Privacy Policy

Effective date: December 2023

Pursuant to Government Code section 11019.9, all departments and agencies of the State of California shall enact and maintain a permanent privacy policy, in adherence with the Information Practices Act of 1977 (Civil Code section 1798 et seq.)

It is the policy of the California Department of Tax and Fee Administration (CDTFA) that information which can be identified with a particular person ("personally identifiable information") is only obtained through lawful means and that the collection, use, retention, disclosure, and destruction of such information is in compliance with state privacy laws.

Personally identifiable information is collected by the CDTFA for purposes of administering the tax and fee programs set forth in the Revenue and Taxation Code. Personally identifiable information regarding CDTFA employees is also collected, for purposes of personnel administration. When the CDTFA collects personally identifiable information, at or before the time of collection, it provides the notice required by Civil Code section 1798.17 of the Information Practices Act, which includes the purposes for which the information will be used. Any personally identifiable information that is collected must be relevant to the purpose for which it is collected.

Any subsequent use of personally identifiable information shall be limited to the fulfillment of purposes consistent with those purposes previously identified.

Personally identifiable information shall not be disclosed, made available, or otherwise used for purposes other than those specified, without the consent of the subject of the information, or as authorized by law or regulation. As disclosed in the notice provided by the CDTFA in compliance with Civil Code section 1798.17, information collected by the CDTFA may be exchanged with or provided to other entities as authorized by law.

Information security awareness training is provided to all CDTFA employees. CDTFA employees and contractors are also required annually to review the pamphlet Information Security Requirements for Employees with Access to Confidential Information and to sign a Confidentiality Statement (CDTFA-4). Access to personally identifiable information is restricted to persons who have an appropriate business need for the information. Information and physical security policies and procedures are in place at the CDTFA to protect personally identifiable information from theft, unauthorized access, use, modification or disclosure. Internal review of CDTFA policies and procedures is conducted to ensure that adequate safeguards for information security are in place.

There are things you can do to protect your privacy. Be sure to update your browser and operating system regularly. For more information on how you can protect yourself online, visit the Caution: Is Your Computer Secure? page on the Office of the Attorney General website.

You have the right to know what types of personal information we gather about you and how we use it. You may review your personal information and bring any inaccuracies to our attention.

Questions regarding this policy should be directed to the California Department of Tax and Fee Administration Privacy Officer at 916-309-1862.

Privacy Notice

In compliance with Government Code section 11015.5, the California Department of Tax and Fee Administration (CDTFA) is making this Privacy Notice concerning personal information electronically collected on the CDTFA web site available to the public. The only personal information that is collected on the CDTFA web site is the IP (Internet Protocol) address of those visiting the site. The IP address is the unique Internet Protocol address of the web site visitor. The IP address will sometimes be masked by a proxy or other such equipment that connects the user to the Internet through their Internet Service Provider. Registration of a visitor's IP address in the web log of the host server is standard among all web servers. the CDTFA may use the IP address to monitor the usage of its web site.

Additionally, when a visitor accesses the CDTFA web site, a session ID is stored in a cookie on the visitor's PC. A cookie is simply a packet of information that is stored on the user's computer. The session ID stored in the cookie upon visiting the CDTFA site is randomly generated and is not being used or redistributed by the CDTFA. The session ID does not contain any information about the visitor and is merely a default functionality of the software used to create the CDTFA web site. The cookie will remain stored on the visitor's hard drive until such time as the visitor manually removes the cookie.

You have the right to have any electronically collected personal information deleted, without reuse or distribution. To request access to your records, report any inaccuracies, provide comments, request deletions, or file complaints related to privacy or personal information access requests, please contact CDTFA’s Privacy Officer at 916-309-1862, or the Disclosure Office at 916-445-2918.

The CDTFA does not distribute or sell electronically collected personal information about users to any third party without the user’s written consent, nor does the CDTFA reuse the IP address information. The CDTFA does not electronically collect any other personal information on the CDTFA web site.

Any information acquired by CDTFA is subject to the limitations set forth in the Information Practices Act of 1977 (beginning with Section 1798 of the Civil Code). Electronically collected personal information is exempt from requests made pursuant to the California Public Records Act (beginning with Section 6250 of the Government Code).

If you have any questions regarding the Privacy Policy or Notice, please contact the CDTFA Privacy Officer at:

California Department of Tax and Fee Administration
ATTN: Privacy Officer
450 N Street, MIC: 94
Sacramento, CA 95814

Phone: 916-309-1862 or Customer Service at 800-400-7115
Email: InformationSecurity@cdtfa.ca.gov

Last Reviewed Date: 12/1/2023

Last Revised Date: 12/1/2023