information was unlawfully processed. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your personal information as set forth in this policy. In addition, we cannot completely delete your personal information as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies.
- Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
- How You May Exercise Your Rights . You may exercise any of the above rights by completing the REQUEST FORM and emailing it to us at privacyinquiry@mgrc.com. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your personal information, you may be charged a fee subject to a maximum set by applicable law.
- Response Times . We will make every reasonable effort to respond to each of your written requests not later than 30 days after receipt of such requests. When applicable, we will advise you in writing if we cannot meet your requests within this time limit. When applicable, you have the right to make a complaint to the appropriate privacy commission with respect to this time limit.
Consent to Processing of Personal Information
Outside the European Economic Area
The Websites are hosted in the United States.
If you are a resident of the European Economic Area (“EEA”), please note that
by providing your information it is being transferred to, stored or processed
in the United States and other countries, where our data center and servers are
located and operated. The data protection and other laws of the United States,
including to countries that may not or do not provide an equivalent level of
protection for your personal information.
Your personal information is transferred by the
Company to another country only if it is required or permitted under applicable
data protection law and provided that there are appropriate safeguards in place
to protect your personal information. By using our Websites, you represent that
you have read and understood the above and hereby consent to the storage and
processing of personal information that you provide directly to us on our
Websites. If you are visiting the Websites form outside the United States and
do not wish to allow the transfer of your personal information to the United
States, you should not use the Websites and you should not opt-in to (or send
us a request to opt-out of) the collection of cookies. To ensure your personal
information (other than personal information you provide directly to us on our
Websites) is treated in accordance with this privacy policy, the Company uses
Data Protection Agreements between the Company and all other recipients of your
data that include, where applicable, the Standard Contractual Clauses adopted
by the European Commission (the “Standard Contractual Clauses”). The European
Commission has determined that the transfer of personal information pursuant to
the Standard Contractual Clauses provides for an adequate level of protection
of your personal information. Under these Standard Contractual Clauses, you
have the same rights as if your data was not transferred to such third party.
You may request a copy of the Data Protection Agreement by contacting us by
email at
privacyinquiry@mgrc.com.
Retention of Personal Information
If you create an account with us, we will
retain your personal information for the entire time that you keep your account
open. After you close your account (or if you have not created an account), we
may retain your personal information for any of the following reasons,
whichever is longer: (a) fulfill the purposes for which it was collected and
for legal or business requirements; (b) in our backup and disaster recovery
systems in accordance with our backup policies and procedures; or (c) for as
long as necessary to protect our legal interests or otherwise pursue our legal
rights and remedies.
We retain data that has been aggregated or
otherwise rendered anonymous in such a manner that you are no longer
identifiable, indefinitely.
Changes
to this GDPR Privacy Addendum
The Company reserves the right to amend this GDPR Privacy
Addendum at our discretion and at any time and at any time and as further
described in our General Privacy Notice. When we make changes to this GDPR
Privacy Addendum, we will post the updated notice on the Website and update the
notice’s effective date.
Your continued use of our websites following the
posting of changes constitutes your acceptance of such changes.
Contact
Personal
information is generally located at our corporate or divisional offices in the
United States. A list of corporations, divisions, subsidiaries and affiliates
to which this Privacy Policy applies is available upon request. Please direct
all complaints or other inquiries regarding personal information, the Privacy
Policy, and requests related to your personal information pursuant to
applicable laws to our Privacy Director as follows:
privacyinquiry@mgrc.com.
Canada Privacy Addendum
Effective Date: September 9, 2021
This Canada Privacy Addendum (the “Canada Privacy Addendum”) supplements
the information contained in McGrath RentCorp’s Data Privacy and Security
Policy (the “
General Privacy Notice”) and describes our collection and
use of personal information. This Canada Privacy Addendum applies solely to all
visitors of our Websites (as defined in the General Privacy Notice), users of
our goods and services, and others acting only in an individual or household
context, each of whom are located in Canada (“
consumers” or “you”).
We adopt this notice to comply with the Personal Information Protection and
Electronic Documents Act (“
PIPEDA”)
and Canada’s Anti-Spam Legislation (“
CASL”)
and any terms defined in the PIPEDA and CASL. This
Canada Privacy Addendum takes precedence over anything contradictory in our
General Privacy Notice.
Note
that this Canada Privacy Addendum only applies to you as an individual and not to you acting
in an employment or commercial context.
Data Protection Officer
Company
has a Data Protection Officer in compliance with the PIPEDA. Company or its
Data Protection officer may be contacted in any manner set forth below in the
“Contact Information” Section of this Canada Privacy Addendum.
Lawful Basis for Processing
Your Personal Information
By using our Websites, you consent to our
collection, use, and sharing of your personal information as described in this
General Privacy Notice. If you do not consent to this collection, use, and
sharing, please do not use the Websites.
Promotional
Offers
We will only use your contact
information to promote our own or third parties’ products and services with
your consent as described in our General Privacy Notice.
Consent
to Processing of Personal Information in the United States
In order
to provide our services to you, we may store and send your personal information
outside of Canada, including to the United States. Accordingly, your personal
information may be transferred outside the country where you reside or are
located, including to countries that may not or do not provide an equivalent
level of protection for your personal information. Your information may be
processed and stored in the United States and United States federal, state, and
local governments, courts, or law enforcement or regulatory agencies may be
able to obtain disclosure of your information through the laws of the United
States. By accessing our Websites, you represent that you have read and
understood the above and hereby consent to the storage and processing of your
personal information outside the country where you reside or are located,
including in the United States.
Contact
If you have any
questions or comments about this Canada Privacy Addendum, the ways in which the
Company collects and uses your information described above and in the General
Privacy Notice, your choices and rights regarding such use, or wish to exercise
your rights under the Canada privacy laws, please do not hesitate to contact us
through the contact information provided in the General Privacy Notice or
contact our Data Protection Officer, Jim Gallagher, at
+1 925-453-3147, 5700
Las Positas Rd. Livermore, CA 94551.