CCPA/CPRA

CCPA/CPRA

Welcome to our CCPA/CPRA FAQ page! 

Here, we aim to provide you with a comprehensive understanding of the California Consumer Privacy Act (CCPA) and its recent update, the California Privacy Rights Act (CPRA). As privacy concerns continue to gain prominence in today’s digital landscape, it’s crucial to stay informed about your rights as a consumer and the obligations of businesses when handling personal information.

This FAQ page serves as a valuable resource to address your questions and clarify any confusion regarding CCPA and CPRA. Whether you’re an individual seeking to exercise your privacy rights or a business owner striving for compliance, we’ve got you covered. Our goal is to provide clear and concise answers to commonly asked questions, empowering you to make informed decisions and navigate the privacy landscape effectively.

Please note that while we strive to provide accurate and up-to-date information, it’s important to consult legal professionals or official sources for specific legal advice. The content here is intended to offer general guidance and knowledge to assist you in understanding CCPA and CPRA better.

1. Is Unbounce CCPA Compliant?

Unbounce is proud to confirm that we are CCPA compliant. We prioritize data privacy, and our robust measures, outlined in our DPA, ensure the protection of personal information in accordance with CCPA requirements. Your privacy is our utmost priority.

2. What does CCPA/CPRA apply to?

The California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA), aim to protect the privacy rights of residents of California, United States. These laws establish certain rights and obligations concerning the collection, use, and disclosure of personal information.
Both the CCPA and CPRA provide protection for consumers, broadly defined as natural persons who are California residents. The laws grant these individuals several rights, including the right to know what personal information is being collected about them, the right to opt-out of the sale of their personal information, the right to access and delete their personal information, and the right to non-discrimination for exercising their privacy rights.
It is important to note that CCPA/CPRA protection is specifically for California residents and does not extend to individuals residing outside of California or outside the United States.¹

3. What is the CCPA/CPRA?

The CCPA (California Consumer Privacy Act) is a state law enacted in California in 2018 to enhance privacy rights and consumer protection for California residents. The CPRA (California Privacy Rights Act) is an updated version of the CCPA, which was approved by California voters in November 2020. The CPRA expands and strengthens privacy rights and imposes additional obligations on businesses.

4. What is the difference between the CCPA and the CPRA?

The CPRA builds upon the CCPA and introduces additional privacy rights and obligations for businesses. The CPRA establishes the California Privacy Protection Agency (CPPA) to enforce and implement the law

5. Sale of personal information under CCPA.

For purposes of the CCPA, Unbounce does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.

6. What does it mean to be a service provider or a business as per CCPA?

The CCPA makes a distinction between “businesses” (analogous to “controllers” under the GDPR) and “service providers” (analogous to “processors” under the GDPR). Under the CCPA, businesses have direct obligations to consumers, while service providers support the data processing of the business and are restricted to only process personal information as permitted by the business in its contract.

7. Rights for California consumers.

  • Right to Know: Consumers have the right to know what personal information businesses collect, sell, or disclose about them and the purpose for which it is used.
  • Right to Delete: Consumers have the right to request the deletion of their personal information held by businesses, subject to certain exceptions.
  • Right to Opt-Out: Consumers have the right to opt-out of the sale of their personal information. Businesses must provide a clear and conspicuous “Do Not Sell My Personal Information” link on their websites. [Please note that Unbounce does not sell any personal information].
  • Right to Non-Discrimination: Businesses are prohibited from discriminating against consumers who exercise their privacy rights. Consumers must be treated equally, regardless of whether they exercise their rights under the CCPA/CPRA.
  • Right to Correct: Consumers may ask businesses to correct inaccurate information that they have about you.²

8. How to implement these rights?

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your Personal Information. 

9. What kind of personal information does Unbounce collect?

Account Information:

  • User ID (email address and password)
  • First name, Last name
  • Company name
  • Telephone number
  • Address

Billing Information:

Credit card information is collected by Unbounce’s billing partner [Recurly] as part of the subscription sign-up process. Unbounce does not collect any billing information.

  • Credit card number (note that it is not stored by Unbounce)
  • Billing address

Log Data:

  • Internet Protocol (IP) address: We will log the IP address of any visitor to a webpage you create and publish using the Services in order to calculate traffic usage per Account and conversion rates per variant, investigate spam allegations and discrepancies in page statistics, as well as to ensure the security of the webpage, Services, and related data. Unbounce never uses the IP address or other Personal Data of visitors to your pages to conduct marketing activities or promote the Services.
  • Address of the web page visited before using the Services
  • Operating system
  • Date and time of accessing the Services
  • Geolocation information
  • Type of device
  • Cookie data
  • Browser signatures

10. Why do we collect personal information?

We analyze user information to enhance Unbounce, improve the user experience, and fulfill our contractual obligations. Only authorized employees with a need-to-know basis have restricted access to personal data. The information collected is used to provide and enhance the services, conduct research, analyze trends, respond to inquiries, administer accounts, and send essential non-marketing communications. If you wish to opt out of marketing emails, you can unsubscribe or inform us via email at dsar@unbounce.com. We prioritize security, fraud prevention, and legal compliance in handling personal data.

