Your Right to Opt-Out of Sale of Your Personal Information
If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA) gives you the right to opt-out of the sale of personal information about you or your household — such as, though not limited to, your name, postal or email address, IP address, and/or other personally identifiable information — by a business. Once you’ve opted-out of the sale of your personal information by a business, the business is prohibited from selling personal information about you without your express authorization (and must wait at least 12 months before asking you for such authorization).
The right to opt-out is subject to a number of exemptions and exceptions. For example, it generally doesn’t apply to disclosures of personal information to service providers (as defined by the CCPA) that process the information on behalf of the business for certain business purposes, or to information that has been appropriately deidentified or aggregated.
Although I believe I do not meet any of the applicability thresholds specified by this California law, I am committed to providing visitors with as many privacy choices as I reasonably can.
How to Opt-Out or Exercise Your Other California Privacy Rights
If you are a California resident and would like to opt-out of the sale of your personal information, and/or to exercise any of the other privacy rights provided by California law — e.g., to request to know about personal information collected, disclosed, or sold, and/or request deletion of your personal information — you or your authorized agent can submit a request via the California Privacy Request Form or any of the other methods specified below. Once I have reviewed your submission, I will contact you to discuss the next steps involved in processing your request, which may require me to verify your identity — see the “Identity Verification Requirements” section toward the bottom of this page.
The law and/or its associated regulations specify the maximum time allowed for acknowledging and responding to each type of request. There is no charge for for making a request.
Except as otherwise required by law, requests pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative.
If you cannot or prefer not to use the above California Privacy Request Form, you or your authorized agent can also submit a request via email to admin (at) aaronseverson (dot) com or via postal mail to the following address:
Attn: Website Privacy Requests
11100 National Bl. #3
Los Angeles, CA 90064
Requests submitted via email or postal mail should specify:
- Who you are, and:
- The nature of your request (e.g., to request to know what personal information I’ve collected about you, request to delete your personal information, and/or request to opt-out of the sale of your personal information), and:
- Whether your request:
- Pertains to your own personal information, or,
- Pertains to the personal information of your household (in which case all members of the household may need to make the request jointly), or,
- Is on behalf of someone else (in which case you’ll also need to provide proof that that person has authorized you to act on their behalf, or that you have the right to do so for some other reason, e.g., if you are a parent or legal guardian acting on behalf of your minor child), and:
- Whether you are a California resident, and:
- The best way(s) to contact you so that I can respond to your request and take any steps that may be required to verify your identity (see the “Identity Verification Requirements” section below).
Again, except as otherwise required by law, requests pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative.
Identity Verification Requirements
Please note that I may be required to verify your identity before processing certain requests pertaining to your personal information. I may be unable to fulfill your request if I cannot verify your identity to the degree of certainty required by applicable law and/or regulations.
The identity verification process typically involves checking information you provide to me against information I already possess. This begins with my checking the information I receive when you submit your request (including both the information you provide and any information I collect automatically in connection with the request). I may also need to ask you some additional questions and/or request additional information in order to verify your identity and/or process your request. In some cases, I may ask you to sign and return a declaration form.
- If your request is on behalf of another person, I may require (to the extent permitted — and/or required — by applicable law and/or regulations) that you provide proof that that person gave you signed permission to submit the request, and/or require that person to either verify their own identity directly with me or directly confirm with me that they authorized you to submit the request on their behalf.
- If the request pertains to the personal information of a household rather than a single individual, I may be required to verify the identities of all household members to whose personal information the request pertains.
For a request to know or a request to delete, the current CCPA regulations require me to verify the requestor’s identity to either “a reasonable degree of certainty” (which may include matching at least two data points I have determined to be reliable for verification purposes) or “a reasonably high degree of certainty” (which may include matching at least three pieces of personal information I have determined to be reliable for verification purposes “together with a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request”), depending on the type of request; the type, sensitivity, and value of the personal information involved; and the risk of harm to the consumer posed by unauthorized access or deletion.
If I ask for additional personal information I did not already posses in order to verify the requestor’s identity, the regulations prohibit me from using that additional personal information for any purpose other than verifying the requestor’s identity, security, or fraud prevention. After processing the request, I am only permitted to retain such additional personal information to the extent necessary to comply with the CCPA regulations’ record-keeping requirements.
Even if I verify the requestor’s identity to “a reasonably high degree of certainty,” the regulations prohibit me from disclosing certain pieces of sensitive personal information in response to a request to know. For example, if I possessed your Social Security number, I could not provide you with the actual number I possessed, only the fact that I possessed that information.
Requests by California consumers to opt-out of the sale of their personal information do not require these verification steps, although the current CCPA regulations permit me to deny a request to opt-out if I have “a good-faith, reasonable, and documented belief” that it is fraudulent. (If I deny a request to opt-out on this basis, the regulations require me to inform the requestor and explain why I believe the request is fraudulent.) The regulations also permit me to deny a request to opt-out submitted by an authorized agent on behalf of a consumer if the authorized agent cannot demonstrate that they have signed permission from the consumer authorizing them to act on the consumer’s behalf.