Privacy Policy

Privacy Statement

Copart respects your privacy and is committed to protecting your Personal Data, which is any information that can be used to identify or potentially identify a particular person.

The scope of this Privacy Policy relates to any Personal Data that Copart processes under applicable data privacy laws. This Privacy Policy applies to your use of this website and all Copart services, regardless of how you access or use the services, including access via mobile devices and applications. Unless otherwise specified, this policy applies to the operations of Copart, Inc. relating to vehicles that are physically located within the United States.

This version was last updated in May 2024. We may update this notice from time to time, and if we do so, we will upload a new version to our website.

Important Information

This website is not intended for children, and we do not knowingly collect data relating to children. When you register with Copart as a member, you acknowledge that you are of legal age to make bids on vehicles and further agree to our terms and conditions.

It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Data about you. This privacy policy supplements other notices and is not intended to override them.

Data Controller

Copart, Inc. (referred to as “Copart”, “we”, “us” or “our”) is the data controller that is responsible for the personal data collected and used within the scope of this policy:

Jurisdiction	Entity	Address
United States of America	Copart, Inc.	14185 Dallas Parkway Suite 300 Dallas, TX 75254

Personal Data We Collect

Depending on the context of your relationship with us, we may collect different categories of data.

We collect Personal Data for the following reasons:

To provide you with information, products, or services that you request from us.
To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
As necessary or appropriate to protect the rights, property or safety of us, our members, our customers, or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

The following table details personal data we collected in the last twelve (12) months:

Data Category	Identity Data
Data Elements Corresponding to Data Category	Identifiers and characteristics of a protected class, including first name, last name, member number, username or similar identifier, password, title, date of birth, gender, social security number, tax ID, photo ID, driving license and passport information.
How We Collect Your Personal Data:	Directly from an individual who corresponds with us Directly from our vendors Directly from our members Directly from an individual who sells us a vehicle Directly from an individual who pick up vehicles at one of our yards Directly from an individual who applies for a position, or who we recruit
GDPR Lawful Basis	Performance of a contract Your consent Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.

Data Category	Professional and Employment Related Data
Data Elements Corresponding to Data Category	Includes performance evaluations, payroll information and benefits information such as health insurance and retirement. Previous work experience information, including years employed, prior place of employment, title, and roles within a previous company.
How We Collect Your Personal Data:	Directly from an individual who applies for a position, or who we employ
GDPR Lawful Basis	Performance of a contract. Our legitimate business interests, such as improving our sites, services and recruitment efforts, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.

Data Category	Non-Public Education Information
Data Elements Corresponding to Data Category	Education records directly related to a student maintained by an educational institution or party acting on its behalf.
How We Collect Your Personal Data:	Directly from an individual who applies for a position, or who we employ From third parties who perform background checks on our behalf.
GDPR Lawful Basis	Performance of a contract. Compliance with legal obligations • Our legitimate business interests, such as improving our sites, services and recruitment efforts, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.

Data Category	Contact Data
Data Elements Corresponding to Data Category	Identifiers, including your postal address, street address for vehicle pickup, email address and phone number and also your business license information.
How We Collect Your Personal Data:	Directly from an individual who corresponds with us Directly from our vendors Directly from our members Directly from an individual who sells us a vehicle Directly from an individual who picks up a vehicle at one of our yards Directly from an individual who applies for a position, or who we recruit
GDPR Lawful Basis	Performance of a contract. Your consent Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.

Data Category	Financial Data
Data Elements Corresponding to Data Category	Identifiers and financial information, including credit card or debit card, mobile pay information such as PayPal and Apple Pay, and bank account/sort code details.
How We Collect Your Personal Data:	Directly from our members Directly from an individual who sells us a vehicle Directly from an individual who picks up a vehicle at one of our yards.
GDPR Lawful Basis	Performance of a contract Our legitimate business interests, such as improving our sites and services, and the services of our third parties who help us facilitate payments, except where such interests are overridden by your interests or fundamental rights and freedoms Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.

Data Category	Technical Data
Data Elements Corresponding to Data Category	Internet or other electronic network activity information, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, server logs, operating system and platform and other technology on the devices you use to access this website.
How We Collect Your Personal Data:	Directly and indirectly from people who visit our website (www.copart.com).
GDPR Lawful Basis	Your consent. Our legitimate business interests, such as improving our sites and services and securing the safety of our website, except where such interests are overridden by your interests or fundamental rights and freedoms Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.

Data Category	Marketing Data
Data Elements Corresponding to Data Category	Includes your preferences in receiving marketing from us and our contracted third parties and your communication preferences. This also includes information you provide to us through one of our communication channels.
How We Collect Your Personal Data:	Directly from our members. Directly from an individual who corresponds with us.
GDPR Lawful Basis	Your consent. Our legitimate business interests, such as facilitating a communication channel and improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.

