PRIVACY STATEMENT (GDPR & CCPA UPDATED 05.22.23)

Your privacy is important to us. As we are using the WordPress software platform to provide our services, we have adopted the same privacy principles used by WordPress.org (these are the principles implemented in the software, and they are good ones).

Our privacy principles are:

  • We don’t ask you for personal information unless we truly need it.
  • We don’t share your personal information with anyone except to comply with the law, protect our rights, or unless it is required for the on-going operation of one of our services.
  • We don’t store personal information on our servers unless required for the on-going operation of one of our services.
  • In our website and blogging products, we aim to make it as simple as possible for you to control what’s visible to the public, seen by search engines, kept private, and permanently deleted.

Website Visitors

Like most website operators, Green Thumb collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Green Thumb’s purpose in collecting non-personally identifying information is to better understand how Green Thumb’s visitors use its website. From time to time, Green Thumb may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

Green Thumb also collects potentially personally-identifying information like Internet Protocol (IP) addresses. Green Thumb does not use such information to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personally-identifying information, as described below.

Gathering of Personally-Identifying Information

Certain visitors to Green Thumb’s websites choose to interact with Green Thumb in ways that require Green Thumb to gather personally-identifying information. The amount and type of information that Green Thumb gathers depends on the nature of the interaction. For example, we ask visitors who sign up for a Green Thumb account to provide a username and email address. Those who engage in transactions with Green Thumb are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, Green Thumb collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Green Thumb. Green Thumb does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

Aggregated Statistics

Green Thumb may collect statistics about the behavior of visitors to its websites. For instance, Green Thumb may monitor the most popular blogs on the Green Thumb websites. Green Thumb may display this information publicly or provide it to others. However, Green Thumb does not disclose personally-identifying information other than as described below.

Protection of Certain Personally-Identifying Information

Green Thumb discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Green Thumb’s behalf or to provide services available at Green Thumb’s websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Green Thumb’s websites, you consent to the transfer of such information to them. Green Thumb will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Green Thumb discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when Green Thumb believes in good faith that disclosure is reasonably necessary to protect the property or rights of Green Thumb, third parties or the public at large. If you are a registered user of an Green Thumb website and have supplied your email address, Green Thumb may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Green Thumb and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you provide us with a contact phone number and have supplied this information to Green Thumb, Green Thumb may occasionally send you a text to tell you about new features, solicit your feedback, or to just keep you up to date with what’s going on with Green Thumb and our products.  Up to 8 msgs/mnth.  Data rates and text rates may apply. If you'd like to stop receiving these texts, simply reply STOP at any point and you will automatically be unsubscribed from our texts.  If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Green Thumb takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.

SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email marketing and SMS marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates. With your permission, we may send you sms texts about our store, new products and other updates.

Don't worry, we do not sell any personal information to any third-parties.

SECTION 2 – CONSENT

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at hello@greenthumb.com or mailing us at: Green Thumb International 23782 Bridger Rd, Lake Forest, CA, 92630, United States

SECTION 3 – DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SECTION 4 – WOOCOMMERCE

Our store is hosted on Woocommerce on the WordPress platform. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Woocommerce’s platform, including data storage, databases, and the general Woocommerce application. They store your data on a secure server behind a firewall.

Payment:

If you choose a direct payment gateway to complete your purchase, then Woocommerce stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.

SECTION 5 – THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Links

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

SECTION 6 – SECURITY

Your privacy is paramount to us and to protect your personal information, we take comprehensive precautions and follow industry best practices to ensure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.

  1. Data Encryption: We employ data encryption methods to protect your data. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption.
  2. PCI-DSS Compliance: Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all Payment Card Industry Data Security Standard (PCI-DSS) requirements and implement additional generally accepted industry standards.
  3. Data Access Control: We have implemented stringent access controls to ensure that your data is only accessible to authorized personnel.
  4. Regular Security Audits: We conduct regular security audits to identify any potential vulnerabilities and address them proactively.

