CALIFORNIA CONSUMER PRIVACY ACT
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that FPI Management disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose, the personal information categories that each category of recipient obtained.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We Don’t Sell Consumer, Tenant, Employee, or Property Owner Data
FPI Management does not sell your personal information to anyone, and retains your data in our systems for the strict purpose of providing our property management services, and as required by County, State, and Federal regulations.
Information Security and Data Privacy Practice
FPI Management follows the NIST CyberSecurity Framework (National Institute of Standards and Technology) in setting our security policies and security operations along with using encryption protocols for data in transit and at rest in our systems. Although no information transmitted across the internet can be guaranteed to be secure, we follow data security best practices to encrypt sensitive data prior to sending it and while storing it in our systems. We take the privacy and security of personal information seriously and require ongoing training and testing for all FPI Management employees on data privacy.
Age Restrictions in our business activities
Our website, nor our property management services, are directed at children under age 13, and we certainly would not sell or disclose the personal information of anyone we know is under age 13 in compliance with Children’s Online Privacy Protection Act, without affirmative authorization as required by the law, and other state and federal regulations.
Right to not be Discriminated Against for Exercising your Rights under CCPA
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Here’s how the CCPA defines “personal information”:
“Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
(“Household” is defined by the CCPA regulations as “a person or group of people occupying a single dwelling.”)
Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:
(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
(B) Any categories of personal information described in subdivision (e) of Section 1798.80.
[Section 1798.80 states: “Personal information’ means any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. ‘Personal information’ does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.”]
(C) Characteristics of protected classifications under California or federal law.
(D) Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
(E) Biometric information.
(F) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
(G) Geolocation data.
(H) Audio, electronic, visual, thermal, olfactory, or similar information. (I) Professional or employment-related information.
(J) Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. §1232g and 34 C.F.R. Part 99).
(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Exclusions and Exceptions of Personal Information
The CCPA also excludes some things from the definition of “personal information”:
- Publicly available information
- Aggregate consumer information
- De-identified information
The CCPA defines those exclusions as follows:
Publicly Available Information
For these purposes, “publicly available” means information that is lawfully made available from federal, state, or local government records, if any conditions associated with such information. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge. Information is not “publicly available” if that data is used for a purpose that is not compatible with the purpose for which the data is maintained and made available in the government records or for which it is publicly maintained. “Publicly available” does not include consumer information that is de-identified or aggregate consumer information.
Aggregate Consumer Information
“Aggregate consumer information” means information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device. “Aggregate consumer information” does not mean one or more individual consumer records that have been deidentified.
“Deidentified information” means information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer, provided that a business that uses deidentified information: (1) Has implemented technical safeguards that prohibit reidentification of the consumer to whom the information may pertain. (2) Has implemented business processes that specifically prohibit reidentification of the information. (3) Has implemented business processes to prevent inadvertent release of deidentified information. (4) Makes no attempt to reidentify the information.
Exercising Your Rights Under CCPA
You have a right to submit what the CCPA calls a “verifiable consumer request,” to confirm the above, a request to opt-out of information collection, inquire as to the categories of data stored and shared about you, understand the business purpose for the collection of certain categories of data, obtain a copy of the data FPI has stored about you, and/or a request to delete any personal information we may have about you.
We authenticate all requests – that is, we make sure it’s you and not someone else – by requiring you to provide additional specific information to prove your identify. If you decide to use what the CCPA calls an “authorized agent” to submit your request, your agent must use your name, email, and phone number, since that’s the only means we have to authenticate your request. FPI Management’s Department of Information Security will reach out to you directly to verify your identity in order to complete your request.
Please visit this page from a desktop browser to complete the data access request form and FPI Management will respond within 45 days.
** Since we’re required to track and report statistics regarding the number of requests we receive annually, we will do so and report the results in January 2021.
Contacting FPI Management
FPI Management | 800 Iron Point Road | Folsom | CA 95630 | USA | FPIMGT.com | 916-357-5300
Last Edited on 2020-03-01