Bloomreach’s Commitment to CCPA Compliance

Introduction to the CCPA

The California Consumer Privacy Act of 2018 (the “CCPA”) was introduced to provide California consumers an effective way to exercise control over their personal information and to provide certain safeguards against misuse of personal information. The CCPA was effective as of January 1, 2020 and was further modified by the California Privacy Rights Act (“CPRA”), effective January 1, 2023. More information on the CCPA can be found here.

What the CCPA Means to Bloomreach

Bloomreach is committed to protecting the personal data of its employees, vendors, and customers. It is also paramount to Bloomreach that we assist customers in meeting their CCPA obligations. Our proactive approach to CCPA focuses on both our internal CCPA compliance as well as supporting our customers to ensure their own compliance.

Key Steps Taken

In addition to the ongoing interdepartmental Bloomreach commitment to ensure that Bloomreach products, processes, and services support CCPA compliance. Our philosophy and specific CCPA compliance obligations are set forth in the following policies:

In furtherance of our compliance efforts, we also enter into CCPA-compliant contract addendums with our vendors and customers who may process personal data of California consumers. We have also updated our CCPA Contract Addendum for CPRA compliance. If you have not yet entered into a Bloomreach Customer CCPA Contract Addendum, please download our pre-signed Bloomreach Customer CCPA Contract Addendum linked below, countersign and email it to Bloomreach at [email protected]:

Bloomreach Customer CCPA Contract Addendum

CCPA Data Requests

California residents may make data requests at the following page: https://www.bloomreach.com/en/about/control-your-data. Through this link consumers and customers can (1) request access to personal information, (2) request that we delete personal information or (3) request that we not sell or share personal data. Alternatively, you can reach us by telephone toll free at 1(888) 263-3917.

Bloomreach’s Global Privacy Principles

Bloomreach’s Global Privacy Principles guide our approach to the CCPA and establish our principles for how we processes personal information to ensure that we are operating consistently across the organization and in accordance with applicable laws.

TRANSPARENCY: We must be open and honest about how and what data we process
LEGITIMATE BUSINESS PURPOSES: We must only use personal information for specified, fair and lawful purposes
INDIVIDUAL CHOICE AND CONTROL: In certain situations, we must obtain individual consent to process personal information and provide individuals with controls regarding the processing of their personal information
DATA MINIMIZATION: We must only collect necessary and relevant personal information
ACCOUNTABILITY: We are accountable for how we and our service providers process personal information
RETENTION/DELETION: We must not use and retain personal information for longer than is necessary
ACCURACY: We must keep personal information accurate, complete and up to date
CUSTOMER INSTRUCTIONS: We must comply with our customers' processing instructions
INDIVIDUAL ACCESS RIGHTS: We must respect individuals’ rights and choices
SECURITY AND BREACH NOTIFICATION: We must use appropriate security safeguards and ensure we notify the appropriate parties if and when a security breach occurs
INTERNATIONAL TRANSFERS: We must ensure protection for international transfers of personal information
PRIVACY BY DESIGN: We must implement appropriate measures to ensure the principles of privacy by design and default are embedded into our processes and systems

Additional Information

Please find details on Bloomreach’s privacy page. If you have additional questions, please reach out to your designated Account Manager or Customer Success Manager.