Privacy Policy

Effective Date: 1/22/2025
Last Updated: 1/22/2026

TABLE OF CONTENTS

1. Introduction and Scope
2. Definitions
3. Information We Collect
4. How We Collect Information
5. How We Use Your Information
6. Legal Bases for Processing (EEA/UK Users)
7. How We Share Your Information
8. Our Role as Controller, Joint Controller, and Processor
9. Geolocation Data and Affirmative Consent
10. Marketing Communications and Consent Requirements
11. Artificial Intelligence and Automated Decision-Making
12. Cookies and Tracking Technologies
13. Third-Party Services and Links
14. Data Security and Incident Response
15. Data Retention and Deletion
16. International Data Transfers
17. Your Privacy Rights and Choices
18. State-Specific Privacy Rights and Disclosures
19. Children’s Privacy
20. Changes to This Privacy Policy
21. Contact Us and Data Protection Officer
22. Jurisdiction-Specific Addenda

---

1. INTRODUCTION AND SCOPE

1.1 Who We Are

This Privacy Policy is provided by Happy Camper Roadside LLC, a Nevada limited liability company with its principal place of business at 6543 South Las Vegas Boulevard, 2nd Floor, Las Vegas, Nevada 89119 (“Happy Camper,” “we,” “us,” or “our”). Happy Camper provides roadside assistance services, insurance brokerage services, technology platforms, and related services (collectively, the “Services”).

1.2 Purpose of This Policy

This Privacy Policy describes how Happy Camper collects, uses, discloses, stores, and otherwise processes personal information (also referred to as “personal data” or “personally identifiable information”) in connection with:

(a) Our roadside assistance services, including white-labeled services provided on behalf of third-party clients such as recreational vehicle manufacturers, dealers, and warranty providers;

(b) Our direct-to-consumer roadside assistance services;

(c) Our insurance brokerage and related financial services;

(d) Our technology platforms, including mobile applications, websites, and software-as-a-service offerings;

(e) Our business operations, customer service, and corporate functions; and

(f) Any other services we provide or may provide in the future.

1.3 Applicability

This Privacy Policy applies to all individuals whose personal information we collect, including:

• End Users: Individuals who use our roadside assistance services, whether directly or through a white-labeled service provided on behalf of a third-party client;
• Customers: Individuals or entities that purchase services from us;
• Website and App Visitors: Individuals who visit our websites or use our mobile applications;
• Business Contacts: Individuals employed by or associated with our business partners, vendors, clients, and other third parties with whom we conduct business;
• Job Applicants: Individuals who apply for employment with Happy Camper; and
• Other Individuals: Any other individual whose personal information we collect in connection with our business operations.

1.4 Multiple Roles

Happy Camper processes personal information in different capacities depending on the context:

As an Independent Data Controller: For our direct customers, website visitors, business contacts, and our own business operations;

As a Joint Data Controller: When we provide white-labeled services on behalf of third-party clients, we act as a joint data controller with those clients with respect to end user personal information;

As a Data Processor/Service Provider: When we process certain business data on behalf of our clients pursuant to data processing agreements.

These roles are described in detail in Section 8 below.

1.5 Consent to This Policy

By using our Services, visiting our websites, using our mobile applications, or otherwise providing personal information to us, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, disclosure, and processing of your personal information as described herein. If you do not agree with this Privacy Policy, you must not use our Services or provide us with your personal information.

1.6 Additional Terms and Policies

• Our Terms of Service
• Our Cookie Policy
• Any service-specific terms and conditions
• Any data processing agreements entered into with our clients
• In the event of a conflict, the terms of the other agreement shall control with respect to that agreement’s subject matter.

 

---

2. DEFINITIONS

For purposes of this Privacy Policy, the following terms have the meanings set forth below:

“Applicable Data Protection Laws” means all federal, state, provincial, and international laws, regulations, and regulatory guidance applicable to the processing of personal information, including without limitation: (i) the EU General Data Protection Regulation (“GDPR”) and UK GDPR; (ii) the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”); (iii) other U.S. state privacy laws enumerated in Section 18; (iv) the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and provincial privacy laws in Canada; (v) Quebec’s Law 25; (vi) the Gramm-Leach-Bliley Act (“GLBA”); (vii) the Telephone Consumer Protection Act (“TCPA”); (viii) the CAN-SPAM Act; (ix) Canada’s Anti-Spam Legislation (“CASL”); and (x) all other applicable privacy, data protection, and telecommunications laws.

“Business Associate” has the meaning set forth in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”).

“Consumer” means a natural person who is a resident of a state, province, or other legal jurisdiction, with applicable consumer privacy laws.

“Controller” (or “Data Controller”) means an entity that determines the purposes and means of processing personal information.

“Cross-Context Behavioral Advertising” means the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts.

“Data Subject” means an identified or identifiable natural person to whom personal information relates.

“Deidentified Information” means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer, provided that we: (i) take reasonable measures to ensure that such information cannot be associated with a consumer or household; (ii) publicly commit to maintain and use the information in deidentified form and not attempt to reidentify the information; and (iii) contractually obligate any recipients of the information to comply with all provisions of applicable law related to deidentified information.

“Personal Information” (also referred to as “Personal Data” or “Personally Identifiable Information”) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Personal Information includes, but is not limited to: identifiers such as name, address, email address, telephone number, account name, Social Security number, driver’s license number, passport number, or other similar identifiers; commercial information; biometric information; internet or other electronic network activity information; geolocation data; audio, electronic, visual, or similar information; professional or employment-related information; education information; and inferences drawn from any of the foregoing. Personal Information does not include publicly available information, deidentified information, or aggregate consumer information.

“Process” or “Processing” means any operation or set of operations performed on personal information or sets of personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Processor” (or “Service Provider” under California law) means an entity that processes personal information on behalf of a controller.

“Profiling” means any form of automated processing of personal information to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Pseudonymization” means the processing of personal information in such a manner that the personal information can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal information is not attributed to an identified or identifiable natural person.

“Sale” or “Sell” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.

“Sensitive Personal Information” means personal information that reveals: (i) a consumer’s social security, driver’s license, state identification card, or passport number; (ii) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (iii) a consumer’s precise geolocation; (iv) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (v) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; (vi) a consumer’s genetic data; (vii) personal information collected and analyzed concerning a consumer’s health; (viii) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation; or (ix) biometric information for the purpose of uniquely identifying a consumer. The specific definition of Sensitive Personal Information may vary by jurisdiction.

“Share” or “Sharing” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

“Targeted Advertising” means displaying advertisements to a consumer where the advertisement is selected based on personal information obtained from that consumer’s activities over time and across nonaffiliated websites or online applications to predict such consumer’s preferences or interests.

“Third Party” means a person or entity that is not: (i) the business that collects personal information from consumers; or (ii) a person to whom the business discloses a consumer’s personal information for a business purpose pursuant to a written contract.

 

---

3. INFORMATION WE COLLECT

We collect various categories of personal information depending on how you interact with our Services. The categories of personal information we collect include:

3.1 Identifiers and Contact Information

• Full name (first, middle, last)
• Alias, nickname, or username
• Postal address (including billing and shipping addresses)
• Email address
• Telephone number (including mobile phone number)
• Account name and account number
• Driver’s license number or state identification card number
• Passport number
• Vehicle identification number (VIN)
• License plate number
• Social Security number (for employment, background checks, or as required for certain financial services)
• Signature
• Date of birth
• Unique personal identifier or customer number
• Online identifier or device identifier
• Internet Protocol (IP) address

3.2 Demographic Information

• Age or age range
• Gender
• Marital status
• Nationality or citizenship status
• Language preferences
• Veteran status (for employment purposes)
• Disability status (for employment or service accommodation purposes)

3.3 Commercial Information

• Records of products or services purchased, obtained, or considered
• Service plan details, including type of roadside assistance coverage, coverage limits, deductibles, and coverage period
• Date of purchase or activation of service plan
• Purchase history and transaction records
• Payment information, including credit card number, debit card number, bank account information, and other financial account information (processed through secure third-party payment processors)
• Billing and shipping information
• Records of claims submitted, approved, or denied
• Service history, including dates, times, locations, and types of services provided
• Preferences regarding products or services

3.4 Geolocation Data

• Precise real-time GPS location coordinates (latitude and longitude)
• Approximate location derived from IP address
• Location history
• Breakdown location and tow-to destination
• Home address, work address, and frequently visited locations

3.5 Internet or Other Electronic Network Activity Information

• Browsing history, including websites visited before and after visiting our websites
• Search history within our Services
• Information regarding your interaction with our websites, mobile applications, or advertisements
• Clickstream data
• Pages viewed and time spent on pages
• Links clicked
• Features used within our mobile applications
• Error logs and diagnostic information
• Session recordings (aggregated and anonymized)

3.6 Device and Usage Information

• Device type (e.g., smartphone, tablet, computer)
• Device make and model
• Operating system and version
• Browser type and version
• Mobile network information, including carrier name
• Device settings and configurations
• Unique device identifiers (e.g., IMEI, UDID, advertising ID)
• Screen resolution and display settings
• Time zone settings
• Application version and build number
• Device memory and storage capacity
• Battery status

3.7 Communication and Interaction Data

• Customer service inquiries, requests, and correspondence
• Call recordings (with prior notice and consent as required by law)
• Chat transcripts, including chatbot interactions
• Text messages (SMS/MMS) sent to or received from us
• Email communications
• Survey responses and feedback
• Reviews and ratings you provide
• Photos, videos, or other media you submit to us (e.g., photos of vehicle damage)

3.8 Professional or Employment-Related Information

• Current or past job history
• Professional licenses and certifications (for independent service providers)
• Educational background
• Performance evaluations
• Employment references
• Background check results (with consent as required by law)
• Criminal history information (for employment or service provider qualification purposes, with consent and in compliance with applicable law)

3.9 Education Information

• Educational institution attended
• Degrees obtained
• Dates of attendance
• Transcripts (for employment purposes)

3.10 Inferences and Derived Data

• Inferences drawn from any of the above categories of personal information to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes
• Predictive analytics regarding service needs, likelihood of claims, customer lifetime value, churn risk, and fraud risk
• Risk scores and creditworthiness assessments (for insurance brokerage services)
• Customer segmentation and classification
• Service recommendations and personalized content

3.11 Audio, Electronic, Visual, or Similar Information

• Photographs submitted by you (e.g., vehicle photos, accident scene photos)
• Video recordings (e.g., dash cam footage, if provided by you)
• Audio recordings of customer service calls (with notice and consent)
• Voice recordings for voice-activated features (if applicable)

3.12 Protected Classification Characteristics

We do not intentionally collect protected classification characteristics such as race, ethnicity, religion, sexual orientation, or health information for roadside assistance services. However, such information may be incidentally captured in free-form text fields, communications, photographs, or other submissions. If you provide such information, it will be subject to this Privacy Policy and applicable law.

For insurance brokerage services, we may collect certain protected classification characteristics as permitted or required by law for underwriting, risk assessment, and compliance purposes.

3.13 Information About Others

• Emergency contacts
• Additional authorized drivers
• Co-applicants for insurance
• Beneficiaries
• Employees or contractors (if you are a business customer)

3.14 Sensitive Personal Information

• Precise Geolocation: We collect precise real-time GPS coordinates to dispatch roadside assistance to your exact location. This is considered Sensitive Personal Information under certain state laws.
• Account Credentials: We collect account login credentials, including username and password, which are encrypted and securely stored.
• Financial Account Information: For payment processing and insurance brokerage services, we may collect credit card numbers, bank account numbers, and other financial account information in combination with security codes or passwords. This information is processed through PCI-DSS compliant payment processors.
• Social Security Number: We may collect Social Security numbers for employment purposes, background checks, identity verification, fraud prevention, or as required for certain insurance and financial services.
• Driver’s License / State ID / Passport Number: We may collect government-issued identification numbers for identity verification, fraud prevention, or as required for certain services.
• Contents of Communications: We may process the contents of your emails, text messages, or other communications when you communicate with us for customer service or other purposes. We are the intended recipient of such communications.
• Health Information: For certain insurance brokerage services, we may collect health-related information as permitted by law. We do not collect health information for roadside assistance services unless you voluntarily provide it to us.
• We do not collect: Racial or ethnic origin (except incidentally), religious or philosophical beliefs, union membership, genetic data, biometric identifiers for unique identification, or information concerning sex life or sexual orientation.

