Rush Enterprises, Inc. Privacy Policy

Rush Enterprises, Inc. and its wholly owned subsidiaries and affiliates (collectively, “Rush,” “Company,” “we,” “us,” or “our”) respect your privacy. This Privacy Policy describes how we collect, use, disclose, retain, and otherwise process personal information when you interact with us online and offline, including through our websites, mobile applications, physical locations, phone calls, email, text messages, direct mail, telematics-enabled services, and other products and services that link to or reference this Policy (collectively, the “Services”).

This Policy does not apply where we provide a separate privacy notice at the time of collection, including a separate financial privacy notice for certain financial products or services subject to the Gramm-Leach-Bliley Act (“GLBA”). It also does not apply to information that is exempt from applicable state privacy laws, such as certain information regulated by the Fair Credit Reporting Act (“FCRA”), the Driver’s Privacy Protection Act (“DPPA”), or GLBA.

If we change this Policy, we will post the revised Policy on this page and update the “Last Updated” date. In some cases, we may provide a separate or just-in-time notice at or before the point of collection where required by law.

 

1. Personal Information We Collect
Depending on how you interact with us, we may collect the following categories of personal information in the preceding 12 months and as needed on a going-forward basis:

Category Examples
Identifiers Real name, alias, postal address, email address, telephone number, account name, online identifiers, Internet Protocol address, driver’s license number, passport number, vehicle identification information, and similar identifiers.
Customer Records / Financial Information Signature, Social Security number, address, telephone number, insurance policy number, bank account number, credit card number, debit card number, financing and payment information, and other information described in California Civil Code Section 1798.80(e).
Protected Classification / Demographic Information Age, marital or family status, languages spoken, education information, gender, military or veteran status, and similar demographic information where voluntarily provided or otherwise permitted by law.
Commercial Information Records of products or services purchased, obtained, considered, leased, financed, repaired, or serviced; vehicle ownership information; and service and repair history.
Internet or Other Electronic Network Activity Browsing history, search history, information regarding your interaction with a website, application, email, advertisement, cookie, or similar technology, mobile network provider, and device-related information.
Geolocation / Telematics Data Physical location of a vehicle, vehicle movements, odometer readings, vehicle performance data, fault codes, and driver behavior data where you authorize or request telematics-enabled products or services, or  where such data is included in a rental or lease arrangement.
Inferences Inferences drawn from the personal information listed above to help us understand likely preferences or interests.
Professional / Employment Information Job title, occupation, company or business name, and employment history or related business-contact information.
Sensitive Personal Information Certain identifiers and account numbers (such as Social Security number, driver’s license number, passport number, financial account, payment card, or precise geolocation/telematics data) where collected. We do not use or disclose sensitive personal information for purposes other than those permitted by applicable law unless we separately notify you and, where required, offer an appropriate right to limit or opt out.

Sources of personal information. We may collect personal information directly from you; indirectly from your device or browser when you use our Services; from your vehicles where authorized; from manufacturers and manufacturers’ dealers; from financing sources and lending institutions; from government entities such as departments of motor vehicles or the U.S. Department of Transportation; from tow companies; from service providers and analytics, advertising, and business partners; and from publicly available sources.

2. How We Use Personal Information

  • To fulfill or meet the reason you provided the information, including to respond to inquiries, provide customer service, schedule or perform repairs, process orders, facilitate delivery, and administer warranties or recalls.
  • To create, maintain, secure, and service accounts, fleets, and business relationships with us.
  • To process requests, transactions, payments, credit applications, financing, fraud prevention, credit-risk reduction, collections, and related financial services.
  • To provide, support, personalize, maintain, troubleshoot, and improve our Services, products, telematics-enabled offerings, and related business operations.
  • To contact you about products, services, promotions, rewards programs, special offers, events, service reminders, recalls, warranty information, and other transactional or relationship messages. For marketing texts or calls, we will obtain consent where required by law, and for marketing emails we provide an unsubscribe mechanism.
  • To personalize your experience and, where permitted by law, deliver content, offers, and advertising tailored to your interests, including through targeted advertising and analytics.
  • To protect the safety, security, integrity, and functionality of our Services, business, systems, facilities, products, and data; to detect, investigate, or prevent fraud, malicious, deceptive, or illegal activity; and to protect our rights or property, including repossession or collections activities where permitted by law.
  • For internal research, analytics, auditing, quality assurance, training, and business development.
  • To comply with legal obligations, court orders, law-enforcement requests, industry standards, and contractual commitments.
  • To evaluate or effect a merger, divestiture, restructuring, reorganization, dissolution, financing, or sale or transfer of some or all of our assets.

