The California Consumer Privacy Act (CCPA) of 2018 came into effect on Jan 1, 2020. Zinrelo is CCPA compliant. At Zinrelo, we’ve worked hard to prepare for CCPA, to ensure that we fulfill its obligations and maintain our transparency about customer messaging and how we use data.
We have worked with our teams and lawyers to figure out how to convert CCPA legal provisions into tangible actions. We’ve been asking lots of questions, and our customers have been asking us questions. Here’s an overview of CCPA, and how we have prepared for it at Zinrelo:
CCPA stands for California Consumers Protection Act 2018. It is the most recent cookie law passed by the State of California as a response to the increased role of personal data in contemporary business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.
The California government set the precedent among states in the US in passing laws aimed at protecting consumer privacy.
Does CCPA affect my company?
Yes, most likely. If you hold or process the data of an any person in CA, the CCPA will apply to you, whether you’re based in the CA or not.
How has Zinrelo prepared for CCPA?
Our teams have worked to define our CCPA roadmap. There has been a thorough review of our processes to make sure we’re meeting our legal obligations, and doing the best thing for our Clients while still letting us move fast, scale and build great products.
Zinrelo Clients typically use the Zinrelo loyalty platform technology to launch a loyalty program for their end customers. They control what data is collected from the end-customer. Zinrelo is simply a data processor that processes data when explicitly instructed by Clients. Zinrelo does not sell end-customer data to third parties. So many provisions of CCPA do not apply.
Regardless, here are the main things we’ve been doing to ensure we’re setting up ourselves and our customers up to meet CCPA obligations:
We have built new features:
Our teams have built the necessary features that will enable our Clients to easily meet their CCPA obligations.
Zinrelo can help you meet your data portability requirements for CCPA, you can easily export all of your data or granular subsets linked to an individual and permanently all data linked to an individual user.
Information about the selling of your users’ data and how to opt-out from the process. Zinrelo does not sell user data.
Method of ensuring a verifiable consumer request for access, change or erasure of data. Zinrelo allows a consumer request to be submitted to access, change or erase data.
Methods for submitting such requests. Email access, change or erasure of data can be sent to email@example.com.
What kind of information you collect and process
Why do you collect and process information
How do you collect and process information
How users can request access, change, move, or deletion of their personal data
The method for verifying the identity of the person who submits a request
Sales of users’ personal data and how they can opt-out of the selling of their data
We’ve appointed a Data Protection Officer
We’ve a dedicated Data Protection Officer to oversee and advise on our data management. Get in touch by emailing firstname.lastname@example.org.
We’re taking new security measures
Security is a priority for us. We have regular external audits and pentests and bug bounties. We have implemented a robust Information Security Policy to protect our Clients’ data. While we do not have official ISO certification, our Information Security Policy is modeled on the guidelines of ISO 27001 and ISO 27002 requirements. A copy of our Information Security Policy document is available upon request.
Is CCPA the California version of the GDPR?
No, it is not. The government of California may have used the momentum created by the introduction of EU’s General Data Protection Regulation (GDPR) to augment the ePrivacy Directive, but the CCPA requirements are not as extensive as the GDPR cookie consent obligations. The GDPR shares similarities with other data privacy laws introduced recently, but they have substantial differences.
These differences include the entities they cover, information required in privacy policies, prior consent, and sales of personal information. Zinrelo is GDPR-compliant as well.
Our company is GDPR-compliant. Does it mean that we are CCPA-compliant as well?
However, rest assured that Zinrelo service is CCPA compliant. Zinrelo has the necessary mechanisms to handle customer data in a CCPA compliant manner.
A final note
We are working hard to help our Clients and prospective Clients be CCPA compliant. Feel free to reach out to us at email@example.com if you have any questions about CCPA – we would be happy to chat about it.
Here are some additional CCPA links that you might find useful:
Please reach out to us at firstname.lastname@example.org if you have any questions.