WHAT INFORMATION DO WE COLLECT?
Personal Information We Collect About You
During your visit and use of our Website and services, we collect certain data that you provide to us when you fill out opt-in forms, contact forms, and surveys, when you purchase products and/or services, and when you enter your information for giveaways and/or competitions.
The personal information that you provide to us can be your name, email address, location, and occupation. Moreover, if you are purchasing products, then you are also providing us with payment and address information. (However, your payment information is not stored in our system because purchases are processed through payment processors.) Therefore, should you have any questions about payment activities and/or information, contact the specific payment processor directly.
In the preceding 12 months, we have collected the following categories and specific types of consumer personal information:
|Categories of Personal Information
|Specific Types of Personal Information Collected
|Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers)
Internet Protocol Address
|Characteristics of protected classifications under California or federal law such as race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, sex, age, or sexual orientation
|Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Bank account number
Credit Card Number
Debit Card Number
|Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
|Record of Product Purchased
Credit/Debit Card last 4 digits
|Biometric information such as fingerprint recognition, facial detection, palm vein scanning, iris recognition, and even voice recognition, etc.
|Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement)
Information regarding a consumer’s interaction with an Internet Web site, application, or advertisement
|Audio, electronic, visual, thermal, olfactory, or similar information
|Professional or employment-related information
|Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA) [According to the U.S. Department of Education, personally identifiable information for education records is a FERPA term referring to identifiable information that is maintained in education records and includes direct identifiers, such as a student’s name or identification number, indirect identifiers, such as a student’s date of birth, or other information which can be used to distinguish or trace an individual’s identity either directly or indirectly through linkages with other information.
|Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
|Sensitive Personal Information, for example, social security number, credit card number, date of birth, drivers license number
|Credit Card Number
Debit Card Number
YOUR RIGHTS UNDER CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”)
AS AMENDED BY CALIFORNIA PRIVACY RIGHTS ACT OF 2020 (“CPRA”)
To access a detailed CCPA policy and know your rights refer to the separate CCPA policy linked here where we notify you of your rights and our obligations under the amended CCPA.
OUTSIDE OF THE EUROPEAN UNION (“EU”)
If you are outside of the EU and enter your information to receive a freebie, make a purchase, respond to survey, register for a free training, or participate in a webinar, then we will automatically enroll you to receive our newsletter and updates.
If you do not wish to receive any communications from us, you can opt out by clicking on the unsubscribe link located at the bottom of the emails.
IN THE EUROPEAN UNION
If you are in the EU and opt to receive a freebie or participate in a free training, register for a webinar or live event, or purchase a product, your email address will not be added to the email list to receive our newsletter and updates unless you affirmatively consent to it.
If you change your mind at any point and do not want to receive electronic communication, simply unsubscribe.
If you have trouble unsubscribing by clicking the link at the bottom of the email, simply email us at [email protected] and request to be unsubscribed from future emails.
YOUR RIGHTS UNDER GDPR
As someone who resides in the European Union, you are entitled to exercise certain rights that you are given under the General Data Protection Regulation (GDPR).
Any information or data that you chose to provide us will be kept with Sassy Herb Garden until one of these happens: (1) you request Sassy Herb Garden to DELETE the information and/or data; (2) Sassy Herb Garden decides to STOP USING the existing data processors, or (3) Sassy Herb Garden decides that the cost of retaining the data outweighs the value in retaining it.
As a consumer and/or visitor on our Site who is located in the European Union region, you have the right to request access to your data that Sassy Herb Garden collected on you and stores it.
You are within your rights to demand to know exactly what data and information Sassy Herb Garden has collected on you. Keep in mind that some parts of this data was provided by you personally, while others were gathered through cookies and pixels.
You have the right to withdraw consent on a data that you previously gave us consent to collect and process. The right to withdraw consent applies to any future processing of that data. However, any data that has been collected and processed previously based on valid consent is lawful and not subject to liability based on any legal grounds.
You also have the right to request erasure of your data and all your information from Sassy Herb Garden’s data storage. Once you request that your data be erased from Sassy Herb Garden’s databases, we have thirty (30) days to comply with your request. If it’s impossible to comply within 30 days, Sassy Herb Garden will respond to the Visitor’s request and let them know about the issue and also give them a reasonable time as to when their request for deletion will be honored.
Aside from rights such as request to access, request to delete and rectify, an EU user also has the right to place restrictions on the data processing itself. This means a user can limit certain things that Sassy Herb Garden can and cannot do with their data. You can choose to limit transfer of your data to third-party businesses (unless it’s essential for Sassy Herb Garden’s basic functions).
