A. Your Rights Under the CCPA
Individuals who reside in California have specific rights under the California Consumer Privacy Act of 2018 (“CCPA”) that is effective as of January 1, 2020. Generally, among the rights granted to California residents by the CCPA are:
- The right to notice of your rights under the CCPA;
- The right to know what categories or specific pieces of personal information we collect about you;
- The right to know how we collect, process, and use the information we collect about you;
- The categories of third parties with whom we share your personal information;
- The right to request information on whether your personal information has been sold by us in the last 12 months, and, if so, what categories of information were sold and the categories of third parties to whom that information was sold;
- The right to “opt out” from the sale of your personal information;
- The right to request deletion of your personal information; and
- The right to be free from discrimination because you exercised your rights under the CCPA.
Each of the rights above is addressed in the text below.
B. Important Exceptions
It is important for California residents to understand that the CCPA grants rights in regard to “personal information.” The term “personal information” has a specific meaning under the CCPA, and there are important exceptions to what constitutes “personal information” under the CCPA.
One of the main exceptions to “personal information” is any information that is made available to the public through federal, state, and local government public records. Under California law, a public record is “any writing containing information relating to the conduct of the public’s business prepared, owned, used or retained by any state or local agency regardless of physical form or characteristics.” That is a very broad definition.
Under the federal Freedom of Information Act and California Public Records Act, a wide variety of information regarding consumers is made available to the public by the government. Also, California local governments (counties and cities) provide extensive public access to official recordings – things like court records, deeds, mortgages, property value assessments, and real property tax information.
C. Information We Collect
Categories of personal information we collect on California consumers are:
- Personal Identifiers (such as actual names, physical, postal, and email addresses, landline and/or wireless telephone numbers, IP addresses);
- Personal Characteristics (such as age, gender, ethnicity, income, marital status)
- Property or Buying/Interest Activity (such as homeownership, boat owner, or “interest in golf”)
- Geolocation Information (such as latitude/longitude information)
- Employment Information (such as category of profession, professional licensure)
- Education Information (such as level of education completed, college attendance, date of graduation)
- Inferences (profiles or models about a consumer reflecting the consumer’s preferences, characteristics, psychological tends, predispositions, behaviors, attitudes, intelligence, abilities and aptitudes)
In nearly every instance, we do not collect this information directly from the consumer. Rather, we license this information from third parties. Please see the “How We Collect Information” section below.
D. Information we Do NOT Collect, Use, or Sell
We do not collect, store, or use personal information that falls into any of the following categories, either directly on our sites or from third-party data providers, nor do we ever sell these types of information to our clients:
- personal signatures (other than in regard to agreements we may sign with our clients)
- credit card numbers or debit card numbers (other than to process purchases made by our clients)
- social security numbers
- passport numbers
- national ID numbers
- drivers’ license numbers
- state ID card numbers
- military ID numbers
- insurance policy numbers
- bank account numbers
- financial account numbers (other than to process purchases made by our clients)
- facial recognition data
- physical characteristics or descriptions
- exact dates of birth
- actual credit scores
- actual medical conditions
- actual physical or mental disabilities
- gender identity or expression other than birth gender
- sexual orientation
- audio information (except for our clients who may call us directly)
- video information
- genetic information (including familial genetic information)
- online account usernames or passwords (other than those we issue for access to our sites)
- internet browsing or search history, or
- any personally identifiable information regarding any person under 18 years of age.
E. How We Collect Information
We collect information directly from our clients who do business with us. This information may be collected via our website(s) or through our communication with our clients via telephone or email. In nearly every instance, our clients are businesses and employees of businesses, not individual consumers.
In regard to non-client consumers, in nearly every instance we do not collect consumer information directly from the consumer. Instead, we get consumer information from third-parties who collect the information directly or obtain it from another third party. However, the CCPA broadly defines the word “collect” to include the licensing of information from third parties, which is what we do. So, for purposes of the CCPA, we do “collect” information regarding California consumers.
The information we license to our clients is collected by our third-party partners from many sources. These sources include public records, publicly available information, subscription information, warranty cards, surveys, point-of-sale information, website directories, website visits, online activity, mobile applications, and commercially available consumer data from other third-party information providers who may or may not have collected the data directly from you.
Some of this information may have been developed, modeled, or inferred from other information. For example, if you subscribe to a bridal magazine or subscribe to a bridal registry service, you might be designated as “recently engaged’ (i.e. we “infer” from this activity that you are engaged) even if we do not have actual information that you are engaged. Or, the provider of information might make an educated guess on your net worth, based on lookalike characteristics we find in other consumers in that net worth range (i.e., we “model” your net worth). Both inferring and modeling are common practices in trying to match consumers with products and services they are most likely to want.
