Privacy Policy

 Good Harvest Co./Garden State Digital, LLC Privacy Policy

 Updated February 1, 2019

 Consumer Privacy & Data Governance is critical to our Core Values.

Garden State Digital d/b/a Good Harvest Co. (“GHC”, “we,” “us,” “our,” or the “Company”) provides a technology platform designed to help website operators manage and protect consumer data. Our overarching goal is to make digital media less creepy and more productive for consumers, publishers, and advertisers. That’s why we take data privacy and data piracy very seriously. This privacy policy applies to Garden State Digital d/b/a Good Harvest Co. websites, including https://www.goodharvest.co s(the “GHC Site”) and to our technology platform, Good Harvest Co. (the “Platform”).  This privacy policy describes how we collect, receive, use, and share personal information on the GHC Site and our Platform, as well as choices regarding use, access, and correction of personal information.

GHC is not in the business of setting industry standards, but we do all that we can to advance industry dialogue and improve standards of practice. We provide a Platform that enables our customers to manage their digital data subject to their own privacy policies. In that way, we enable our customers to manage their data in a responsible way, and we empower consumers to better understand what data is collected via the Platform and how it is used.

While not currently members, GHC  adheres to the best practices & standards of the Network Advertising Initiative (“NAI”) and adhere to the current NAI Code of Conduct. We also adhere to the Self-Regulatory Principles of the Digital Advertising Alliance (“DAA”) in the U.S. and Canada (“DAAC”), and to the standards regulated by the European Interactive Digital Advertising Alliance (“EDAA”). We seek to maintain alignment with standards established by industry groups such as the Interactive Advertising Bureau (“IAB”), NAI, and DAA, and we are members in good standing of the IAB, NAI, and EDAA.

 GHC Website

The GHC Site is primarily directed to our customers (our “Customers”) and prospective customers, which are generally businesses. We don’t collect non-pseudonymized personal data such as email addresses or telephone numbers from the GHC Site unless it is provided to us. For example, a user may choose to send us an email that contains their personal data, or download a white paper, in which case we’ll ask for contact information such as their name, company name, email, and telephone number in order to process the user’s request. Our Customers typically provide non-pseudonymized personal data in order to set-up an account with us, including their name, home or business address, email address, and/or telephone number.  We use the non-pseudonymized personal data we’re provided to answer questions, send requested information, and/or to service our Customers’ accounts.

We also collect pseudonymized personal data, or non-personally identifiable (non-PII) data through the GHC platform. Non PII data is information that cannot by itself be used to directly identify a particular person or entity, and may include an IP host address, pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of a visit to a website, the referring URL, and a computer or device’s operating system. We do not enable our Platform on the sections of the GHC Site that enable our Customers to login and manage their accounts, nor is the technology employed within the Platform (e.g., the user interface).

In order to enable the GHC Technology, GHC will provide Client with tracking code / tags to be inserted in Client’s designated website and Client will insert or implement, as applicable, such tracking code / tags as instructed by GHC. GHC may, from time to time, provide Client with updated tracking code / tags, e.g. if necessary, to update the GHC Technology and Client will insert or implement such updated tracking code / tags as instructed by GHC. Client will not modify, or attempt to modify, such tracking code / tags or any other part of the GHC Technology, nor will Client reverse engineer, disassemble, decompile or otherwise analyze or alter any part of GHC’s Technology. Client will comply with any applicable laws relating to the use of tracking codes / tags, including, where applicable, providing notice to and receiving consent from users.

 GHC Technology Platform

GHC is an agent working under the direction of our Clients which are generally website and/or mobile application owners or operators, brands and/or retailers that use our Platform. We offer a Data Management Platform (DMP) that collects Non-PII from Internet users when they visit the website or mobile applications of one or more of our Clients (the “Client Site” or “Client App”, collectively, the “Client Site(s) and App(s)”). We don’t place PII on the Platform nor do we allow or facilitate our Clients to do so. We may set additional rules for our Clients regarding how information is collected and used on the Platform, but such data is collected and used subject to the individual privacy policy for each Client. We use a number of different technologies to maintain user state, collect data, and to help us operate the Platform and describe some of them below.

 HTTP Cookies

GHC uses cookies in connection with the Platform, including on the GHC Site and Customer Sites. Cookies are small, often encrypted text files, located in browser directories. All GHC cookies other than the GHC Opt-Out cookie expire automatically if the user has not visited the Customer Site of any of our Customers for six (6) months. When a user visits one of our Customer Sites, the user is assigned a unique, pseudonymized GHC user ID that is placed into an HTTP cookie which is then placed on that user’s computer or device.

