Limit the Use of My Sensitive Personal Information

Consumers may have the right to direct a business to limit the use or disclosure of sensitive personal information to certain permitted purposes. If your business does not collect or use sensitive personal information beyond those permitted purposes, explain that clearly in your policy instead of presenting a misleading control.

Limitation requests should be reviewed and handled within the legally applicable timeline. Your final workflow should explain whether the right applies, what verification is needed, and how the user will be notified about the outcome.

Applicability note: Offer this request path only if your actual processing of sensitive personal information triggers a limitation right. If not, explain your limited use directly in the Privacy Policy instead of offering a control that does not apply.

Operational note: Sensitive-information limitation requests should be reviewed against your actual processing purposes, data categories, and system architecture so the resulting control is accurate and enforceable.

Alternate contact placeholders: Add your privacy email, toll-free number, mailing address, and any in-account request channel here so users can choose a submission path that matches your legal obligations and business model.

Denial and appeal note: If you deny all or part of this request, some laws may require you to explain the reason and provide a way to appeal. Your final workflow should document that path where applicable.

Identity proofing note: Use the least intrusive verification step that reasonably matches the request risk. Start with existing account or email-channel checks when possible, and only escalate to stronger proofing for higher-risk or sensitive requests.

Retention note: Any extra information collected only for verification should be stored securely, access-limited, and deleted or restricted once the verification process is complete and your policy allows.