Supplemental Privacy Policy
Supplemental Privacy Policy
Effective Date: January 1, 2020/ Updated June 28, 2024
Assistance for the Disabled
Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact [email protected] for assistance.
This Policy covers the following topics:
- Summary Of Personal Information That We Collect About You
- Sources Of Personal Information Collected
- Categories Of Personal Information Collected In The Last Twelve Months
- Business/Commercial Purposes For Our Use Of Personal Information
- Categories Of Third Parties To Whom We Have Disclosed Personal Information In The Last Twelve Months
- How Long We Keep Personal Information About You
- Your Rights And Choices
- Updates
SUMMARY OF PERSONAL INFORMATION THAT WE COLLECT ABOUT YOU
For individuals who are California residents, we have adopted this Supplemental Privacy Policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”), California Privacy Rights Act of 2020 (“CPRA”), and other California privacy laws, which require certain disclosures about the categories of personal information we collect, how we use them, the categories of sources from whom we collect personal information, and the third parties to whom we disclose it.
For individuals who are Virginia residents, this Supplemental Privacy Policy also complies with the Virginia Consumer Data Protection Act of 2021("VCDPA").
For individuals who are Colorado residents, this Supplemental Privacy Policy also complies with the Colorado Privacy Act ("CPA").
This Supplemental Privacy Policy is supplementary to the general privacy policy ("Privacy Policy") for Waste Connections and its subsidiaries and affiliates (collectively "Company"). All undefined capitalized terms used herein shall have the same meaning as set forth in the Privacy Policy. By using the Website, you consent to the collection and use of your "personal information" (as that term is defined below) as described in this Supplemental Privacy Policy.
Depending on how you interact with the Company, we may collect the following categories of information as summarized in the table below. This Supplemental Privacy Policy does not apply to personal information we collect from employees or job applicants in their capacity as employees or job applicants. It also does not apply to personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services. Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the scope of the CCPA, CPRA, VCDPA, and CPA, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (" HIPAA") and the California Confidentiality of Medical Information Act ("CMIA") or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act ("FRCA"), the Gramm-Leach-Bliley Act (" GLBA") or California Financial Information Privacy Act ("FIPA"), and the Driver's Privacy Protection Act of 1994.
SOURCES OF PERSONAL INFORMATION COLLECTED
All of the categories of personal information we collect about you (as detailed below) come from the following types of sources:
- From you or your representatives, including through your use of our services
- Automatically collected from you or your representatives
- Automatically through your or your representatives activity on our Website
- From our affiliates and subsidiaries
- From government entities, including the municipality where you reside
- From third parties that interact with us in connection with the services we provide
- Service providers, such as, analytics providers, IT, and system administration services
- Marketing/advertising companies, such as, social media platforms, consumer research companies and analytics
CATEGORIES OF PERSONAL INFORMATION COLLECTED IN THE LAST TWELVE MONTHS
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device ("personal information"). In particular, we have collected the following categories of personal information from consumers during the twelve (12) months prior to the Effective Date of this Supplemental Privacy Policy:
Category | Examples | Collected |
---|---|---|
A. Identifiers. | A name, signature alias, physical characteristics or description, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number or state identification card number, passport number, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. or other similar identifiers. | YES |
B. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
C. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
D. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
E. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | YES |
F. Geolocation data. | Physical location or movements. | YES |
G. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
H. Professional or employment-related information. | Current or past job history or performance evaluations. | NO |
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
J. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
SENSITIVE PERSONAL INFORMATION
We do collect sensitive personal information about you, but such sensitive personal information is used solely to service your account. In addition, we do not infer characteristics about you from the sensitive personal information.
BUSINESS/COMMERCIAL PURPOSES FOR OUR USE OF PERSONAL INFORMATION
All of the categories of personal information we collect about you (as detailed above) are used for the following purposes:
- Providing our services (for example, account servicing and maintenance, customer service, advertising and marketing, analytics, and communication about our services)
- Providing email alerts, event registrations, and other notices concerning our products or services, or other events or information that may be of interest to you
- To review your account history
- For our operational purposes, and the operational purposes of our service providers and integration partners
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us
- Improving our existing services and developing new services (e.g., by conducting research to develop new products or features)
- Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity
- Bug detection, error reporting, and activities to maintain the quality or safety of our services
- Auditing consumer interactions on our site (for example, measuring page views)
- Short-term, transient use, such as customizing content that we or our service providers display on the services
- Other uses that advance our commercial or economic interests, such as communicating with you about relevant offers
- Protecting the rights, property, or safety of us, you, or others
- In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of the Company or any of our subsidiaries or affiliates
- Reporting suspected criminal conduct to law enforcement and cooperate in investigations
- Exercise our rights under applicable law and supporting any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel
- Ensuring compliance with applicable laws and regulatory obligations
- Such other uses that we notify you about when collecting your personal information or otherwise
AGGREGATED AND DEIDENTIFIED INFORMATION
We may aggregate and/or deidentify information, use it internally, and disclose to third parties. Neither Aggregated Information nor Deidentified Information (defined below) is personal information.
- “Aggregated Information” refers to information about a group of individuals from which the individually identifiable information has been removed. An example of Aggregated Information would be the statistic that 20 people used our website’s contact form on a given day.
