What is the CCPA?
CCPA = CALIFORNIA CONSUMER PRIVACY ACT of 2018
- Signed into law June 28, 2018
- Goes into effect January 1, 2020
- Gives California residents the right to:
- Know what personal information is being collected about them
- In a format that is understandable by a reasonable individual
- Know the purpose of why their personal information is being collected
- Demand that their personal information be
- Deleted / Anonomyzed
- Guarantees equal service and price, even if they exercise their privacy rights.
Are People Really Submitting SARs?
EUROPE’S GDPR LAW HAS ALREADY PROVEN THAT PEOPLE SUBMIT LOTS OF SARS
- A hotel chain experienced a data breach
- Millions of Individual’s data may have been exposed
- They are required by law to report this
- Prior to the report, the chain received ~200 SARs per month
- Following the report, the chain received +10,000 SARS PER DAY
- Equivalent to 2M Hours of Effort and/or $75,000,000 fine exposore
- This was based purely on the rights promised in the European GDPR regulations
- For US retailers, CCPA has the potential to far exceed the SAR volume of GDPR
But Aren’t I Too Small?
Even though mid-sized retailers don’t have the resources of large global corporationsTHEY STILL PRESENT HIGH PROFILE TARGETS FOR CONSUMER PRIVACY ACTIONS
Retailers are viewed as high value, high risk targets
The little guys don’t have to comply
The huge guys can afford to comply
Retailers need an affordable and effective packaged offering to comply with CCPA
- Who we are
ComplyUSA has its principal place of business at 4400 N Scottsdale Road, Suite 9-730, Scottsdale, AZ 85251. ComplyUSA offers a custom-built solution to meet the specific GDPR & CCPA data processing record requirements for business and other organizations. This Notice will inform you of our data collection practices and your rights.
Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
- The data we collect about you
We may collect personal data about you to provide our services. In most cases, this information is limited to the kinds of information that can be found on a business card: first name, last name, email address, phone number, job title, and company name (“Contact Data”). We use this information to provide our website services to you and help communicate effectively with you. The data collected is necessary for fulfilling the relationship we have with you or for a legitimate interest of ours.
We also may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. Also, we do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses. Also, we do not knowingly direct or website to or collect personal data from children under 13.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
- How we collect your personal data
Personal Data You Give to Us.
We collect information when you voluntarily provide it to us. This includes information you provide by filling out forms on the website and any information that we may request in our communications with you. By default, we’ll only use your personal data to administer your account and to provide the products and services you requested from us. Because we may change our website and the services we offer from time to time, the means and methods to provide us with personal data may also change. Depending on how you interact with us and use the website, the personal data we collect may vary.
Information We Collect Automatically
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. Technical Data may include you IP Address; device identifier data, the type of device you use, your operating system and version, the URL’s of our web pages that you visit, the URL’s of referring and exiting pages, the pages you view, the time spent on a page, the number of clicks made, the platform type, and generalized, non-specific location data.
When we collect data that does not identify you as a natural person, we are permitted to use and disclose this information for any purpose, notwithstanding anything contrary in this Notice, except where prohibited by law.
- How we use your personal data
We will only use your personal data when allowed by law. Generally, we will use your personal data: (a) where we need to perform the contract we are about to enter into or have entered into with you; (b) where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests; and (c) where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
- Disclosures of your personal data
From time to time, we may need to share your personal data with others.
Third Party Service Providers
We may share your information, including Contact Data and Technical Data, with third party service providers who perform various functions to enable us to provide our Services and help us operate our business, such as website design, sending email communications, fraud detection and prevention, customer care, or performing analytics. Our contracts with these third parties require them to maintain the confidentiality of the personal data we provide to them, only act on our behalf and under our instructions, and not use personal data for purposes other than the product or service they're providing to us or on our behalf.
Protection of ComplyUSA and Others
We may share personal data when we believe it is appropriate to enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of ComplyUSA, our products and services, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and risk reduction. This does not include selling, renting, sharing, or otherwise disclosing personal data of our customers for commercial purposes in violation of the commitments set forth in this Notice.
Response to Subpoenas and Other Legal Requests
We may share your information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we're required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.
Sale of Our Busines
If we sell, merge, or transfer any part of our business, we may be required to share your information. If so, you will be asked if you'd like to stop receiving promotional information following any change of control.
With your Consent
Other than as set out above, we will provide you with notice and the opportunity to choose when your personal data may be shared with other third parties.
- Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you can ask us to delete your data (see “EU Data Subjects Legal Rights”). In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- International data transfers
ComplyUSA has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we collect and transfer to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Notice.
- Updates to our privacy notice
By using the ComplyUSA website, you agree to the terms and conditions contained in this Privacy Notice and Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use this website. You agree that any dispute over privacy or the terms contained in this Privacy Notice will be governed by the laws of the State of Arizona. You also agree to arbitrate such disputes in Arizona, and to abide by any limitation on damages contained in any agreement we may have with you.
This Notice is expected to change from time to time. We reserve the right to amend this Notice at any time and provide notice to you by posting of the amended Privacy Notice on the website. We may also email you to give you notice of material changes to this Notice. The provisions contained herein supersede all previous notices or statements regarding our privacy practices and the terms and conditions that govern the use of this website.
- How to contact us
If you have any questions or wish to register a complaint in relation to this Privacy Notice or the manner in which your personal data is used by us, please contact us by any of the following means:
By Email: firstname.lastname@example.org
4400 N Scottsdale Road, Suite 9-730, Scottsdale, AZ 85251
Sign up to hear from us! Even if we NEVER sign a contract with you, we still want to help. We actively participate in the privacy compliance communities so we might run into each other at an event. Plus, we offer LOTS of free resources to help you learn how to comply quickly and cost effectively. We encourage you to take advantage of them. And we promise not to stuff your inbox with promotions everyday.