Trackier and the CCPA

Last updated: Nov 07, 2019


Trackier’s commitment to data privacy and protection


Trackier believes privacy and protecting data are core aspects of trust in today’s technology world. We take our own data protection commitment to you and your customers very seriously. We are acutely aware that we need to earn and maintain your trust on a daily basis.


Trackier is committed to protecting your privacy and sees CCPA as an opportunity to strengthen our commitment even further. We don’t collect & process users’ personal information beyond what is required for the functioning of our services, and this will never change.


Trackier has put in place processes and procedures to comply with the various provisions of CCPA—consumer rights, data protection addendum, data deletion, data retention, and pseudonymization, which align with our core values of customer trust and data privacy.



What Is the CCPA?


The California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. (CCPA) is a U.S. law that was enacted in 2018 in the State of California. Generally, it expands upon the privacy rights available to Californian citizens and listing data protection requirements, with which companies must comply.


Similar to the GDPR, the CCPA establishes and enhances consumer privacy rights for California residents and imposes rules on businesses that handle their personal information that relates to, describes, is associated with or can be linked to an individual.


The CCPA grants Californian consumers new rights with respect to the collection of their personal information and requires a business to comply with certain obligations, including:



  1. The consumer’s right to receive a copy, in a readily usable format, of the specific personal information collected about them during the twelve (12) months prior to their request.

  2. The consumer’s right to know a business’s data collection practices, including the categories of personal information it has collected, the source of the information, the business’s use of the information, and to whom the business disclosed the information it has collected about the consumer.

  3. The consumer’s right to have such personal information deleted.

  4. The consumer’s right to know the business’ data sale practices and to request that their personal information not be sold to third parties.

  5. A prohibition on businesses on discrimination for exercising a consumer right.

  6. An obligation on businesses to notify a consumer of their rights.


Data Privacy and Information Security Certifications

We have been certified for the following certifications to ensure CCPA preparedness:


  1. ISO 27001:2013 Information Security Management Systems [ISMS]: ISMS ensures a systematic approach to managing sensitive company information so that it remains secure. ISMS includes people, processes, and IT systems by applying a risk management process.

  2. BS 10012:2017 Personal Information Management System [PIMS] & Privacy Regulation Compliance: BS 10012 helps organizations in managing risks to the privacy of personal information and implement necessary policies, procedures, and controls to help ensure compliance with data protection legislation.


How does the CCPA apply to Trackier customers?


Trackier customers that collect, and store personal information are considered “Businesses” under the CCPA. Businesses bear the primary responsibility for ensuring that their processing of personal information is compliant with relevant data protection law, including the CCPA.


Trackier acts as a “Service Provider,” as such term is defined in the current version of the CCPA, and shall collect, access, maintain, use, process and transfer the personal information of our customers and our customer’s end-users solely for the purpose of performing our obligations under our existing contract(s) with our subscribers; and, for no commercial purpose other than the performance of such obligations and improvement of the Services we provide.




What We Are Doing to Ensure You Can Use Trackier Product in a CCPA Ready Manner


The CCPA is focused on organizational compliance instead of product-level compliance. However, we attach the utmost importance to how we build our products and have adopted a Privacy and Security by Design approach. Our products are designed with privacy and security in mind and as a core component of our development process.


As a business, you will need to ensure you are compliant with your own obligations under the CCPA. However, if you buy a Trackier Services, we aim to ensure that you can use our Services in a CCPA-Ready manner, helping you to satisfy your obligations under the CCPA. For example, we design our products to facilitate data minimization and provides better insight into and control over your data flows in order to make it easier for you to satisfy your CCPA obligations as a business.



Does Trackier sell personal information?


We do not “sell” our customer’s personal information as currently defined under the CCPA, meaning that we also do not rent, disclose, release, transfer, make available or otherwise communicate that personal information to a third party for monetary or other valuable consideration. We may share aggregated and/or anonymized information regarding your use of the Service(s) with third parties to help us develop and improve the Services and provide our customers with more relevant content and service offerings as detailed in our customer agreements.



What guidance can Trackier provide regarding the CCPA?


Trackier cannot provide legal advice to customers regarding the CCPA at this time. Customers should consult their legal counsel on how the CCPA specifically applies to them and how to achieve their own compliance.


Trackier values our customers’ trust, and we share the same concerns as our customers over the privacy of our customers’ information. As part of its robust privacy program, Trackier has mapped its global privacy practices to E.U. data privacy law.


For information on these practices and the functionality we provide to support our customers’ compliance, please visit the rest of our Privacy Policy, Cookies Stored by Trackier, How to Opt-out, and Data Deletion Policy. These resources detail the privacy and security measures undertaken by Trackier to protect its customers’ personal information, our data retention/deletion policies, and features available in our Services that enable our customers to comply with their end-user privacy requests.



You can also learn more about our privacy practices here. You can obtain our current Data Processing Addendum here.


