California Consumer Privacy Act (CCPA) Addendum
Kwanzoo CCPA Addendum
Last Modified: December 3, 2024
The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (together, the “CCPA”) provides certain rights to residents of California. This section of the Kwanzoo Privacy Policy applies if you are a natural person who is a resident of California (“California Consumer”) and uses our Software or Services. This Addendum supplements the information in the Privacy Policy. However, this Addendum is intended solely for, and is applicable only as to, California Consumers: if you are not a California Consumer (or a resident of California), this does not apply to you and you should not rely on it.
In the tables and sections below, we describe (as required by the CCPA):
1. Our Collection of Personal Information– the types of Personal Information (which the CCPA defines broadly) that we collect, the types of sources we collect it from,
2. Our Disclosure on Sale or Sharing of Personal Information– the types of recipients to whom we disclose or sell and/or share Personal Information.
3. Our Business Purposes – our business purposes for (a) collecting and (b) sharing Personal Information, which are generally the same.
4. Your California Privacy Rights and Choices– what rights you have under the CCPA, for instance, to request that we “opt out” your information from our marketing database (also called “do not sell” rights), to opt out of cross-context advertising (which is a type of “sharing” under California law), or to request categories and personal information that we may have collected about you.
The following sets forth the categories of information we collect and purposes for which we may use California Consumers’ personal information:
OUR COLLECTION OF PERSONAL INFORMATION
Depending on how you interact with us, our Software may collect about you, or your Licensee data subjects, the categories of information summarized in the table below. The data is then enriched with additional data fields and provided back to our customers through their use of the Software. The following table also describes how we collect and use such categories of information.
| Category | Categories of Sources |
|---|---|
| Identifiers, cookie identifiers and other online IDs, IP address | Our third party data provider partners enable us to combine and enrich the information collected from you about you or our Licensee data subjects with their own personally identifiable (PII) data on the same individuals. Our third party data provider partners may source such data from data compilers and consumer data resellers, informational and retail websites (“Commercial Source Categories”) |
| Characteristics of protected classifications under California or US law (inferenced or actual, including self-reported) E.g., race; color; religion; sex/gender; pregnancy, marital status; military or veteran status; national origin; ancestry; age (over 40) (may be inferenced, actual or self-reported) | Commercial Source Categories (as additional enriched data on a specific customer’s Licensee data subjects) |
| Commercial or transactions information E.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Commercial Source Categories (as additional enriched data on a specific customer’s Licensee data subjects) |
| Internet or other electronic network activity information E.g., browsing history; online interests. | Commercial Source Categories (as additional enriched data on a specific customer’s Licensee data subjects) |
| Geolocation data | Commercial Source Categories (as additional enriched data on a specific customer’s Licensee data subjects) |
| Professional or employment-related information E.g., current or past job history or job title | Commercial Source Categories (as additional enriched data on a specific customer’s Licensee data subjects) |
| Inference Data E.g., consumer information or preferences. | Commercial Source Categories (as additional enriched data on a specific customer’s Licensee data subjects) |
OUR DISCLOSURE ON SALE OR SHARING OF PERSONAL INFORMATION
We will sell and/or share the information collected from and about you or your Licensee Data subjects as you use the Software as discussed above, back to our you (our customer) for various business purposes. Information on the same Licensee data subject, that may already be available to us from our third party data partners, may be sold or shared with our service providers and with third parties including other customers.
The chart below shows how and with whom we sell, share or disclose personal information, and whether (based on the CCPA’s definition of “sell”) we believe we have “sold” or “shared” a particular category of information in the prior 12 months.
| Category | Categories of Third Parties We Share With | Whether We “Sold” or “Shared” This Category of Personal Information in the Last 12 Months |
|---|---|---|
| Identifiers, e.g., cookie identifiers and other online IDs, IP address | Third party data providers contracted for the explicit purpose of sourcing additional enriched information on these individuals to be provided to our customers. Our third party data provider partners may additional source such data from their contracted data compilers and consumer data resellers, consumer goods retailers, informational and retail websites, and content publishers. | Yes |
| Identifiers, e.g., name; alias; postal address; mobile ad identifiers; cookie identifiers and other online IDs, IP address; telephone number; email address; social network handles | · Business-to-business and business-to-consumer organizations (“Commercial Recipient Categories”) · Advertising networks and media platforms, internet service providers, data analytics providers · Social networks | Yes |
| Characteristics of protected classifications under California or US law (inferenced or actual) E.g., race; color; religion; sex/gender; pregnancy, marital status; military or veteran status; national origin; ancestry; age (over 40) (may be inferenced, actual or self-reported) | · Commercial Recipient Categories · Advertising networks and media platforms, internet service providers, data analytics providers · Social networks | Yes |
| Commercial or transactions information E.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | · Commercial Recipient Categories · Advertising networks and media platforms, internet service providers, data analytics providers · Social networks | Yes |
| Internet or other electronic network activity information E.g., browsing history; online interests. | · Commercial Recipient Categories · Advertising networks and media platforms, internet service providers, data analytics providers, and social networks | Yes |
| Professional or employment-related information E.g., current or past job history or job title. | · Commercial Recipient Categories · Advertising networks and media platforms, internet service providers, data analytics providers · Social networks | Yes |
| Inference Data E.g., consumer information or preferences. | · Commercial Recipient Categories · Advertising networks and media platforms, internet service providers, data analytics providers · Social networks | Yes |
| Geolocation Data | · Commercial Recipient Categories · Advertising networks and media platforms, internet service providers, data analytics providers · Social networks | No |
We also may disclose any of the personal information we collect as follows:
Disclosure for Legal Purposes: In addition, we may disclose personal information with third parties in order to: (a) comply with legal process or a regulatory investigation (e.g. a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our customers, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes.
