Harvest Market Privacy Policies
Last Updated: February 6, 2023
Why we collect information
Personal Information We Collect
Depending on the types of activities you engage in on our Sites or Apps or how you otherwise use or interact with our Service, we may collect the following categories of Personal Information about you:
- Identifiers and contact information, such as your real name or alias, physical address, email address, telephone number and similar information;
- Online identifiers you use, such as your username, social media handles and similar information;
- Account information, such as your username, password, account activity and similar information;
- Biographical and demographic information, such as your age, gender and similar information;
- Employment or organizational information, such as your employer, membership in organizations and similar information;
- Information about what you look like and similar information;
- Information about your interests, hobbies and similar information; and
- Any other information you or third parties provided to us.
PERSONAL INFORMATION COLLECTED DIRECTLY FROM YOU
We collect information that you provide to us directly when you:
- Create an account;
- Contact us to ask a question or otherwise communicate with us;
- Respond to surveys;
- Participate in a contest, sweepstakes, or other promotional activity;
- Request customer service including dispute resolution, correspondence through any part of our Services, and any correspondence you send to us;
- Post a review or comment any part of our Service, post other user-generated content on any part of our Service;
- Apply for a job with NFI;
- Sign up to receive announcements, newsletters, affinity cards, random rewards, top shopper rewards, or other promotional materials;
- Order through], Rosie, Instacart, or Wufoo; or
- Otherwise provide us with your Personal Information.
PERSONAL INFORMATION COLLECTED FROM THIRD PARTIES
We may obtain Personal Information about you from other third parties through or in connection with our Service. These third parties may include our business partners, shipping providers, fulfilment providers, payment processors and other third parties that provide services directly to us in connection with the ordinary course of our business operations (collectively, “Operational Service Providers”).
We may also obtain Personal Information about you from others that refer you to us and/or from other users of our Service.
INFORMATION COLLECTED AUTOMATICALLY
Certain information on our Service is collected automatically by means of various software tools. We have a legitimate interest in using such information to assist in systems administration, information security and abuse prevention, to track user trends, and to analyze the effectiveness of our Service.
(a) Log Files.
Log files refers to the information that is automatically sent by your web browser or device (or otherwise automatically collected) each time you view or interact with our online Service. The information inside the log files may include IP addresses, type of browser, internet service provider, date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us.
(b) Device and Online Usage.
(c) Location Information.
When you use our Service on your mobile phone or device, we may collect information on your physical location through satellite, cell phone towner, Wi-Fi signal, beacons, Bluetooth, and near field communication protocols. For example, when you opt-in to allowing us to collect this information, it may allow us to recognize the location of your mobile device.
- Remembering your preferences and allowing you to enter your information less frequently;
- Presenting information that’s targeted to your interests, which may include our content presented on another website;
- Measuring the effectiveness of our sites, services, content, and advertising; and
The Options/Settings section of most internet browsers will tell you how to manage cookies and other technologies that may be transferred to your device, including how to disable such technologies. You can disable our cookies or all cookies through your browser settings, but please note that disabling cookies may impact some of our Service features and prevent the Service from operating properly. Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, please visit https://www.allaboutcookies.org.
We may use or engage a third party that uses Local Stored Objects (LSOs), sometimes referred to as “Flash Cookies”, and other technologies to collect and store information about your use of our Service. A flash cookie is a small data file placed on your device using Adobe Flash technology. Flash cookies are different from the cookies described above because cookie management tools provided in your browser will not remove them. To limit the websites that can store information in flash cookies on your device, you must visit the Adobe website:
(e) Do Not Track Signals.
We do not currently respond or take any action with respect to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of information about an individual consumer's online activities over time and across third-party websites or online services.
(f) Analytics Services.
We may use certain third party analytics services to improve the functionality, features, or delivery of our Service. We may also use these analytics services to record mouse clicks, mouse movements, scrolling activity, as well as any text that you type into our Service. By using our Service, you acknowledge and agree that you are aware that our Service may record your activities on our Service and that you consent to this recording. The third party analytics services we use on our Service may include, but may not be limited to:
- Facebook Pixel. Facebook Pixel is a small piece of code provided by Facebook, Inc. (“Facebook”) that receives information about actions taken on websites to, among other things, improve the relevance of ads served on Facebook. The information collected by that code is collected directly, and stored, by Facebook. If we use Facebook Pixel, we will use the information provided by Facebook to evaluate the use of our Service, measure the effectiveness of our advertising campaigns, compile reports on activity on our Service and provide other service relating to activity on, interactions with and other engagement with our Service. For more information about Facebook’s privacy practices, please refer to https://www.facebook.com/about/privacy. You can manage your Facebook ad settings by using the mechanisms available at https://www.facebook.com/ads/preferences.
