COLORADO PRIVACY NOTICE
I. PERSONAL DATA WE COLLECT
Navien’s websites, including, without limitation, navien.com, navieninc.com, boilermadesmart.com, boilersmadesmart.com, comfort-mate.com, condensingsaves.com, gonavien.com, holehousecombi.com, navien.com.mx, navienliterature.com, navienmate.com, navienresources.com, navienrewards.com, naviensizing.com, tanklessmadesimple.com, wholehomeboiler.com, wholehomecombi.com, wholehouseboiler.com, wholehousecombi.com, wholehousecombis.com, and any other website that Navien owns or may own from time to time (collectively, “Website”) collect information that is linked or reasonably linkable to an identified or identifiable individual (“personal data”). Collection of personal data is limited to the extent that is adequate, relevant, and reasonably necessary in relation for the specified purposes herein. Provided below are the categories of personal data the Website collects from its consumers for business purposes:
• Identifiers – A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
• Commercial information. – Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Internet or other electronic network activity – Browsing history, search history, information regarding a consumer’s interaction with an internet website application, or advertisement.
• Geolocation data – Physical location or movements.
Personal data does not include:
• Publicly available information meaning information that is lawfully made available from federal, state, or local government records and information that a controller has a reasonable basis to believe the consumer has lawfully made available to the general public.
• De-identified data meaning reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable individual, or a device linked to such an individual, if the controller that possesses the data:
(a) Takes reasonable measures to ensure that the data cannot be associated with an individual;
(b) Publicly commits to maintain and use the data only in a de-identified fashion and not attempt to re-identify the data; and
(c) Contractually obligates any recipients of the information to comply with the requirements of the CPA
• Information excluded from the CPA’s scope, like:
o Information and Data covered by the Children’s Online Privacy Protection Act (COPPA)
o Information and Data covered by the Fair Credit Reporting Act (FRCA)
o Information and Data covered by the Family Educational Rights and Privacy Act (FERPA)
o Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA);
o Financial information subject to the Gramm-Leach-Bliley Act (GLBA);
o Personal data protected by other existing laws relating to consumers’ personal data that afford greater protections for consumers’ privacy than that provided by the CPA.
II. SOURCES OF PERSONAL INFORMATION WE COLLECT
Navien obtains the foregoing categories of personal information from the following categories of sources:
• Directly from you (i.e., from forms you complete or products and services you purchase)
• Indirectly from you (i.e., from observing or logging your actions on our Website)
• From third-party vendors with whom Navien contracts
III. BUSINESS OR COMMERCIAL PURPOSES FOR USING PERSONAL DATA
We may use or disclose the personal information and sensitive personal information we collect for one or more of the following business or commercial purposes:
We may need to collect and use some of the information listed below because we are either legally required to do so or because we need it to provide the requested services to you. If you do not provide the information that we ask for, we may not be able to provide you with the requested services. Some of our uses of your sensitive personal data, as listed below, are in addition to those provided by Colorado law and are for lawful business purposes.
• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request service or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
• To provide, administer and communicate with you about products, services, events, surveys and promotions (including by sending you marketing communications);
• To provide our services to you (including access to website and/or platforms), to communicate with you (including send you administrative and contractual information, such as information regarding the terms and conditions, warranty policies or service contracts) and to provide you other customer-related services, such as handle your queries and complaints;
• To contact you in the event of a service notification for your registered appliance or to provide other notices concerning the safety of your appliance regardless of your stated privacy preferences;
• To process, evaluate and respond to your requests, inquiries and applications;
• To confirm and process your order, provide you with updates regarding your order, process returns and contact you concerning your order;
• To create, administer and communicate with you about your account (including any purchases and payments);
• To personalize your experience on the services by presenting products and offers tailored to you, and to facilitate social sharing functionality;
• To verify your identity to ensure security for the other purposes listed here;
• To operate, evaluate and improve our business (including improving or developing new products and services; managing our communications; performing market research; determining and managing the effectiveness of our advertising and marketing; analyzing our products, services and websites; administering our websites; and performing accounting, auditing, billing, reconciliation and collection activities);
• To protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality;
• To ensure the security of our network services, information resources and the safety of our products, services, employees and information.
