Privacy Policy

>>Go here for California Transparency Act Policy

Community Coffee Company, L.L.C., is a Louisiana-based coffee company that sells coffee directly to consumers from the Carolinas to Texas by having its product on re-seller shelves, internationally and nationally through its website and through Amazon, Wal-Mart, and other third-party website distribution.

We collect personal information you choose to share with us and our partners for a number of reasons, the primary ones of which are so we can provide you with a more customized experience and so we can determine products and services that you might be interested in and bring those to your attention. 

This policy has been updated to reflect EU Regulation 2016/679 General Data Protection Regulation (GDPR) principles and applicable law effective from 25 May 2018 onwards and explains our data collection and processing practices and your options regarding the ways in which your personal data is used. It forms part of our contract with you and should be read together with our Website Terms of Use, and any other documents referred to in this policy. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Please read this Privacy Policy, which includes our policy regarding cookies, carefully, along with our Terms of Use (collectively, the “Agreement”). By continuing to use our Services, which includes accessing our website https://www.communitycoffee.com; by providing us information about yourself, including personally identifiable information (defined below) in person, over the phone or via email; and by providing information to make purchases of our product(s); by creating an account with us; or by signing up for one of our partnership opportunities, you are expressly consenting to the collection, storage, use and disclosure of your personal information as described in this Privacy Policy. 

 

1.         INTRODUCTION TO OUR PRIVACY POLICY

We at the Company know that our users care how their personally identifiable information (“Information”) is used and shared, and we take your privacy seriously. This Privacy Policy  describes how we collect, use and disclose Information when you use any of our Services, including but not limited to: 

  • Any website or mobile application the Company’s, including www.communitycoffee.com (the “Website”), and any other site, mobile application or online service where these Terms of Use are posted;
  • Company online platforms and related offerings; and
  • By providing us information about yourself, including personally identifiable information, in person, over the phone or via email.

By visiting or using the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Agreement.

You must be 18 or older to use our Services. Minors under 18 and at least 13 years of age are only permitted to use our Services through an account owned by a parent or legal guardian with their appropriate permission and under their direct supervision. We do not knowingly collect or solicit Information from anyone under the age of 13 or knowingly allow such persons to register for the Service. 

We do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register for the Services. If you are under 13, please do not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at privacy@communitycoffee.com
 
By visiting or using Website or the Services, you will be providing us or allowing us to collect information, which may include personally identifiable information, and also personally consent to the collection, use and transfer of your information under the terms of this policy. 

2.         WHAT INFORMATION WE COLLECT

Information You Provide to Us

You don’t have to create an account to use some of our Services. However, you may create an account or subscribe to receipt email notifications of promotions and other offerings by providing us certain information, such as your contact information including your name, telephone number, email and physical address and by providing us financial information sufficient to allow us to contact you or otherwise charge you for products. You may also create an account with us by providing us your contact information and by creating a username and password. 

If you are paying for any of our Services, standard payment and billing information is required. We do not require users to provide their race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual orientation or criminal record in their account. Please do not post or add personal data to any information sheet, inquiry, survey, online form, or other content that you provide to us that you would not want to be publicly available.

Depending on which Services you choose to use, additional information may be collected and stored, if necessary in order for us to provide a particular Service. Such information includes:

(i) contact information, such as name, email, address, country/province/state, and phone number;

(ii) and financial information for billing purposes;

(iii) transactional information based on your activities on the Website;

(iv) shipping, ordering, billing and other similar information you provide to purchase or ship an item;

 (v) computer sign-on data, time and date data, statistics on page views, your IP address, your GPS location, the type of computing environment you use, and traffic to and from the Website (including data about you whenever you interact with the Website, such as when you search, click on links, send messages, make comments, replies or queries, and select best replies);

(vi) other technical information or data collected from Website traffic, including IP address and standard web log information and information gathered from cookies, beacons and other mechanisms;

(vii) supplemental or additional information we may request from you in the event previous information you’ve provided cannot be verified;

(ix) information that you opened or otherwise interacted with an email and what email you opened or otherwise interacted with; and

(x) other information that you voluntarily provide to us. 

