Effective Date: January 1, 2023
If you are not a California resident, the rights described in this Notice do not apply to you. Even if you are a California resident, the rights described in this Notice may not apply to you as a result of certain exemptions in the CCPA, including those for publicly available data and data subject to certain other privacy laws, such as the Gramm-Leach-Bliley Act and Fair Credit Reporting Act (as described in more detail below).
The rights described in this Notice will apply to you only if you are currently a California resident and you are:
Please note that although you will get a timely response using the toll-free telephone number, you will likely get a faster response using our online form.
1. CCPA EXEMPTIONS
We are a leading global property information, analytics and data-enabled software platforms and services provider. We provide B2B products and services and do not offer products or services directly to consumers. Except for HR Data Subjects and B2B Data Subjects, when we do collect and process Personal Information from or about consumers, we have determined it is in one of the following contexts that are exemptions under the CCPA:
Data That Is Processed in Our Capacity as a Service Provider. When we process consumer Personal Information as a service provider for another business, that business, not us, is the owner and controller of the Personal Information and responsible for any CCPA requests related to that data. If you want to inquire about Personal Information we process for our clients as their service provider, you should contact those entities directly. Due to confidentiality considerations, we do not disclose or confirm the identity of our clients or what data we process for them.
Data That Is Regulated and Protected by Other Laws. The CCPA recognizes that other privacy laws already exist to protect certain types of Personal Information under certain circumstances. We are subject to and comply with several of these laws, including the federal Fair Credit Reporting Act (FCRA), the federal Gramm-Leach-Bliley Act (GLBA), the Driver’s Privacy Protection Act of 1994 (DPPA), and the California Financial Information Privacy Act. The CCPA exempts Personal Information that is already regulated and protected by those laws, and we apply our obligations under those laws to that data.
Data That Is Publicly Available. The CCPA exempts Personal Information that is “publicly available,” which means information that is lawfully made available from federal, state, or local government records, or information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer or from widely distributed media, or by the consumer; or information made available by a person to whom the consumer has disclosed the information if the consumer has not restricted the information to a specific audience.
Data That Is Deidentified or Aggregated. The CCPA does not consider deidentified or aggregated data to be Personal Information. “Aggregated” data is information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device. “Deidentified” data is information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer. We commit to maintain and use the information in deidentified form and not to attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether our deidentification processes are effective.
2. NOTICE OF DATA PRACTICES
The description of our data practices in this Notice covers only the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates; however, if materially different from this Notice, we will provide pre-collection notice of the current practices, which may include references to other privacy policies, notices or statements posted or referenced on the Service that reflect current practices.
(a) Personal Information Collection and Retention
In the last 12 months, we collected and retained Personal Information about Consumers as follows:
(b) Sources of Personal Information
We collect Personal Information from HR Data Subjects in connection with their application for employment/engagement and actual employment/engagement with CoreLogic.
We collect Personal Information from B2B Data Subjects in connection with their business and/or website interaction with CoreLogic.
(c) Use of Personal Information
Personal Information from HR Data Subjects is used solely in connection with HR purposes.
Personal Information obtained from B2B Data Subjects is used for the purposes of the business transaction(s) with CoreLogic and may be further used for marketing purposes.
(d) Personal Information Disclosure Practices
During the past 12 months, we did not “sell” or “share”, as those terms are defined by the CCPA, any of the categories of Personal Information described above. To our knowledge, we have not collected, sold or shared Personal Information from children under the age of 16.
3. YOUR CONSUMER PRIVACY RIGHTS AND HOW TO EXERCISE THEM
As discussed above, the data included in our products and services are not subject to the CCPA as a result of certain exemptions found in the CCPA. Therefore, consumers (other than HR Data Subjects and B2B Data Subjects) will not be able to exercise rights granted under the CCPA.
As described more below, subject to our being able to verify your identity (discussed below), you may exercise the privacy rights described in this section.
(a) Right to Know/Access
You are entitled to access the Personal Information that we maintain about you up to twice in a 12-month period.
You have a right to submit a request for any of the following for the 12-month period preceding the request date:
(2) Specific Personal Information
You may request to confirm if we are processing your Personal Information and, if we are, to obtain a transportable copy, subject to applicable request limits, of your Personal Information that we have collected and are maintaining. Before providing you with the specific Personal Information that we maintain about you, we will apply the heightened verification standards described in the How to Exercise Your Consumer Privacy Rights section below.
(b) Right to Delete
Subject to certain exceptions, you may request that we delete your Personal Information.
(c) Correct Your Personal Information
You may request that we correct any inaccuracies you find in the Personal Information that we maintain about you.
(d) Right to Limit Use and Disclosure of Sensitive Personal Information
With regard to Personal Information that qualifies as “Sensitive Personal Information” under the CCPA, as of January 1, 2023, if you elect to provide us with Sensitive Personal Information you may limit the purposes for which we may process it to the following:
(e) How to Exercise Your Consumer Privacy Rights
To submit a request to exercise your privacy rights as an HR Data Subject or B2B Data Subject, or to submit a request as an authorized agent, please follow the instructions at our HR Data Subject Request or B2B Data Subject Request, or call us at 1-800-634-4149 and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (for example, via fax, chats, social media, etc.).
(1) We Must Verify Your Identity
When you submit a request, we may ask you to provide verifying information, such as your name, email, phone number and/or mailing address. We will review the information provided and may request additional information via email or other means to ensure we are interacting with the correct individual. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected Personal Information. We do not verify requests to limit the processing of sensitive Personal Information unless we suspect fraud.
We will use Personal Information provided in your request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
We verify each request as follows:
If you fail to provide the data points specified above, we will be unable to verify you sufficiently to honor your request.
(2) Agent Requests
You may use an authorized agent to exercise your rights on your behalf. Authorized agents may demonstrate that the agent has authority to exercise rights on the behalf of the requesting HR Data Subject or B2B Data Subject by any of the methods specified in Section 3(e) of this Notice. Thereafter, we will require evidence of the agent’s identity (via submission of a driver’s license or other government-issued identification), and at least one of the following evidencing proof of your legal authority to act on the behalf of the individual who is the subject of this request:
Whenever you interact with us on behalf of another individual or entity, such as by providing or accessing Personal Information about another individual, you represent that your interactions and exchanges comply with applicable data privacy laws. You shall have sole responsibility for any violation of applicable laws as a result of a failure to obtain any necessary consent from such individual.
(f) Our Responses
Some Personal Information that we maintain is insufficiently specific for us to be able to associate it with a Consumer (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include such Personal Information in response to requests. If we cannot comply with a request, we will explain the reasons in our response.
We will not charge a fee to respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision.
Consistent with our interest in the security of your Personal Information, we will not deliver to you your Social Security number, driver’s license number, or other government-issued ID number, financial account number, any health or medical identification number, an account password, security questions or answers, or unique biometric information generated from measurements or technical analysis of human characteristics in response to a privacy rights request.
We will not discriminate against you in a manner prohibited by the CCPA for your exercise of your privacy rights.
5. OUR RIGHTS AND THE RIGHTS OF OTHERS
Notwithstanding anything to the contrary, we may collect, use and disclose your Personal Information as required or permitted by applicable law and this may override your rights under U.S. Privacy Laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.
6. CONTACT US
If you have any questions, comments, concerns, or complaints about our privacy practices, please contact us by email at [email protected].