Category
Examples
Collected
A. Identifiers.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address,
account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
YES
B. Personal
information categories listed in the California Customer Records
statute (Cal. Civ.
Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.
YES
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
YES
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
YES
E. Biometric
information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as,
fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
NO
F. Internet or other similar network activity.
Browsing  history, search history, information on a consumer’s interaction with a  website, application, or advertisement.
YES
G. Geolocation data.
Physical location or movements.
NO
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
YES
I. Professional or employment-related information.
Current or past job history or performance evaluations.
YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education  records directly related to a student maintained by an educational institution  or party acting on its behalf, such as grades, transcripts, class lists,  student schedules, student identification codes, student financial  information, or student disciplinary records.
NO
K. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
YES

1The policy should identify the date it was last revised and optionally, the date it was last reviewed. The CCPA requires HOMEMETA to review and update the privacy notice content at least every 12 months. If the annual review does not cause the business to change or alter the policy, it should add the optional "last reviewed" clause. This confirms that the required annual review took place but did not lead to changes requiring a new effective date.

2 When disclosing the personal information categories that HOMEMETA collects about consumers, the CCPA expects the privacy notice to reference and use the 11 categories listed in its personal information definition that most closely describe the personal information collected. This chart, where HOMEMETA affirmatively states whether it has or has not collected that type of personal information provides the required information in a clear, easy-to-understand format. It also helps HOMEMETA comply with the requirement to produce individualized lists by category on request. The company should carefully review and categorize the personal information it collects to complete the chart.

3 The CCPA requires the business to identify the categories of sources from which it collects personal information. While it does not elaborate on or provide examples of the source categories a business should use, HOMEMETA should describe them with sufficient detail to provide clear and meaningful disclosures about where acquired personal information originates.

4 Under the CCPA, HOMEMETA must disclose its purposes for collecting or selling personal information. This section provides optional clauses describing several common commercial or business purposes for using personal information. However, the Company should carefully review how and why it uses the personal information it collects to provide clear and accurate disclosures. The CCPA's purpose limitation clause prohibits using collected personal information for purposes not listed in the privacy notice or uses unrelated to those purposes (Cal. Civ. Code § 1798.100(b)). Therefore, the business should ensure that the provided list comprehensively describes both current and reasonably anticipated use cases.

5The CCPA requires that HOMEMETA to provide a statement on its personal information disclosures for a business purpose during the preceding 12 months that either: (a) States that no disclosures occurred OR (b) provides the categories of personal information disclosed, using the 11 categories listed in the personal information definition that most closely describe the personal information.

6The CCPA requires HOMEMETA to provide a statement on its personal information sales during the preceding 12 months that either (a) states that no sales occurred OR (b) provides the categories of personal information sold, using the11 categories listed in the personal information definition that most closely describe the personal information.The company should carefully review the types of personal information it sold to identify which categories it should list in the privacy notice.

7The CCPA notice must disclose the consumers' right to request deletion of their personal information and requires HOMEMETA to delete personal information from its records after receiving a verifiable consumer request, unless one of nine statutory exceptions allow the business to retain it. HOMEMETA must also instruct its service providers to delete any information that theCCPA requires it to delete under this consumer right.

8The CCPA only requires HOMEMETA to honor a consumer's access, data portability, and deletion rights if the person makes a verifiable consumer request that allows the business to reasonably verify the requester's identity and requires HOMEMETA to provide consumers with at least two methods for making verifiable requests to exercise these CCPA rights.
The methods must include at least:
(a) A toll-free telephone number; and
(b)A website address.

9Under the CCPA, a business selling a consumer's personal information must provide notice of the consumer's opt-out and opt-in rights by:
(a) Creating an internet webpage with the title"Do Not Sell My Personal Information" that enables a consumer (or other authorized person) to opt-out of personal information sales.
(b) Clearly and conspicuously linking to that page from either its: (1) public internet home page; or (2)a California-specific public internet home page, if it takes reasonable steps to direct allCalifornia consumers to that California home page instead of the general one.
(c) Including both a description of the right and a separate link to the "Do Not Sell My Personal Information" page in:(1) its online privacy policies, if they exist; and (2) any California-specific description of consumers' privacy rights.