This is from their "chart" PDF

Consumer rights → Right to access: The right for a consumer to access from a business/data controller the information or categories of information collected about a consumer, the information or categories of information shared with third parties, or the specific third parties or categories of third parties to which the information was shared; or, some combination of similar information. → Right to correct: The right for a consumer to request that incorrect or outdated personal information be corrected but not deleted. → Right to delete: The right for a consumer to request deletion of personal information about the consumer under certain conditions. → Right to opt out of certain processing: The right for a consumer to restrict a business’s ability to process personal information about the consumer. → Right to portability: The right for a consumer to request personal information about the consumer be disclosed in a common file format. → Right to opt out of sales: The right for a consumer to opt out of the sale of personal information about the consumer to third parties. → Right to opt in for sensitive data processing: The right for a consumer to opt in before a business can process their sensitive data. → Right against automated decision-making: A prohibition against a business making decisions about a consumer based solely on an automated process without human input. → Private right of action: The right for a consumer to seek civil damages from a business for violations of a statute. Business obligations → Opt-in default (requirement age): A restriction placed on a business to treat consumers under a certain age with an opt-in default for the sale of their personal information. → Notice/transparency requirement: An obligation placed on a business to provide notice to consumers about certain data practices, privacy operations, and/or privacy programs. → Risk assessments: An obligation placed on a business to conduct formal risk assessments of privacy and/or security projects or procedures. → Prohibition on discrimination (exercising rights): A prohibition against a business treating a consumer who exercises a consumer right differently than a consumer who does not exercise a right. → Purpose/processing limitation: An EU General Data Protection Regulation–style restrictive structure that prohibits the collection/ processing of personal information except for a specific purpose.