Privacy Policy
Privacy policy
This Privacy Policy describes how nanajoes.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.
Collecting Personal Information
When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.
Device information
- Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processor Shopify, Klaviyo (email marketing), Facebook (advertising), TikTok (advertising), Google (advertising and analytics), Pinterest (advertising).
Order information
- Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, PayPal, Shop Pay, Google Pay), email address, phone number, and order history.
- Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor Shopify; and as applicable: Shop Pay (payments), Stripe (payments), Paypal (payments), ShipStation (shipping), Recharge (payments), Wholesale Gorilla (payments), Faire (wholesale), Klaviyo (email marketing), Facebook (advertising), TikTok (advertising), Google (advertising and analytics), Pinterest (advertising).
Customer support information
- Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, PayPal, Shop Pay, Google Pay), email address, phone number, and order history.
- Purpose of collection: to provide customer support.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor Shopify; and as applicable: Shop Pay (payments), Stripe (payments), Paypal (payments), ShipStation (shipping), Recharge (payments), Wholesale Gorilla (payments), Faire (wholesale), Klaviyo (email marketing), Facebook (advertising), TikTok (advertising), Google (advertising and analytics), Pinterest (advertising).
Minors
The Site is not intended for individuals under the age of sixteen (16). We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy/
- We use Recharge to power our subscriptions. You can read more about how Recharge uses your Personal Information here: https://rechargepayments.com/privacy-policy/
- We use Klaviyo to power our email marketing. You can read more about how Klaviyo uses your Personal Information here: https://www.klaviyo.com/privacy/
- We use ShipStation to ship customer orders. You can read more about how ShipStation uses your Personal Information here: https://www.shipstation.com/privacy-policy/
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Behavioural Advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en
- You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout
- We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners Klaviyo, Google, Facebook, TikTok, and Pinterest. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- TIKTOK - https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/personalization-and-data
- GOOGLE - https://www.google.com/settings/ads/anonymous
- PINTEREST - https://www.pinterest.com/settings/privacy/
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
Lawful basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Retention
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
Automatic decision-making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
Your Privacy Rights and Choices
CALIFORNIA
As modified by the California Privacy Rights Act, the California Consumer Privacy Act ensures that California consumers have the following rights with respect to the collection, use, sharing, sale, and other processing of their Personal Information:
- The right to know what Personal Information has been collected about you, including the categories and sources and/or the specific pieces of Personal Information;
- The right to access the Personal Information, including to obtain a copy that can easily be sent to another data controller;
- The right to request the deletion of your Personal Information;
- The right to correct inaccurate Personal Information;
- The right to opt-out of the sale or sharing of your Personal Information;
- The right to request the limitation of the use and disclosure of your Sensitive Personal Information;
- The right to opt-in to sale or sharing of your Personal Information (if you have previously affirmatively opted-out); and,
- The right not to be discriminated against for exercising any of your rights with respect to your Personal Information.
To exercise any of these rights, please follow the link under “Exercising US Privacy Rights and Choices” and provide the requested information.
We will not discriminate against you for exercising any of your California privacy rights. Unless permitted by applicable law, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or,
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to us at orders@nanajoes.com or contact us using the information provided in the “Contact Us” section.
NEVADA
If you are a resident of the State of Nevada, you have the right to request that Nana Joes Granola not sell the Personal Information we currently have about you or that we might collect about you in the future. Although it is currently Nana Joes Granolas’s policy not to sell our consumers’ Personal Information as a “sale” is defined under Nevada law, if you would like to register an email address with Nana Joes Granola to request that we not sell your Personal Information now or in the future, please follow the link under “Exercising US Privacy Rights and Choices” and provide the requested information.
EXERCISING US PRIVACY RIGHTS AND CHOICES
If you are a resident of California or Nevada and would like to exercise any of the privacy rights made available in the state where you are a resident, please submit a verifiable consumer request to us by emailing us at orders@nanajoes.com with the subject line “Privacy Rights Request.”
Please also note that you are currently only permitted to submit one type of request per email. If you would like to submit multiple request types, please submit a separate emailfor each and we will work with you to process the requests in an appropriate order. For example, if you submit a deletion request and later submit a data portability request, we may have already deleted your Personal Information from our systems and will be unable to fulfill your data portability request.
Additionally, if you have an account on our Website, you may immediately access some of the information that we have collected about you by logging into your account on the Website and navigating to your user profile. Viewing your information through your account on our Website may not provide you with all of the information to which you are entitled.