3. Cookies, Analytics, Advertising, and Similar Technologies 
We and our partners may use cookies, pixel tags, web beacons, SDKs, log files, session replay tools, and similar technologies to operate the Services, remember preferences, maintain security, measure usage, support analytics, and personalize content and advertising. Where required by law, we will obtain your consent before placing or using non-essential cookies or similar technologies.

Some of these technologies may allow us or our partners to collect information about your activity over time and across different websites, applications, or devices and to associate that information with you or your device for analytics, attribution, or targeted advertising purposes.

We currently recognize browser-based opt-out preference signals, including Global Privacy Control (“GPC”), where required by law. If your browser or device sends a valid opt-out preference signal, we will process it as a request to opt out of sale/sharing and targeted advertising for that browser or device, subject to applicable law and exceptions.

One or more of our Websites may also use "Google reCAPTCHA" (hereinafter "reCAPTCHA"). This service is provided by Google Inc. ("Google"). reCAPTCHA is used to check whether the data entered on our Websites (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam. For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://policies.google.com/privacy and https://www.google.com/recaptcha/about.

Our websites may also work with manufacturers, dealers, and service providers for advertising, analytics, lead management, or related services. Information disclosed to such parties is subject to their own privacy notices. To the extent we disclose information to such parties, they may use that information in accordance with its own privacy statement. For example, for details on FordDirect’s data practices, see: FordDirect Privacy Statement.

4. How We Disclose Personal Information
We may disclose personal information to the following categories of recipients, depending on the nature of your interaction with us:

  • Service providers and contractors that help us operate our business and Services, including hosting, analytics, IT, security, payment processing, communications, customer support, telematics, repair-management, and marketing vendors.
  • Our subsidiaries, affiliates, and commonly owned companies.
  • Manufacturers, manufacturers’ dealers, component suppliers, and their service-management or warranty platform providers in connection with products and services you purchase, lease, finance, or service.
  • Financing sources, lenders, insurers, and fraud-prevention or collections partners when you request or use financing, leasing, rental, insurance, or related services.
  • Advertising, analytics, social-media, and data partners, including data aggregators, where permitted by law.
  • Government entities, regulators, law enforcement, courts, and other third parties where required or permitted by law.
  • Professional advisors, auditors, and parties involved in actual or proposed corporate transactions.
  • Other third parties where you direct us to share your information or otherwise consent.

We do not sell personal information for monetary consideration in the ordinary sense of that term. However, some disclosures involving cookies, pixels, analytics, and advertising technologies may constitute a “sale,” “sharing,” or processing for “targeted advertising” under certain state privacy laws.

In the preceding 12 months, we may have sold or shared (as those terms are defined by applicable law) the following categories of personal information for advertising, analytics, or related purposes: identifiers; commercial information; internet or other electronic network activity information; geolocation data collected through websites or telematics-enabled services; and inferences. We do not knowingly sell or share the personal information of consumers under 16 years of age without the opt-in consent required by applicable law.

We do not sell or share with third parties any mobile information collected for a consumer’s explicit consent to SMS messaging.

We may deidentify or aggregate information and use or disclose that information for any lawful purpose. We will maintain and use deidentified information in deidentified form and will not attempt to reidentify it except as permitted by law.

Our Services may contain links to third-party websites, tools, or services. This Policy does not apply to those third parties, and we encourage you to review their privacy notices.

5. Data Minimization, Retention, and Security
Where required by applicable law, we limit our collection, use, and retention of personal information to what is reasonably necessary and proportionate for the purposes described in this Policy and for other compatible, disclosed, or legally permitted purposes.

We retain personal information for as long as reasonably necessary for the purposes for which it was collected and as needed to comply with legal, tax, accounting, warranty, recall, financing, audit, dispute-resolution, records-management, and other operational requirements. Our retention periods are determined based on factors such as the amount, nature, and sensitivity of the information; the risk of harm from unauthorized use or disclosure; the purposes for processing; whether those purposes can be achieved through other means; contractual requirements; and applicable legal obligations.

We use reasonable administrative, technical, and physical safeguards designed to protect personal information. Nevertheless, no data transmission or storage system can be guaranteed to be 100% secure, and any transmission of information to us is at your own risk.

6. Financial Products and Services / Credit Applications
If you submit a credit application or otherwise apply for or use financial products or services through us, we and one or more lending institutions may collect nonpublic personal information from your application and other information you provide, information concerning prior transactions, and consumer reporting agencies, as permitted by law.

Personal information collected and processed in connection with certain financial products or services may be subject to a separate financial privacy notice and may be exempt from certain state privacy rights. Where a separate GLBA privacy notice applies, that notice will govern in the event of any conflict with this Policy.

