Back to Home

Annual Attestation

Review and acknowledge the updated California Consumer Privacy Act (CCPA) data privacy policy for your organization.

Annual Attestation Illustration

Annual Attestation Instructions

As an officer of your organization, you are required to complete this annual attestation for the CCPA data privacy policy. Please read the entire policy carefully, then check the acknowledgment box and submit your confirmation. This attestation is mandatory for all officers and must be completed by the specified deadline.

Important: Your acknowledgment confirms that you have read, understood, and agree to comply with the updated CCPA policy in all relevant business operations.

CCPA Data Privacy Policy

California Consumer Privacy Act (CCPA) Data Privacy Policy

Effective Date: May 21, 2025

1. Introduction

This California Consumer Privacy Act (CCPA) Data Privacy Policy explains how our organization collects, uses, discloses, and protects the personal information of California residents in accordance with the California Consumer Privacy Act of 2018 (CCPA) and its amendments. This policy applies to all officers, employees, contractors, and representatives of our organization who handle personal information covered by the CCPA.

2. Definitions

Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Consumer: A natural person who is a California resident, identified by a unique identifier, and covered by the CCPA.

Business Purpose: The use of personal information for operational purposes, or other notified purposes, provided that the use of personal information is reasonably necessary and proportionate to achieve the operational purpose.

3. Collection of Personal Information

Our organization collects the following categories of personal information:

  • Identifiers (e.g., name, address, email address, phone number, account name)
  • Customer records information (e.g., signature, financial information, medical information, insurance information)
  • Protected classification characteristics (e.g., age, race, gender, medical condition, disability)
  • Commercial information (e.g., products or services purchased, purchasing history)
  • Biometric information
  • Internet or other electronic network activity information
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, or similar information
  • Professional or employment-related information
  • Education information
  • Inferences drawn from other personal information

4. Use of Personal Information

Our organization uses personal information for the following business purposes:

  • Providing products or services requested by consumers
  • Processing and fulfilling orders and transactions
  • Managing customer relationships and communications
  • Verifying customer information
  • Marketing and advertising our products and services
  • Improving our products, services, and website
  • Detecting security incidents and protecting against malicious or illegal activity
  • Debugging to identify and repair errors
  • Internal research for technological development
  • Quality and safety maintenance and verification
  • Auditing related to interactions with consumers
  • Legal and regulatory compliance

5. Disclosure of Personal Information

Our organization may disclose personal information to the following categories of third parties for business purposes:

  • Service providers and contractors
  • Third parties to whom consumers or their agents authorize us to disclose personal information in connection with products or services we provide to consumers
  • Government entities when required by law

6. Consumer Rights Under CCPA

California consumers have the following rights under the CCPA:

  • Right to Know: Consumers have the right to request that we disclose what personal information we collect, use, disclose, and sell.
  • Right to Delete: Consumers have the right to request deletion of personal information that we have collected from them, subject to certain exceptions.
  • Right to Opt-Out: Consumers have the right to opt-out of the sale of their personal information.
  • Right to Non-Discrimination: Consumers have the right not to be discriminated against for exercising their CCPA rights.

7. Handling Consumer Requests

All officers and employees must follow these procedures when handling consumer requests under the CCPA:

  • Promptly forward all consumer requests to the designated privacy team or officer within 24 hours of receipt.
  • Verify the identity of the consumer making the request using established verification procedures.
  • Respond to verified requests within 45 days of receipt, with a possible extension of an additional 45 days when reasonably necessary.
  • Maintain records of all consumer requests and our responses for at least 24 months.
  • Provide information in a readily usable format that allows the consumer to transmit the information to another entity without hindrance.

8. Data Security

Our organization implements reasonable security procedures and practices to protect personal information from unauthorized access, destruction, use, modification, or disclosure. All officers and employees must:

  • Follow all data security protocols and policies.
  • Use encryption when transmitting or storing sensitive personal information.
  • Limit access to personal information to those with a business need to know.
  • Report any suspected data breaches or security incidents immediately to the designated security officer.
  • Participate in regular security training and awareness programs.

9. Employee Training

All officers and employees who handle personal information or respond to consumer requests must complete CCPA compliance training:

  • Initial training upon hiring or assignment to relevant roles.
  • Annual refresher training on CCPA requirements and our organization's policies and procedures.
  • Additional training when there are significant changes to the CCPA or our policies.

10. Compliance Monitoring and Enforcement

Our organization will regularly monitor compliance with this policy and the CCPA through:

  • Regular internal audits of data collection, processing, and storage practices.
  • Reviews of consumer request handling procedures and response times.
  • Assessment of third-party service providers' compliance with CCPA requirements.
  • Documentation of all compliance activities and remediation efforts.

11. Policy Updates

This policy will be reviewed and updated annually or more frequently if necessary to reflect changes in the CCPA, other applicable laws, or our business practices. All officers and employees will be notified of policy updates and may be required to acknowledge receipt and review of significant changes.

12. Consequences of Non-Compliance

Failure to comply with this policy and the CCPA may result in:

  • Disciplinary action, up to and including termination of employment.
  • Legal liability for the organization, including regulatory fines and penalties.
  • Damage to our organization's reputation and customer trust.

13. Contact Information

For questions or concerns about this policy or CCPA compliance, please contact the Privacy Officer at:

Email: info@ccpaconsumerprivacy.org
Phone: (415) 815-1720

By acknowledging this policy, you confirm that you have read, understood, and agree to comply with all aspects of our CCPA Data Privacy Policy in your role as an officer of the organization.

Officer Information

Submit Attestation