(g) Web Beacons and Similar Tracking Technologies.
When you visit our Service, we may collect your IP address for certain purposes such as, for example, to monitor the regions from which you navigate our Service. We may also use web beacons alone or in conjunction with cookies to compile information about your usage of our Service and interaction with emails from us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular site tied to the web beacon. We may use web beacons to operate and improve our Service.
HOW WE USE YOUR INFORMATION
We may use your Personal Information in connection with the following purposes associated with our Service:
- For any purpose with your consent and/or to fulfill any other purpose for which you provide your Personal Information to us;
- Provide, operate, analyze, administer, improve, and personalize the Service;
- Provide you with the Service and any information, product or order fulfillment;
- Contact you in connection with the Service, notifications, events, programs or offerings;
- Send you updates and promotional materials;
- Advertise or market product or services to you, including to deliver direct mail, email, mobile messages, social media notifications and other electronic marketing communications;
- Provide personalized or interest-based advertising to you;
- Conduct market research and analytics;
- Process and deliver contest entries and rewards;
- Bill and for fraud prevention;
- Protect our rights or our property and to ensure the technical functionality and security of the Service;
- To carry out our obligations and to enforce our rights arising from any contracts we have entered, including, but not limited to, any contracts between you and us; and
- Comply with applicable law, assist law enforcement, and to respond to regulatory or other legal inquiries.
HOW WE SHARE OR DISCLOSE YOUR INFORMATION
(a) Our Third Party Service Providers.
We transfer information, to our third party service providers to perform tasks on our behalf and to assist us in providing our Services. For example, we may share your information with service providers who assist us in performing core functions (such as hosting, marketing, payment processing, technical support, data storage, and security) related to our operation of the Service and/or by making certain interactive tools available to you as a user. We also use third parties for technical and customer support, application development, tracking and reporting functions, quality assurance, and other services. In the performance of our Service, we may share information from or about you with these third parties so that we can deliver the highest quality user experience.
From time-to-time, we engage advertising services to assist us in advertising our brand and Service based upon your interests and in order to display content that is relevant to you (“Interest-Based Advertising”). Those services may target advertisements on our website as well as third-party websites based on cookies or other information indicating previous interaction with our Service. These third parties may collect information from your use of our Services over time and that information may be combined with information collected about you across different websites and online services. These third party advertisers may be participants in the Network Advertising Initiative and/or the Digital Advertising Alliance, which allow users to opt-out of ad targeting from participating organizations. To learn more about interest-based advertising, or to opt-out of having your information used by certain third parties for behavioral advertising purposes, go to www.aboutads.info/choices or http://www.networkadvertising.org/choices/.
Please note that when you opt-out of receiving interest based advertising, this does not mean you will no longer see advertisements from us.
(c) Aggregated or Deidentified Information.
To better serve our users, business partners, and to improve our Service, we may conduct research on user demographics, interests and behavior or engage in other activities based on identifiable personal information and/or information that we aggregate or de-identify. Aggregated or de-identified information is not considered personal information and does not identify a user personally. We may share this aggregated or de-identified information with our affiliates, agents, business partners, and/or other third parties.
(d) Business Partners.
From time to time, we may partner with other companies to jointly offer products or services (e.g., Rosie, Instacart, Wufoo, etc.). If you purchase or specifically express interest in a jointly-offered product or service from us, we may share information collected in connection with your purchase or expression of interest with our joint promotion partner(s). We do not control our business partners’ use of the information we collect, and their use of the information will be in accordance with their own privacy policies.
We may share your information with our affiliates.
(f) In the Event of Merger, Sale, or Change of Control.
(g) With Your Consent.
At your direction or request, or when you otherwise consent, we may share your information.
(h) Other Disclosures.
We reserve the right to retain any information as long as it is needed to: (i) fulfill the purposes for which we collected the information, and (ii) comply with applicable law.
We take the protection of your information seriously and take reasonable and appropriate physical, administrative, and technical measures to protect the information collected through our Site. While we implement commercially reasonable security measures to protect your privacy, please keep in mind that the Internet is not a 100% secure medium for communication, and we cannot guarantee that the information collected about you will always remain private when using our Site and/or Services. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
You may choose not to receive future promotional or advertising emails from us by selecting an unsubscribe link at the bottom of each email that you receive from us. Additionally, you may send a request specifying your communications preferences to email@example.com. You cannot opt out of receiving transactional emails related to the performance of our services. Please note that even if you opt out of receiving the foregoing emails, we may still send you a response to any “Contact” request as well as administrative, maintenance and operational emails (for example, in connection with a password reset request).
