Updated February 22, 2022
This policy does not apply to information collected by:
The legal definition of Personal Data varies by location. If you are located in the U.S., the legal definition in California shall apply.
California statute defines “Personal Data” as any information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, Internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.
USE BY MINORS.
Our Products, including our Site, are not intended for children under the age of eighteen (18). We do not knowingly collect Personal Data from anyone under the age of majority in your location without parental or guardian consent. Our Products are directed to people who are at least the age of majority where they live and may not be used by minors even with parental or guardian consent. If you believe your child has provided us with information or has purchased our Products wrongfully, please contact us by email at firstname.lastname@example.org and we will promptly delete such account and Personal Data. California residents under the age of sixteen (16) may have additional rights regarding the collection and sale of their information. Please see California Users in this policy for more information.
SHARING PERSONAL DATA/UNRELATED THIRD PARTIES.
We do not share, sell, or rent Personal Data to or with unrelated third parties. Personal Data that you provide to us may be used to contact you to respond to your questions to us, for processing and shipping Product orders, to provide you with promotional offers, marketing programs, to maintain reseller account information, and/or for other communications from us or our Business Partners. Such Business Partners may include, by way of example only, our vendors, contractors, and credit card processors. If you are accessing or accessing or using our Products as an employee, volunteer, or contractor, please be aware that your employer may have authorized us to use and/or share your Personal Data.
SHARING PERSONAL DATA | BUSINESS PARTNERS.
Our Business Partners who have access to your Personal Data in connection with providing services to us or you are required to keep your Personal Data confidential and are not permitted to use this information for any other purpose other than to carry out the services they are performing or to market our Products or their products or services to you as long as you have the option to opt out of that communication. Only your email and first and last name will be used by Business Partners for the purpose of marketing products or services. We will not maintain any Personal Data you share with resellers from whom you purchase our Products.
We automatically collect Personal Data when you access our Site. The types of information we collect may include:
We may also collect data about you from third-party sources, e.g.,
We may also derive information or draw inferences about you based on the other types of data we collect. For example, we may infer your location based upon your IP address or that you are interested in viewing or purchasing a particular Product based upon your browsing behavior on our Site.
We use your Personal Data to take necessary steps to respond to requests and to market our Products as direct marketing is necessary for the legitimate business interests we are pursuing.
You may unsubscribe from emails at any time by clicking on the “unsubscribe” link in the emails you receive.
Your Personal Data may be available to our employees, Affiliates, and other Business Partners with a legitimate business need, such as our marketing team, order fulfillment team, operations team, survey processors, contest judges, customer relationship management software providers (CRM), and credit card processors.
We do not request or require you to provide any other special categories of Personal Data including, for example, genetic data, biometric data, or information relating to your racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical health, or sexual orientation. If we become aware of any such data having been submitted to us, we will, where reasonably practicable, endeavor to delete it.
Because of the nature of our Site and our Products, we may possess backup information of your Personal Data. This information belongs to you and is held in confidence. If you cease to use our Site or Products, we will anonymize, pseudonymize, or otherwise de-identify your information so that it cannot be associated with you. You may contact us to delete your Personal Data.
We will only disclose your Personal Data to law enforcement, government authorities, and/or legal counsel if required by applicable Law to: (a) protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); (b) enforce our Terms, including this policy; and/or (c) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.
A “Cookie” is a small amount of data generated by a website and saved by your web browser. We use the below types of Cookies in connection with our Site and Products. Outside the European Union or European Economic Area, accessing our Site, requesting information regarding our Products, and/or purchasing our Products constitutes consent to our use of the Cookies detailed below. For Site visitors located in the European Union, if we begin to market Products to you or request Personal Data from you, we will ask for your consent to these Cookies except for Strictly Necessary Cookies, if any, without which our Site will not function. For more information on how Cookies function and disabling Cookies, consult your browser’s “Help” button.
YOU ARE NEVER REQUIRED TO ACCEPT COOKIES AND YOU MAY DISABLE ALL OR SOME COOKIES IN YOUR BROWSER SETTINGS. PLEASE KEEP IN MIND, DISABLING ALL COOKIES MAY IMPAIR SERVICE FUNCTIONALITY AND YOU MAY NOT BE ABLE TO ACCESS OR USE SOME OF OUR SERVICES OR PURCHASE OUR PRODUCTS THROUGH OUR SITE.