11.  Data deletion

We offer the option to delete or opt-out of our services, including the removal of your personal data from our systems. To initiate a data deletion/opt-out request, please reach out to our support team through our email ticketing system, chat with us, or email us at dsar@unbounce.com. Please note that we may require additional verification of your identity to ensure the security of your personal information.

Once your identity has been verified, we will promptly proceed with the deletion of your data from our records, in compliance with the CCPA guidelines. We maintain thorough documentation of all user requests pertaining to data disclosure or removal. This ensures that we have a comprehensive record of these requests from our users. Our commitment to preserving such documentation enables us to effectively track and address data-related inquiries, providing transparency and accountability in our data management practices. It’s important to note that certain exceptions or legal obligations may restrict the complete deletion of your data.

12. Data Retention Periods

We will maintain your Personal Data for as long as they are needed, or as required by applicable laws, regulations, or government orders. Unless you request otherwise, your Account, including Lead Data, will be deleted from our databases within twelve (12) months of Account cancellation. We reserve the right to charge a fee for data retention past our prescribed deletion period, and to update or amend our data retention policy.

13. What is Unbounce doing to be CCPA Compliant?

Unbounce is fully prepared to meet the requirements of the California Consumer Privacy Act (CCPA). We have implemented measures to ensure compliance, including restrictions on the use of Customer Data in our customer contracts and limitations on how our service providers can utilize such data. Through our Service, we empower companies to manage user data, facilitating their ability to address consumer requests effectively.
For more details regarding our commitments to customers, please refer to our Data Processing Agreement and Privacy Policy. These resources provide comprehensive information on the assurances we offer and the steps we take to uphold data privacy and security.

14. Does CCPA apply to your business as an Unbounce customer?

The CCPA won’t apply to the majority of Unbounce customers. Though, it’s important to check if you meet the following requirements. The CCPA applies to any for-profit entity doing business in California that collects and controls the processing of a consumer’s personal information and also satisfies ANY one of the following thresholds:

  • Exceeds $25 million gross revenue annually,
  • Handles the personal information of 50,000 or more California consumers, households, or devices annually, or
  • Derives more than 50% of annual revenue from selling consumers’ personal information.

The CCPA also applies to any business that controls or is controlled by an entity that meets one of the above criteria and shares common branding with that entity. For example, non-profit organizations won’t need to comply with the CCPA unless they are owned by, control, or share branding with a for-profit business.

15. What should you as a customer follow to be CCPA compliant?

  • A description of the new rights available to consumers;
  • Categories of personal information collected in the last 12 months and the business or commercial purposes for collecting that data;
  • Categories of data sources used in data collection;
  • Categories of third parties with whom you “share” personal information;
  • Categories of third parties to whom you “sell” personal information; 
  • Categories of third parties to whom you “disclose for a business purpose” personal information; 
  • Specific pieces of personal information collected about a consumer; and 
  • A link to an opt-out page: Companies that sell data must disclose that they do so to their customers, and include a “Do Not Sell My Personal Information” link giving consumers the opportunity to opt out both in a privacy policy and on the company’s website homepage. If a consumer opt-out or refuses to opt-in, the business must honour that request and continue to provide equal service and pricing to consumers that opted out. 

16. Non-Compliance with CCPA

The Act is enforced by the California Attorney General and currently provides businesses 30 days to comply if accused of noncompliance. However, a proposed bill removes this time period and allows for enforcement immediately. Civil penalties may be imposed of up to $2,500 [USD] per violation or $7,500[USD] for intentional violations. The CCPA extends a private right of action to consumers, giving businesses exposure not only to government fines but also to lawsuits from customers.

17. Unbounce’s commitment to CCPA/CPRA Compliance

Unbounce is fully committed to CCPA compliance, prioritizing the protection of personal information for our customers and end-users. We ensure transparency through clear communication, respect user rights, maintain robust data security measures, offer DPAs to customers, stay updated on regulations, provide education and training to employees, carefully select compliant third-party vendors, and go above and beyond legal obligations to foster trust. For any inquiries regarding our CCPA/CPRA compliance, our privacy team is readily available to assist.
We are fully committed to CCPA compliance, prioritizing the protection of personal information for our customers and end-users. We ensure transparency, respect user rights, maintain robust security measures, offer DPAs, stay updated on regulations, provide education and training, select compliant vendors, and go above and beyond legal obligations. For inquiries, our privacy team is here to assist.

18. Contact us

Address: 500-401 West Georgia St. Vancouver, BC, Canada, V6B 5A1

You can send us an email at: privacy@unbounce.com

You can also call us:

Worldwide: +1 604 484 1354

 

¹ CA Civ Code § 1798.100 (2018)
² Office of Attorney General, California Consumer Privacy Act (March 10, 2023)