At The Grommet we had a customer contact us because he was very concerned about how we use his data. This is happening more frequently since the CCPA legislation required us to prominently post that we “sell” customer data–under their strict application of that word. This is not at all the case, but it alarms people. Couple that scary notice on our site with possibly seeing a couple retargeting ads in a person’s web travels, and Grommet might look way too Big Brother for some folks.
This particular customer was not satisfied by our Community Experience Team’s responses to his questions, and thus they referred him to one of our engineers, Tim Reynolds.
With his permission, I am sharing Tim’s full response–because it truly is a public service to anyone with data privacy concerns. I love that Tim went the extra mile in sharing his expertise and also his very human and individual reassurance.
Allow me to introduce myself. My name is Tim Reynolds and I am an engineer here at The Grommet. Specifically, I am in charge of both our tracking scripts and implementing the California Consumer Privacy Act (CCPA). Our customer experience team has sent along your concerns and I wanted to take the time to address you directly, because I share some of the very same concerns as you.
First, the topic of ‘selling your data’. This is a complex, newly defined situation that is a direct consequence of the CCPA. Essentially, if we provide customer data to any third party in exchange for either money or a service then we are said to be ‘selling your data’. The key there is ‘service’. We at The Grommet have NEVER and will NEVER exchange your data for money. If that were to happen, I would be the first to walk away from this job. But the CCPA defines selling so broadly that by that law we do sell your data.
As an example, we use a third party company that analyzes our sales data and compares it to our mailer data (little catalogs we send in the mail every quarter) to calculate the success rate of our campaign. That same company will then also use that data to determine what products we should put in our next catalog, and who the best people to mail the catalog would be. That particular company then deletes the data we have sent them. But because we gave them the data to process it constitutes a ‘sale’ of your data.
What I am telling you is far beyond what I am likely allowed to share, but I respect your position and I want to be as truthful as possible.
But I do have good news. The CCPA requires we provide all residents of California with the option to opt-out of the sale of their data. And I have personally implemented this using a third party system to manage and ensure compliance. If you go to the bottom of any page on our site you will see a link:
Clicking on this link will take you to a form. From there you can fill out information and select “Do Not Sell My Information” and you will be permanently added to a list that will have your data be filtered out of any data bundles sent to third party vendors. We technically only need to provide this to residents of California but we felt it was the right thing to provide it to all our customers. You can also choose to have us delete your data, though that would remove your customer account. If you choose to access your data we will require you to sign and mail back an affidavit (this is part of the law to ensure we do not send your data to someone other than you) before we can process the request. I can tell you, however, the only data we personally have is what you have purchased and where you mailed it to. If you do a delete request that includes a “do not sell” request, but an access request will not prevent us from ‘selling’ your data.
As to the topic of targeted advertisements. Yes, we do some amount of targeted ads. The reality is, probably 99.9% of all online retailers use targeted ads. Platforms like Facebook exist entirely through selling the ability to target ads. But unlike other retailers we just do the very cursory type. If you view a product on our page, you may see an ad for it when you are on pinterest or some other site. That does NOT mean we are tracking where you go on other sites. We don’t do that at all. The ads we use are genuinely harmless, and this is coming from an extremely privacy focused person.
And I have more good news on this. As part of the CCPA I was overjoyed to be able to implement the following feature. You can opt-out of ALL of our tracking scripts on our site with a few clicks of your mouse. Once again, navigate to the bottom of the page and you will see a footer link titled “Privacy Settings” shown here:
Clicking this link will open a dialog that allows you to opt-out of various categories of tracking scripts. You will want to click the “Targeting Cookies” side-tab, then uncheck the slider pointed at by the red arrow. Then you just confirm your choices and from the next page load on none of our tracking scripts will run.
And much like “Selling Data” is a bit of a loaded statement, so is “Tracking Scripts”. Tracking Scripts has become a catch-all term for any 3rd party scripts used on a site to gain insight or value. You can click on the “Cookies Details” link on that dialog to get an explanation of which scripts do what, but having implemented them for The Grommet I can tell you with certainty, that the vast majority do not in any way transmit any personally identifiable information. Really they just tell us what people are clicking on in the broad sense, or allow us to run tests where we have parts of the page change and we determine if it is a better change than leaving it alone (A/B Testing).
And finally, as I can tell you are a very privacy focused person I wanted to share a valuable 3rd party tool that you can use to automatically block ALL tracking scripts on ALL sites without any intervention on your part. This tool will also protect you from some types of malware and ransomware because it blocks it from ever loading into your browser. And best of all it works in just about every browser. This tool is uBlock Origin. It is a browser extension that will make everything run faster (because no ads), protect you from malicious sites, and block every known tracking script. It is open source (the source code is freely available so anyone can verify it is safe), free, and just about my favorite thing to install on anyone’s machine. I am in no way associated with this project, nor do I receive any compensation for recommending it to you. And this recommendation truly goes outside the bounds of my job, it is coming from me personally.
I do not know what browser you have, so here are some links to the various places where you can install it depending on your browser:
Google Chrome and New Microsoft Edge: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
Safari: (unfortunately, Version 13 of Safari broke the ability to have ublock origin)
Old Microsoft Edge (Not recommended, please upgrade Edge or choose another browser): https://www.microsoft.com/en-us/p/ublock-origin/9nblggh444l4
If you have Android and use Firefox or Chrome on it you can install uBlock Origin on those as well. If you primarily use iOS you can install a variety of ad-blockers that can be activated system-wide but they are only somewhat effective.
Finally, if you want the maximum performance and security, there is a new browser called Brave that is based on Chrome but comes with a powerful ad-blocker built in. Because it is built in it technically is much faster than uBlock Origin. You can get Brave here:
There are many other ad-blockers available. I do not trust any of them. Many have been found to allow companies to pay them to let their ads get through. Right now the only one I trust is u-Block Origin and the Brave Browser.
Please let me know if you have any other questions or if I have not fully answered your existing question. I am sorry if your experience with support was frustrating, this is a very complex situation and we are working to better educate our team on the ins-and-outs of modern data ownership and privacy. We will work harder and I do hope we have not lost you.
Here is the customer’s kind response:
Thank you for your lengthy, thorough, and honest reply to my issues. I was on the internet the other day and couldn’t go anywhere without seeing Grommet. I will read this more thoroughly this evening and decide how I want to proceed. I can’t imagine getting this thorough of a response from any other company, and that is to your credit.
I describe what we do as “Citizen Commerce”–in recognizing we can each individually shape the economy. It means we can support the companies whose business practices align with our own values, and avoid the ones that do not. Tim did just that, in empowering our customer by increasing his knowledge and independence regarding his own data.