THE PLANT DAD. www.theplantdad.com
Effective date: 01 August 2020
(1) Personally identifiable information (“PII”), as defined by numerous statutes in the United States, including the California Online Privacy Protection Act (such statutes, the “PII Laws”),
(2) Personal information, as defined by the California Consumer Privacy Act (the “CCPA”),
(3) Personal data, as defined by the European Union General Data Protection Regulation (the “GDPR”),
We may gather such information when you are accessing, viewing, completing, or using any of our Services.
PERSONAL INFORMATION WE COLLECT (PII)
Personal information you provide to us. Personal information you may provide to us through the Service or otherwise includes:
- Contact data, personal information such as your name, and email address.
- Registration data, such as information that you provide to register for an account.
- Profile data, such as your username and password that you may set to establish an online account with us and your interests and preferences.
- Communications, such as information you provide when you contact us with questions, feedback, survey responses, or otherwise correspond with us,
- Marketing data, such as the email address or contact details that we use to send marketing communications and your preferences for receiving communications about our activities, events, sweepstakes, and contests.
- Purchase data, including your order history and information needed to process and fulfill your order, including order details, billing address, and delivery address.
Automatic collection of Data (Non-PII)
We may automatically log information about you, your computer or mobile device, and your activity occurring on or through the Sites, such as:
- Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, Zip Code, the website you visited before browsing our site, and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
Do Not Sell My Information
At the end of every season, The Plant Dad may collect additional optional information in the form of a grow report (“Annual Report”). Users agree that by completing this optional report it becomes the exclusive Intellectual Property (IP) of Home&Larder LLC and may contain Non-PII such as the zip code location of where the kit was grown, where the seeds were planted, sun exposure, yields, and other information which cannot be used to identify the individual contributing user/member. This aggregate information and the reports themselves are not currently marketed, sold, and shared by The Plant Dad, but may be at a later date and we reserve the right to make this business decision.
The Plant Dad operates a Community Forum on the Site and other social media pages such as Facebook and Instagram, where users can share/post content, data and images. Anything posted, uploaded, or messaged on The Plant Dad social media pages or the Site’s Forum is the ownership of The Plant Dad, with exception of any content which is objectionable material, unlawful, or infringes any rights. The Plant Dad reserves the right to take action against any user or remove any objectionable content. At our discretion we may terminate your use of and access to such resources at any time. The Plant Dad is not responsible for content posted or shared by any user on its Community Forum or social media. If you upload images to the website or associated social media pages, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website, and we take no responsibility in this situation.
Please refer to Section 10 of our Terms and Conditions for more information on the Community Forum.
HOW WE USE YOUR PERSONAL INFORMATION
Service delivery. We may use your personal information to:
- provide, operate and improve the Service, such as to enable you to make purchases of our products and subscriptions;
- For shipping products and curating the seed selection that you receive.
- establish and maintain your account on the Service;
- communicate with you about the Service, including by sending you announcements, updates, security alerts, and support and administrative messages;
- provide customer support and maintenance for the Service;
- enable security features of the Site, such as by sending you security codes via email or SMS, remembering devices from which you have previously logged in, and integrating with 3rd party secure sign on solutions such as Facebook login and Google login oAuth API services.
Direct Marketing. We may use your personal information to send you The Plant Dad-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications.
For research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business.
To create anonymous data. We may create aggregated, de-identified, or other anonymous data records from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information (such as your name and full address) that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our own business purposes, including to analyze and improve the Service and to promote our business.
To comply with laws and regulations. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or legitimate requests from government authorities.
For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) audit our internal processes for compliance with legal and contractual requirements; (c) enforce the terms and conditions that govern the Service; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, including cyber attacks and identity theft.
With your consent. In some cases, we may specifically ask for your consent to collect, use, or share your personal information, such as when required by law.
HOW WE SHARE YOUR PERSONAL INFORMATION
Service providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as order fulfillment, shipping, payment processing, customer support, hosting, analytics, email delivery, marketing, database management services, returns processing, and risk and fraud mitigation).
Professional advisors. Professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate to comply with the law or for the compliance, fraud prevention, and safety purposes described above.
Embedded Content From Other Websites:
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
- You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, and formally request that we do not sell this information for the next 12 months. Once we receive and verify your request, we will disclose to you:
- The categories of personal information we collected about you;
- The categories of sources from which the personal information has been collected;
- The specific pieces of personal information we collected about you;
- The categories of personal information about you that was sold or disclosed for a business purpose; and/or
- The categories of third parties to whom the personal information was sold or disclosed for a business purpose, by category or categories of personal information for each category of third parties to whom the personal information was sold.
- You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
- We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our agreement with you. For example, we may not delete your personal information insofar as it is needed to honor our returns policy with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act.
- Enable internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- We may deny your deletion request if retaining the information is necessary for us or our service providers to:
To exercise the rights described above, please submit a verifiable request to us by clicking on the following link: Do not sell my personal information or by emailing us at email@example.com.
Only you or a person whom you authorize to act on your behalf may make a verifiable consumer request related to your personal information. If you wish to authorize another to act on your behalf, please be advised that The Plant Dad may require that you provide the authorized agent with signed written permission to submit a request and verify your own identity and confirm your permission directly with us, unless the authorized agent has a power of attorney. However, you may also make a verifiable consumer request on behalf of your minor child.
Our verification process works as follows:
Password-protected accounts– if you have a password-protected account with us, we will use password authentication to verify you.
Non-password-protected accounts– Before we may process a request, in order to protect your privacy, we will ask for you to confirm a few pieces of information that we have on our records about you, for example:
- Your email address
- Your billing address and zip code
If you make a request online to delete your personal information, we may need to confirm your request before we delete your information.
You may make a verifiable consumer request up to two times within a 12-month period, without charge. Unfortunately, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We try to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension time period (up to 90 days). If you have an account with us, we will deliver our response to the email associated with that account. If you do not have an account with us, we will deliver our response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding receipt. The response we provide will also explain any reasons we cannot comply with a request, if applicable.
We will not discriminate against you for exercising any of your CCPA rights, however certain features or areas of the site may no longer work properly without the user information they require to function.
COPPA (Children Online Privacy Protection Act)
We have taken many precautions to protect confidential information while you shop and participate on the The Plant Dad Website. We use the industry-standard SSL protocol (Secure Sockets Layer) to secure credit card transactions and all other site content. This SSL system encrypts information that you submit to us via our website when you place an order as a safeguard against third party interception of your information or spoofing of our content by a bad actor for the purposes of interception later. Most modern browsers provide a visual indication that SSL is in place on a given webpage. Credit card information is NOT stored or processed on the site in any way, but is directly tunneled via SSL to a secured 3rd party payments processor (Braintree by Paypal), which handles all purchases, subscription renewals, and payment information retention (where applicable). In addition, all areas of the site are secured using strong password requirements, firewall, anti-spam, and antivirus products which are kept continuously up to date. Users will be notified in the unlikely event that we discover a security breach which places user information at risk.
If you have questions about our privacy policies or procedures, or if you would like to make changes to the way your data is being used, please email firstname.lastname@example.org or reach us by mail, phone, or on the web:
The Plant Dad (Home&Larder LLC) – DATA CONTROLLER
Address: 5557 Baltimore Avenue, Suite 500-1019
Hyattsville, MD 20781
Telephone: (410)449-0561 | Website: www.theplantdad.com