Data Category	Vehicle Data
Data Elements Corresponding to Data Category	Includes the make, model, condition of the vehicle, and vehicle identification number (VIN), which some jurisdictions classify as Personal Data.
How We Collect Your Personal Data:	Directly from an individual who sells us a vehicle.
GDPR Lawful Basis	Performance of a contract. Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.

Data Category	Usage Data
Data Elements Corresponding to Data Category	Internet or other electronic network activity information, including information about how you use our website, products, and services.
How We Collect Your Personal Data:	Indirectly from our members. Indirectly from individuals who visit our website and use our services.
GDPR Lawful Basis	Your consent. Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.

Data Category	Sensory Data
Data Elements Corresponding to Data Category	Audio, electronic, visual, thermal, olfactory, or similar information such as recorded calls or CCTV recordings.
How We Collect Your Personal Data:	Directly from an individual who corresponds with us. Indirectly from an individual who picks up a vehicle from one of our yards. Directly and indirectly from our employees.
GDPR Lawful Basis	Our legitimate business interests, such as improving our sites and services and securing our facilities, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.

Data Category	Geolocation Data
Data Elements Corresponding to Data Category	Physical location or movements, such as the capture of an IP address
How We Collect Your Personal Data:	Directly and indirectly from individuals who visit our website (www.copart.com). Directly and indirectly from our employees. Directly from our employees.
GDPR Lawful Basis	Our legitimate business interests, such as improving our sites and services and security our website, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.

Data Category	Biometric Data
Data Elements Corresponding to Data Category	Fingerprints and faceprints used as an alternate method to access employee devices; used to uniquely identify an employee. Geometric facial patterns derived from photographs used to verify member identity.
How We Collect Your Personal Data:	Directly from our employees. Directly from our members.
GDPR Lawful Basis	Your consent. Our legitimate business interests, such as improving the security of Copart owned devices, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.

Data Category	Transaction Data
Data Elements Corresponding to Data Category	Commercial information, consisting of information about your transactions with us, including information about items on which you place bids.
How We Collect Your Personal Data:	Indirectly from our members.
GDPR Lawful Basis	Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.

Data Category	Data Elements Corresponding to Data Category	How We Collect Your Personal Data:	GDPR Lawful Basis
Identity Data	Identifiers and characteristics of a protected class, including first name, last name, member number, username or similar identifier, password, title, date of birth, gender, social security number, tax ID, photo ID, driving license and passport information.	Directly from an individual who corresponds with us Directly from our vendors Directly from our members Directly from an individual who sells us a vehicle Directly from an individual who pick up vehicles at one of our yards Directly from an individual who applies for a position, or who we recruit	Performance of a contract Your consent Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.
Professional and Employment Related Data	Includes performance evaluations, payroll information and benefits information such as health insurance and retirement. Previous work experience information, including years employed, prior place of employment, title, and roles within a previous company.	Directly from an individual who applies for a position, or who we employ	Performance of a contract. Our legitimate business interests, such as improving our sites, services and recruitment efforts, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.
Non-Public Education Information	Education records directly related to a student maintained by an educational institution or party acting on its behalf.	Directly from an individual who applies for a position, or who we employ From third parties who perform background checks on our behalf.	Performance of a contract. Compliance with legal obligations • Our legitimate business interests, such as improving our sites, services and recruitment efforts, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.
Contact Data	Identifiers, including your postal address, street address for vehicle pickup, email address and phone number and also your business license information.	Directly from an individual who corresponds with us Directly from our vendors Directly from our members Directly from an individual who sells us a vehicle Directly from an individual who picks up a vehicle at one of our yards Directly from an individual who applies for a position, or who we recruit	Performance of a contract. Your consent Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.
Financial Data	Identifiers and financial information, including credit card or debit card, mobile pay information such as PayPal and Apple Pay, and bank account/sort code details.	Directly from our members Directly from an individual who sells us a vehicle Directly from an individual who picks up a vehicle at one of our yards.	Performance of a contract Our legitimate business interests, such as improving our sites and services, and the services of our third parties who help us facilitate payments, except where such interests are overridden by your interests or fundamental rights and freedoms Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.
Technical Data	Internet or other electronic network activity information, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, server logs, operating system and platform and other technology on the devices you use to access this website.	Directly and indirectly from people who visit our website (www.copart.com).	Your consent. Our legitimate business interests, such as improving our sites and services and securing the safety of our website, except where such interests are overridden by your interests or fundamental rights and freedoms Compliance with legal obligations To protect your vital interests or the vital interests of another natural person.
Marketing Data	Includes your preferences in receiving marketing from us and our contracted third parties and your communication preferences. This also includes information you provide to us through one of our communication channels.	Directly from our members. Directly from an individual who corresponds with us.	Your consent. Our legitimate business interests, such as facilitating a communication channel and improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.
Vehicle Data	Includes the make, model, condition of the vehicle, and vehicle identification number (VIN), which some jurisdictions classify as Personal Data.	Directly from an individual who sells us a vehicle.	Performance of a contract. Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.
Usage Data	Internet or other electronic network activity information, including information about how you use our website, products, and services.	Indirectly from our members. Indirectly from individuals who visit our website and use our services.	Your consent. Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.
Sensory Data	Audio, electronic, visual, thermal, olfactory, or similar information such as recorded calls or CCTV recordings.	Directly from an individual who corresponds with us. Indirectly from an individual who picks up a vehicle from one of our yards. Directly and indirectly from our employees.	Our legitimate business interests, such as improving our sites and services and securing our facilities, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.
Geolocation Data	Physical location or movements, such as the capture of an IP address	Directly and indirectly from individuals who visit our website (www.copart.com). Directly and indirectly from our employees. Directly from our employees.	Our legitimate business interests, such as improving our sites and services and security our website, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.
Biometric Data	Fingerprints and faceprints used as an alternate method to access employee devices; used to uniquely identify an employee. Geometric facial patterns derived from photographs used to verify member identity.	Directly from our employees. Directly from our members.	Your consent. Our legitimate business interests, such as improving the security of Copart owned devices, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.
Transaction Data	Commercial information, consisting of information about your transactions with us, including information about items on which you place bids.	Indirectly from our members.	Our legitimate business interests, such as improving our sites and services, except where such interests are overridden by your interests or fundamental rights and freedoms. Compliance with legal obligations. To protect your vital interests or the vital interests of another natural person.

