Californian Consumer Rights Policy

This document is an exclusive property of C COM Enterprises Pvt. Ltd. Any unauthorized use of the document shall invite legal consequences.

1 Background and Purpose

1.1 Background

The Californian consumer protection act 2018 (CCPA) allows Californian Consumers the right to:

Access the personal data that is being processed.
Delete the personal data that is being processed.
To opt-out from Having Information Sold.
To Receive Services in equal terms.

1.2 Purpose

These Procedures are intended to:

Provide further guidance to assist C COM Enterprises Pvt. Ltd. (‘C COM’) to handle requests received in this regard; and
Provide the necessary documentation of C COM ’s activities in this regard.

These Procedures are supplemental to and should be read in conjunction with C COM’s Personal Data Protection Policy.

1.3 Rights under CCPA

The CCPA provides the following rights for individuals:

The right to Know.
The right of Delete.
The right to opt-out.
The right to non- Discrimination.

1.4 Timelines under CCPA

Consumer Request	Initial response time	Response time in case of extension
The Right to Know.	45 days	90 days
The Right to Delete	45 days	90 days
The Right to opt- out of sale	15 business working days.	15 business working days
The Right to non-Discrimination.	On Receipt of Complaint.	On Receipt of Complaint.
The Right to correct (effective from 1st Jan 2023 under CPRA)	45 days	90 days
The Right to Limit Use (effective from 1st Jan 2023 under CPRA)	45 days	90 days
The Right to Opt-out from automated processing. (Effective from 1st Jan 2023 under CPRA)	Not applicable based on C COM’s business activities.	Not applicable based on C COM’s business activities.

2 Key Procedures

C COM should use these procedures as guidance when dealing with requests from Californian Consumers.

2.1 Right to Know

The Right to know allows consumers to request a summary of personal information you have collected about them, and a copy of the specific pieces of personal information C COM have collected about them.

2.1.1 Designated Methods of Submitting a Request

You must maintain at least two "designated methods of submitting a request" under the right to know (and the right to delete).

There's one exception. If your business operates exclusively online and deals directly with consumers, you only have to provide one designated method of submitting a request: a form on your website.

You should provide a designated method that best reflects the ways in which you interact with consumers. Examples include:

A toll-free number (mandatory)
A web form
A form submitted via email, physical mail, or in person

If a consumer makes a request via a method you haven't designated, you can either:

Deal with the request, or
Require the consumer to use one of your designated methods

2.1.2 Denying a "Right to Know" Request

You can deny a request under the right to know if all of the following conditions are met:

You don't store the personal information in a "searchable or reasonably accessible" format
You only store the personal information for legal or compliance purposes
You don't sell the personal information or use it for any commercial purpose
You tell the consumer what categories of records contain the personal information

You can also deny a request if you cannot verify the consumer's identity.

2.1.3 Responding to a "Right to Know" Request

You must acknowledge receipt of a request within 10 business days, and provide the information requested by the consumer within 45 days. This deadline includes any time you spend verifying a consumer's identity. You can extend this deadline by a further 45 days if "reasonably necessary."

A consumer can make a "right to know'' request twice in every 12-month period. You must not charge a fee for fulfilling a request.

If a consumer holds a password-protected account with your business, you can deliver the requested information through their account. If not, you should deliver it via email or physical mail. Take "reasonable security measures" when transmitting personal information.

There are two types of requests under the right to know, which we'll call "category requests" and "specific requests." For each type of request, there are different rules on how to verify a consumer's identity.

2.1.4 "Category Requests" Under the Right to Know

Under what we're calling a "category request" under the right to know, a consumer may request the following information in respect of the preceding 12-month period (taken from the date of the request):

The categories of personal information you collected about them
The categories of sources from which you collected their personal information
The business or commercial purpose for which you collected or sold their personal information
The categories of third parties with which you shared their personal information
The categories of their personal information you sold, and for each category, the categories of third parties to which you sold it
The categories of their personal information you disclosed for a business purpose, and for each category, the categories of third parties to which you disclosed it

2.1.5 Verifying a Consumer's Identity: Category Requests

Before you provide personal information under a "category request," you must have a "reasonable degree of certainty" that the person making the request is the correct consumer.