4. HOW WE COLLECT INFORMATION

We collect personal information through various methods:

4.1 Information You Provide Directly

• Register for an account or create a user profile
• Purchase or activate a service plan
• Request roadside assistance through our mobile application, website, or customer service line
• Fill out forms, surveys, or questionnaires
• Apply for employment or a contractor position
• Sign up for newsletters, promotional emails, or text messages
• Participate in contests, sweepstakes, or promotions
• Submit reviews, ratings, feedback, or testimonials
• Contact customer service or technical support
• Interact with our chatbot or virtual assistant
• Upload photos, videos, or other content
• Communicate with us via email, text message, phone, mail, or social media
• Attend events, webinars, or training sessions
• Otherwise interact with our Services

4.2 Information Collected Automatically

• Device and Usage Information: As described in Section 3.6 and 3.5, we automatically collect information about your device, how you access and use our Services, and your interactions with our content.
• Location Information: With your consent, we automatically collect your precise geolocation when you use our mobile application to request roadside assistance. We may also derive your approximate location from your IP address.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, local storage, and similar tracking technologies to collect information about your browsing activities and preferences. See Section 12 for more information.
• Log Files: Our servers automatically record certain information in log files, including your IP address, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data.
• Analytics and Performance Monitoring: We use analytics tools to collect information about how our Services are used, including error rates, performance metrics, and user engagement statistics.

4.3 Information from Third Parties

• Business Partners and Clients: When you purchase or receive roadside assistance coverage from one of our white-label clients (e.g., an RV manufacturer, dealer, or warranty provider), they provide us with your personal information to enable us to provide services to you. This includes your name, contact information, VIN, service plan details, and eligibility information.
• Independent Service Providers (ISPs): Local tow truck operators, mobile mechanics, and other roadside assistance providers may provide us with information about the services they provided to you, including service completion confirmations, time stamps, and notes.
• Third-Party Service Providers: We work with third-party companies that provide dispatch coordination, payment processing, fraud prevention, identity verification, data enrichment, and other services. These companies may provide us with information necessary to deliver our Services.
• Data Brokers and Marketing Partners: We may obtain personal information from data brokers, marketing partners, or other third parties to supplement the information we collect, for purposes such as fraud prevention, identity verification, marketing analytics, and customer insights.
• Social Media Platforms: If you interact with us through social media platforms or use social media features integrated into our Services, we may receive information from those platforms, such as your profile information, friend lists, and content you’ve shared.
• Publicly Available Sources: We may collect information about you from publicly available sources, including public records, social media profiles, news articles, and other publicly accessible information.
• Insurance Partners: For our insurance brokerage services, we may receive information from insurance carriers, underwriters, and other partners.
• Credit Bureaus and Background Check Providers: For employment purposes, fraud prevention, or certain financial services, we may obtain information from credit bureaus, background check providers, or similar entities (with your consent as required by law).
• Government Agencies: We may receive information from government agencies as permitted or required by law.

4.4 Information from Other Users

• If another user adds you as an emergency contact or authorized user
• If another user refers you to our Services
• If another user mentions you in communications with us

---

5. HOW WE USE YOUR INFORMATION

We use your personal information for various business and commercial purposes as described below. The specific purposes for which we use your information depend on how you interact with our Services and the context in which we collected the information.

5.1 Providing and Delivering Services

• Process and fulfill service requests: Verify your eligibility, dispatch roadside assistance to your location, coordinate with independent service providers, track service status, and confirm service completion.
• Operate our platforms: Provide access to our mobile applications, websites, and technology platforms; authenticate users; maintain user accounts and profiles.
• Process transactions and payments: Process payments, billing, and invoices; prevent fraud and verify payment information; issue refunds or credits.
• Provide customer support: Respond to inquiries, requests, and complaints; troubleshoot technical issues; provide assistance with using our Services.
• Communicate with you: Send transactional communications such as service confirmations, appointment reminders, status updates, claims notifications, account alerts, and other Service-related messages.
• Manage claims and disputes: Adjudicate claims for benefits, resolve disputes, manage quality assurance processes, and investigate service issues or complaints.
• Coordinate with service providers: Share necessary information with independent service providers (ISPs) to enable them to provide services to you; manage our network of service providers.

5.2 Improving and Developing Services

• Analyze usage and performance: Understand how users interact with our Services, identify usage patterns and trends, measure the effectiveness of features, and identify areas for improvement.
• Conduct research and development: Develop new products, services, and features; test new functionality; conduct pilots and beta programs.
• Enhance user experience: Personalize content, recommendations, and features; optimize the user interface and user experience.
• Train and improve AI systems: Use personal information (in anonymized or aggregated form where possible) to train, test, and improve our AI systems, chatbots, predictive analytics algorithms, and other automated systems.
• Improve algorithms: Enhance dispatch algorithms, route optimization, fraud detection systems, risk assessment models, and other algorithmic processes.

5.3 Marketing and Promotional Activities

• Send marketing communications: Promotional emails, texts, direct mail, or other communications about services, features, offers and promotions.
• Personalize marketing: Tailor content and offers based on preferences, interests and service history.
• Conduct market research: Surveys, feedback and trend analysis.
• Advertise our Services: Targeted ads on our sites and third-party platforms (subject to consent where required).
• Analyze marketing effectiveness: Measure campaign performance and optimize channels.

5.4 Business Operations and Administration

• Maintain business records: Keep records of transactions, service history, communications, and other business activities.
• Conduct financial management and accounting: Process invoices, manage accounts receivable and payable, prepare financial statements, and conduct audits.
• Manage vendor and partner relationships: Onboard and manage relationships with business partners, vendors, contractors, and service providers.
• Administer employee and contractor relationships: Use personal information to recruit, hire, onboard, pay, manage, evaluate, and terminate employment or contractor relationships.
• Manage facilities and assets: Control physical and logistical access to our facilities, systems, and assets; manage equipment and inventory.
• Conduct training: Provide training to employees, contractors, and service providers.

5.5 Security, Fraud Prevention, and Safety

• Prevent fraud and abuse: Detect, investigate, and prevent fraudulent transactions, unauthorized access, identity theft, misuse of services, and other illegal or harmful activities.
• Authenticate and verify identity: Verify the identity of users, customers, service providers, and other individuals; prevent unauthorized account access.
• Protect against security threats: Monitor for and respond to security incidents, vulnerabilities, and threats; conduct security assessments and penetration testing.
• Enforce policies and terms: Enforce our Terms of Service, acceptable use policies, and other agreements; investigate violations of our policies.
• Protect rights and property: Protect our legal rights, property, and assets; protect the rights, property, and safety of our users and third parties.
• Ensure physical safety: In emergency situations, we may use location information and other personal information to coordinate with emergency services or locate individuals in need of assistance.

5.6 Legal Compliance and Legal Proceedings

• Comply with laws and regulations: Comply with applicable federal, state, provincial, and local laws, regulations, and regulatory guidance, including data protection, consumer protection, telecommunications, tax, and employment laws.
• Respond to legal process: Respond to subpoenas, court orders, law enforcement requests, government investigations, and other legal processes.
• Enforce legal rights: Establish, exercise, or defend legal claims; enforce our contracts and agreements.
• Conduct investigations: Investigate suspected violations of law or our policies.
• Fulfill regulatory requirements: Submit reports, filings, and other information to regulatory authorities as required.
• Manage litigation: Manage and defend litigation, arbitration, and other legal proceedings.

5.7 Analytics and Business Intelligence

• Analyze business performance: Measure and analyze key performance indicators, revenue, profitability, customer acquisition costs, customer lifetime value, and other business metrics.
• Segment customers: Group customers into segments based on characteristics, behavior, preferences, and other factors for analysis and decision-making.
• Conduct predictive analytics: Use statistical models and machine learning to predict future outcomes, such as likelihood of claims, customer churn risk, service demand forecasting, and risk assessment.
• Generate insights: Derive insights from data to inform business strategy, product development, pricing, marketing, and operations.
• Create aggregated and anonymized data: Aggregate and anonymize personal information to create statistical information, reports, and data sets that do not identify individuals.

5.8 Insurance and Financial Services

For our insurance brokerage and related financial services, we use your personal information to:

Provide insurance quotes: Evaluate your eligibility for insurance products, calculate premiums, and provide quotes.

Process insurance applications: Submit applications to insurance carriers on your behalf; coordinate underwriting and approval processes.

Service insurance policies: Assist with policy administration, renewals, endorsements, cancellations, and claims.

Assess risk: Evaluate risk factors for underwriting and pricing purposes; conduct credit checks and background checks where permitted by law and with your consent.

Comply with insurance regulations: Comply with state insurance laws, licensing requirements, and regulatory reporting obligations.

5.9 Joint Controller Activities

When we act as a joint controller with our white-label clients, we use your personal information for the joint purposes described in Section 8, including program administration, service delivery, claims processing, reporting, and analytics.

5.10 Other Purposes

We may also use your personal information for other purposes that are disclosed to you at the time of collection or with your consent.

5.11 Aggregated and Deidentified Information

We may aggregate, anonymize, or de-identify personal information so that it can no longer reasonably be used to identify you. We may use and disclose such aggregated, anonymized, or deidentified information for any purpose and without restriction, including for research, analytics, reporting, benchmarking, and other commercial purposes. We maintain and use aggregated and deidentified information in deidentified form and will not attempt to reidentify such information, except as permitted by law to test our deidentification processes.

 

---

6. LEGAL BASES FOR PROCESSING (EEA/UK USERS)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR), UK GDPR, or Swiss Federal Act on Data Protection (FADP) requires us to have a legal basis for processing your personal data. Our legal bases for processing your personal data include:

6.1 Contractual Necessity

Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract. This includes:

Providing roadside assistance services to you

Processing your service requests and claims

Managing your account

Processing payments

Communicating with you about services you’ve requested

6.2 Legitimate Interests

Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

Operating and improving our business and Services

Fraud prevention and security

Network and information security

Protecting our legal rights and property

Conducting analytics and research

Marketing our Services to existing customers (where permitted without consent)

Managing vendor and partner relationships

Internal administration and record-keeping

We conduct balancing tests to ensure that our legitimate interests do not override your rights and freedoms.

6.3 Legal Obligation

Processing is necessary to comply with a legal obligation to which we are subject, such as:

Complying with tax, accounting, and regulatory requirements

Responding to lawful requests from law enforcement or regulatory authorities

Maintaining records as required by law

Complying with court orders and legal processes

6.4 Consent

We have obtained your explicit consent to process your personal data for specific purposes. This includes:

Processing precise geolocation data

Sending marketing communications (where consent is required)

Using cookies and similar tracking technologies (where consent is required)

Processing special categories of personal data (if applicable)

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6.5 Vital Interests

Processing is necessary to protect the vital interests of you or another natural person. This may include emergency situations where processing is necessary to protect life or physical safety.

6.6 Public Interest

In certain limited circumstances, processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

 

---

7. HOW WE SHARE YOUR INFORMATION

We share your personal information with third parties in the circumstances described below. We do not “sell” or “share” personal information as those terms are defined under the CCPA and other state privacy laws, except as disclosed in Section 18.

