This help article outlines the relevant information regarding Disco’s California Consumer Privacy Act (CCPA) compliance and what that means for Brands and Shoppers and how to make requests based on the rights people are provided under the CCPA.
Our relationship with brands and shoppers
Under the CCPA, Disco is considered a data business; we can be found via the California Attorney General’s Data Broker Registry as such. We provide brands with a Data Processing Addendum to notify them that we’re a data business, provide notice to consumers that we collect their data, and honor requests made under the CCPA.
Requests we service
As a data business in compliance with CCPA regulations, we are required to service specific requests made by residents of California:
- requests to know the information collected and shared about you
- delete personal information collected about you (with possible exceptions)
- opt-out of the sale or sharing of your personal information.
In parallel, you have the right to non-discrimination for exercising any of those rights.
Data We Use
How to make requests
Consumer requests for residents of California looking to exercise their rights under CCPA can be made by emailing firstname.lastname@example.org with your request and identifying information.
We provide functionality for brands to log their own historical opt-out requests via their account settings (Account Settings → Integrations). It works by ingesting a CSV of emails and/or phone numbers for us to opt-out for you. An example CSV has been attached to the bottom of this article that includes some sample data.
Opt-out requests brands receive can also be automatically sent to us and processed by utilizing webhooks in conjunction with your merchant platform:
Please note that Disco requires a specific request format to process opt-out requests with properties unique to each Disco account. A brand can find their script within the Integrations page in your account settings.