Identifiers such as name, address, and telephone numbers are sourced from publicly accessible sources such as the white and yellow page telephone directories, online directories, website postings, public records, public websites, property and assessor files, governmental issued licenses, and information available to the public through directory assistance.
F. How We Process information
Our information is stored in electronic databases. Sometimes we match these databases to one another to make the data more effective for marketing purposes. We may also enhance your information with other information we acquire from other sources or through the use of technology. For example, we might add geospatial codes (latitude and longitude) to your physical address or merge two directories to match addresses with telephone numbers.
G. How We Use Information
Our core business is relicensing third-party consumer and business information to help our clients market their products and services more effectively. Ultimately, our goal is to help our clients ensure their marketing messages reach consumers who are most likely to want to receive them, and avoid consumers who do not want those messages. In most cases, we do this by supplying them with lists of customers or prospects that meet demographic criteria that make the consumers more likely to buy the specific product or service our client sells (our “Commercial Purpose” for collecting information). Practically speaking, our clients use our products to send targeted offers to consumers and businesses via various marketing channels (direct mail, telemarketing, digital ads, social media ads, mobile ads, etc.).
Our clients are permitted to use the information we provide for a limited purpose. Our clients may use our data only for lawfully conducted marketing or for things related to marketing (such as cleaning their customer lists or verification of data they already have). No other purpose is allowed. This means that our clients are prohibited from using our data for any purpose or in any way that might violate any U.S. federal or state law that protects your privacy or consumer rights. Among those are the CAN-SPAM Act (intended to reduce unwanted email solicitations); the Telephone Consumer Protection Act of 1991 (intended to reduce unwanted telephone solicitations) as well as the privacy and best practice policies set out by the Data and Marketing Association (“DMA”).
H. Categories of Third Parties with Whom We Share Information
We share your information with the following categories of third parties:
- Sellers of Consumer Goods and Services: Telecommunications companies (such as cable TV companies); utility companies (such as energy retailers); financial services companies (such as banks, lenders); insurance companies; technology companies; service providers (such as landscapers); media and publishers; or retailers (such as apparel sellers);
- Marketing agencies or data resellers whose clients fall within the above categories;
- Governmental entities or candidates for office;
- Third-party service providers (mail houses, fulfillment centers, email providers, or data centers) who work for our clients and process the data we sell to our clients. For example, our client may contract with a third-party mail house to mail out coupons and offers using data we supply to our client.
I. Submitting an Information Request
You have the right to request the categories or specific pieces of your personal information we have collected as well as whether your personal information has been shared with or sold to a third-party in the last 12 months. You may also request to know the categories of third parties to whom that information was shared or sold. You may request this information in three ways:
- Sending an email to email@example.com. You will need to provide your full name and any variants of your name (Robert Smith, Bob Smith, Bobby Smith, etc.), your current full address, and your telephone number(s) so that we can identify your record(s). We recommend that you also supply any previous addresses within the last year so we can be sure to match to those as well; or
- Call us toll-free at 1.866.423.1818 and speak with a customer service representative who will assist you with your request.
- Complete the web form found HERE.
We will acknowledge receipt of your information request within ten (10) days of submission. Your information request will be processed as soon as possible, but we may take up to forty-five (45) days to respond as to the outcome of your request.
We will take reasonable precautions to confirm your identity before we provide your information which may include asking you to provide an Affidavit of Identity under penalty of perjury. If you are a third-party attempting to obtain information on another person, you must provide evidence of legally sufficient authorization from that person (such as a valid Power of Attorney) before we will provide the other person’s information.
Our response will be in writing (which may be via email). Our statement will include each category of your information that was sold in the last 12 months (such as name, address, telephone number, etc.) and the category of third parties to whom your information was sold (such as “landscapers,” or “cable TV marketers,” etc.)
J. Opting Out
We respect California residents’ rights to opt-out of any database we maintain. You may opt out of receiving communications we send to you (such as emails from us to you) or you may opt out of the marketing databases that we use to create our products and services for sale to third parties.
1. Opting Out of Communications Sent by Us to You:
All email offers for goods and services sent to you by us include an opportunity to opt-out from receiving future communications from us about our services. Simply follow the “Opt Out” instructions included in the email message.
If you wish to no longer receive any emails from us, send an email the subject heading “REMOVE ME” to: firstname.lastname@example.org. Be sure that the email list from which you wish to be removed is a list maintained by us. We cannot remove you from any list that we do not maintain.