 

Information Collected Automatically By Us / Our Policy Regarding Cookies

Click HERE for our Cookie Policy.

Information from Third Parties and Advertisers

We work with third party advertisers, networks, and service providers who assist us in managing or providing the Service (e.g., payment processors) and who collect some of the information described above. These third parties also help us understand how users interact with our content or offerings. We may also collect contextual or demographic data about our users from third parties, in order to more effectively deliver the Service or content in which we think you would be interested. Unless you have been notified otherwise, all information collected through our authorized third party service providers remains governed by security and confidentiality obligations consistent with this Policy and applicable law.

Using Other Sites to Login to our Websites or Services

Some users may choose to connect to our Website or Services using third-party account credentials (for example, your Facebook login or YouTube account). If you choose to connect your account using a third-party account, you understand some of your Information may be shared with us or the respective third-party platform. Your information may also be subject to separate policies of such third-party platform. You should review those policies before providing consent. Connecting your account to third-party applications or services is optional. You can revoke this permission anytime in your account settings.

Advertisements

Some of our Services allow advertisers and their networks to collect and use certain anonymous Information about you (e.g. click stream information, browser type, time and date, subject of advertisements clicked or scrolled over) in order to provide advertisements of interest to you. These companies typically use a cookie or third party web beacon to collect this information. To learn more about this behavioral advertising practice or to opt-out of this type of advertising, you can visit networkadvertising.org.

Other

Our Services are dynamic, and we often introduce new features, which may require the collection of new information. If we collect materially different personal data or materially change how we use your data, we will notify you and may also modify this Privacy Policy.

3.         WHY WE COLLECT AND HOW WE USE YOUR INFORMATION

How we use your Information will depend on which Services you use, how you use those Services and the choices you make in your settings. The primary reason we collect Information is to provide and improve our Services, to allow us to work with our partners who contract with us to provide marketing services for their products and services, and to provide you with a more customized experience on our Services.

The following is a summary of more specific ways we may use your personal information:

  • The following is a summary of more specific ways we may use your personal information: 

    • To deliver the Service to you
    • To correspond and communicate to you with respect to delivering the Service
    • To notify you about any changes to our Service to you
    • To allow you to participate in the Service
    • We use credit/debit card information solely to collect payment from you and we use a third-party service provide to manage that processing and it is not permitted to store, retain, or use that information except for the sole purpose of processing credit/debit information on our behalf
    • To provide payment processing and account management, operate, measure and improve our Service, keep our Service safe, secure and operational, and customize Website content 
    • As part of our efforts to keep you safe and secure 
    • To contact you regarding your account, to respond to your requests or questions, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed or as otherwise necessary to provide you customer service 
    • To send you transactional communications. For example, we might send you emails about your purchase or to confirm your registration for an event. We might also contact you about this policy or our website terms and/or to send an email on behalf of our marketing partners
    • To provide other services requested by you as described when we collect the Information  
    • To share with our marketing partners for marketing purposes or to use for our own marketing purposes. For example, to send you information about events or special promotions, to tell you about new features or products, etc. To learn about your choices for these communications, read Section 8.2 below 
    • To determine your level of engagement with email or promotional marketing materials that are send to you, including whether you opened an email or promotional marketing materials and/or otherwise engaged with it
    • To improve our Services, for example by reviewing information associated with stalled or crashed pages experienced by users allowing us to identify and fix problems and give you a better experience 
    • For security purposes. To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities and/or attempts to harm our users 
    • To monitor and improve the information security of our Websites and mobile applications 
    • To comply with governmental regulations or to respond to a subpoena or other governmental, court, administrative order/requirement;
    • To hire, train, and manage our staff;
    • To support the functions of our human resource management, including the coordination of third-party vendors that provide insurance and personal financial services such as retirement planning and savings and investment accounts;
    • To carry on our business and serve our customers as described above; 
    • For other purposes with your consent;
    • We may combine information received from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above. 
    • To enforce our Terms of Use, this Policy, or other policies, and to monitor for violations of our policies or applicable laws 
    • We also use Information as otherwise described in this Policy, permitted by law, or as we may notify you

    The collection of personal information shall be limited to that which is necessary for the purposes identified above.
     

