The CCPA applies to any for-profit entity doing business in California that either:
Please note that CCPA applies outside California as well. Your business could be based anywhere: as long as your services are accessible in California, you may need to comply with CCPA.
Under the CCPA, businesses must include specific disclosures in their privacy policies.
This information must be complete, up-to-date and easily accessible throughout your website/app.
In order to be compliant, your policy must at the very least contain:
Under CCPA and the CPRA, users have the right to access: they can request a business that collects and process their personal information to access the data they have about them.
As a business, you must provide consumers with two or more methods for submitting access requests. These methods can vary from business to business, but must include, at a minimum, a toll-free number and, if the business has a website, the website address.
However, some exceptions apply. Your business can avoid providing a toll-free number if:
Our solutions are backed by our international team of expert lawyers.
Add a Privacy Controls widget to your site allowing California users to opt-out from processing.
Among the few providers compatible with GPP & GPC, making it easier to honor these opt-out requests.
Automatically store user preferences and document CCPA/CPRA opt-outs.
Explore the document to gain valuable insights and a better understanding of how we cover the privacy rights of individuals in California. Click on the button to open it 👇
Remember, a proper CCPA policy helps protect consumers’ privacy rights and ensures compliance with the law.
You will have to replace the fields highlighted in yellow and add all the necessary information according to your specific business scenario.
[Here you should disclose your identity and make available all the necessary information to contact you]
Owner contact email: [your email address]
[In this section, you should summarize the categories of personal information that you’ve collected, used, sold, or shared].
Information we collect: the categories of personal information we collect
[Here you should describe the purposes of the collection, e.g. why you are collecting and processing personal information. A few examples may be the ones listed below.]
We won’t process your information for unexpected purposes, or for purposes incompatible with the purposes originally disclosed, without your consent.
[In this section, explain the data retention period, that is how long you will store the personal information you have collected]
[Explain how you are going to collect the information. A few examples are: web forms, navigation, third parties, etc.]
[Here you should explain the purpose of the collection]
[List what rights the users have in relation to their data. Under the CCPA users have:]
*Please note: additional rights may apply according to the CPRA. You can learn more here.
[In this section, describe how your users can exercise their rights. In particular, how to submit a verifiable request containing all the necessary information to process it]
[Explain how you will handle users’ requests and how long it will take to process it]
This is a general and basic template and must be customized to fit your specific circumstances and requirements. As mentioned, because these are legal documents, we highly recommend consulting with legal professionals or using a generator created by legal professionals to ensure compliance with applicable laws and regulations.
iubenda can help you with that!
Yes, the CCPA can apply outside California as well. Your business could be based anywhere: as long as your services are accessible in California, you may need to comply with CCPA.
Though there are some similarities, CCPA and GDPR are two different laws. Just to mention a few differences:
Want to learn more? Check our guide 👉 CCPA vs GDPR: what’s the difference?
A CCPA policy is a document required to comply with the California Consumer Privacy Act. It outlines (at the very least):
The safest way to write a CCPA policy is to seek the help of a legal expert: they will analyze your business situation and write a document to match your needs.
If you can’t afford to hire a legal expert, there are cheaper alternatives that are still safe to use. For example, you can rely on a generator created by legal professionals – like iubenda –, that allows you to customize your document with clauses written by legal professionals.
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.