Privacy Policy
Mixed Nuts SF (“we,” “our,” or “us”) operates the website mixednutssf.com (the “Site”). This Privacy Policy describes our practices regarding the collection, use, and disclosure of personal data when you access or use our Site or interact with our services. We are firmly committed to protecting the privacy and personal data of our website visitors, customers, and partners, in full compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. We adhere to a privacy-first philosophy, ensuring your information is handled with the highest level of security and transparency.
1. Commitment to Privacy and Data Protection
At Mixed Nuts SF, we recognize the importance of your personal data. We treat the security and confidentiality of your information as paramount. This Privacy Policy outlines how we protect the information you provide, how we use it, and the rights you have in relation to it. We take all appropriate measures to ensure that your privacy is preserved.
2. Scope of the Policy and Role of Data Controller
This Privacy Policy applies to all users of mixednutssf.com and covers the data collected through your interactions with the Site, whether through browsing, purchasing, or contacting us. For the purposes of applicable data protection laws, including the GDPR and CCPA, Mixed Nuts SF is the “data controller” responsible for your personal data as collected through this website.
3. Categories of Personal Data We Process
We collect and process the following categories of personal data, only to the extent necessary and appropriate for the purposes determined below:
a. Usage Data:
Information automatically collected when you use our Site, including your IP address, browser type, operating system, pages viewed, time spent on pages, and interactions with our web features. This data is collected via cookies, web beacons, and server logs.
b. Account Data:
Personal identifiers you provide when registering an account or placing an order, such as your full name, shipping and billing address, email address, and phone number.
c. Profile Data:
Information relating to your use of our services, including product preferences, purchase history, and browsing behavior.
d. Communication Data:
Records of your correspondence with us. This includes support requests, responses to customer service inquiries, and related content submitted through our contact forms or direct email communications.
e. Technical Data:
Information about the devices you use to access our Site, such as hardware model, device identifiers, operating system, screen resolution, and system settings.
f. Transaction Data:
Details related to purchases made through mixednutssf.com, including order history, payment details (excluding complete financial information such as full credit card numbers), and delivery status.
g. Preference Data:
Information regarding your marketing preferences, newsletter sign-ups, opt-in/opt-out preferences, and product interest selections.
4. Legal Bases for Processing Personal Data
We process your personal data under one or more of the following lawful bases:
– Contractual Necessity: When processing is required to fulfill a contract with you, such as delivering a purchased product.
– Legitimate Interests: When processing is necessary for our legitimate business interests, provided these interests are not overridden by your fundamental rights.
– Consent: When you have expressly provided us with permission to process your data for specific purposes, such as receiving marketing communications.
– Legal Obligation: Where processing is necessary for compliance with a legal obligation.
5. Your Data Protection Rights
Subject to applicable laws, you have the following rights regarding your personal data:
– Right of Access: To confirm if we process your data and receive a copy.
– Right of Rectification: To correct inaccurate or incomplete personal data.
– Right to Erasure (“Right to Be Forgotten”): To request deletion of your data, under certain conditions.
– Right to Restrict Processing: To limit how we process your data in specific scenarios.
– Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format and transmit it to another data controller.
– Right to Object: To object to the processing of data based on our legitimate interests or direct marketing.
You may exercise these rights by contacting us at [email protected]. We aim to respond to your requests within a reasonable timeframe in accordance with applicable laws.
6. Security Measures
We implement appropriate technical and organizational safeguards to protect your personal data. These include, but are not limited to:
– Encryption of data in transit and at rest
– Secure server infrastructure with firewalls and access controls
– Regular backups and disaster recovery protocols
– Ongoing staff training on data protection principles
– Strict internal access policies on a need-to-know basis
7. International Data Transfers
If your personal data is transferred outside the European Economic Area (EEA) or California, we ensure that appropriate safeguards are in place. These may include reliance on:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Adequacy decisions by the European Commission
– Binding corporate rules or appropriate legal exemptions
We ensure that such transfers are conducted in accordance with applicable privacy laws to maintain the integrity and confidentiality of your information.
8. Data Retention
We retain personal data for no longer than is necessary for the purposes for which it is processed. Retention periods vary depending on the data category, as follows:
– Usage Data: retained for up to 12 months for analytics purposes
– Account and Transaction Data: retained for up to 7 years to comply with tax and contractual requirements
– Communication Data: retained for 3 years from the date of final interaction
– Technical and Profile Data: retained for 24 months to improve and personalize services
– Marketing Preferences: retained until you withdraw consent or unsubscribe
Once retention is no longer necessary, data is securely deleted or anonymized.
9. Cookie Policy
Our Site uses cookies and similar technologies to collect usage and preference data. Cookies are small data files stored on your device used to enhance and customize your experience.
We categorize cookies as follows:
– Essential Cookies: Necessary for the functioning of the Site and services (e.g. session management, navigation).
– Functional Cookies: Optional cookies that remember your settings and preferences.
– Analytics Cookies: Used by us and our third-party analytics providers (e.g. Google Analytics) to collect metrics on Site traffic and usage.
– Performance Cookies: Help us optimize Site performance and load times.
These cookies do not access sensitive personal data and can be adjusted through your browser settings or cookie management tools provided on the Site.
10. Cookie Management and Compliance with GDPR & CCPA
Users in the European Union and California have the right to control the use and disclosure of their personal data collected via cookies. Upon visiting our Site, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You may also withdraw or modify your consent at any time via the cookie settings panel or browser-configured privacy tools.
Under CCPA, California residents may also opt out of the “sale” of personal information. While we do not sell data in the traditional sense, we honor such requests in accordance with CCPA’s broad definitions. You may request these by contacting [email protected].
11. Protecting Children’s Privacy
We do not knowingly collect personal data from children under the age of 13. If we become aware that such data has been collected without verifiable parental consent, we will delete it promptly. If you believe we have inadvertently collected data from a child under 13, please notify us at [email protected].
12. Updates to This Privacy Policy
We reserve the right to amend this Privacy Policy at any time. Where material changes are made, and where required by law, we will provide notice to you (such as through the Site or via email) and, if necessary, obtain your consent. We encourage you to review this page periodically to stay informed about how we protect your data.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way in which your personal data is handled, you may contact us directly:
Email: [email protected]
Website: mixednutssf.com
We are committed to full compliance with applicable privacy laws and to resolving any privacy-related concerns with transparency and care.