The collection of personal information shall be limited to that which is necessary for the purposes identified above.

4.         HOW YOUR INFORMATION IS SHARED

We may share non-personally identifiable information, such as aggregated user statistics, with third parties. We do not share your personal information with third parties for third-party marketing purposes, or for any other purpose other than as described in this Privacy Policy. 

We may share the information we have collected about you, including personal information, as disclosed at the time you provide your information and in the following circumstances:

 

            4.1       Sharing by you

Certain Services offered are social by their very nature, so your participation in such a Service will allow others to see your name and/or username, profile picture, social profile, and any other content you upload or disclose through that profile.Certain Services offered are social by their very nature, so your participation in such a Service will allow others to see your name and/or username, profile picture, social profile, and any other content you upload or disclose through that profile.

            4.2       Sharing by us

We share your Information with third parties as listed below and as otherwise described elsewhere in this Policy:We share your Information with third parties as listed below and as otherwise described elsewhere in this Policy:

Internally With our Employees/Agents      

We will share your Information with are employees/agents who are responsible for providing you the Services in line with the scope of their employment/agency with us.

Externally with Business Partners

We will share your Information with analytic companies, such as Google, Facebook, and Hotjar that will help us gain a better understanding of who uses our Service, the buying patterns, understanding their preferences, their demographics so we can better market and find service offerings for those people and perform similar analytic functions. These third parties are contractually prohibited from sharing your information with any other enterprises and are contractually barred to only use the Information we provide them for the reasons we are disclosing to you in this Privacy Policy. For more information about our business partners’ data sharing and use practices, please review their privacy policies and disclosures which are all available via their websites.

 
Business Transfers

We may choose to buy or sell assets. In these types of transactions, customer Information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired or merged, or if we go out of business, enter bankruptcy, or go through some other change of control, Information would be one of the assets transferred to or acquired by a third party.

Protection of Company and Others

We reserve the right to access, read, preserve, and disclose any Information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, interests, or safety of our Company, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

Legal Obligations

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Compliance

Where we are requested to provide information by authorized third parties or regulatory or governmental agencies investigating illegal activities;

Emergency

Where we believe that an emergency, illegal activity or some other reasonable basis exists for notifying the relevant authority.

Aggregated and Anonymized Information

We also may share (within our affiliated entities or with third parties) aggregated or anonymized information that does not explicitly identify you or any individual user of our Services. From time to time, the Company may provide demographic and statistical information to prospective partners for the purposes of securing advertising and/or for general promotion of the Service. This disclosure will not share any personal information of individual users but is intended to give a broad overview of the Service’s membership.

5.         THE SECURITY OF YOUR INFORMATION

The security of your Information is important to us. We take commercially reasonable security measures, including administrative, technical, and physical safeguards, to protect your Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Information by selecting and protecting your password and/or other sign-on mechanism appropriately. To help protect your Information, you should not share your account information or password, reuse your password on other sites, or use a password you have used on other sites.

We endeavor to protect the privacy of your account and other Information we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

6.         WHERE YOUR INFORMATION WILL BE HELD

The Service is hosted on US servers. The data that we collect from you may be transferred to, and stored at, a destination outside the EEA may also be processed by staff operating outside the EEA who work for us or for one of our processors, and, in particular, the United States. Such staff maybe engaged in, among other things, hosting or maintaining our Website, the processing of your payment details and the provision of support Services. Any personal information you provide to us will be processed and stored on servers in the US, the laws of which may be deemed by other countries to have inadequate data protection. It may also be processed by any service providers appointed by us who operate outside of the EEA and their staff. Accordingly, if you are located outside the US, by submitting your Information, by using the Website, or otherwise using our Service, you consent and continue to consent and agree to the processing, transfer, and storage of such data in the US and outside the EEA or your country and acknowledge that not all countries guarantee the same level of protection for your Information as the one in which you reside. We have agreements in place with our contractors and processors that include standard contractual clauses to protect your rights with respect to your data. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and, where applicable, the EU General Data Protection Regulation.

