CCPA Policy

Effective December 31, 2019

This notice supplements the SightCall Privacy Policy as well as any other agreement you have with us, such as the SightCall Terms of Service, Master Sales Agreement, or other agreement for the use of our services. This notice addresses SightCall’s responsibilities as a business and as a service provider to you, whether you are a business or a consumer. Any terms we use in this notice that aren’t defined here will have the meanings we give them in those agreements.

Our Privacy Policy defines Customer Account Data, Customer Usage Data, and Customer Content. We’ll refer to those here, too…but mostly, we’re talking about our customers’ personal information. Personal information is defined in the California Consumer Privacy Act, or “CCPA,” and we use that definition.

We will also talk about some other terms from the same law, such as “consumer,” “business,” “service provider,” “business purpose,” or “commercial purpose,” and those also have the definitions set out in that law.

When we talk about a “sale,” or “selling,” personal information, we are using the definitions of “sale,” and “sell” as defined in the CCPA. It’s important that we be clear on what this means: it means we don’t sell, rent, or otherwise disclose your personal information in exchange for money or something else of value.


SightCall’s relationship with you under California law

The SightCall Privacy Policy describes “controllers” and “processors,” and discusses the purposes for which we process personal information in Customer Account Data, Customer Usage Data, and Customer Content. For the purposes of the CCPA, in the same way that we act as a processor of Customer Content, we act as a service provider for Customer Content. For Customer Account Data and Customer Usage Data, we act as a business, which means that we may use this data for our own business purposes. Regardless of whether we are acting as a business or a service provider, we process, retain, use, and disclose personal information only as necessary to provide the services we have agreed to provide. In other words, we use the personal information we have strictly for business purposes. You can read more about our business purposes for each type of personal information in our Privacy Policy. Regardless, we will not:

To be clear, we are not receiving any of your personal information or your end users’ personal information as consideration for any services or other items of value that we provide to you. We also understand our obligations under the CCPA and will comply with them.

By the same token, you are responsible for ensuring that you have complied, and you will continue to comply, with the requirements of the CCPA in your use of the services we provide to you and your own processing of personal information.


SightCall’s obligations under California law

We will ensure that any person we authorize to process your Customer Content has agreed to protect personal information consistent with our confidentiality obligations under our agreement with you.

We use third party service providers to fulfill our obligations under our agreement with you and for our own business purposes. When we do use service providers, we have entered into a written contract that includes terms substantially similar to this notice. We conduct appropriate due diligence on our service providers and we will remain liable for any breach of this notice that is caused by an act, error, or omission of our service providers.


Your access and deletion rights

As part of the services we provide to you, we provide you with a number of self-service features at no additional cost, including the ability to delete, retrieve, which you may use in complying with your obligations under the CCPA with respect to responding to requests from consumers. If you need more assistance than that, let our Support team know; we will provide reasonable additional and timely assistance to assist you in complying with your obligations with respect to consumer access and deletion requests under the CCPA. If additional assistance requires going above and beyond what Support can provide, further assistance may be at your expense.

In the event that we receive any request, complaint, or other communication from a verifiable consumer, regulatory authority, or third party in connection with our processing of your Customer Content, we will promptly inform you and provide details, to the extent legally permitted. Unless legally obligated to do so, we will not respond to any such request, inquiry or complaint without your prior consent except to confirm that the request relates to you.


Data retention and deletion of content

We hate to see any relationship end. However, if our agreement with you terminates, we will give you thirty days after the termination effective date to obtain a copy of your Customer Content via the SightCall Services. We’ll retain stored Customer Content on our back-up systems for one year after the termination effective date, after which it will be automatically deleted.

Upon termination of our agreement with you, we may retain Customer Content in storage for the periods described in this section, provided that we will ensure that your Customer Content is processed only as necessary for the purpose specified in this notice and no other purpose. Also, at all times, we will ensure that we protect Customer Content as we have promised to, and as the law requires us to.

Of course, if we are required by law to retain any portion of your Customer Content, we may do so, regardless of the requirements of this section. If we must do so, we will ensure we maintain the same security protections on your Customer Content.


Security

Let’s talk about our security protections! Of course, we will implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information we process.

In the event that we become aware of a security breach that involves your Customer Content, we will, to the extent we’re permitted by law, notify you without undue delay via your account owner’s email address. We will make reasonable efforts to identify and, to the extent any security incident is caused by our violation of the requirements of this notice, remediate the cause of the security incident. We will provide reasonable assistance to you in the event that you are required by law to notify a regulatory authority or any individuals of a security incident.


Material changes in our practices or in the law

We may modify this notice where required, such as due to a material change in our business practices with respect to your personal information or due to a material change in the CCPA. If this happens, we’ll notify you before such modifications take effect as our agreement with you provides.