Where possible, you should use information that you already have in your possession to verify the consumer's identity.

You should ask the consumer to confirm at least two data points from the personal information you hold about them. For example, the value of the last purchase they made through your online store, or the email address registered to their account.

2.1.6 "Specific Requests" Under the Right to Know

Under what we're calling a "specific request" under the right to know, a consumer can request the specific pieces of personal information you have collected about them.

Do not disclose the following pieces of personal information:

Social Security number
Driver's license number
Any government-issued identification number
Financial account number
Any health insurance or medical identification number
Account password
Security questions and answers
Unique biometric data generated from measurements or technical analysis of human characteristics

2.1.7 Verifying a Consumer's Identity: Specific Requests

Before you provide personal information under a "specific request," you must have a "reasonable degree of certainty" that the person making the request is the correct consumer.

This means asking the consumer to:

Confirm at least three data points from the personal information you hold about them, and
Provide a "signed declaration under penalty of perjury" stating that they are the consumer whose personal information is being requested

2.2 The Right to Delete

Under the right to delete, consumers may request that you delete the personal information you've collected about them.

A consumer can make a "right to delete'' request twice in every 12-month period. You must not charge a fee for fulfilling a request.

You must acknowledge receipt of a request within 10 business days, and delete the relevant personal information within 45 days. This deadline includes any time you spend verifying a consumer's identity. You can extend this deadline by a further 45 days if "reasonably necessary."

The rules around providing designated methods for submitting a request under the right to delete are the same as the rules for the right to know.

2.2.1 Fulfilling a Request to Delete

When carrying out a consumer's request to delete their personal information, you have several options:

Permanently delete it from your systems
Deidentify (anonymize) it
Aggregate it

You don't have to delete personal information that you store on archived or backup systems until it becomes active.

You must let the consumer know once you have carried out their request.

2.2.2 Exceptions to the Right to Delete

There are nine exceptions to the right to delete. If it's necessary for you to retain the consumer's personal information for one of the following reasons, you might be able to refuse a deletion request:

Performing obligations under a contract
Ensuring you can maintain security
Debugging
Exercising or defending free speech and other legal rights
Complying with other California Privacy Acts
Conducting certain research in the public interest
Using it for solely internal and reasonable purposes
Complying with a legal obligation
Using it for other internal purposes that are reasonable considering the context in which you collected the personal information

2.2.3 Rejecting a Request to Delete

If you decide that you are covered by an exception and you plan to reject a consumer's deletion request, there are several things you must do:

Let the consumer know that you will not be deleting their personal information, and explain why
Delete any personal information not covered by an exception
Refrain from using the personal information for any reason other than that covered by the exception

2.2.4 Verifying Consumers' Identities

When a consumer makes a deletion request, you must consider the potential impact it will have.

If a consumer is requesting to delete non-sensitive personal information, such as their account history or contact details, you should apply the weaker level of verification that applies for "category requests" under the right to know.

If a consumer is requesting to delete more sensitive personal information, such as family photos or medical documents, you should apply the stricter level of verification that applies for "specific requests" under the right to know.

Once you've accepted the request and you're ready to delete their personal information, you must ask the consumer to authenticate themselves again before you carry out their request.

2.3 The Right to opt Out

If your business sells personal information, you must provide notice of the right to opt out in the form of a "Do Not Sell My Personal Information" page.

Once you receive a request under the right to opt out, you must stop selling the consumer's information as soon as possible, and within 15 business days at the latest.

You can ask the consumer if you wish to opt back into the sale of the personal information, but not for at least 12 months following their original request.

2.3.1 The Right to Opt In (for Minors)

The CCPA has strict rules about selling the personal information of minors (under the age of 16).

Unless you have processed a valid opt-in request, you must not sell the personal information of a consumer if you have "active knowledge" that they are a minor, or if you "wilfully disregard" their age.

If you have reason to believe that your business is used by minors, whether you target them or not, you should take positive steps such as age verification checks to ensure that you do not sell their personal information.

