CALIFORNIA PRIVACY RIGHTS
Under Section 1798.83 of the California Civil Code, residents of California can obtain certain information from companies with whom they have an established business relationship. That information is about the Personal Data those companies have shared with third parties for direct marketing purposes during the preceding calendar year. The law requires companies to inform consumers about the categories of Personal Data shared with third parties, the names and addresses of those third parties, and examples of the services or products marketed by those third parties. To request a copy of the information disclosure provided by Morley Candy Makers under Section 1798.83 of the California Civil Code, please contact us at the address or telephone number at the bottom.
CALIFORNIA CONSUMER PRIVACY ACT
We do not sell your personal information.
Under the CCPA, a business that sells California residents’ Personal Data to others: 1) must give notice to California residents before selling their personal information to others; and 2) must provide the right to opt out of the sale of their Personal Data.
Morley Candy Makers does not sell the Personal Data of anyone. Morley Candy Makers does obtain Personal Data from its customers for a business purpose and does further collect Personal Data for the purpose of performing that business purpose for its customer. Although Morley Candy Makers does not consider its activities to constitute the sale of Personal Data, if you would like to opt out of our providing services that involve your Personal Data, please contact us at the address or telephone number at the bottom and inform us that you would like to opt out of our processing your Personal Data. Notwithstanding, Morley Candy Makers contends that the notification and opt-out requirements do not apply to Morley Candy Makers.
Your Rights Under the CCPA
Under the California Consumer Privacy Act (“CCPA”), California residents are granted the following rights:
- To know what Personal Data is being collected about them;
- To know whether their Personal Data is sold or disclosed and to whom;
- To say no to the sale of their Personal Data;
- To access their Personal Data;
- To have their Personal Data deleted; and
- To have the right to equal service and price, even if they exercise their privacy rights under this law.
When receiving a request, we will verify that the individual making the request is the resident to whom the Personal Data subject to the request pertains. California residents may exercise their rights themselves or may use an authorized agent to make requests to disclose certain information about the processing of their Personal Data or to delete Personal Data on their behalf. If you use an authorized agent to submit a request, we may require that you provide us additional information demonstrating that the agent is acting on your behalf.
With respect to a California resident’s Personal Data, each California resident may exercise the rights described below.
Categories of Personal Data We Collect
As detailed above, we collect information that identifies you, your household or your device or is reasonably capable of being connected with or linked to you, your household or your device. “Personal Data” does not include public information available from government records, de-identified or aggregated information or information that is protected by certain laws such as HIPAA for health related information and the Gramm-Leach Bliley Act for certain financial institutions.
In additional to the categories of Personal Data detailed above, we collect, process and share some or all of the following categories of Personal Data:
- Documents to verify your identity;
- Payment information;
- Inferences drawn from this Personal Datato create a profile about you;
- Transaction information;
- Products or services purchased, obtained or considered; or
- Your purchasing or consuming history or tendencies.
How We Retain and Store Your Personal Data
We retain your Personal Data for as long as necessary to fulfill the purpose for which it was collected and to comply with applicable laws. We use reasonable security precautions to protect your information consistent with its nature and sensitivity.
Requests to Know
You have the right to request that we disclose certain information to you about our collection and use of your Personal Data over the prior 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you (to the extent applicable):
- The categories of Personal Datawe collected about you;
- The categories of sources for the Personal Datawe collected about you;
- The business or commercial purpose for collecting or selling your Personal Data;
- The categories of third parties with whom we share your Personal Data;
- The specific pieces of Personal Data we have collected about you; and
- If we sold or disclosed your Personal Data for a business purpose, which we will not, two separate lists disclosing:
o In the case of a sale, the categories of Personal Data sold about the consumer and the categories of third parties to whom the Personal Data was sold, by category of Personal Data for each category of third parties; and
o In the case of disclosure for a business purpose, the categories of Personal Data that were sold or disclosed for a business purpose and if Personal Data has not been sold or disclosed for a business purpose, that we did not do so.
We are not required to (i) retain Personal Data about a consumer if collected for a single one-time transaction if, in the ordinary course of business, that information would not be retained and (2) re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a way that would be considered Personal Data.
Requests to Delete
You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies, which we will disclose to you.
We are not required to grant your deletion request if retaining the Personal Data is necessary for us or our service providers to:
- Complete the transaction for which the Personal Data was collected, fulfill the terms of a written warranty or product recall, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you;
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity; or prosecute those responsible for that activity;
- Debug to identify and repair errors that impact existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest when the deletion of the public information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
- For solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
- Comply with a legal obligation; or
- Internally make otherwise lawful uses of your Personal Data that are compatible with the context in which you provided the Personal Data.
How to Submit a Request to Know or a Request to Delete
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data. We are not required to provide you with Personal Data more than twice in a 12-month period.
We will not be able to respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
We will try to respond to your request within forty-five (45) days of receipt of your written request. If we require more time (up to 90 days), we will inform you of the extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
An amendment to the CCPA provides an exemption to the Right to Know and Right to Delete for Personal Data between a business and a person who is acting as an employee, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government where the information is used in the context of a business transaction. This exemption is currently set to expire on January 1, 2021. Until that date, we will not respond to requests to know or delete that are within the scope of this exemption.
How to Submit an Opt-Out Request
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Data sharing with third parties. However, you may change your mind and opt back in to Personal Data sharing with third parties at any time by emailing us at firstname.lastname@example.org.
We will only use Personal Data provided in an opt-out request to review and comply with the request. We will act upon your opt-out request within 15 days of receipt.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Data's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.