Spring Mountain Vineyard (“SMV”) understands how important privacy is to you as a user or purchaser of our products and services (“User”).
We collect and process personal data about you with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
Users in Non-US Jurisdictions: This website is designed for Users in the United States, and we only ship products to United States and US territories. Spring Mountain Vineyard is headquartered in California and our collection, storage, and use of your information necessarily involves the transmission of data on an international basis. If you are in the European Union, Canada, or elsewhere outside of the United States, please be aware that information you send us or that we collect will be processed in the United States.
1. CATEGORIES OF INFORMATION WE COLLECT
The personal data we collect depends on how you interact with us, the Services you use, and the choices you make.
Information You Actively Provide to SMV. We collect information that you provide us with, including:
- Identifiers and account information such as username and password, name, address including country, telephone number, and e-mail address.
- Characteristics of protected classifications (e.g., gender, age)
- Demographic information such as birthdate, and similar demographic details.
- Payment and commercial information such as credit or debit card numbers and account numbers. Note that credit or debit card numbers are immediately transmitted to and stored by our third-party payment processor. We do not store credit or debit card numbers.
- Content and files such as photos, documents, or other files you upload to our services. If you send us email messages, tag us on social media or other communications, we collect and retain those communications.
Information You Provide in Public Areas on SMV Sites. Users can browse, find, follow, tag, message, comment or otherwise participate in public areas of our Services, social media, etc. By choosing to participate in these public areas of our Sites, please be aware that any information submitted through these areas is not private and your information, including personal data, associated with SMV or your other linked third-party accounts may be displayed to the public.
Please use caution in disclosing personal data in these public areas.
- Information We Automatically Collect. When you use our Services, some information is automatically collected, including: Identifiers and device information, such as your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in the Cookies and Similar Technologies section below, our websites and online services store and retrieve cookie identifiers, mobile IDs, and other data.
- Geolocation data, depending on your device settings.
- Usage data, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, searches you made on our Sites, access times, and other details about your use of and actions on our Site.
Third Party Sources of Information. We may also obtain certain information described above from third parties. These third-party sources include, for example:
- Third party partners and services, including social networks you choose to connect with or interact with through our services.
- Service providers that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address or provide email campaigns such as Mailchimp.
Cookies and Similar Technologies:
What are cookies and similar technologies?
Cookies are small text files placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.
We use these technologies in our websites, apps, and online services to collect personal data (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our services, including personal data about your online activities over time and across different websites or online services. This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, deliver and tailor interest-based advertising, combat fraud, and fulfill other legitimate purposes.
What controls are available?
- Browser cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
- Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
- Email web beacons. Most email clients have settings which allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.
- Do Not Track. Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
California “Do Not Sell My Info”
The California Consumer Protection Act (“CCPA”) requires us to disclose categories of personal data sold to third parties and how to opt-out of future sales. The CCPA defines personal data to include online identifiers, including IP address, cookies IDs, and mobile IDs. The law also defines a “sale” to include simply making data available to third parties in some cases. We let advertising and analytics providers collect IP addresses, cookie IDs, mobile IDs, along with associated device and usage data, through our sites when you use our online Services, but do not “sell” any other types of personal data.
If you do not wish for us or our partners to “sell” your personal data to third parties for advertising purposes, you can make your Do Not Sell Request by visiting the opt-out links described above under “Analytics information” and “Advertising.”
Note that although we will not “sell” your personal data after you click those links and follow opt-out instructions, we will continue to disclose some personal data to our partners (acting as our service providers) to help us perform advertising-related functions such as, but not limited to, measuring the effectiveness of our ads, managing how many times you may see an ad, reporting on the performance of our ads, ensuring services are working correctly and securely, providing aggregate statistics and analytics, improving when and where you may see ads, and/or reducing ad fraud. Further, clicking the link will not necessarily opt you out of the use of previously sold personal data or stop all interest-based advertising. If you access this site from other devices or browsers, visit the links above from those devices or browsers to ensure your choice applies to the data collected when you use those devices or browsers.
Other information related to your right to opt-out from sales of personal data is contained in the “California Residents” section of this Policy.
2. HOW WE USE YOUR INFORMATION.
- Product and service delivery, for example to fulfill your order or schedule your visit.
- Business operations, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
- Improvement, development, and research, for example to develop new services or better understand our current services.
- Personalization, to better understand you and your preferences to enhance your experience and enjoyment using our services.
- Customer support, such as responding to your questions.
- Communications, including via email and text message to send you information such as confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
- Advertising, including through third party advertising services.
We also combine data that we collect from different sources for these purposes to provide you with a more seamless, consistent, and personalized experience.
3. DISCLOSURE OF YOUR INFORMATION.
SMV may disclose personal data to third parties as follows:
- With your consent or when we utilize our authorized third-party service providers. We use service providers to help us run our business and perform various functions related to the Services. Service providers process your personal data only on our behalf subject to confidentiality agreements and do not further disclose or sell your information. For example, eCellars provides our current web store services on our behalf and they may collect personal data from you as our service provider.
