Your Privacy Matters
Privacy Policy
Flynn Automotive is committed to protecting your privacy and maintaining your trust. This policy explains how we collect, use, and safeguard your personal information in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
Last updated: March 2026
About Flynn Automotive
Flynn Automotive is a licensed used car dealership located in Niagara-on-the-Lake, Ontario. We are registered with the Ontario Motor Vehicle Industry Council (OMVIC) and operate under the Motor Vehicle Dealers Act (MVDA). Our business includes vehicle sales, trade-in valuations, service and maintenance, and vehicle financing.
Address: 107 Read Road, Niagara-on-the-Lake, ON L0S 1J0
Phone: (289) 272-9979
Email: sales@flynnauto.ca
HST Number: 76812 3671 RT0001
OMVIC Registration: 5319561
What Information We Collect
We collect personal information only when it is necessary for our business operations, legal compliance, or to serve you better. Here is what we collect and why:
Contact & Customer Information
When you inquire about vehicles, make a purchase, or use our services, we collect your name, address, email address, and phone number. This information is essential for us to communicate with you about vehicle availability, sales transactions, and service work.
Driver's License Information
For vehicle purchases, Ontario law requires us to verify buyer identity. We collect your driver's license number, date of birth, and address from your valid government-issued ID. This information is required to complete the bill of sale and vehicle ownership transfer.
Payment Information
When you make a payment through our website, payment information is processed securely by our payment processors (Stripe and Square). We do not store credit card details on our servers. Payment history and transaction records are retained for accounting and dispute resolution purposes.
Vehicle & Service History
We maintain records of vehicles you have inquired about, purchased, traded in, or serviced with us. This includes the vehicle identification number (VIN), make, model, year, mileage, and detailed service and repair records. This information is used to provide you with accurate service history and better serve your ongoing maintenance needs.
Employment & Income Information (Financing Only)
If you apply for vehicle financing, we collect employment details, income, housing information, and bank account details — but only when you explicitly apply for financing. This information is provided directly to lenders and financing partners via secure channels. We do not store this information longer than necessary to process your financing application.
Website Usage Data
When you visit our website, we automatically collect standard web server information including your IP address, browser type, pages visited, time spent on our site, and referring website. This data helps us understand how our website is used, improve user experience, and detect technical problems. We use this information for analytics purposes only.
Cookies & Tracking Technologies
Our website uses cookies to remember your preferences, maintain your login session, and provide a personalized browsing experience. We also use analytics cookies to track site performance and user behavior. You can control cookie settings through your browser preferences.
Communications Records
We maintain records of emails, text messages (SMS), and phone calls with you for customer service, transaction confirmation, service reminders, and follow-up purposes. SMS communications comply with Canada's Anti-Spam Legislation (CASL). You may opt out of non-transactional marketing messages at any time.
Device & Security Information
For security purposes, we collect and log IP addresses, device identifiers, and user agent information during customer authentication and high-value transactions. This helps us detect and prevent fraud, maintain account security, and comply with PCI DSS standards for payment processing.
What We Do NOT Collect
We do not collect Social Insurance Numbers (SIN), health information, biometric data, or other sensitive personal information beyond what is strictly required for vehicle sales and financing. If you provide a SIN to us, we will not retain it — only lenders and financing partners require this information.
Why We Collect Your Information
We collect and use your information for specific, legitimate business purposes:
- •Vehicle Sales: Processing inquiries, generating quotes, completing bills of sale, registering ownership transfers, and providing post-sale support.
- •Trade-In Valuations: Assessing trade-in vehicles, generating estimates, and documenting condition assessments.
- •Financing & Credit: Assisting you with vehicle financing applications and communicating with lenders and financing partners.
- •Service & Maintenance: Managing service appointments, maintaining vehicle history, tracking warranty coverage, and communicating service updates and reminders.
- •Legal & Regulatory Compliance: Meeting Ontario Motor Vehicle Dealers Act requirements, maintaining dealer records, OMVIC compliance, and responding to regulatory inquiries.
- •Communications: Sending transactional emails (purchase confirmations, invoices), service notifications, appointment reminders, and marketing communications (with your consent).
- •Website Operations: Improving our website functionality, analyzing user experience, and providing personalized content.
- •Fraud Prevention: Detecting and preventing fraud, unauthorized access, and other security threats.
How We Share Your Information
We only share your personal information with third parties when necessary to provide our services or when required by law. Here are the specific circumstances where we share data:
Lenders & Financing Partners
If you apply for vehicle financing, we share employment, income, and housing information directly with lenders and financing partners (via DealerTrack or similar platforms) to process your financing application. You control whether this information is shared by choosing to apply for financing.
Payment Processors
Payment card information is transmitted directly to our PCI DSS-compliant payment processors (Stripe and Square). We do not handle or store credit card details. Transaction records are retained for accounting purposes only.
Communication Service Providers
We use Resend (for email) and Twilio (for SMS and phone calls) to send communications on your behalf. These service providers process your contact information under confidentiality agreements and do not use your information for their own marketing purposes.
OMVIC & Regulatory Bodies
As an OMVIC-licensed dealer, we are required to comply with Motor Vehicle Dealers Act investigations and regulatory requests. We will disclose information as legally required to comply with government authority requests.
Cloud Hosting & Database Services
Our website and customer data are hosted on Supabase (a cloud database service). Supabase processes personal information under data processing agreements that comply with PIPEDA. All data is encrypted at rest and in transit.
Service Providers
We may engage third-party vendors (such as analytics providers, email platforms, and document storage services) to operate our website and provide customer services. All service providers are contractually bound to protect your information and use it only for the purposes we specify.