Only you, or where allowed by applicable law someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. If permitted by applicable law, to designate an authorized agent, you must authorize that agent to act on your behalf and the authorized agent must provide a copy of that written authorization when submitting their request on your behalf.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include:
- Your first and last name;
- Email address(es);
- Street address; and,
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Based on the information you have provided, we will make commercially reasonable efforts to verify your identity against the information already in our systems. In the event we cannot verify your identity, we may request additional information from you so that we may complete your request in compliance with the requirements of applicable law. Please note that if you do not provide the required information, we may not be able to complete your rights request and will be required to deny it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
You do not need to create an account with us to exercise the rights made available to you the applicable privacy laws. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
In some instances, we may deny your request in part in order to continue to provide you with requested benefits from Nana Joes Granola. For example, if you are a member of our Nana Joes Granola loyalty program and you send us a request to delete your Personal Information, we may be required to partially reject the request with account identifiers in order to continue to provide you with access to your loyalty rewards. We carefully consider each request to balance your request against our on-going need to retain certain pieces of your Personal Information in order to provide the other services you have requested from us.
RIGHTS AND CHOICES FOR EU, EEA, AND UK CONSUMERS
If you are a resident of the European Economic Area or the United Kingdom, your local laws provide you with additional rights regarding our use of your Personal Information. The following supplements the information contained in the other sections of this Privacy Policy and applies only with respect to Personal Information collected from residents of countries to which the General Data Protection Regulation (“GDPR”) or UK General Data Protection Regulation (“UK-GDPR”) apply.
Cross-Border Transfers
Nana Joes Granola is a company located in the United States. If Personal Information is collected on our behalf from residents of the European Economic Area or the United Kingdom, that information may be transferred to the United States, which is not subject to an adequacy decision by the European Commission or the UK Information Commissioner’s Office. If Personal Information is transferred to the United States, those transfers will be subject to legal transfer mechanisms that may include the European Commission’s Standard Contractual Clauses and the UK’s International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses. Nana Joes Granola adopts additional measures to protect your Personal Information during cross-border transfers including encryption in transit.
Lawful Bases for Processing
Under GDPR and UK-GDPR, the lawful bases we rely on for processing your Personal Information are:
- You have given your consent to the processing of your Personal Information in connection with the purpose for which you have provided your Personal Information, including other purposes reasonably related to accomplishing that purpose
- Processing is necessary for the performance of a contract
- Processing is necessary for compliance with a legal obligation
- Processing is necessary in order to protect the vital interests of you or another person
- Processing is necessary for the purposes of the legitimate interests pursued by Nana Joes Granola (provided that our interests are not overridden by your interests or fundamental rights and freedoms)
Where you have given your consent to the processing of your Personal Information, you are able to revoke your consent at any time and can do so by following the instructions in the section titled “Your Data Protection Rights” below.
Your Data Protection Rights
Under GDPR and UK-GDPR, you have the right to exercise control over your Personal Information, including:
- Right of access – you have the right to obtain a copy of the Personal Information that we hold about you, including other supplementary information
- Right to rectification – you have the right to have inaccurate Personal Information corrected and to have incomplete Personal Information completed
- Right to erasure – you have the right to have the Personal Information that we currently hold about you erased, subject to certain exceptions (such as if the Personal Information is necessary for us to comply with a legal obligation)
- Right to restrict processing – you have the right to request that we restrict the processing of your Personal Information in certain circumstances
- Right to object to processing – you have the right to object to the processing of your Personal Information in certain circumstances
- Right to data portability – you have the right to obtain the Personal Information we currently hold about you in a structured, commonly used and machine-readable format so that you can transmit that Personal Information directly to another controller or you can request that we transmit that Personal Information for you
You are not required to pay any charge for exercising your rights under GDPR and UK-GDPR.
Exercising Your GDPR or UK-GDPR Rights
You have the right to control your Personal Information as described below. In order to request access to, correct, object to our use and retention of your Personal Information, or to exercise any of your rights related to your Personal Information as described in your local law, please send a request by emailing us at orders@nanajoes.com with the subject line “Privacy Rights Request.”
You can control your Personal Information in the following ways:
- You can ask us to see and/or obtain a copy of the Personal Information we hold about you;
- You can inform us of any changes to your Personal Information, or if you want us to correct any of the Personal Information we hold about you;
- In certain situations, you can ask us to erase, block, or restrict the Personal Information we hold about you, or object to the particular ways in which we are using your Personal Information; and,
- In certain situations, you can also ask us to send the Personal Information you have given us to a third party.
When you contact us to exercise any of the privacy rights described above, please provide the following:
- Your first and last name;
- Your e-mail address;
- Your phone number;
- Your country or countries of citizenship; and,
- A brief description of your request, which can be based on the above list.