7.  LAWFUL BASES FOR PROCESSING

We will only collect and process Information about you where we have lawful bases. Lawful bases include consent (where you have given consent); via contract (where/c processing is necessary for the performance of a contract with you (e.g. to deliver the Services you have requested)); to protect vital interest; and when we have “legitimate interests”, which includes direct marketing.

Where we process Information based on consent you may withdraw your consent at any time, but that will not affect the lawfulness of the processing of your personal data prior to such withdrawal.

Where we rely on contract, we will ask that you agree to the processing of personal data that is necessary for entering into or performance of your contract with us. We provide a voluntary service; you can choose whether or not you want to use the Services. However, if you want to use the Services, you need to agree to our Terms of Use, which set out the contract between the Company and you. As we operate in countries worldwide (including the US) and use technical infrastructure in the US to deliver the Services to you, in accordance with the contract between us, we may need to transfer your Information to the US and to other jurisdictions as necessary to provide the Services.

Where we rely on legitimate interests as a basis for Information processing, you have the right to object. We may process your Information, including personal data, for the purposes of our legitimate interests or for the legitimate interests of third parties including our partners, provided that such processing shall not outweigh your rights and freedoms. For example, we may process your personal Information to:

            •           Protect you, us, or others from threats (such as security threats or fraud)

            •           Comply with laws that apply to us

            •           Enable or administer our business, such as for quality control, consolidated                                    reporting, and customer service

            •           Manage corporate transactions, such as mergers or acquisitions

            •           Engage in direct marketing;

            •           Understand and improve our business or customer relationships generally

            •           Enable us and our users to connect with each other, view content, express                                      opinions, exchange information, and conduct business

If you have any questions about the lawful bases upon which we collect and use your Information, please contact our legal department at Privacy@CommunityCoffee.com

8. WHAT INFORMATION YOU CAN ACCESS

8.1 Right to Access and Control Your Information

If you choose not to provide personal information, you may be unable to access or use the Service as we simply may not be able to perform required functions. 


User Data Subject Rights (EEA Visitors Only)

The EU GDPR became effective in the European Union as of May 25, 2018. In preparation for the GDPR, we reviewed our internal processes and put policies and procedures in place to attempt to meet the requirements and standards of the GDPR and any relevant data protection laws. 

We are not established in the EEA; however, individuals located in certain countries, including the EEA, have certain rights related to their personal Information. Subject to any exemptions provided by law, you may have the right to request the following for personal data that we have about you: 

EEA Users have the following rights:

• Delete Information: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you). 
• Change or Correct Information: You can edit some of your Information through your account. You can also ask us to change, update or fix you Information in certain cases, particularly if it’s inaccurate. 
• Object to, or Limit or Restrict, Use of Information: You can ask us to stop using all or some of your Information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your Information is inaccurate or unlawfully held). 
• Right to Access and/or Take Your Information: You can ask us for a copy of your Information and can ask for a copy of Information you provided in machine- readable form. 
• If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries are available here.)
• When the processing of your personal data is for directly marketing purposes, you have the right to object to subject processing. 

To exercise any of your data subject rights, please contact us at privacy@communitycoffee.com. We will respond to your request without undue delay, and, in any event, within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests we receive. If we take an extension, we shall inform you within one month of our receipt of the original request, together with the reasons for delay. 

In the event your personal data of which we collected was subject to a Personal Data Breach (defined below), We will notify you and competent Supervisory Authoriy(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, any impact, Our plan for measures to secure the data and limit any possible detrimental effect on you. A “Personal Data Breach” is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

You may contact us using the contact information in Section 11 below, and we will consider your request in accordance with applicable laws.

8.2 What Choices You Have

You can always opt not to disclose Information or to disable certain tools on your browser or device. However, this may limit your ability to fully utilize the Service.

You may be able to add, update, or delete Information as explained above. When you update Information, however, we may maintain a copy of the unrevised Information in our records. Please note that some Information may remain in our records for legitimate business reasons even after your deletion of such Information, such as our analyzing aggregated data regarding past usage of the Service (but not in a manner that would identify you personally). Additionally, through Google’s security settings page, you may revoke consent to the use of API Data related to you that was accessed or stored by the Service pursuant to such consent. Company shall delete all such API Data no later than thirty (30) calendar days following such revocation.