Legal Obligations
We may disclose information when required by law (court orders, government requests) or when necessary to protect our legal rights or the safety of our staff and customers. We will disclose the minimum information necessary to comply with such requirements.
Important: We do not sell your personal information to third parties for marketing or commercial purposes. We do not share information for purposes other than those described in this policy without your explicit consent.
Data Storage & Security
Your personal information is stored securely and access is restricted to authorized staff only.
Where We Store Your Data
All customer data is stored on Supabase, a secure cloud-hosted PostgreSQL database. Data is encrypted at rest using AES-256 encryption. All data transmission between your browser and our servers uses industry-standard TLS/HTTPS encryption.
Access Controls
Access to customer information is strictly limited to authorized staff members (sales, service, and administrative personnel) who have a legitimate business need to access the information. All staff members are trained on privacy obligations and confidentiality. Access to sensitive information (payment records, financing applications) is further restricted by role-based permissions.
Security Measures
We implement multiple security controls to protect your information:
- •Encrypted data transmission (TLS/HTTPS)
- •AES-256 encryption at rest
- •Role-based access control (RBAC)
- •Multi-factor authentication for staff
- •Regular security audits and penetration testing
- •PCI DSS compliance for payment processing
- •Activity logging and audit trails
Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify you as required by applicable privacy laws. Notification will be provided without unreasonable delay via email or phone using the contact information on file.
How Long We Keep Your Information
We retain personal information only as long as necessary to fulfil the purposes for which it was collected or as required by law. Here are our retention schedules:
After the retention period expires, personal information is securely deleted or anonymized. However, some information may be retained longer if required to comply with legal obligations (tax law, litigation, regulatory investigations).
Your Privacy Rights
Under PIPEDA, you have the right to:
Right to Access
You have the right to request access to all personal information we hold about you. We will provide this information in a clear, accessible format within 30 days of your request.
Right to Correction
If your personal information is inaccurate or incomplete, you may request that we correct or update it. We will make reasonable efforts to correct any errors within 30 days.
Right to Deletion
Subject to legal and regulatory requirements, you may request deletion of your personal information. We may retain information as required by law, but will delete it once retention requirements are satisfied.
Right to Opt Out of Marketing
You may opt out of marketing emails and SMS at any time by clicking "Unsubscribe" in any marketing message or by contacting us directly. Opting out of marketing does not affect transactional communications (invoices, service updates, legal notices).
Right to Withdraw Consent
If we rely on your consent to process your information, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Right to Data Portability
You may request that we provide your personal information in a structured, machine-readable format so you can transfer it to another organization.
To exercise any of these rights, please contact us at sales@flynnauto.ca or (289) 272-9979. We will respond to requests within the timeframes specified by PIPEDA (generally 30 days).
Cookies & Website Tracking
Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather analytics data.
Essential Cookies
These cookies are necessary for the website to function (e.g., session management, security). You cannot disable these cookies without affecting website functionality.
Analytics Cookies
We use analytics cookies to understand how visitors use our website, which pages are popular, and where visitors encounter issues. This data is used to improve website performance and user experience.
Preference Cookies
These cookies remember your preferences (such as language or display settings) to provide a personalized experience on future visits.
Controlling Cookies
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling cookies may affect website functionality.
CASL Compliance (Anti-Spam Legislation)
Canada's Anti-Spam Legislation (CASL) regulates commercial email and SMS messages. Flynn Automotive is committed to CASL compliance.
Commercial Messages
Any marketing emails or SMS we send (promotions, new inventory alerts, service specials) will only be sent to individuals who have explicitly consented to receive them. Transactional messages (invoice confirmations, service updates, appointment reminders) do not require consent and will be sent as needed.
Unsubscribe Rights
Every marketing email and SMS will include clear unsubscribe instructions. You may opt out by clicking the unsubscribe link, texting STOP, or contacting us directly. We will honour unsubscribe requests within 10 business days.
Implied Consent
If you purchase a vehicle from us or have an existing customer relationship, we may send service reminders and maintenance notifications based on implied consent. You may always opt out of these messages.
Ontario Electronic Commerce Act Compliance
This website and our e-signature capabilities (for documents such as bills of sale and service agreements) comply with Ontario's Electronic Commerce Act, 2000. We maintain secure audit trails for all electronically signed documents, including timestamps, signer information, and signature verification. You have the right to obtain a paper copy of any electronic record created during our transaction.
Children's Privacy
Our website and services are not directed to individuals under the age of majority in Ontario (18 years old). We do not knowingly collect or maintain personal information from minors. If we discover that we have collected information from a minor without parental consent, we will delete that information immediately. If you believe we have collected information from a minor, please contact us at sales@flynnauto.ca.
Third-Party Links & External Websites
Our website may contain links to external websites (e.g., lender websites, payment processors, regulatory bodies). We are not responsible for the privacy practices of these external sites. When you visit third-party websites, their privacy policies apply. We encourage you to review the privacy policies of any external websites before providing your personal information.
Updates to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (using the email address on file) or by posting an updated version on our website with a revised "Last Updated" date. Your continued use of our website following notification of changes constitutes your acceptance of the updated privacy policy.
The most recent version of this policy is always available at www.flynnauto.ca/privacy
Contact Us About Your Privacy
If you have questions about this privacy policy, wish to access, correct, or delete your personal information, or have concerns about how we handle your data, please contact our Privacy Officer:
Flynn Automotive
107 Read Road
Niagara-on-the-Lake, ON L0S 1J0
Email: sales@flynnauto.ca
Phone: (289) 272-9979
We will respond to your privacy inquiry within 30 days. If you are not satisfied with our response to a privacy complaint, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
This Privacy Policy was last updated in March 2026 and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario privacy legislation.
Questions About Your Privacy?
Contact us anytime — we're here to help and answer any privacy-related questions.