- “Deidentified Information” means information subjected to reasonable measures to ensure that the deidentified information cannot be associated with the individual. An example of Deidentified Information would be data point that an unidentified visitor first entered the Site through our main web page. We maintain Deidentified Information in a deidentified form and do not attempt to reidentify it, except that we may attempt to reidentify the information just to determine whether our deidentification processes function correctly. We prohibit vendors, by contract, from attempting to reidentify our Deidentified Information.
CATEGORIES OF THIRD PARTIES WITH WHOM WE HAVE SHARED PERSONAL INFORMATION IN THE LAST TWELVE MONTHS
We may disclose your personal information to a third party for a "business purpose" (as that term is defined in the CCPA). In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category | Examples | Categories of Third Parties with Whom We Share Personal Information |
---|---|---|
A. Identifiers. | Real name, postal address, email address, account name. |
|
B. Protected classification characteristics under California or federal law. | N/A | N/A |
C. Commercial information. | Records of services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
|
D. Biometric information. | N/A | N/A |
E. Internet or other similar network activity. | Information related to a user's interaction with our website and applications. |
|
F. Geolocation data. | Physical address location through RouteManager. |
|
G. Sensory data. | N/A | N/A |
H. Professional or employment-related information. | N/A | N/A |
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | N/A | N/A |
J. Inferences drawn from other personal information. | N/A | N/A |
HOW LONG WE KEEP PERSONAL INFORMATION ABOUT YOU
We retain your personal information for the duration of the customer relationship, if any. We also retain your personal information after our last interaction with you in accordance with our Records Retention Policy. We will retain personal information longer as necessary to comply with legal, administrative, or procedural requirements, for example, a litigation hold.
YOUR RIGHTS AND CHOICES
Subject to certain restrictions, California and Virginia residents have the right to request that we disclose what personal information we collect about you, to delete any personal information that we collected from or maintain about you, and to opt-out of the sale of personal information about you. As a California resident, you also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, including our means of verifying your identity. If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, please contact us either through our Privacy Request Form here or call us at 844-858-2240.
Accessing and Deleting Your Personal Information
- Right to request access to your personal information
California, Virginia, and Colorado residents have the right to request that we disclose what categories of personal information that we collect, use, disclose or sell about you. You may also request the specific pieces of personal information that we have collected about you. However, we may withhold some information where the risk to you, your personal information, or our business is too great to disclose the information.
- Right correct your personal information
You have the right to correct inaccuracies in the personal information about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
- Right to request deletion of your personal information
You may also request that we delete any personal information that we have collected from/about you. However, we may retain personal information as authorized under applicable law, such as personal information required as necessary to provide our services, protect our business and systems from fraudulent activity, to debug and identify errors that impair existing functionality, as necessary for us, or others, to exercise their free speech or other rights, comply with law enforcement requests pursuant to lawful process, for scientific or historical research, for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. We need certain types of information so that we can provide our services. If you ask us to delete it, you may no longer be able to access or use our services.
- How to exercise your access and deletion rights
California, Virginia, and Colorado residents may exercise their privacy rights by submitting your request to us either by calling us at 844-858-2240 or by using our Privacy Request Form here. You may not request access to your personal information more than twice in any twelve month period.
For security purposes, we may request additional information from you to verify your identity when you request to exercise your privacy rights so we can reasonably verify you are the person about whom we collected such personal information (or that person's authorized representative).
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and the extension period in writing. If you have an account with us, we will deliver our written response through your account. If you do not have an account with us, we will deliver our written response by mail or electronically as you so request. The response we provide will also explain the reasons we cannot comply with a request, if applicable, and how to appeal. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request.
When you utilize the online portal to (1) access information about personal information we have about you, (2) obtain a copy of specific pieces of personal information we obtained from you, (3) correct personal information about you, or (4) to delete personal information we have collected from you, we will ask that you verify your identity responding to a series of challenge questions. Once your identity is authenticated, the portal will require you to fill out a form with your name, phone number, email address and postal address, and then you must select the action to be taken.
If you wish to exercise any of these rights please contact us here or call us toll-free at 844-858-2240 and we will request additional information to perform identity verification where possible.
Targeted Advertising, Profiling, and Sales of Personal Information
California and Virginia residents may opt out of the "sale" of their personal information. The Company does not and will not "sell" your personal information as we understand that term to be defined by the CCPA, VCDPA, CPA, and their implementing regulations.
Likewise, the Company does not have actual knowledge that it “sells” or “shares” (discloses personal information to third parties for cross-context behavioral advertising) the personal information of individuals under the age of 16 years.
Non-Discrimination Rights
California, Virginia, and Colorado residents have the right to not be discriminated against for exercising their rights as described in this section. We will not discriminate against you for exercising your privacy rights.
Tracking Across Time and Different Sites
Our website tracks your online activities over time and across websites or online services on an individually identifiable basis. For example, we may serve you advertisements on other websites based on what appeared to interest you on our Site. We do not allow third parties to use our website to track your activities over time or across other websites.
Do Not Track Setting
Our website currently does not respond to web browser “do not track” (DNT) signals or other mechanisms that indicate your preference for having information collected over time and across different web sites following your visit to our website. DNT is a preference you can set in your browser’s settings to let the website you visit, including our website, know that you do not want the websites collecting your personal identifiable information. You can also visit https://allaboutdnt.com/ to learn more.
Updates to the California Privacy Policy
This Supplemental Privacy Policy may be revised periodically and we will post any revised version of this Supplemental Privacy Policy on our website, which revisions will be effective immediately upon being posted, unless otherwise stated therein. We encourage you to refer back to it on a regular basis.