Privacy Policy
1. Introduction
At Mixed Nuts SF, we are committed to safeguarding your privacy and ensuring the protection of your personal data. We uphold the highest standards of transparency, responsibility, and integrity in how we manage and process your information. This Privacy Policy outlines how we collect, use, store, and protect your personal data when you interact with our website, https://mixednutssf.com (“Website”), in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of This Policy and Data Controller
This Privacy Policy applies to all personal data collected by Mixed Nuts SF through our Website and the services available therein. For data protection purposes under the GDPR, Mixed Nuts SF is the “data controller,” meaning we determine the purposes and means of processing your personal data. Under the CCPA, we act as a “business” determining the manner in which personal information is collected and used.
3. Categories of Data We Process
We may collect and process the following categories of personal data when you visit mixednutssf.com or engage with us:
a. Usage Data
Information about your interactions with the Website, including your IP address, browser type and version, device type, operating system, referral source, pages viewed, time spent on pages, and geographical location.
b. Account Data
Personal identifiers such as your name, physical address, email address, phone number, and login credentials if applicable.
c. Profile Data
Details related to your user profile, such as order history, purchase preferences, feedback, usage behavior, and saved items or wishlists.
d. Communication Data
Records of any correspondence you send to us, including inquiries, support requests, feedback, or messages you submit via our contact forms or directly through email.
e. Technical Data
Device-specific identifiers and configurations, browser plug-ins, screen resolution, time zone settings, and operating system information.
f. Transaction Data
Payment details (limited and encrypted), order contents, delivery and billing addresses, transaction timestamps, and fulfillment status, as handled by payment processors.
g. Preference Data
Information regarding your preferences for receiving marketing communications, notification settings, opt-in/opt-out status, and product interests.
4. Legal Bases for Processing
We process your personal data only when legally permitted, specifically on the following legal bases:
– Contractual necessity: to fulfill our obligations when you make a purchase or request our services.
– Legitimate interests: to operate and optimize our Website, communicate with users, prevent fraud, and enhance security.
– Consent: where you have explicitly agreed to receive marketing communications or allow the use of non-essential cookies.
– Legal obligation: where we are required to comply with legal or regulatory requirements (e.g., bookkeeping, law enforcement).
5. Your Rights
Under GDPR and CCPA (as applicable), you may exercise the following rights:
– Right of Access: Request confirmation of whether we process your data and obtain a copy of such data.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure: Ask us to delete personal data where there is no compelling reason for continued processing.
– Right to Restriction: Request limitation on processing of your data under specific circumstances.
– Right to Data Portability: Request the transfer of your data in a structured, commonly used, machine-readable format.
– Right to Object: Oppose processing based on legitimate interest or direct marketing.
– Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at: [email protected]. We will respond in accordance with applicable law.
6. Security Measures
We employ commercially reasonable security practices to protect your information, including:
– Encryption: Use of SSL/TLS protocols to encrypt data transmitted through our Website.
– Access Controls: Role-based permissions and user authentication safeguards.
– Data Backups: Regular secure backups to prevent data loss.
– Staff Training: Ongoing privacy and security awareness training for relevant personnel.
While we strive to safeguard all information entrusted to us, no system can be entirely secure; consequently, we cannot guarantee absolute protection from all threats.
7. International Transfers
Personal data collected through mixednutssf.com may be processed in and transferred to countries outside the European Economic Area (EEA) or outside California depending on operational requirements. All such transfers are carried out in compliance with applicable data protection laws using appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and other lawful mechanisms.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law. Specific data retention practices include:
– Usage and Technical Data: Retained for up to 12 months for analytics and security.
– Account and Profile Data: Retained while the account is active and up to 60 days after deactivation or request for deletion.
– Transaction and Communication Data: Retained for 7 years for financial and legal compliance.
– Marketing and Preference Data: Stored until you revoke consent or unsubscribe.
9. Cookie Policy
Our Website uses cookies and similar technologies to enhance user experience, analyze site performance, and deliver relevant content. Types include:
– Essential Cookies: Required for the operation of the Website (e.g., session, login).
– Functional Cookies: Allow Website to remember your preferences.
– Analytics Cookies: Assist with measuring Website traffic and behavior (e.g., Google Analytics).
– Performance Cookies: Monitor Website performance, error management, and enhancements.
10. Cookie Management and Compliance
On your first visit to mixednutssf.com, you will be presented with a cookie banner providing options to accept, reject, or customize your cookie preferences. You may change your cookie settings at any time through your browser or our cookie consent tool. In accordance with GDPR and CCPA, we honor user preferences and refrain from setting non-essential cookies without consent.
California residents may also request to opt out of the “sale” of their personal information as defined under the CCPA, even though we do not sell personal information in the traditional sense.
11. Children’s Privacy
We do not knowingly collect personal data from children under the age of 13. If we become aware that we have inadvertently collected such information, we will promptly delete it. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated via the Website and, where appropriate, via email. Continued use of mixednutssf.com following such changes constitutes your acceptance of the revised Policy.
13. Contact Us
If you have any privacy-related questions, concerns, or requests, please contact us using the following email address:
We are committed to full compliance with applicable data protection laws, including GDPR and CCPA. For further inquiries or to exercise your data rights, reach out to us at the contact email provided above.