7.1 Service Providers and Subprocessors

• Technology and Infrastructure Providers: Cloud hosting and storage, SaaS platforms, CDNs, databases, application development, IT support.
• Dispatch and Service Coordination: Dispatch platforms, network management, GPS and mapping, route optimization.
• Payment Processing: Payment processors, gateways, ACH, PCI-DSS compliant providers, fraud detection.
• Communications: Email providers, SMS platforms, CRM, call center and telephony, video conferencing, chatbot platforms.
• Analytics and Business Intelligence: Web/mobile analytics, data visualization, BI tools, marketing analytics providers.
• Customer Support: Help desk, ticketing systems, knowledge base platforms.
• Marketing and Advertising: Email marketing, automation tools, advertising networks, social platforms, affiliate platforms.
• Security and Fraud Prevention: Identity verification, threat intelligence, background check providers, cybersecurity vendors.
• Professional Services: Legal, accounting, consulting, insurance brokers.
• Human Resources and Employment: Payroll, benefits administration, recruiting, background screening, training systems.

7.2 Independent Service Providers (ISPs)

• Your name and contact phone number
• Your vehicle location (GPS coordinates)
• Your vehicle information (make, model, VIN, license plate)
• Service request details (type of service needed, breakdown description)
• Tow destination (if applicable)
• Any special instructions or notes

7.3 Joint Controllers and White-Label Clients

• Program administration: Managing eligibility, service plan details, coverage limits, and program terms.
• Service delivery and coordination: Ensuring seamless delivery of services to you.
• Claims processing and adjudication: Processing and adjudicating claims under the service plan.
• Reporting and analytics: Providing reports on service usage, claims activity, customer satisfaction, and program performance.
• Customer relationship management: Enabling the client to manage their relationship with you.
• Quality assurance and dispute resolution: Investigating and resolving service issues, complaints, and disputes.
• Marketing and communications: Coordinating marketing and customer communications (with appropriate consents).

7.4 Business Partners

We may share personal information with business partners for joint marketing initiatives, co-branded offerings, or other collaborative business purposes, including:

RV manufacturers and dealers

Insurance carriers and underwriters (for our insurance brokerage services)

Financial institutions

Warranty providers

Membership organizations

Affinity groups and associations

When we share personal information with business partners, we require them to comply with applicable data protection laws and to use the information only for authorized purposes.

7.5 Corporate Affiliates

We may share personal information with our parent company, subsidiaries, affiliates, and other entities under common control or ownership for the purposes described in this Privacy Policy, including:

Providing and improving Services

Business operations and administration

Marketing (subject to applicable consent requirements)

Internal analytics and reporting

Shared technology infrastructure and platforms

All corporate affiliates are required to comply with this Privacy Policy and applicable data protection laws.

7.6 In Connection with Business Transactions

We may share or transfer personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, divestiture, dissolution, bankruptcy, or other business transaction or restructuring. In such transactions:

We will require the acquiring or successor entity to honor this Privacy Policy or provide notice of changes

We will comply with applicable data protection laws regarding transfers of personal information

We may share personal information with prospective buyers, investors, advisors, and other parties involved in the transaction, subject to confidentiality obligations

7.7 Legal Requirements and Protection of Rights

We may disclose personal information if we believe in good faith that such disclosure is necessary to:

Comply with Legal Obligations:

Comply with applicable laws, regulations, legal processes, or enforceable governmental requests

Respond to subpoenas, court orders, warrants, or other legal process

Cooperate with law enforcement, regulatory authorities, or other government agencies

Comply with national security or law enforcement requirements

Enforce Our Rights:

Enforce our Terms of Service, this Privacy Policy, and other agreements

Investigate and respond to potential violations of our policies

Protect our legal rights, property, and interests

Protect Safety and Security:

Protect the rights, property, or safety of Happy Camper, our users, employees, or the public

Detect, prevent, or address fraud, security, or technical issues

Respond to emergency situations that threaten the health or safety of any person

When we receive legal process seeking personal information, we will review the request for legal sufficiency and may object to overly broad or inappropriate requests. We will notify affected individuals of legal demands for their personal information when appropriate and legally permissible, unless prohibited by law or court order or when the request involves imminent harm.

7.8 With Your Consent or at Your Direction

We may share personal information with third parties when you provide consent or direct us to do so, including:

When you authorize third-party applications or integrations to access your account

When you participate in joint promotions or offerings with third parties

When you post content to public areas or social media

When you direct us to share information with specific third parties

7.9 Aggregated and Deidentified Information

We may share aggregated, anonymized, or deidentified information that does not identify you personally with third parties for any purpose, including:

Industry benchmarking and reports

Market research and analysis

Academic research

Business intelligence and analytics

Marketing and promotional purposes

Such information is not considered personal information and is not subject to the restrictions in this Privacy Policy.

7.10 Public Disclosure

Certain features of our Services may allow you to post content, reviews, ratings, or other information that may be publicly visible. Any information you post to public areas will be accessible by other users and the general public. We cannot control how others may use information you post publicly. Please exercise caution when posting personal information to public areas.

7.11 Social Media Platforms

If you interact with us through social media platforms or use social media features integrated into our Services, information you post or share may be visible to other users of those platforms according to the platforms’ privacy settings and policies. We may also receive information from social media platforms as described in Section 4.3.

7.12 Data Transfers for International Operations

We operate globally and may transfer personal information to recipients in countries other than your country of residence, including the United States and Canada. See Section 16 for information about international data transfers and safeguards.

 

---

8. OUR ROLE AS CONTROLLER, JOINT CONTROLLER, AND PROCESSOR

Happy Camper processes personal information in different legal capacities depending on the context. This section explains our different roles and responsibilities.

8.1 Happy Camper as Independent Data Controller

• Direct-to-Consumer Services: Individuals who purchase roadside assistance directly from Happy Camper (not through a white-label client).
• Website and Corporate Operations: Visitors to corporate websites, business contacts, vendors, prospective customers.
• Employment and Recruiting: Job applicants, employees, contractors, and other work-related individuals.
• Marketing and Analytics: Our own marketing initiatives, customer analytics, and related activities.
• Insurance Brokerage Services: Individuals using our insurance brokerage services (controller or co-controller as applicable).
• Technology Development: Use of data to develop, train, and improve proprietary technology, algorithms, and AI systems (subject to contractual and legal limits).

8.2 Happy Camper as Joint Data Controller

• Examples of White-Label Client Arrangements:
  • RV manufacturers
  • RV dealers and dealer networks
  • Vehicle warranty providers
  • Membership organizations
  • Other entities offering roadside assistance powered by Happy Camper
• Joint Controller Responsibilities:
  • Client’s Responsibilities:
    • Collect end user personal information at point of sale/enrollment
    • Determine eligibility and manage customer relationship and billing
    • Provide privacy notices at point of sale and handle certain rights requests
  • Happy Camper’s Responsibilities:
    • Operate and maintain the white-labeled platform
    • Collect dispatch/location data and select/dispatch ISPs
    • Adjudicate claims, conduct QA, provide reporting and analytics
    • Serve as primary coordinator for data subject rights requests and maintain security measures
• Data Subject Rights Under Joint Controller Arrangements:
  • Data subjects may exercise rights against either controller.
  • Happy Camper coordinates responses and both parties cooperate to comply with legal timeframes.

8.3 Happy Camper as Data Processor/Service Provider

• When We Act as Processor:
  • Client business data (dealer contact lists, employee rosters)
  • Custom technology services performed under service agreements
• As a Processor/Service Provider, We:
  • Process personal information only per documented controller instructions
  • Do not use data for our own purposes, nor sell/share personal information
  • Implement security measures required by the controller and law
  • Assist controllers with rights requests and incident notifications
  • Delete or return data at end of the service relationship
• Terms: Specific processor terms are set in data processing agreements with each client.

8.4 Summary Table

Context	Happy Camper’s Role	Key Responsibilities
Direct-to-consumer roadside services	Independent Controller	Sole responsibility for all processing
Corporate website, marketing, HR	Independent Controller	Sole responsibility for all processing
White-label roadside services for end users	Joint Controller with Client	Shared responsibilities as described in 8.2
Client business data (non-end users)	Processor/Service Provider	Process only on client’s instructions
Custom technology services	Processor/Service Provider	Process only on client’s instructions

 

---

9. GEOLOCATION DATA AND AFFIRMATIVE CONSENT

9.1 Collection of Precise Geolocation Data

Our Services collect and process precise real-time geolocation data (GPS coordinates, latitude and longitude) from your mobile device when you use our mobile application to request roadside assistance. This geolocation data is considered Sensitive Personal Information under certain state privacy laws.

9.2 Purposes for Collecting Geolocation Data

• Dispatching assistance to your exact location: We share your GPS coordinates with the nearest available independent service provider (ISP) so they can locate you and provide assistance.
• Route optimization: We use location data to calculate optimal routes and estimated arrival times for service providers.
• Service coordination: We track the location of service providers en route to you and provide you with status updates.
• Service verification: We use location data to confirm that services were provided at the correct location.
• Safety and security: In emergency situations, we may use location data to coordinate with emergency services or to locate individuals in need of urgent assistance.
• Analytics and improvement: We use aggregated and anonymized location data to analyze service demand patterns, optimize our service provider network, and improve dispatch efficiency.

9.3 Affirmative Consent Required

IMPORTANT: We will not collect, use, or share your precise geolocation data without your affirmative consent.

How We Obtain Consent:

When you first download and open our mobile application, you will be presented with:

Device-Level Permission: Your mobile device operating system (iOS or Android) will prompt you to grant location permission to the Happy Camper app. You must grant “Allow While Using App” or “Allow Once” permission for the app to access your location.

In-App Consent: In addition to device-level permission, our app will display a consent screen explaining:

What location data we collect

How we use location data

With whom we share location data

Your right to withdraw consent

You must affirmatively accept this consent (e.g., by clicking “I Agree” or checking a consent box) before the app will collect your location data.

Ongoing Permission:

Each time you use the app to request roadside assistance, your device will use your location. By initiating a service request, you confirm your ongoing consent to share your location for that specific service request.

9.4 Withdrawing Consent

• Device Settings — iOS: Settings > Privacy & Security > Location Services > Happy Camper > Select “Never” or “Ask Next Time”.
• Device Settings — Android: Settings > Location > App Permissions > Happy Camper > Select “Don’t Allow” or “Ask Every Time”.
• In-App Settings: Settings > Privacy > Location Services and toggle location sharing off.
• Contacting Us: Contact our Data Protection Officer to withdraw consent (see Section 21).

• Consequences of Withdrawing Consent: We will not be able to automatically dispatch assistance; you must provide address/coordinates manually; response times may increase; some app features may not function properly. Withdrawal does not affect prior lawful processing.

9.5 Retention of Location Data

We retain your precise geolocation data for the following periods:

Active Service Requests: Location data is retained in real-time during active service requests and for up to 24 hours after service completion.

Service History: Location data associated with completed service requests is retained for up to 3 years for record-keeping, claims processing, dispute resolution, and legal compliance purposes.

Aggregated Analytics: We may retain aggregated, anonymized location data indefinitely for analytics purposes. This data cannot be used to identify you personally.

After these retention periods, we securely delete precise geolocation data or anonymize it so it can no longer be linked to you.

9.6 Sharing of Location Data

We share your precise geolocation data only with:

Independent Service Providers (ISPs): We share your GPS coordinates with the specific ISP dispatched to assist you so they can navigate to your location.

Third-Party Dispatch Platform: We use a third-party service provider to manage dispatch operations, which may temporarily process your location data to facilitate service delivery.

Emergency Services: In emergency situations, we may share your location with 911, police, fire, or medical services if necessary to protect health or safety.

We do not sell, share for advertising purposes, or otherwise disclose your precise geolocation data to third parties except as described above or with your explicit consent.

9.7 Security of Location Data

Location data transmitted from your device to our servers is encrypted using industry-standard TLS 1.2 or higher encryption. Location data stored on our servers is encrypted at rest using AES 256-bit encryption. Access to location data is restricted to authorized personnel on a need-to-know basis.

9.8 Location Data for Minors

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect geolocation data from minors. If you are a parent or guardian and believe we have collected location data from a minor, please contact us immediately.

9.9 State-Specific Location Privacy Rights

California Residents: You have the right to limit our use and disclosure of your precise geolocation data under the CCPA. See Section 18.1 for California-specific rights.

