The California Consumer Protection Act
In 2018, California passed the California Consumer Protection Act, a measure that works to put the control of your data in your hands. This act applies to any company doing business with persons residing in California.
Our complete CCPA compliance policy is provided below, as are links to help you submit legal data requests. Solar by EnFin has tools that allow you to easily submit CCPA requests. We ask that you review the CCPA policy below to understand how the law affects you and what rights you have when submitting requests.
Your Rights Under the California Consumer Protection Act
- What is the California Consumer Protection Act (CCPA)?
- What information does Solar by EnFin collect, and how is it used?
- What rights do I have under the CCPA?
- What information is excluded from CCPA requests?
- What information does Solar by EnFin collect and why?
- What services does Solar by EnFin use that may relate to the CCPA?
- How do I submit a CCPA request to Solar by EnFin?
What is the California Consumer Protection Act (CCPA)?
In 2018, California passed the California Consumer Protection Act (CCPA), a privacy-centric bill aimed at protecting the privacy of California consumers, effective January 1, 2020. This bill sets requirements for how businesses handle consumers’ Personally Identifiable Information (PII) and gives rights to consumers in controlling how that data is used. Solar by EnFin has always taken the privacy and security of customer data seriously and has implemented steps that empower you in compliance with the CCPA.
Under the CCPA, consumers have the right to request access to information of theirs we hold, request that the data be deleted, a disclosure of our data collection practices and how the data is used, and request to opt-out of the sale of their data to third parties. Solar by EnFin does not and will never sell or rent the types of information outlined in this document.
The CCPA requires that businesses disclose the following: how information is used and, if/how it may be shared with third-party services, how the business’ website responds to “Do Not Track” signals from a web browser.
Consumers also have the right to not be discriminated against for exercising their rights under the CCPA.
What information does Solar by EnFin collect, and how is it used?
Solar by EnFin collects both personally identifiable information (PII) and non-personally identifiable information when consumers contact us with interest in Solar by EnFin offerings and during the ensuing communications to service these requests. This data is stored for the purposes of communication, advertising, and providing agreed-upon or contracted delivery of products and services. We may, at times, share this information with trusted third parties for advertising and marketing purposes, services that we require to conduct regular business, or services that allow us to enhance the services provided to consumers both online and offline.
The information we may collect is as follows and the specific information we collect from each person will depend on the types of interactions and communications that are chosen by that person. Some items below may not be individually considered personally identifiable information but may when combined with other items.
- Full name
- Phone number
- Email address
- Physical address
- IP address
- Google Client ID (if available)
We may receive additional information voluntarily provided by you when requesting information about products and services offered by Solar by EnFin or participating in the sales process.
For more details on how your information is used on our website and online, please review our Privacy Policy.
How does the CCPA allow me to make requests regarding
my personally identifiable information?
Under the CCPA, California consumers may have the right to make personal information requests, known as the “Right of Access” and “Right of Deletion.” The CCPA requires that businesses respond to all requests within 45 days, and these requests are as follows:
- Right of Access – The consumer may have the right to request and receive a list of personal information and additional details a business collects (or has collected) as well as the intended business use for collecting the data. A Right of Access request entitles a person to request the data collected for the previous 12 months no more than twice within that time period. Data provided by a Right of Access request are restricted from providing highly sensitive data such as social security numbers and banking information.
- Right of Deletion – The consumer may also be able to request that any specific personal information be deleted. With the exception of specific types of data (outlined below under ‘What information is excluded from CCPA requests?’), these deletion requests must be fulfilled by Solar by EnFin, and once a deletion request is fulfilled, we will have no access to any data that was previously available to us, which means that Right of Access requests cannot be fulfilled from that point forward.
- Right to Request Disclosure of Data Practices – The consumer may have the right to request disclosure of our business’ data collection and sales practices in connection with the requesting consumer, including categories of personal information we have collected, the source of information, our use of the information, and the categories of personal information disclosed or sold to third parties as well as the categories of third parties to whom such information was disclosed or sold. Solar by EnFin does not sell or rent any personally identifiable information to any third party, partner, or entity.