7. Children's Privacy
Our Services are not directed to children under 13, and we do not knowingly collect personal information online from children under 13 without appropriate consent. If you believe a child has provided us personal information in a manner inconsistent with applicable law, please contact us so that we can take appropriate steps.  

If we have actual knowledge that we have collected personal information from a consumer under 16 and that sale, sharing, or targeted advertising requires opt-in consent under applicable law, we will obtain that consent as required before engaging in those activities.

8. Consumer Privacy Rights
Depending on your state of residence and subject to applicable exemptions, you may have some or all of the following rights with respect to your personal information. These rights may apply to residents of California and, where the relevant law applies to us and your information is not otherwise exempt, residents of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other states that enact similar privacy rights.

  • Right to know / access. You may request confirmation that we process your personal information and request access to the categories and, in some cases, the specific pieces of personal information we have collected about you.
  • Right to data portability. You may request a portable copy of certain personal information you previously provided to us.
  • Right to correction. You may request that we correct inaccurate personal information we maintain about you, subject to applicable exceptions.
  • Right to deletion. You may request deletion of personal information we collected from or about you, subject to applicable exceptions.
  • Right to opt out. You may opt out of the sale or sharing of personal information, targeted advertising, and certain profiling in furtherance of decisions that produce legal or similarly significant effects, as those concepts are defined by applicable law.
  • Right to limit use and disclosure of sensitive personal information. California residents may request that we limit the use and disclosure of sensitive personal information when that right applies under California law.
  • Right to withdraw consent. Where we rely on consent to process sensitive personal information or other personal information, you may withdraw that consent as permitted by law.
  • Right to non-discrimination / no retaliation. We will not discriminate or retaliate against you for exercising privacy rights, except as permitted by law.
  • Right to appeal. If we decline to act on your request, residents of certain states may appeal our decision using the process described below.
  • California Shine the Light. California residents may request certain information, once per year, regarding our disclosure of personal information to third parties for their own direct-marketing purposes under California Civil Code Section 1798.83.

How to Exercise Your Rights
To submit a privacy-rights request, please contact us by any of the following methods:

You may designate an authorized agent to submit certain requests on your behalf where permitted by law. We may require the agent to provide signed permission, a valid power of attorney, or other proof of authority, and we may require you to verify your identity directly with us.

To protect your information, we will take reasonable steps to verify your identity and authority before responding to a request. We may ask you to provide information sufficient to verify your identity, and we may decline a request if we cannot verify your identity or if the request falls within a legal exemption.

We respond to verifiable requests within 45 days, though we may take an additional 45 days when reasonably necessary and permitted by law. If we deny your request in whole or in part, our response will explain the basis for that decision to the extent required by law.

Appeals Process for Certain State Residents
If we deny your request, residents of certain states may appeal that decision by replying to the denial communication or by emailing CCPA@RushEnterprises.com with the subject line “Privacy Rights Appeal” within 30 days of receiving our decision. Please describe why you believe the denial was in error and provide any supporting information.

If your appeal is denied, and if your state law gives you that right, we will provide information about how to contact your state attorney general or other regulator to submit a complaint.

California-Specific Information
California residents may request disclosure of: (i) the categories of personal information collected; (ii) the categories of sources from which personal information is collected; (iii) the business or commercial purposes for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom personal information is disclosed; and (v) the specific pieces of personal information collected, subject to applicable exceptions.

Where required by California law, we provide a notice at collection at or before the time personal information is collected and maintain appropriate methods for submitting requests to know, correct, and delete. If we use or disclose sensitive personal information for non-exempt purposes under California law, California residents may use our “Do Not Sell or Share My Personal Information” and “Limit the Use and Disclosure of Sensitive Personal Information” links to exercise their rights.

We do not offer a financial incentive program that is intended to be subject to California Civil Code Section 1798.125, except to the extent separately described in terms presented to you at the time of enrollment.

California residents also have a right to opt-out of the use of automated decision-making technology (ADMT) to process your personal information to make a significant decision that concerns you. We do not process personal information using ADMT to make any significant decisions about you. Therefore, we do not offer the right to opt-out of ADMT.

9. International and Cross-Border Transfers
We are based in the United States and may process personal information in the United States and other jurisdictions where we or our service providers operate. By using the Services or providing information to us, you understand that your information may be transferred to and processed in jurisdictions outside your state or country of residence, subject to applicable law.

10. Changes to This Policy
We may revise this Policy from time to time in our discretion. When we do, we will post the updated Policy on the relevant website or Service and revise the “Last Updated” date above. Changes become effective when posted unless otherwise stated.

11. Contact Us
If you have questions or comments about this Policy, our privacy practices, or your privacy choices, you may contact us at:

Phone: 855-787-4223

Email: CCPA@RushEnterprises.com

Last Updated: April 15, 2026