The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020.
The CCPA is intended to enhance privacy rights and consumer protection for California residents. Like GDPR, the CCPA doesn’t apply only to companies doing business in California, but to all businesses managing and processing personal information of residents of California. More information can be found on the California Legislature website.
Even though the CCPA is very similar to GDPR, it requires further scrutiny by companies doing business in California.
This article aims to explain how Smartlook complies with the CCPA and personal data processing, so you can evaluate where you stand with regard to this legislation. Please note that this article is for informational purposes only.
You should consult legal counsel to determine how the CCPA applies to you and your business.
What does the CCPA mean for Smartlook and you?
Within the CCPA, Smartlook is defined as a service provider, while you, our customers, are defined as the business. In the CCPA context, we process your user data for business purposes on your behalf.
As we noted in our Data security policy, keeping data secure is paramount to Smartlook. As such, we’ve held ourselves to a standard which not only complies with all legal requirements, but also takes steps to ensure the trust and safety of our customers' data.
Smartlook handles customer data only within the scope permitted by the relevant regulation and by our customers. Smartlook does not sell any of customer data to third parties.
Our WEB SDK is written with privacy-first in mind, therefore we do not record any potentially sensitive data by default. This means that inputs, IP addresses, on-page emails, and long numbers are not recorded unless you enable it explicitly via the Record API.
If you want to access and work with personally identifiable data from residents of California, you need to provide us with evidence that you’ve received your end user consent to process their personal data. For more information, see Verify user consent.
Review the Data Processing Agreement (DPA), which, according to our Terms of Service, applies whenever you process personal data.
Additionally, the CCPA provides end users with some rights that need to be respected. Smartlook can help you with this as well.
End user rights
The CCPA provides end users the right to request a full disclosure of all collected data on them from businesses that operate in California. End users have the power to decide whether their data may can be shared, stored, sold, and removed.
If any of your users request a full of disclosure of personal data stored in your Smartlook project, you can find this data using the filter. Filter your collected data by IP, email, or other identifier to find what data you have on a particular user. Keep in mind that if the user wasn't previously identified (including your verified consent and signed DPA), all of that user's information is anonymized by default and unable to be filtered.
Smartlook is able to delete all data related to a specific user from our databases at your request. Once deleted, we will send you verification. To delete user data, submit a ticket by emailing firstname.lastname@example.org.
Need more information?