- What is the California Consumer Privacy Act (CCPA)?
- Will Bound be compliant with the California Consumer Privacy Act (CCPA)?
- Will our customers be able to use Bound products and services without risking a breach of the CCPA?
- How exactly will Bound comply with the CCPA?
- Will Bound's approach to the CCPA change at a later date?
- Beyond the products and services, Bound has prepared for the CCPA by adjusting some of our processes and legal agreements. Which ones?
- Do these changes affect Bound customers in any way?
- Will this work impact Bound customers' current (or planned) integration in any way?
- What targeting conditions are CCPA compliant?
What is the California Consumer Privacy Act (CCPA)?
The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The CCPA is enforced starting January 1, 2020. We recommend that you coordinate with legal counsel to understand how your business achieves compliance.
Will Bound be compliant with the California Consumer Privacy Act (CCPA)?
Yes. Bound is compliant with CCPA.
Will our customers be able to use Bound products and services without risking a breach of the CCPA?
Yes, however, it's critical to note for our customers to whom the CCPA applies, Bound on its own does not make your business compliant. You will need to make certain your own business is compliant with the CCPA. If your businesses is not compliant, you still risk a breach of the CCPA by using Bound products and services — even though we are compliant.
How exactly will Bound comply with the CCPA?
Bound's policy is simple and straightforward: Bound will be using GeoIP lookup, and/or cookie based data, to identify a Website visitor's location. If the Website visitor is identified as being in the state of California, Bound will not process, store or track the user's data. Instead, upon California location determination, Bound serves only content that can be selected using non-personal data as defined by CCPA. For auditing purposes, Bound securely logs only the visit containing the identification mode (GeoIP or cookie), a date and time stamp, and the associated “do-not-track” values required to demonstrate that we are compliant with the CCPA.
If our customers have a need to continue personalization for CA Website visitors, we can personalize if our customers complete our CCPA addendum confirming the customer is compliant and that they are handling all consent management with their CA Website visitors.
Will Bound's approach to the CCPA change at a later date?
As with all things product and service related, Bound is always working to evolve. As the roles, strategies and technologies related to CCPA change, we anticipate that we will too. Any changes made to our approach will be clearly detailed for our partners and customers in advance, giving them the ability to select their preferred method of interaction with their Website visitors.
Beyond the products and services, Bound has prepared for the CCPA by adjusting some of our processes and legal agreements. Which ones?
As anybody involved with CCPA has experienced, this is a massive undertaking touching almost every aspect of the business. To date, we have identified and/or addressed:
- Privacy by Design: We are always reviewing the way we design, build and implement updates and new products and services to ensure data privacy remains a core part of our decision-making processes at every level.
- Data Security: We reviewed and amended our data practices and policies to ensure our approach to data is compliant, consistent and clear across the Bound ecosystem.
- Working with Customers: We are working with our customers to answer their questions and adjust or supplement our agreements to ensure customers can use Bound in compliance with CCPA.
- Data Management: You and/or your Website visitors own the data, not Bound. We'll take whatever data-related actions you or your Website visitors request.
- Data Processing: As the Data Processor, Bound has adjusted terms and processes to fulfill commitments to customers in their role as Data Controller. Bound has worked to ensure our terms and conditions contain provisions that are appropriate to the data we store, and balance the risks and responsibilities between us and our customers fairly.
Do these changes affect Bound customers in any way?
Yes. We have updated legal terms to bring them into compliance with the CCPA and those changes now apply to Bound customers. We recommend Bound customers read the updated terms because using Bound products and services after the updated terms have gone live will be treated as acceptance of those terms.
Will this work impact Bound customers' current (or planned) integration in any way?
The answer is, maybe. If you opt for our default serving, our Customer Success Manager(s) will work with you to determine alternate analytic and personalization strategies in these scenarios and no additional legal agreements are required. If you have active campaigns running for visitors within the California area, we will no longer process, track or store their data associated with their Website interactions — unless you have executed the addendum allowing Bound to personalize for your California Website visitors.
What targeting conditions are CCPA compliant?
The following targeting conditions are not dependent on the storage of cookie data for execution and are compliant with CCPA:
- browser language
- current url
- data layers
- day of week
- mobile devices
- mobile os
- screen resolution height
- screen resolution width
- tablet devices
- time of day
- time on site