Login
Export XLSX
Share
Copy URL
California Consumer Privacy Act (CCPA) Right of Access
Compliance
The law applies to people and organizations doing business in the State of California that (a) have annual gross revenues in excess of $25 million, (b) handle the personal information of at least 50,000 consumers or devices, or (c) derive 50 percent or more in annual revenue from selling consumers’ personal information.
The law only protects California consumer residents as defined in Section 17014 of Title 18 of the California Code of Regulations.
The law does not apply to the collection or sale of personal information if every aspect takes place wholly outside of California. Meaning the business collected information while the consumer was outside of California and no personal information collected while the consumer was in California is sold.
CCPA PRIVACY NOTICE
APPLICABILITY:
The California Consumer Privacy Act of 2018 ("CCPA"), the California Privacy Rights Act of 2020 effective January 1, 2023 ("CPRA"), any other California privacy laws, and this CCPA Notice apply to visitors, employees, users, applicants for employment, and independent contractors, and others who are California residents ("consumers" or "you"). Any terms defined in the CCPA and CPRA have the same meaning when used in this CCPA Notice. This CCPA Notice applies to California residents’ Personal Information, which we collect directly or indirectly while using our service or in order to provide our services, or employee and business-to-business Personal Information. This CCPA Notice is an integral part of our Privacy Policy, and thus, definitions used herein shall have the same meaning as defined in our privacy policy.
PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:
(A) CATEGORIES OF PERSONAL INFORMATION WE COLLECT
We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below. Personal Information further includes Sensitive Personal Information ("SPI") as detailed in the table below. Personal Information does not include: Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; De-identified or aggregated consumer information; Information excluded from the CCPA’s or CPRA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994. We have collected the following categories of personal information within the last twelve (12) months:
Category A: Identifiers. Data Collected:
Primary Data Collection: A real name, alias, unique personal identifier, online identifier, Internet Protocol address, email address.
Secondary Data Collection:
- Real name
- Alias
- Postal address
- Unique personal identifier
- Online identifier
- Internet Protocol address
- Email address
- Account name
- Social Security number
- Driver's license number
Usage: Genealogy, research, User validation, privacy, security, fraud prevention, business use, employment validation, CRM and business use
Category B: Personal information categories
Listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Primary Data Collected: A name, telephone number, email addressSecondary Data Collection:
- Name
- Signature
- Social Security number
- Physical characteristics or description
- Address
- Telephone number
- Passport number
- Driver's license or state identification card number
- Insurance policy number
- Education, employment, employment history
- Bank account number
- Any other financial information
- Medical information
- Health insurance information
Usage: Genealogy, research, Business use, healthcare, employer data, CRM
Category C: Internet or other network activity
Secondary Data Collection:
- age
- race
- ancestry
- national origin
- citizenship
- religion or creed
- marital status
- medical condition
- physical or mental disability
Usage: Genealogy, research, CRM and business use
Category D: Professional or employment-related information
Secondary Data Collection: Records of products or services purchased or considered, consumer history or tendencies
Usage: Shop, CRM, improve search results, research, and business use
Category E: Biometric Information
Secondary Data Collection: Biometric information includes fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data
Usage: security, privacy, and business use
Category F: is internet or other similar network activity
Secondary Data Collection: Browsing history, search history, consumer interaction with a website, application, or advertisement
Usage: Advertising, business use, improve search results
Category G: Geolocation Data.
Primary Data Collected: approximate geolocation, address
Usage: User validation, security and business use
Category H: Sensory Data
Secondary data may be collected: audio, electronic, visual
Usage: within the app or user uploads and for business use
Category I: Professional or employment-related information
Secondary data may be collected: name, address, email address, or Social Security number
Usage: Job board, employment, business use, user profile, user directory, CRM, user validation
Category J: non-public education information
Secondary data may be collected: Student financial information, Student schedules, Student identification codes, Student disciplinary records, Grades, Transcripts, Class lists
Usage: Schools, PTO, fundraisers, CRM, education system management
Category K: Personal Information Inferences
Secondary data collection: behaviors, preferences, aptitudes Usage: Training, Shopping recommendationsCategory L: Sensitive Personal Information
Data Collection: Government-issued identifiers such as social security numbers, financial account details, including debit card or credit card numbers (are processed by a secondary processor such as Stripe, PayPal, and Venmo), genetic data, race, ethnicity, relivious or philosophical beliefs, contents of mail, email and text messages, biometric data such as fingerprints, faceprints, voiceprints, iris or retina scans, health dataUsage: Background checks, payment processing, account planning, reports, geneology, research, volunteer management system, events management, calendar, jobs, employer data, business use, CRM, communication system, VOIP, email messaging, text messaging, Marketing services
(B) CATEGORIES OF SOURCES OF PERSONAL INFORMATION
Indirectly from activity on our website and app: when you use our website, we will collect your Identifiers. Directly from our users: For example, when the users contact us, when use our App's services and provide us their information and the Contac's information. From third-parties: For example, from vendors who assist us in performing services for users, internet service providers, data analytics providers and data brokers. Publicly accessible sources.
