Last Updated Date: April 26, 2020
This FAQ is intended for PurpleLab’s Clients & Consumers. You can find more information on acceptable use of our website in our Terms of Use. If you are a consumer, please see PurpleLab’s Consumer Privacy Policy for information about your CCPA rights as they relate to PurpleLab’s services.
This FAQ is for informational purposes only. It is intended to provide information on PurpleLab’s approach to addressing the potential obligations imposed by the CCPA on PurpleLab’s business model. It is not intended to provide legal or business advice to any other company or individual. The obligations imposed by the CCPA depend on how your company collects and uses personal information and you are solely responsible for seeking your own advice as needed for your company’s compliance needs under the CCPA or otherwise.
The California Consumer Privacy Act (CCPA) is a comprehensive privacy law that came into effect on January 1, 2020. The law is enforced by the California Attorney General (AG), who is also tasked with issuing regulations under the CCPA. Enforcement can begin six months after the AG issues final regulations or on July 1, 2020, whichever is sooner.
The CCPA applies across all industry sectors, imposing obligations on companies that handle personal information. The CCPA’s requirements include:
The “sale” opt out right impacts more than just traditional sales of data for money. The CCPA defines “sale” broadly to include many commonplace data sharing arrangements, even where no money is exchanged. However, data sharing with a business’s service provider is not considered a “sale,” as long as certain contractual terms are in place between a business and its service provider.
PurpleLab has been actively assessing its obligations under the CCPA and has a core team focused on leading CCPA efforts, as well as privacy and regulatory in general. This core team has been working closely with outside privacy counsel who focus on CCPA compliance and the changing privacy regulatory environment. Among other activities, PurpleLab is preparing processes for receiving and responding to consumer rights requests we may receive, revising applicable privacy policies, and reviewing and modifying contracts to align with applicable CCPA requirements.
As currently defined under the CCPA, a “service provider” processes California consumers’ personal information on behalf of another business. To be a service provider, the entity must receive the personal information under a written contract that limits the service provider’s processing to purposes specified in the contract or otherwise permitted by the CCPA. A “business” is a for-profit entity that determines the purposes and means of processing California consumers’ personal information and that meets certain thresholds around revenue and similar factors.
Where PurpleLab acts as a service provider, PurpleLab’s privacy policies and terms of use outline how we handle Event Data and Contributed Data, as defined and detailed in our Terms of Use, that you own and provide to us, requiring us to follow your instructions. If you pass along a request to us that a consumer opts out of “sales” (as broadly defined under the CCPA) of their personal information, we will only use Event Data and Contributed Data associated with that consumer request to directly support the services that we provide to you. We will also respond to your request to “delete” a specific consumer’s personal information which is part of Event Data or Contributed Data.
Where PurpleLab may act as a business under the definitions of the CCPA, including with respect to Data, as defined in our Privacy Policy, PurpleLab will respond to any consumer “opt out of sales” requests that you may choose to send to us by not further incorporating the personal information associated with that consumer. Because PurpleLab does not directly interact with consumers, but gains access to certain data automatically as part of the services we provide to our Clients, to help our Clients facilitate consumer “sale opt out” requests if you choose to flow down any requests, PurpleLab will set up a process for you to send along consumer “sale opt out” requests you receive. To help consumers receive appropriate notice about the use of their information at collection, we may ask those who provide us access to certain data to provide written affirmation that you provide consumers with appropriate notice and may ask for an example of the notice.
PurpleLab plans to:
Please visit our Privacy Page on our main website at PurpleLab.com for more information and resources.
1200 Liberty Ridge Drive, Suite 130
Wayne, PA 19087
info@purplelab.com
(484)263-9982
Privacy Policy | Terms |
© Copyright 2020