• To create, maintain, customize, and secure your account, if any, with us.
• To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
• For testing, research, analysis, and product development, including to develop and improve our products, and services.
• As described to you when collecting your personal information or as otherwise set forth in the CPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Navien’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Navien about our Website’s or services’ users is among the assets transferred.
• For other uses, as agreed between you and us.
IV. CATEGORIES OF THIRD PARTIES AND OTHER ENTITIES TO WHOM WE MAY DISCLOSE
• Our business partners
• Our affiliates
• Service providers such as payment processors
• Service providers and other entities we engage
• Entities that provide marketing services
• Entities that provide advertising services
• Entities that provide list rental services
• Data analytic, intelligence, and augmentation firms
• State regulators
• Courts of law/enforcement
• Legal authorities as required by law or to protect our rights
• Affiliated and nonaffiliated third parties as may be permitted or required by law (such as in connection with the sale or restricting of all or part of our business)
Navien will keep personal data about you for as long as it is necessary to fulfill the purposes for which we process it as described above in Section III, or for as long as necessary to comply with any legal obligations, and/or bring to or defend any legal claims. The criteria we use to determine data retention periods for personal data includes the following:
• Retention in case of queries; we will retain it for a reasonable period after the relationship between us has ceased;
• Retention in case of claims; we will retain it for the period in which it may be enforced; and
• Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain any additional period because of a legal or regulatory requirement.
• Under some circumstances we may de-identify your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose, including sharing it with utility companies, without further notice to you or your consent.
VI. PERSONAL INFORMATION SALES OPT-OUT AND OPT-IN RIGHTS AND OTHER CONSUMER REQUESTS
As a Colorado resident, you may have certain rights in relation to your personal data:
• Right to Access Personal Data;
• Right to Correct Inaccurate Personal Data;
• Right to Delete;
• Right to Obtain Copy of Personal Data in Portable Format;
• Right to Opt-Out of the Sale of Personal Data, Targeted Advertising, or Profiling;
• Right to Appeal
• Right to Non-Discrimination.
To submit a verifiable consumer request, Navien requires that you provide the following information that will be used to verify your identity and process your request:
• First and last name
• Email address
• Postal address
• State of residence
Navien may require additional information to process your request, depending upon the type of request and its sensitivity. If we determine the information provided is not sufficient for verification, additional questions may be asked to determine your identity. Navien may also require you to provide a written declaration to determine the validity of your identity.
You may submit a verifiable consumer request as often as you like; however, Navien is may charge a fee if a request is made more than once in a twelve (12) month period. You may change your mind and opt back in to personal information sales at any time by submitting a request to us at the web address above.
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
For all verifiable consumer requests, please allow up to 45 days of receipt of the request. Depending on the complexity and number of requests by a consumer, an extension of time (up to an additional 45 days) may be reasonably necessary. In such an event, Navien will inform the consumer of such extension within the initial 45-day response period along with the reason for the extension.
If Navien does not take action on the request of the consumer, it will inform the consumer, without undue delay and, at the latest, within 45 days after receipt of the request, of the reasons for not taking action and instructions for how to appeal the decision.
If a consumer wishes to appeal Navien’s decision, the consumer may request an appeal by sending an email to firstname.lastname@example.org. Please allow up to 45 days of receipt of the appeal for Navien’s response. Depending on the complexity and number of requests serving as the basis of the review, an extension of time (up to an additional 60 days) may be reasonably necessary to process the appeal. In such an event, Navien will inform the consumer of such extension within the initial 45-day response period to the appeal.
If a consumer has concerns about the results of an appeal, the consumer may contact the Colorado Attorney General.
If you have questions or concerns about our privacy policies or information practices, or to exercise the right to know, correct, limit, delete, opt-out or to submit any other verifiable consumer request, you (or your authorized representative) may submit a request to us by calling 800-519-8794 or by completing the online form located at https://www.navieninc.ca/contact.