(C) USE OF PERSONAL INFORMATION
We may use the Personal Information collected as identified above, for the following purposes: To fulfill or meet the reason you provided the Personal Information (support, respond to a query, etc.); monitor and improve our services; provide the services; marketing our services; analyzing our services and your use of the services and website; respond to law enforcement; or otherwise as detailed in our Privacy Policy. We will not collect additional categories of personal information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
(D) DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE
We may disclose your Personal Information to a contractor or service provider for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract, we further restrict the contractor and service provider from selling or sharing you Personal Information. In the preceding twelve (12) months, we disclosed the following categories of Personal Information for a business purpose We Share Personal Information of Category A, Category B and Category G we collect from our users and Contacts with our affiliate company: Lusha Systems Ltd., for a business purpose that includes a verity of services provided to us by Lusha Systems Ltd.: debugging, security, fraud prevention, enrichment, development, support. We Share Personal Information of Category A, Category B and Category G we collect from our users and Contacts with our service providers which provide us with the following services: Cloud computing, storage, operations, We may disclose all of the Personal Information we collect from you with Government Entities/Law Enforcement if we requested to do so. We may share Personal Information of Category B which we collect from Caller ID App end users with other users of our Caller ID App
(E) SALE OR SHARE OF PERSONAL INFORMATION
The definition of "sale" and "share" under the CCPA is broad, under this definition the Company has sold Personal Information in the last twelve (12) months the Personal Information listed in Category B. We share the contacts’ information, the name and phone number as provided by our App users, with Lusha System Ltd. which provides us with the enrichment data, so that we can add professional information such as title, job and position to our users’ contact list. This is considered a sale under the CCPA. We offer all consumers the same ability to opt-out of the sale of their Personal Information that is available to California residents under the CCPA.
(F) CHILDREN UNDER AGE 16
We do not knowingly collect information from children under the age of 16 without parental input and consent.
(G) DATA RETENTION
The retention periods are determined according to the following criteria: For as long as it remains necessary in order to achieve the purpose for which the Personal Data was initially processed. For example: if you contacted us, we will retain your contact information at least until we will address your inquiry. To comply with our regulatory obligations. For example: transactional data will be retained for up to seven years (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes. To resolve a claim we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
Business Purposes for shared information
Include but are not restricted to auditing, detecting security incidents and protecting against fraud, debugging errors that impair intended functionality, short term use provided it is not disclosed to third party or used to build a profile, performing services such as customer service, order fulfillment, payment processing, advertising or marketing, analytics and similar services, internal research for technology development, quality control activities.
PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA AND HOW TO EXERCISE THEM (H) YOUR RIGHTS UNDER THE CCPA
If you are a California resident, you may exercise certain privacy rights related to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law. We may limit our response to your exercise of these privacy rights as permitted under applicable law, all as detailed below and the in the Data Subject Request Form available here. The right to know what Personal Information the business has collected. The right to know what Personal Information the business has collected about the consumer, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer. This information is available herein and in our privacy policy.
Access Rights.
You may access and request a copy of the specific personal information collected by us about you.
Deletion Rights.
The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions. You may exercise this right directly from our App settings by clicking "Delete Account" and then uninstall the App. Correct Inaccurate Information. The right to correct inaccurate Personal Information that a business maintains about a consumer which can be done through the App settings. We may retain a copy of some personal information in order to maintain an opt-out list, blocked list, and for security and fraud prevention; or to complete help requests. In order to fully delete your data from the system, you may have information retained from other businesses and will need to contact each business directly to remove you from sales and marketing lists. Non-business users may retain a copy of your personal contact information in the system under contacts. To correct your information please visit your user profile. Businesses can refuse to delete personal information if it is needed to complete transactions, detect security issues or comply with legal obligations.
Timeline to Delete
Section 1798.145(g)(1) provides for 45 days to respond to a verifiable consumer request. The period may be extended up to 90 additional days where it is necessary due to complexity and the number of requests. Businesses must inform the consumer of the extension within 45 days. If the business is not going to delete the information, it must inform the consumer without delay (and in no event longer than the time period permitted for response) the reason for refusal and any right to appeal.
Exceptions to Delete
- Transactional
- Security
- Errors
- Free Speech
- CalECPA Compliance
- Research in the Public Interest
- Expected Internal Users
- Legal Compliance
- Non-Business or Individual Use
Security Exception
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
Individual Use and Non-Business Entities
The system may be used by personal users and non-business entities such as schools, researchers and government entities. The CCPA does not require individuals or non-business entities to delete personal information. Personal information does not include deidentified, aggregated, or pseudonymized information.
