PushAlert CCPA Compliance

PushAlert is committed to data privacy and protection.

PushAlert values data privacy and protection above all else. We are committed to provide data protection and see CCPA as an opportunity to strengthen our core principles and processes.

We do not collect or process users' personal information beyond what is required for the functioning of our service and that too with consent. These are enshrined in our core values and our service is built from the ground up to ensure adherence.

PushAlert has already placed procedures and checks in place to comply with the provisions of the CCPA including consumer rights, data processing addendum, data retention, data deletion, data privacy and pseudonymization.

Similar to GDPR, CCPA outlines consumer privacy rights for California residents and imposes rules on businesses that handle personal data relating to or linked to an individual.

What is CCPA?

The California Consumer Privacy Act of 2018 [1798.100 - 1798.199] (CCPA) is a U.S. law that was enacted in 2018 in the State of California. It expands upon the privacy rights available to California residents, listing data protection requirements, with which companies must comply.

CCPA gives Californian residents new rights in reference to data collection and applies to businesses that process such data, including:

  • The consumer’s right to access the specific personal information collected about them during the twelve (12) months prior to their request.
  • The consumer’s right to know a business’s data collection practices, including the categories of personal information collected, the source of the information, the use and disclosure of such information by the business.
  • The consumer’s right to deletion of such personal information..
  • The consumer’s right to prohibit sale of personal information to third parties.
  • A consumer's right to anti-discrimination for exercising a right.
  • An obligation to notify a consumer of their rights via an online privacy policy which must be updated at least once every 12 months.

How does the CCPA apply to PushAlert customers?

PushAlert customers that collect, process or store personal information of California residents are considered “Businesses” under the CCPA. Businesses bear the primary responsibility of compliance to the relevance data protection law, including the CCPA.

PushAlert acts as a “Service Provider,” as defined in the CCPA, and shall collect, access, maintain, use, process and transfer the personal information of our customers and our customer’s end-users solely for the purpose of performing our obligations under existing contract(s) with our customers; and, for no commercial purpose other than the performance of such obligations and improvement of the Services we provide.

The CCPA will become enforceable on January 1, 2020. We will adapt our practices and procedures necessary to ensure that we will be compliant.

We cannot provide legal advice to customers regarding the CCPA. Customers should consult their legal counsel on how the CCPA specifically applies to them and how to achieve their own compliance. For more information on our data collection and privacy practices, please check our Privacy Policy and Cookies stored by PushAlert

Below is some more information on key stakeholders as described in the current version of the CCPA and the terms discussed above:

  • Consumer – The CCPA defines “consumer” as “a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, however identified, including by any unique identifier.” According to the referenced state regulations, a California resident is any individual who is
    1. “in the state of California for other than a temporary or transitory purpose,”
    2. “domiciled in the state” of California and “outside of the state for a temporary or transitory purpose.”
  • Business – A sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for profit or financial benefit of its shareholders or other owners, that collects consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California, and that satisfies one or more of the following thresholds:
    1. Has annual gross revenues in excess of twenty-five million dollars ($25,000,000), as adjusted pursuant to paragraph (5) of subdivision (a) of Section 1798.185 of the California Civil Code.
    2. Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.
    3. Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
  • Service Provider – “Service provider” means a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for profit or financial benefit of its shareholders or other owners, that processes information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract, provided that the contract prohibits the entity receiving the information from retaining, using, or disclosing personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business, or as otherwise permitted by this title, including retaining, using, or disclosing personal information for a commercial purpose other than providing the services specified in the contract with the business.
  • Third Parties – Under the California Consumers Privacy Act (CCPA) entities that process data subject to CCPA but are neither businesses nor service providers are considered ‘third parties’ (See, Section 1798.140(w) of the California Civil Code).
  • Under 1798.115 (d) of the California Civil Code, a third party shall not sell personal information about a consumer that has been sold to the third party by a business unless the consumer has received an explicit notice and is provided an opportunity to exercise the right to opt-out.

Tools and processes built by PushAlert to help businesses become CCPA-ready

Our team has built features needed to ensure we, and our customers, meet CCPA obligations. PushAlert provides the following capabilities geared toward protecting personal data and privacy:

  • Anonymized IP address: By default, PushAlert captures only the first three octets of the IP address to ensure that these are rendered completely anonymous. You can also choose not to store these anonymized IP addresses of your subscribers.
  • Consent: Web Push Notifications already require website visitors to give explicit consent by turning on the browser-level permission. You can also enable 2-step opt-in methods to provide guidance to customers about their rights before they allow notification permission.
  • Subscriber data: After accepting to receive notifications, the push notification service of the browser creates a randomly generated ID for the subscriber. This ID cannot be used to identify a particular individual.
  • Data Deletion: PushAlert automatically deletes data on expired endpoints and customers have complete control over their data. They can unsubscribe at any time from their browser and their data would be deleted from our systems. Moreover, we have build widgets and subscription management options which allow the subscriber to change their subscription preference, view and delete (opt-out) their data anytime from the website they subscribed from.
  • Data Retention: Our users can use the account features to remove or update their data. We have also decreased our data retention time of deleted data to 90 days.
  • Granular control over the subscriber data collected through Privacy Settings.

Does PushAlert sell personal information?

We do not “sell” our customer’s or their end-users' personal information as currently defined under the CCPA. We also do not rent, disclose, release, transfer, make available or share such personal information with a third party for monetary or intrinsically valuable gain. We may share aggregate and/or anonymized information regarding your use of the Service(s) with third parties to help us develop and improve the Service(s) as detailed in our customer agreements.

Where can I find additional resources on CCPA?

Here are a few links you can refer for additional information on the CCPA:

Note: PushAlert is not responsible for the above mentioned links.

Questions?

Feel free to reach out to us if you have any questions about the CCPA – we’d be happy to chat about it. You can also reach out to us on email on support@pushalert.co

Last Updated: December 18, 2019