The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
GDPR is a European law that has the objective of protecting EU citizens’ personal information, and regulates how such data is collected, stored, and used.https://ec.europa.eu/info/law/law-topic/data-protection_en
Who does GDPR apply to?
If you have a website that collects or processes personal data of EU residents, then the GDPR will apply to you and your processing of this personal data. It does not matter what industries you work in, whether you’re a B2B or B2C business, whether you’re a for profit or non-profit, whether you’re based in the EU or not, or whether you’re specifically targeting EU customers or not. If it’s possible for your organization to collect personal data from an EU resident, even unintentionally, you’ll need to comply, and it’s important you familiarize yourself, with the various obligations of the GDPR.
Data subject rights
GDPR creates some new privacy protections for individuals:
Right to rectification – Individuals can ask that their information be updated or corrected.
Right to be forgotten – Individuals can ask that their information be permanently deleted.
Right of portability – Individuals can ask to have their information transferred to another organization.
Right to object – Individuals may seek to prohibit certain uses of their personal data.
Right of access – Individuals have the right to know what personal data that’s been collected about them and how it’s being used.
More stringent consent requirements
GDPR requires that an individual give informed, affirmative consent for each way their personal data will be collected, used, and processed. This means you’ll need to place additional opt-in statements on your forms and websites, and you won’t be able to collect, use, or process personal data until the individual has given that type of consent. You will not be able to rely on pre-ticked boxes, silence or inactivity as a basis for consent. Also, you’ll be unable to use data in any other way than what you obtained consent for. If you’d like to use the information in a new way, you’ll need to go back to the customer and get their consent.
In addition, these consent requirements will apply to all currently existing personal data you have of EU residents. If you already obtained consent from individuals as required by the GDPR, don’t worry, you don’t need new consents. If, however, the consents don’t meet the new GDPR standards, you will need to obtain new, adequate consents.
More data processing transparency
GDPR requires that individuals are given transparent information about how their personal data is going to be processed including the specific purpose for collecting the data, how long the data will be retained, and other details. Note, that this is not a comprehensive summary of all the changes GDPR brings. For more information on the key changes coming with GDPR, you can read the GDPR.
WebriQ’s commitment to protect your data
WebriQ is committed to helping users understand the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) and to comply with its requirements.
We’ll also continue monitoring best practices around GDPR and CCPA compliance and update our commitments if they change.
Types of Personally Identifiable Information (PII) we collect
- Access logs including the IP addresses of your site visitors.
- Login information
- Customer contact information (company name, email, phone, physical business address)
Your obligations around data about your customers which you collect via WebriQ services
If you use our service to collect Personally Identifiable Information from your visitors, via form submission or other methods, you are solely responsible for its disposition.
What rights do I have regarding my information?
Residents of the European Union (EU) and California have strong rights related to the use of your data. WebriQ chooses to apply these rights to all customers regardless of location.
Under EU GDPR, EU residents rights include the following:
- The right to access – You have the right to request copies of your personal data.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate or incomplete. If you have an account with Netlify, you can make some of these corrections directly by logging in to your account.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Under UK GDPR, UK residents rights include the following:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Under CCPA, California residents rights include the following:
- Request that a business delete any personal data about the consumer that a business has collected.
- Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
- Request that a business that sells a consumer's personal data, not sell the consumer's personal data. Please note that Netlify does not sell person data
- Right to non-discrimination of service or price if you exercise your privacy rights