The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020.
The CCPA is intended to enhance privacy rights and consumer protection for residents of California, USA. Similarly to the GDPR, the CCPA doesn’t apply only to companies doing business in California, but it affects all businesses managing and processing of personal information of California’s citizens. More information can be found in the text of the Act, here.
Although, the CCPA draws enough similarity with the GDPR, it’s still a distinct regulation that requires further scrutiny by companies dealing with personal data of Californian citizens.
This article aims to explain how we at Smartlook relate to the CCPA and personal data processing—so you (as our customer, user, client) can evaluate where you stand with regard to this legislation. Please note that this article is for information purposes only—don’t use it as a piece of legal advice.
You should consult legal counsel to determine how the CCPA applies to you and your business.
What does the CCPA mean for Smartlook and you?
Within the CCPA, Smartlook is defined as a “service provider,” while you, our customers, are defined as the “business”. In the CCPA context, we’ll process all your users’ personal information, for business purposes for you.
As we noted in our Data security policy, keeping data secure is paramount to Smartlook. As such, we’ve held ourselves to a standard which not only complies with all legal requirements, but also takes steps to ensure trust and safety of our customers’ data.
We always handle our customers’ data only within the scope permitted by the relevant regulation and by our customers. We’ll not sell any of our customers’ data to third parties.
Our WEB SDK is written with privacy-first in mind, therefore we do not record any potentially sensitive data by default. This means that inputs, IP addresses, on-page emails and long numbers are not recorded unless you enable it explicitly via record API.
If you want to access and work with personally identifiable data from Californian citizens onwards, you’ll need to provide us with evidence that you’ve received your end user’s consent to process their personal data (as noted in our documentation here).
Review the Data Processing Agreement (DPA), which, according to our Terms of Service, applies whenever you process personal data. The DPA can be reviewed here.
Additionally, the CCPA provides end users with some rights that need to be respected. And we can help you with this as well.
The end users’ rights
The CCPA provides end users the rights to request from businesses (operating in California) a full disclosure of all collected information about them; and the power to decide whether their data may can be shared, stored, sold, and ultimately, removed.
In case any of your users want a full of disclosure of personal data stored in your Smartlook project, you must use our filter feature (to filter by IP or email or any other identifier). This will help you discover what kind of information has been collected about a particular user. Please note, if we haven’t processed the queried identifiable information previously (including your verified consent and signed DPA), the use of filters will be redundant as any users’ information will be anonymized by default.
If your users request data removal—we can, upon your request, delete all the records related to that specific user from our databases and send you verification of that action, upon completion. All you’ve to do is reach out to the Smartlook team and submit a ticket.
Need more information?