CALIFORNIA CONSUMER PRIVACY ACT CCPA PRIVACY NOTICE
THE DUNN-EDWARDS® CORPORATION CCPA PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
Effective Date: January 1, 2020
INFORMATION WE COLLECT
Dunn-Edwards collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information,” or “PI”).
Personal Information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Dunn-Edwards has collected the following categories of Personal Information from consumers within the last 12 months:
|CATEGORY OF PI||EXAMPLES OF PI COLLECTED||SOURCES OF PI||PURPOSE FOR PI COLLECTION||CATEGORIES OF RECIPIENTS|
|Identifiers||Name, postal address, Internet Protocol (IP) address, email address, account name, security questions and answers, Social Security number, driver’s license number, resale certificate number, or other similar identifiers||Consumers and third parties||Auditing related to interactions and transactions, detecting security incidents and protecting against fraud, debugging or repair of systems, short-term or transient use (for example, contextual advertising); providing services, internet tech research, quality and safety control, and other Business Purposes described in the Section entitled “Use of Personal Information” below||Service providers and government entities|
|PI categories listed in the California Customer Records statute||Name, signature, Social Security number, address, telephone number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, medical information, or health insurance information||Consumers and third parties||We use this information for the same purposes as are listed above for Identifiers. If you apply for a purchasing account with us, we may collect your Social Security Number, contractor’s license number, bank account number, and other financial information. If you apply for employment with us, we may collect information regarding your educational background, employment history, and the like.||Service providers, government entities, collection agencies, and financial institutions|
|Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status||Consumers and third parties||Legal compliance, employment requirements, qualification for affirmative action programs or minority set-aside programs, and other Business Purposes described in the Section entitled “Use of Personal Information” below. If you apply for employment with us or seek to benefit from an affirmative action or minority set-aside program, we may collect information about protected classification characteristics to the extent required or permitted by law.||Service providers and government entities.|
|Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; trade references and credit reports||Consumers and third parties||Short-term transient use (for example, contextual advertising), providing services, and other Business Purposes described in the Section entitled “Use of Personal Information” below||Service providers, government entities, collection agencies, and financial institutions|
|Internet or other similar network activity||Browsing history, search history, or information on a consumer’s interaction with a website, application, or advertisement||Consumers and third parties||We use this information for the same purposes listed above for Identifiers.||Marketing service providers (such as ad networks, ISPs, and analytics providers)|
|Geolocation data||Physical location or movements.||Our mobile applications collect geolocation information when you authorize them to do so.||Short-term transient use (for example, contextual advertising), providing services, and internal tech research, and other Business Purposes described in the Section entitled “Use of Personal Information” below||Service providers|
|Sensory data||Audio recordings of customer service calls and CCTV footage||Customer service calls are sometimes recorded, with customers notified at the beginning of the call. CCTV footage is collected for security purposes at certain facilities.||Detecting security incidents, protecting against fraud, quality and safety control, and other Business Purposes described in the Section entitled “Use of Personal Information” below||Government entities and security and other service providers|
|Professional or employment-related information||Current or past job history or performance evaluations.||Consumers and third parties||We use this information for human resources/employment purposes, for providing services and internal tech research, and other Business Purposes described in the Section entitled “Use of Personal Information” below. Also, if you apply for a purchasing account with us, we may collect your employment information in determining your credit limit or which type of account to give you.||Service providers|
|Inferences drawn from other Personal Information||Purchasing tendencies||Consumers and third parties||Short-term transient use (for example, contextual advertising), providing services, and internal tech research, and other Business Purposes described in the Section entitled “Use of Personal Information” below||Service providers|
Dunn-Edwards obtains the categories of Personal Information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our Website.
- From third parties. For example, when running a background check if you apply for employment with us, or running a credit check if you apply for an account with us.
USE OF PERSONAL INFORMATION
We may use or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you provide your Personal Information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To make a determination regarding your application for credit or employment, or other proposed business relationship with you.
- To process your requests, purchases, transactions, and payments, and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Dunn-Edwards’ assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Dunn-Edwards is among the assets transferred.
Dunn-Edwards will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
SHARING PERSONAL INFORMATION
Dunn-Edwards may disclose your Personal Information to a third party for a business purpose, but will not sell your Personal Information. When we disclose Personal Information for a business purpose with a third-party service provider, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except in performing the contract.
We may also disclose your Personal Information if we are required by law to do so, or in conjunction with a corporate transaction such as a merger, acquisition, or asset sale involving Dunn-Edwards.
Sales of Personal Information
In the preceding 12 months, Dunn-Edwards has not sold any Personal Information.
YOUR RIGHTS AND CHOICES
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights—Your Right to Know
You have the right to request that Dunn-Edwards disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that Dunn-Edwards delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at (888) DE PAINT® (1-888-337-2468).
- Visiting https://www.dunnedwards.com/about/ccpa-request.
- Submitting a form request at one of our California stores. Blank forms are available for your use upon request at the counters of each of our California stores.
You may also make a verifiable consumer request on behalf of your minor child.
You may grant an authorized agent written permission to submit requests regarding your Personal Information. We may request proof of your written permission (including a copy of same) before responding to any requests made by a supposedly authorized agent. We may deny authorized agent requests if we are unable to verify your identity, or if you cannot provide proof that you authorized the agent to act on your behalf.
You may only make a verifiable consumer request for access or data portability twice within any 12-month period.
The verifiable consumer request must describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We are required to verify the identity of any person or entity that requests the disclosure or deletion of Personal Information. If you have a password-protected account with us, we will use our existing authentication procedures to verify your identity.
Making a verifiable consumer request does not require you to create an account with us. However, for most requests from consumers that do not have a password-protected account with us, we will ask you to provide information that matches at least two pieces of Personal Information we store about you before responding to your request. If you would like to request specific pieces of your Personal Information that we have collected, or if you would like us to delete highly sensitive information, you will need to provide information that matches at least three pieces of information we store about you, and you must provide a signed declaration under penalty of perjury that you are the consumer whose Personal Information you are requesting be provided or deleted.
When attempting to verify your identity, we will avoid asking you for more sensitive personal information such as your full name or credit/debit card number. Instead, we may ask you to provide other types of information to match what we have in our records. For example, we may ask for part of your name, your job title, your date of birth, or portions of your home address or office address, among other types of information.
We will use a two-step process for online requests to delete Personal Information where the consumer must first, clearly submit the request to delete and then second, separately confirm that they want their Personal Information deleted.
We will use Personal Information provided in a verifiable consumer request only to verify the requestor’s identity or authority to make the request.
Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “do not track” signals.
Response Timing and Format
Upon receiving a request for access or data portability or a request to delete, we will confirm our receipt of the request within 10 days, and provide information about how we will process the request. The information provided shall describe our verification process and when the consumer should expect a response, except in instances where we have already granted or denied the request.
We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.
If you have an online account with us, we will deliver our written response to that account. If you do not have an online account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, ordinarily pdf.
We will not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
CHANGES TO OUR CCPA NOTICE
Dunn-Edwards reserves the right to amend this CCPA Notice at our discretion and at any time. When we make changes to this CCPA Notice, we will post the updated Notice on our Website and update the Notice’s effective date.
Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
6119 E. Washington Blvd.
Commerce, CA 90040