If you don’t want to receive e-mail or other communications from us, you can adjust your email preferences from your account, or opt-out by clicking on the link provided in the emails.

To learn more about choices regarding cookies set through the Service, see our Cookie Policy.

 

9.         HOW LONG WE RETAIN YOUR INFORMATION

We generally retain your Information as long as reasonably necessary to provide you the Services or to comply with applicable law. However, even after you deactivate your account, we can retain copies of Information about you and any transactions or Services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Use or other applicable agreements or policies, or to take any other actions consistent with applicable law.

Information you have shared with others (e.g. through comments or other posts) will remain visible after you close your account or delete the information from your own account, and we do not control data that other users copied out of our Services.

10.       CHANGES TO THIS PRIVACY POLICY

 

We may modify this Policy, our Terms of Use from time to time. If we make material changes to it, we will provide you notice through the Service, the Website, via email or by other means, to provide you the opportunity to review the changes before they become effective. You shall be responsible for reviewing and becoming familiar with any such modifications. We agree that changes cannot be retroactive. If you object to any changes, you may close your account or discontinue use of the Services. Your continued use of our Services after we publish or send a notice about our changes to these terms means that you are consenting to the updated terms.

11.       QUESTIONS OR CONCERNS

If you have any questions or concerns regarding our Policy, please send us a detailed message at the address below, and we will try to resolve your concerns.

Email: Privacy@CommunityCoffee.com

12. YOUR CALIFORNIA PRIVACY RIGHTS

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal Information that we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: privacy@communitycoffee.com. We will respond to one request per California customer each year, and we do not respond to requests made by means other than as set forth above.

California Do Not Track Disclosure: Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not respond to Web browser “do not track” settings or signals. We deploy cookies and other technologies on our Service to collect information about you and your browsing activity, even if you have turned on the Do Not Track signal.

California Consumer Privacy Act (“CCPA”) Notice

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). We may have collected the following categories of personal information of California residents in the past 12 months:

• Identifiers such as a name, postal address, Internet Protocol address, email address, or other similar identifiers. 
• Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80.
• Characteristics of protected classifications under California or federal law.
• Commercial information, including records of products or services purchased or considered. 
• Internet or other electronic network activity information. 
• Geolocation data.
• Audio and visual information, such as customer service call recordings and photographs.
• Inferences drawn from any of the information identified above. 

This information is collected and used for the purposes disclosed in this Notice. We may have disclosed your identifiers to our third party business partners, which are those analytic entities we discussed above, within the  12 months immediately preceding the posting of this updated privacy policy. We may have disclosed any of the above categories of personal information pursuant to your consent or under a written contract with a service provider for a business purpose in 12 months immediately preceding the posting of this updated Notice.

Your Rights and Choices

Under California Laws, California residents can exercise three privacy rights (Disclosure and Access; Deletion; and “Do Not Sell My Personal Information”) (collectively, “Rights”); however, based on the information we gather, and the fact that we do not “sell” personal information as that term is defined in the CCPA, your rights are somewhat limited as these Rights are not absolute and are subject to certain exceptions. For instance, we are not required to respond to requests concerning employment/application data, B2B data, and cannot disclose or permit access to specific pieces of personal information if the disclosure or access would present a certain level of risk to the security of the personal information, your account with us, or the security of the business’s systems of networks. Specifically, employment/application data is not subject to this Notice if it is personal information that is collected by us in the course of your acting as a job applicant, employee, owner, director, officer, medical staff member, or contractor to us to the extent your personal information is collected and used by us solely within the context of your role or former role as a job applicant to, employee of, owner of, director of, officer of, medical staff member of, or a contractor of ours. This also extends to any emergency contact information or benefits administration information you may have provided us in this context. B2B data is similarly not subject to this Notice if the data reflects a written or verbal communication or transaction between you and us if you are acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government agency and whose communications or transaction with us occurs solely in the context of us conducting due diligence regarding, or providing or receiving a product or service to or from such company, partnership, sole proprietorship, nonprofit or government agency. If you are a California consumer, we will process your request to exercise your Rights in accordance with California Laws.
A record concerning the requests may be maintained pursuant to our legal obligations. Further, we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive, or manifestly unfounded
.
Disclosure and Access Requests 

