Operations Manual

This is a placeholder for the items we need in the Operations Manual.

FDD ATTACHNENT J

OPERATIONS MANUAL

 

PRIVACY AND PUBLIC DISCLOSURE OF DATA

 

CLICK IT FRANCHISEES SHALL NOT COLLECT NOR DISCLOSE DATA WHICH WOULD VIOLATE ANY FEDERAL, STATE, AND/OR EUROPEAN UNION PRIVACY OR DISLCOUSRE OF DATA LAW.

 

SOME OF THE CONSUMER RIGHTS THAT EXIST, AND, WHICH ARE SUMMARIZED IN THE TABLE BELOW, ARE:

 

The right of access to personal information collected - The right for a consumer to access from a business/data controller the information collected or categories of. information collected about the consumer; right may only exist if a business sells information to a third party.

The right of access to personal information shared with a third party - The right for a consumer to access personal information shared with third parties.

The right to rectification - The right for a consumer to request that incorrect or outdated personal information be corrected but not deleted.

The right to deletion - The right for a consumer to deletion of information

The right to data portability - The right for  a in consumer to request personal information about the consumer be disclosed in a common file format

The right to opt out of the sale of personal information - The right for a consumer to opt out of the sale of personal information about the consumer to third parties.

The right against solely automated decision making - A prohibition against a business making decisions about a consumer based solely on an automated process without human input.

A consumer private right of action - The right for a consumer to seek civil damages from a business for violations of a statute. Mandated risk assessment - An obligation placed on a business to conduct formal risk assessments of privacy and/or security projects or procedures.

A prohibition on discrimination against a consumer for exercising a right - A prohibition against a business treating a consumer who exercises a consumer right differently than a consumer who does not exercise a right.

A purpose limitation - An EU General Data Protection Regulation-style restrictive structure that prohibits the collection of personal information except for a specific purpose.

A processing limitation - A GDPR-style restrictive structure that prohibits the processing of personal information except for a specific purpose.

 

© 2020 International Association of Privacy Professionals. All rights reserved.