Other State Residents: Residents of certain other states have similar rights regarding geolocation data. See Section 18 for state-specific disclosures.

 

---

10. MARKETING COMMUNICATIONS AND CONSENT REQUIREMENTS

10.1 Types of Marketing Communications

• Email Marketing: Promotional emails about features, offers, discounts, contests, surveys, etc.
• Text Message Marketing (SMS/MMS): Promotional texts; message/data rates may apply.
• Direct Mail: Physical promotional mail.
• Telephone Marketing: Promotional calls (where permitted and with consent).
• Push Notifications: Mobile app promotional notifications (if enabled).
• In-App Messages: Messages inside the mobile app promoting features or offers.

10.2 United States Marketing Consent Requirements

• TCPA Compliance — Obtaining Prior Express Written Consent: Clear disclosure, affirmative mechanism (checkbox, I Agree), disclosure that consent is not a condition of purchase.
• TCPA — Consent Content: State you agree to receive marketing messages, message/data rates may apply, frequency of messages, how to opt out (e.g., “STOP”).
• TCPA — Recordkeeping & Opt-Out: Maintain consent records for 4 years; honor opt-outs within 10 business days; maintain Do Not Call list; calling time restrictions apply.
• CAN-SPAM Compliance: No false headers, no deceptive subject lines, identify ads where required, include physical address, provide clear unsubscribe mechanism, honor opt-outs within 10 business days.

10.3 Canadian Marketing Consent Requirements

For individuals located in Canada, we comply with Canada’s Anti-Spam Legislation (CASL), which governs commercial electronic messages (CEMs), including email and text messages.

Canada’s Anti-Spam Legislation (CASL):

Express Consent Required: We obtain express consent before sending commercial electronic messages to Canadian residents. Express consent means you have clearly and explicitly agreed to receive messages.

Consent Mechanism: We obtain consent through:

A clear request for consent

A description of why we are seeking consent and what messages you will receive

An easy-to-use mechanism to provide consent (checkbox, button, etc.)

Information about how to withdraw consent

Identification and Contact Information: Every CEM clearly identifies Happy Camper as the sender and includes our contact information (mailing address and either a telephone number, email address, or web address).

Unsubscribe Mechanism: Every CEM includes a clear and prominent unsubscribe mechanism that:

Is easy to use

Does not require payment

Allows you to unsubscribe at no cost and without providing additional information

Is valid for at least 60 days after the message is sent

Honoring Unsubscribe Requests: We honor unsubscribe requests within 10 business days.

Record keeping: We maintain records of consent for Canadian recipients, including when, how, and from whom consent was obtained.

Double Opt-In for Text Messages:

For text message marketing to Canadian residents, we implement a double opt-in process:

Initial Consent: You provide initial consent through our website, app, or other method.

Confirmation Message: We send a confirmation text message asking you to reply with a specific keyword (e.g., “YES”) to confirm you want to receive marketing texts.

Verified Consent: Only after you respond with the confirmation keyword do we begin sending marketing text messages.

This double opt-in process ensures clear, verifiable consent as required by CASL.

10.4 How to Provide Consent

You can provide consent to receive marketing communications through:

Account Registration: When creating an account, you may check a box to opt in to marketing communications.

Preference Center: You can manage your communication preferences in your account settings or preference center.

Promotional Sign-Up: You may sign up for newsletters, promotions, or special offers through forms on our website or app.

In-Store or Event Sign-Up: You may provide consent when signing up for services at events, dealerships, or other locations.

Text Message Opt-In: For text message marketing, you may text a keyword (e.g., “HAPPYCAMPER”) to a short code to opt in.

In all cases, consent is:

Freely Given: Providing consent is voluntary and not a condition of using our Services (unless the communication is necessary for service delivery).

Specific: Consent is obtained for specific types of communications.

Informed: We clearly explain what you’re consenting to before you provide consent.

Unambiguous: Consent requires a clear affirmative action (pre-checked boxes do not constitute valid consent).

10.5 How to Opt Out of Marketing Communications

You may opt out of marketing communications at any time using the following methods:

Email Marketing:

Click the “Unsubscribe” link at the bottom of any marketing email

Visit your account preference center and adjust email preferences

Reply to any marketing email with “UNSUBSCRIBE” in the subject line

Contact us at

Text Message Marketing:

Reply “STOP,” “UNSUBSCRIBE,” “CANCEL,” “END,” or “QUIT” to any marketing text message

Visit your account preference center and disable text message marketing

Contact us at

Telephone Marketing:

Tell the caller you wish to be placed on our Do Not Call list

Contact us at 833-243-0349 or

Push Notifications:

Disable push notifications in your device settings or app settings

Direct Mail:

Contact us at and request to be removed from our mailing list

All Marketing:

Contact us at and request to opt out of all marketing communications

Processing Time: We will process your opt-out request within 10 business days. You may receive messages already in progress during this time.

Effect of Opting Out:

Opting out of marketing communications does not affect transactional or service-related messages (e.g., service confirmations, account alerts, legal notices)

Opting out of one type of communication (e.g., email) does not automatically opt you out of other types (e.g., text messages) unless you request to opt out of all marketing

Opting out does not affect our processing of your personal information for non-marketing purposes

10.6 Transactional vs. Marketing Communications

Transactional Communications (No Consent Required): We may send you transactional or service-related communications without your consent, as these are necessary for providing Services. Transactional communications include:

Service confirmations and appointment notifications

Status updates for active service requests

Claims processing updates

Account notifications and security alerts

Password reset and verification messages

Responses to your inquiries

Legal notices and policy updates

Payment confirmations and receipts

Service satisfaction surveys related to a specific service you received

You cannot opt out of transactional communications as they are essential for service delivery and account management.

Marketing Communications (Consent Required): Marketing communications promote our Services, features, offers, or content and require your consent (where applicable). These include:

Promotional offers and discounts

New feature announcements (not related to services you’re actively using)

Newsletters and content marketing

Contests and sweepstakes

General surveys not related to a specific service

Cross-selling and upselling messages

Referral program invitations

10.7 Third-Party Marketing

We do not sell or rent your personal information to third parties for their own marketing purposes. We do not allow third parties to send you marketing communications on their own behalf using contact information obtained from Happy Camper.

However, we may partner with third parties for joint marketing initiatives. In such cases:

We will clearly disclose the partnership

We will obtain your consent for the specific joint marketing initiative

The third party will be contractually prohibited from using your information for other purposes

You can opt out of the joint marketing at any time

 

---

11. ARTIFICIAL INTELLIGENCE AND AUTOMATED DECISION-MAKING

11.1 Use of Artificial Intelligence

Happy Camper uses artificial intelligence (AI), machine learning, and automated systems in various aspects of our Services. This section describes our AI systems, how they work, and your rights related to automated decision-making.

11.2 Types of AI Systems We Use

• Customer Service Chatbots: Answer FAQs, navigate the app, triage inquiries, route to humans; NLP-powered and subject to QA review.
• Predictive Analytics: Service demand forecasting, risk assessment, churn prediction, route optimization, pricing optimization.
• Fraud Detection: Identify fraudulent requests, detect unusual patterns, flag for review.
• Dispatch Optimization: Match requests with qualified ISPs, optimize dispatch decisions, balance workload.
• Content Personalization: Personalize app content, recommendations and marketing (subject to consent).
• Training and Improvement: Use anonymized/aggregated data when possible to train models and improve performance.

11.3 Data Used to Train AI Systems

• Historical Service Data: Past service requests, claims data, provider performance, satisfaction ratings.
• Interaction Data: Chatbot conversations, app usage, search queries, navigation paths.
• Anonymized and Aggregated Data: Remove identifiers when feasible; use pseudonymous data where necessary.
• Third-Party Data: Industry benchmarks and supplemental datasets from vendors.

11.4 Automated Decision-Making

• Solely Automated Decisions:
  • Chatbot responses: automated replies to common questions.
  • Fraud flags: automatic flags that trigger further review (final decisions by humans).
  • Dispatch matching: automatic matching of requests to providers based on rules and availability.
• Decisions with Human Involvement:
  • Claims adjudication: system recommendations reviewed by human adjusters.
  • Account actions: suspensions/terminations involve human review.
  • Complex customer service: escalated to human agents when needed.
  • Insurance risk assessment: AI assists but underwriting decisions involve human approval.

11.5 Your Rights Regarding Automated Decision-Making

• Right to Human Review:
  • You may request human review of decisions made solely by automated systems that have legal or similarly significant effects.
  • How to request: Contact our Data Protection Officer; explain the decision; provide supporting information.
  • Timeline: We will respond within the timeframe required by applicable law (typically 45 days for U.S. residents, 30 days for EEA/UK residents).
• Right to Explanation:
  • Upon request we will provide meaningful information about the logic, factors considered, and how to contest the decision.
  • We may withhold proprietary algorithm details where disclosure would harm system security or trade secrets.
• Right to Opt Out (State-Specific):
  • Residents of certain states may opt out of profiling that produces legal or similarly significant effects. See Section 18 for details.
• Right to Contest:
  • If you believe an automated decision was in error, you may contest it, provide additional information, request correction, and request human review.

11.6 Safeguards for AI Systems

• Bias Testing and Mitigation:
  • Regular bias testing across protected characteristics
  • Use diverse training datasets and monitor for disparate impact
  • Adjust models when bias is detected
• Accuracy and Quality Assurance:
  • Validate model accuracy with test datasets
  • Monitor real-world performance and conduct periodic audits
  • Retrain models when accuracy degrades
• Human Oversight:
  • Significant decisions undergo human review
  • Escalation mechanisms and human override capabilities
  • Maintain human accountability for AI outcomes
• Transparency and Explainability:
  • Design interpretable systems where possible
  • Document data used and system logic at a high level
  • Provide information to users about AI usage and respond to inquiries
• Data Minimization:
  • Limit personal information used by AI to what is necessary
  • Prefer anonymized/aggregated data when feasible
  • Apply privacy-by-design in development
• Security:
  • Store models and training data securely with encryption and access controls
  • Protect against adversarial attacks and monitor for unauthorized access
• Data Protection Impact Assessments (DPIAs):
  • Conduct DPIAs for AI systems posing privacy risks (automated decisions with significant effects, large-scale sensitive processing, systematic monitoring)

11.7 AI Limitations and Inaccuracies

“Hallucinations” and Errors: AI systems, particularly chatbots and natural language processing systems, may occasionally produce inaccurate, incomplete, or misleading information (sometimes called “hallucinations”). This can occur when:

The system does not have sufficient information to answer a question

The system misinterprets a query

The training data contained errors or biases

The system extrapolates beyond its actual knowledge

User Responsibility: You should:

Verify important information provided by chatbots or AI systems

Use critical judgment when relying on AI-generated content

Contact a human customer service agent for important decisions or complex matters

Report inaccuracies so we can improve our systems

No Warranties: We do not warrant or guarantee the accuracy, completeness, or reliability of AI-generated content or decisions. AI systems are provided “as is” subject to the limitations in our Terms of Service.

11.8 Third-Party AI Systems

We may use AI systems and tools provided by third-party vendors, including:

Cloud-based AI services (e.g., natural language processing APIs)

Analytics and business intelligence platforms with AI features

Fraud detection services

Customer service platforms with AI-powered features

When we use third-party AI systems:

We select vendors that comply with applicable data protection laws

We enter into data processing agreements with vendors

We require vendors to implement appropriate security and privacy safeguards

We remain responsible for compliance with this Privacy Policy

11.9 Future AI Development

As AI technology evolves, we may implement additional AI systems and capabilities. Material changes to our use of AI that affect your rights will be communicated through updates to this Privacy Policy and, where required by law, through direct notice to affected individuals.

 

---

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website or use an application. Cookies allow the website or app to recognize your device and remember information about your visit, such as your preferences, login status, and browsing activity.