You have the right to request that we disclose to you, for the 12-month period immediately preceding the date of your request to know the following: 
Categories of Personal Information Request
• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
o sales, identifying the personal information categories that each category of recipient purchased; and
o disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Specific Pieces of Information Request
• The specific pieces of personal information we collected about you (also called a data portability request).
When a request for disclosure is made, we will first take steps to verify your identity to protect your privacy and security. For requests to disclose categories of personal information collected, we will have the requestor provide at least two pieces of information so that we may verify the requestor’s identity to a reasonable degree of certainty. For requests to disclose specific pieces of personal information collected, we will have the requestor provider at least three pieces of information so that we may verify the requestor’s identity to a reasonably high degree of certainty and additionally provide a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request. We are required to retain the signed declarations as part of our record-keeping obligations for 24 months.
Please note that we will never disclose a consumer’s social security number, driver’s license number, or other government-issued identification number, financial account number, any health information or medical identification number, an account password, or security questions and answers in response to a disclosure request. 
Please note additionally that we are only required to fulfil a Disclosure request from a consumer twice per every 12-month period. If you submit a request in excess, it may be denied or you may be charged for fulfilling your request. 

Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Given the type of personal information we collect, for requests to delete personal information collected, we will have the requestor provide at least two pieces of information so that we may verify the requestor’s identity to a reasonable degree of certainty. We are required to retain the requests to delete for a period of 12 months as part of our record-keeping obligations.
If we are unable to verify a request, to the extent possible, that request will be treated as a request to opt-out and afforded rights associated with that request right as described in more detail below. 
Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. A deletion request may be denied, in full or in part, if retaining the information is necessary for us or our service providers to:
1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Disclosure and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
• Emailing us at privacy@communitycoffee.com  with “Deletion Request” or “Disclosure Request” in the subject line
• Visit us at https://www.communitycoffee.com/ccpa and submit a request. 

Only you may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request and, to the extent necessary, to identify the browser/device that is the subject of the request.

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response electronically.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data disclosure requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Household Requests
We currently do not collect household data. If all the members of a household makes a Right to Know or Right to Delete request, we will respond as if the requests are individual requests.
Request Made Through Agents

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, verify the agents identity, and we may need you to verify your identity directly with us. (The verification requirement does not apply if the consumer has provided the authorized agent with legal power of attorney under California Probate Code Sections 400 to 4465.)
Requests to Opt-In for Minors
If you are 16 years of age or older, you have the right to direct us not to sell your personal information at any time. We do not and will not sell personal information of consumers we actually know are less than 16 years of age unless we received affirmative authorization from the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age, to opt-in to the sale of their personal information. Upon the receipt of this request to opt-in, we will inform the minor of the right to opt-out later and of the process for doing so. 

Sale and Disclosure of Personal Information
Under the CCPA, a “sale” means providing to a third party personal information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of personal information. We have taken substantial steps to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA. Due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third party relationships as we wait for final implementing regulations and guidance. For example, it is currently unclear whether the use of certain types of advertising partners would be considered a sale under CCPA. Based on our understanding of the CCPA at this time, in the preceding 12 months we have not sold any personal information to any third parties. In the preceding 12 months, we have disclosed personal information to third parties for business purposes including to customer service, technical support, payment processors, information technology, and sales, recruiting and marketing partners. We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, particularly in the advertising ecosystem.

Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

13. CAN-SPAM Act

The CAN-SPAM sets the rules for commercial email, establishes requirements for commercial messages, and gives recipients the right to have emails stopped from being sent to them.

If, at any time, you would like to unsubscribe from receiving future emails, you can email us at privacy@communitycoffee.com and we will promptly remove you from email communications.

14. LEGAL DISCLOSURES

It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of the Company, our users, personnel, or others. We attempt to notify users about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

Effective: July 1, 2020