Privacy Policy

Thank you for visiting CCOF.org. This privacy policy tells you how we may use your personal information collected on this site. Please read this privacy policy. By using this site you are accepting the practices described on this page.

CCOF Privacy Policy

This website is owned and operated by California Certified Organic Farmers (CCOF). We recognize that visitors to our site may be concerned about the information they provide to us, and how we treat that information. This privacy policy addresses those concerns. This policy may be changed or updated from time to time.

We are available to answer your questions and hear your concerns. You can contact us at any time to:

  • Request access to information that CCOF has about you
  • Correct any information that CCOF has about you
  • Delete any information that CCOF has about you

If you have any questions about our privacy policy or collection and storage of data, please contact us:

California Certified Organic Farmers
2155 Delaware Avenue, Suite 150
Santa Cruz, CA 95060
(831) 423-2263
www.ccof.org

Our Commitment

CCOF does not collect any personal information about users, except that which is knowingly and specifically supplied. CCOF is committed to ensuring the privacy of your personal information. We will not sell or pass on your information to any other organization. However, we do share data with Strategic Partners in the interests of achieving CCOF's mission-based activities.

Credit Card Information

We care about the safety and security of your transaction. We use high-grade encryption and the https security protocol to communicate with your browser software. This method is the industry standard security protocol, which makes it extremely difficult for anyone else to intercept the credit card information you send to us. Companies we work with to process credit card transactions also use high-grade encryption and security protocols.

Personal Information

COOF uses the same high-grade encryption and https security protocols when collecting personal information as we do when collecting credit card information.

Non-Personal Information and “Cookies”

Non-personal information and data may be automatically collected by the CCOF website through the use of cookies. Cookies are small text files that we (and most websites) pass to your computer’s hard disk through your web-browser. They are used to determine how many individuals use our site, how many people visit on a regular basis, which pages are most popular, and which pages are least popular. This information DOES NOT tell us anything about who you are, where you live, or what files you have on your computer; it simply allows us to monitor and improve our website. For more information about cookies, please visit www.allaboutcookies.org.

Release of Information

CCOF displays the company information of its certified and supporting members in the CCOF magazine, printed Organic Directory & Resource Guide, and online Organic Directory & Resource Guide. This is a great way for us to thank and recognize our members. Aside from the information displayed in the magazine and directory, CCOF does not release any personal, non-personal, or credit card information collected on our site. If you are a member of CCOF, you may request that we withhold your information from the membership directory by e-mailing us at ccof@ccof.org.

External Links

For your convenience the CCOF website provides many links to other websites outside of our service. The operation of these web sites is beyond our control and CCOF does not endorse or accept responsibility for their content or privacy policies. We encourage our users read the privacy statements of every website that collects personal or credit card information. These sites may also send their own cookies to your computer. Please be aware that CCOF is not responsible for the collection and use of information on sites outside our domain.

For Parents and People Under 18

CCOF is concerned about the protection of online privacy for all our website users. If you are under 18, be sure to obtain your parent's or guardian's permission before you send information about yourself over the internet. We encourage parents to get involved with their children's usage of the internet and to be aware of the activities in which they are participating.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.

According to CalOPPA, we agree to the following:

Users can visit our site anonymously.

Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.

Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes on our Privacy Policy page.

EU Privacy Notice

If you are a resident of the European Union (EU) or European Economic Area (EEA) whose personal information we collect, the following additional information applies to you.

1 Introduction

1.1 - Where you are an EU or EEA resident and CCOF knowingly collects your personal information (also called 'personal data'), we will do so in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and EU member state national laws that implement or regulate the collection, processing and privacy of your personal data (together, 'EU Data Protection Law').

1.2 - This EU privacy notice ('EU Privacy Notice') which should be read in conjunction CCOF's Privacy Policy provides further information as required under EU Data Protection Law on how we handle or process the personal data we collect and who we may share it with.

1.3 - This Privacy Notice also provides information on your legal rights under EU Data Protection Law and how you can exercise them.

2 How personal data is collected

2.1 - CCOF may hold and process personal data that is collected from organizations around the world, including within the EU/EEA.

2.2 - This is to make sure that the personal data that CCOF receives and processes (so far as it relates to residents of the EU/EEA) is properly safeguarded in accordance with similar legal standards of privacy you would enjoy under EU Data Protection Law.

3 Direct Marketing

3.1 - If CCOF provides direct marketing communications to individuals in the EU/EEA regarding services and/or events which may be of interest, this will be done in accordance with EU Data Protection Law, and in particular where we contact individuals for direct marketing purposes by SMS, email, fax, social media and/or any other electronic communication channels, this will only be with the individual's consent or in relation to similar services to services that the individual has purchased (or made direct enquiries about purchasing) from CCOF before.