You further have the right to file a complaint with a supervisory authority who oversees and handles issues related to the GDPR.
Lastly, it’s Sassy Herb Garden’s duty to inform you that we only require information that is reasonably necessary to enter into a contract with you. We do not collect any unnecessary data, and any information we acquire is used for legitimate business purposes such as growing and scaling our business, or being able to provide satisfactory customer service to you and other users.
Here is a quick table version of all your rights under GDPR.
|Right to Access
|The right to be provided with a copy of your personal information (the right of access)
|Right to Rectification
|The right to require us to correct any mistakes in your personal information
|Right to Deletion/Right to be Forgotten
|The right to require us to delete your personal information—in certain situations
|Right to Restriction of Processing
|The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data
|Right to Data Portability
|The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
|Right to Object
|The right to object:at any time to your personal information being processed for direct marketing (including profiling);in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
|Right Not to be Subject to Automated Individual Decision-Making
|The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
BRAZILIAN DATA PROTECTION LAW (“LGPD”)
The Brazilian Data Protection Law or the LGPD, which is derived from its Portuguese name. The LGPD is Brazil’s law on online privacy requirements and certain rights and privileges given to data subjects.
Under the LGPD, “processing” is defined as collection, production, reproduction, transmission, receipt, use, classification, filing, storage, control or evaluation of data, deletion, dissemination, extraction, modification, and communication. The LGPD applies to “personal data” that is defined as any information related to an identified or identifiable natural person. Moreover, sensitive data such as political opinion, racial or ethnic origin, religion, health, sex and more as they relate to a natural person.
Under the LGDP, the data subjects are given the following rights relating to their personal data:
- Awareness and confirmation of the existence of data processing;
- Anonymization or pseudonymization or removal of pieces of data that have been collected or processed without compliance with the LGPD;
- Access to personal data;
- Correction of inaccurate data;
- Right to request deletion;
- Right to revocation of consent;
- Right to request disclosure of any third parties with whom personal data is shared;
- Access to the customer policy information and consent revocation terms and conditions.
The data subject has the right to exercise these rights with our business Sassy Herb Garden anytime, free of charge.
As a business, we can only process personal data if there is any legal basis for processing that data. The LGPD provides approximately ten (10) legal basis for processing data. The ten grounds are:
- The data subject gives express consent to process the data.
- Data processing is necessary to comply with a legal obligation.
- Processing is essential to protect the life or physical safety of the data subject or another third party.
- Necessary to execute a contract or contract-related procedures that the data subject is a party to at the request of the data subject.
- Necessary to process to fulfill the legitimate interests of the controller or of the third party, except when the data subject’s fundamental rights prevail.
- Necessary to process in order to protect credit (refers to a credit score).
- You need to process to protect the health in relation to activities of health professionals or health entities.
- Necessary to process to carry out studies by research entities that ensure, when possible, the anonymization of personal data.
- Necessary to process to exercise rights in judicial, arbitration, and administrative procedures.
- Necessary to process to execute public policies provided in laws or regulations or those that are based on contracts, policies, agreements, or similar binding instruments.
Sassy Herb GArden mostly uses legal basis #1 and #5 above, which are that the data subject gives express consent to process the data, and that processing is necessary to fulfill the legitimate interests of the controller or of the third party, except when data subject’s fundamental rights prevail to process personal and sensitive data collected from you.
VIRGINIA CONSUMER DATA PROTECTION ACT (“VCDPA”)
The term “personal data” used in this section is defined in the VCDPA as any information that is linked or reasonably linkable to an identified or identifiable natural person. Va. Code Ann. § 59.1-575. Personal data does not include de-identified data or publicly available information.
Categories of Personal Data Processed
We summarize the categories of personal data that we process and their purposes in this section. For detailed information, you can refer to the “Detailed information on the processing of Personal Data” section of the document.
Categories of Personal Data We Collect
The categories of personal data that we have collected include identifiers and internet information such as Name, Email address, IP address, Credit/Debit Card number, products ordered. We do not collect sensitive data and will not collect additional categories without informing you. Sensitive data includes, but is not limited to, information on racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, and citizenship or immigration status.
Reasons for Processing Personal Data
We will not use your personal data for purposes that are incompatible with those disclosed initially without your consent. You can grant, deny, or withdraw your consent at any time using the contact details provided in the document.
Sharing Your Personal Data With Third Parties
Sale of Your Personal Data
The sale of personal data is defined as any exchange of personal data for monetary consideration by us to a third party, as defined by the VCDPA. Note that disclosing personal data to a processor who processes personal data on behalf of a controller is not considered a sale.