Special Categories

We do not collect Sensitive Data, which is information regarding criminal convictions or offenses, and we do not intentionally collect any details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetics and biometric data. However, because some of our communication channels, such as e-mail, social media, and telephony systems allow end users to provide us with unstructured data, it is possible for Copart to receive unsolicited Personal Data provided by the message sender. We request that you refrain from sharing Sensitive Data through any of these channels.

SMS Communications Terms of Service

Consent for SMS Communication:

Information obtained as part of the SMS consent process will not be shared with third parties.

Types of SMS Communications:

If you have consented to receive text messages from Copart, you may receive text messages based on our relationship with you, including but not limited to transacting with us and also employee communications.

Standard Messaging Disclosures:

Message and data rates may apply.

You can opt-out at any time by texting "STOP."

For assistance, text "HELP" or visit our privacy policy at https://www.copart.com/content/us/en/privacy-policy?intcmp=web_footer_privacypolicy_en

Sharing Personal Data

In addition to sharing your Personal Data within the Copart Group, we may disclose your Personal Data to external third parties in order to provide you with certain of the services you have requested from us. When we disclose Personal Data to an external third party vendor for a business purpose, we enter into a contract with the vendor that describes the purpose of the processing and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract. In the last twelve (12) months we have disclosed the following categories of Personal Data for a business purpose to the corresponding categories of third parties indicated below:

Data Category	Identity Data
Third Party Category	Regulatory Compliance Service Provider Vehicle Subhaulers Marketing Service Providers Data Analytics Service Providers Data Analytics Service Providers Identification Verification Service Providers Customer Relationship Management Service Providers Vendor Management Service Provider
Business Purpose	To comply with the regulatory obligations applicable to our business operations. To perform a vehicle pickup as part of our service offering. To provide you with information regarding our products and services in which we think you may be interested. To analyze trends and performance of our website and electronic services. To ensure the appropriate individual is collecting a vehicle from us. To manage our relationship with you. To manage the vendors who help us provide our service offerings.

Data Category	Professional and Employment Related Data
Third Party Category	Regulatory Compliance Service Provider Background Verification Service Provider Benefits Administration Service
Business Purpose	To comply with the regulatory obligations applicable to our business operations. To perform a background check that may be performed during the recruitment process. To administer benefits you sign up for.

Data Category	Contact Data
Third Party Category	Communications Service Providers Marketing Service Providers Vehicle Subhaulers Customer Relationship Management Service Providers Regulatory Compliance Service Provider Vendor Management Service Provider
Business Purpose	To facilitate communications channels between us and you. To provide you with information regarding our products and services in which we think you may be interested. To perform a vehicle pickup as part of our service offering. To manage our relationship with you. To comply with the regulatory obligations applicable to our business operations. To manage the vendors who help us provide our service offerings.

