California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:

General Information About The CCPA

If you are a California resident, you may ask businesses to disclose what personal information they have about you and what they do with that information, to delete your personal information and not to sell your personal information. You also have the right to be notified, before or at the point businesses collect your personal information, of the types of personal information they are collecting and what they may do with that information. Generally, businesses cannot discriminate against you for exercising your rights under the CCPA. Businesses cannot make you waive these rights, and any contract provision that says you waive these rights is unenforceable.

Personal information is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.

Personal information does not include publicly available information that is from federal, state, or local government records, such as professional licenses and public real estate/property records.

You cannot sue businesses for most CCPA violations. You can only sue a business under the CCPA if there is a data breach, and even then, only under limited circumstances. You can sue a business if your nonencrypted and nonredacted personal information was stolen in a data breach as a result of the business’s failure to maintain reasonable security procedures and practices to protect it. If this happens, you can sue for the amount of monetary damages you actually suffered from the breach or “statutory damages” of up to $750 per incident. If you want to sue for statutory damages, you must give the business written notice of which CCPA sections it violated and give it 30 days to give you a written statement that it has cured the violations in your notice and that no further violations will occur. You cannot sue for statutory damages for a CCPA violation if the business is able to cure the violation and gives you its written statement that it has done so, unless the business continues to violate the CCPA contrary to its statement.

For all other violations of the CCPA, only the Attorney General can file an action against businesses. The Attorney General does not represent individual California consumers. Using consumer complaints and other information, the Attorney General may identify patterns of misconduct that may lead to investigations and actions on behalf of the collective legal interests of the people of California. If you believe a business has violated the CCPA, you may file a consumer complaint with the Office of the Attorney General. If you choose to file a complaint with our office, explain exactly how the business violated the CCPA, and describe when and how the violation occurred. Please note that the Attorney General cannot represent you or give you legal advice on how to resolve your individual complaint.

You can only sue businesses under the CCPA if certain conditions are met. The type of personal information that must have been stolen is your first name (or first initial) and last name in combination with any of the following:

  • Your social security number
  • Your driver’s license number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to identify a person’s identity
  • Your financial account number, credit card number, or debit card number if combined with any required security code, access code, or password that would allow someone access to your account
  • Your medical or health insurance information
  • Your fingerprint, retina or iris image, or other unique biometric data used to identify a person’s identity (but not including photographs unless used or stored for facial recognition purposes)

This personal information must have been stolen in nonencrypted and nonredacted form.

Right To Know

You may request that businesses disclose to you what personal information they have collected, used, shared, or sold about you, and why they collected, used, shared, or sold that information. Specifically, you may request that businesses disclose:

  • The categories of personal information collected
  • Specific pieces of personal information collected
  • The categories of sources from which the business collected personal information
  • The purposes for which the business uses the personal information
  • The categories of third parties with whom the business shares the personal information
  • The categories of information that the business sells or discloses to third parties

Businesses must provide you this information for the 12-month period preceding your request. They must provide this information to you free of charge.

Businesses must designate at least two methods for you to submit your request—for example, an email address, website form, or hard copy form. One of those methods has to be a toll-free phone number and, if the business has a website, one of those methods has to be through its website. However, if a business operates exclusively online, it only needs to provide an email address for submitting requests to know.

Businesses cannot make you create an account just to submit a request to know, but if you already have an account with the business, it may require you to submit your request through that account.

Make sure you submit your request to know through one of the business’s designated methods, which may be different from its normal customer service contact information. If you can’t find a business’s designated methods, review its privacy policy, which must include instructions on how you can submit your request.

If a business’s designated method of submitting requests to delete is not working, notify the business in writing and consider submitting your request through another designated method if possible.

Businesses must respond to your request within 45 calendar days. They can extend that deadline by another 45 days (90 days total) if they notify you.

If you submitted a request to know and have not received any response within the timeline, check the business’s privacy policy to make sure you submitted your request through the designated way. Follow up with the business to see if the business is subject to the CCPA and to follow up on your request.

