Bloomreach’s Commitment to CCPA Compliance
Introduction to the CCPA
The California Consumer Privacy Act of 2018 (the “CCPA”) was introduced to provide California consumers an effective way to exercise control over their personal information and to provide certain safeguards against misuse of personal information. The CCPA is effective as of January 1, 2020. More information on the CCPA can be found here.
What the CCPA Means to Bloomreach
Bloomreach has always taken data security and individual privacy seriously. Bloomreach is committed to protecting the personal data of its employees, vendors and customers as well as helping customers to meet their CCPA obligations. Our proactive approach to CCPA focuses on both Bloomreach CCPA compliance and supporting customers in their compliance journeys.
Key Steps Taken
In addition to the ongoing efforts of the Bloomreach legal, product, engineering, human resources and customer teams working together to ensure that Bloomreach products, processes and services support CCPA compliance. Our philosophy and specific CCPA compliance obligations are set forth in the following policies:
- Bloomreach CCPA Compliance Policy
- Bloomreach CCPA Consumer Rights Policy
- Bloomreach Data Handling Policy
- Bloomreach Privacy Policy Addendum
In furtherance of our compliance efforts, we also enter into CCPA compliant contract addendums with our vendors as well as customers who may process personal data of California consumers. If you have not yet entered into a Bloomreach Customer CCPA Contract Addendum, please download our pre-signed Bloomreach Customer CCPA Contract Addendum linked below, countersign and email it to Bloomreach at [email protected]:
CCPA Data Requests
BloomReach does not sell data but, given the CCPA requirements, we have included on our website homepage (www.bloomreach.com) a link for California residents to make data requests. Through this link consumers and customers can (1) request access to personal information, (2) request that we delete personal information or (3) request that we not sell personal data. Alternatively, you can reach us by telephone toll free at 1(888) 263-3917.
Bloomreach’s Global Privacy Principles
BloomReach’s Global Privacy Principles guide our approach to the CCPA and establish our principles for how we processes personal information to ensure that we are operating consistently across the organization and in accordance with applicable laws.
-
TRANSPARENCY: We must be open and honest about how and what data we process
-
LEGITIMATE BUSINESS PURPOSES: We must only use personal information for specified, fair and lawful purposes
-
INDIVIDUAL CHOICE AND CONTROL: In certain situations, we must obtain individual consent to process personal information and provide individuals with controls regarding the processing of their personal information
-
DATA MINIMIZATION: We must only collect necessary and relevant personal information
-
ACCOUNTABILITY: We are accountable for how we and our service providers process personal information
-
RETENTION/DELETION: We must not use and retain personal information for longer than is necessary
-
ACCURACY: We must keep personal information accurate, complete and up to date
-
CUSTOMER INSTRUCTIONS: We must comply with our customers' processing instructions
-
INDIVIDUAL ACCESS RIGHTS: We must respect individuals’ rights and choices
-
SECURITY AND BREACH NOTIFICATION: We must use appropriate security safeguards and ensure we notify the appropriate parties if and when a security breach occurs
-
INTERNATIONAL TRANSFERS: We must ensure protection for international transfers of personal information
-
PRIVACY BY DESIGN: We must implement appropriate measures to ensure the principles of privacy by design and default are embedded into our processes and systems
Additional Information
Please find details on Bloomreach’s privacy page. If you have additional questions, reach out to your Account Manager or Customer Success Manager. He or she will work with you to ensure that your questions get answered.