Sharing In Event of a Corporate Transaction: We may also share personal information in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
Disclosure With Service Providers: We disclose any personal information we collect with our service providers, which may include (for instance) providers involved in tech or customer support, operations, web or data hosting, billing, accounting, security, marketing, data management, validation, enhancement or hygiene, or otherwise assisting us to provide, develop, maintain and improve our services.
Disclosure of Aggregate Information: We may aggregate and/or de-identify any information collected so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.
OUR BUSINESS PURPOSES FOR COLLECTING AND SHARING PERSONAL INFORMATION
Generally speaking, we collect and share the Personal Information that we collect for the following purposes, as we also have described in our Privacy Policy and/or our website.
Our Purposes for collecting, using and sharing Personal Information
Data marketing services, for example:
· Generally, creating data marketing tools and products for our customers, who are B2B and Considered Purchase B2C organizations as more fully described in our Privacy Policy (and on our websites). This includes our provision of person-level de-anonymization or identity resolution on our customers’ own websites, real-time intent leads from across the web for their topics, products and solutions of interest, data “appends” (connecting and enriching data in lead and contact records), data “scoring” (providing inferences about potential user behavior), data hygiene services (helping customers to evaluate, validate and correct personal and professional information they hold), brand safety (ensuring the offsite domains they receive meet their brand safety and quality standards), and security and anti-fraud services (helping customers to identify potentially fraudulent activity on and off their website).
· Helping our customers identify and understand their Licensee data subjects, or consumers better, by providing insights about them.
· Assisting our customers through our Services to provide their current and prospective customers with better service, improved offerings, and special promotions, for instance, advising on which current or prospective customers are most likely to be interested (or disinterested) in certain offers from them.
Online targeting, for example:
· Creating or helping to create defined audience segments based on common demographics and/or shared (actual or inferred) interests or preferences (e.g., households with prospective students). When we do this, we work with a data partner that “matches” our other Information through data obfuscation techniques (such as through coded data “hashing”) with online cookies and other identifiers, in order to target and measure ad campaigns online across various display, mobile and other media channels.
· Assisting customers in creating “identity” graphs, to help locate users across various channels, such as based on common personal, device-based, or network-based identifiers (e.g., IP address, email address). For instance, we may use combinations of personal information to help websites and brands to identify consumers that visit or log in to their websites, and target them with media or advertising on other websites, through email, direct mail or television.
Additional marketing services, for example (which may overlap with “data marketing services” above):
· Assisting in targeting and optimizing of direct mail and email campaigns, display, mobile and social media marketing.
· Measuring the effectiveness of online or offline ad campaigns by determining which messages are most likely to be seen or opened by which types of consumers, or which types of ads are most likely to lead to purchases.
· Analyzing and optimizing our Clients’ (or their service providers’) proprietary databases, or helping Clients to identify and mitigate potential fraud.
· Providing “verification” or data “hygiene” services, which is how companies update and/or “clean” their databases by either verifying or removing or correcting old, incorrect or outdated information.
Operating our Services, for example:
· Improving, testing, updating and verifying our own database.
· Developing new products.
· Operating, analyzing, improving, and securing our Services.
Other internal purposes, for example:
For internal research, internal operations, auditing, detecting security incidents, debugging, short-term and transient use, quality control, and legal compliance.
We sometimes use the information collected from our own website, from social networks, from other “business to business” interaction (such as at trade shows) or from data compilers for the above, as well as for our own marketing purposes.
YOUR CALIFORNIA RIGHTS AND CHOICES
Without being discriminated against for exercising these rights, California residents have the right to request that we disclose what personal information we collect from you, to delete that information, and to opt-out of the sale of your personal information, subject to certain restrictions. You also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests. (To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.)
