The California Consumer Protection Act

In 2018, California passed the California Consumer Protection Act, a measure that puts control of your data in your hands. This act applies to any company doing business with persons residing in California.

Our complete CCPA compliance policy is provided below, as are links to help you submit legal data requests. Sea Bright Solar has tools that allow you to easily submit CCPA requests. We ask that you review the CCPA policy below to understand how the law affects you and what rights you have when submitting requests.

Your Rights Under the California Consumer Protection Act

• What is the California Consumer Protection Act (CCPA)?
• What information does Sea Bright Solar collect, and how is it used?
• What rights do I have under the CCPA?
• What information is excluded from CCPA requests?
• What information does Sea Bright Solar collect and why?
• What services does Sea Bright Solar Energy use that may relate to the CCPA?
• How do I submit a CCPA request to Sea Bright Solar?

What is the California Consumer Protection Act (CCPA)?

In 2018, California passed the California Consumer Protection Act (CCPA), a privacy-centric bill aimed at protecting the privacy of California consumers, effective January 1, 2020. This bill sets requirements for how businesses handle consumers’ Personally Identifiable Information (PII) and gives consumers rights to control how that data is used. Sea Bright Solar has always taken the privacy and security of customer data seriously and has implemented steps that empower you in compliance with the CCPA.

Under the CCPA, consumers have the right to request access to information of theirs we hold, request that the data be deleted, a disclosure of our data collection practices and how the data is used, and request to opt-out of the sale of their data to third parties. Sea Bright Solar does not and will never sell or rent the types of information outlined in this document.

The CCPA requires that businesses disclose the following: how information is used and, if/how it may be shared with third-party services, how the business’ website responds to “Do Not Track” signals from a web browser.

Consumers also have the right to not be discriminated against for exercising their rights under the CCPA.

Notice to consumers doing business with Sea Bright Solar outside of California.

While the California Consumer Protection Act legally only applies to consumers in California, we have standardized this process and will honor requests made by consumers who have interacted with Sea Bright Solar in any state. We are committed to providing the same privacy protections to our customers and potential customers, whether in California or in other states within the U.S.

Details for how to submit CCPA requests and detailed information on how we use consumer data outlined below also apply to any consumer located in the U.S.

What information does Sea Bright Solar collect, and how is it used?

Sea Bright Solar collects both personally identifiable information (PII) and non-personally identifiable information when consumers contact us with interest in Sea Bright Solar offerings and during the ensuing communications to service these requests. This data is stored for the purposes of communication, advertising, and providing agreed-upon or contracted delivery of products and services. We may, at times, share this information with trusted third parties for advertising and marketing purposes, services that we require to conduct regular business, or services that allow us to enhance the services provided to consumers both online and offline.

The specific information we gather from each person will vary depending on the interactions and communications they choose. Some items below may not be individually considered personally identifiable information but may be when combined with other items.

• Full name
• Phone number
• Email address
• Physical address
• IP address
• Google Client ID (if available)

When you request information about Sea Bright Solar’s goods and services or engage in the sales process, we might receive additional information that you voluntarily provide.

For more details on how your information is used on our website and online, please review our Privacy Policy.

How does the CCPA allow me to make requests regarding my personally identifiable information?

Under the CCPA, California consumers may have the right to make personal information requests, known as the “Right of Access” and “Right of Deletion.” The CCPA requires that businesses respond to all requests within 45 days, and these requests are as follows:

• Right of Access: The consumer may have the right to request and receive a list of personal information and additional details a business collects (or has collected), as well as the intended business use for collecting the data. A Right of Access request entitles a person to request the data collected for the previous 12 months no more than twice within that time period. Data provided by a Right of Access request is restricted from providing highly sensitive data such as social security numbers and banking information.
• Right of Deletion: The consumer may also be able to request that any specific personal information be deleted. Sea Bright Solar must fulfill these deletion requests (except for specific types of data outlined below under ‘What information is excluded from CCPA requests?’). Once we fulfill a deletion request, we will no longer have access to any previously available data, making it impossible to fulfill Right-of-Access requests from that point forward.
• Right to Request Disclosure of Data Practices: The consumer may have the right to request disclosure of our business’ data collection and sales practices in connection with the requesting consumer, including categories of personal information we have collected, the source of information, our use of the information, and the categories of personal information disclosed or sold to third parties, as well as the categories of third parties to whom such information was disclosed or sold. Sea Bright Solar does not sell or rent any personally identifiable information to any third party, partner, or entity.
• Right to Opt-Out of the Sale of Data The CCPA allows consumers to opt out of the sale of their data to third parties. Sea Bright Solar does not and will never sell or rent personal information to third parties. Because of this company policy, we do not provide a method to opt out of the sale of consumer data.
• Rights Against Discrimination: The consumer has the right to not be discriminated against for exercising their rights under the CCPA.

How do you verify the identity of consumers making CCPA requests?

Protecting the data of consumers from fraudulent requests is the highest priority in Sea Bright Solar’s CCPA compliance procedures. All CCPA requests must be validated through strict measures to ensure that the individual submitting the request is the owner of the information in question. Confirmation methods may include, but are not limited to, the following:

• Verification of information that we have on record.
• Confirmation of identity using multiple communication methods.
• Providing physical identification.