3.2 - Individuals are also free to object or withdraw consent to receive direct marketing from us at any time, by contacting us using the email address below.

4 The lawful grounds on which we might collect and process personal data

4.1 – If we process your personal data for the above purposes, we will rely on one or more of the following lawful grounds under EU Data Protection Law:
(a) where you have freely provided your specific, informed and unambiguous consent for CCOF to process your personal data for particular purposes:
(b) where we agree to provide services to you, in order to set up and perform our contractual obligations to you and/or enforce our rights:
(c) where we need to process and use your personal data in connection with our legitimate interests as a global network and being able to effectively manage and operate our organization in a consistent manner across all territories. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right to privacy: and/or
(d) where we need to comply with a legal obligation or for the purpose of us being able to establish, exercise or defend legal claims.

4.2 - Please also note that some of the personal data we receive and that we process may include what is known as 'sensitive' or 'special category' personal data about you, for example, information regarding your ethnic origin or political, philosophical and religious beliefs. This is not the type of data that CCOF would routinely collect, but if we process such sensitive or special category data we will only do this in specific situations where:
(a) you have provided this with your explicit consent for us to use it: or,
(b) there is a legal obligation on us to process such data in accordance with EU Data Protection Law
(c) it is needed to protect your vital interests (or those of someone else) such as in a medical emergency: or,
(d) where you have clearly chosen to publicize such information: or,
(e) where needed in connection with a legal claim that we have or may be subject to.

5 Disclosing your personal data to third parties

5.1 - We may disclose your personal data to certain third party organizations who are processing data solely in accordance with our instructions (called 'data processors') such as companies and/or organizations that support our operations (for example providers of web or database hosting, IT support, payment providers, event organizers, agencies we use to conduct fraud checks or mail management service providers) as well as professionals we use such as lawyers, insurers, auditors or accountants. We only use those data processors who can guarantee to us that adequate safeguards are put in place by them to protect the personal data they process on our behalf.

5.2 - We may also disclose your personal data to third parties who make their own determination as to how they process your personal data and for what purpose(s) (called “data controllers”). The external third party data controllers identified above may handle your personal data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organizations to understand how they may use your personal data.

5.3 - Other than as described above, we will treat your personal data as private and will not routinely disclose it to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you (such as a criminal investigation). We always aim to ensure that your personal data is only used by third parties we deal with for lawful purposes and who observe the principles of EU Data Protection Law.

6 How long we retain your personal data

6.1 - CCOF retains personal data identifying you for as long as necessary in the circumstances.

6.2 - CCOF has adopted a data retention policy for EU residents (which we may make available on request) that sets out the different periods we may retain personal data for in respect of relevant purposes in accordance with our duties under EU Data Protection Law. The criteria we use for determining the relevant retention and disposal periods we adopt are based on the purpose for which we hold data and the reasonable expectations of those whose personal data we collect in these circumstances, taking into account various legislative requirements and guidance issued by relevant EU regulatory authorities.

6.3 - In accordance with the above retention policy, the personal data that we no longer need will be disposed of and/or anonymized so you can no longer be identified from it.

7 Your personal data rights

7.1 - In accordance with your legal rights under EU Data Protection Law, you have a 'subject access request' right under which can request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to as well as certain other information.

7.2 - Usually we will have one month to respond to a subject access request. However, we reserve the right to verify your identity and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests. We may also require further information to locate the specific information you seek and certain legal exemptions under EU Data Protection Law may apply when responding to your subject access request.

7.3 - Under EU Data Protection Law. EU/EEA residents also have the following rights. which are exercisable by making a request to us in writing:
(a) that we correct personal data that we hold about you which is inaccurate or incomplete:
(b) that we erase your personal data without undue delay if we no longer need to hold or process it:
(c) to object to any automated processing (if applicable) that we carry out in relation to your personal data. for example if we conduct any automated credit scoring:
(d) to object to our use of your personal data for direct marketing:
(e) to object and/or to restrict the use of your personal data for purpose other than those set out above unless we have a compelling legitimate reason: or
(f) that we transfer personal data to another party where the personal data has been collected with your consent or is being used to perform contract with you and is being processed by automated means.

7.4 - So we can fully comply, please note that these requests may also be forwarded on to third party data processors who are involved in the processing of your personal data on our behalf.

7.5 - If you would like to exercise any of the rights set out above, please contact us at the address below.

7.6 - If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to the Office of the Information Commissioner in the United Kingdom.