12.2 Types of Cookies and Tracking Technologies We Use

• First-Party Cookies: Set by Happy Camper directly on our websites and applications.
• Third-Party Cookies: Set by third-party service providers, advertising networks, analytics providers, and other partners who provide services on our behalf or integrate their tools into our Services.
• Session Cookies: Temporary cookies that expire when you close your browser or app. These are used to maintain your session while you navigate our Services.
• Persistent Cookies: Remain on your device for a set period or until you delete them. These remember your preferences across multiple visits.
• Strictly Necessary Cookies: Essential cookies required for our Services to function properly. These cannot be disabled without severely affecting the functionality of our Services.
• Performance and Analytics Cookies: Cookies that collect information about how visitors use our Services, such as which pages are visited most often, how long users stay on pages, and error messages. This information is aggregated and used to improve our Services.
• Functionality Cookies: Cookies that remember your choices and preferences (such as language preference, location, or username) to provide enhanced, personalized features.
• Targeting and Advertising Cookies: Cookies that track your browsing activity across websites to build a profile of your interests and display relevant advertisements. These are primarily set by third-party advertising networks.
• Other Tracking Technologies:In addition to cookies, we use:

  Web Beacons (Pixels): Tiny graphics embedded in emails and web pages that allow us to track whether content has been viewed or clicked.

  Local Storage: HTML5 local storage and similar technologies that store data locally on your device.

  SDKs (Software Development Kits): Code libraries integrated into our mobile applications that collect usage data and enable third-party services.

  Device Fingerprinting: Techniques that combine multiple device and browser characteristics to create a unique identifier for your device.

12.3 Purposes for Using Cookies

• Essential Functions: Authenticating users and maintaining login sessions, remembering items in your shopping cart or service requests in progress, detecting and preventing fraud and security threats, load balancing and ensuring platform stability, enabling core features and functionality.
• Performance and Analytics: Measuring website and app performance, understanding how users navigate our Services, identifying technical errors and issues, conducting A/B testing of features, generating aggregate statistics and reports.
• Personalization: Remembering your preferences and settings, providing language-appropriate content, customizing your user interface, offering personalized recommendations.
• Marketing and Advertising: Measuring the effectiveness of marketing campaigns, serving targeted advertisements based on your interests, retargeting users who have visited our website, tracking conversions and attribution, building audience segments for advertising.

12.4 Specific Cookies We Use

Cookie Name	Type	Purpose	Duration	Provider
session_id	Session	Maintain user session	Session	Happy Camper
user_pref	Persistent	Remember user preferences	1 year	Happy Camper
auth_token	Persistent	Keep users logged in	30 days	Happy Camper
_ga, _gid	Analytics	Google Analytics tracking	2 years / 24 hours	Google
_fbp	Advertising	Facebook Pixel	90 days	Facebook
optimizelyEndUserId	Testing	A/B testing	6 months	Optimizely

For a complete and current list of cookies used on our Services, please visit

12.5 Third-Party Services Using Cookies

We work with the following categories of third-party services that may set cookies on our Services:

Analytics Providers:

Google Analytics

Adobe Analytics

Mixpanel

Amplitude

Advertising Networks:

Google Ads

Facebook Ads

LinkedIn Ads

Other programmatic advertising platforms

Social Media Platforms:

Facebook

LinkedIn

Twitter/X

Instagram

Customer Support:

Zendesk

Intercom

LiveChat

Marketing Automation:

HubSpot

Marketo

Mailchimp

Tag Management:

Google Tag Manager

Adobe Launch

These third parties have their own privacy policies governing their use of cookies and personal information. We are not responsible for the privacy practices of third parties.

12.6 Your Cookie Choices

You have several options for controlling cookies:

Cookie Consent Manager: When you first visit our website, you will see a cookie consent banner allowing you to accept or reject non-essential cookies.

Browser Settings: Most web browsers allow you to control cookies through their settings. You can:

Block all cookies

Block third-party cookies only

Delete existing cookies

Receive alerts when cookies are being set

Browser-specific instructions:

Chrome: Settings > Privacy and Security > Cookies and other site data

Firefox: Settings > Privacy & Security > Cookies and Site Data

Safari: Preferences > Privacy > Cookies and website data

Edge: Settings > Cookies and site permissions > Cookies and data stored

Mobile Device Settings: For mobile apps, you can:

iOS: Settings > Privacy > Tracking (to control cross-app tracking)

Android: Settings > Google > Ads > Opt out of Ads Personalization

Opt-Out Tools:

For targeted advertising, you can opt out through:

Digital Advertising Alliance (DAA):

Network Advertising Initiative (NAI):

European Interactive Digital Advertising Alliance (EDAA):

Do Not Track (DNT): Some browsers offer a “Do Not Track” setting. We do not currently respond to Do Not Track signals, as there is no industry-wide standard for how to interpret and respond to such signals. However, you can control cookies through other means as described above.

Global Privacy Control (GPC): We recognize and honor Global Privacy Control (GPC) signals as an opt-out of the “sale” or “sharing” of personal information for residents of states that recognize GPC (currently California, Colorado, and Connecticut).

12.7 Consequences of Disabling Cookies

If you disable or block cookies:

Strictly Necessary Cookies: You cannot opt out of strictly necessary cookies without severely impairing the functionality of our Services. Disabling these cookies may prevent you from:

Logging into your account

Using key features

Completing transactions

Non-Essential Cookies: You can opt out of non-essential cookies (performance, functionality, advertising) without preventing basic use of our Services. However, disabling these cookies may result in:

Less personalized experience

Need to re-enter preferences repeatedly

Inability to use certain features

Less relevant advertising

Reduced ability for us to improve our Services

12.8 Cookie Policy Updates

For more detailed information about our use of cookies, please review our Cookie Policy , which is incorporated into this Privacy Policy by reference.

We may update our cookie practices from time to time. Material changes will be communicated through our Cookie Consent Manager and updates to our Cookie Policy.

 

---

13. THIRD-PARTY SERVICES AND LINKS

13.1 Third-Party Websites and Services

Our Services may contain links to third-party websites, applications, services, or content that are not owned or controlled by Happy Camper. These may include:

Links to RV dealerships and manufacturers

Links to insurance carrier websites

Links to campground directories and travel resources

Social media platforms

Third-party service provider websites

Advertising networks

Payment processing platforms

Other external resources

We Are Not Responsible: This Privacy Policy does not apply to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party sites. Third-party sites have their own privacy policies, terms of service, and security practices.

Your Responsibility: When you click a link to a third-party site or use a third-party service:

You leave our Services and this Privacy Policy no longer applies

You should review the third party’s privacy policy before providing personal information

You interact with the third party at your own risk

We cannot control how third parties collect, use, or share your information

13.2 Third-Party Integrations

Our Services may integrate with or interoperate with third-party platforms and services, including:

Social Media Integration: If you connect your Happy Camper account with social media accounts (Facebook, LinkedIn, etc.), the social media platform may:

Receive information about your use of our Services

Share your profile information with us

Post content to your social media account on your behalf (with your permission)

Review the social media platform’s privacy settings and policies to control what information is shared.

Single Sign-On (SSO): If you use third-party authentication services (such as “Sign in with Google” or “Sign in with Apple”) to access our Services:

The SSO provider may share your profile information with us

We may share information about your use of our Services with the SSO provider

Review the SSO provider’s privacy policy to understand data sharing

Third-Party Applications: If you authorize third-party applications to access your Happy Camper account or data:

You are granting the third-party application permission to access your information

The third-party application’s privacy policy will govern its use of your information

You can revoke third-party application access through your account settings

Payment Processors: We use third-party payment processors (such as Stripe, PayPal, etc.) to process payments. When you provide payment information:

Payment information is transmitted directly to the payment processor

The payment processor’s privacy policy governs their use of your payment information

We receive limited information from payment processors (such as transaction confirmations, but not full credit card numbers)

13.3 Co-Branded or White-Labeled Services

When you use roadside assistance services provided through our white-label clients, you may interact with co-branded services or interfaces that combine Happy Camper and client branding. In these situations:

Both Happy Camper and the client act as joint controllers (as described in Section 8.2)

Both privacy policies apply

You should review both Happy Camper’s and the client’s privacy policies

13.4 Third-Party Service Providers

Independent service providers (ISPs) who provide roadside assistance to you are independent contractors, not employees of Happy Camper. When you receive services from an ISP:

The ISP may collect personal information directly from you

The ISP’s own privacy practices apply to information they collect directly

We require ISPs to comply with privacy and security requirements in their contracts with us

We are not responsible for ISPs’ compliance with privacy laws outside the scope of our contractual relationship

13.5 Advertising and Analytics Services

We work with third-party advertising networks and analytics providers that may collect information about your browsing activity across multiple websites and services to:

Display targeted advertisements

Measure advertising effectiveness

Analyze user behavior and trends

These third parties may use cookies, web beacons, device identifiers, and other tracking technologies. See Section 12 for information about cookies and how to opt out of targeted advertising.

13.6 No Endorsement

Our inclusion of links to third-party sites or integration with third-party services does not imply endorsement of those sites or services. We do not make any representations or warranties about third-party sites, services, products, or content.

 

---

14. DATA SECURITY AND INCIDENT RESPONSE

14.1 Our Commitment to Security

We take the security of your personal information seriously and implement comprehensive technical, organizational, and administrative safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, loss, misuse, or destruction.

14.2 Security Framework

Our information security program is based on industry-leading frameworks and standards, including:

NIST Cybersecurity Framework: We align our security practices with the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

ISO/IEC 27000 Series: We implement security controls consistent with the Information Security Management Standard (ISO/IEC 27001 and related standards).

SOC 2 Type II: We undergo annual SOC 2 Type II audits by independent third-party auditors to verify the effectiveness of our security controls.

PCI DSS: For payment card processing, we comply with Payment Card Industry Data Security Standard (PCI DSS) requirements through certified payment processors.

14.3 Technical Security Measures

• Encryption: TLS 1.2+ in transit; AES-256 at rest; end-to-end for highly sensitive data.
• Access Controls: RBAC, least privilege, MFA, SSO, regular access reviews.
• Network and Infrastructure: Firewalls, IDS/IPS, VPNs, segmentation, DDoS protection.
• Application Security: SSDLC, threat modeling, code reviews, SAST/DAST, dependency scanning, pentesting.
• Endpoint Security: Full disk encryption, anti-malware, patch management, MDM.
• Logging and Monitoring: Centralized logs, SIEM, real-time alerts, 1+ year retention for logs.
• Vulnerability Management: Regular scans, third-party pentests, bug bounty, prioritized remediation.
• Backup & DR: Daily backups, encrypted, geographically redundant, tested restores, defined RTO/RPO.

14.4 Organizational Security Measures

• Personnel Security:
  • Background checks for employees where permitted.
  • Confidentiality agreements for staff and vendors.
  • Security and privacy training on onboarding and annually.
  • Access termination within 24 hours of role end.
• Vendor and Third-Party Security:
  • Vendor risk assessments before engagement and periodically.
  • Contractual security obligations and incident notification requirements.
  • Ongoing vendor monitoring.
• Physical Security:
  • Data center controls: 24/7 security, biometrics, cameras, environmental controls.
  • Office controls: badge access, visitor management, secure disposal of media.
• Security Governance:
  • Dedicated CTO and DPO overseeing programs.
  • Comprehensive policies reviewed annually.
  • Regular risk assessments and incident response planning.

14.5 Security Incident Response

1. Contain and Investigate:
   • Immediately contain the incident.
   • Assess scope and impact.
   • Conduct a thorough investigation.
2. Notify Affected Individuals:
   • Notify affected individuals without undue delay and as required by law.
   • Notifications include: description of what happened; types of information involved; steps we are taking; steps you can take to protect yourself; contact information for questions.
3. Notify Regulators:
   • Notify applicable regulatory authorities and supervisory authorities as required (e.g., within 72 hours for GDPR breaches or per state breach-notification laws).
4. Notify Business Partners:
   • Notify affected clients, joint controllers, and relevant partners when their data or customers’ data is impacted.
5. Remediate:
   • Take steps to remediate the vulnerability or issue that led to the incident.
   • Implement measures to prevent recurrence.
6. Document:
   • Maintain detailed documentation of the incident, investigation, response actions, and lessons learned.
7. Timeframes:
   • Discovery to Notification: We will notify affected individuals without unreasonable delay and within the timeframe required by applicable law (typically 30–60 days in many U.S. states; without undue delay under GDPR).
   • Regulatory Notification: We will notify supervisory authorities within required timeframes (e.g., 72 hours for GDPR breaches; state timeframes vary).
8. No Admission of Liability:
   • Notifications are made to comply with legal obligations and to allow protective measures; they do not constitute an admission of fault, liability, or wrongdoing by Happy Camper.