Data Category	Financial Data
Third Party Category	Financial Service Providers
Business Purpose	To facilitate payment for the goods or services you purchase from us or sell to us.

Data Category	Technical Data
Third Party Category	Information Technology Service Providers Data Analytics Service Providers
Business Purpose	To effectively operate and protect our website and electronic services. To analyze trends and performance of our website and electronic services.

Data Category	Marketing Data
Data Elements Corresponding to Data Category	Marketing Service Providers Social Media Websites
Business Purpose	To provide you with information regarding our products and services in which we think you may be interested. To share content with you via our social media platforms.

Data Category	Vehicle Data
Third Party Category	Regulatory Compliance Service Provider
Business Purpose	To comply with the regulatory obligations applicable to our business operations.

Data Category	Usage Data
Third Party Category	Data Analytics Service Provider
Business Purpose	To analyze trends and performance of our website and services.

Data Category	Sensory Data
Third Party Category	Telephony and Communications Service Provider Video Surveillance Service Provider
Business Purpose	To review calls with customer representatives for quality assurance. To effectively operate and protect our physical facilities.

Data Category	Geolocation Data
Third Party Category	Information Technology Service Providers
Business Purpose	To effectively operate and protect our website and electronic services. To analyze trends and performance of our website and electronic services.

Data Category	Biometric Data
Third Party Category	Information Technology Service Providers Identification Verification Service Providers
Business Purpose	To secure and protect Copart’s information and technology. To verify member identity and prevent fraud.

Data Category	Transaction Data
Third Party Category	Data Analytics Service Provider
Business Purpose	To analyze trends and performance of our website and services.

Data Category	Third Party Category	Business Purpose
Identity Data	Regulatory Compliance Service Provider Vehicle Subhaulers Marketing Service Providers Data Analytics Service Providers Data Analytics Service Providers Identification Verification Service Providers Customer Relationship Management Service Providers Vendor Management Service Provider	To comply with the regulatory obligations applicable to our business operations. To perform a vehicle pickup as part of our service offering. To provide you with information regarding our products and services in which we think you may be interested. To analyze trends and performance of our website and electronic services. To ensure the appropriate individual is collecting a vehicle from us. To manage our relationship with you. To manage the vendors who help us provide our service offerings.
Professional and Employment Related Data	Regulatory Compliance Service Provider Background Verification Service Provider Benefits Administration Service	To comply with the regulatory obligations applicable to our business operations. To perform a background check that may be performed during the recruitment process. To administer benefits you sign up for.
Contact Data	Communications Service Providers Marketing Service Providers Vehicle Subhaulers Customer Relationship Management Service Providers Regulatory Compliance Service Provider Vendor Management Service Provider	To facilitate communications channels between us and you. To provide you with information regarding our products and services in which we think you may be interested. To perform a vehicle pickup as part of our service offering. To manage our relationship with you. To comply with the regulatory obligations applicable to our business operations. To manage the vendors who help us provide our service offerings.
Financial Data	Financial Service Providers	To facilitate payment for the goods or services you purchase from us or sell to us.
Technical Data	Information Technology Service Providers Data Analytics Service Providers	To effectively operate and protect our website and electronic services. To analyze trends and performance of our website and electronic services.
Marketing Data	Marketing Service Providers Social Media Websites	To provide you with information regarding our products and services in which we think you may be interested. To share content with you via our social media platforms.
Vehicle Data	Regulatory Compliance Service Provider	To comply with the regulatory obligations applicable to our business operations.
Usage Data	Data Analytics Service Provider	To analyze trends and performance of our website and services.
Sensory Data	Telephony and Communications Service Provider Video Surveillance Service Provider	To review calls with customer representatives for quality assurance. To effectively operate and protect our physical facilities.
Geolocation Data	Information Technology Service Providers	To effectively operate and protect our website and electronic services. To analyze trends and performance of our website and electronic services.
Biometric Data	Information Technology Service Providers Identification Verification Service Providers	To secure and protect Copart’s information and technology. To verify member identity and prevent fraud.
Transaction Data	Data Analytics Service Provider	To analyze trends and performance of our website and services.

In addition, we may also disclose your Personal Data in the following circumstances:

In connection with the sale of a business (including merger, acquisition, or sale of all or a material portion of the business’s assets, change in corporate control, or insolvency or bankruptcy proceedings).
To enforce our terms of service or rules; to ensure the safety and security of our users and third parties; to protect our rights and property and the rights and property of our users and third parties; and to comply with legal process, including pursuant to a judicial warrant, rule, order or subpoena, or in other cases if we believe in good faith that disclosure is required by law or regulation, in each case, without obligation to contest such legal process.

