This is a placeholder for the items we need in the Operations Manual.
FDD ATTACHNENT J
PRIVACY AND PUBLIC DISCLOSURE OF DATA
CLICK IT FRANCHISEES SHALL NOT COLLECT NOR DISCLOSE DATA WHICH WOULD VIOLATE ANY FEDERAL, STATE, AND/OR EUROPEAN UNION PRIVACY OR DISLCOUSRE OF DATA LAW.
SOME OF THE CONSUMER RIGHTS THAT EXIST, AND, WHICH ARE SUMMARIZED IN THE TABLE BELOW, ARE:
The right of access to personal information collected - The right for a consumer to access from a business/data controller the information collected or categories of. information collected about the consumer; right may only exist if a business sells information to a third party.
The right of access to personal information shared with a third party - The right for a consumer to access personal information shared with third parties.
The right to rectiﬁcation - The right for a consumer to request that incorrect or outdated personal information be corrected but not deleted.
The right to deletion - The right for a consumer to deletion of information
The right to data portability - The right for a in consumer to request personal information about the consumer be disclosed in a common ﬁle format
The right to opt out of the sale of personal information - The right for a consumer to opt out of the sale of personal information about the consumer to third parties.
The right against solely automated decision making - A prohibition against a business making decisions about a consumer based solely on an automated process without human input.
A consumer private right of action - The right for a consumer to seek civil damages from a business for violations of a statute. Mandated risk assessment - An obligation placed on a business to conduct formal risk assessments of privacy and/or security projects or procedures.
A prohibition on discrimination against a consumer for exercising a right - A prohibition against a business treating a consumer who exercises a consumer right diﬀerently than a consumer who does not exercise a right.
A purpose limitation - An EU General Data Protection Regulation-style restrictive structure that prohibits the collection of personal information except for a speciﬁc purpose.
A processing limitation - A GDPR-style restrictive structure that prohibits the processing of personal information except for a speciﬁc purpose.
© 2020 International Association of Privacy Professionals. All rights reserved.