A. Your Rights Under the CCPA & CPRA
Individuals who reside in California have specific rights under the California Consumer Privacy Act of 2018 (“CCPA”) as amended and extended by the California Privacy Rights Act of 2023 (“CPRA”). Generally, among the rights granted to California residents are:
- The right to notice of your rights under the CCPA and CPRA;
- The right to know what categories or specific pieces of personal information we collect about you;
- The right to know how we collect, process, and use the information we collect about you;
- The categories of third parties with whom we share your personal information;
- The right to request information on whether your personal information has been sold by us in the last 12 months, and, if so, what categories of information were sold and the categories of third parties to whom that information was sold;
- The right to “opt out” from the sale or sharing of your personal information;
- The right to request deletion of your personal information;
- The right to correct any of your erroneous personal information we possess;
- The right to limit how we use any of your Sensitive Personal Information (as that term is defined under the CPRA); and
- The right to be free from discrimination or retaliation because you exercised your rights under the CCPA and/or CPRA.
Each of the rights above is addressed in the text below.
B. Important Exceptions
It is important for California residents to understand that these laws grant rights in regard to “personal information.” The term “personal information” has a specific meaning under these laws, and there are important exceptions to what constitutes “personal information.”
One of the main exceptions to “personal information” is any information that is made available to the public through federal, state, and local government public records. Under California law, a public record is “any writing containing information relating to the conduct of the public’s business prepared, owned, used or retained by any state or local agency regardless of physical form or characteristics.” That is a very broad definition.
Under the federal Freedom of Information Act and California Public Records Act, a wide variety of information regarding consumers is made available to the public by the government. Also, California local governments (counties and cities) provide extensive public access to official recordings – things like court records, deeds, mortgages, property value assessments, and real property tax information.
C. Information We Collect About You
Categories of personal information we collect on California residents are:
- Personal Identifiers (such as actual names, physical, postal, and email addresses, landline and/or wireless telephone numbers, IP addresses);
- Personal Characteristics (such as age, gender, ethnicity, income, marital status)
- Property or Buying/Interest Activity (such as homeownership, boat owner, or “interest in golf”)
- Employment Information (such as category of profession, professional licensure)
- Education Information (such as level of education completed, college attendance, date of graduation)
- Inferences (profiles or models about a consumer reflecting the consumer’s preferences, characteristics, psychological tends, predispositions, behaviors, attitudes, intelligence, abilities and aptitudes)
In nearly every instance, we do not collect this information directly from the consumer. Rather, we license this information from third parties. Please see the “How We Collect Your Information” section below.
D. Information we Do NOT Collect, Use, or Sell
We do not collect, store, or use California residents’ personal information that falls into any of the following categories, either directly on our sites or from third-party data providers, nor do we ever sell these types of information to our clients:
- personal signatures (other than in regard to agreements we may sign with our clients)
- credit card numbers or debit card numbers (other than to process purchases made by our clients)
- social security numbers
- passport numbers
- national ID numbers
- drivers’ license numbers
- state ID card numbers
- military ID numbers
- insurance policy numbers
- bank account numbers
- financial account numbers (other than to process purchases made by our clients)
- facial recognition data
- physical characteristics or descriptions of individuals
- exact dates of birth
- geolocation information of any individual (we may geolocate buildings & other structures, roads, land boundaries, etc.)
- actual credit scores
- actual medical conditions
- actual physical or mental disabilities
- gender identity or expression other than birth gender
- sexual orientation
- audio information (except for our clients who may call us directly)
- video information
- genetic information (including familial genetic information)
- online account usernames or passwords (other than those we issue for access to our sites)
- content of email communications (other than our own)
- internet browsing or search history
- any personally identifiable information regarding any person under 18 years of age.
E. How We Collect Your Information
We collect information directly from our clients who do business with us. This information may be collected via our website(s) or through our communication with our clients via telephone or email. In nearly every instance, our clients are businesses and employees of businesses, not individual consumers.
In regard to non-client consumers, in nearly every instance we do not collect consumer information directly from the consumer. Instead, we license consumer information from third-parties who collect the information directly or obtain it from another third party.
The information we license to our clients is collected by our third-party partners from many sources. These sources include public records, publicly available information, subscription information, warranty cards, surveys, point-of-sale information, website directories, website visits, online activity, mobile applications, and commercially available consumer data from other third-party information providers who may or may not have collected the data directly from you.
