Privacy Policy
This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit or interact with our website, sfbotanicalgarden.com. We are firmly committed to ensuring your privacy and maintaining the highest standards for handling your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
We value your trust and are dedicated to protecting your personal data. We process your information lawfully, fairly, and transparently, ensuring that it is secure and used solely for its intended purposes. This Privacy Policy explains how we collect, use, and protect your personal information, and informs you about your rights under data privacy laws.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of the website sfbotanicalgarden.com and related digital services. SF Botanical Garden acts as the “data controller” with respect to personal information collected through our website or directly from you in the course of providing our services. As the data controller, we determine the purposes and means of processing your personal data.
3. Categories of Data Processed
Depending on your level of interaction with sfbotanicalgarden.com, we may collect and process the following categories of personal information:
a. Usage Data
We collect information about how the website is accessed and used, including browser type and version, IP address, geographical location, referring URLs, session data, pages viewed, and timestamps. This data is used to understand user behavior and enhance our website functionality.
b. Account Data
When you create an account or register for events or memberships, we may collect your name, physical address, email address, and telephone number to fulfill our contractual and customer service obligations.
c. Profile Data
To personalize your experience, we may gather information related to your preferences, purchase history, event attendance, feedback, and behavioral patterns while using our platform.
d. Communication Data
We retain records of your interactions with us, including emails, support tickets, contact form submissions, and other correspondence in order to respond to inquiries and maintain support history.
e. Technical Data
We may collect information about your device, operating system, browser configurations, screen resolution, and language preferences to optimize site performance and troubleshoot technical issues.
f. Transaction Data
When making a purchase or donation, we gather your payment details (processed securely via payment processors), billing address, delivery information, and transaction history to fulfill your orders and comply with applicable laws.
g. Preference Data
With your consent, we process your marketing and promotional preferences, including opt-ins/out for newsletters and alerts, as well as indicated interests in particular events or offerings.
4. Legal Bases for Processing
We process your personal data under the following legal bases, in accordance with the GDPR:
– Consent: where you have given clear consent for us to process your personal data for a specific purpose.
– Contract: where processing is necessary to perform a contract with you or to enter into such a contract.
– Legal Obligation: where processing is required to comply with applicable laws and regulations.
– Legitimate Interest: in certain circumstances, we process your data to pursue our legitimate interests, such as marketing analysis or fraud prevention, provided these interests do not override your fundamental rights and freedoms.
For users in California, we act in accordance with the CCPA to ensure clear notice, choice, and access to your personal information.
5. Your Rights
Where applicable under GDPR and CCPA, you have the right to:
– Access: Request a copy of your personal data being processed.
– Rectification: Correct any inaccurate or incomplete data associated with your profile.
– Erasure: Request deletion of your personal data, subject to legal retention requirements.
– Restrict Processing: Limit how we use your personal data in specific situations.
– Data Portability: Receive your data in a structured, commonly-used electronic format.
– Object: Opt out of certain types of processing, including direct marketing.
– Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time.
To exercise your rights, you may contact us at [email protected]. We may request verification of your identity prior to fulfilling your request.
6. Security Measures
We employ appropriate technical and organizational safeguards to protect your personal data. These include data encryption (both in transit and at rest), secure access protocols, restrictive access controls, regular system audits, employee training on data protection, and scheduled backups. All payment transactions are processed using secure and PCI-compliant payment gateways.
7. International Transfers
Personal data may be transferred and stored outside your country of residence, including to servers located in the United States or other jurisdictions, in compliance with the GDPR’s Standard Contractual Clauses or similar protective mechanisms. These measures ensure that your data receives an adequate level of protection regardless of where it is processed.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the specified purposes:
– Usage Data: retained for 12 months from the date of collection.
– Account and Profile Data: retained for the duration of your relationship with us and up to 3 years after account closure.
– Communication Data: retained for up to 2 years for customer service purposes.
– Transaction Data: retained for 7 years to comply with financial and legal requirements.
– Preference Data: retained until you change your consent settings or unsubscribe.
Anonymized data may be stored indefinitely.
9. Cookie Policy
Our website uses cookies to enhance user experience and provide essential website functionality. The types of cookies we use include:
– Essential Cookies: Required for the proper operation of the website (e.g., account login, session management).
– Functional Cookies: Enable personalization and user-preference storage to improve usability.
– Analytics Cookies: Collect information on how visitors interact with the site to help optimize performance.
– Performance Cookies: Monitor website response times and error rates to enhance reliability.
10. Cookie Management and GDPR & CCPA Compliance
Upon your first visit to sfbotanicalgarden.com, you are presented with a cookie consent banner that allows you to accept or manage your cookie preferences. You may revisit these settings at any time via your browser settings or on-site controls. Under GDPR and CCPA, you have the right to opt out of the sale or sharing of personal information collected by cookies used for advertising or tracking purposes.
11. Protection of Children’s Data
Our website is not directed to, and we do not knowingly collect data from, children under the age of 13. If we become aware that we have inadvertently collected personal data from a minor without proper parental consent, we will take immediate steps to delete such information. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us at [email protected].
12. Updates to This Privacy Policy
We may modify or update this Privacy Policy at any time in response to legal, regulatory, or operational changes. If material changes are made, we will provide notice to users through appropriate channels. Continued use of sfbotanicalgarden.com following any such changes constitutes acceptance of the revised policy.
13. Contact Us
For all privacy-related inquiries, data access requests, or to exercise your data subject rights, please contact us at:
Email: [email protected]
Website: https://www.sfbotanicalgarden.com
We are committed to full compliance with all applicable data protection laws and to maintaining your trust by respecting and protecting your personal privacy.