The Provider is committed to maintaining adequate data security measures, consistent with industry standards and technology best practices, to protect User Data from unauthorized disclosure or acquisition by an unauthorized person.

Please remember that the safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential.

By continuing to use our services, you are agreeing to these practices.

COOKIES

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Green Thumb uses cookies to help Green Thumb identify and track visitors, their usage of the Green Thumb website, and their website access preferences. Green Thumb visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using Green Thumb’s websites, with the drawback that certain features of Green Thumb’s websites may not function properly without the aid of cookies.

SECTION 7 – AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

SECTION 8 – CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at hello@greenthumb.com or by mail at Green Thumb International

[Re: Privacy Compliance Officer]
[23782 Bridger Rd, Lake Forest, CA, 92630, United States]

 

OUR EXTENDED PRIVACY POLICY FROM US

Who we are

We are Green Thumb International, a Southern California based family-owned garden center brand with five retail store locations throughout Southern California.  You can reach us by email via hello@greenthumb.com or by mail at

Green Thumb International

23782 Bridger Rd, Lake Forest, CA, 92630, United States

Our website address is: https://www.greenthumb.com.

What we collect and store

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site.  We also use this data to remind you of a few follow-up emails about your abandoned cart if you leave the site before completing your purchase (only if you had abandoned your cart during your transaction).

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 10 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

We only share data in a few cases as we value our web visitors’ and customers’ privacies.  This includes web visitor data collected for website analytics (Google Analytics), email address data when your consent is provided to do so with our email platform (MailChimp), our payment gateway (PayPal), in the case of our e-commerce store we share that data with USPS so that we can create shipping labels for our purchase orders.

We share information with third parties who help us provide our orders and store services to you; for example —

Payments

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

All uploaded files are usually publicly accessible.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We have contact forms available on our website so that customers can reach a member of our team for questions or concerns.  We ask for personal data such as the visitor’s name, phone number, email address, and primary shopping location so that we can better help the visitor reach the person best to answer their question or concern.

We keep contact form submissions for customer service purposes, but we do not use the information submitted to us for marketing purposes without directly providing us consent to do so.

Cookies

If you leave a comment on our site you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use Google Analytics and a plugin called MonsterInsights that pulls Google Analytics data in order to display that data to us in an easily understandable format within our website’s admin panel.  This includes things such as site browsing history, clicks, and time spent on our site.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.  We keep any form data you provide for 30 years.  We keep your Woocommerce order information for 30 years and we keep your account information for 30 years.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

What data breach procedures we have in place

We will inform you of a data breach to the best of our ability within 72 hours of us finding out about such breach.  We take this very seriously and we limit the amount of data we keep on our web visitors on our servers to things like name, address, email address, phone number, order product information, comments, order history, shopping cart information, etc.  but do not store anything regarded to payment information or credit card information on our own servers.

What automated decision making and/or profiling we do with user data

We do not have any automated decision making scripts set up coming to or from our website using your personal data.

Industry regulatory disclosure requirements

We collect information about you during the checkout process on our store.

 

CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Members with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right.

When offering services to its customers, Green Thumb Nursery acts as a “for-profit business operating in California” under the CCPA. Our receipt and collection of any consumer Personal Information is solely to operate the functions of the business and provide customers our services. We only use the information as stated above. Please direct any requests for access or deletion of your Personal Information under the CCPA to hello@greenthumb.com.

Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us.

In compliance with the California Consumer Privacy Act (CCPA), we provide the following notice:

We value your privacy and uphold your rights under the California Consumer Privacy Act. As a part of our commitment to your privacy, we want to inform you that we do not sell any personal information that we collect from you.

For the purposes of this section, "sell" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, your personal information to another business or a third party for monetary or other valuable consideration.

While we do not engage in such practices, we still respect and understand that you may want to ensure your personal information is not sold. Therefore, if you are a California resident, you may formally request to opt-out of the sale of your personal information by contacting us via our contact form.

