Privacy Policy
PRIVACY POLICY
- Employee Data: The current privacy policy appears to include disclosures for Design by Nikki employees as well as website users. This is not a preferred approach given the distinct differences between collection and practices. Importantly, while many of the collection practices are listed in the current privacy policy (e.g., Sensitive Information collected for purposes of payroll); the privacy policy itself is phrased in the intro as only applying to the website and not with respect to employee data.
Suggestion: Create a separate employee policy that is distributed to employees as part of the onboarding and not include it in the website privacy policy.
Note: Current draft does not include any employee data.
Benefits to Suggestion:
- If not including any sensitive data in the website privacy policy, it removes certain required disclosures and limitation rights that need to be provided to the consumer under the CCPA and similar laws.
- Separate policies are much less confusing and allows for easy separation between website collection and employee data.
Current Draft: Only applies to the website, not employees.
- Sensitive Data: The current privacy policy lists sensitive data collected, but it appears that this relates exclusively to employee data and that no sensitive data of any customer is collected.
Issue: Sensitive Data collection under the CCPA requires additional rights disclosures, and links at the footer of the homepage.
Suggestion: If not applicable, do not list sensitive data in the privacy policy and state that no sensitive data is collected. Create a separate privacy policy for employees where sensitive data may be collected.
Current Draft: Sensitive data is not currently included
- Texas Privacy Law Likely Not Triggered: The new policy currently says Texas applies, but when looking at the North American Industry Classification Manual-United States to assess applicability triggers, we don’t think it actually applies. In particular, for Texas’ privacy law to apply to Clothing/Apparel/Accessory Retailers (online or brick and mortar), the company must have yearly revenues of $47M or more. For Texas’ privacy law to apply to a clothing manufacturing company, the company must have over 150 employees.
Unless revenues are over or close to $47M, we recommend limiting disclosure of other states to Utah only (the only other law to currently apply based on current user data provided).
- Required Links at the footer of the Homepage: With respect to what links to provide on your homepage, consider the following:
- General Privacy Policy Link: “Privacy Policy” or “Privacy Notice” à Link to top of the Privacy Policy
- California Privacy Link:
- Do Not Sell My Data / Your Privacy Choices: Because there is a “sale” of data, you need to provide a link on your homepage that says either:
- "Do Not Sell or Share My Personal Information" that directs consumers to the opt-out mechanism
- [Alternative Opt-out Link] "Your Privacy Choices" or "Your California Privacy Choices" to direct the consumer to a webpage that informs them of "both their right to opt-out of sale/sharing and right to limit and provides them with the opportunity to exercise both rights."
Note: If you use the Alternative Opt-out Link, you have to put the following opt-out icon "adjacent to the title" of the link:
- Sensitive Data Collection: If applicable, you must provide a link that says "Limit the Use of My Sensitive Personal Information".
- Other State Privacy Law Links: Other state laws also require a link, but not all have specified what it should say. Colorado, for example, says the link must provide a clear understanding of its purpose, for example "Colorado Opt-Out Rights," "Personal Use Opt-Out," or "Your Privacy Choices." Minnesota says it should be labeled "Your Opt-Out Rights" or "Your Privacy Rights". Given none of those laws that have express requirements apply at this moment, it is not mandatory that a separate link for other states is added, but it may be beneficial as a preventative measure. We suggest using a link that says, “Your Privacy Choices”. The link should direct you to the “U.S. Controller State Privacy Notice” section.
QUESTIONS AND YOUR FEEDBACK
If you have any questions about the ways in which we collect and use your personal information, your choices and rights regarding such use, please do not hesitate to contact us.
To help us improve our privacy policy and practice, please give us your feedback. You may email us at info@beachriot.com or call us at (714) 975-5515.
Privacy Policy Last Updated: October 11, 2024