In this Article
Background
The California Consumer Privacy Act (CCPA) is a state statute regulating how businesses operating in California handle residents' personal information. It grants Californians specific rights regarding their personal information, including the right to:
- Know what personal information is being collected about them
- Request that a business delete their personal information
- Opt-out of the sale of their personal information to third parties
SoundCommerce maintains compliance with CCPA and has a robust process for handling Customer Do Not Track requests.
Information we collect
| Category | Examples | Consumer Data Collected? |
| A. Identifiers. | A real name, alias, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. If you apply for a job through our website, we may collect any contact information (e.g., name, email, address, phone number) that you provide. | YES, if provided by you |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, size information that may provide us with your end users’ physical characteristics or description, address, telephone number. If you apply for a job through our website, we may collect any education or employment history that you provide. Some personal information included in this category may overlap with other categories. | YES, if provided by you |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
| D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES, if provided by you |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
| F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES |
| G. Geolocation data. | Physical location or movements. | YES, if provided by you |
| H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
| I. Professional or employment-related information. | Current or past job history or performance evaluations or job applications. | NO |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
| K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES |
Personal information does not include:
- Publicly available information from government records
- De-identified or aggregated consumer information
- Information excluded from the CCPA’s scope, including without limitation: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Requesting the removal of consumer data
To maintain compliance with the CCPA, both SoundCommerce and its customers have different responsibilities. Working together to ensure all responsibilities are met is crucial for the success of both SoundCommerce and its customers.
Responsibilities
You, the customer, are responsible for alerting SoundCommerce when consumers indicate their desire to have their information deleted. Since there is a time limit on when to address these requests, SoundCommerce encourages its customers to notify us when a request has been made as soon as possible.
SoundCommerce is responsible for deleting the associated Personally Identifiable Information (PII) and informing you once deleted. SoundCommerce aims to delete this data within ten (10) business days of receiving notification of a deletion request. Keep this in mind when submitting requests so that you and SoundCommerce comply with CCPA.
Removal Process
Step 1: Initial Request. Please email privacy@soundcommerce.com and indicate which users’ information should be deleted. This step can generally be done through a list of customers sent in the email or by attaching a spreadsheet with the necessary information. SoundCommerce will expect, at a minimum, a list of email addresses and names.
Step 2: Processing the Request. SoundCommerce will add emails and names to a “Do Not Track” master list for your account. The CUID generation process reads from this “Do Not Track” list and deletes records that match on email (normalized and made lowercase). The CUID process will assign a new anonymous CUID value to the customer record and toggle the “do_not_track” field to “TRUE.” This toggling will nullify PII fields in all downstream views and tables, effectively scrubbing the PII out of SoundCommerce’s database.
Step 3: Validation and Notification. SoundCommerce will validate that the users added to the “Do Not Track” list have had their personal information purged from SoundCommerce. Once validated and confirmed, SoundCommerce will alert the customer via email that the request has been fulfilled.
Additional Resources
- For more information about SoundCommerce’s privacy policy, please refer to SoundCommerce’s privacy policy page: https://soundcommerce.com/soundcommerce-privacy-policy/.
- For more information about the CCPA, please refer to the California government website: https://oag.ca.gov/privacy/ccpa.
Comments
0 comments
Please sign in to leave a comment.