14.6 Your Role in Security

• Account Security:
  • Choose strong, unique passwords for your Happy Camper account.
  • Do not share your password with anyone.
  • Enable multi-factor authentication if available.
  • Log out when using shared or public devices.
  • Keep contact information up to date.
• Device Security:
  • Secure devices with passwords, PINs, or biometric locks.
  • Keep OS and apps updated with security patches.
  • Use anti‑malware software.
  • Avoid rooting/jailbreaking devices.
  • Be cautious when downloading apps from unknown sources.
• Network Security:
  • Use secure, trusted Wi‑Fi networks when accessing our Services.
  • Avoid public Wi‑Fi for sensitive transactions.
  • Use a VPN over untrusted networks.
• Awareness:
  • Be suspicious of unsolicited requests for personal information (phishing).
  • Verify authenticity of emails, calls, or texts claiming to be from Happy Camper.
  • Do not click suspicious links or download unknown attachments.
• Reporting Security Issues:
  • For Account Issues: Contact customer support immediately.
  • For Security Vulnerabilities: Email our vulnerability discovery program at (contact placeholder).
  • For Data Breaches: Email or call 833-243-0349.

14.7 Limitations

While we implement industry-leading security measures, no system is completely secure. We cannot guarantee absolute security of personal information. You acknowledge and accept that:

Transmission of information over the internet inherently carries security risks

Unauthorized access, hacking, data loss, or breaches may occur despite our safeguards

You use our Services at your own risk

Our liability for security incidents is limited as set forth in our Terms of Service

 

---

15. DATA RETENTION AND DELETION

15.1 Retention Principles

• Purpose Limitation: We retain personal information only as long as necessary for the purposes described in this Privacy Policy.
• Legal Compliance: We retain records as required by applicable laws, regulations, and legal obligations (tax, accounting, employment, regulatory requirements).
• Legitimate Business Needs: We retain information as necessary for contract enforcement, dispute resolution, fraud prevention, and records management.
• Data Minimization: We periodically review and delete or anonymize personal information that is no longer necessary.

15.2 Retention Periods by Category

Category of Information	Retention Period	Justification
Account Information (name, email, phone, address)	Duration of active account + 7 years after account closure	Contract performance, legal compliance (statute of limitations)
Service Request Data (location, service type, breakdown info)	3 years after service completion	Claims processing, dispute resolution, quality assurance
Geolocation Data (precise GPS coordinates)	24 hours (real-time); 3 years (historical)	Service delivery; historical records for claims/disputes
Payment Information (credit card, bank account)	Duration of active account + 7 years	Payment processing, tax/accounting compliance, fraud prevention
Communications (emails, chats, call recordings)	3 years	Customer service, dispute resolution, training, legal compliance
Claims Data (claim submissions, adjudications, outcomes)	7 years after claim closure	Legal compliance (statute of limitations), audit requirements
Marketing Consent Records	4 years after consent withdrawal	TCPA compliance, demonstrating consent
Employment Data (applications, employee records)	7 years after employment ends	Legal compliance, employment law requirements
Website/App Usage Data (logs, analytics, cookies)	26 months	Analytics, service improvement, GDPR compliance
Security Logs (access logs, authentication logs)	1 year minimum	Security monitoring, incident investigation
Aggregated/Anonymized Data	Indefinite	Cannot identify individuals; used for analytics, research

15.3 Active Account Retention

While Your Account is Active:

While your account is active and you continue to use our Services, we retain your personal information for as long as necessary to:

Provide Services to you

Maintain your account and preferences

Comply with legal obligations

Enforce our Terms of Service

Account Activity:

We consider an account “active” if you:

Log into your account

Request roadside assistance services

Interact with our customer service

Open marketing emails or click links (if you’ve opted in)

Otherwise engage with our Services

Inactive Accounts:

If your account has been inactive for 3 years with no engagement, we may:

Send you notice that your account will be closed

Provide you an opportunity to reactivate your account

Close your account and delete or anonymize your information (subject to retention requirements below)

Retain limited information necessary for legal compliance and fraud prevention

15.4 Post-Account Closure Retention

• Legal and Regulatory Compliance: Tax records (7 years), employment records (7 years), financial transactions (7 years), contract records (statute of limitations), regulatory records as required.
• Fraud Prevention and Security: Fraud-related information up to 10 years; anti-circumvention data retained in hashed/anonymized form.
• Legal Claims and Disputes: Retained for applicable statute of limitations and appeals periods.
• Business Records: Business reports and analytics retained (e.g., 7 years); backups retained until rotation completes (~90 days).
• Service History: Limited service history may be kept to restore accounts upon reactivation.

15.5 Deletion and Anonymization Methods

When we delete personal information, we use secure deletion methods including:

Secure Deletion:

Overwriting data with random data multiple times (multi-pass overwrite)

Deleting database records and indexes

Purging from backups during next backup cycle

Shredding or degaussing physical media

Anonymization: For certain data sets, rather than deletion, we may anonymize personal information by:

Removing all direct identifiers (name, email, phone, address, etc.)

Removing or generalizing indirect identifiers (IP addresses, device IDs, precise location, etc.)

Aggregating data so individual-level information cannot be reconstructed

Applying differential privacy or other privacy-enhancing techniques

Properly anonymized information is no longer considered personal information and may be retained indefinitely for analytics, research, and business intelligence.

Limitations on Immediate Deletion:

We may not be able to immediately delete personal information from:

Backup systems (deleted during next backup cycle, typically within 90 days)

Disaster recovery systems (deleted when restored from backup)

Archived or decommissioned systems (deleted when system is decommissioned)

Information held by subprocessors or service providers (deleted after contractual notice period)

Information required for ongoing legal proceedings, investigations, or disputes (deleted after matter is resolved)

15.6 Retention for Specific Purposes

Roadside Assistance Services:

Active service requests: Retained until service is completed plus 90 days

Completed service records: 3 years (for warranty, claims, disputes, quality assurance)

Claims history: 7 years (statute of limitations for contract and fraud claims)

Insurance Brokerage Services:

Insurance applications and quotes: 7 years (regulatory requirement, audit trail)

Policy records: 7 years after policy expiration (insurance regulations, claims)

Premium and commission records: 7 years (tax and accounting compliance)

Joint Controller Data: When we act as a joint controller with clients, retention periods are determined jointly and set forth in our data processing agreements. Generally:

Eligibility and enrollment data: Retained by client per their retention policy

Service delivery data: 3 years (Happy Camper retention)

Shared analytics and reporting: 7 years (both parties)

Marketing Data:

Marketing consent records: 4 years after consent withdrawal (TCPA compliance)

Marketing engagement data (opens, clicks): 3 years

Unsubscribe/opt-out records: Indefinite (to honor opt-out requests)

Employment Data:

Job applications (not hired): 2 years (EEOC requirement)

Employee personnel files: 7 years after employment ends

Payroll records: 7 years (IRS requirement)

I-9 forms: 3 years after hire or 1 year after employment ends, whichever is later

15.7 Legal Holds

When personal information is subject to a legal hold (due to litigation, government investigation, or other legal proceedings), we suspend normal retention and deletion processes and preserve the information until the legal hold is lifted. This may result in information being retained longer than the standard retention periods described above.

15.8 Your Deletion Rights

Subject to applicable law and the limitations described in this section, you have the right to request deletion of your personal information. See Section 17 for information about exercising your deletion rights.

Exceptions to Deletion:

We may decline to delete personal information, or may retain certain personal information after a deletion request, when retention is necessary to:

Complete Transactions: Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you.

Detect and Resolve Issues: Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

Debug and Repair: Debug to identify and repair errors that impair existing intended functionality.

Exercise Free Speech: Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

Comply with Legal Obligations: Comply with the California Electronic Communications Privacy Act (California Penal Code § 1546 et seq.), other legal obligations, or legal process.

Research: Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when deletion would likely render impossible or seriously impair the research’s achievement, provided you have given informed consent.

Internal Uses: Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

Contract Performance: Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

15.9 Contacting Us About Retention

If you have questions about our retention practices or wish to request deletion of your information before the expiration of standard retention periods, please contact us using the information in Section 21.

 

---

16. INTERNATIONAL DATA TRANSFERS

16.1 Cross-Border Data Transfers

Happy Camper operates primarily in the United States and Canada. Personal information we collect may be transferred to, stored in, and processed in countries other than the country in which it was originally collected, including the United States, Canada, and other countries where Happy Camper, our affiliates, or our service providers maintain operations or data processing facilities.

These countries may have data protection laws that differ from the laws of your country of residence. By using our Services and providing personal information to us, you acknowledge and consent to the transfer of your personal information to these countries.

16.2 Primary Data Storage Locations

• United States: Primary production data in AWS US regions (us-east-1, us-west-2); backups in geographically distributed AWS US regions; corporate systems based in Nevada, USA.
• Canada: Canadian customer data may be stored in AWS Canada regions (ca-central-1) to respect data residency preferences and for local processing.
• Additional Locations: If we add storage/processing locations, we will update this Policy and notify affected individuals where required.

16.3 Transfers from the European Economic Area, UK, and Switzerland

• Legal Mechanisms for Transfers:
  • Adequacy Decisions: Transfers to countries with an adequacy decision (e.g., Canada for certain transfers) rely on that decision.
  • Standard Contractual Clauses (SCCs):
    • EU SCCs (Decision 2021/914) for GDPR transfers.
    • UK Addendum for UK transfers.
    • Swiss SCCs with Swiss-specific modifications for Switzerland.
    • We incorporate SCCs into DPAs and use Module Two (Controller-to-Processor) when applicable; optional docking clause may apply.
  • Supplementary Measures: Encryption in transit/at rest, pseudonymization where feasible, access controls, contractual restrictions on government access, transparency about government requests, regular audits.
  • Transfer Impact Assessments (TIAs): We conduct TIAs to evaluate destination protections and implement additional safeguards as required.
• Enforcement and Rights:
  • Data subjects can enforce rights under SCCs.
  • Governing law and competent courts vary by SCC implementation (EU: Irish law/courts; UK: UK law/courts; Switzerland: Swiss law/courts).

16.4 Transfers to Subprocessors

Our subprocessors (service providers) may process personal data in various countries. We require all subprocessors to:

Enter into data processing agreements incorporating appropriate transfer mechanisms (SCCs where required)

Implement appropriate technical and organizational security measures

Comply with applicable data protection laws

A list of subprocessors and their locations is available upon request.

16.5 U.S. Federal and State Data Transfer Restrictions

While the United States does not currently have federal adequacy recognition from the EU, certain U.S. federal and state laws impose restrictions on data transfers:

GLBA (Financial Services): For financial services regulated under the Gramm-Leach-Bliley Act, we comply with requirements for sharing financial information with nonaffiliated third parties, including offshore service providers.

State Data Breach Notification Laws: Most U.S. states require notification of data breaches involving personal information. When personal information is transferred to third parties, we ensure those parties notify us of breaches so we can comply with notification obligations.

State Privacy Laws: Certain state privacy laws (such as California’s CCPA, as amended by CPRA) regulate transfers of personal information to third parties and service providers. We comply with these requirements through appropriate contractual safeguards.