You can also contact us directly at hello@greenthumb.com to exercise any of your rights provided under CCPA, including the right to know and access your personal information, the right to delete your personal information, and the right to non-discrimination for exercising your rights.

H. DO NOT TRACK

Certain state laws require us to indicate whether we honor “Do Not Track” settings in your browser. Green Thumb adheres to the standards set out in this Privacy Policy and does not monitor or follow any Do Not Track browser requests.

I. CHANGES TO THIS POLICY

We may change this privacy policy at any time and from time to time. The most recent version of the privacy policy is reflected by the version date located at the top of this privacy policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this privacy policy or other notice on the Green Thumb Nursery Sites. We encourage you to review this privacy policy often to stay informed of changes that may affect you. Our electronically or otherwise properly stored copies of this privacy policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this privacy policy that was in effect on each respective date you visited the Green Thumb Nursery Site.

J. QUESTIONS & CONCERNS

California Civil Code Section 1789.3 Compliance Notice

If you are a California resident, you have the right to receive specific information about our business practices related to your personal information.

For any complaints, you may contact us directly at:

  • Our contact form 
  • Green Thumb Nursery
  • 23782 Bridger Rd, Lake Forest, CA 92630
  • 9498373040
  • hello@greenthumb.com

We are committed to resolving any complaints about our collection or use of your personal data.

However, under California Civil Code Section 1789.3, you may also contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 N. Market Blvd., Suite S-202, Sacramento, California 95834, or by telephone at (800) 952-5210 in order to resolve a complaint regarding the Service or to receive further information regarding use of the Service.

As always, consult with your legal advisor to ensure full compliance with all relevant laws and regulations.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at: hello@greenthumb.com

Privacy Shield

We are in the process of applying to be a part of the Privacy Shield, as soon as we are approved we will update this to reflect that.

Privacy Shield website: https://www.privacyshield.gov/

Green Thumb Nursery is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone, and applying the relevant accessibility standards.

For Nevada Residents: 

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at hello@greenthumb.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.

For Virginia Residents:

Virginia Consumer Data Protection Act (CDPA) - We do not control or process the data of at least 100,000 Virginia residents or (ii) control or process the data of at least 25,000 consumers and derive over 50% of their gross revenue from the "sale" of personal data of Virginia residents so this recent act put into effect on January 1, 2023 does not apply to our business.

For New York Residents - NEW YORK SHIELD ACT

We respect and value the privacy of our users, including those who reside in New York. As part of our commitment to data privacy and security, we have implemented a robust data security program in compliance with the New York SHIELD Act.

Our technical safeguards include:

  1. Network and Software Security: We utilize state-of-the-art network security solutions, including firewall protections and intrusion detection systems, to protect against unauthorized access to our systems. Our software is regularly updated to integrate the latest security patches and updates.
  2. Key Control and Monitoring: We carefully manage and monitor access to sensitive data and systems. Only authorized personnel with valid credentials can access our systems, and their activities are logged for auditing purposes.
  3. Multi-Factor Authorization: We employ multi-factor authorization processes for accessing sensitive data. This adds an extra layer of security by requiring users to provide at least two forms of valid credentials before they can access their account information.
  4. Encryption: We employ strong encryption technologies to protect your data during transit and at rest. This makes it difficult for unauthorized persons to intercept or access your data.
  5. Regular Security Audits: Our technical infrastructure undergoes regular security audits to detect any vulnerabilities and to ensure compliance with our stringent data protection standards.

We continually evaluate and update our data security program to ensure it aligns with changing technology and threat landscapes.

If you are a New York resident and have any questions or concerns about our data security practices, please contact us at hello@greenthumb.com

For EEA, Swiss and UK Residents:

For the purposes of EU data protection legislation, Green Thumb International is the controller of your Personal Information. Our Data Protection Officer can be contacted at hello@greenthumb.com