How Zinrelo is compliant with CCPA?

Zinrelo is CCPA compliant. This article describes the steps taken by Zinrelo to achieve compliance.

The California Consumer Privacy Act (CCPA) of 2018 came into effect on Jan 1, 2020. Zinrelo is CCPA compliant. At Zinrelo, we’ve worked hard to prepare for CCPA, to ensure that we fulfill its obligations and maintain our transparency about customer messaging and how we use data.

We have worked with our teams and lawyers to figure out how to convert CCPA legal provisions into tangible actions. We’ve been asking lots of questions, and our customers have been asking us questions. Here’s an overview of CCPA, and how we have prepared for it at Zinrelo:

What’s CCPA?

CCPA stands for California Consumers Protection Act 2018. It is the most recent cookie law passed by the State of California as a response to the increased role of personal data in contemporary business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.

The California government set the precedent among states in the US in passing laws aimed at protecting consumer privacy.

Does CCPA affect my company?

Yes, most likely. If you hold or process the data of an any person in CA, the CCPA will apply to you, whether you’re based in the CA or not.

How has Zinrelo prepared for CCPA?

Our teams have worked to define our CCPA roadmap. There has been a thorough review of our processes to make sure we’re meeting our legal obligations, and doing the best thing for our Clients while still letting us move fast, scale and build great products.

Zinrelo Clients typically use the Zinrelo loyalty platform technology to launch a loyalty program for their end customers. They control what data is collected from the end-customer. Zinrelo is simply a data processor that processes data when explicitly instructed by Clients. Zinrelo does not sell end-customer data to third parties. So many provisions of CCPA do not apply.

Regardless, here are the main things we’ve been doing to ensure we’re setting up ourselves and our customers up to meet CCPA obligations:

We have built new features:
Our teams have built the necessary features that will enable our Clients to easily meet their CCPA obligations.

Zinrelo can help you meet your data portability requirements for CCPA, you can easily export all of your data or granular subsets linked to an individual and permanently all data linked to an individual user.

We have updated our Privacy Policy:
We take the privacy of our users very seriously. We’ve recently made updates to our Privacy Policy to increase transparency and comply with the CCPA regulations. We encourage you to read our policies in full, but the information required by CCPA has been included in our Privacy Policy.

Information about the selling of your users’ data and how to opt-out from the process. Zinrelo does not sell user data.

Method of ensuring a verifiable consumer request for access, change or erasure of data. Zinrelo allows a consumer request to be submitted to access, change or erase data.

Methods for submitting such requests. Email access, change or erasure of data can be sent to [email protected].

We have also added information to our Privacy Policy to answer some key questions asked by CCPA:

  • What kind of information you collect and process
  • Why do you collect and process information
  • How do you collect and process information
  • How users can request access, change, move, or deletion of their personal data
  • The method for verifying the identity of the person who submits a request
  • Sales of users’ personal data and how they can opt-out of the selling of their data

We’ve appointed a Data Protection Officer
We’ve a dedicated Data Protection Officer to oversee and advise on our data management. Get in touch by emailing [email protected].

We’re taking new security measures
Security is a priority for us. We have regular external audits and pentests and bug bounties. We have implemented a robust Information Security Policy to protect our Clients’ data. While we do not have official ISO certification, our Information Security Policy is modeled on the guidelines of ISO 27001 and ISO 27002 requirements. A copy of our Information Security Policy document is available upon request.

Is CCPA the California version of the GDPR?

No, it is not. The government of California may have used the momentum created by the introduction of EU’s General Data Protection Regulation (GDPR) to augment the ePrivacy Directive, but the CCPA requirements are not as extensive as the GDPR cookie consent obligations. The GDPR shares similarities with other data privacy laws introduced recently, but they have substantial differences.

These differences include the entities they cover, information required in privacy policies, prior consent, and sales of personal information. Zinrelo is GDPR-compliant as well.

Our company is GDPR-compliant. Does it mean that we are CCPA-compliant as well?

No, if you comply with GDPR, it doesn’t guarantee CCPA compliance by default. Chances are you already meet some of the CCPA requirements simply by being GDPR compliant, but you still have some work to do. Unlike the EU ePrivacy Directive and the General Data Protection Regulation (GDPR), you’ll have to make adjustments in your privacy policy. You need to include a Do Not Sell My Personal Information link on your home page, establish methods for requests for access, change, and erasure of users’ data, establish a method for verification of the identity of the person making a data-related request, and establish a method for obtaining prior CCPA cookie consent from minors similar to GDPR consent before selling their personal data.

However, rest assured that Zinrelo service is CCPA compliant. Zinrelo has the necessary mechanisms to handle customer data in a CCPA compliant manner.

A final note

We are working hard to help our Clients and prospective Clients be CCPA compliant. Feel free to reach out to us at [email protected] if you have any questions about CCPA – we would be happy to chat about it.

Here are some additional CCPA links that you might find useful:

Learn about the California Consumer Privacy Act (CCPA) and how to become compliant
CCPA FAQs
California Consumer Privacy Act of 2018 [1798.100 - 1798.199]

Please reach out to us at [email protected] if you have any questions.