Other Privacy Legislation Compliance
      Back to home
      1. Trust Centre
      2. Privacy
      3. Other Privacy Legislation Compliance

      Simana and the CCPA

      At Simana we endeavour to ensure that our products and practices comply with all global data protection and privacy laws that apply to us and our customers.

      What is the California Consumer Privacy Act of 2018 CCPA

      The CCPA grants privacy rights to “consumers” residing in the State of California, and imposes obligations on businesses processing their personal information. The California Privacy Rights Act (CPRA) amended the CCPA in 2023 to introduce additional safeguards and restrictions for businesses to further strengthen the privacy rights of California consumers. Further regulations which are issued from time to time by the California Attorney General and the California Privacy Protection Agency continue to introduce additional requirements to the CCPA.

      Roles & responsibilities

      The CCPA distinguishes between certain roles and responsibilities for companies involved in the processing of personal information:

      • Business (similar to ‘data controller’ under the GDPR),
      • Service Provider/Contractor (similar to ‘data processor’ under the GDPR),
      • Third Party (similar to a Business, but one that does not have a direct interaction with the consumer).

      How does Simana comply with the CCPA?

      We have done the following to comply with the CCPA:

      • Identified Simana's role as a “Service Provider” under the CCPA, where it processes personal information solely on behalf of our customers (the “Business” in such cases);
      • Identified Simana's role as a “Business” where it processes personal information of  consumers for its own purposes (e.g. website visitors’ information and trial users);
      • Simana does not sell or share personal information of California consumers (or of any other data subjects). 
      • Simana offers the right to access personal data, and has widened the scope of applicability to include California consumers, thereby complying with the so-called “look back” requirement to ensure that consumers are able to access their personal information covering the preceding 12-month period;
      • Simana facilitates the exercising other proposed consumer rights that are similar rights granted under the GDPR (such as the right to disclosure, deletion and opt-out);
      • Updated our PRIVACY POLICY to ensure that it sufficiently addresses CCPA consumer rights and industry standard practices;
      • Introduced additional amendments to Simana's data processing addendum (DPA) and internal procedures to reflect the specific requirements of the CCPA (such as with respect to entity roles, the maximum response time and data subject verification process, and the commitments required of a Service Provider towards the Business under the CCPA);
      • Having procedures for handling suspected breaches concerning personal information, limiting use, disclosure and retention of personal information, and regularly conducting privacy training for all relevant members of our staff