Promotional Marketing

Depending on the location in which you are located and, if applicable whether you provide your affirmative consent, we may use your identity, contact, technical, usage and transaction data to form a view on what products or services we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant to you.

Withdrawing Consent for Promotional Marketing

Depending on the location in which you are located, we have established a preference center through which certain of our members may opt-out of direct marketing. The same category of members may also opt-out of promotional marketing by submitting your request to privacy@copart.com. All recipients of marketing and promotional communications from us may opt-out of future marketing communications by clicking on the “remove me” link that we include at the bottom of all of our marketing communications.

International Transfers

For the purposes of the General Data Protection Regulation (GDPR), some recipients of your Personal Data are located outside of your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. When transferring Personal Data to such recipients, we provide appropriate safeguards.

The transmission of Personal Data between and among certain members of the Copart Group, which consists of Copart, Inc. and its direct and indirect subsidiaries that Copart, Inc. controls, is based on our worldwide data protection principles contained in our Intra-Group Processing Agreement, which incorporate both controller to controller and controller to processor model clauses prescribed by the European Union. Through our Intra-Group Processing Agreement, the Copart Group undertakes to protect your Personal Data and to comply with applicable data protection obligations.

Your Rights and Choices

Subject to possible restrictions under national law, as a data subject under the GDPR, a California consumer under the California Consumer Privacy Act (CCPA), or a data subject under the Nevada Privacy Law, you may have certain rights regarding the Personal Data that we collect on you.

Those rights are described in the below table:

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Access / to Know
Description	A consumer has the right to request that a business that collects personal information about the consumer disclose: (1) The categories of personal information it has collected about that consumer; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting or selling personal information; (4) the categories of third parties with whom the business shares personal information; and (5) the specific pieces of personal information it has collected about that consumer.

Rights under GDPR, CCPA and/or the Nevada Privacy Law

Access / to Know

Description

A consumer has the right to request that a business that collects personal information about the consumer disclose: (1) The categories of personal information it has collected about that consumer; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting or selling personal information; (4) the categories of third parties with whom the business shares personal information; and (5) the specific pieces of personal information it has collected about that consumer.

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Rectification
Description	An individual may request that inaccurate personal data be corrected or rectified.

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Deletion/Erasure
Description	A consumer has the right to request that a business delete any personal information about the consumer that the business has collected from the consumer.

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Restrict Processing
Description	In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data: where you believe the personal data we hold about you is inaccurate and while we verify accuracy; where we want to erase your personal data as the processing is unlawful but you want us to continue to store it; where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defense of legal claims; or where you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.

Rights under GDPR, CCPA and/or the Nevada Privacy Law

Restrict Processing

Description

In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data: where you believe the personal data we hold about you is inaccurate and while we verify accuracy; where we want to erase your personal data as the processing is unlawful but you want us to continue to store it; where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defense of legal claims; or where you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Data Portability
Description	In certain circumstances, you shall have the right to receive the personal data concerning you, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Object to Processing
Description	In certain circumstances, you can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Object to Automated Decision-Making
Description	In certain circumstances, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. However, Copart does not utilize automated decision-making in the processing of your Personal Data.

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Withdraw Consent
Description	In certain circumstances, you may withdraw your consent to the processing of personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide you certain products or services.

Rights under GDPR, CCPA and/or the Nevada Privacy Law	Description
Access / to Know	A consumer has the right to request that a business that collects personal information about the consumer disclose: (1) The categories of personal information it has collected about that consumer; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting or selling personal information; (4) the categories of third parties with whom the business shares personal information; and (5) the specific pieces of personal information it has collected about that consumer.
Rectification	An individual may request that inaccurate personal data be corrected or rectified.
Deletion/Erasure	A consumer has the right to request that a business delete any personal information about the consumer that the business has collected from the consumer.
Restrict Processing	In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data: where you believe the personal data we hold about you is inaccurate and while we verify accuracy; where we want to erase your personal data as the processing is unlawful but you want us to continue to store it; where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defense of legal claims; or where you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.
Data Portability	In certain circumstances, you shall have the right to receive the personal data concerning you, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
Object to Processing	In certain circumstances, you can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
Object to Automated Decision-Making	In certain circumstances, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. However, Copart does not utilize automated decision-making in the processing of your Personal Data.
Withdraw Consent	In certain circumstances, you may withdraw your consent to the processing of personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide you certain products or services.

Exercising Your Rights

You may generally exercise one or more of your rights described above free of charge. When requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge an appropriate fee in accordance with the applicable regulations or refuse to process the application.

To exercise your rights as a data subject under the GDPR, please submit a verifiable consumer request to:
privacy@copart.com.