If you wish to correct or update any information you previously provided to us, please send an email to email@example.com.
We will acknowledge receipt of your opt-out request within ten (10) days of submission. Your opt-out request will be processed as soon as possible, but we may take up to forty-five (45) days to respond as to the outcome of your request.
We will take reasonable precautions to confirm your identity before we opt-out your information. If you are a third-party attempting to opt-out another person, you must provide evidence of legally sufficient authorization before we will opt the other person out.
If you choose to opt out of our consumer database(s), we will stop licensing to or sharing your information with any of our clients. Please understand that opting out of our databases:
- Does NOT mean we will delete or destroy information pertaining to you. Instead, we flag your record as an “Opt Out” that will not be delivered to any of our clients. We preserve your data so that we can show continuing compliance with your opt-out request. If you wish to have your information deleted entirely, you will need to follow the further instructions below.
- Does NOT mean that any of our clients or providers will also opt you out of their databases. We can promise only that we will opt you out of our databases that we maintain, and will no longer use your information to help our clients target their marketing messages.
- Does NOT guarantee you will no longer receive marketing messages. We can only opt you out from databases we maintain. Your information may appear on databases maintained by companies other than ours.
2. Opting Out of Databases of Information We License to Third-Parties
You may opt out of any consumer marketing database we maintain by:
- Clicking the “Do Not Sell My Personal Information” button located on our homepage of each of our websites and following the simple instructions regarding opting out; or
- Sending an email to firstname.lastname@example.org. You will need to provide your full name and any variants of your name (Robert Smith, Bob Smith, Bobby Smith, etc.), your current full address, and your telephone number(s) so that we can identify your record(s). We recommend that you also supply any previous addresses so we can be sure to opt those out as well; or
- Call us toll-free at 1.866.423.1818 and speak with a customer service representative who will assist you with opting out
K. Requesting Deletion of Your Information
We are happy to delete any of your personal information that we house upon request. You may request deletion in multiple ways:
- Clicking the “Do Not Sell My Personal Information” button located on our homepage of each of our websites and following the simple instructions regarding submitting a deletion request; or
- Sending an email to email@example.com. You will need to provide your full name and any variants of your name (Robert Smith, Bob Smith, Bobby Smith, etc.), your current full address, and your telephone number(s) so that we can identify your record(s) for deletion. We recommend that you also supply any previous addresses so we can be sure to delete those as well; or
- Call us toll-free at 1.866.423.1818 and speak with a customer service representative who will assist you with requesting deletion.
We will acknowledge receipt of your deletion request within ten (10) days of submission. Your deletion request will be processed as soon as possible, but we may take up to forty-five (45) days to respond in writing (which may be via email) as to the outcome of your request.
We will take reasonable precautions to confirm your identity before we delete your information. If you are a third-party attempting to delete the information of another person, you must provide evidence of legally sufficient authorization before we will opt the other person out.
Once deleted, the information you requested to be deleted will no longer be utilized by us, our service providers, or shared with any third-party.
We will always delete your information to the extent possible. However, the CCPA lists certain limited purposes when we can keep all or some of your information even if you request that it be deleted. Those are:
- When we need the information to complete a transaction with you (such as a credit card number);
- When we need the information to supply a good or service you ordered from us (such as your email address);
- When you have an ongoing contractual relationship with us (such as a long-term contract);
- When we are legally obligated to retain the information (such as compliance with federal or state laws requiring us to maintain certain records for a period of time);
- When we need the information to detect security incidents or protect against malicious acts or fraud (information such as a server log);
- When we are conducting research in the public interest;
- When we are exercising or protecting another’s right to Free Speech;
- When we have any legitimate interest in preserving the information for a reason that you would expect from conducting a business relationship with us.
If we determine that we cannot (or should not) delete it for one of the above reasons, we will notify you in writing (which may be by email) informing you of (1) the fact that we are not deleting all or some of your information; (2) what portion of your information is and is not being deleted; and (3) the reason why we are not deleting the information we intend to keep.
If you request deletion of your information, we may retain certain basic identifying information (name, address, and telephone number) for the sole purpose of enforcing your deletion request in the future. It is possible that information that we have deleted (pursuant to your request) may reappear in our databases because it arrived in a future data update or via a different channel or data provider. In those instances, we use your basic contact information to re-delete your information.
L. No Discrimination or Incentives
M. Our Metrics
The following data reflects the number of CCPA requests processed during the last calendar year along with the median days to respond. Combination requests (e.g., “opt-out and delete”) are counted only once.
|Year||Type||Number||Median Days to Respond|
N. Contact Us