California Consumer Privacy Notice for Clients
Friday, December 27, 2024 at 4:20am EST
California Consumer Privacy Notice for Clients
Date Last Updated: June 1, 2023
1. About this privacy notice
1.1. During the course of our activities we, Blue State, will process personal information (which may be held on paper, electronically, or otherwise) about our clients and we recognize the need to treat it in an appropriate and lawful manner, in accordance with the California Privacy Rights Act (CPRA) and other applicable data protection laws. The purpose of this privacy notice (“Notice”) is to make you aware of how we, as a Business, will handle your personal information. This notice applies to personal information that we collect from our Clients who are residents of the State of California.
1.2. This Notice also serves as our “Notice at Collection” under the CPRA.
1.3. This Notice may be amended at any time, for which we do not require client approval.
1.4. If we process your information through our website, please review our website privacy policy.
2. Data protection principles
2.1. We will comply with the following data protection principles and such additional conditions for processing as may be relevant under applicable law, which include:
- Lawfulness, fairness and transparency.
- Purpose limitation.
- Data minimization.
- Data accuracy.
- Storage limitation.
- Integrity and confidentiality.
- Accountability.
2.2. “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as collecting, accessing, disclosing, storing, selling, sharing, destroying, or using the data in any way.
3. Categories of personal information we collect
3.1. We may collect the following categories of personal information for the purposes explained below:
- Personal identifiers: such as your name, address, phone number, and email signature.
- Characteristics of protected classifications under California or federal law: such as your name, signature, address, telephone number, employment information, commercial information, products or services purchased, bank account number of your representing entity or other financial information of your representing entity.
- Professional or employment-related information: such as your job title, position, and name of the company.
- Sensory data: such as CCTV footage as monitored by our security cameras in the facilities we operate.
- Inferences taken from other personal information, including information to create a profile: information inferred from information gathered sources to create your profile e.g., this could refer to things like your job title etc.
3.2 We may also collect notes linked to our business development initiatives, or any other information you provide when engaging with us.
4. Sources of personal information
4.1 We will collect personal information directly from you or the entity you represent or when you otherwise contact us.
4.2 In most instances, you are required to make your personal information available (such as part of managing your commercial relationship with us), and the supply of the information is accordingly mandatory. In instances where it is voluntary, we will inform you accordingly.
4.3 We may combine personal information that you provide us with information we collect from elsewhere. Such sources may include:
- Publicly accessible sources (company website, companies house, other website sources); and
- Other sources as directed by you for example, client-led presentations, one pagers etc .
4.4. If you are our Client, we may also collect information from you during the course of your relationship with Blue State. This may include information we collect through liaising with you.
5. Business purposed for collecting personal information
We process the categories of personal information listed above for the following purposes:
- Managing our relationship: we use your personal information to process data of representatives or contacts of our customers who are legal entities to manage our relationship and communicate with you.
- Making decisions about supplying goods and services: we use your personal information to make decisions about supplying goods and services (e.g., determining payment or the terms of our contractual agreement(s) etc). In cases where our client is a legal person, we use your personal information to keep our client updated throughout our relationship. Moreover, we use your personal data to supply goods and services to you and to keep you updated throughout our relationship.
- To manage your visit to our offices: we use your personal information for purposes required by law e.g., to comply with fire safety regulations.
- To keep you informed: we use your personal information to keep you informed of news, updates and other information related to our business and that of other companies in our group.
- Equal opportunities legislation: we may process your personal data in order to report on and monitor globally our progress in promoting equal opportunities and compliance with equal opportunities legislation.
- Complying with legislation: we use your personal information for the purposes of adhering to applicable laws, to respond to legal orders, resolve legal disputes, action our rights in applicable employment or related contracts. and adhere to legal and regulatory requirements more generally.
- Conducting prior screening checks: we use your personal information to undertake screening and background checks.
- Upholding our commercial interests: we use your personal information to uphold our company’s economic interests and ensuring compliance and reporting (such as adhering to our policies, local legislation and managing allegations of fraud or misconduct). In cases where our client is a natural person, we use your personal data to investigate and prevent fraud or misconduct and to protect our economic interests.
6. Disclosure of personal information
We may share your personal information for the business purposes described in section 5 of this notice, with the following third parties:
- Affiliates and subsidiaries: we may share your personal information with our affiliates and subsidiaries.
- Service providers: we may share your personal information with service providers (these could include third party onboarding partners, finance vendors).
- Professional service firms: we may share your personal information with advisors such as auditors or legal counsel.
- Persons involved with business acquisitions or mergers: we may share your personal information to third parties in the event of a merger, acquisition, joint vendor, dissolution, liquidation or other type of re-organisation).
- Government: we may share your personal information with governmental authorities such as federal agencies, courts, and other government authorities where are required under applicable law.
7. Purpose limitation
We will only process your personal data for the specific purpose or purposes notified to you.
8. Data minimization
Your personal information will only be processed to the extent that it is necessary for the specific purposes notified to you.
9. Data accuracy
We will keep the personal information we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.
10. Storage limitation
We will not keep your personal information for longer than is necessary for the purpose or otherwise required in law. This means that data will be destroyed or erased from our systems when we are no longer required or authorized to retain it.
11. Data security
11.1. We will ensure that appropriate measures are taken against unlawful or unauthorized processing of personal data, and against the accidental loss of, or damage to, personal data.
11.2. We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. We will only transfer personal information to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures.
11.3. Maintaining data security means guaranteeing the confidentiality, integrity, and availability (for authorized purposes) of the personal information.
12. Your rights
The CPRA provides you with certain rights in relation to your personal information. These rights include:
- The right to know: You have the right to access what personal information we have processed about you. This includes the categories of personal information we have collected, the categories of sources from where we have collected personal information, the business purpose of collecting or disclosing your personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of information we have collected about you.
- The right to delete: You have the right to delete the personal information we have processed about you.
- The right to correct: You have the right to correct or amend the personal information we have on file about you that may be incorrect.
- The right to non-discrimination: You have the right to not be discriminated against for exercising any of the rights outlined above, including the right not to be retaliated against.
The rights outlined above may be subject to certain exceptions. To exercise any of your rights, please contact us using the information below. We will respond to your request within the timeframe permitted under applicable law.
Prior to executing your individual rights request, we will first verify your identity by asking you to provide information about yourself and comparing that information with what we have on file about you. The information we may ask you to provide to verify your identity may include your name, employee number, or some other personal identifier. You may also authorize an agent to submit a request on your behalf by submitting a written permission that authorizes the agent to act on your behalf and includes your signature. If you use an authorized agent, we will still take steps to verify your identity.
Please note that we do not “sell” or “share” your personal information, as those terms are defined under the CPRA. Additionally, we do not use your “sensitive personal information” for any purposes that would permit you to limit our use of such information. You may review Cal. Civ. Code Section 1798.121(a) to learn more about these permitted purposes.
13. Contact and queries
We will not discriminate or retaliate against you if you choose to exercise any of your rights under the CPRA.
Should you have any queries regarding this notice or processing of personal information by Blue State please contact us by email at [email protected] or by telephone at 1-800-290-6826.