Additionally, as a data subject under the GDPR, you have the right to lodge a complaint with your applicable supervisory authority. However, we would appreciate the chance to deal with your concern before you approach a supervisory authority so please contact us in the first instance.

California and Nevada Residents

If you reside in California or Nevada, you may have certain additional rights under the California Consumer Privacy Act, also known as the CCPA, or the Nevada Online Privacy Law. These rights include:

Right to access personal data: you may request a disclosure of what personal data Copart collects
Right to delete personal data: you may request the deletion of your personal data collected or retained by Copart. California and Nevada consumers may contact us by emailing privacy@copart.com.
Right to Opt-Out: you have the right to opt-out of the “sale” of your personal data collected by Copart.

Additionally, California residents may contact us by calling 800-998-1985.

Notice to California and Nevada residents: Both the CCPA and Nevada Online Privacy Law permit residents of California and Nevada to opt-out of the sale of their personal information to third parties. Copart works with third-party companies for advertising and marketing purposes and may collect and share information about you or the device you use to access our website.

Copart may also share personal information under limited circumstances in which Copart obtains the individual’s contemporaneous consent. Copart has established business partners who work with us to purchase vehicles directly from individuals. When Copart is not able to purchase your vehicle, if you direct us to do so, we may share your Personal Data with one of those business partners.

For more information about the choices you have about the advertising and marketing practices described in our privacy policy and how to opt-out, please see the “Cookies and Similar Technologies” section below.

California Employee Privacy Notice

This Employee Privacy Notice (“Privacy Notice”) explains how Copart Inc., including any direct or indirect wholly owned subsidiaries who are employers of California Residents, (“we,” “us,” “our”) collects, uses and discloses Personal Information about our current and former employees, directors, officers, contractors and other part-time and full-time workers who are California residents (“you,” “your,” “employee”).

In this Privacy Notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee, and “Sensitive Personal Information” refers to certain types of Personal Information that are deemed particularly sensitive (for example, government identification numbers, health or biometric information, account access credentials, precise geolocation, or racial or ethnic origin). For purposes of this Privacy Notice, references to Personal Information include Sensitive Personal Information, unless otherwise indicated. Personal Information does not include information that is de-identified in accordance with applicable law or lawfully made publicly available from government records, the employee, or widely distributed media.

1. CHANGES TO THIS PRIVACY NOTICE

We may modify this Privacy Notice from time to time in which case we will update the “Last Updated” date at the top of this Privacy Notice. If we make material changes to the ways in which we process your information, we will use reasonable efforts to notify you (such as by emailing you or posting a notice on our intranet) and will take additional steps as required by applicable law.

2. COLLECTION AND USE OF YOUR INFORMATION

We collect Personal Information about you as part of your employment or contractual relationship with us from a variety of sources, including from you directly, from your references, from our vendors and service providers that help manage the employment or contract lifecycle (including for payroll and benefits administration). We collect, and over the past 12 months have collected, the following categories of Personal Information, including Sensitive Personal Information (denoted by *):

We use the above Personal Information for various business purposes as your employer, including:

