Note – This is an attempt to describe the California Consumer Privacy Act (“CCPA”) in a very simple way and is not, nor is it intended to be taken as, legal advice. Please seek the advice of legal counsel if you want to learn more about how the CCPA might impact your business.
If you have received an email that says, “Powered by Donesafe,” and you are not a Donesafe customer, but wish to exercise your California Privacy Rights, please contact the business who sent you the email for instructions. As a Service Provider, Donesafe is obligated by law to handle personal information only upon the instructions and with the authorization of Donesafe customer(s). If you are unsure of the Donesafe customer to contact in order to exercise your California Privacy Rights, please look at the name of the business and/or email address from which the communication originated.
If you are a California resident, and a Donesafe customer or Donesafe has previously communicated with you about becoming a Donesafe customer, and you wish to exercise your rights under the CCPA, please email us a firstname.lastname@example.org.
What is the CCPA?
The California Consumer Privacy Act or the “CCPA” is a California law that is designed to allow for greater privacy controls and transparency in data practices in response to the increased role of technology and data practices in consumers’ lives. The law applies to the personal information of California residents.
When did the CCPA take effect?
The CCPA goes into effect January 1, 2020.
Who does the CCPA apply to and what does it cover?
The CCPA applies to “businesses” that collect “personal information” of California residents and that meet any of the following three thresholds:
- Have a gross annual revenue that exceeds $25 million
- Buy, receive, sell or share personal information of 50,000 or more consumers, households or devices
- Derives 50% or more of its annual revenue from selling personal information
Notably, a business does not have to be physically located in California for the CCPA to apply. The law applies broadly and protects California residents (“consumers”), even if the business is located outside of California. “Personal information” is also very broadly defined and includes “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer.”
What changes happened with the CCPA?
Note: This section summarizes some of the notable provisions of the CCPA, but it is not intended to be exhaustive or constitute legal advice.
A significant new obligation under the CCPA is the requirement to allow consumers to opt out of “sales” of personal information. Put simply, a “sale” of personal information involves a disclosure of personal information to a third party (who is not just a service provider to you) in return for money or some other form of value. Businesses that “sell” personal information of California residents must post a link on their website that allows consumers to opt-out of the sale of their information (“Do Not Sell My Information”).
How does Donesafe fit into all of this?
In the way Donesafe provides the Donesafe platform and its services to you, we act as what is called a “service provider” with respect to those of our customers who are considered “businesses” (as described above) under the CCPA. This means that you remain in control of your customers’ or users contact data and we only handle that data in order to provide our services to you or on your instructions and don’t otherwise use, disclose, or sell your customers’ or users personal information without checking with you (unless allowed or required by law).
How to Exercise Your California Privacy Rights
PLEASE NOTE: Donesafe offers an online platform by which its customers can send emails to their business contacts and users. This means that emails you received saying “Powered by Donesafe” likely did not come from Donesafe, but one of our customers.
If you are not a Donesafe customer and wish to exercise your CCPA Privacy Rights, you must contact the individual or business that sent you the email, NOT Donesafe.
As a service provider, Donesafe is obligated by law to handle personal information only upon the instructions and with the authorization of Donesafe customer(s). If you are unsure of the Donesafe customer to contact in connection with your California Privacy Rights, please look at the name of the business and/or email address from which the communication originated.
If you have a current Donesafe account, are a resident of California, and wish to exercise your California Privacy Rights, you can do so by emailing “Exercise My CCPA Rights/Do Not Sell My Data” below.
If you are a former Donesafe customer or if we have previously communicated with you about becoming a Donesafe customer and you no longer wish to receive messages from us, please click the unsubscribe link in the email we sent you.
If you are a resident of California and either are a former Donesafe customer or you have received email communications from us about becoming a Donesafe customer and you wish to exercise your California Privacy Rights, you may submit a request by emailing email@example.com