Research Data
Public or peer-reviewed scientific, historical, or statistical research provided with prior informed consent might not be deleted if it would seriously impair the ability to complete the research (significantly hinder the research process) for public interest. Compliance for research is adhered to with other ethics and privacy laws.
When a Business Collects Personal Information for the Research:
If the research is using personal information collected from a consumer in the course of interactions with a business’ service or device for other purposes, then nine conditions must be met. This condition is contained in the definition of research. The nine conditions are:
1. Information collected for a compatible business purpose
2. Information pseudonymized and deidentified, or deidentified and in the aggregate.
3. Technical safeguards prohibit reidentification.
4. Business processes prohibit reidentification.
5. Business process prevent inadvertent release of deidentified information.
6. Protected from reidentification attempts
7. Used solely for research purposes compatible with the purpose of the collection.
8. Not used for commercial purposes
9. Security controls limit access to the research data only to necessary individuals.
Opt-Out of Sharing for Cross-Contextual Behavioral
The right to opt out in the California Consumer Privacy Act gives consumers the ability to direct a business not to sell their personal information to a third party. This section does not stop a business from distributing the data within the organization that collected it (even to different business units). It also does not stop all transfers to third parties as businesses can continue to provide personal information to their service providers pursuant to a written contract that meets the law’s requirements. Further, they can continue to provide data that does not meet the definition of personal information.
Advertising.
You have the right to opt-out of the "sharing" of your personal information for "cross-contextual behavioral advertising," often referred to as "interest-based advertising" or "targeted advertising." Opt-out of advertising from your user profile. To opt-out of advertising from a company who uses this system please use the CCPA policy for that company. We may retain a copy of some personal information in order to maintain an opt-out list.
Opt-out from selling.
The right to opt-out of the sale or sharing of Personal Information by the business, as further detailed below. Opt-out via your user profile. To opt out of selling from a company who uses this system, use their policies. We may retain a copy of some personal information in order to maintain an opt-out list.
Limit the Use or Disclosure of SPI.
Under certain circumstances, If the business uses or discloses SPI, the right to limit the use or disclosure of SPI by the business.
Non-Discrimination.
The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information. You may freely exercise your privacy rights without fear of being denied the Services.
Data Portability.
You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.
To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.
Children's Data Opt-in Consent
Children under the age of 16 years old must collect opt-in consent starting on January 1, 2020 in order to sell the personal information of a consumer under the age of 16 years old. Between 13 and 16 years of age, the consumer must affirmatively authorize the sale of their personal information. If the child is under the age of 13 years old, a parent or guardian must affirmatively authorize the sale of information. This system complies with CCPA Opt In Consent for Children's Data and Children's Online Privacy Protection Act (COPPA).
(I) HOW CAN YOU EXERCISE THE RIGHTS?
You may opt out of Sharing or Selling Personal Information through our opt-out webpage or within the App settings, by opting out from enrichment data services and stopping use of all app, partner services and rights to data. Otherwise please submit a request to exercise your rights using the Data Subject Request Form available here and send the form to privacy@aco.digital The Instructions for submitting, the general description of the process, verification requirements, when applicable, including any information the consumer or employee must provide are all detailed in the Data Subject Request Form available here. To exercise your rights for a company who uses this system please contact that company and follow their CCPA policy.
(J) AUTHORIZED AGENTS
"Authorized agents" may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures
- a. When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following: Provide the authorized agent signed permission to do so or power of attorney. Verify their own identity directly with the business. Directly confirm with the business that they provided the authorized agent permission to submit the request.
- b. A business may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
(K) NOTICE OF FINANCIAL INCENTIVE
We offer financial incentives to consumers for providing Personal Information. Usage: Referrals
Financial incentives are not offered as a different price for providing data to existing users or for discrimination.
Financial incentives are not offered as a different price for providing data to existing users or for discrimination.
PART III: OTHER CALIFORNIA OBLIGATIONS
Do Not Track
Settings:
Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the "Do Not Track" settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we so not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.
California’s "Shine the Light" law (Civil Code Section § 1798.83): permits employees that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us the Data Subject Request Form through our contact form or edit your user data within your user profile. Company collected data in the CRM must be requested to be edited or disclosed via each company.
Additional Terms
Additional terms at http://www.aco.digital/terms and http://app.aco.digital/tosLast Updated OCTOBER 2024
CONTACT US:
Privacy@aco.digital By Mail: Agency Couture, LLC P.O. Box 422 Knoxville, Iowa 50311
UPDATES: As required under the CCPA, we will update our Privacy Policy every 12 months. The last revision date will be reflected in the "Last Modified" heading at the top of this Privacy Policy.