Identifiers such as name, email address, home address, phone number and date of birth
Personal information categories listed in the California Customer Records Statute such as name, signature, social security number*, address, telephone number, passport number* and driver’s license* or state identification card number*.
Protected classification characteristics under California or federal law such as race*, color*, religion or creed*, national origin or ancestry*, sex (including gender, pregnancy, sexual orientation* and gender identity*), age, physical or mental disability*, veteran status, genetic information* and citizenship.
Internet or other similar network activity such as information regarding your interaction on our devices and systems, surveillance information (such as CCTV footage related to your activities at our physical locations), and other data related to building, facility and system access (such as information obtained through electronic means such as swipe card records).
Geolocation data such as IP address (approximate location).
Audio, electronic, visual, thermal, olfactory or similar information such as photographs, video recordings and voice recordings of employees (such as CCTV footage).
Professional or employment-related information such as title of profession, employer, professional background, including resume and CV.
Non-public education information collected by certain federally funded institutions such as education records.
Government identifiers* such as Social Security number, driver’s license, state identification card or passport number.
Account access credentials* such as account login in combination with the password or credentials allowing access to accounts you use in relation to your employment or contractual relationship with us.
Communications where we are not the intended recipient* such as the contents of an employee’s mail, email, calls and text messages processed using equipment we own.
Biometric information for the purpose of uniquely identifying an employee* such as scans of fingerprint access to certain equipment we own that you use in relation to your employment.
Health information* such as information that can reveal characteristics of your health such as medical diagnoses shared when applying for personal leave, information related to physical and mental health or a condition, health screening information (including body temperature readings), COVID-19 related information, occupational health information, and any information you may provide when using employee benefits.
Other categories of Sensitive Personal Information* such as ethnic origin, religious or philosophical beliefs, genetic data, precise geolocation data, union membership or Personal Information concerning an employee’s sex life or sexual orientation.
Recruiting and hiring, including conducting background verifications to the extent permitted by applicable laws.
Managing the employment or contract lifecycle, such as onboarding, training, monitoring conduct and performance, maintaining personnel records, terminating the employment or contractual relationship, off-boarding, and completing employment verifications for former employees.
Administering payroll, retirement plan contributions, health plans, and other employee benefits.
Improving employment practices, including equality and diversity in the workplace.
Enhancing and maintaining health, safety, and accessibility at work, including by providing workplace accommodations, facilitating sick leave and sick pay, complying with statutory health and safety monitoring and reporting, securing the working environment, responding to emergencies, and taking steps to mitigate the spread of viruses or diseases (or similar) in the context of a health emergency (in some cases, this could include collecting, using or disclosing information related to third parties with whom you are in contact or with whom you live).
Managing, planning, and organizing the operations of our business, including by facilitating business planning and restructuring exercises.
Safeguarding our business interests, including our intellectual property and confidential information, and the security, availability and resilience of our premises and IT systems.
Handling investigations, claims, grievances, and disciplinary proceedings, and defending or pursuing legal claims.
Planning and executing a transaction involving the sale, transfer, merger, consolidation, restructuring, or re-organization of any part(s) of our business or our assets, or merging with, acquiring, or forming a joint venture with any other business.
Preventing fraud, crime, harassment, discrimination, or other misconduct, and complying with legal and regulatory obligations, including: ensuring that tax and other statutory dues are paid; responding to requests from foreign and domestic law enforcement, regulators and courts; carrying out verifications in relation to your right to work; equal opportunities monitoring; investigating claims of discrimination or harassment; determining and making reasonable adjustments, such as for disabled employees; managing statutory leave and pay systems such as parental leave and pay; and complying with leave management policies.

We only use and disclose your Sensitive Personal Information for the purposes specified in the California Consumer Privacy Act.

3. DISCLOSURE OF YOUR INFORMATION

In certain circumstances, we may disclose your Personal Information to third parties for legitimate purposes subject to this Privacy Notice, including:

Other entities in our corporate group as may be necessary to maintain and administer our employment or contractual relationship with you (“Corporate Affiliates”)
Vendors who provide employment-related services such as payroll and benefits administration, facility access and security, cloud storage and IT services, personnel records management, business applications, and background checks and other verifications (“Service Providers”).
Benefit providers who assist with certain medical, dental, vision, life, disability and other medical services, and provide related services, such as medical and rehabilitation practitioners (“Benefit Providers”).
Law enforcement, courts, regulators, counterparties, and other third parties in connection with a legal obligation (“Legal Parties”), including if reasonably necessary or appropriate to:
- Comply with any applicable federal, state or local law or regulation, civil, criminal or regulatory inquiry, investigation or legal process or enforceable government request;
- Respond to legal process (such as a search warrant, subpoena, summons or court order);
- Cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state or local law; or
- Exercise or defend legal claims, protect against harm to our rights, property, interests or safety or the rights, property, interests or safety of, third-parties, or to the public required or permitted by law.
Third parties in connection with or anticipation of an asset sale, merger, acquisition, change in corporate control, insolvency or bankruptcy proceeding, or other business transaction (“Business Transaction Parties”).
Other third parties with your permission or upon your direction.

In the preceding 12 months, we disclosed the following categories of Personal Information, including Sensitive Personal Information (denoted by *), about employees:

Information and Recipients Table

Categories of Personal Information	Categories of Recipients
Identifiers	Corporate Affiliates, Service Providers, Benefits Providers
Personal information categories listed in the California Customer Records Statute
Government identifiers*
Health information*
Protected classification characteristics under California or federal law	Corporate Affiliates, Service Providers
Internet or other similar network activity
Professional or employment-related information
Non-public education information collected by certain federally funded institutions
Account access credentials*
Communications where we are not the intended recipient*
Other categories of Sensitive Personal Information*
Biometric information for the purpose of uniquely identifying an employee*
Geolocation data
Audio, electronic, visual, thermal, olfactory or similar information

do not sell Personal Information or share Personal Information for cross-context behavioral advertising purposes, nor have we done so in the preceding 12 months. We do not have actual knowledge that we sell or share for cross-context behavioral advertising purposes Personal Information of individuals under 16 years of age.

4. RETENTION OF YOUR INFORMATION

We retain your Personal Information for as long as is reasonably necessary for the purposes specified in this Privacy Notice. When determining the length of time to retain your Personal Information, we consider various criteria, including whether we need the Personal Information to maintain your employment or contract, comply with our legal obligations, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property or business.