Right to request access to your personal information
California residents have the right to request that we disclose what categories of your personal information that we collect, use, or sell (or share). You may also request the specific pieces of personal information that we have collected from you. However, we may withhold some personal information where the risk to you or our business is too great to disclose the information. Sometimes, we act only as a “service provider” to our clients (for instance, if they provide information to us for analytics, processing or other data management services), in which case any consumer requests for opt-out, deletion or access to data must be made through that client: we therefore will forward any such requests to a named client, as well as our third party data provider partners who may have been the source of the said consumer’s information, as much as feasible.
Right to request deletion or correction of your personal information
You may also request that we delete any personal information that we collected from , such as if you have been a customer of ours. (Note that this is different from your right to “opt out” of us selling your personal information, which is described below; also note that we do not generally collect personal information directly from consumers.) However, we may retain personal information for certain important purposes, such as (a) to protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality (such as de-bugging purposes), (c) as necessary for us, or others, to exercise their free speech or other rights, (d) to comply with law enforcement requests pursuant to lawful process, (e) for scientific or historical research, (f) for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. Additionally, we need certain types of information so that we can provide our Services to you. If you ask us to delete it, you may no longer be able to access or use our Services.
Alternatively, you may send us a request that we correct any information we hold about you, such as if you believe we have your name or address connected to other, incorrect personal information.
Right to “opt-out” of the sale or sharing of your personal information
California residents may opt out of the “sale” or “sharing” of their personal information. California law broadly defines what constitutes a “sale” – including in the definition making available a wide variety of information in exchange for “valuable consideration.” California law defines “sharing” to include use of personal information for cross-contextual advertising, such as interest-based advertising or retargeting.
Depending what information we have about you, and whether we have included any of it in our marketing products and services, we may have sold or shared (as defined by California law) certain categories of information about you in the last 12 months, as described in the above table in Section II of this Addendum, titled OUR DISCLOSURE AND SALE OF PERSONAL INFORMATION.
If you would like to opt out of selling or sharing of your information, you may do so as outlined on the following page: Your Privacy Rights. (This is sometimes referred to as your “opt out” right or rights.)
How to exercise your access, opt-out and (if applicable) deletion or correction rights
California residents may exercise their California privacy rights by sending an email to customersuccess@kwanzoo.com or submitting their removal request through our form.
For security purposes (and as required under California law), we will verify your identity – in part by requesting certain information from you — when you request to exercise your California privacy rights. For instance, if you request categories or specific pieces of personal information we have received about you, you may need to confirm your possession of an identifier (such as an email address) or to provide a piece of identification that confirms you are the person you claim to be.
Once we have verified your identity, we will respond to your request as appropriate:
● Where you have requested the categories of personal information that we have collected about you, we will provide a list of those categories.
● Where you have requested specific pieces of personal information, we will provide the information you have requested, to the extent required under the CCPA and provided we do not believe there is an overriding privacy or security concern to doing so.
● Where you have requested that we delete personal information that we have collected from you, we will seek to confirm whether your request is for an “opt out” or a “deletion”: because “opt out” or “do not sell” rights enable us to maintain your information for “suppression” purposes – i.e., to prevent us from selling information about you in the future (which is what many consumers requesting “deletion” actually desire to occur), we try to explain this in order to ensure we are meeting consumers’ preferences. (In addition, “deletion” rights only apply to information that we have collected “from” consumers – which does not apply to much of the information in our databases.)
● Upon completion of the above process, we will send you a notice that explains the categories of personal information we were able to locate about you, whether we (1) deleted, (2) deidentified, or (3) retained the information we collected from you. Certain information may be exempt from such requests under applicable law.
If we are unable to complete your requests fully for any of the reasons above, we will provide you additional information about the reasons that we could not comply with your request.
● Right to nondiscrimination
We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
● Information about persons under the age of 16
We do not knowingly collect personal information from minors under 16 years of age in California unless we have received legal consent to do so. If we learn that personal information from such California residents has been collected, we will take reasonable steps to remove their information from our database (or to obtain legally required consent).
● Authorized agents
You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed written authorization or a copy of a legally sufficient power of attorney. We likewise may require that you verify your own identity, depending on the type of request you make.
● Consumer Request Statistics Pursuant to California Delete Act
From January 1, 2023 when we first contracted with Customers around our person-level visitor identity solutions, we have maintained processes to facilitate requests pursuant to the CCPA from individuals in the United States
1. The number of Requests to Know
o received was 0
o complied with in whole or in part was 0
o denied was 0 due to inability to verify customer
o Median Response Time (days): Not applicable
2. The number of Requests to Delete
o received was 0
o complied with in whole or in part was 0
o denied was 0
o Median Response Time (days): Not applicable
3. The number of Requests to Opt-Out of Sale
o received was 0
o complied with in whole or in part was 0
o denied was 0
o Median Response Time (days): Not applicable
4. The mean number of days within which the business substantively responded to for
o Requests to Know was 0
o Requests to Delete was 0
o Requests to Opt-Out of Sale was 0
