GoodDay & California Consumer Privacy Act (CCPA)

Last updated: Jan 1, 2024
The CCPA, which came into effect on January 1, 2020 and became enforceable on July 1, 2020, consists of a series of bills that gave new privacy rights to consumers residing in the State of California, and imposes obligations on businesses processing their personal information.
We’re committed to helping GoodDay customers and users understand and exercise their rights under the California Consumer Privacy Act (CCPA). On this page, we clarify GoodDay’s role and obligations under the CCPA and provide additional information to help our customers meet their compliance needs.

How is GoodDay complying with the CCPA?

As a provider of enterprise project management & collaboration tools, GoodDay is primarily a service provider under the CCPA. To comply with the California Consumer Privacy Act (CCPA) and supports our customers’ compliance with the CCPA we offer several data management tools, including:
  • Import and export tools. Businesses and organizations may access, import, and export their Customer Data from GoodDay application.
  • Profile deletion tool. This tool helps customers respond to user requests to delete personal information, such as names and email addresses, from a Slack account.
  • Organization/Workspace settings page. The application allows you to see your workspace’s plan and settings, or contact an admin who controls the workspace.
  • GoodDay has already invested significant effort and resources into its GDPR program for the right to access personal data, and has simply widened the scope of applicability to include California consumers, thereby complying with the so-called “look back” requirement to ensure that consumers are able to access their personal information covering the preceding 12-month period;
  • Having procedures for handling suspected breaches concerning personal information, limiting use, disclosure and retention of personal information, and regularly conducting privacy training for all relevant members of our staff.

Roles, responsibilities & exemptions

The CCPA distinguishes between three roles for companies involved in the processing of personal information:
  • Business (similar to ‘data controller’ under the GDPR)
  • Service Provider (similar to ‘data processor’ under the GDPR)
  • Third Party (similar to a Business, but one that does not have direct interaction with the consumer)
The CCPA generally applies to Businesses who fulfil one or more of the following conditions: (i) have a gross revenue greater than $25 million; (ii) Annually buys, receives, sells, or shares the personal information of more than 50,000 consumers, households, or devices for commercial purposes; (iii) Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
The obligations imposed on ‘Businesses’ outline the limits of ‘sale’ of personal information and define specific actions that Businesses are required to perform, such as:
  • Create “Do-Not-Sell-My-Personal-Information” button on your homepage.
  • Inform consumers of categories & specific pieces of information collected/sold of them
  • Provide at least 2 methods of communications for requesting to exercise consumer rights
As the CCPA currently only applies to ‘consumers’ (and not ‘Data Subjects’ as defined by the GDPR), certain relationships were exempt from CCPA enforcement:
  • Employee information (this includes past, current and potential employee information)
  • B2B interactions (information obtained in the course of an activity between companies)

Additional Information

GoodDay closely follows developments surrounding the CCPA and the AG’s Proposed Regulations, as well as monitoring legislative developments both in California and in other US states.
If you have any further questions concerning GoodDay’s privacy program and our ongoing efforts surrounding the CCPA, please feel free to contact our Data Protection Officer & Privacy Team, at