Configure Vendors (CCPA for Web)

The Privacy Manager allows you to fully customize the vendor selection from the portal. Vendors are third party partners you allow to set cookies on your site. Setting up vendor selection is of key importance to your business to ensure any opt-out or partial opt-out signals are communicated downstream appropriately. This guide will walk you through the settings. In case you have any doubts or questions with regards to vendor selection, please don't hesitate to drop us a line.

Getting There

Get to the configuration screen, select Overview from the left hand navigation menu and select the App you want to edit. Then go to the "Vendors" tab.

Third-party Vendors

The vendor list section reflects your current vendor selection and a link to their privacy policy. The vendors that have been selected will be displayed in the Privacy Manager with their respective Purposes, Vendors and Data Categories. Given that CCPA does not require you to disclose vendors, you may elect not to disclose vendors to your users from the Admin page within Console. If you do not disclose vendors, you are able to still leverage the backend functionality of the Privacy Manager.

Choosing Vendors
  • Choose vendors - Opens the vendor selection drawer.

  • If you do not see a Vendor in the Vendor list, please make a request here to add it to the Vendor List. We will typically be able to add the Vendor within 24 business hours if you provide the Vendor name and privacy policy.

Purposes for this Vendor

Use the “Purposes for this vendor” dropdown to add or remove purposes tied to each vendor. Configure which purposes apply to each vendor by clicking “Add/Remove” in the top right corner of the drop down.

Once a purpose has been selected, you may make further changes to the configuration:

  • Tick the check box in the “Lock” column to disable changes in preference state for the respective purpose. This means the user will not be able to opt-out of collection for that purpose. Please consult with your counsel to determine which purposes your business considers lock-able under the CCPA.

  • Use the “Opt in/out by default” toggle to determine whether that purpose is enabled or not when a consumer first interacts with their preference settings.

There are nine standard purposes available within Privacy Manager. The purposes and their definitions are listed below.

  1. Auditing Interactions with Consumers – Auditing includes counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and other compliance auditing with regard to concurrent transactions.

  2. Security – Security involves detecting security incidents, protecting against malicious or fraudulent activity, and prosecuting offenders

  3. Debugging/Repair – Debugging relates to the identification and repair of impairments to intended, existing functionality.

  4. Certain Short-term Uses – Short-term, transient uses include data collection for which personal information is not disclosed to another third party, not used to build a profile about a consumer, or not used to alter an individual’s experience outside the current transaction (including contextual ads as part of the same interaction).

  5. Performing Services – The services performed may be either by the business or a service provider. These services include “maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services.”

  6. Internal Research for Tech Development – Allows for research into technological development and demonstration.

  7. Quality and Safety Maintenance and Verification – The quality and safety business purpose includes activities related to the improvement, upgrade or enhancement of the service or device owned, manufactured for, or controlled by the business. It also includes the verification or maintenance of the quality or safety of a service or device.

  8. Selling – Selling means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information for monetary or other valuable consideration.

  9. Operating our Website(s) - Enables to maintain the performance and the working of the Website(s). [coming soon]

Data Categories for this Vendor

Use the “Data categories for this vendor” dropdown to add or remove data categories tied to each vendor. Configure which data categories apply to each vendor or vendor category by clicking “Add/Remove” in the top right corner of the drop down.

There are nine standard categories available within Privacy Manager. The categories and their definitions are listed below:

  1. Identifiers – Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security Number, driver’s license number, passport number, or other similar identifiers.

  2. Biometric data – Such as fingerprints and facial recognition data.

  3. Internet or network activity data – Such as IP addresses, browsing history, search history, and interactions with online sites, apps, or advertisements.

  4. Commercial information – Including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  5. Geolocation data – Information that can be used to identify an electronic device's (historic or real-time) physical location.

  6. Professional or employment-related information – Information about an individual’s professional job titles, salary, school attended, employment history, evaluations, references, interviews, certifications, disciplinary actions, etc.

  7. Education information – Information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

  8. Inferences – Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

  9. Categories from CA Civil Code 1798.80 – Name, address, telephone number, employment, credit card number, debit card number, or any other financial information.

Granular Controls and Disclosure

Granular Controls dictating how the purposes, vendors, and categories listed in your Privacy Manager for CCPA UI can be set prior to publishing your Privacy Manager for CCPA version:

  • Do not disclose vendors: This option enables you to hide the Vendors Tab in the Privacy Manager.

  • Do not disclose data categories: This option enables you to hide the Data Categories Tab in the Privacy Manager.

  • Do not disclose purposes: This option enables you to hide the Purposes Tab and to hide the purposes in the Vendor details page in the Privacy Manager.

  • Disable granular controls: This option disables the end-user’s ability to deactivate/activate Purposes, Vendors, and Data Categories individually.