California Consumer Privacy Act Compliance Notice


Sanctions Software, (Applied Programs Inc.) (“Sanctions Software”, “we” or “us”) are a leading OFAC & Related Database search provider, analytics and data-enabled software platforms and services provider.

We understand the importance our clients and consumers place on privacy. After reviewing our data and data practices and consulting with privacy law counsel, we have concluded that our obligations under the California Consumer Privacy Act (“CCPA”) as of January 1, 2020 (“Effective Date”) are as follows (“Our Limited CCPA Obligations”):

  1. To maintain reasonable security of the personal information of Californians that we collect and process;
  2. To provide California job applicants, current and former employees, and certain others like independent contractors (“HR Data Subjects”) with certain pre-collection notices of our data practices; and
  3. To comply with the CCPA’s obligations applicable to service providers as defined by the CCPA.

We do not have full CCPA obligations to California consumers as of the Effective Date because:

  • We provide business-to-business (B2B) products and services and do not offer products or services directly to consumers; and
  • When we do collect and process personal information from or about consumers, we have determined it is in one of the following contexts. The CCPA exempts each context from any obligations beyond Our Limited CCPA Obligations:
    • Data That Is Processed in Our Capacity as a Service Provider. When we process consumer personal information as a service provider for another business, that business, not us, is the owner and controller of the personal information and responsible for CA Consumer Request Rights related to that data. If you want to inquire about personal information we process for our clients as their service provider, you should contact those entities directly. Due to confidentiality considerations, we do not disclose or confirm the identity of our clients or what data we process for them.
    • Data That Is Regulated and Protected by Other Laws. The CCPA recognizes that other privacy laws already exist to protect certain types of personal information under certain circumstances. We are subject to and comply with several of these laws, including the federal Fair Credit Reporting Act (FCRA), the federal Gramm-Leach-Bliley Act (GLBA), the Driver’s Privacy Protection Act of 1994 (DPPA), and the California Financial Information Privacy Act. The CCPA exempts personal information that is already regulated and protected by those laws, and we apply our obligations under those laws to that data.
    • Data That Is Publicly Available. The CCPA exempts personal information that is lawfully made available from federal, state, or local government records.
    • Data That Is Deidentified or Aggregated. The CCPA does not consider deidentified or aggregated data to be personal information.

    For more information on how we collect and process personal information via our online services, see the privacy notices and policies posted on those services.

    HR Data Subjects can contact us at help@ofac.us for more information on the personal information we collect and our purposes for that collection.