Privacy and information protection act FAQ


Frequently Asked Questions about the California Consumer Privacy Act (CCPA).


1. What is CCPA?


The California Consumer Privacy Act (CCPA) is created to protect the privacy and personal information of consumers. The CCPA initiative states that the act is intended to “give Californians the ‘who, what, where, and when’ of how businesses handle consumers’ personal information.” The act requires businesses to tell consumers what information its collecting and gives consumers the right to say no to the sale of their personal information. It will also allow consumers to sue companies if their personal information is breached.


2. Who does it apply to?


CCPA applies to any organization that works with the personal information of California residents. This law introduces new obligations for business processing information while clearly stating the accountability of business information controllers.


3. Where does the CCPA apply?


This law doesn’t have territorial boundaries. It doesn’t matter where your organization is from — if you process the personal information of consumers of California, you come under the jurisdiction of the law.


4. What are the penalties for non-compliance?


The CCPA is enforced primarily by the California attorney general, who may seek civil penalties of up to $2,500 per violation or up to $7,500 per intentional violation. The law, however, also provides a private right of action for certain data breaches arising from violations of California’s data security law. Affected California residents can seek $100 to $750 in statutory damages per individual per incident or actual damages, whichever is greater.


4. What are the penalties for non-compliance?


The CCPA is enforced primarily by the California attorney general, who may seek civil penalties of up to $2,500 per violation or up to $7,500 per intentional violation. The law, however, also provides a private right of action for certain data breaches arising from violations of California’s data security law. Affected California residents can seek $100 to $750 in statutory damages per individual per incident or actual damages, whichever is greater.


5. Who are the key stakeholders?


Consumer- The CCPA defines “consumer” as “a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, however identified, including by any unique identifier.” According to the referenced state regulations, a California resident is any individual who is


  1. “in the state of California for other than a temporary or transitory purpose,”
  2. “domiciled in the state” of California and “outside of the state for a temporary or transitory purpose.”

Business- A sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for profit or financial benefit of its shareholders or other owners, that collects consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California, and that satisfies one or more of the following thresholds:


  1. Has annual gross revenues in excess of twenty-five million dollars ($25,000,000), as adjusted pursuant to paragraph (5) of subdivision (a) of Section 1798.185
  2. Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.
  3. Derives 50 percent or more of its annual revenues from selling consumers’ personal information.

Service Provider- “Service provider” means a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for profit or financial benefit of its shareholders or other owners, that processes information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract, provided that the contract prohibits the entity receiving the information from retaining, using, or disclosing personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business, or as otherwise permitted by this title, including retaining, using, or disclosing personal information for a commercial purpose other than providing the services specified in the contract with the business.


Third Parties- Under the California Consumers Privacy Act (CCPA) entities that process data subject to CCPA but are neither businesses nor service providers are considered ‘third parties’ (See, Section 1798.140(w) of the California Civil Code).


Under 1798.115 (d) of the California Civil Code, a third party shall not sell personal information about a consumer that has been sold to the third party by a business unless the consumer has received an explicit notice and is provided an opportunity to exercise the right to opt-out.



7. Where is my information located?


The data of Trackier.com customers will reside in the US with IBM Softlayer and Google Cloud Platform (GCP).


8. Comparison with GDPR


The European Union has been at the forefront of consumer privacy since the 1996 Data Privacy Directive to the current GDPR, which provides even greater privacy rights to EU residents. Some even refer to the CCPA as California’s GDPR. While there a number of similarities between the two, there are also many differences. Table 1 provides a comparison. Companies that implemented GDPR-level compliance can leverage parts of their program to meet CCPA requirements. However, additional program development for CCPA will still be required.


CCPA compared to the European Union’s GDPR
California CCPA EU GDPR
Scope Rights, disclosure, transparency Omnibus -covers much more
Personal Information Broader-includes households and devices Includes personal data as well as special categories
Rights Rights to access and deletion broader Similar rights to erasure
Security Not Included Procedures for protecting information
Disclosures Specific requirements for disclosure Less prescriptive
Data Sharing More restrictive -but no rules for transfers outside the USA Restriction on data transfers outside of specific countries
Privacy By Design/Default Not Includes Required
Data Protection Impact Assessment Not Includes Required if Criteria met
Breach Notification Not Includes 72-hours requirements
Data Protection Officer Not required Required if Criteria met
Enforcement Attorney general and Litigators. Privacy regulators

9. Where can I find additional resources on CCPA?

Here are some links you can refer to for additional reading on the CCPA:

Note:

Trackier is not responsible for the above mention link in section 9.

Please feel free to ask questions and share concerns with us at support@Trackier.com


Choose Privacy. Choose Trackier.



Enterprise-Grade Data Security You Can Trust

With certifications such as ISO 27001 and BS 10012, Trackier upholds a high level of data privacy and security, as expected by world-class businesses.

Get Started with Trackier today

We guarantee you will not use any other service like ours. It’s that good!