- Right to Opt-Out of the Sale of Data – The CCPA allows consumers to opt out of the sale of their data to third parties. Solar by EnFin does not sell or rent personal information to third parties. Because of this company policy, we do not provide a method to opt out of the sale of consumer data.
- Rights Against Discrimination – The consumer has the right to not be discriminated against for exercising their rights under the CCPA.
How do you verify the identity of consumers making CCPA requests?
Protecting the data of consumers from fraudulent requests is the highest priority in Solar by EnFin’s CCPA compliance procedures. All CCPA requests must be validated through strict measures to ensure that the individual submitting the request is the owner of the information in question. Confirmation methods may include, but are not limited to, the following:
- Verification of information that we have on record.
- Confirmation of identity using multiple communication methods.
- Providing physical identification.
Solar by EnFin will confirm and validate any and all requests made for both Right of Access and Right of Deletion requests while protecting the personally identifiable information related to the request itself. If we are unable to validate and confirm the identification of the individual submitting a CCPA request, Solar by EnFin is legally obligated and reserves the right to deny that request. Requests must be made by the individual whose data is the subject of request exclusively – the CCPA does not allow for other members of the household to request data on behalf of others within that household unless they are a legal parent or guardian of the minor for which the request is being made. For the purposes of the CCPA, a minor is defined as a person 13 years of age or younger.
What circumstances may affect Solar by EnFin’s
requirement to comply with a CCPA request?
There are circumstances that exist that may limit or prevent Solar by EnFin’s ability and legal requirement to fulfill a Right of Deletion request. According to the CCPA, a deletion request cannot be fulfilled for a Solar by EnFin customer where personally identifiable information is required for conducting ongoing business or fulfilling standing contractual obligations.
Solar by EnFin may also reject requests for Right of Deletion and Right of Access if reasonable steps have been taken to confirm the identity of the individual making that request yet are unable to determine that the request is being made by the owner of the personal data. This provision protects both consumers and companies from fraudulent and malicious requests by third parties.
The CCPA has been interpreted to state that a Right of Deletion request implies that the individual is also opting out of any further use or collection of that data in the future. However, there may be situations where, in complying with a Right of Deletion request, Solar by EnFin would not be in possession of any data that would allow us to ensure that the information we receive or collect was subject to any requests made regarding that data previously. In the event that you believe we have come into possession of your data either directly or indirectly, please contact us to submit another Right of Access or Right of Deletion request.
If you have a question regarding requests involving Solar by EnFin that you believe may be affected by these provisions, please contact us by sending an email to info@spus1.com.
How does it secure and anonymize PII in their CCPA request ledger?
Maintains ledgers that make use of salted/hashed values for the contact information used to fulfill the request made. This allows us to store a record of the transaction without requiring that we retain any personally identifiable information. When a value (such as an email address or phone number) is hashed, it cannot be “unhashed.” The result is an encrypted version of the original value. No two hashes are alike, and when the same original value is hashed again, it will always result in the same encrypted string.
By using this method, we are able to convert contact information to an encrypted string, delete the records we have, and, at a later date, provide a lookup of that record by re-hashing the information an individual provides and then searching for that anonymized value in our request logs. For reference, this secure method of data storage is how the passwords you use on websites and apps are stored and protected.
How do I opt out of select services that Solar by EnFin uses?
Solar by EnFin uses third-party services to help provide a better advertising experience for those interested in Solar by EnFin and/or the products and services that Solar by EnFin or its partners provides. These are listed below and provide for the ability to opt out. The list provided below is not a complete list of all third-party services, and only those services that are affected by the CCPA are listed here. For a full list of third-party services that we use online, please refer to our Privacy Policy.
How do I submit a CCPA request to Solar by EnFin?
In compliance with the CCPA, Solar by EnFin provides more than one method to submit a CCPA request. Methods include calling our phone number, sending an email to our CCPA address, or submitting a request via a secure online form. The online form simplifies the request process by allowing the individual making the request to provide information upfront that can help expedite its review and fulfillment. However, we welcome communication via any method and will service all requests equally. If you are ready to submit a request, please ensure that you are familiar with the information located here. If you have questions about making a request or would like more information, please email us for assistance.
The Solar by EnFin dedicated CCPA email address: info@spus1.com