The Privacy Suite for WordPress

Questions about the CCPA

Get compliant today in the European Union, United States, Canada, United Kingdom, Australia, Brazil & South Africa with the only Privacy Suite for WordPress that offers a fully-featured plugin for Worldwide Compliance.

What rights does a Californian resident have? 

If you are a California resident, you may ask businesses to disclose what personal information they have about you and what they do with that information, to delete your personal information, and not to sell your personal information. You also have the right to be notified, before or at the point businesses collect your personal information, of the types of personal information they are collecting and what they may do with that information. Generally, businesses cannot discriminate against you for exercising your rights under the CCPA. Businesses cannot make you waive these rights, and any contract provision that says you waive these rights is unenforceable.

What businesses does the CCPA apply to?

The CCPA applies to for-profit businesses that do business in California and meet any of the following:

  • Have a gross annual revenue of over $25 million;
  • Derive 50% or more of their annual revenue from selling California residents’ personal information; or
  • Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices.

This also means that every website which sets publisher cookies, collects IP-addresses, and/or analyzes website behavior of more than 50.000 individuals, households, or devices per year, and shares this information with a third party, should comply.​

What is the right to know?

You may request that businesses disclose to you what personal information they have collected, used, shared, or sold about you and why they collected, used, shared, or sold that information. Specifically, you may request that businesses disclose:

  • The categories of personal information collected
  • Specific pieces of personal information collected
  • The categories of sources from which the business collected personal information
  • The purposes for which the business uses personal information
  • The categories of third parties with whom the business shares the personal information
  • The categories of information that the business sells or discloses to third parties

Businesses must provide you with this information for the 12-month period preceding your request. They must provide this information to you free of charge.

How to submit the request to know?

Businesses must designate at least two methods to submit your request—for example, an email address, website form, or hard copy form. One of those methods has to be a toll-free phone number and, if the business has a website, one of those methods has to be through its website. However, if a business operates exclusively online, it only needs to provide an email address for submitting requests to know.

What is the right to opt-out?

You may request that businesses stop selling your personal information (“opt-out”). With some exceptions, businesses cannot sell your personal information after receiving your opt-out request unless you later provide authorization allowing them to do so again. Businesses must wait at least 12 months before asking you to opt back into selling your personal information.

How to submit the opt-out request?

Businesses that sell personal information are subject to the CCPA’s requirement to provide a clear and conspicuous “Do Not Sell My Personal Information” link on their website that allows you to submit an opt-out request. Businesses cannot require you to create an account to submit your request.

Make sure you submit your opt-out request through the “Do Not Sell My Personal Information” link or another method that the business designates for opt-out requests, which may differ from its regular customer service contact information. If you can’t find a business’s “Do Not Sell” link, review its privacy policy, which must include that link.

Right to non-discrimination

Businesses cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA.

However, if you refuse to provide your personal information to a business or ask it to delete or stop selling your personal information, and that personal information or sale is necessary for the business to provide you with goods or services, the business may not be able to complete that transaction.

How can Complianz help?

Do you want to know how Complianz can help website developers to meet these and other legal requirements?  We have written an article about that too!

Recent articles

The Privacy Suite for WordPress
Get compliant today with the only Privacy Suite made for WordPress

Categories

Popular articles

TTDSG, the New Cookie Law for Germany

As of December 1st, 2021 the Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz) regulates the handling of cookies, local storage, cookieless tracking,  and other tracking technologies in

Read More

Cookieless Tracking and GDPR

In this article, we will have a closer look at cookieless and server-side tracking and how this affects your website’s configuration regarding privacy laws. The

Read More

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!