 HTML5 Cookies

GHC uses HTML5 cookies in connection with the Platform, including on the GHC Site and Customer Sites. An HTML5 cookie is also known as HTML5 Web storage and is an alternative to the commonly used HTTP browser cookie. GHC uses HTML5 cookies as a backup storage mechanism to HTTP cookies; storing both ad targeting data (such as pages viewed and browsing habits) as well as user opt-outs in both HTTP and HTML5 cookies.

 Pixel Tags

We also use pixel tags in connection with the Platform, including on the GHC Site and Customer Sites. Pixel tags (also known as web beacons) are small strings of html or JavaScript code that provide a method for delivering a graphic image on a Web page or other document. Pixel tags may be used to obtain information about the computer or device being used to view a particular Web page such as the IP address of the computer or device to which the pixel tag is sent, the time it was sent, the computer or device’s operating system and browser type, and similar information.

 Mobile Device Identifiers

GHC is not currently, but plans to use and store mobile device identifiers such as the Android Advertising ID and Apple iOS IDFA (collectively Mobile Ad ID’s/MAIDs) in connection with the Platform only in the event Customers ask GHC to collect and store information via Customer Apps. Mobile device identifiers enable users to be uniquely identified via the Platform, enabling the Platform to store ad targeting data.

 How We Collect and Use De-identified and/or Pseudonymized Personal Data via our Technology    Platform

GHC offers a technology Platform for website and mobile application operators, and we utilize the Platform when users visit the GHC Site. When a user visits the website or mobile application of one of our Customers (the “Customer Site” or “Customer App,” collectively, the “Customer Site(s) and App(s)”), the Customer collects and transfers to GHC and/or enables GHC to collect pseudonymized personal data related to that user’s visits to the website or mobile app (our Customer’s “Session Data”). It is entirely under Customer’s control whether and to what extent the Platform collects Session Data. This Session Data may include information about how the user came to the Customer Site and App, which search engines they use, the search terms used to find the Customer Site, their experience on the Customer Site and App, information about how they interact with the Customer Site and App, demographic information that the Customer has collected from that user and other visitors, data from third-party data providers, and information regarding how users interact with advertisements on the Customer Site and App.  Additionally, browsers automatically send certain standard information to every website a user visits, such as an IP address, browser type and language settings, access times, and referring website addresses. This information is collected during visits to each Customer Site and App, including the GHC Site. We make Session Data accessible only to each individual Customer. The Customer typically uses this data on our Platform to deliver targeted advertising campaigns both on the Customer Site and App as well as off their sites and apps. For example, Customers may use the Platform to help them find interested users and to deliver ads that attempt to bring those users back to the Customer’s Site and App.  Where our systems can reasonably infer that a particular computer and/or mobile device belong to the same user or household, we may store such information for use on the Platform. The data stored on our Platform may be combined with third-party data (for example, geolocation data provided by a vendor) in order to better target advertisements, to enable Customers to better understand users across multiple computers and devices, and for ad delivery and reporting purposes.

While GHC does not allow non-pseudonymized personal data directly onto the Platform, we do receive non-pseudonymized personal data from Customers outside of the Platform. Customers may submit the personal data as part of an onboarding process whereby Customer engages a third-party technology partner to pseudonymize the personal data prior to import onto the Platform.

GHC does not directly share pseudonymized personal data with either partners or third parties.  Customers may choose to share their pseudonymized personal data with others at their discretion, and GHC may assist them to share user data collected on those Customer Sites and Apps. Reporting is done at the aggregate level, with no user-level information accessible.

 How We Use and Share Personal Data

We aim to keep non-pseudonymized personal data off of our Platform and do not intentionally collect non-pseudonymized personal data via the Platform. As described above, we may obtain non-pseudonymized personal data when visitors to GHC choose to provide it. For Customers who have set-up an account with GHC, we use the non-pseudonymized personal data we have to administer their account. When Customers terminate their accounts, GHC removes their pseudonymized personal data from our systems within a reasonable time following such termination, subject to our right to retain (i) copies of transactions between the Customer and GHC and related payment information, (ii) information relating to any dispute or potential fraud, (iii) any additional information that in GHC’s discretion we need to keep to protect our legal rights or the rights of others.

From time to time, GHC engages with partners to perform services on behalf of GHC or other Customers who use our services, in order to perform requested services. For example, we may provide information to corporate affiliates, or to third parties under contract with GHC (“Contracted Parties”) to provide services such as credit card verification and processing, fraud detection and prevention, or data hosting.  In all cases, Contracted Parties are contractually required to maintain the confidentiality of personal data and may not use it for purposes other than performing the specific services on behalf of GHC.

