Privacy Notice Requirements Under CCPA

3 min read Data Protection & Compliance

Privacy Notice Requirements Under CCPA

CCPA mandates specific disclosures in privacy notices, requiring clear communication about data collection practices, consumer rights, and how to exercise those rights. Privacy notices must be updated at least annually and include comprehensive information about personal information collected in the preceding 12 months. The notice must use plain language accessible to consumers, avoiding legal jargon or technical terms that might confuse average users.

Required disclosures include categories of personal information collected, sources from which personal information is collected, business or commercial purposes for collecting personal information, categories of third parties with whom personal information is shared, and specific pieces of personal information collected about individual consumers. For businesses that sell personal information, additional disclosures about sales practices and opt-out rights are mandatory.

<!-- CCPA-compliant privacy notice structure -->
<div class="ccpa-privacy-notice">
  <h1>Privacy Notice for California Residents</h1>
  <p class="effective-date">Effective Date: January 1, 2024 | Last Updated: December 15, 2023</p>
  
  <section class="notice-section">
    <h2>Your Privacy Rights Under CCPA</h2>
    <p>If you are a California resident, you have specific rights regarding your personal information:</p>
    
    <div class="rights-summary">
      <div class="right-card">
        <h3>Right to Know</h3>
        <p>You can request information about the personal information we collect, use, disclose, and sell.</p>
        <a href="/privacy/request-info" class="btn-primary">Request My Information</a>
      </div>
      
      <div class="right-card">
        <h3>Right to Delete</h3>
        <p>You can request deletion of your personal information, subject to certain exceptions.</p>
        <a href="/privacy/delete-account" class="btn-primary">Delete My Information</a>
      </div>
      
      <div class="right-card">
        <h3>Right to Opt-Out</h3>
        <p>You can opt-out of the sale of your personal information.</p>
        <a href="/privacy/do-not-sell" class="btn-primary prominent">Do Not Sell My Personal Information</a>
      </div>
      
      <div class="right-card">
        <h3>Right to Non-Discrimination</h3>
        <p>We will not discriminate against you for exercising your privacy rights.</p>
      </div>
    </div>
  </section>
  
  <section class="notice-section">
    <h2>Personal Information We Collect</h2>
    <table class="pi-collection-table">
      <thead>
        <tr>
          <th>Category</th>
          <th>Examples</th>
          <th>Collected</th>
          <th>Purpose</th>
        </tr>
      </thead>
      <tbody>
        <tr>
          <td>Identifiers</td>
          <td>Name, email, phone, account name, IP address, device ID</td>
          <td>YES</td>
          <td>Account creation, security, customer service</td>
        </tr>
        <tr>
          <td>Commercial Information</td>
          <td>Purchase history, product preferences, shopping cart</td>
          <td>YES</td>
          <td>Order fulfillment, recommendations, customer support</td>
        </tr>
        <tr>
          <td>Internet Activity</td>
          <td>Browsing history, search queries, interaction with ads</td>
          <td>YES</td>
          <td>Analytics, personalization, advertising</td>
        </tr>
        <tr>
          <td>Geolocation Data</td>
          <td>Approximate location from IP address</td>
          <td>YES</td>
          <td>Content localization, fraud prevention</td>
        </tr>
        <tr>
          <td>Inferences</td>
          <td>Preferences, characteristics, behavior predictions</td>
          <td>YES</td>
          <td>Personalization, recommendations</td>
        </tr>
      </tbody>
    </table>
  </section>
  
  <section class="notice-section">
    <h2>How We Use Your Information</h2>
    <ul class="purpose-list">
      <li><strong>Providing Services:</strong> Process transactions, maintain accounts, provide customer support</li>
      <li><strong>Security:</strong> Detect and prevent fraud, secure accounts, investigate suspicious activity</li>
      <li><strong>Legal Compliance:</strong> Comply with laws, respond to legal requests, enforce our terms</li>
      <li><strong>Analytics:</strong> Understand usage patterns, improve services, develop new features</li>
      <li><strong>Marketing:</strong> Send promotional communications (with consent), personalize content</li>
    </ul>
  </section>
  
  <section class="notice-section">
    <h2>Information Sharing and Disclosure</h2>
    <div class="sharing-disclosure">
      <h3>We may share your information with:</h3>
      <ul>
        <li><strong>Service Providers:</strong> Companies that help us operate our business (e.g., payment processors, hosting providers)</li>
        <li><strong>Business Partners:</strong> Companies we partner with to offer joint services</li>
        <li><strong>Legal Authorities:</strong> When required by law or to protect rights and safety</li>
        <li><strong>Corporate Transactions:</strong> In connection with mergers, acquisitions, or asset sales</li>
      </ul>
      
      <div class="sale-disclosure">
        <h3>Sale of Personal Information</h3>
        <p>In the preceding 12 months, we have sold the following categories of personal information:</p>
        <ul>
          <li>Identifiers (hashed email addresses) to advertising partners</li>
          <li>Internet activity information to analytics providers</li>
        </ul>
        <p>We do not sell the personal information of consumers under 16 years of age.</p>
      </div>
    </div>
  </section>
</div>