There are some exceptions to the right to know. Common reasons why businesses may refuse to disclose your personal information include:

  • The business cannot verify your request
  • The request is manifestly unfounded or excessive, or the business has already provided personal information to you more than twice in a 12-month period
  • Businesses cannot disclose certain sensitive information, such as your social security number, financial account number, or account passwords, but they must tell you if they’re collecting that type of information
  • Disclosure would restrict the business’s ability to comply with legal obligations, exercise legal claims or rights, or defend legal claims
  • If the personal information is certain medical information, consumer credit reporting information, or other types of information exempt from the CCPA
  • See Civil Code section 1798.145 for more exceptions.
  • If you do not know why a business denied your request to know, follow up with the business to ask it for its reasons.
  • Many businesses use other businesses to provide services for them. For example, a retailer may contract with a payment card processor to process customer credit card transactions or a shipping company to deliver orders. These entities may qualify as “service providers” under the CCPA.
  • The CCPA treats service providers differently than the businesses they serve. It is the business that is responsible for responding to consumer requests. If you submit a request to know to a service provider of a business instead of the business itself, the service provider may deny the request. You must submit your request to the business itself.
  • If a service provider has said that it does not or cannot act on your request because it is a service provider, you may follow up to ask who the business is. However, sometimes the service provider will not be able to provide that information. You may be able to determine who the business is based on the services that the service provider provides, although sometimes this may be difficult or impossible.

Right To Delete

You may request that businesses delete personal information they collected from you and to tell their service providers to do the same. However, there are many exceptions that allow businesses to keep your personal information.

Businesses must designate at least two methods for you to submit your request—for example, a toll-free number, email address, website form, or hard copy form. Businesses do not have to provide an online form for requesting deletion.

Businesses cannot make you create an account just to submit a deletion request, but if you already have an account with the business, it may require you to submit your request through that account.

Make sure you submit your deletion request through one of the business’s designated methods, which may be different from its normal customer service contact information. If you can’t find a business’s designated methods, review its privacy policy, which must include instructions on how you can submit your request.

If a business’s designated method of submitting requests to delete is not working, notify the business in writing and consider submitting your request through another designated method if possible.

Businesses must respond to your request within 45 calendar days. They can extend that deadline by another 45 days (90 days total) if they notify you.

If you submitted a request to delete and have not received any response within the timeline, check the business’s privacy policy to make sure you submitted your request through the designated way. Follow up with the business to see if the business is subject to the CCPA and to follow up on your request.

There are exceptions to the right to delete. Common reasons why businesses may keep your personal information include:

  • The business cannot verify your request
  • To complete your transaction, provide a reasonably anticipated product or service, or for certain warranty and product recall purposes
  • For certain business security practices
  • For certain internal uses that are compatible with reasonable consumer expectations or the context in which the information was provided
  • To comply with legal obligations, exercise legal claims or rights, or defend legal claims
  • If the personal information is certain medical information, consumer credit reporting information, or other types of information exempt from the CCPA

See Civil Code sections 1798.105(d) and 1798.145 for more exceptions.

If you do not know why a business denied your request to delete, follow up with the business to ask it for its reasons.

Creditors, collection agencies, and other debt collectors can still try to collect debts that you owe even if you asked them to delete your personal information

If you receive a notice from a debt collector, it’s important to respond as soon as possible—even if you do not owe the debt—because otherwise the collector may continue trying to collect the debt, report negative information to credit reporting companies, and even sue you.

If you get a summons notifying you that a debt collector is suing you, do not ignore it—if you do, the collector may be able to get a default judgment against you (that is, the court enters judgment in the collector’s favor because you didn’t respond to defend yourself). The debt collector could then garnish your wages and bank accounts, meaning it could take money from your paycheck or accounts. Make sure you respond by the date stated in the court papers so you can defend yourself in court. If you are sued, you may want to consult an attorney.

The law protects you from abusive, unfair, or deceptive debt collection practices. Here is information about some common debt collection issues:

Credit reporting agencies like Equifax, Experian, and TransUnion can still collect and disclose your credit information, subject to regulation under the Fair Credit Reporting Act

Right To Opt-Out Of Sale

You may request that businesses stop selling your personal information (“opt-out”). With some exceptions, businesses cannot sell your personal information after they receive your opt-out request unless you later provide authorization allowing them to do so again. Businesses must wait at least 12 months before asking you to opt back in to the sale of your personal information.

Businesses that sell personal information are subject to the CCPA’s requirement to provide a clear and conspicuous “Do Not Sell My Personal Information” link on their website that allows you to submit an opt-out request. Businesses cannot require you to create an account in order to submit your request.

Make sure you submit your opt-out request through the “Do Not Sell My Personal Information” link or through another method that the business designates for opt-out requests, which may be different from its normal customer service contact information. If you can’t find a business’s “Do Not Sell” link, review its privacy policy, which must include that link.

If a business’s “Do Not Sell” link or other designated method of submitting opt-out requests is not working, notify the business in writing and consider submitting your request through another designated method if possible.

There are some exceptions to the opt-out right. Common reasons why businesses may refuse to stop selling your personal information include:

  • If a sale is necessary for the business to comply with legal obligations, exercise legal claims or rights, or defend legal claims
  • If the personal information is certain medical information, consumer credit reporting information, or other types of information exempt from the CCPA

See Civil Code section 1798.145 for more exceptions.

