At New Relic we take the privacy and security of our customers’ data seriously. This FAQ guide is designed to assist you when completing our California Consumer Privacy Act (“CCPA”) Service Provider Addendum (“SPA”) which New Relic makes available to its customers. This document can be found here.
For more information on how New Relic processes personal information, please see our General Data Privacy Notice.
For more information on New Relic’s security practices, please see our Security Handbook.
1. What is the CCPA
The CCPA is a data privacy law that regulates how businesses globally are allowed to handle the personal information of California residents. CCPA applies to any for-profit businesses in the world that collects or sells the personal information California residents while conducting business in California. The CCPA grants certain rights to California residents (“consumers”). These include the right to access or delete their personal information or to opt out of a sale of that personal information by a “business”. The CCPA became effective on January 1, 2020. The CCPA Regulations were approved by the Office of Administrative Law on August 14, 2020.
2. What is a “sale” of personal information under the CCPA?
“Sale”, “sell” and “selling” have been defined under the CCPA as the exchange of an individual’s personal information for money or other valuable consideration. Under the CCPA, it is possible to effect a transfer of personal information from a business to a service provider without this transfer being considered a sale and without the need to offer the consumer an option to opt out of the sale of their personal information. For more information, please refer to Section 4.
3. What is a business and what is a service provider under the CCPA?
Under the CCPA, a “business” is any for profit entity that collects, and determines the purposes and means of processing California residents’ personal information while doing business in California and that also meets one of the following criteria: (i) sells the personal information of more than 50,000 California residents annually, (ii) has an annual gross revenue exceeding $25 million, or (iii) derives 50 percent or more of its annual revenue from selling the personal information of California residents.
A “service provider” under the CCPA is any for profit entity that processes California residents’ personal information on behalf of a business which discloses that personal information to the service provider for a “business purpose”. In order to be considered a service provider, the entity must receive the personal information pursuant to a written contract that prohibits that entity from retaining, using or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract.
The customer acts as the business with respect to personal information they submit to the New Relic service for processing and New Relic acts as the service provider.
4. What is a Service Provider Addendum and do I need to sign New Relic’s CCPA SPA?
A Service Provider Addendum (“SPA”) is a written contract (as set out above) entered into by a business and a service provider as those terms are defined under the CCPA. In order for a business to transfer personal information to a service provider and that transfer not amount to a “sale” of the personal information, the CCPA requires that businesses and service providers enter into written contracts or SPAs in order to share personal information.
If your company is subject to the CCPA and you are transmitting personal information to the New Relic services for processing, then New Relic is acting as your service provider and you should sign New Relic’s CCPA SPA and then follow the instructions set out at Section 6.
5. What about the main agreement between the parties?
The New Relic CCPA SPA is an addendum to the main agreement between New Relic and our customer and forms part of that agreement. Customers who previously entered into an agreement without signing an SPA, can sign our current SPA at any time.
6. How can I execute the New Relic CCPA SPA?
The New Relic online CCPA SPA is pre-signed by New Relic. Where a customer is signing New Relic’s online SPA, the customer may download the SPA from our website here and then sign and return the SPA to email@example.com. Please note that this process only applies to situations where the SPA is being signed in isolation. Where a customer signs the DPA as part of their agreement with New Relic, it will not need to follow this process or return it to firstname.lastname@example.org .
7. I would like to ask some questions that are not answered in this guide
For any additional information you require, you may contact your Account Executive who will be happy to assist you.
This information contained in this document does not provide legal advice. We recommend that you consult with your own legal counsel in order to obtain advice specific to your own unique situation and how you intend to use the New Relic services- remember an SPA is only necessary if you intend to send personal information for processing.