Because we do not want your Personal Information to be exposed to someone else, we will make a reasonable effort to confirm your identity before processing your request. This identity confirmation effort may come directly from us or from a trusted vendor.
Nana Joes Granola will only use the Personal Information you provide in connection with your request to check our systems and confirm whether we possess any of your Personal Information and to process any Personal Information access or management requests we receive from you. After we have completed reviewing your request, we may store the information we provide to you for a reasonable amount of time after fulfilling your request in case you have additional inquiries. After the information is no longer necessary, we will automatically delete this information from our records or make it permanently unreadable (masked data).
Any contact information provided in connection with a request to exercise your rights related to your Personal Information will not be used for direct marketing purposes and will not be shared with others unless necessary to verify your identity and/or complete your request.
Response Timing and Format
We will do our best to respond to your request as soon as possible, and, in any event, no later than 30 days after receiving your request. Please note that making multiple requests at one time may slow down our processing of your request. If additional time is required to complete your request, we will notify you of that fact and the reasons why we require additional time to fully respond to your particular request.
In certain circumstances, where we are able to do so, some requests may need to be fulfilled in a logical order. For example, if you request to see what information Nana Joes Granola has about you and at the same time request that Nana Joes Granola erase your Personal Information, we will first provide you with access to your Personal Information, then we may ask you to confirm again that you would like us to delete that information.
In some circumstances, we may not be able to comply with your requests related to your Personal Information. In those cases, we will respond as soon as possible, and, in any event, no later than 30 days after receiving your request. Our response will let you know if and why we are not able to comply and will share information with you about how you can object to the relevant Supervisory Authorities if you think our continued use or maintenance of that information is improper.
How to Complain
If you have any concerns about our use of your Personal Information, you can make a complaint to use using the information contained in the “Contact Us” section below. We request please contact us first so we can try to resolve your concerns. We are committed to working with you to obtain a fair resolution to any complaint or concern you may have about our use of your Personal Information.
If, however, you believe that we have not been able to assist with your request, complaint, or concern, you may have the right to lodge a complaint with the data protection authority in your country (if one exists in your country) or supervisory authority. You can find more information about your data protection authority, including their contact information, by following this link to the European Data Protection Board’s website: https://edpb.europa.eu/about-edpb/about-edpb/members_en. You may also have a right to a judicial remedy if it is determined your Personal Information is being used illegally.
If you are a UK resident, the data protection authority is the Information Commissioner’s Office (“ICO”), which can be contacted using the below information:
- Information Commissioner’s Office
- Wycliffe House
- Water Lane
- Wilmslow
- Cheshire
- SK9 5AF
- Helpline number: 0303 123 1113
- ICO website: https://www.ico.org.uk
Contact Us
If you have any general questions about our Privacy Policy or questions about how we collect, use, or share your Personal Information, or would like to exercise your rights with respect to your Personal Information as permitted by certain laws applicable to consumers as described in greater detail below, please do not hesitate to contact our Privacy Officer by email at orders@nanajoes.com. Nana Joes Granola [Re: Privacy Compliance Officer] 2565 3rd Street San Francisco, California, US 94107-3158.
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
Name | Function |
_ab | Used in connection with access to admin. |
_secure_session_id | Used in connection with navigation through a storefront. |
cart | Used in connection with shopping cart. |
cart_sig | Used in connection with checkout. |
cart_ts | Used in connection with checkout. |
checkout_token | Used in connection with checkout. |
secret | Used in connection with checkout. |
secure_customer_sig | Used in connection with customer login. |
storefront_digest | Used in connection with customer login. |
_shopify_u | Used to facilitate updating customer account information. |
Reporting and Analytics
Name | Function |
_tracking_consent | Tracking preferences. |
_landing_page | Track landing pages |
_orig_referrer | Track landing pages |
_s | Shopify analytics. |
_shopify_sf | Shopify analytics. |
_shopify_s | Shopify analytics. |
_shopify_sa_p | Shopify analytics relating to marketing & referrals. |
_shopify_sa_t | Shopify analytics relating to marketing & referrals. |
_shopify_y | Shopify analytics. |
_y | Shopify analytics. |
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
SMS Abandoned Cart Disclosure
The Nana Joes Granola website uses cookies to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS.
SMS Third-Party Data Sharing
Any data sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties. The practice of sharing personal data to third parties is expressly omitted from the short code program.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Contact Us
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at orders@nanajoes.com or by mail using the details provided: Nana Joes Granola [Re: Privacy Compliance Officer] 2565 3rd Street San Francisco, California, US 94107-3158.
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: https://www.ftc.gov/contact
Updated January 3, 2024.