This article provides a brief overview of how the collection of guest data, including email address, within a client's booking engine and any subsequent marketing efforts via the Revinate CRM relates to the California Consumer Privacy Act (CCPA).
Shopping Cart Abandonment and adherence to CCPA:
CCPA provides California residents with the right to opt-out of their data being sold to third-parties.
As a service provider, Revinate is an extension of your business. A “sale” under CCPA relates to disclosures of personal information from a “business” to another business or “third party”, but not from a business to its “service providers” (each is a defined term under the Act).
When Revinate is capturing data from consumers searching a client’s website to add the data to the client’s CRM for the client to contact in the future, this is not a sale because all the processing of the data is by the service provider for the sole benefit of the client.
A Shopping Cart Abandonment Lead (SCA) lead, like any other lead, is a form of data collection and is actionable in the same ways that data collected by Push2Talk/Push2Chat (P2T/C), email, text, webform, etc. This means that how that data is used in the future falls within the guidelines that Revinate has taken on how to action leads.
A guest using a client’s website to get rates or room information may give information to obtain those items. It is the responsibility of Revinate client's to make clear up front on their site, app, etc. what information or data is collected and why. This is a form of consent to use the service and potential future email sends or contact.
CCPA and Consent:
As it relates to follow-up communications, implied consent enables a business to contact the guest in the future so long as they have a way to opt out of those messages.
CCPA does not require a business to obtain consent prior to sending marketing communications. The Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003, (CAN-SPAM) however, does require marketing opt-outs/unsubscribe options, but does not require any opt-in or other consent be obtained prior to sending the such messages.
Assumptions:
There are several assumptions in the above:
- Your business has a clear process in place to allow guests to understand how their data is being used should a guest would want to know.
- Your business has a person in place to respond to requests and do so in a manner that is in line with the regulations.
- Your business is ultimately in control of how they would like to communicate with SCA leads as long as it follows CAN-SPAM guidelines.
Summary:
The data being captured by Revinate for our clients does not constitute a sale as defined in CCPA. CCPA does not require a business to obtain consent prior to sending marketing communications however, CAN-SPAM does require you to provide a method to opt-out of future communications within your marketing emails.