Some of this information may have been modeled or inferred from other information. For example, if you subscribe to a bridal magazine we might assume (i.e., infer) that you are engaged to be married. Or, the provider of information might make a calculated estimate of your home’s value based on the known values of surrounding homes (i.e., modeling). We may also use personal data to construct a non-existent “average consumer” that encompasses certain average characteristics of consumers who buy or do not buy (i.e., profiling). Inferring, modeling, and profiling are common practices used in trying to match consumers with products and services they are most likely to want when exact information is not available or feasible.
Identifiers such as name, address, and telephone numbers are sourced from publicly accessible sources such as the white and yellow page telephone directories, online directories, website postings, public records, public websites, property and assessor files, governmental issued licenses, and information available to the public through directory assistance.
F. How We Process Your Information
Our information is stored in electronic databases. Sometimes we match these databases to one another to make the data more effective for marketing purposes. We may also enhance your information with other information we acquire from other sources or through the use of technology. For example, we might add geospatial codes (latitude and longitude) to your physical address or merge two directories to match addresses with telephone numbers.
G. Our Purpose in Using Your Information
Our core business is relicensing (i.e., selling) third-party consumer and business information to help our clients market their products and services more effectively. Ultimately, our goal is to help our clients ensure their marketing messages reach consumers who are most likely to want to receive them, and avoid consumers who do not want those messages. In most cases, we do this by supplying them with lists of customers or prospects that meet demographic criteria that make the consumers more likely to buy the specific product or service our client sells. We may also infer, model, or profile personal data for our clients use in their marketing. Collectively, this is our “Commercial Purpose” for collecting and processing consumers’ personal data. Our clients ultimately use our information to send targeted offers to consumers and businesses via various marketing channels such as direct mail, telemarketing, digital ads, social media ads, mobile ads, etc.
Our clients are permitted to use the information we provide for a limited purpose. Our clients may use our data only for lawfully conducted marketing or for things related to lawful marketing (such as cleaning their customer lists or verification of data they already have). No other purpose is allowed. This means that our clients are prohibited from using our data for any purpose or in any way that might violate any U.S. federal or state law that protects your privacy or consumer rights. Among those are the CAN-SPAM Act (intended to reduce unwanted email solicitations); the Telephone Consumer Protection Act of 1991 (intended to reduce unwanted telephone solicitations) as well as the privacy and best practice policies set out by the Data and Marketing Association (“DMA”).
H. Categories of Third Parties with Whom We Share Information
We share your information with the following categories of third parties:
- Sellers of Consumer Goods and Services: Telecommunications companies (such as cable TV companies); utility companies (such as energy retailers); financial services companies (such as banks, lenders); insurance companies; technology companies; service providers (such as landscapers); media and publishers; or retailers (such as apparel sellers);
- Marketing agencies or data resellers whose clients fall within the above categories;
- Governmental entities or candidates for office;
- Third-party service providers (mail houses, fulfillment centers, email providers, or data centers) who work for our clients and process the data we sell to our clients. For example, our client may contract with a third-party mail house to mail out coupons and offers using data we supply to our client.
I. Submitting an Information Request (Your “Right to Know”)
You have the right to request the categories or specific pieces of your personal information we have collected as well as whether your personal information has been shared with or sold to a third-party in the last 12 months. You may also request to know the categories of third parties to whom that information was shared or sold. You may request this information in three ways:
- Sending an email to firstname.lastname@example.org. You will need to provide your full name and any variants of your name (Robert Smith, Bob Smith, Bobby Smith, etc.), your current full address, and your telephone number(s) so that we can identify your record(s). We recommend that you also supply any previous addresses within the last year so we can be sure to match to those as well; or
- Call us toll-free at 866.423.1818 and speak with a customer service representative who will assist you with your request.
- Complete the web form found HERE.
We will acknowledge receipt of your information request within ten (10) days of submission. Your information request will be processed as soon as possible, but we may take up to forty-five (45) days to respond as to the outcome of your request.
We will take reasonable precautions to confirm your identity before we provide your information which may include asking you to provide an Affidavit of Identity under penalty of perjury. If you are a third-party attempting to obtain information on another person, you must provide evidence of legally sufficient authorization from that person (such as a valid Power of Attorney) before we will provide the other person’s information.