Our Service is not intended for or directed to individuals under 16 years of age, and we do not knowingly collect any personal information from children under the age of 16. When a user discloses personal information on our Service, the user is representing to us that he or she is at least sixteen (16) years of age.
LINKS TO OTHER SITES
SOCIAL MEDIA, ADS, AND PLUG-INS
We may display targeted ads to you through social media platforms and other websites. These ads are sent to groups of people who share traits such as likely commercial interests and demographics.
Our online services may use social media plug-ins (e.g., the Facebook "Like" button, "Share to Twitter" button) to enable you to easily interact with certain social media websites (e.g., Facebook, Twitter, TikTok, and Instagram) and share information with others. When you visit our online services, the operators of the available social media plugins can place a cookie on your device enabling such operators to recognize individuals who have previously visited our online services. If you are logged into these social media websites while visiting our online services, the social media plugins allow the relevant social media websites to receive information that you have visited our online services or other information. The social media plugins also allow the applicable social media websites to share information about your activities on our online services with other users of the social media website. For example, Facebook Social Plugins allow Facebook to show your "Likes" and comments on our online services to your Facebook friends. Facebook Social Plugins also allow you to see your friends' Facebook activity on our online services. We do not control any of the content from the social media plugins.
ADDITIONAL RIGHTS FOR USERS IN CERTAIN GEOGRAPHIC AREAS
FOR USERS THAT ARE CALIFORNIA RESIDENTS
If you are a California resident, under the California Consumer Privacy Act (“CCPA”) and its successor, the California Privacy Rights Act (“CPRA”) you have additional rights regarding your Personal Information. Subject to certain limitations, your rights include:
- Right to Know. You have the right to know and see what Personal Information NFI has collected about you over the preceding 12 months, including:
- the categories of Personal Information NFI has collected about you;
- the categories of sources from which Personal Information is collected;
- the purposes for collecting your Personal Information in accordance with the Services;
- the commercial purposes for collecting your Personal Information;
- the categories of third parties with whom NFI has shared your Personal Information; and
- the specific pieces of Personal Information NFI has collected about you.
- Right to Deletion. You have the right to request that NFI delete the Personal Information we have collected from you. However, there are exceptions under which we may retain your Personal Information and where we are not required to delete your Personal Information.
- Right to Correction. You have the right to request that NFI correct the Personal Information collected from you.
- Right to Portability. You may have the right to request that we transfer certain Personal Information to another entity, subject to certain exceptions.
- Right to Opt-Out of the Sale or Sharing of Personal Information. We do not “sell” or “share” Personal Information as defined by the CCPA or the CPRA. You have the right to opt out of any processing for purposes of cross-context behavioral advertising, targeted advertising or profiling in connection with decisions that produce legal or similarly significant effects, if applicable.
- Right to Opt-Out of Automated Decision-Making. You have the right to opt out of automated decision-making, if applicable.
- Right to Opt-Out of the Use and Disclosure of Sensitive Personal Information. If we collect sensitive Personal Information, we will restrict its use to what is necessary to perform the Services requested by you.
- Right to be free from discrimination. You have the right to be free from discrimination for exercising your rights under the CCPA/CPRA.
If you are a California resident and would like to exercise your rights in accordance with the CCPA, you may contact NFI using any of the following methods:
- Via email at firstname.lastname@example.org; or
- 1501 North 12th Street, Quincy, IL 62301
We will process a verified California consumer privacy request within 45 days of receiving the request. If we require more time, we will inform you of the reason and extension period in writing. Please note that requests are subject to appropriate verification before processing.
FOR USERS IN THE EUROPEAN ECONOMIC AREA (EEA) AND OTHER SPECIFIC USERS
To the extent the General Data Protection Regulation (GDPR) or other law granting particular rights to data subjects applies to you, you have the following rights with regard to our processing of your personal data to the extent made available by the applicable law:
NFI as the Data Controller
Our Legal Basis for Processing Your Personal Data
The following sets out our four (4) lawful bases under the GDPR to which NFI may process your personal data:
- Our Contract With You: Our processing is necessary to perform our obligations under a contract with you or to perform steps requested by you prior to entering into a contract with you (e.g., to verify the information you have provided to us).
- Our Legitimate Interests: Where our processing is necessary for the purposes of the legitimate interests pursued by NFI, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. These legitimate interests include the protection and the security of our Service; to protect the health and safety of you or others; to establish, protect and defend our legal rights and interests; to prevent fraud and verify identity and authorization of clients; to understand and analyze usage trends; and to improve our products and Service.
