Puffin.io CCPA Compliance Guide

Puffin.io believes privacy and protecting data are core aspects of trust in today’s technology world. We take our own data protection commitment to you and your customers very seriously. We are acutely aware that we need to earn and maintain your trust on a daily basis.

Puffin.io is committed to protecting your privacy and sees CCPA as an opportunity to strengthen our commitment even further. We don’t collect & process users’ personal information beyond what is required for the functioning of our services, and this will never change.

Puffin.io has put in place processes and procedures to comply with the various provisions of CCPA—consumer rights, data protection addendum, data deletion, data retention, and pseudonymization, which align with our core values of customer trust and data privacy.

What Is the CCPA?

The California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. (CCPA) is a U.S. law that was enacted in 2018 in the State of California. Generally, it expands upon the privacy rights available to Californian citizens and listing data protection requirements, with which companies must comply.

Similar to the GDPR, the CCPA establishes and enhances consumer privacy rights for California residents and imposes rules on businesses that handle their personal information that relates to, describes, is associated with or can be linked to an individual.

The CCPA grants Californian consumers new rights with respect to the collection of their personal information and requires a business to comply with certain obligations, including:

1: The consumer’s right to receive a copy, in a readily usable format, of the specific personal information collected about them during the twelve (12) months prior to their request.

2: The consumer’s right to know a business’s data collection practices, including the categories of personal information it has collected, the source of the information, the business’s use of the information, and to whom the business disclosed the information it has collected about the consumer.

3: The consumer’s right to have such personal information deleted.

4:The consumer’s right to know the business’ data sale practices and to request that their personal information not be sold to third parties.

5: A prohibition on businesses on discrimination for exercising a consumer right.

6: An obligation on businesses to notify a consumer of their rights.

How does the CCPA apply to Puffin.io customers?

Puffin.io customers that collect, and store personal information are considered “Businesses” under the CCPA. Businesses bear the primary responsibility for ensuring that their processing of personal information is compliant with relevant data protection law, including the CCPA.

Puffin.io acts as a “Service Provider,” as such term is defined in the current version of the CCPA, and shall collect, access, maintain, use, process and transfer the personal information of our customers and our customer’s end-users solely for the purpose of performing our obligations under our existing contract(s) with our subscribers; and, for no commercial purpose other than the performance of such obligations and improvement of the Services we provide.

How Puffin.io is Helping Businesses Become CCPA- ready

The California State Legislature has indicated that it may further amend the CCPA. In light of such amendments, Puffin.io is actively tracking the law and we will continue to keep our customers updated on features and functionality they can use to support their compliance efforts. Customers can also view the below table for more detailed information on how to use Puffin.io Services to comply with data privacy laws.

The CCPA will become enforceable on January 1, 2020. We will evaluate and adapt our practices where necessary to ensure that we will be compliant.

At Puffin.io, we ensure that our customer data is secure and easily accessible. Puffin.io is built on a foundation of trust, security, and compliance to ensure that our internal data practices are CCPA-ready. An equally important part for us is to assist our customers and partners in their journey toward compliance.

What We Are Doing to Ensure You Can Use Puffin.io Product in a CCPA Ready Manner

The CCPA is focused on organizational compliance instead of product-level compliance. However, we attach the utmost importance to how we build our products and have adopted a Privacy and Security by Design approach. Our products are designed with privacy and security in mind and as a core component of our development process.

As a business, you will need to ensure you are compliant with your own obligations under the CCPA. However, if you buy a Puffin.io Services, we aim to ensure that you can use our Services in a CCPA-Ready manner, helping you to satisfy your obligations under the CCPA. For example, we design our products to facilitate data minimization and provides better insight into and control over your data flows in order to make it easier for you to satisfy your CCPA obligations as a business.

Does Puffin.io sell personal information?

We do not “sell” our customer’s personal information as currently defined under the CCPA, meaning that we also do not rent, disclose, release, transfer, make available or otherwise communicate that personal information to a third party for monetary or other valuable consideration. We may share aggregated and/or anonymized information regarding your use of the Service(s) with third parties to help us develop and improve the Services and provide our customers with more relevant content and service offerings as detailed in our customer agreements.

What guidance can Puffin.io provide regarding the CCPA?

Puffin.io cannot provide legal advice to customers regarding the CCPA at this time. Customers should consult their legal counsel on how the CCPA specifically applies to them and how to achieve their own compliance.

Puffin.io values our customers’ trust, and we share the same concerns as our customers over the privacy of our customers’ information. As part of its robust privacy program, Puffin.io has mapped its global privacy practices to E.U. data privacy law.

Please feel free to ask questions and share concerns with us at  feedback@puffin.io