Other than such disclosures to Contracted Parties, GHC may also disclose personal data if such disclosure is required for GHC to comply with valid and binding legal requirements, to protect GHC’s rights or property (or that of GHC Customers), and/or where needed to protect personal safety.  For example, GHC may be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we are required to disclose information in response to legal process or a government request, we will attempt to notify affected users for which we have contact information, to the extent we are legally permitted to do so.

Finally, GHC may transfer information, including any pseudonymized personal data, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If GHC is involved in a merger, acquisition, or sale of all or a portion of its assets, users will be notified via email and/or a prominent notice on the GHC Site of any change in ownership or uses of pseudonymized personal data, as well as any choices users may have regarding their pseudonymized personal data. We may disclose your personal information to any third party with your prior consent.

 CalOPPA – (CALIFORNIA ONLINE PRIVACY PROTECTION ACT)

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy.

See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

 According to CalOPPA we agree to the following:

  • Users can visit our site anonymously
  • Once this privacy policy is created, we will add a link to it on our home page or as a minimum on the first significant page after entering our website
  • Our Privacy Policy link includes the word ‘Privacy’ and can be easily be found on the page specified above.
  • Users will be notified of any privacy policy changes on our Privacy Policy Page
  • Users are able to change their personal information by logging in to their account

 Children, Sensitive Data/COPPA

In accordance with industry standards and law (e.g., the Children’s Online Privacy Protection Act (“COPPA”) regulations in the U.S.), we do not knowingly collect, administer, or enable the commercial use of personal data relating to children less than 13 years of age. If we become aware that a child under 13 has provided us with any information that would require compliance with the COPPA, then we will delete this information from our databases.

GHC does not knowingly collect, use, or store any sensitive information on our technology Platform.  Sensitive information (“Sensitive Data”) includes certain types of information associated with a specific individual, such as Social Security Numbers or other Government-issued identifiers, financial account numbers, sexual orientation, religion, actual knowledge of an individual’s past, present, or potential future health or medical conditions or treatments (such as diabetes, heart attacks, etc.) including genetic, genomic, and family medical history, and actual knowledge of or inferences based on certain sensitive health conditions (e.g., cancer, STDs). Sensitive Data also includes information deemed sensitive by a particular jurisdiction. For example, laws of the European Union, Australia, and Canada have additional restrictions on the use of Sensitive Data as defined by those jurisdictions. GHC imposes rules around delivering targeted advertisements via our Platform based upon knowledge of precise medical conditions or other Sensitive Data.  Customers may request that GHC collect non-sensitive data for items such as skin care products, diet pills, allergies medications, and cold and flu treatments in order to target advertisements and as otherwise specified by each Customer’s privacy policy.

 Your Choices as a Consumer

 Ability to Opt-Out

Browser Opt-out: GHC offers a one click web browser opt-out solution for users who wish to opt-out here. If you choose to opt-out, GHC deletes any targeting data it may have for your browser, and we will no longer enable our Customers to target that browser using our technology Platform.  You will likely still receive generic advertisements, but GHC technology will have no input or impact on tailoring those ads to be more relevant to your interests.  Please note that if you delete, block, or otherwise restrict cookies, or if you use a different computer, device or Internet browser, you will need to renew your opt-out choice. Also, because we utilize HTML5 cookies to record your opt-out choice, it may take an additional visit to one of our Customers’ websites for your opt-out choice to go into effect. To the extent that a particular browser and a mobile device are linked via our Platform, opting out will sever the link. If you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

We also partner with third parties to display advertising on our Website or to manage our advertising on other sites. Our third party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here, or if located in the European Union click here. Please note you will continue to receive generic ads.

Mobile App Opt-out – GHC honors the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your Android or iOS device and select “limit ad tracking” (Apple iOS) or “opt-out of interest based ads” (Android). On devices where we see that such a selection has been made, we will no longer collect data from that device, nor will we target that mobile device via the GHC Platform. To the extent that a particular browser and a mobile device are linked via our Platform, opting out will sever the link.  You may also find additional information about delivering targeted advertising to mobile devices and your choices with respect to GHC and other companies who are members of the self-regulatory organizations below.

http://optout.networkadvertising.org/?c=1

http://www.aboutads.info/

https://youradchoices.com/appchoiceshttp://www.youronlinechoices.com

Do Not Track: Some web browsers offer a mechanism, known as a “Do Not Track” (“DNT”) signal, that allows a user to elect to stop the collection of certain browsing data by websites and technology companies. Currently, the standards regarding the DNT signals and appropriate responses are not defined.  As a result, GHC is experimenting with DNT and may place an opt-out cookie on computers or other devices when we see a valid DNT signal.