Our use of your personal data may be considered a sale under the VCDPA.
Opting-Out of the Sale Of Your Personal Data
We will use any personal data collected from you for the sole purpose of complying with your opt-out request.
Processing of Personal Data for Targeted Advertising
We do not process your personal data for targeted advertising. If we decide to do so in the future, we will inform you and give you the right to opt-out.
Privacy Rights Granted Under the Virginia Consumer Data Protection Act (“VCDPA”)
Under the Virginia Consumer Data Protection Act, you have the following rights regarding the processing of your personal data by us:
- The Right to Know: You have the right to know if we are processing your personal data and to access it.
- The Right to Correct:: You have the right to request correction of any inaccurate personal data we maintain about you.
- The Right to Request Deletion: You have the right to request the deletion of your personal data.
- The Right to Portability of Data: We will provide a portable and usable copy of your personal data if it is technically feasible.
- Opt-out of Targeted Advertising, Sale of Personal Data or Profiling: You have the right to opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling.
- Non-Discrimination: We will not discriminate against you for exercising your rights under the VCDPA. However, if the personal data or sale is necessary for us to provide goods or services, we may not be able to complete the transaction if you refuse to provide the data or ask us to delete or stop selling it.
How and When We Are Expected to Comply With Your Request
We do our due diligence to respond to all requests as soon as possible, within 45 days of the receipt of the request date. Should we need more time to respond, we will contact you and notify you of our reasons for needing more time and how much time we need. Under the law, we may take up to 90 days to fulfill your request.
We will do so if there are reasonable and lawful grounds for denying your request. You have the right to appeal the denial. Within 60 days of the receipt of the appeal, we will notify you in writing of any action taken or not taken in response to your appeal. If your appeal is denied, you may contact the Attorney General to submit a complaint.
CHILDREN’S PRIVACY AND DATA
This Website is not intended for children under the age of 13. We and this Website do not knowingly and intentionally collect any personally identifiable information from children under the age of 13. If you are under 13 years of age, please do not use or provide any information on this Website. Do not use any third parties that might have links present on this Website. Do not provide your name, address, phone number or any payment information.
If a parent or guardian believes that this Website unknowingly collected personally identifiable information from a child under the age of 13 in its database, please contact us at once at [email protected] and we will do our best to immediately remove any and all such information from our database.
HOW DO WE USE THE INFORMATION WE COLLECT FROM YOU?
Information Collected from You
We use the information we collect from you to send you targeted marketing and promotional communications. If at any time you indicated an interest in a particular field related to our Site, then we and/or our third-party marketing partners may use this relevant information to send you additional communication regarding similar products/services.
If you do not want to receive any marketing and/or promotional communication, you can opt out at any time by UNSUBSCRIBING from either a particular list or topic or from all the emails coming from us by clicking on the unsubscribe button located at the bottom of every email you receive.
Information Collected from Third-Party Apps and Tools
Any information collected from third-party tools is used for statistical and analytical purposes and for evaluating and making improvements to our Site. This automatically collected information will not include personal information data.
WILL WE SHARE YOUR INFORMATION WITH ANYONE?
We respect your privacy and the value of your information. We do not share, disclose, sell, lease or rent your information to anyone or any third party without your express consent.
Only under limited circumstances will necessary information be shared with third parties. Here are the situations in which we will share your information:
- You gave us express consent to do so;
- You entered into a contract for recurring payments—for this reason, your information will be processed on an as-needed basis to uphold the agreement;
- Performance of a contract—if you are obligated to pay or perform an action, and you fail, we reserve the right to share necessary information with a third-party company, such as a collection agency or an attorney; and
- Mandated by law—if legal proceedings are initiated, and there is a subpoena (unlikely, but better to be prepared than surprised).
If you do not wish your cookie information to be stored, then you can change the settings of your browser cookies. By default, only necessary cookies are enabled.
EMAIL COMMUNICATIONS & POLICIES
If you decide to contact us through email, we reserve the right to retain the content of your email messages, your email address, and our responses.
Your privacy is important to us. Therefore, your email address will never be shared, sold, or leased to any third-party members.
In compliance with the CAN-SPAM Act, any and all communications sent from our Company or Website will clearly state who the email is from, who the email is for, and how to contact the sender.
Furthermore, should you wish to not receive any more emails, you can click on the “Unsubscribe” link located at the bottom of the email.
Sassy Herb Garden – https://sassyherbgarden.com
Effective as of January 26, 2022