Strictly Necessary Cookies. These Cookies enable you to browse our Site and use Site features. Without these Cookies, services such as e-billing and shopping carts cannot be provided.
|Type||Website/Key||Session ID||Domain||Valid Through|
|shopify_pay_redirect||.shopify.com||30 minutes, 3weeks or 1year depending on value|
Our Site uses session Cookies which your computer stores only for that browsing session. Once you close your browser, the Cookie is deleted. These Cookies allow Customers to navigate around our Site using your login details without having to login again on every page.
|Type||Website/Key||Session ID||Domain||Valid Through|
These Cookies are used to deliver advertising more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operators’ permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
|Type||Website/Key||Session ID||Domain||Valid Through|
This Cookie allows us to understand more about Site visitors, such as the number of visitors, details of the devices used to access our Site and purchase our Products, which Site pages are accessed, and the various time details per visit.
|Type||Website/Key||Session ID||Domain||Valid Through|
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.
WHERE WE STORE YOUR PERSONAL DATA
We all know that no method of transmission over the Internet, and method of electronic storage, can be 100% secure. This means we cannot guarantee the absolute security of your personal information. We make reasonable efforts to ensure that these servers are kept in a secure, locked environment with restricted access, and we have ensured that our Business Partners who operate the servers have established physical, electronic, and procedural safeguards to protect Personal Data.
We have implemented a variety of technical and organizational measures to protect Personal Data from loss, misuse, unlawful processing, unauthorized access, disclosure, copying, alteration, and destruction. These include limiting access to the databases to a limited number of authorized staff who are required to maintain the information as confidential. Further, access to the databases is password protected. We or our Business Partners also have in place additional security and/or outside auditors to further assist in maintaining the security of information in our possession.
If we allow you to create an account with login/password information, you are responsible for keeping your username and password confidential and may not share it with anyone.
While we make reasonable and industry-standard efforts to ensure the integrity and security of our network, Site, and systems, we cannot guarantee that such security measures will prevent third-party “hackers” from illegally obtaining information.
We cannot be, and are not, responsible for circumvention of any privacy settings or security measures contained in our Site, including the illegal acts of third parties (such as criminal hacking).
We disclaim any and all liability for disclosure of any information obtained due to errors in transmission or the unauthorized acts of third parties as more specifically detailed in our Disclaimers detailed in our Terms. ANY TRANSMISSION OF DATA OR INFORMATION THROUGH OUR SITE IS AT YOUR OWN RISK.
We may use third-party advertising companies to serve ads when you visit our Site or purchase our Products. Such third-party companies may use information (not including your name, address, or e-mail address) about your visits to this and other websites to provide advertisements on sites, goods, and services that may be of interest to you. If you would like more information about this practice, and to know your choices about not having this information used by these companies, please review your rights at the Network Advertising Initiative.
When you use features such as social networking, chat rooms, or forums, you should take precautions not to submit any Personal Data that you do not want to be seen, collected, or used by others.
We do not accept any responsibility or liability for third-party privacy policies or for any Personal Data that may be collected through these websites, products, or services. This includes any posting you may make on social media page(s), which page(s) are controlled by such third-party social media sites.
We urge you to exercise care when providing information to anyone and to check the policies and terms of all third-party websites before you submit any Personal Data.
The amount of time we hold your Personal Data will vary but will not be kept for longer than is necessary for the purposes for which it is being processed. We will retain your Personal Data in accordance with the following criteria:
COMMERCIAL REQUESTS OR REQUESTS FOR INFORMATION
We will retain your Personal Data solely for the legitimate business purpose of responding to your request or inquiry and to communicate with you regarding our Products. You may opt out of such communications at any time and you will be provided with that opportunity within each communication.
RESELLERS | CUSTOMERS
We will retain your Personal Data indefinitely while you are a purchasing Customer, including resellers. When you stop purchasing Products for yourself or for resale, we will retain your Personal Data for a reasonable period of time in order to allow you to download any database information, if any, stored therein. Thereafter, any Personal Data will be anonymized or pseudonymized or otherwise deidentified so that it cannot be connected with a particular individual, entity, or IP address.
