FAQ – California Consumer Privacy Act (CCPA)

Posts

FAQ – California Consumer Privacy Act (CCPA)

September 09, 2019
ccpa

What is the CCPA?

The law applies to “for profit” businesses in California that collect and process the personal information of California residents and do business in the state of California. However, a physical presence in California is not required to be subject to this law. Simply making sales in the state of California is enough. In order to fall under this new law, businesses must meet one of the following:

· Generate annual gross revenue of over 25 million

· Receive or share personal information of more than 50,000 California residents annually

· Derive at least 50% of its annual revenue by selling the personal information of California residents

The CCPA becomes effective on January 1, 2020 and will be enforceable on July 1, 2020.

In summary, what does this mean for my business?

Companies must provide privacy rights and consumer protection for residents of California. Examples of personal information are real name, alias, postal address, unique personal identifier, IP address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

The CCPA does not consider Publicly Available Information as personal.

When does the CCPA take effect?

The CCPA becomes effective on January 1, 2020 and will be enforceable on July 1, 2020. The following sanctions can be imposed.

Companies that become victims of data theft or other data security breaches can be ordered in civil class action lawsuits to pay statutory damages between $100 to $750 per California resident and incident, or actual damages, whichever is greater, and any other relief a court deems proper, subject to an option of the California Attorney General’s Office to prosecute the company instead of allowing civil suits to be brought against it.

A fine up to $7,500 for each intentional violation and $2,500 for each unintentional violation.

Can Vizergy help with my CCPA compliance?

Vizergy takes privacy and data protection very seriously. Vizergy has taken steps to enable consumers to exercise their rights under California’s Consumer Privacy Act (CCPA), AB 375, which goes into effect on January 1, 2020. In addition, as required by the CCPA we implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect personal information.

How does the Vizergy platform leverage cookies?

GDS, Vizergy Responsive Reservation System

Requires the use of a Cookie throughout the online reservation process. Without Cookies we will not be able to keep information you enter on multiple pages together. For example, unless we can remember the dates you used in your hotel search, we will not be able to check room availability. Cookies also enable us to customize our Web site and offerings to your needs and provide you with a better online experience.

Session: Forms, Special forms management, Enhanced email widget – email capture, Modal pop-up & Persistent: Personalization module

The types of Cookies that we use are referred to as “session” Cookies and “persistent” Cookies. Session Cookies are temporary and are automatically deleted once you close your internet browser. Persistent Cookies remain on your computer hard drive until you delete them or are otherwise removed upon expiration. We do not use Cookies to ascertain any personally identifiable information about you apart from what you voluntarily provide us.

Google Ads/Bing Ads, PPC, Keyword targeting, Device targeting, Geo targeting, Language targeting, Display Remarketing (in house, not Sojern)

We may use third-party advertising technology to serve ads when you visit our Web site and sites upon which we advertise. This technology uses information about your visits to this Web site and the sites upon which we advertise, (not including your name, address, or other personally identifiable information), to serve our ads to you. While serving our advertisements to you, a unique third-party persistent Cookie may be placed or recognized on your browser.

Remarketing Ads

Cookies are used for remarketing ads but we exclude EU countries from remarketing, so they won’t see the ads.

Analytics, Email marketing (self service)

We may use pixel tags (also known as “clear gifs,” “beacon gifs,” etc.). Pixel tags are not visible to the user of the Web site and consist of a few lines of computer coding delivered with the Web page. Pixel tags are not used to collect any personally identifiable information about you apart from what you voluntarily provide us. Our email service provider may use pixel tags to improve customer service, learn how visitors use our Web site, know how many users open an email and allow our service provider to compile aggregated statistics about an  email campaign for us. Pixel tags may also allow us to better target interactive advertising, enhance customer support and site usability, and provide offers and promotions that we believe would be of interest to you.

What if my business receives a request from a California resident related to their rights under the CCPA?

Please speak with your Vizergy account management team, call us at 904-389-1130, or send an email to privacy@vizergy.com to talk with a specialist. You should also engage your data protection team or Data Protection Officer (DPO) and if in doubt seek legal counsel for additional guidance.

Right to know all data collected, including what categories of data and why it is being acquired, before it is collected, and any changes to its collection.

We will work with you to provide a copy of any personal data (using secure transfer) for the resident, that we have collected through a Vizergy marketing service.

We will work with you to rectify any incorrect personal data for the resident, that we have collected through a Vizergy marketing service.

Right to request deletion of their data

We will work with you to delete any personal data for the resident, that we have collected through a Vizergy marketing service. Please note that if the data must be retained for other legal purposes then the right to deletion request may be declined.

The right to opt-out

We will work with you to cease processing any personal data for the resident, that we have collected through a Vizergy marketing service.

Other Tips:

1. Consent to use a person’s information must be clearly explained and there must be a positive opt-in. A pre-ticked opt-in box is not a valid consent.

  • The goal is to explain the value of why certain data is being collected, which will lead to consent in most cases. For example, you may request a person’s birth date so that a promotion related to someone’s birthday can be sent.
  • The ability to opt-out should be as easy to perform as it was to opt-in.
  • If personal information was previously obtained without clear consent, then it should be carefully reviewed by the client for possible deletion.

2. A privacy notice should be presented to individuals who engage with your brands detailing how you collect and use information.

  • It is recommended that the client’s legal counsel and/or data protection team develop, review, and maintain their privacy policy.

3. Collected personal information must be relevant and limited to what is necessary.

4. Do not keep personal information any longer than necessary.

5. Have a data protection policy and data breach response plan in place that meets the requirements of the CCPA.

6. Seek expert advice or legal counsel as needed.

 

References:

https://oag.ca.gov/privacy/ccpa

https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act

Privacy Management Software

https://www.onetrust.com/

Tagged In:

Related Posts

Putting OTAs in your Digital Marketing Mix

February 07, 2023
View of hotel balconies

Do You Need to Update Your Website?

March 20, 2023
woman sitting on bed, sipping from a mug, on a laptop
Blog Home

Search

Clear Search

Categories

Tags