If you do not know why a business denied your opt-out request, follow up with the business to ask it for its reasons.

Many businesses use other businesses to provide services for them. For example, a retailer may contract with a payment card processor to process customer credit card transactions or a shipping company to deliver orders. These entities may qualify as “service providers” under the CCPA.

The CCPA treats service providers differently than the businesses they serve. It is the business that is responsible for responding to consumer requests. If you submit a request to opt-out to a service provider of a business instead of the business itself, the service provider may deny the request. You must submit your request to the business itself.

If a service provider has said that it does not or cannot act on your request because it is a service provider, you may follow up to ask who the business is. However, sometimes the service provider will not be able to provide that information. You may be able to determine who the business is based on the services that the service provider provides, although sometimes this may be difficult or impossible.

Right To Non-Discrimination

Businesses cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA.

However, if you refuse to provide your personal information to a business or ask it to delete or stop selling your personal information, and that personal information or sale is necessary for the business to provide you with goods or services, the business may not be able to complete that transaction.

Businesses can also offer you promotions, discounts and other deals in exchange for collecting, keeping, or selling your personal information. But they can only do this if the financial incentive offered is reasonably related to the value of your personal information. If you ask a business to delete or stop selling your personal information, you may not be able to continue participating in the special deals they offer in exchange for personal information. If you are not sure how your request may affect your participation in a special offer, ask the business.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

CrediFai

(619) 675-0007

info@credifai.com

CrediFai or one of its wholly-owned subsidiaries or joint ventures (“CrediFai” or “We”) owns and operates this website (our “Website”). We respect your privacy and have adopted this Privacy Policy (this “Policy”) to explain what information we collect from or about you through our Website and how we use, maintain, protect, and disclose that information.

This Policy applies only to information we collect through our Website. It does not apply to information we collect through other channels.

Please read this Policy carefully to understand our policies and practices regarding your information. By accessing or using our Website, you agree to this Policy. If you do not agree to this Policy, you may not use our Website. This Policy may change from time to time. Your continued use of our Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Our Terms and Conditions

This Policy is part of the Terms and Conditions that govern your use of our Website. A link to our Terms and Conditions is provided at the bottom of each page of our Website.

Children Under the Age of 13
Our Website is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not provide any information on this Website.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website. Some of the information we collect may be “personal information,” which means it identifies you personally, alone or in combination with other information available to us.

The information we collect falls into the following categories:

Information that you manually provide to us, for example, when completing a registration or contest-entry form, requesting services, or posting “User Contributions” (content you post using the social networking tools we make available to you).
Information from third-party social media platforms. You may be able to register with, log on to, or enhance your profile on our Website by choosing to automatically populate the requested data fields with information you previously provided to a third-party social media platform (such as Facebook or Twitter). By doing this, you are asking the third-party platform to send us information, including personal information, from your profile on that platform. We treat that information as we do any other information you give to us when you register, log on, or enhance your profile.
Information from your browser or device, such as your IP address and other information about your internet connection, the equipment you use to access our Website, and usage details.
Information collected by cookies and other tracking technologies. Cookies help us understand the types of products you’re interested in and how you use our Website. They also support the features and functionality of our Website for example, by saving you the trouble of re-entering information already in our database. You may refuse to accept cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to use or access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
Please note that the information we receive from your web browser or device or that is collected by cookies is not, in and of itself, personally identifiable. However, we may combine it with other information in an attempt to identify you or we may combine it with information that does identify you.

Third-party Advertiser Use of Cookies.

In addition to the cookies CrediFai delivers to your computer through our Website, certain third parties may deliver cookies to you for a variety of reasons. For example, we use Google Analytics, a web analytics tool that helps us understand how visitors engage with our Website.

Other third parties may deliver cookies to your computer or mobile device for the purpose of tracking your online behaviors over time and across nonaffiliated websites and/or delivering targeted advertisements either on our Website or on other websites.

You have choices about the collection of information by third parties on our Website. For example, if you don’t want information about your visit to our Website sent to Google Analytics, you may download an Opt-out Browser Add-on by clicking here. Please note that the Add-on does not prevent information from being sent to CrediFai.

In addition, if you would like to opt-out of having interest-based information collected by certain entities during your visits to our Website or other websites, please click here. You will be directed to an industry-developed website that contains mechanisms for choosing whether each listed entity may collect and use data for online behavioral advertising purposes. It may be that some of the third parties that collect interest-based information on this Site do not participate in the industry-developed opt-out website, in which case the best way to avoid third-party tracking of your online behaviors may be through your browser settings and deletion of cookies. Please note that the opt-out is device-specific. If you wish to opt-out from having interest-based information collected by participating entities across all devices, you need to take the steps outlined above from each device.

