If you are a California resident, you can ask companies to disclose what personal information they have about you and what they do with that information, to delete your personal information and not sell it. A recent ESET survey found that more than 44% of the 625 business owners and business executives surveyed had never heard of the CCPA, and only 11.8% knew if the law applied to their businesses. Companies might think that this is because their “consumers” are other companies and not individuals. Follow up with the company to see if the company is subject to the CCPA and to follow up on your request.
However, a business may charge consumers a different price or fee or provide a different level or quality of goods or services to the consumer when that difference is reasonably related to the value provided to the business by consumer data. A California resident is a natural person (as opposed to a corporation or other business entity) who resides in California, even if the person is temporarily out of state. The CCPA definition of business requires that the company, alone or jointly with others, “determine the purposes or means of processing that data. If you send a removal request to a company's service provider instead of the company itself, the service provider may deny the request.
If you send a request for information to a company's service provider rather than to the company itself, the service provider may deny the request. If you don't know why a company rejected your opt-out request, contact the company to ask their reasons. On the one hand, there are consumers' rights to know what personal information a company collects; on the other, companies must be transparent with consumers about the personal information they collect and how they use it. However, a “company” under the CCPA also includes any entity that controls or is controlled by a company that meets the above requirements and that shares a common brand with that company.
The company decides to process personal data as a result of a contract between the company and the data subject.