16.6 Canadian Data Transfer Requirements

PIPEDA: Under PIPEDA, Canadian organizations may transfer personal information outside Canada for processing, provided they:

Notify individuals of transfers

Obtain consent where required

Ensure adequate protection through contractual or other means

Remain accountable for personal information even when processed by third parties

We comply with these requirements by:

Disclosing transfers in this Privacy Policy

Obtaining consent where required

Using data processing agreements with service providers

Maintaining oversight of service providers’ compliance

Quebec Law 25: Quebec’s Law 25 imposes specific requirements for transfers outside Quebec, including:

Prior notice to individuals

Description of security measures

Assessment of privacy risks

For Quebec residents, we conduct privacy risk assessments for transfers outside Quebec and implement appropriate safeguards.

16.7 Government Access to Data

Personal information transferred to the United States may be subject to access by U.S. government authorities under U.S. law, including:

Foreign Intelligence Surveillance Act (FISA)

Executive Order 12333

USA PATRIOT Act

Other national security and law enforcement laws

When we receive lawful government requests for personal information, we:

Review the request for legal sufficiency

Challenge overly broad or inappropriate requests where possible

Notify affected individuals when legally permitted

Disclose only the information legally required

Publish transparency reports about government requests (to the extent permitted)

Data subjects in the EEA, UK, and Switzerland may have rights to redress under applicable data transfer mechanisms (such as the SCCs) if government access occurs in violation of those mechanisms.

16.8 Your Rights Regarding International Transfers

Right to Object: If you are located in the EEA, UK, or Switzerland, you may have the right to object to the transfer of your personal data to countries outside those regions. However, such objection may prevent us from providing Services to you if the transfer is necessary for service delivery.

Right to Information: You have the right to obtain information about the safeguards we use for international transfers. Contact our Data Protection Officer for more information.

Right to Lodge Complaints: If you believe international transfers of your personal data do not comply with applicable law, you may lodge a complaint with a supervisory authority:

EEA: Contact your national Data Protection Authority

UK: Information Commissioner’s Office (ICO) – ico.org.uk

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) – edoeb.admin.ch

16.9 Changes to Transfer Practices

We may change our data transfer practices, locations, or mechanisms from time to time. Material changes will be communicated through updates to this Privacy Policy and, where required by law, through direct notice to affected individuals.

 

---

17. YOUR PRIVACY RIGHTS AND CHOICES

The privacy rights available to you depend on your location and the applicable data protection laws in your jurisdiction. This section describes general privacy rights, while Section 18 provides jurisdiction-specific details for U.S. states, and Section 22 provides details for other jurisdictions.

17.1 Right to Access

• What It Means: Right to request access to personal information we hold about you.
• What You Can Request: Confirmation of processing, categories, specific pieces, sources, purposes, third-party categories, retention periods.
• How to Exercise: Email / Phone: 833-243-0349 / Mail: Happy Camper Roadside LLC, Attn: Privacy Officer, 6543 South Las Vegas Boulevard, 2nd Floor, Las Vegas, NV 89119.
• Response Time: U.S. typically 45 days; EEA/UK typically 30 days; Canada typically 30 days.

17.2 Right to Correction (Rectification)

• What It Means: You have the right to request correction of inaccurate, incomplete, or outdated personal information.
• What You Can Request:Correction of factual errors in your personal information

  Completion of incomplete personal information

  Update of outdated information

• How to Exercise: You can correct certain information directly through your account settings. For other corrections, submit a request using the contact methods above.
• Our Obligations: When we receive a correction request, we will:Verify your identity

  Investigate the accuracy of the information

  Correct verified inaccurate information

  Notify third parties to whom we disclosed the inaccurate information (where appropriate and feasible)

• Response Time: Same as access requests (see Section 17.1).
• Limitations: We may decline correction requests when:The information is accurate

  You cannot provide evidence supporting the correction

  Correction would violate legal or regulatory requirements

  The information is opinion or judgment rather than fact

17.3 Right to Deletion (Erasure)

• What It Means: Right to request deletion of personal information, subject to exceptions.
• How to Exercise: Submit deletion request via contact methods in Section 17.1 or delete account in settings.
• Our Obligations: Delete from active systems, direct providers to delete, remove from backups during next cycle, anonymize if needed.
• Exceptions: Legal compliance, fraud prevention, debugging, research, other lawful bases as described in Section 15.8.

17.4 Right to Data Portability

What It Means: You have the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit that information to another controller (where technically feasible).

What You Can Request:

Export of your personal information in portable format (CSV, JSON, XML, etc.)

Direct transmission to another service provider (where technically feasible)

How to Exercise: Submit a portability request using the contact methods in Section 17.1, specifying your preferred format.

Scope: Portability applies to:

Personal information you provided to us

Information collected through automated means (with your consent or based on contract)

Portability does not apply to:

Inferred or derived information (predictions, analytics)

Information obtained from third parties

Information about others

Availability: This right is primarily available to EEA/UK residents under GDPR/UK GDPR. Some U.S. state laws provide similar rights.

17.5 Right to Opt-Out of Sale or Sharing

What It Means: You have the right to opt out of the “sale” or “sharing” of your personal information as those terms are defined under applicable state privacy laws.

Our Practices: Happy Camper does not “sell” personal information in the traditional sense (i.e., exchanging personal information for monetary compensation). However, under the broad definitions in some state laws, certain data sharing practices may constitute a “sale” or “sharing,” including:

Sharing personal information with advertising partners for targeted advertising

Using third-party analytics and advertising cookies that track users across websites

How to Opt Out:

Universal Opt-Out Methods:

Do Not Sell or Share Link: Click the “Do Not Sell or Share My Personal Information” link in our website footer

Cookie: https://thehappycamper.com/cookie/

Global Privacy Control (GPC): We honor browser-based Global Privacy Control signals as an opt-out

Email: Send opt-out request to

What Happens When You Opt Out:

We will stop sharing your personal information with third parties for targeted advertising

We will disable third-party advertising cookies on our websites

You may still see advertising, but it will be less relevant to your interests (contextual rather than targeted)

We will continue to share personal information with service providers for necessary business purposes (such as payment processing, roadside assistance delivery)

Limitations: Opting out does not affect:

Sharing with service providers acting on our behalf

Sharing required for service delivery

Sharing required by law

Sharing with your consent for specific purposes

17.6 Right to Limit Use of Sensitive Personal Information

What It Means: Under certain state laws (such as California’s CPRA), you have the right to limit our use and disclosure of Sensitive Personal Information to purposes necessary to provide requested services and other specified purposes.

Our Collection of Sensitive Personal Information: We collect the following categories of Sensitive Personal Information:

Precise geolocation data

Account login credentials

Financial account information (for payment processing)

Social Security numbers (for employment, identity verification)

Government-issued ID numbers

Contents of communications with us

Our Uses: We use Sensitive Personal Information only for the following purposes:

Providing requested services (dispatching roadside assistance, processing payments)

Security and fraud prevention

Verifying identity

Employment purposes

Legal compliance

Other purposes disclosed at the time of collection

We do not use or disclose Sensitive Personal Information for purposes of inferring characteristics about you beyond what is necessary to provide Services.

How to Exercise: If you believe we are using Sensitive Personal Information beyond necessary purposes, you may submit a request to limit use by contacting .

17.7 Right to Opt Out of Profiling/Automated Decision-Making

What It Means: Under certain state laws, you have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.

Our Practices: See Section 11 for information about our use of AI and automated decision-making. Most of our automated decisions do not produce legal or similarly significant effects. Where they do, we provide human review.

How to Exercise: To opt out of profiling, contact and specify which automated processes you wish to opt out of. Note that opting out may affect our ability to provide certain Services.

17.8 Right to Non-Discrimination

What It Means: We will not discriminate against you for exercising your privacy rights. This means we will not:

Deny goods or services to you

Charge different prices or rates for goods or services

Provide a different level or quality of goods or services

Suggest that you will receive a different price, rate, level, or quality of goods or services

Permissible Differences: We may offer financial incentives or different prices if the difference is reasonably related to the value provided by your personal information. Any such programs will be clearly disclosed and require your opt-in consent.

Service Limitations: In some cases, exercising privacy rights may affect our ability to provide Services:

Deleting your account will terminate access to Services

Opting out of geolocation will impair our ability to dispatch assistance to your location

Deleting payment information will prevent us from processing payments

These are natural consequences of your choices, not discriminatory practices.

17.9 Right to Withdraw Consent

What It Means: Where we process your personal information based on consent, you have the right to withdraw consent at any time.

How to Withdraw:

Marketing Consent: Use the unsubscribe link in emails, reply STOP to text messages, or contact

Geolocation Consent: Disable location services in your device settings or app settings

Cookie Consent: Adjust settings in our Cookie Consent Manager

Other Consent: Contact

Effect of Withdrawal:

Withdrawal does not affect the lawfulness of processing based on consent before withdrawal

We may continue processing on other legal bases (contract, legitimate interests, legal obligation)

Withdrawal may affect our ability to provide certain Services

17.10 Right to Object

What It Means: For EEA/UK residents, you have the right to object to processing based on legitimate interests or for direct marketing purposes.

How to Exercise: Contact and specify which processing you object to and your reasons.

Our Response: We will stop the processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for establishment, exercise, or defense of legal claims.

Direct Marketing: You have an absolute right to object to direct marketing. We will stop such processing upon your objection.

17.11 Right to Restrict Processing

What It Means: For EEA/UK residents, you have the right to request restriction of processing in certain circumstances:

You contest the accuracy of personal information (during verification)

Processing is unlawful but you prefer restriction to deletion

We no longer need the information but you need it for legal claims

You have objected to processing (pending our response)

Effect: When processing is restricted, we will store the information but not use it (except with your consent, for legal claims, to protect others’ rights, or for important public interests).

17.12 Rights Related to Joint Controllers

When Happy Camper and a white-label client act as joint controllers:

You can exercise rights against either controller

Happy Camper will coordinate with the client to provide complete responses

Each controller is responsible for its area of processing

Both controllers must comply with your requests (subject to legal exceptions)

17.13 Rights for Authorized Agents

You may authorize another person or entity to submit privacy rights requests on your behalf (an “authorized agent”). We require authorized agents to:

Provide proof of authorization (power of attorney, signed authorization form, etc.)

Verify their own identity

Verify your identity

We may deny requests from authorized agents who cannot provide adequate proof of authorization.

17.14 Verification of Identity

To protect your privacy and security, we verify your identity before responding to privacy rights requests. Our verification process may include:

Matching information you provide with information in our records

Asking you to confirm recent transactions or account details

Requiring you to access your account to submit the request

For sensitive requests (such as deletion), requiring additional verification steps

If we cannot verify your identity, we may decline the request.

17.15 No Fee for Requests

We do not charge a fee for processing privacy rights requests. However, we may charge a reasonable fee or decline the request if it is manifestly unfounded, excessive, or repetitive.

17.16 Appeals Process

If we decline your privacy rights request or you are unsatisfied with our response:

Internal Appeal: You may appeal our decision by contacting within 30 days and explaining the basis for your appeal. We will respond to appeals within 45 days (or as required by applicable law).

Regulatory Complaint: You have the right to lodge a complaint with a supervisory authority:

U.S. State Residents: Contact your state Attorney General or consumer protection office

EEA Residents: Contact your national Data Protection Authority

UK Residents: Information Commissioner’s Office (ICO) – ico.org.uk

Canadian Residents: Office of the Privacy Commissioner of Canada (OPC) – priv.gc.ca, or provincial privacy commissioners

See Section 22 for jurisdiction-specific contact information.

 

---

18. STATE-SPECIFIC PRIVACY RIGHTS AND DISCLOSURES

This section provides detailed privacy rights and disclosures for residents of U.S. states with comprehensive privacy laws. If you are a resident of one of these states, the provisions in this section apply to you in addition to the general provisions in this Privacy Policy.

18.1 California Residents (CCPA/CPRA)

• Rights: Right to know, delete, correct, opt-out of sale/sharing, limit use of sensitive PI, non-discrimination, opt-out of automated decision-making.
• How to Exercise: Email / Phone: 833-243-0349 / Mail: Happy Camper Roadside LLC, Attn: Privacy Officer, 6543 South Las Vegas Boulevard, 2nd Floor, Las Vegas, NV 89119.
• Verification & Response: Identity verification required; respond within 45 days (extendable).

