Privacy Faqs For Retention.com Customers
We know the landscape of privacy compliance and laws is evolving and changing at a rapid pace. We work hard not only to keep pace with these laws, but also to provide information and solutions for our customers to do so as well.
Thus, we provide the below answers to common questions that our customers ask – we hope you find them useful, and we are always available to confer with our customers about privacy and compliance solutions.
1. Question: Does GDPR apply to Retention.com?
No. Our database of personal information only contains profiles that have been matched to US home addresses, and we use IP ringfencing to only resolve US traffic. In legal-speak, we do not have a product that is intentionally or deliberately focused on providing marketing intelligence to the European or U.K. market.
2. Question: What about U.S. state privacy laws, like the California CCPA and CPRA, and similar laws in Colorado, Virginia, Connecticut and other states? Do those apply to me, and what do they require?
These state laws may apply to you, if you handle substantial amounts of data, have sufficient revenue, and have consumers in the relevant states.
These laws provide consumers a number of rights, and require a variety of disclosures. For instance, California law requires:
- Website disclosures to indicate that you’re “sharing” personal information – which under California law means that you’re engaging in behavioral or “cross-contextual” advertising, such as our service or other types of retargeting. You can learn more about these disclosures at https://oag.ca.gov/privacy/ccpa/iconsdownload, and other linked pages.
- Also, a way for consumers to “delete” or “access” the data you have about them.
- And sometimes, particular contractual terms that apply to your “third parties” or “service providers.” (We provide template terms that do this, which we also describe below.)
- You should also describe in your privacy policy how you use your customer’s information, and your website cookies, to advertise and market. We have provided recommended language to insert into your privacy policy below. (We of course advise that you talk to your own privacy counsel – our recommendations aren’t a substitute for customized legal advice that you might require.)
“When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt out of receiving this advertising by visiting https://app.retention.com/optout”.
3. Question: How does Retention.com help its customers comply with California’s privacy laws (CCPA/CPRA), and similar state privacy laws?
Retention.com provides a consumer “opt out” page, which its customers can easily link to, at https://app.retention.com/optout. We also provide a Data Protection Addendum, as required by some state privacy laws, which sets out the parties’ respective rights and obligations under those laws. As noted above, we also provide sample language for our customers to insert into their privacy policy, which describes our service.
4. Question: Am I required to comply with the CCPA/CPRA, and other state laws?
You might not be. These laws don’t apply to every company – each of them contain “small business” exemptions, that in many (not all) cases exempt companies below a particular revenue threshold. In California, for instance, many companies with under $25 million in revenue are not subject to most of the California “CCPA” and “CPRA” privacy requirements. (But even if these laws don’t apply, some companies implement privacy disclosures and consumer choice options, to ensure transparency to consumers, and simply for consumer courtesy reasons.)
5. Question: so, is Retention.com “permission-based” marketing?
The objective of Retention.com is to help companies market to consumers who have shown interest in their products. We consider that interest-based marketing. It’s also true that consumers in our database have agreed to provide their information for third party marketing, as a general matter – and many consider that “permission-based” as well.
But even with an “opt-in” at our disposal, we still think it’s important that consumers whose data we release have shown interest in a brand, generally by visiting their website, placing a product in their cart, or some similar activity. Consumers who have done that have shown a level of interest and trust in a brand, product or service, and are unlikely to be put off by a continuation of that marketing conversation.
6. Question: We try to be legally conservative – we don’t like getting consumer complaints and want to be “privacy-forward.” Anything else I should do to comply with privacy laws and consumer expectations?
As we’ve noted about, some customers include a website banner notice, to explain to their site visitors in a robust way how data cookies and technologies are used for marketing. Thus, we provide recommended language for these customers to use, and also to insert into their privacy policies (see #2).
7. Who can answer any additional privacy questions and we (or our lawyers) may have?
You can contact our support any time at support@retention.com. We also have outside privacy counsel available to consult with your own attorney, regarding contracting, privacy and disclosure matters.