Privacy

"These Favored Things"

Information contained in this website is for general information purposes only. The information is provided by this website owner and while we endeavor to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of this website owner. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, this website owner takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Business Privacy Policy

It is the policy of "These Favored Things" owner (hereinafter “Business”) to protect your personal privacy. Because your use of the Business website (keithpurtell.com) (referred to as “Site” herein) indicates your acceptance of the Business Privacy Policy, please review this Privacy Policy carefully.

Business may change this Privacy Policy at any time by posting revisions to the Business Site. This Privacy Policy shall be applicable to any person or entity that directly or indirectly uses the Site or the Services (“Users”).

INFORMATION COLLECTION AND USE

Business is the sole owner of the information collected on the Site. It uses collected information to provide or improve Services for Users, and as more particularly set forth below, it may use collected information to contact Users for a variety of reasons, including, without limitation, obtaining information from Users regarding their use of the Site and Services and ways Business can improve them, and to send information to them regarding Business, its Services, or its Partners, such as promotions and events. This information is used in ways Business determines appropriate in its sole discretion, and it reserves the right to do so.

Business will not sell or rent personally identifiable information to anyone, and it will not disclose any collected information to others in ways different from what is disclosed in this statement.

Business collects personally identifiable information when you use certain Business products or services, and when you visit Business pages. Business may also receive personally identifiable information from its business partners. When you register with the Business, we ask for personally identifiable information including, but not limited to, your name, email address, address, and zip code. Once you register with Business and sign in to its services, you are not anonymous to us.

FINANCIAL TRANSACTION INFORMATION

Business requests information from a User on the Site if the User performs a financial transaction with Business. In this case, a User must provide information including, but not limited to, name, address, and financial information, along with credit card information or bank account information. Business may use a third party intermediary to perform the transaction processing. This intermediary is solely a link in the distribution chain, and uses the information provided for the sole purpose of processing the transaction.

COOKIES

Business employs the use of Cookies to collect information about Users and their use of the Site. “Cookies” are small computer files that Business transfers to your computer that allow Business to know how often you visit the Site and the activities you conduct while on the Site. Third parties, such as advertisers, may also use Cookies when you select their advertisements or links from the Site. However, Business has no access to or control over these Cookies.

INFORMATION SHARING AND DISCLOSURE

Business will not sell or rent your personally identifiable information to anyone. Business may send personally identifiable information about you to other companies or people when: We have your consent to share the information; we need to share your information to provide the product or service you have requested; we need to send the information to companies who work on behalf of Business to provide a product or service to you (unless we tell you differently, these companies do not have any right to use the personally identifiable information we provide to them beyond what is necessary or appropriate in our discretion to assist us); we respond to subpoenas, court orders or legal process; or we find that your actions on our Site violate the Business Terms of Service or any of our usage guidelines for specific Services. Business may share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any individual person.

LINKS

This Site may contain links to other sites. Please be aware that Business is not responsible for the privacy practices of such other sites. We encourage our Users to be aware when they leave our Site and to read the privacy statements of each and every site that collects personally identifiable information. This Privacy Policy applies solely to information collected by this Site.

OPT-OUT

Business needs to be able to communicate at times with all Users, and therefore it reserves the right to contact Users. Users who no longer wish to receive the Business newsletter or promotional materials from our partners may opt-out of receiving these communications by following the instructions in the e-mails.

GDPR

Business is working to be compliant with the EU General Data Protection Regulation (GDPR). For more information about the GDPR, you can visit their official website.

California Consumer Privacy Act (CCPA)

The following is from the official site for the California Consumer Privacy Act (CCPA)

FACT SHEET

The California Consumer Privacy Act (CCPA) was enacted in 2018 and takes effect on January 1, 2020. This landmark piece of legislation secures new privacy rights for California consumers.

The CCPA grants new rights to California consumers

The right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information;
The right to delete personal information held by businesses and by extension, a business’s service provider;
The right to opt-out of sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13.
The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.

APPLIES

The CCPA applies to certain businesses

Businesses are subject to the CCPA if one or more of the following are true:
- Has gross annual revenues in excess of $25 million;
- Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices;
- Derives 50 percent or more of annual revenues from selling consumers’ personal information.
As proposed by the draft regulations, businesses that handle the personal information of more than 4 million consumers will have additional obligations.

Imposes

The CCPA imposes new business obligations

Businesses subject to the CCPA must provide notice to consumers at or before data collection.
Businesses must create procedures to respond to requests from consumers to opt-out, know, and delete.
- For requests to opt-out, businesses must provide a “Do Not Sell My Info” link on their website or mobile app.
Businesses must respond to requests from consumers to know, delete, and opt-out within specific timeframes.
- As proposed by the draft regulations, businesses must treat user-enabled privacy settings that signal a consumer’s choice to opt-out as a validly submitted opt-out request.
Businesses must verify the identity of consumers who make requests to know and to delete, whether or not the consumer maintains a password-protected account with the business.
- As proposed by the draft regulations, if a business is unable to verify a request, it may deny the request, but must comply to the greatest extent it can. For example, it must treat a request to delete as a request to opt-out.
As proposed by the draft regulations, businesses must disclose financial incentives offered in exchange for the retention or sale of a consumer’s personal information and explain how they calculate the value of the personal information. Businesses must also explain how the incentive is permitted under the CCPA.
As proposed by the draft regulations, businesses must maintain records of requests and how they responded for 24 months in order to demonstrate their compliance.
- In addition, businesses that collect, buy, or sell the personal information of more than 4 million consumers have additional record-keeping and training obligations.

COSTS

Cost estimates for CCPA compliance

According to estimates in the Standardized Regulatory Impact Assessment for the CCPA regulations, the CCPA will protect over $12 billion worth of personal information that is used for advertising in California each year.¹
Preliminary estimates suggest a total of $467 million to $16,454 million in costs to comply with the draft regulation, if finalized, during the period 2020-2030.²

CCPA and GDPR

The California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR) are separate legal frameworks with different scopes, definitions, and requirements. A business that complies with GDPR and is subject to CCPA may have additional obligations under CCPA.

For example, under GDPR, companies must undertake a data inventory and mapping of data flows in furtherance of creating records to demonstrate compliance. Additional data mapping may be important to reflect the different requirements under CCPA.
Under GDPR, companies must develop processes and/or systems to respond to individual requests for access to personal information and for erasure of personal information. These processes and/or systems may be applied to handling CCPA consumer requests, although businesses may need to review and reconcile the different definitions of personal information and applicable rules on verification of consumer requests.
Under GDPR, companies must disclose data privacy practices in a privacy policy. CCPA also requires companies to disclose specific business practices in a comprehensive privacy policy. Many California companies that operate commercial websites and online services must post a privacy policy under the California Online Privacy Protection Policy, or CalOPPA, and will need to update this policy for CCPA.
Under GDPR, companies must draft and execute written contracts with its service providers (“processors”). Companies may need to review these contracts to reflect requirements under CCPA.

¹ Berkeley Economic Advising and Research, LLC, Standardized Regulatory Impact Assessment: California Consumer Privacy Act of 2018 Regulations (August 2019). ² Berkeley Economic Advising and Research, LLC, Standardized Regulatory Impact Assessment: California Consumer Privacy Act of 2018 Regulations (August 2019). This number is specifically the cost associated with the regulations and not general compliance costs associated to the underlying CCPA law. More on the CCPA (external link) California website