Potloc & the California Consumer Privacy Act (CCPA)
All data collected by Potloc is processed in a secure manner. Potloc acts on several levels to ensure the security of your data is in accordance with the CCPA, even when the law doesn’t require us to do so.
1. General Privacy Statement
Potloc only retrieves the answers provided by respondents when interacting with our questionnaires. In addition, Potloc does not use a Software Development Kit (SDK), which means we do not have access to respondent profiles - interests, activities, etc. Each respondent participates in our questionnaires on his or her own initiative. If the questionnaire requires the respondent to provide personal data, the respondent will be informed at the end of the questionnaire. The respondents will be informed that the data will be processed in accordance with GDPR, which guarantees the security of their data and also follows CCPA guidelines. In order to ensure compliance with our internal procedures, all Potloc processes, and documents relating to the GDPR and CCPA have been approved by Gide®.
3. Data Access
The CNIL authorizes us to keep the data for a maximum of 3 years from the date of the last answer to one of our questionnaires was provided. However, a respondent may make a specific request to have his or her data deleted via the following dedicated contact email address: email@example.com.
You can request deletion or access to your personal data by emailing us at firstname.lastname@example.org. In addition, only a very limited list of employees have access to data at Potloc: each of them is bound by a privacy agreement drafted and approved by Gide®. The company for which the survey is conducted does not have access to the respondents’ personal data.
4. Procedure in the event of an incident
Everything is planned so that there are no security breaches. Nevertheless, the law stipulates that a document setting out the procedure to be followed in the event of hacking must be drawn up in every organization. Our “Data Breach Procedure” therefore aims to detail the procedure to follow in case of database hacking, in accordance with the law.
Pursuant to the California Consumer Protection Act of 2018 (“CCPA”), and subject to certain exceptions and limitations, Californians can contact Potloc to exercise the rights described below with respect to certain personal information that Potloc holds about them. To the extent those rights apply to you, they are described below. Potloc also handles certain personal information on behalf of Potloc customers. You should contact those customers to exercise any rights you may have with respect to that personal information.
Right to Know About Personal Information Collected, Disclosed, or Sold
You have the right to request that we provide you with details about the personal information we collect, use, disclose, and sell. You can submit a verifiable consumer request by clicking here. You can also submit your request via our toll-free number 888-330-3667. Potloc reserves the right to verify your identity to our satisfaction, including by asking you to log into your account if you have one.
You are entitled to receive the following:
- The categories of your personal information that Potloc has collected in the preceding 12 months
- The categories of sources from which that information was collected
- The business/commercial purpose for the collection or selling
- The categories of third parties with whom Potloc shares personal information
- The specific pieces of personal information Potloc has collected about you (subject to some exceptions)
Because Potloc has disclosed or sold (as those words are defined in the CCPA) personal information to third parties in the last 12 months, you are also entitled to receive:
- The categories of personal information that Potloc has disclosed or sold in the past 12 months.
Right to Request Deletion of Personal Information
You have the right to request deletion of the personal information we have collected about you (subject to some exceptions). You can submit your request as described above, and we reserve the right to conduct the verification described above.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have the right not to receive unlawful discriminatory treatment by Potloc for the exercise of your privacy rights under the CCPA.
Right to Opt-Out of Sale of Personal Information
You have the right to opt-out of the sale of your personal information by Potloc. You can submit a verifiable consumer request by emailing us at email@example.com or by calling 888-330-3667.
List of Categories of Personal Information to be Collected and May Have been Sold or Disclosed:
Categories of Personal Information Collected
Potloc collects personal information from research participants during their participation in a survey and in connection with the receipt and redemption of rewards and incentives.
The categories of personal information we may collect include:“Identifiers” such as:
- Email Addresses
- Postal or Zip Code
- Marital Status
- Primary Occupation
- Household Income
- Characteristics of potentially protected classifications under California, federal or international law (e.g., health and medical conditions, sexual orientation or sexual life, political opinions/views, race/ethnic origin, gender, religious and philosophical beliefs and trade-union membership)
You may also choose to provide us with additional Personal Information when you fill out free fields in our questionnaires. This Personal Information is used by Potloc, in the context of the consumer surveys it conducts on behalf of its customers, leading to the establishment and transmission of statistics.
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with the CCPA and other standards;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Debugging to identify and repair errors that impair existing intended functionality;
- Identifying Short-term, transient uses;
- Performing or using services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing or using advertising or marketing services, providing or using analytic services, or providing or using similar services;
- Undertaking internal research for technological development and demonstration;
- Undertaking activities to verify or maintain the quality or safety of services and devices, and to improve, upgrade, or enhance services and devices;
- Facilitating the operational purposes of Potloc or our service providers
Categories of Personal Information that May Have Been Sold:
Potloc sold all of the above categories of personal information in the last 12 months.
Categories of Personal Information that Were Disclosed
Potloc disclosed all of the above categories of personal information in the last 12 months.
A few points to keep in mind:
- Potloc has mapped personal data summarizing where such data is stored.
- We have drafted a charter of good practices for employees, including sanctions in the event of non-compliance with the law.
- Potloc has implemented clauses in the contracts of our subcontractors guaranteeing that they comply with the legal provisions concerning the data they entrust to you.
- We have appointed a Data Protection Officer (DPO) whose role is to ensure the compliance of data processing.
- Potloc has guaranteed individual rights: the right to be forgotten (deletion), the right to data portability (recovery), the respondent can request that his data be deleted from our server, or to recover all data that Potloc possesses.
- We have kept a data log: linked to the personal data card, the log specifies who has access to what, for how long, and for what purpose Potloc keeps such data.
- Potloc has prepared for a potential data breach: implementation of the Data Breach Procedure, activated in case of a personal data breach. This universal document is mandatory, its content is specific to each company.