What is CCPA?
The California Consumer Privacy Act (CCPA) is a law providing extra protections to California-based consumers regarding data collected by businesses. The core rights of consumers under CCPA include:
- The Right to Know: Consumers have the right to request details regarding data collected about them.
- The Right to Delete: Consumers have the right to request the deletion of their personal data.
- The Right to Opt-Out: Consumers have the right to opt out of the sale of their personal data.
- The Right to Non-Discrimination: Consumers cannot be penalized for exercising the above rights under CCPA.
What types of businesses must comply with the CCPA?
According to the State of California’s Department of Justice, “The CCPA applies to for-profit businesses that do business in California and meet any of the following:
- Have a gross annual revenue of over $25 million;
- Buy, sell, or share the personal information of 100,000 or more California residents or households; or
- Derive 50% or more of their annual revenue from selling California residents’ personal information.”
How does the CCPA define "personal information"?
Personal information is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.
Personal information does not include publicly available information (including public real estate/property records) and certain types of information.
What data does your platform collect and process?
As stated in Feathr’s Privacy Policy, our Technology collects Non-Personally Identifiable Information (“Non-PII”) that may include, but is not limited to:
- your IP host address
- the date and time of the ad request
- pages viewed
- browser type
- the referring URL
- Internet Service Provider
- your computer’s operating system
-
how you interact with a web page or ad.
We may also receive Non-PII such as:
- Age
- Gender
- Income
- Education
- Interests
-
usage activity from Customers or other third parties, such as other data and advertising platforms we work with
We may assign a unique, non-PII identifier to your browser or device, such as an identifier associated with a “cookie” on your browser, and this identifier may likewise be associated with any other (anonymous or de-identified) information we have collected about, or otherwise learned or inferred about you.
We also may collect or receive analogous Non-PII from mobile platforms or applications, which may include:
-
information about your interactions with those platforms or applications
- IP address and time-stamp information
-
your precise geolocation information
- latitudinal and longitudinal coordinates, etc
-
information about your mobile device, including:
- device type
- handset name
- operating system information
- mobile identifiers such as Apple IDFA and Android Advertising ID
- app-specific identifiers
-
a list of the applications your device interacts with
Sometimes, we obtain the above information from other ad platforms, application platforms or providers, customers or websites and services (including our Customers).
Customers may also choose to provide us with personally identifiable information such as an email address, name, username or other identifier or any other PII.
How does your platform help me comply with CCPA requirements?
While Feathr’s platform cannot solely make your organization CCPA compliant, it will help your organization maintain CCPA. Feathr’s consumer data request process allows for the rights guaranteed under CCPA to be kept within the legally required timeframe, as well as ensures that any consumer data collected is appropriately protected.
Can I access, delete, or export customer data through your platform?
Yes - this can be done either from your organization’s Feathr account, with the assistance from our Customer Experience Team, or consumer requests may be directed to privacy@feathr.co for access, modification, or deletion.
Does your platform provide tools for consumers to opt-out of data collection?
Yes - You can opt out of receiving personalized ads served by us or on our behalf by clicking on the blue icon that typically appears in the corner of the ads we serve and following the instructions provided or by visiting our Privacy Platform. Please note that this “opt out” function is browser-specific and relies on an “opt out cookie”: thus, if you delete your cookies or upgrade your browser after having opted out, you will need to opt out again or make sure to opt out from the device you intend to remove from targeting and personalization. In addition to using our Privacy Platform, you may also opt out of the sale or sharing of your personal information by enabling Global Privacy Control (GPC) in your browser.
The online advertising industry provides websites from which you may opt-out of receiving targeted ads from our data and advertising partners. You can access these, and also learn more about targeted advertising and user choice and privacy, at http://www.aboutads.info and at http://www.networkadvertising.org/choices/. If you are located in the EU you can access this information at http://www.youronlinechoices.eu.
What is my responsibility as a data controller under the CCPA?
Organizations that fall under the jurisdiction of CCPA have several responsibilities, including responding to consumer requests to exercise their core rights, collect consent from consumers prior to data collection, and giving consumers specific notices explaining that organization’s privacy practices.
How can I ensure my campaigns are compliant with the CCPA?
To ensure your campaigns are compliant, consent before data collection is required. This means ensuring emails on email lists have been obtained with clear and specific consent. Notifications regarding data collection and privacy practices need to be clear and easy to locate. Finally, there must be a clear way for consumers to opt-out of notices and/or data collection.
Is your platform responsible for making my company CCPA-compliant?
No - Feathr’s role as a CCPA Compliant Data Processor does not equate to your organization becoming CCPA Compliant, however, Feathr can manage consumer data requests to ensure that their core rights under CCPA are upheld.
Will you sign a Data Processing Agreement (DPA) with my company?
Feathr will gladly review DPA’s for signature, or provide one for signature upon request if necessary.
Can I use your platform outside of California without CCPA compliance concerns?
While this is possible, we would advise reviewing this with your Account Manager or Training and Onboarding specialist.
How do I process a data access or deletion request through your platform?
Individual consumers are encouraged to reach out to privacy@feathr.co with any access or deletion requests. If your organization receives a request from a consumer, you may forward this to your account manager, or to Feathr’s privacy email directly.
Does your platform have tools to flag and manage opt-out requests?
For our email campaigns, yes. Email subscription management information can be found in this help desk article, as well as this article to help guide organizations through importing an email opt-out list.
What security measures does your platform have to protect personal information?
In web-based computing/cloud software, security of data, applications, and technology is of the utmost importance.
Feathr employs sophisticated security measures to ensure robust security of our data and applications.
Data that is captured and transmitted by Feathr is secured with SSL encryption.
We use Access Control Lists (ACLs) at the database and application levels to ensure the security of stored data.
Feathr's database and applications are also protected by a powerful firewall and proxy that catches and protects them against the top ~100 attack vectors.