18.2 Virginia Residents (VCDPA)

Effective Date: January 1, 2023

Applicability: These provisions apply to Virginia residents as defined under the Virginia Consumer Data Protection Act (VCDPA).

Your Virginia Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we collected from you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: If we deny your request, you may appeal by contacting within a reasonable time. We will respond within 60 days. If you are unsatisfied, you may contact the Virginia Attorney General at .

 

18.3 Colorado Residents (CPA)

Effective Date: July 1, 2023

Applicability: These provisions apply to Colorado residents as defined under the Colorado Privacy Act (CPA).

Your Colorado Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable, readily usable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

Universal Opt-Out Mechanism: We honor Global Privacy Control (GPC) signals as an opt-out.

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: If we deny your request, you may appeal within a reasonable time. We will respond within 45 days. If unsatisfied, you may contact the Colorado Attorney General at .

 

18.4 Connecticut Residents (CTDPA)

Effective Date: July 1, 2023

Applicability: These provisions apply to Connecticut residents as defined under the Connecticut Data Privacy Act (CTDPA).

Your Connecticut Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

Universal Opt-Out Mechanism: We honor Global Privacy Control (GPC) signals as an opt-out.

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: If we deny your request, you may appeal within a reasonable time. We will respond within 45 days (extendable by 60 days). If unsatisfied, you may contact the Connecticut Attorney General at .

 

18.5 Utah Residents (UCPA)

Effective Date: December 31, 2023

Applicability: These provisions apply to Utah residents as defined under the Utah Consumer Privacy Act (UCPA).

Your Utah Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Note: Utah law does not provide a statutory appeal process or right to correct.

 

18.6 Montana Residents (MCDPA)

Effective Date: October 1, 2024

Applicability: These provisions apply to Montana residents as defined under the Montana Consumer Data Privacy Act (MCDPA).

Your Montana Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the Montana Attorney General at .

 

18.7 Oregon Residents (OCPA)

Effective Date: July 1, 2024

Applicability: These provisions apply to Oregon residents as defined under the Oregon Consumer Privacy Act (OCPA).

Your Oregon Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 45 days. If unsatisfied, contact the Oregon Attorney General at .

 

18.8 Texas Residents (TDPSA)

Effective Date: July 1, 2024

Applicability: These provisions apply to Texas residents as defined under the Texas Data Privacy and Security Act (TDPSA).

Your Texas Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the Texas Attorney General at .

 

18.9 Delaware Residents (DPDPA)

Effective Date: January 1, 2025

Applicability: These provisions apply to Delaware residents as defined under the Delaware Personal Data Privacy Act (DPDPA).

Your Delaware Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the Delaware Attorney General at .

 

18.10 Iowa Residents (ICDPA)

Effective Date: January 1, 2025

Applicability: These provisions apply to Iowa residents as defined under the Iowa Consumer Data Protection Act (ICDPA).

Your Iowa Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 90 days (extendable by 45 days) – Iowa provides a longer initial response time than most states

Appeal: You may appeal denied requests. We will respond within 45 days. If unsatisfied, contact the Iowa Attorney General at .

 

18.11 Nebraska Residents (NDPA)

Effective Date: January 1, 2025

Applicability: These provisions apply to Nebraska residents as defined under the Nebraska Data Privacy Act (NDPA).

Your Nebraska Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the Nebraska Attorney General at .

 

18.12 New Jersey Residents (NJDPA)

Effective Date: January 15, 2025

Applicability: These provisions apply to New Jersey residents as defined under the New Jersey Data Privacy Act (NJDPA).

Your New Jersey Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the New Jersey Attorney General at .

 

18.13 Tennessee Residents (TIPA)

Effective Date: July 1, 2025

Applicability: These provisions apply to Tennessee residents as defined under the Tennessee Information Protection Act (TIPA).

Your Tennessee Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the Tennessee Attorney General at .

 

18.14 Maryland Residents (MODPA)

Effective Date: October 1, 2025

Applicability: These provisions apply to Maryland residents as defined under the Maryland Online Data Privacy Act (MODPA).

Your Maryland Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the Maryland Attorney General at .

 

18.15 New Hampshire Residents (NHPA)

Effective Date: January 1, 2025

Applicability: These provisions apply to New Hampshire residents as defined under the New Hampshire Privacy Act (NHPA).

Your New Hampshire Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the New Hampshire Attorney General at .

 

18.16 Minnesota Residents (MCDPA)

Effective Date: July 31, 2025

Applicability: These provisions apply to Minnesota residents as defined under the Minnesota Consumer Data Privacy Act (MCDPA).

Your Minnesota Privacy Rights:

Right to Access: Confirm whether we process your personal data and access that data

Right to Correct: Correct inaccuracies in your personal data

Right to Delete: Delete personal data we hold about you

Right to Data Portability: Obtain a copy of personal data in a portable format

Right to Opt-Out: Opt out of:

Targeted advertising

Sale of personal data

Profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise: Use the contact methods in Section 18.1.

Response Time: 45 days (extendable by 45 days)

Appeal: You may appeal denied requests. We will respond within 60 days. If unsatisfied, contact the Minnesota Attorney General at .

 

18.17 Nevada Residents

Nevada Privacy Law (SB 220):

Nevada residents have the right to opt out of the “sale” of personally identifiable information by an online service. We do not currently sell personally identifiable information as defined under Nevada law. If our practices change, we will update this Privacy Policy and provide Nevada residents with the ability to opt out.

If you are a Nevada resident and have questions, contact .

 

18.18 Other U.S. States

If you reside in a U.S. state not listed above, you may not have specific statutory privacy rights under state privacy laws, but you still have rights under federal laws and our general privacy commitments described in Section 17.

We monitor emerging state privacy laws and will update this Privacy Policy as new laws take effect.

 

---

19. CHILDREN’S PRIVACY

19.1 Age Restrictions

Our Services are not intended for, and may not be used by, individuals under 18 years of age. We do not knowingly collect, use, or disclose personal information from children under 18.

19.2 COPPA Compliance

The Children’s Online Privacy Protection Act (COPPA) requires parental consent for the collection of personal information from children under 13. Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

19.3 Parental Notice

If you are a parent or guardian and believe that your child under 18 has provided personal information to us, please contact us immediately at . We will:

Verify the report

Delete the child’s information from our systems

Terminate any associated account

Take steps to prevent future collection

19.4 Age Verification

We rely on the following methods to prevent collection of information from minors:

Age gates and declarations during account registration

Terms of Service requiring users to be 18 or older

Monitoring and investigation of accounts suspected of belonging to minors

19.5 School and Educational Use

Our Services are not designed for use in schools or educational settings and are not marketed to educational institutions. If we become aware that a school has signed up students under 18, we will terminate the accounts and delete the information.

 

---

20. CHANGES TO THIS PRIVACY POLICY

20.1 Right to Modify

We reserve the right to modify, amend, or update this Privacy Policy at any time to reflect changes in our practices, Services, legal requirements, or for other operational, legal, or regulatory reasons.

20.2 Notice of Material Changes

• Prominent Notice: Posting a prominent notice on our websites and mobile applications.
• Email Notification: Sending an email to the address associated with your account (if provided).
• In-App Notification: Displaying a notification when you next log into our mobile application.
• Updated Effective Date: Updating the “Last Updated” date at the top of this Privacy Policy.
• Direct Mail: In certain circumstances, sending notice by postal mail.

20.3 Definition of Material Changes

Material changes include, but are not limited to:

Changes to the categories of personal information we collect

Changes to the purposes for which we use personal information

New categories of third parties with whom we share personal information

Changes to your rights or how to exercise them

Material changes to data security practices

Changes to data retention periods

New uses of sensitive personal information

Changes required by law

20.4 Non-Material Changes

For non-material changes (such as clarifications, corrections of typos, updates to contact information, or other minor modifications), we may update this Privacy Policy without providing advance notice. We encourage you to review this Privacy Policy periodically.

20.5 Effective Date of Changes

Changes to this Privacy Policy will become effective:

On the date specified in the updated Privacy Policy, or

30 days after we provide notice of material changes (whichever is later)

Your continued use of our Services after the effective date of changes constitutes your acceptance of the updated Privacy Policy.

20.6 Objecting to Changes

If you object to changes to this Privacy Policy:

You may stop using our Services

You may close your account

For certain changes, you may opt out of the specific practice (such as opting out of new marketing uses)

You may exercise your privacy rights (such as deletion) before the changes take effect

If you do not agree to the updated Privacy Policy, you must stop using our Services.

20.7 Reviewing Changes

We recommend that you review this Privacy Policy periodically to stay informed about our privacy practices. You can determine when this Privacy Policy was last updated by referring to the “Last Updated” date at the top of this document.

20.8 Archive of Previous Versions

Upon request, we can provide previous versions of this Privacy Policy for your review. Contact to request archived versions.

 

---

21. CONTACT US AND DATA PROTECTION OFFICER

21.1 Privacy Questions and Requests

• Email: (contact email address placeholder)
• Phone: 833-243-0349
• Mail: Happy Camper Roadside LLC, Attn: Privacy Officer / DPO, 6543 South Las Vegas Boulevard, 2nd Floor, Las Vegas, NV 89119

21.2 Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our privacy program and ensuring compliance with data protection laws.

Data Protection Officer:
Fraz Jamil, CTO and Data Protection Officer
Email:
Phone: 833-243-0349

You may contact our DPO directly with:

Questions about this Privacy Policy

Privacy rights requests

Data protection concerns

Complaints about our privacy practices

Questions about international data transfers

Requests for information about our data processing activities

21.3 Customer Service

For general customer service inquiries not related to privacy:

Email:

Phone:833-243-0349

In-App: Use the “Help” or “Contact Us” feature in our mobile application

21.4 Security Incident Reporting

To report security vulnerabilities or incidents:

Email: (vulnerability discovery program)

Email: (data breaches or privacy incidents)

Phone: 833-243-0349

21.5 Response Time

We strive to respond to all privacy inquiries and requests within:

General inquiries: 5-10 business days

Privacy rights requests: Timeframes specified in Section 17 and Section 18 (typically 30-45 days depending on jurisdiction)

Security incidents: Immediately upon receipt

21.6 Language

This Privacy Policy is provided in English. If you require this Privacy Policy in another language, please contact us and we will make reasonable efforts to accommodate your request.

 

---

22. JURISDICTION-SPECIFIC ADDENDA

22.1 European Economic Area, United Kingdom, and Switzerland

• Applicability: These provisions apply to individuals located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland whose personal data is subject to the GDPR, UK GDPR, or Swiss FADP.
• Legal Basis for Processing: See Section 6 for detailed information about our legal bases for processing your personal data.
• Your GDPR/UK GDPR/Swiss FADP Rights:Right of access (Article 15 GDPR)

  Right to rectification (Article 16 GDPR)

  Right to erasure / “right to be forgotten” (Article 17 GDPR)

  Right to restriction of processing (Article 18 GDPR)

  Right to data portability (Article 20 GDPR)

  Right to object (Article 21 GDPR)

  Rights related to automated decision-making and profiling (Article 22 GDPR)

  Right to withdraw consent (Article 7(3) GDPR)

  Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

• How to Exercise Your Rights: Contact our Data Protection Officer using the information in Section 21.
• Supervisory Authorities:If you believe we have violated your rights under the GDPR, UK GDPR, or Swiss FADP, you may lodge a complaint with a supervisory authority:

  EEA: Contact your national Data Protection Authority. A list is available at:

  UK: Information Commissioner’s Office (ICO)
  Website:
  Phone: +44 303 123 1113
  Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom

  Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
  Website: [https://www.edoeb.admin.ch](.

• International Data Transfers: When we transfer personal data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally compliant transfer mechanisms.
• Data Retention: We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. For specific retention periods, please see above discussion relevant retention periods.