CALIFORNIA PRIVACY NOTICE
This California Privacy Notice (“Notice”) supplements the information contained in Navien, Inc.’s Privacy Policy (https://www.navieninc.com/privacy) and applies solely to all consumers and households who reside in the State of California (“consumers” or “you”). Navien, Inc. (“Navien,” “we” or “us”) adopt this notice to comply with the California Consumer Privacy Act and California Privacy Rights Act (collectively, the “CCPA”). Any terms defined in the CCPA have the same meaning when used in this Notice.
I. PERSONAL INFORMATION WE COLLECT
Navien’s websites, including, without limitation, navien.com, navieninc.com, boilermadesmart.com, boilersmadesmart.com, comfort-mate.com, condensingsaves.com, gonavien.com, holehousecombi.com, navien.com.mx, navienliterature.com, navienmate.com, navienresources.com, navienrewards.com, naviensizing.com, tanklessmadesimple.com, wholehomeboiler.com, wholehomecombi.com, wholehouseboiler.com, wholehousecombi.com, wholehousecombis.com, and any other website that Navien owns or may own from time to time (collectively, “Website”) collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). Provided below are the categories of personal information and whether the Website has, for business purposes, collected personal information from its consumers within at least the last twelve (12) months:
• Category A: Identifiers – A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Collected – YES; Shared – YES
• Category B: Personal information categories listed in the California Customer Records statute. – A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories. Collected – YES; Shared – YES
• Category C: Protected classification characteristics under California or federal law. – Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Collected – NO; Shared – NO
• Category D: Commercial information. – Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Collected - YES; Shared – YES
• Category E: Biometric information. – Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. Collected - NO; Shared – NO
• Category F: Internet or other electronic network activity – Browsing history, search history, information regarding a consumer’s interaction with an internet website application, or advertisement. Collected - YES; Shared – YES
• Category G: Geolocation data – Physical location or movements. Collected - YES; Shared – YES
• Category H: Sensory data – Audio, electronic, visual, thermal, olfactory, or similar information. Collected - NO; Shared – NO
• Category I: Professional or employment-related information – Current or past job history or performance evaluations. Collected - NO; Shared – NO
• Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99) – Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Collected - NO
• Category K: Inferences drawn from other personal information – Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Collected – NO; Shared – NO
• Category L: Sensitive Personal Information (Civ. Code § 1798.140(ae)) – Social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation. Collected – YES; Shared – YES
Personal information does not include:
• Publicly available information from government records or lawfully obtained, truthful information that is a matter of public concern.
• Deidentified or aggregated consumer information.
• Information excluded from the CCPA’s scope, like:
o Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
o Personal information protected by other existing laws relating to consumers’ personal information that afford greater protections for consumers’ privacy than that provided by the CCPA.
II. SOURCES OF PERSONAL INFORMATION WE COLLECT
Navien obtains the foregoing categories of personal information from the following categories of sources:
• Directly from you (i.e., from forms you complete or products and services you purchase)
• Indirectly from you (i.e., from observing or logging your actions on our Website)
• From third-party vendors with whom Navien contracts
III. BUSINESS OR COMMERCIAL PURPOSES FOR USING PERSONAL INFORMATION
We may use or disclose the personal information and sensitive personal information we collect for one or more of the following business or commercial purposes:
We may need to collect and use some of the information listed below because we are either legally required to do so or because we need it to provide the requested services to you. If you do not provide the information that we ask for, we may not be able to provide you with the requested services. Some of our uses of your sensitive personal information, as listed below, are in addition to those provided by California law and are for lawful business purposes.
• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request service or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
• To provide, administer and communicate with you about products, services, events, surveys and promotions (including by sending you marketing communications);
• To provide our services to you (including access to website and/or platforms), to communicate with you (including send you administrative and contractual information, such as information regarding the terms and conditions, warranty policies or service contracts) and to provide you other customer-related services, such as handle your queries and complaints;
• To contact you in the event of a service notification for your registered appliance or to provide other notices concerning the safety of your appliance regardless of your stated privacy preferences;
• To process, evaluate and respond to your requests, inquiries and applications;
• To confirm and process your order, provide you with updates regarding your order, process returns and contact you concerning your order;
• To create, administer and communicate with you about your account (including any purchases and payments);
• To personalize your experience on the services by presenting products and offers tailored to you, and to facilitate social sharing functionality;
• To verify your identity to ensure security for the other purposes listed here;
• To operate, evaluate and improve our business (including improving or developing new products and services; managing our communications; performing market research; determining and managing the effectiveness of our advertising and marketing; analyzing our products, services and websites; administering our websites; and performing accounting, auditing, billing, reconciliation and collection activities);
• To protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality;
• To conduct investigations and comply with and enforce applicable legal requirements, industry standards and our policies and terms, such as this and other sites’ terms of use;
• To ensure the security of our network services, information resources and the safety of our products, services, employees and information.
• To create, maintain, customize, and secure your account, if any, with us.
• To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
• For testing, research, analysis, and product development, including to develop and improve our products, and services.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Navien’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Navien about our Website’s or services’ users is among the assets transferred.
• For other uses, as agreed between you and us.
IV. RETENTION
Navien will keep personal data about you for as long as it is necessary to fulfill the purposes for which we process it as described above in Section II, or for as long as necessary to comply with any legal obligations, and/or bring to or defend any legal claims. The criteria we use to determine data retention periods for personal data includes the following:
• Retention in case of queries; we will retain it for a reasonable period after the relationship between us has ceased;
• Retention in case of claims; we will retain it for the period in which it may be enforced; and
• Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain any additional period because of a legal or regulatory requirement.
• Under some circumstances we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose, including sharing it with utility companies, without further notice to you or your consent.
• If you would like further information about our data retention practices, please contact us.
V. PERSONAL INFORMATION SALES OPT-OUT AND OPT-IN RIGHTS AND OTHER CONSUMER REQUESTS
The CCPA provides California residents with the following privacy rights:
• Right to Know: Consumers have a right to request information about the personal information that we collect, use, disclose, and sell, and to whom.
• Right to Limit: Consumers have the right to request that we limit the use and disclosure of their sensitive personal information.
• Right to Delete: Consumers have a right to request the deletion of personal information that we have collected from them, though we may be permitted to retain personal information for certain purposes.
• Right to Correct: Consumers have the right to request that we correct inaccurate personal information that we maintain about the consumer.
• Right to Opt Out of Sales: We disclose your information to select third parties to enhance your experiences with us, to improve our ability to serve you, to keep you aware of our products, services, and offers, and to tailor the offers and promotions displayed to you online by select third party advertisers to your interests. California law may treat some of such disclosures as sales, and consumers have a right to direct us not to sell their personal information.
• Non-Discrimination: We may not discriminate against you for exercising your rights under the CCPA. We may, however, provide a different level of service or charge a different rate if the difference is reasonably related to the value of your information.
Navien does not sell, share rent or trade any personal information to third parties. Nonetheless, if you are 16 years of age or older, you have the right to know, correct, delete, or direct us not to sell your personal information at any time (the “right to opt-out”).
We do not sell or share the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. If you believe your personal information is inaccurate or incomplete, your rights allow you to correct this information.
To submit a verifiable consumer request, Navien requires that you provide the following information that will be used to verify your identity and process your request:
• First and last name
• Email address
• Postal address
• State of residence
Navien may require additional information to process your request, depending upon the type of request and its sensitivity. If we determine the information provided is not sufficient for verification, additional questions may be asked to determine your identity. Navien may also require you to provide a written declaration to determine the validity of your identity.
You may submit a verifiable consumer request as often as you like; however, Navien is not required to provide personal data to you more than twice in at least twelve (12) months. You may change your mind and opt back in to personal information sales at any time by submitting a request to us at the web address above.
ou do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
For all verifiable consumer requests, please allow 45 days for us to respond.
If you have questions or concerns about our privacy policies or information practices, or to exercise the right to know, correct, limit, delete, opt-out or to submit any other verifiable consumer request, you (or your authorized representative) may submit a request to us by calling 800-519-8794 or by completing the online form located at https://www.navieninc.com/contact.