If you provide us with a username or Personal Data for online payments or credit card information, we, or our Business Partners, such as credit card processors may maintain that information for as long as you maintain your Customer login information in order to accept or send automatic payments. If you provide such information for one-time payments, we will delete such information as soon as the one-time transaction is completed.
Typically, and by way of example only, you may have the following rights:
To exercise your rights, you may make an inquiry by sending an email request directly to the Data Compliance Officer at email@example.com. Please label the subject line of your email “Data Compliance Manager.” In some cases, you may need to discuss deletion with your Linked Account administrator if you access our Site through your Linked Account.
We will respond to your request in accordance with the Laws that apply to you. When you make your request, we will maintain your request and related Personal Data as we maintain other Personal Data in order to respond, after which time we will delete the Personal Data provided in the request.
Access requests are free; however, we reserve the right to charge a reasonable fee to comply with your request when your request is unfounded or excessive.
While our Site may be accessed by anyone who has Internet access throughout the world, we do not currently sell our Products outside the U.S. If we are contacted by a European Union or European Economic Area (EU/EEA) resident, we will make every effort to delete Personal Data provided to us.
If you communicate with us or access our Site from within the EU/EEA, any information transferred to us is your responsibility and you indemnify us, and hold us harmless, from any liability resulting from such communications or activities. This includes, without limitation and by way of example only, personal injury, property damage, attorneys’ fees, costs, and any amounts paid in settlement. Please consult our Disclaimers within our Online Terms and Conditions for more information.
Under California’s "Shine the Light" Law, and once per year, California, U.S. residents who provide personal information in obtaining Products for personal, family, or household use are entitled to request and obtain from regarding their customer information shared, if any, with other businesses for their own direct marketing uses.
If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information during the immediately prior calendar year. If you believe this Law applies to you, please send an e-mail message to Data Compliance Officer at firstname.lastname@example.org with "Request for California Privacy Information" in the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response only if the Law applies to you.
We will maintain your request and the customer information you provided in that request for ninety (90) days to ensure you do not have any follow-up questions. After that time, the information associated with your request will be destroyed. Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.
In addition, if you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to disclose the following information with respect to our collection, use, and disclosure of Personal Data:
If you reside in California, you have the right to:
You may make these requests by calling or mailing us at email@example.com with "Request for California Privacy Information" in the subject line and in the body of your message. After submitting your request, please monitor your email for a verification email. We will provide the requested information to you at your e-mail address in response only if the Law applies to you.
If this Law is applicable to you, we are required by Law to verify your identity prior to deleting your Personal Data in order to protect your privacy and security. If you make a request to delete your Personal Data, our Site or our Products, or some of them, may no longer be available to you. Payments made for Products are not refundable.
Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. If an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your Personal Data. We will not discriminate against you if you choose to exercise your rights under the CCPA.
We will maintain your request and the Personal Data you provide in that request for ninety (90) days to ensure you do not have any follow-up questions. After that time, the information associated with your request will be deleted.
Please be aware that not all businesses are required to comply with CCPA requirements, and not all information sharing is covered by such CCPA. Only information covered will be included in our response.
To learn more about your rights under the CCPA, visit https://oag.ca.gov/privacy/ccpa.
Attention: Data Compliance Officer
U.S. Tel: (510) 426-9898
(ask for the Data Compliance Officer)
If you are located in the European Union/European Economic area and are still concerned that we are not complying with our obligations under the GDPR or another applicable regulation or statute, and/or that we are not handling Personal Data responsibly and in line with good practice, you may raise a concern with the UK Information Commissioner’s Office (“ICO”). Concerns may be reported online at: https://ico.org.uk/concerns/handling/ or by calling 0303 123 1113.
Prime Roots, Inc.
Attn: Data Compliance Officer
2940 7th Street
Berkeley, California 94710
Please make sure that you identify the website through which you submitted Personal Data to enable us to identify your records and/or the Product purchased. We will respond to your communications within thirty (30) days unless your request involves information that requires significant and/or unusual research.