Bloomreach’s Commitment to CCPA Compliance

 

Introduction to the CCPA

The California Consumer Privacy Act of 2018 (the “CCPA”) was introduced to provide California consumers an effective way to exercise control over their personal information and to provide certain safeguards against misuse of personal information.  The CCPA is effective as of January 1, 2020. More information on the CCPA can be found here.

 

What the CCPA Means to Bloomreach

Bloomreach has always taken data security and individual privacy seriously.  Bloomreach is committed to protecting the personal data of its employees, vendors and customers as well as helping customers to meet their CCPA obligations. Our proactive approach to CCPA focuses on both Bloomreach CCPA compliance and supporting customers in their compliance journeys.

 

Key Steps Taken

In addition to the ongoing efforts of the Bloomreach legal, product, engineering, human resources and customer teams working together to ensure that Bloomreach products, processes and services support CCPA compliance. Our philosophy and specific CCPA compliance obligations are set forth in the following policies:

In furtherance of our compliance efforts, we also enter into CCPA compliant contract addendums with our vendors as well as customers who may process personal data of California consumers.  If you have not yet entered into a Bloomreach Customer CCPA Contract Addendum, please download our pre-signed Bloomreach Customer CCPA Contract Addendum linked below, countersign and email it to Bloomreach at legal@bloomreach.com:

CCPA Data Requests

BloomReach does not sell data but, given the CCPA requirements, we have included on our website homepage (www.bloomreach.com) a link for California residents to make data requests.  Through this link consumers and customers can (1) request access to personal information, (2) request that we delete personal information or (3) request that we not sell personal data. Alternatively, you can reach us by telephone toll free at 1(888) 263-3917.

 

Bloomreach’s Global Privacy Principles

BloomReach’s Global Privacy Principles guide our approach to the CCPA and establish our principles for how we processes personal information to ensure that we are operating consistently across the organization and in accordance with applicable laws.  

 

  1. TRANSPARENCY: We must be open and honest about how and what data we process

  2. LEGITIMATE BUSINESS PURPOSES: We must only use personal information for specified, fair and lawful purposes

  3. INDIVIDUAL CHOICE AND CONTROL: In certain situations, we must obtain individual consent to process personal information and provide individuals with controls regarding the processing of their personal information

  4. DATA MINIMIZATION: We must only collect necessary and relevant personal information

  5. ACCOUNTABILITY: We are accountable for how we and our service providers process personal information

  6. RETENTION/DELETION: We must not use and retain personal information for longer than is necessary

  7. ACCURACY: We must keep personal information accurate, complete and up to date

  8. CUSTOMER INSTRUCTIONS: We must comply with our customers' processing instructions

  9. INDIVIDUAL ACCESS RIGHTS: We must respect individuals’ rights and choices

  10. SECURITY AND BREACH NOTIFICATION: We must use appropriate security safeguards and ensure we notify the appropriate parties if and when a security breach occurs

  11. INTERNATIONAL TRANSFERS: We must ensure protection for international transfers of personal information

  12. PRIVACY BY DESIGN: We must implement appropriate measures to ensure the principles of privacy by design and default are embedded into our processes and systems

 

Additional Information

Please find details on Bloomreach’s privacy page.  If you have additional questions, reach out to your Account Manager or Customer Success Manager.  He or she will work with you to ensure that your questions get answered.