How CCPA affects you
The following sections describe how the CCPA might affect you and how you run your Shopify store:
- The categories of personal information that are collected and the purposes for which they will be used.
- The categories of personal information that you share for business purposes.
- A description of California residents’ rights under the CCPA.
- Methods by which customers can submit data subject rights requests.
- A list of personal information or categories of personal information that the business sells or a notice that the business does not sell personal information.
Opt out of sale
If you sell the personal information of consumers, then as of January 1, 2020, California residents have the following rights:
- request a list of the categories of their personal information that you sold;
- request a list of the buyers of that personal information, by category of personal information, over the previous twelve months; and
- opt out of the sale of their personal information going forward.
In order to allow consumers to opt out, you should have a link on every page of your online storefront labelled
Do not sell my personal information. This link can lead to a page that describes the rights of California residents and how to contact you to request the opt-out. As described above, Shopify doesn't believe that you sell personal information to Shopify, so the sale and the opting out of sale takes place outside of Shopify. It should be easy for consumers to contact you to submit their requests.
If a customer opts out of the sale of their personal information, then you need to do the following:
- Stop selling their information.
- Keep track of the date of the request and the steps you took to verify the identity of the requester.
- Wait 12 months before requesting that they opt in again.
- Don't deny them service or provide them with an inferior product.
The CCPA gives California consumers the right to request that you delete their personal information, and to request that you give them a copy of their personal information. Shopify has built-in features to allow you to do this. For more information on this feature, see Processing CCPA data requests.
For more on how to create an opt-out link and action requests, download Shopify's CCPA whitepaper (in English).