- Financial services and payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
- Business transfers. We may share your information in connection with or during negotiation of a substantial business transaction, such as the sale, merger, financing, acquisition, consolidation, asset sale, or in the unlikely event of bankruptcy, dissolution transaction, or other transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company.
- Legal purposes. We may disclose your information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, debt collections, or government inquiries, and to protect and defend the rights, interests, property, safety, and security of SMV, our Users, or the public.
- Safety, security, and protecting rights. We will disclose personal data if we believe it is necessary to protect our customers and others, operate and maintain the security of our services, and/or to protect the rights or property of ourselves or others.
Categories of information shared with third parties. The categories of information that we may share with third party advertising and analytics companies is described in our Cookies and Other Technologies Section above. The categories of information that we may share with other third parties described above for business or commercial purposes or have shared during the preceding twelve (12) months, includes all the categories of personal data described in “Information We Collect” above.
Please note that some of our services include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or allow us to share personal data with them, that data is governed by their privacy policies.
Finally, we may share de-identified information in accordance with applicable law.
4. CHOICE AND CONTROL OF PERSONAL DATA.
Communications Preferences. You can choose whether to receive promotional communications from us by email, SMS, and telephone. If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in that message or by contacting us as described in the Contact Us section below. If you receive a sales call from us, you can ask to be placed on our do-not-call list. For promotional emails, you can click “unsubscribe” in the email to unsubscribe from future promotional email communications. These choices do not apply to certain informational communications including surveys and mandatory service communications.
Account Updates. If you are a registered user of one of our websites or applications, you may make changes to certain information, such as your contact information, by logging into your account on that website or application and navigating to your account or your profile within that website or application to update or correct your information directly in each website or application. Please note that not all of the information we have collected about you is available through your account or profile within our websites or applications.
Choices for Cookies and Similar Technologies. See the Cookies section for choices about cookies and other analytics and advertising controls.
Under California law, if you are a California resident and the processing of personal data about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information. Your rights include:
- Right to Request Deletion: You also have a right to request that we delete personal data under certain circumstances, subject to a number of exceptions.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your California Consumer Privacy Act rights.
To exercise your options as described below, you may contact us in one of two ways: by telephone at 707.967.4188 or by submitting a request to email@example.com. To effectively exercise your privacy options, you must use one of these Communication Methods. To help us respond as you expect, please specify that you are making a request under the California Consumer Privacy Act. We may need to request specific information from you to help us confirm your identity. If you provide us with proof of identity containing information that does not match our records, we may request further proof of identity from you.
We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the needed extension period in writing. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
SMV will do its best to accommodate any request to delete or properly dispose of any copies of your personal data, but we cannot guarantee we can eliminate all personal data from the specified uses. Therefore, please be as specific as possible in any request to delete or dispose of copies of your personal data. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise to perform a contract we entered into with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Finally, you have a right to receive notice of our practices at or before collection of personal data, and you have a right to not be discriminated against for exercising these rights set out in the CCPA.
We are required to verify the identity of any person submitting any of the above requests (other than a request to Opt-Out of Sale). Initially, we will ask you to provide identifying information when you submit a request through a Communication Method. Providing accurate information that matches our records will help us identify the correct information. We may then ask you to submit evidence proving your identity, which could include government issued IDs, signed statements, etc. The evidence we may request from you, and the degree of certainty we will be required to reach regarding your identity and the authenticity of your request, will depend upon the nature of your request, the nature of the information we have about you, and your ability to furnish information. If we ask you to verify your identity, you must promptly cooperate with our efforts so that we can fulfill your request. If you do not comply, your request cannot be fulfilled; and if you delay in complying, the fulfillment of your request is likely to be delayed as a result. Any additional information collected from you for verification will be deleted once the purpose for the verification has been satisfied.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. We may also deny a request from an agent that does not meet the requirements for authorized agents under the CCPA.
Third Party Marketing
Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal data to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal data to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal data to any third parties for their direct marketing purposes as defined by this law.
California Customers may request further information about our compliance with this law by e-mailing firstname.lastname@example.org. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated e-mail address.
CHILDREN UNDER THE AGE OF 16
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any personal information on the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at the email address below.
SECURITY OF PERSONAL DATA
We use commercially reasonable procedures and various technical, administrative and physical safeguards to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction. Please be aware, though, that despite our efforts, no measures to safeguard data are perfect, and we cannot guarantee complete security.
To help us protect personal data if you set up an account with us, we request that you use a strong password. You should keep this password confidential and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us. Unfortunately, sending any information, including personal data, via the internet is not completely secure. We cannot guarantee the security of any personal data sent to our site while still in transit and so you provide it at your own risk.
Still Have Questions?