Californian Consumer Privacy Legislation

When captured or contacting data in California, USA. the business must ensure that the consumer remains in control of their personal information under the ‘Shine a Light’ rulings. The business shall adhere to this in the following ways:

1. You must keep the customer informed on:

  • What personal information is held
  • How the business collects the customers personal data
  • Why the business collects the customers personal data
  • Whether the business sells/discloses the data
  • To whom the business are disclosing/selling the information
  • What information the business is disclosing
  • Why the business is disclosing the customers personal information

2. Subject Access Requests.

The business shall inform the customer that they can request to know about the personal information which is held. The business shall inform the customer that they are able to request information on the following:

  • Categories of personal information we have collected along with specific pieces of information we hold
  • Categories of sources from which the personal information was collected
  • Business purposes for collecting of or selling personal information
  • The categories of third parties with whom we share personal information

The business shall have 45 days to respond to the request from the date the request has been received and the business shall allow the requests to be granted twice a year.

3. The ‘Right’ to delete personal information on receipt of a verified request.

The business shall inform the customer of the link to follow to be able to request ‘deletion’ of personal information. However, the business maintains the right to reject this request if it is necessary for the business to maintain the consumers personal information for the following reasons:

  1. To complete the transaction for which the personal information we collected, provide a good or service requested by the consumer ,or reasonably anticipated within the context of  a businesses’ outgoing relationship with the consumer, or otherwise perform a contract between the business and the consumer
  2. Engage in public or peer reviewed scientific, historical or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the business deletion is  likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent
  3. When using the consumers personal information, internally in a lawful manner that is compatible with the context in which the consumer provided the information.

4. Fair Treatment of consumers

The price of goods and services must remain the same where or not the customer requests to use their Privacy Rights. For example, requests to opt out of marketing, personal information being sold or requests access to their personal information.

5. The Business shall list clearly all customer ‘Rights’ in its Privacy Policy

Full range of our polices is available here