- Legal Compliance: Where our processing is required to comply with applicable law (for example, to maintain your payment transaction history for tax reporting purposes: e.g., in response to subpoenas, court orders and other lawful requests by regulators, courts and law enforcement agencies, or related to national security requests).
- Your Consent: Where you have given consent to process your personal data for one or more specified purposes, such as to provide our Service and other services requested by you.
Data Subject Rights:
Access and Control of Your Information
We enable you to have control over your personal data. To protect your privacy, before we give you access or let you access or update your personal data, we may ask you to verify your identity or provide additional information. We will try to update and allow you to access your personal information for free, but if it would require a disproportionate effort on our part, we may charge a fee. We will disclose the fee before we comply with your request. We may reject a request for a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful.
Right to Rectification
You have the right to correct your personal data if incorrect, which also includes the right to have incomplete personal data completed.
When we process your personal data by automated means that you have provided to us based on consent or through a contract, you have the right to get a copy of that data in a structured, commonly used and machine-readable format and have that transferred to you or to third party.
Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data:
- During the pending period of time where we verify the accuracy of any personal data that you claim is inaccurate;
- Where the processing of your personal data is unlawful, but you oppose erasure and instead request that we restrict the use of your personal data;
- If we no longer need your personal data but it is required for you to make or defend legal claims; or
- During the pending period of time where we verify our legitimate interest to process your data when you object to such processing.
Right to Object
You have the right to object to the processing of personal data under certain conditions. For example, you may object to any processing of your personal data where we have relied on legitimate interests as our legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interest. If you raise an objection, we will always respond to your request, but may not be required to honor it in all circumstances.
Erasure of Personal Data
You have the right to delete the personal data collected through our Services. There may be instances where we may not be able to delete your data or where we retain a copy of your data, for example, where we may need it to comply with a legal obligation or to protect the rights of others.
How to Exercise Your Rights
Address of Agent: 1501 North 12th Street, Quincy, IL 62301
Right to Complain to Supervisory Authority in the European Union
If you believe that NFI is processing your personal data in an incorrect or unlawful manner, please contact us at email@example.com. For those located in the European Union, you also have a right to file a complaint with a Supervisory Authority in the EU.
INTERNATIONAL TRANSFER OF INFORMATION COLLECTED
Personal data NFI collects from you will be stored and processed in the United States. If you provide us with personal data, it will be transferred to, processed, and accessed in the United States.
At certain locations we provide pharmacy services which offer specific methods to exercise privacy rights including the opportunity to access or amend protected health information collected, created, or received by those operations. If you need assistance accessing records related to your personal information collected, created, or received by our pharmacy services operations, please contact a local pharmacy to learn more about your rights or contact us at firstname.lastname@example.org.
Biometric Information Privacy Act (BIPA)
Niemann Foods, Inc. (“Niemann Foods”) uses Kronos biometric timeclocks to collect, store and use biometric data. This data is used solely for Associate identification and fraud prevention. Niemann Foods has instituted the following policy governing the collection, use, storage, and destruction of your biometric data (finger scan).
- The biometric timeclocks are computer-based systems that scan an Associate’s finger for purposes of identification. The computer system extracts unique data points and creates a unique mathematical representation used to verify the Associate’s identity.
- Niemann Foods will not sell, lease, trade, or otherwise profit from an individual’s biometric data.
- Niemann Foods will not disclose or disseminate any biometric data to anyone other than its vendors and its licensor of time and attendance software providing products and services using biometric data, unless disclosure is required pursuant to a valid warrant or subpoena by a court.
- Niemann Foods shall use a reasonable standard of care to store, transmit and protect from disclosure any biometric data collected. Such storage, transmission, and protection from disclosure shall be performed using the same standard of care and security controls it uses for other confidential and sensitive information.
- Any biometric data will be permanently removed from the database and records within 60 days from the date of an Associate’s termination.
- Any biometric data of an Associate on a leave of absence may be maintained in the system. If an Associate does not return to work from the leave, their biometric data will be permanently removed within 60 days. If the Associate returns at a later date, they can be re-enrolled.
- No clock will be disposed of, unless biometric data and Associate information is removed.
- An individual’s biometric data will not be collected, used, disclosed, or stored without prior written consent of the individual to use his or her biometric data for the specific purposes disclosed herein.
- An individual is free to decline to provide biometric data to the Niemann Foods, its vendors, and/or the licensor of the time and attendance software without any adverse employment action.
The Associate may revoke this consent at any time by notifying Niemann Foods in writing.