2.3.1.1 Minors Aged 13-16

If you wish minors aged 13-16 to be able to opt into the sale of their personal information, the CCPA Proposed Regulations state that you must "establish, document, and comply" with a "reasonable process" to enable this.

This must be a "two-step" verification process where the consumer:

opts in via a designated method
Confirms that they wish to opt in

During the opt-in process, you must inform the consumer of their right to opt out and provide instructions on how to do so.

2.3.1.2 Minors Aged Under 13

A consumer under 13 cannot exercise the right to opt in. However, their parent or guardian can opt into the sale of their personal information on their behalf.

To verify a parent or guardian's identity, you must ask them to do one of the following things:

Sign a consent form under penalty of perjury
Make a credit card payment
Call your toll-free number
Make a video call
Meet face-to-face
Provide government-issued ID, as long as you check it against an official database and promptly delete any copy of the ID

2.4 The Right to Non-Discrimination

The right to non-discrimination requires businesses not to discriminate against consumers who have exercised their CCPA rights.

The CCPA lists several examples of ways in which a business may discriminate against consumers:

Denying them goods or services
Charging them different prices
Providing a different level or quality of goods or services
Suggesting that you might do any of the above

As mentioned, there is a limited exception to the right to non-discrimination for financial incentive schemes.

2.5 The Right to Correct (effective from 1st Jan 2023 as per CPRA)

The Right to Correct in pursuance to Consumer rights protection act,2021 requires businesses to correct data of Californian consumers whose data are inaccurate taking into account the nature of the personal information and the purposes of processing of Personal Information.

The individual can exercise this right by first asking us to disclose the information that we have to verify if the information is accurate or no. If the information disclosed is inaccurate, the individual can later request to correct the data. C COM is obligated to correct the data within 45 days of the request made which can be subjected to delay up to 90 days with Valid reason.

2.6 The Right to Limit use (effective from 1st Jan 2023 as per CPRA)

The Right to Limit use in Pursuance to Consumer rights protection act,2021 requires business to limit the use of sensitive personal information collected of the consumers necessary for performing services or providing goods for which C COM is engaged.

According to CPRA, sensitive personal information that is collected or processed without the purpose of inferring characteristics of the individual in Rights to Limit use.

An Individual can exercise these rights by filling up the ccpa individual rights request form. We will limit use of your data as soon as the request is verified. A confirmation mail shall be sent once verification is done and appropriate actions is taken.

2.7 General Rules & Guidelines

Data Protection Policy covers the general rules & guidelines for responding to requests from Consumers, including

Form of communication,
Timelines and
Refusing to act on requests

3 Annexure 1- Privacy notice Checklist

3.1 What to Provide

We provide individuals with all the following private information:

The name and contact details of our organisation.
The name and contact details of our representative (if applicable).
The contact details of our Organisation.
The purposes of the processing.
The lawful basis for the processing.
The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
The recipients or categories of recipients of the personal data.
The details of transfers of the personal data to any third countries or international organisations (if applicable).
The retention periods for the personal data.
The rights available to individuals in respect of the processing.
The right to opt in (if applicable).
The Rights Available under CPRA.
The source of the personal data (if the personal data is not obtained from the individual it relates to).
The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).

3.2 When to provide it

We provide individuals with privacy information at the time we collect their personal data from them.
If we obtain personal data from a source other than the individual it relates to, we provide them with privacy information:
Within a reasonable of period of obtaining the personal data and no later than one month;
If we plan to communicate with the individual, at the latest, when the first communication takes place; or
If we plan to disclose the data to someone else, at the latest, when the data is disclosed.

3.3 How to provide it

We provide the information in a way that is:
Concise;
Transparent;
Intelligible;
Easily accessible; and
Uses clear and plain language.

3.4 Changes to the information

We regularly review and, where necessary, update our privacy information.
If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.

3.5 Best practice – drafting the information

We undertake an information audit to find out what personal data we hold and what we do with it.
We put ourselves in the position of the people we’re collecting information about.
We carry out user testing to evaluate how effective our privacy information is.