Our response will be in writing (which may be via email). Our statement will include each category of your information that was sold in the last 12 months (such as name, address, telephone number, etc.) and the category of third parties to whom your information was sold (such as “landscapers,” or “cable TV marketers,” etc.)
J. Opting Out
We respect California residents’ rights to opt-out of any database we maintain. You may opt out of receiving communications we send to you (such as emails from us to you) or you may opt out of the marketing databases that we use to create our products and services for sale to third parties.
1. Opting Out of Email Communications Sent Directly to You by Us:
All email offers for goods and services sent to you by us include an opportunity to opt-out from receiving future communications from us about our services. Simply follow the “Opt Out” instructions included in the email message.
If you wish to no longer receive any emails from us, send an email the subject heading “REMOVE ME” to: email@example.com. Be sure that the email list from which you wish to be removed is a list maintained by us. We cannot remove you from any list that we do not maintain.
If you wish to correct or update any information you previously provided directly to us, please send an email to firstname.lastname@example.org.
2. Opting Out of Sale of Personal Data, Targeted Advertising & Profiling
You may opt out of the licensing (i.e., sale) of your personal data, targeted advertising, and profiling in one of three ways :
- Clicking the “Manage Your Privacy Preferences” button located on our homepage of each of our websites and following the simple instructions regarding opting out; or
- Sending an email to email@example.com. You will need to provide your full name and any variants of your name (Robert Smith, Bob Smith, Bobby Smith, etc.), your current full address, and your telephone number(s) so that we can identify your record(s). We recommend that you also supply any previous addresses so we can be sure to opt those out as well; or
- Call us toll-free at 866.423.1818 and speak with a customer service representative who will assist you with opting out
We will acknowledge receipt of your opt-out request within ten (10) days of submission. Your opt-out request will be processed as soon as possible, with most being fully processed within fifteen (15) days. However, we may take up to forty-five (45) days to respond as to the outcome of your request.
We will take reasonable precautions to confirm your identity before we opt-out your information. If you are a third-party attempting to opt-out another person, you must provide evidence of legally sufficient authorization before we will opt the other person out.
If you choose to opt out of our consumer database(s), we will stop licensing to or sharing your personal data with any of our clients. Your personal data will no longer be sold, used by us our our clients for targeted advertising or profiling. This opt-out is permanent and does not need to be renewed Please understand that opting out of our databases:
- Does NOT mean we will delete or destroy information pertaining to you. Instead, we flag your record as an “Opt Out” that will not be delivered to any of our clients. We preserve your data so that we can show continuing compliance with your opt-out request. If you wish to have your information deleted entirely, you will need to follow the further instructions below.
- Does NOT mean that any of our clients or providers will also opt you out of their databases. We can promise only that we will opt you out of our databases that we maintain, and will no longer use your information to help our clients target their marketing messages.
- Does NOT guarantee you will no longer receive marketing messages in general. We can opt you out only from databases we maintain. Your information may appear on databases maintained by companies other than ours.
K. Requesting Deletion of Your Information
We are happy to delete any of your personal information that we possess upon request. You may request deletion in multiple ways:
- Clicking the “Manage Your Privacy Preferences” button located on our homepage of each of our websites and following the simple instructions regarding submitting a deletion request; or
- Sending an email to firstname.lastname@example.org. You will need to provide your full name and any variants of your name (Robert Smith, Bob Smith, Bobby Smith, etc.), your current full address, and your telephone number(s) so that we can identify your record(s) for deletion. We recommend that you also supply any previous addresses so we can be sure to delete those as well; or
- Call us toll-free at 866.423.1818 and speak with a customer service representative who will assist you with requesting deletion.
We will acknowledge receipt of your deletion request within ten (10) days of submission. Your deletion request will be processed as soon as possible, but we may take up to forty-five (45) days to respond in writing (which may be via email) as to the outcome of your request.
We will take reasonable precautions to confirm your identity before we delete your information. If you are a third-party attempting to delete the information of another person, you must provide evidence of legally sufficient authorization before we will opt the other person out.
Once deleted, the information you requested to be deleted will no longer be utilized by us, our service providers, or shared with any third-party.
