Effective Date: September 7, 2017
Version number: 2.0
The collection, use, transfer and storage of your personally identifiable information (PII) or personally related information (PRI) should be of concern to you.
Privacy Tools That You Can Use
If you want to understand how you are tracked I would suggest downloading the Ghostery app from www.ghostery.com. I have no personal connection to the company and it’s even possible that by downloading the browser you actually INCREASE your tracking and insecurity – however – I would be remiss if I did not share with you a resource that I believe has helped me control the amount of PII and PRI about me floating out there in the cloud.
If you choose to install Ghostery please be aware that you will not be able to access our website without unblocking a few of our trackers. Yes, we are tracking you (please read on)! We do want you to become and stay a customer so we encourage you to unblock what you have to. On the other hand, we think your privacy is something that you should ultimately control. Ghostery seems helpful. It’s your choice. My mother-in-law doesn’t care but maybe you should -- for the next generation?
Protecting your PRI as well as your PII
One further note – personally identifiable information (PII) is generally defined as the “details collected on the Internet about an individual consumer, including an individual’s first and last name, a physical street address, an email address, a telephone number, a Social Security number, or any other information that permits a specific individual to be contacted physically or online.” The term extends to details such as a person’s birthday, height, weight or hair color that are collected online and stored by an operator in personally identifiable form.
However, PII is only a fraction of the information about YOU that internet companies spend billions of dollars every year tracking. Above I referred to personally related information (PRI) which is a term that I coined to describe the meta-data trail that you leave behind wherever you go online. This trail might not contain any particular piece of information that would fall into the PII definition, but it might be enough personally related information that when combined with other bits of personally related data allows YOU and YOUR activity to be identified (with a high degree of probability). Whereas you might be able to ask a company to scrub your PII from its database, there are no mechanisms in place for you to erase or control your PRI.
Advanced PRI technologies are already well developed at the largest internet companies, I believe. So while most stated privacy concerns are directed at PII, it’s really PRI that requires equal attention.
We Promise to Try our Best
As a small farm and internet seller of food, we depend completely on larger internet companies for all our Software as a Service (SaaS) needs. In many ways, I am very thankful that I can purchase these services that help me transact with my customers, run contests and sweepstakes, improve my website, analyze my traffic, and so on and so forth.
On a periodic basis we read these companies privacy policies and look for changes (Privacy Policies generally range from 2,500 to 3,500 words in my estimate), but the fact of the matter is that these policies are just promises. And the promises are crafted by cadres of lawyers. And the degree to which these companies gather and use personally related information (PRI) is unknown to us.
Unless we at Fat Stone Farm sell our small farm business someday, we will never sell your PII. We depend on several large reputable service providers to collect and securely store your PII, including transaction (credit card) information. And we won’t knowingly sell your PRI either.
If you have any questions about what information we collect and how we use it, and what you can do about it please do not hesitate to contact me at 139-3 Joshuatown Road, Lyme, CT 06371. Drop me a note with your telephone number and I will give you a call to answer your questions. Thanks for taking the time to read our policy.
SECTION 1 – INFORMATION THAT WE COLLECT
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address and other Personally Identifiable Information (PII).
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
COLLECTION OF PERSONALLY IDENTIFYABLE OR RELATED INFORMATION (PII & PRI)
When you browse our store or interact with us in any other way we or our Service Providers (referred to as “We”) may collect and store personally related information (PRI). If you are a customer, this PRI may become PII. PRI can fall into any number of categories, including but not limited to:
Log Information: We log information about your use of our Website, including the type of browser you use, access times, pages viewed, your IP address, your general location, and the page you visited before navigating to Website.
Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers and mobile network information.
Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, including cookies, pixels and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Website and your experience, see which areas and features of our Website are popular, and count visits. Web beacons are electronic images that may be used in our Website or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, and how to disable them, please see "Your Choices" below.
Information We Collect From Other Sources: We may also obtain information from other sources and combine that with information we collect through our Services. For example, we may collect information about you from third parties, including but not limited to social media sites, identity verification services, credit bureaus, mailing list providers and publicly available sources.
SECTION 2 – HOW WE USE THE INFORMATION
We may use information about you for various purposes, including to:
- Provide, maintain, customize, and improve our Website;
- Provide and deliver the products you request, process transactions and send you related information, including confirmations and shipping information,
- Respond to your comments, questions and requests and provide customer service;
- Administer contests and sweepstakes
- Communicate with you about products, offers, promotions, rewards, and events offered by Fat Stone Farm and provide news and information we think will be of interest to you;
- Developed target advertising
- Monitor and analyze trends, usage and activities in connection with our Website; and
- Carry out any other purpose for which the information was collected.
Fat Stone Farm is based in the United States and the information we collect is governed by U.S. law. By being a Fat Stone Farm customer and otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.
SECTION 3 – HOW WE SHARE THE INFORMATION
- With vendors, consultants and other Service Providers who need access to such information to carry out work on our behalf;
- In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process, or as otherwise required by any applicable law, rule or regulation; or if you violate our Terms of Service.
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company; and
- With your consent or at your direction.
- We may also share aggregated or de-identified information, which cannot reasonably be used to identify you. We do not sell your PII or PRI.
- In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
- However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
- For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
- In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
- As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
- When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 4: HOW WE PROTECT YOUR INFORMATION
We depend heavily on our Software as a Service (SaaS) providers to protect your personal information against unauthorized or unlawful access, processing and against accidental loss, destruction or damage. We also limit access to personal information about you to employees who reasonably need access to it to provide our Site, or in order to do their jobs. However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we may have collected from or about you. In addition, we have no control over the security of other web sites on the Internet that you might visit even when a link may appear to those web sites site from our Site. If you share your computer or use a computer that is accessed by the general public, remember to log off and close your browser window when you have finished your session.
SECTION 5 – THE CHOICES WE GIVE YOU ABOUT YOUR PII
Below is a description of the process by which our customers can review and request changes to your personally identifiable information as collected by us.
We and our Service Providers store your PII in order to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase. Please contact us (see contact information below) and we can remove your stored information from the system.
To review, request changes or completely remove your PII from our system please contact us at firstname.lastname@example.org or mailing us at, Fat Stone Farm, LLC, 139-3 Joshuatown Rd, Lyme Connecticut US 06371
To remove yourself from any email or marketing list, simply use the “unsubscribe” feature provided at the bottom of every email.
If at any time you wish for us to stop collecting PII or PRI about you, you can enable or download cookie blocking software and other tools such as Ghostery that will prevent some or all data collection.
SECTION 6 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 7 – CHILDERN UNDER 13
Children under the age of 13 are not permitted to use this Site or our services. We do not knowingly collect any personal information from children under 13. If we become aware that someone attempting to register on our Site is under 13, we will attempt to delete the information he or she provided as soon as possible.
SECTION 8 – FOR CALIFORNIA USERS
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at
Fat Stone Farm, LLC
[Attn: Privacy Compliance Officer]
139-3 Joshuatown Rd, Lyme, Connecticut US 06371