Clients | 360° Digital Marketing Agency in Mumbai, India

Award Winning Digital Marketing Agency in Mumbai - ROI Focused · SEO, PPC, SEM, Social & Mobile, Results Obsessed. 100% Online Business Growth Guaranteed. C Com Digital, a leading top creative marketing and digital agency located in Mumbai with 15 years of solid experience. Best Digital Marketing Agency India. Get a comprehensive digital marketing strategy to target your ideal customer. We are digital agency specializing in media buying, social media ,website design, SEO, SEM, with quality conscious team sited in Mumbai, India. Award-Winning Marketing Experts. Search, Social & Mobile · ROI Focused · Results Obsessed · Award-Winning Agency India. Digital Marketing Agency based in Mumbai, India & Madrid. Award winners in search marketing: SEO, PPC, Social, Web Design & Development. We bring multiple channels of digital marketing together to create the perfect digital journey. ... C Com has a heritage as the Mumbai's leading PPC agency. Digital marketing the C Com | Lead Digital way – SEO, web design, PPC and analytics rolled into an integrated marketing approach to drive business. SEO & SEM international services for businesses. Call us today! Agile India Agency, Multilingual SEO Mumbai. Contact us Digital Ad Agency Mumbai

Best Digital Advertising and Marketing Agency Mumbai, India

Digital Marketing Agency Mumbai, India - Get Your Company Found Online‎. We Can Help You Grow Your Business With Digital Marketing Services. Digital Marketing Agency - C Com | Lead Digital - PPC, SEO & Web Design Agency. Digital Marketing Agency: CRO, PPC, SEO, WEB Development Mumbai. Smart Digital Marketing - Marketing Your Business is Easy‎. Offering innovative ROI driven digital marketing services. Maximise Your ROI · Dedicated Experts · Award-winning Agency

Affordable SEO & Digital Marketing Agency Mumbai, India

digital marketing agency in delhi, digital marketing agency in mumbai, digital marketing agency india, digital marketing agency in pune, digital marketing agency in bangalore, digital marketing agency in hyderabad, digital marketing agency in kolkata, digital marketing agency in gurgaon, digital marketing agency chennai, digital marketing agency business plan, digital marketing agency, digital marketing agency ahmedabad, digital marketing agency about us, digital marketing agency awards, starting a digital marketing agency, choosing a digital marketing agency, building a digital marketing agency, what does a digital marketing agency do, why hire a digital marketing agency, structure of a digital marketing agency, why use a digital marketing agency, how does a digital marketing agency work, we are a digital marketing agency, digital marketing agency bangalore, digital marketing agency brochure, digital marketing agency bhubaneswar, digital marketing agency delhi, digital marketing agency delhi ncr, digital marketing entertainment agency, digital marketing agency email marketing, digital marketing agency fashion, digital marketing agency for hotels, digital marketing agency facebook, digital marketing agency franchise, digital marketing agency for financial services, digital marketing agency gurgaon, digital marketing agency hyderabad, digital marketing agency in ahmedabad, digital marketing agency in chennai, digital marketing agency jaipur, digital marketing agency kolkata, digital marketing agency kochi, digital marketing agency list, digital marketing agency mumbai, digital marketing agency noida, digital marketing agency of the year, list of digital marketing agency in mumbai, list of digital marketing agency in india, list of digital marketing agency in delhi, definition of digital marketing agency, role of digital marketing agency, benefits of digital marketing agency, structure of digital marketing agency, advantages of digital marketing agency, list of digital marketing agencies, digital marketing agency pune, digital marketing agency pricing, digital marketing agency proposal, digital marketing agency portfolio, digital marketing agency profile pdf, digital marketing agency reviews, digital marketing agency rates, digital marketing agency services, digital marketing agency structure, digital marketing agency startup, digital marketing agency scope of work, digital marketing agency testimonials, digital marketing agency tools, digital marketing agency team, digital marketing agency terms and conditions, digital marketing agency trends, digital marketing agency in vashi, digital marketing agency websites, digital marketing agency for small businesses, digital marketing agency for sme