5. YOUR RIGHTS

As a California resident, you may have the rights in relation to Personal Information that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

Right to Know. You have a right to request the following information about our collection, use and disclosure of your Personal Information: (i) categories of Personal Information we have collected and disclosed for a business purpose, (ii) categories of sources from which we collected Personal Information; (iii) the business or commercial purposes for collecting Personal Information, (iv) categories of third parties to whom the Personal Information was disclosed for a business purpose; and (v) specific pieces of Personal Information that we have collected.
Right to Correct. You have a right to request that we correct inaccurate Personal Information maintained about you.
Right to Delete. You have a right to request that we delete your Personal Information.

We only use and disclose sensitive personal information for the purposes specified in the California Consumer Privacy Act (CCPA) or with your consent.

You may exercise any of these rights by contacting us using the information provided below. We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or government issued ID, before providing a substantive response to the request. You may designate, in writing, including through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.

6. HOW TO CONTACT US

Should you have any questions about our privacy practices or this Privacy Notice, please email privacy@copart.com or contact us at 1-800-998-1985.

Cookies and Similar Technologies

When you use our services, except as described in this Privacy Policy regarding the opt-in consent we obtain from certain of our web site visitors based on their location, we and selected third parties may use cookies and similar technologies to provide you with a better, faster, and safer user experience or to show you personalized advertising. Cookies are small text files that are automatically created by your browser and stored on your device when you use the services.

Our cookies and similar technologies have different functions:

They may be technically necessary for the provision of our services;
They help us optimize our services technically (e.g. monitoring load times and errors);
They help us improve your user experience;
They allow us to show you more relevant advertisements.

Third-Party Cookies

The third-party advertising and marketing companies with which we partner may provide you the option to opt out of the use of information about your website visits and app usage for purposes of serving ads that are targeted to your interests. You can learn more about interest-based advertising and how to opt out of the use of your web browsing activity for interest-based advertising purposes by visiting these sites: Digital Advertising Alliance, the Network Advertising Initiative, and the Interactive Advertising Bureau (IAB) Europe.

Online Tracking

Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. We generally do not recognize your choice to opt out of tracking via a DNT request. However, depending on your location we may request that you expressly opt-in to cookies that are not essential to our web-site functionality, including tracking and marketing analytics cookies.

Data Security and Data Retention

We implement and maintain reasonable security measures to prevent your Personal Data from being used, accessed, altered, or disclosed in an unauthorized way. Please note that any information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us. Please be aware that despite our best efforts, no security measures are perfect or impenetrable.

Data Retention

We will only retain your Personal Data for as long as necessary to fulfill the purpose we collected it for, including for the purpose of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Third-Party Links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

If You Fail to Provide Personal Data

When we need to collect Personal Data by law, or under the terms of the contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. For example, if you do not provide us with required Personal Data, we may be unable to provide you with the services you have requested. In this case, we may have to cancel a contract you have with us, but we will notify you if this is the case.

Non-Discrimination

We will not discriminate against you for exercising any of your Personal Data rights. Unless permitted under applicable law, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by applicable law that can result in different prices, rates, or quality levels. Any legally permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably conclude that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us by emailing privacy@copart.com.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Changes to this Privacy policy

Changes to our Privacy Policy

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will notify you by email or through another appropriate communication method.

Contact Information

Contact Information

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions regarding this privacy policy, including any requests to exercise your legal rights. If you have any questions or comments about this policy, the ways in which we collect and use your Personal Data, your choices and rights regarding such use, or wish to exercise your rights under the CCPA, GDPR, or the Nevada Privacy Law, please do not hesitate to contact the DPO at:
Website: www.copart.com
Email: privacy@copart.com
Postal Address:

Copart, Inc.
Attn: Data Protection Officer
14185 Dallas Parkway, Suite 300
Dallas, TX 75254

Privacy Policy

Privacy Statement

Important Information

Data Controller

Personal Data We Collect

SMS Communications Terms of Service

Sharing Personal Data

Promotional Marketing

International Transfers

Your Rights and Choices

California and Nevada Residents

California Employee Privacy Notice

Cookies and Similar Technologies

Data Security and Data Retention

Third-Party Links

If You Fail to Provide Personal Data

Non-Discrimination

Change of Purpose

Changes to this Privacy policy

Contact Information

Get to Know Us

Get to Know Us

Find a Vehicle

Find a Vehicle

Auctions

Auctions

Services

Services

Support

Support

Connect with Us

Connect with US

Download the App

Privacy Policy

Privacy Statement

Important Information

Kiosk sign out ×

Kiosk sign out