Your CCPA checklist – completed
CCPA compliance requires checking a lot of boxes. Below are the specific
requirements and how we address each one for you:
“Use plain, straightforward language and avoid technical or legal jargon.”
Yep.
“Be available in the languages in which the business in its ordinary course provides
contracts, disclaimers, sale announcements, and other information to consumers.”
We offer translation for 2 languages (coming soon).
“Be accessible to consumers with disabilities. At a minimum, provide information
on how a consumer with a disability may access the notice in an alternative format.”
Accessibility options are built-in.
“A business shall include the following in its notice of right to opt-out:
(1) A description of the consumer’s right to opt-out of the sale of their personal
information by the business;
(2) The webform by which the consumer can submit their request to opt-out online,
as required by Section 999.315(a), or if the business does not operate a website,
the offline method by which the consumer can submit their request to opt-out;
(3) Instructions for any other method by which the consumer may submit their request
to opt-out;
(4) Any proof required when a consumer uses an authorized agent to exercise their
right to opt-out, or in the case of a printed form containing the notice, a webpage,
online location, or URL where consumers can find information about authorized agents; and
(5) A link or the URL to the business’s privacy policy, or in the case of a printed form
containing the notice, the URL of the webpage where consumers can access the privacy policy.”
All required descriptions, forms, instructions, proof considerations and links are provided.
“A business shall provide two or more designated methods for submitting requests to opt-out,
including, at a minimum, an interactive webform accessible via a clear and conspicuous link
titled “Do Not Sell My Personal Information,” or “Do Not Sell My Info,” on the business’s
website or mobile application. Other acceptable methods for submitting these requests include,
but are not limited to, a toll-free phone number, a designated email address, a form submitted
in person, a form submitted through the mail, and user-enabled privacy controls, such as a
browser plugin or privacy setting or other mechanism, that communicate or signal the consumer’s
choice to opt-out of the sale of their personal information.”
We accept requests via webform and physical mail. They can even call us if they need support.
“At least one method offered shall reflect the manner in which the business primarily interacts
with the consumer.”
No problem.
“In responding to a request to opt-out, a business may present the consumer with the choice
to opt-out of sales of certain categories of personal information as long as a global option
to opt-out of the sale of all personal information is more prominently presented than the
other choices.”
Of course.
“Upon receiving a request to opt-out, a business shall act upon the request as soon as
feasibly possible, but no later than 15 days from the date the business receives the request.”
This countdown only begins after we have validated the request – saving you time.
“A business shall notify all third parties to whom it has sold the personal information
of the consumer within 90 days prior to the business’s receipt of the consumer’s request
that the consumer has exercised their right to opt-out and instruct them not to further
sell the information. The business shall notify the consumer when this has been completed.”
Our service provides you the maximum amount of time to handle this (more notification features coming soon).
“A consumer may use an authorized agent to submit a request to opt-out on the consumer’s
behalf if the consumer provides the authorized agent written permission to do so. A
business may deny a request from an authorized agent that does not submit proof that
they have been authorized by the consumer to act on the consumer’s behalf.”
We will review the written permission and reject if invalid.
“A request to opt-out need not be a verifiable consumer request. If a business, however,
has a good-faith, reasonable, and documented belief that a request to opt-out is fraudulent,
the business may deny the request. The business shall inform the requesting party that it will
not comply with the request and shall provide an explanation why it believes the request is
fraudulent.”
We will deny with discretion and handle communication with the requestor.