PRIVACY STATEMENT (GDPR & CCPA UPDATED 12.27.19)
Your privacy is important to us. As we are using the WordPress software platform to provide our services, we have adopted the same privacy principles used by WordPress.org (these are the principles implemented in the software, and they are good ones).
Our privacy principles are:
- We don’t ask you for personal information unless we truly need it.
- We don’t share your personal information with anyone except to comply with the law, protect our rights, or unless it is required for the on-going operation of one of our services.
- We don’t store personal information on our servers unless required for the on-going operation of one of our services.
- In our website and blogging products, we aim to make it as simple as possible for you to control what’s visible to the public, seen by search engines, kept private, and permanently deleted.
Like most website operators, Green Thumb collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Green Thumb’s purpose in collecting non-personally identifying information is to better understand how Green Thumb’s visitors use its website. From time to time, Green Thumb may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
Green Thumb also collects potentially personally-identifying information like Internet Protocol (IP) addresses. Green Thumb does not use such information to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personally-identifying information, as described below.
Gathering of Personally-Identifying Information
Certain visitors to Green Thumb’s websites choose to interact with Green Thumb in ways that require Green Thumb to gather personally-identifying information. The amount and type of information that Green Thumb gathers depends on the nature of the interaction. For example, we ask visitors who sign up for a Green Thumb account to provide a username and email address. Those who engage in transactions with Green Thumb are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, Green Thumb collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Green Thumb. Green Thumb does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.
Green Thumb may collect statistics about the behavior of visitors to its websites. For instance, Green Thumb may monitor the most popular blogs on the Green Thumb websites. Green Thumb may display this information publicly or provide it to others. However, Green Thumb does not disclose personally-identifying information other than as described below.
Protection of Certain Personally-Identifying Information
Green Thumb discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Green Thumb’s behalf or to provide services available at Green Thumb’s websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Green Thumb’s websites, you consent to the transfer of such information to them. Green Thumb will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Green Thumb discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when Green Thumb believes in good faith that disclosure is reasonably necessary to protect the property or rights of Green Thumb, third parties or the public at large. If you are a registered user of an Green Thumb website and have supplied your email address, Green Thumb may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Green Thumb and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you provide us with a contact phone number and have supplied this information to Green Thumb, Green Thumb may occasionally send you a text to tell you about new features, solicit your feedback, or to just keep you up to date with what’s going on with Green Thumb and our products. Up to 4 msgs/mnth. Data rates and text rates may apply. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Green Thumb takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 – CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at: Green Thumb International 23782 Bridger Rd, Lake Forest, CA, 92630, United States
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 – WOOCOMMERCE
Our store is hosted on Woocommerce on the Wordpress platform. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Woocommerce’s platform, including data storage, databases, and the general Woocommerce application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Woocommerce stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 5 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at Green Thumb International
[Re: Privacy Compliance Officer]
[23782 Bridger Rd, Lake Forest, CA, 92630, United States]
Who we are
We are Green Thumb International, a Southern California based family-owned garden center brand with five retail store locations throughout Southern California. You can reach us by email via firstname.lastname@example.org or by mail at
Green Thumb International
23782 Bridger Rd, Lake Forest, CA, 92630, United States
Our website address is: https://www.greenthumb.com.
What we collect and store
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 10 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
What we share with others
We only share data in a few cases as we value our web visitors’ and customers’ privacies. This includes web visitor data collected for website analytics (Google Analytics), email address data when your consent is provided to do so with our email platform (MailChimp), our payment gateway (PayPal), in the case of our e-commerce store we share that data with USPS so that we can create shipping labels for our purchase orders.
We share information with third parties who help us provide our orders and store services to you; for example —
We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
All uploaded files are usually publicly accessible.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We have contact forms available on our website so that customers can reach a member of our team for questions or concerns. We ask for personal data such as the visitor’s name, phone number, email address, and primary shopping location so that we can better help the visitor reach the person best to answer their question or concern.
We keep contact form submissions for customer service purposes, but we do not use the information submitted to us for marketing purposes without directly providing us consent to do so.
If you leave a comment on our site you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use Google Analytics and a plugin called MonsterInsights that pulls Google Analytics data in order to display that data to us in an easily understandable format within our website’s admin panel. This includes things such as site browsing history, clicks, and time spent on our site.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. We keep any form data you provide for 10 years. We keep your Woocommerce order information for 10 years and we keep your account information for 10 years.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
What data breach procedures we have in place
We will inform you of a data breach to the best of our ability within 72 hours of us finding out about such breach. We take this very seriously and we limit the amount of data we keep on our web visitors on our servers to things like name, address, email address, phone number, order product information, comments, order history, shopping cart information, etc. but do not store anything regarded to payment information or credit card information on our own servers.
What automated decision making and/or profiling we do with user data
We do not have any automated decision making scripts set up coming to or from our website using your personal data.
Industry regulatory disclosure requirements
We collect information about you during the checkout process on our store.
The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Members with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right.
When offering services to its customers, Green Thumb Nursery acts as a “for-profit business operating in California” under the CCPA. Our receipt and collection of any consumer Personal Information is solely to operate the functions of the business and provide customers our services. We only use the information as stated above. Please direct any requests for access or deletion of your Personal Information under the CCPA to email@example.com.
Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us.
H. Do not Track
I. Changes to this Policy
J. Questions & Concerns
If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message. You may also contact us by postal mail or email at:
Green Thumb Nursery
Address: 23782 Bridger Rd, Lake Forest, CA 92630
For EEA, Swiss and UK Residents:
For the purposes of EU data protection legislation, Green Thumb International is the controller of your Personal Information. Our Data Protection Officer can be contacted at firstname.lastname@example.org