We will always delete your information to the extent possible. However, the CCPA lists certain limited purposes when we can keep all or some of your information even if you request that it be deleted. Those are:
- When we need the information to complete a transaction with you (such as a credit card number);
- When we need the information to supply a good or service you ordered from us (such as your email address);
- When you have an ongoing contractual relationship with us (such as a long-term contract);
- When we are legally obligated to retain the information (such as compliance with federal or state laws requiring us to maintain certain records for a period of time);
- When we need the information to detect security incidents or protect against malicious acts or fraud (information such as a server log);
- When we are conducting research in the public interest;
- When we are exercising or protecting another’s right to Free Speech;
- When we have any legitimate interest in preserving the information for a reason that you would expect from conducting a business relationship with us.
If we determine that we cannot (or should not) delete your Personal Information for one of the above reasons, we will notify you in writing (which may be by email) informing you of (1) the fact that we are not deleting all or some of your information; (2) what portion of your information is and is not being deleted; and (3) the reason why we are not deleting the information we intend to keep.
If you request deletion of your Personal Information, we may retain certain basic identifying information (name, address, telephone number, and/or email address) for the sole purpose of enforcing your deletion request in the future. It is possible that information that we have deleted (pursuant to your request) may reappear in our databases because it arrived in a future data update or via a different channel or data provider. In those instances, we use your basic contact information to re-delete your information.
L. Right to Correct Personal Information
If you discover or believe that any Personal Information we possess about you is incorrect, you have the right to correct that information. You may either call us toll free at 866.423.1818 or email us at email@example.com. Please provide as much detail as possible as to the nature or the error and provide the corrected information in your request so that we can remedy the error as quickly as possible.
M. Right to Limit Our Use of Your Sensitive Personal Information
Pursuant to the CPRA, you have the right to limit the use of any of your Sensitive Personal Information (as that term is defined within the CPRA) collected by us to certain uses specified in CPRA sections 1798.140(e)(2),(4),(5) and (8). However, DataPartners does not collect or use Sensitive Personal information for any of the permitted purposes stated in those sections. Limiting us to those uses would, therefore, effectively constitute an opt-out or deletion request. Accordingly, you should exercise your right to opt out (Section J above) or exercise your right have your information deleted (Section K above) via any of the multiple methods described above.
N. How Long Do We Retain Your Personal Information?
- We retain California residents’ Personal Information only for so long as is necessary to fulfill the legitimate business purposes described in Section G above. Once that purpose is no longer served, your Personal Information is deleted from our systems, usually as part of a regular thirty (30) day update cycle.
- As to our business clients and prospects that reside in California, we keep their contact information only for so long as they are reasonably deemed an active customer or viable prospect. We strive to keep our customer/prospect database as up-to-date as possible. Reviews, confirmations, updates, deletions, and revisions are ongoing day-to-day. Generally, we purge unused or unconfirmed client contact information every twenty-four (24) months.
- As to consumer information we license to our clients, the databases containing this information are updated at least every thirty (30) days (some are updated daily and some weekly). Therefore, the Personal Identifiers, Personal Characteristics, Property or Buying/Interest Activity, Employment Information, or Education Information described in Section G above are added, validated or deleted on a revolving thirty (30) day cycle.
- Information that is (1) subject to an opt out request; (2) subject to a deletion request; or (3) collected as part of the identity verification process for an opt out, deletion, on information request is kept only so long as necessary to process the request. However, we may retain certain basic identifying information (name, address, telephone number, and/or email address) in perpetuity for the sole purpose of continuing to honor your opt out and/or deletion request.
- Backups of our databases are performed regularly as a matter of information security best practices. Data contained in backups are not in production and generally not accessible or otherwise usable. Our creation of these backups may extend any retention period by no more than thirty (30) days.
- We may extend the retention period of any Personal Information if (1) we anonymize or aggregate the data or (2) if we are required by applicable law or a law enforcement agency to not delete the information in which case we will hold the information without using it until we receive direction from the law enforcement agency.
O. No Discrimination, Retaliation, Costs or Incentives
P. Our Metrics
The following data reflects the number of privacy requests processed during the last calendar year along with the median days to respond. Combination requests (e.g., “opt-out and delete”) are counted only once.
|Year||Type||Number||Median Days to Respond|
Q. Contact Us