Effective Date and Scope
This Privacy Notice describes how [Company Legal Name] ("we", "us") collects, uses, discloses, and protects personal information about California residents, in accordance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). It is effective as of [Effective Date].
1. Categories of Personal Information We Collect
In the preceding twelve (12) months we have collected the following categories of personal information ("PI") about California residents:
- Identifiers (name, email, postal address, phone, IP address, account ID)
- Customer records (billing details, transaction history)
- Commercial information (purchases, usage history)
- Internet or other electronic network activity (device data, log data, cookies, referring URL)
- Geolocation data (approximate, derived from IP)
- Professional or employment-related information (where you submit it)
- Inferences drawn from the above to create a profile reflecting preferences
- Sensitive PI (where applicable): account credentials, precise geolocation, government identifiers — see Section 5
2. Sources
We collect PI directly from you (when you create an account, contact us, or use the services), automatically (via cookies and similar technologies), and from third parties such as service providers, partners, and publicly available sources.
3. Business and Commercial Purposes
We use PI to:
- Provide, maintain, and improve the services
- Authenticate users and prevent fraud or abuse
- Communicate about the services, including transactional and (with consent where required) marketing communications
- Comply with legal, regulatory, and contractual obligations
- Analytics and product research
- Personalise the user experience consistent with your preferences
4. Categories of Recipients
We disclose PI to: (a) service providers and contractors bound by written contracts limiting use to our instructions (e.g. cloud hosting, payment processing, analytics, support); (b) professional advisers and auditors; (c) law enforcement and regulators where required by law or to protect rights; and (d) parties to a corporate transaction (with notice).
5. Sensitive Personal Information
Where we collect Sensitive PI (e.g. account log-in credentials, precise geolocation, government ID), we use and disclose it only for the limited purposes permitted by CCPA §1798.121 (e.g. providing the service, security, fraud prevention). California residents have the right to limit our use of Sensitive PI for purposes other than those limited purposes. To exercise this right, use the "Limit the Use of My Sensitive Personal Information" link on our website footer.
6. Sale and Sharing
Sale: We do not sell PI for monetary consideration. Sharing: To the extent that cross-context behavioural advertising via third-party cookies constitutes "Sharing" under CCPA, California residents may opt out via the "Do Not Sell or Share My Personal Information" link on our website footer, by enabling a Global Privacy Control (GPC) signal in their browser, or by following the instructions in Section 9.
7. Retention
We retain each category of PI only for as long as reasonably necessary for the disclosed purposes, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Retention periods vary by category and are documented in our internal Retention Schedule.
8. Your California Privacy Rights
Subject to verification, California residents have the right to:
- Know what PI we collect, the sources, purposes, and recipients
- Access a copy of the specific PI we have collected (twice in any 12-month period)
- Delete PI, subject to statutory exceptions
- Correct inaccurate PI
- Opt out of Sale or Sharing of PI
- Limit the use and disclosure of Sensitive PI
- Not be discriminated against for exercising any of these rights
9. How to Exercise Your Rights
Submit a verifiable request via [Online Request Form URL], email [Privacy / Security Contact Email], or our toll-free number [1-800-XXX-XXXX]. We respond within forty-five (45) days, extendable once by an additional forty-five (45) days with notice. You may use an authorised agent by providing written, signed authorisation and verification of identity.
10. Non-Discrimination
We will not deny goods or services, charge different prices, or provide a different level of quality because a California resident exercised any CCPA right, except where the difference is reasonably related to the value provided by the PI (e.g. a loyalty programme that requires participation).
11. Updates to This Notice
We update this notice at least once every twelve (12) months and post any material change at the top of this page. The "Effective Date" reflects the most recent revision.
12. Contact
Privacy Office, [Company Legal Name], [Company Registered Address]. Email: [Privacy / Security Contact Email].
Disclaimer: This template is provided for general informational purposes only and does not constitute legal advice. Customise to your specific facts and have counsel review before execution.