Delete Personal Data/Access: While we don’t knowingly obtain non-pseudonymized personal data via our technology Platform, if you’ve provided GHC with personal data via the Website (e.g., by signing up for a product demonstration or white paper, sending us an email, or by registering with GHC as a Customer), GHC provides the ability for users to obtain and correct or request destruction of information maintained by GHC by sending an email to privacy@goodharvest.co or by contacting us at the address noted below. We will answer these requests within a reasonable time. For information that we are storing on behalf of our Customers, the GHC has no direct relationship with the individuals whose personal data we’re processing.  An individual who seeks to access, or who seeks to correct, amend or delete such data, should direct his or her query to our Customer and, if requested to remove data, we will respond within a reasonable timeframe.

Data Retention / Minimization

GHC stores customer contact information such as email address or billing details so long as you continue to have a business relationship with us. You may ask us to delete that information by following the instructions above.

Our cookies and similar tracking technologies expire six months from the last time our systems encounter a particular computer or device.

Security

We take commercially reasonable efforts to maintain security protections in accordance with industry practices to protect data we collect from loss, alteration, destruction, misuse, and unauthorized access or disclosure. We have policies to help maintain control and physical security of the facilities used to store data, only allow access to authorized personnel, and restrict access to data to those employees, contractors and agents that have a need to know the information in order to provide and support our services. All GHC employees are bound by confidentiality obligations and may be subject to disciplinary or legal action if they fail to meet these responsibilities.

We process information in a way that is compatible with and relevant for the purposes for which it was collected. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current, and reliable for its intended use.  We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.

GDPR & Handling of Personal Data From the European Union (EU) or Switzerland

GHC adheres to the principles of the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Information about the Privacy Shield principles can be found on the US Department of Commerce website.  A violation of GHC’s commitment to Privacy Shield may be investigated by the Federal Trade Commission (FTC). If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield Frameworks, and to view our certification page, please visit the U.S. Department of Commerce’s Privacy Shield List, https://www.privacyshield.gov. If GHC received personal data about you from the EU or Switzerland, pursuant to Privacy Shield you have the following rights and options in addition to those explained elsewhere in this policy:

  • Access. You have the right to ask GHC whether it has received personal information about you from the EU or Switzerland and, if so, what data GHC has received.  Although GHC will attempt in good faith to respond to your request, it may not be able to provide the requested information in all situations.  For example, GHC may not be able to provide the information that you request if it imposes an undue burden or expense, requires GHC to release confidential commercial information, or requires the disclosure of information relating to another person.  You can submit a request for information via privacy@goodharvest.co, or via mail to Attn: GHC Privacy, 4 Mark Cermele Court, Lawrenceville, NJ, 08648.

 

  • Correction.  You have the right to ask GHC to correct the personal information that it receives about you from the EU or Switzerland.  Although GHC will attempt in good faith to respond to requests to correct information, it may not be able to make the correction in all situations.  For example, GHC may not be able to correct information about you if it would impose an undue burden or expense, or require GHC to change information relating to another person. You can submit a request to correct information via privacy@goodharvest.co, or via mail to Attn: GHC Privacy, 4 Mark Cermele Court, Lawrenceville, NJ, 08648.

 

  • Onward transfer.  As discussed above, GHC may share information with third parties that provide GHC with service.  The GHC is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.  GHC complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.  If such an entity takes an action that is contrary to the principles of the EU-US Privacy Shield or Swiss-US Privacy Shield, GHC shall be liable for those actions unless it can prove that it was not responsible for causing such actions.

 

  • Inquiries and Complaints:  GHC has committed to attempt to resolve privacy complaints under the EU-US Privacy Shield and Swiss-US Privacy Shield Principles. You may direct any inquiries or complaints concerning our Privacy Shield compliance to privacy@goodharvest.co. GHC will respond within 45 days. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If neither GHC nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel, as described on the Privacy Shield Website: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.   

 Changes, Questions, and Communication

From time to time, we may update this privacy policy to reflect changes in industry standards or evolving legal requirements when necessary, and all changes will comply with regulatory, legal, and industry standards. Please review this privacy policy from time to time to remain informed regarding how GHC is protecting your information.  If we decide to utilize information about you for a purpose that is significantly different from the one described in this privacy policy, or that was conveyed to you, we will give you the chance to consent to have your data used in that way (e.g., opt-in).

If you have any questions regarding this privacy policy, or if you would like additional information, please contact us at privacy@goodharvest.co, or via mail to Attn: GHC Privacy, 4 Mark Cermele Court, Lawrenceville, NJ 08648.

If we are required to contact you concerning your information, we may do so, if permitted by law, via email, telephone, and/or mail.

X

Contact Form