Sea Bright Solar will confirm and validate any and all requests made for both Right of Access and Right of Deletion requests while protecting the personally identifiable information related to the request itself. If we are unable to validate and confirm the identification of the individual submitting a CCPA request, Sea Bright Solar is legally obligated and reserves the right to deny that request. Requests must be made exclusively by the individual whose data is the subject of the request; the CCPA does not allow for other members of the household to request data on behalf of others within that household unless they are a legal parent or guardian of the minor for whom the request is being made. For the purposes of the CCPA, a minor is defined as a person 13 years of age or younger.

What circumstances may affect Sea Bright Solar’s requirement to comply with a CCPA request?

There are circumstances that exist that may limit or prevent Sea Bright Solar’s ability and legal requirement to fulfill a Right of Deletion request. According to the CCPA, a deletion request cannot be fulfilled for a Sea Bright Solar customer where personally identifiable information is required for conducting ongoing business or fulfilling standing contractual obligations.

Sea Bright Solar may also reject requests for Rights of Deletion and Right of Access if reasonable steps have been taken to confirm the identity of the individual making that request, but we are unable to determine that the request is being made by the owner of the personal data. This provision protects both consumers and companies from fraudulent and malicious requests by third parties.

The CCPA has been interpreted to state that a Right of Deletion request implies that the individual is also opting out of any further use or collection of that data in the future. However, there may be situations where, in complying with a Right of Deletion request, Sea Bright Solar would not be in possession of any data that would allow us to ensure that the information we receive or collect was subject to any requests made regarding that data previously. In the event that you believe we have come into possession of your data either directly or indirectly, please contact us to submit another Right of Access or Right of Deletion request.

Please contact us by email at info@seabrightsolar.com or by phone at (732) 450-8852 if you have any questions about requests involving Sea Bright Solar that might be subject to these provisions.

Is it possible to confirm that a CCPA request to Sea Bright Solar has been fulfilled?

Yes. Sea Bright Solar keeps an anonymized ledger of requests made so that any individual who has made a request, person/organization legally representing an individual who has made a request, or government entity can confirm and verify that a request was received and fulfilled. All confirmation inquiries are also subject to identity verification to ensure that the person or organization submitting a confirmation request is qualified to receive this information. The records of fulfillment are created using a method of one-way encoding for data that could be classified as PII, which allows us to log CCPA requests while remaining in compliance and not retaining any personally identifiable information.

To create and maintain verifiable records, every request is recorded with the following information:

• An anonymized (salted/hashed) value for the methods used to communicate with the person making the request
• Date of the request
• Date of Sea Bright Solar’s response
• Date of the request’s fulfillment
• Type of request made by the individual (Access, Delete, Lookup)
• Manner/method in which the request was made
• Type of response (accepted or rejected)
• Description and details of denial if the request is denied in whole or in part.
• Email address of the Sea Bright Solar employee who worked to fulfill the request.

This information will be provided to a properly verified individual or organization in response to a request as described above. These confirmation requests will also be recorded.

How does it secure and anonymize PII in their CCPA request ledger?

Maintains ledgers that make use of salted/hashed values for the contact information used to fulfill the request made. This allows us to store a record of the transaction without requiring that we retain any personally identifiable information. When a value (such as an email address or phone number) is hashed, it cannot be “unhashed.” The result is an encrypted version of the original value. No two hashes are alike, and when the same original value is hashed again, it will always result in the same encrypted string.

By using this method, we are able to convert contact information to an encrypted string, delete the records we have, and, at a later date, provide a lookup of that record by re-hashing the information an individual provides and then searching for that anonymized value in our request logs. For reference, this secure method of data storage is how the passwords you use on websites and apps are stored and protected.

For more details on what hashing is and how it works, read more here: https://en.wikipedia.org/wiki/Hash_function

How do I opt out of select services that Sea Bright Solar uses?

Sea Bright Solar uses third-party services to help provide a better advertising experience for those interested in Sea Bright Solar and/or the products and services that Sea Bright Solar provides. These are listed below and provide for the ability to opt out. The list provided below is not a complete list of all third-party services, and only those services that are affected by the CCPA are listed here. For a full list of third-party services that we use online, please refer to our Privacy Policy.

How do I submit a CCPA request to Sea Bright Solar?

In compliance with the CCPA, Sea Bright Solar provides more than one method to submit a CCPA request. Methods include calling our dedicated toll-free number, sending an email to our CCPA address, or submitting a request via a secure online form. The online form simplifies the request process by allowing the individual making the request to provide information upfront that can help expedite its review and fulfillment. However, we welcome communication via any method and will service all requests equally. If you are ready to submit a request, please ensure that you are familiar with the information located here. If you have questions about making a request or would like more information, please call or email us for assistance.

The Sea Bright Solar dedicated CCPA phone number is:

(732) 450-8852

The Sea Bright Solar dedicated CCPA email address is:

info@seabrightsolar.com

Last updated: 8/16/2023