How We Use Your Information

We use information that we collect from or about you:

to provide the information, products and services you request;
to provide you with effective customer service;
to provide you with a personalized experience when you use our Website;
to contact you with information and notices related to your use of our Website;
to contact you with special offers and other information we believe will be of interest to you (in accordance with any privacy preferences you have expressed to us);
to invite you to participate in surveys and provide feedback to us (in accordance with any privacy preferences you have expressed to us);
to improve the content, functionality, and usability of our Website;
to better understand your needs and interests;
to improve our products and services;
to improve our marketing and promotional efforts;
for security, credit or fraud prevention purposes; and
for any other purpose identified in an applicable click-through agreement or other agreement between you and us.

Disclosure of Your Information

With regard to aggregated information about our users, and information that does not identify any individual, we reserve the right to disclose such information without restriction.

With regard to User Contributions, including those that contain personal information, we reserve the right to disclose such information without restriction. In particular, please note that User Contributions, by definition, can be read, collected, used, and further disclosed by other users of our Website. We also reserve the right to use User Contributions you submit for advertising campaigns and other promotions. We may or may not use your name in connection with such use, and we may or may not seek your further consent before using the content for such purposes. Therefore, you should have no expectation of privacy with respect to User Contributions you submit on or through our Website.

With regard to all other personal information, we reserve the right to disclose it to the following entities:

Among members of the CrediFai corporate family, including our wholly-owned subsidiaries and joint ventures. These entities are permitted to use your personal information in any manner consistent with this policy.
To contractors, service providers, and other third parties we use to support our business.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of CrediFai assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by CrediFai about our Website users is among the assets transferred.
To third parties to market their products or services to you if you have not opted out of such disclosure.
To anyone to whom disclosure is necessary to fulfill the purpose for which you provide personal information. For example, if you give us an e-mail address to use the “e-mail a friend” feature of our Website, we will transmit the contents of that e-mail and your e-mail address to the recipients.
For any other purpose either disclosed by us when you provide the information or for which we have your consent.
We may also disclose your personal information when we, in good faith, believe disclosure is appropriate to comply with any court order, law, or legal process, including to respond to any government or regulatory request or to protect the rights, property, or safety of CrediFai, our customers or others.

Choices Regarding Your Information

In General. We respect your right to make choices about the ways we collect, use, and disclose your information. This Policy describes some of your choices, such as your choice to opt-out of receiving “cookies” and your right to opt-out of having your information shared with third parties for their own marketing purposes. We may ask you to indicate your choices at the time and on the page where you provide your information.

Email preferences.

You can opt-out of promotional emails we send you. If you wish to stop receiving promotional emails, simply select “unsubscribe” located at the bottom of each communication. Please note that you cannot opt-out of transactional emails, such as emails confirming a purchase made on our Website.

Do Not Track Mechanisms.

California law requires this Policy to address how we respond to any “Do-Not-Track (‘DNT’) signal” delivered by your browser. Because of the changing state of technology and indecision within the industry regarding the meaning of DNT signals, we currently do not make any guarantee that we will honor DNT signals.

Previously Expressed Preferences.

You may be able to change previously expressed preferences regarding how we use your information. To do so, please contact us using the information provided below.

Interacting with Social Media on our Website
Facebook, Twitter, and other social media platforms provide tools that many of our customers use and enjoy, and we include links to various social media platforms on our Website. If you interact with these social media platforms through our Website, your experience on those platforms will be governed by the privacy and other policies of those platforms. We encourage you to choose your privacy settings on those sites accordingly.

Data Security

The CrediFai takes reasonable precautions to provide a level of security appropriate to the sensitivity of the information we collect. Unfortunately, the transmission of information via the internet is not completely secure. Therefore, we cannot guarantee the security of personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Links to Other Websites

Our Website may contain links to third-party websites or other online platforms. These links are provided for your reference and convenience only and do not imply any endorsement of the products sold or information provided through these websites, nor any association with their operators. CrediFai does not control these websites and is not responsible for their data practices. Any information you provide to third parties on their websites is covered under their privacy and data collection policies and is not covered by this Policy. We urge you to review the privacy policy posted on any site you visit before using the site or providing any personal information.

Access to Your Information
You may request to review or update the personal information you have provided to us through our Website by contacting us using the information provided below. We will respond to your request within a reasonable time or within the time set out by applicable law. When appropriate, or as required by applicable law, we will correct, amend or delete your personal information. We reserve the right to limit or deny access to personal information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by applicable law.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:
CrediFai
ADDRESS
info@credifai.co