California Business Contact Privacy Notice

CALIFORNIA BUSINESS CONTACT PRIVACY NOTICE/YOUR PRIVACY RIGHTS

Effective Date: January 1, 2023

LAST UPDATED JANUARY 1, 2023

The Privacy Notice (“Notice”) describes how Harvest Sherwood Food Distributors together with its subsidiaries and affiliates (collectively, “Company” “us,” “we,” or “our”) handles Personal Data about our vendor’s employees that we collect through our websites, social media accounts, and mobile applications (collectively, our “Digital Properties”), and through other online and offline interactions. This Notice only applies to Personal Data of California residents that is subject to the California Consumer Privacy Act (“CCPA”). Please read this Notice carefully.

Whenever you interact with us on behalf of another individual or entity, such as by providing or accessing Personal Data about another individual, you need to obtain their consent (or have the legal authority without consent) to share any Personal Data you provide to us.

Changes: We may update this Notice from time to time. Any updated Notice will be effective when posted. Please check this Notice periodically for updates. If any of the changes are unacceptable to you, you should stop interacting with us. When required under applicable law, we will notify you of any changes to this Notice by posting an update on the Digital Properties.

  1. Sources of Personal Data

    “Personal Data” is any information relating to an identified or identifiable natural person or household.

    We collect Personal Data about you from the following sources:

    1. Directly from you. We may collect Personal Data you provide to us directly, such as when you contact us through our Digital Properties, interact with us in person at tradeshows, sign up for offers or newsletters, communicate with us, place or customize orders, or sign up for an account or other services.

    2. Data collected automatically. We may automatically collect information or inferences about you, such as through cookies. This may include information about how you use and interact with our Digital Properties or otherwise interact with us, information from and about your device, internet usage, and Digital Property activity.

    3. From third parties. We may collect Personal Data from third parties, such as publicly available sources including public profiles and websites, data brokers, or others interacting with us.

      We may combine information that we receive from the various sources described in this Notice, including third party sources, and use or disclose it for the purposes identified below.

  2. Types of Personal Data We Collect

    We may collect the following types of Personal Data:

    1. Identifiers, such as your name, email address, physical address, telephone number, business contact information, account number, and device identifiers (e.g., cookie IDs and IP address).

    2. Business Contact Records, such as signatures.

    3. Commercial information, such as purchase or subscription information; information about products you or our business contacts order or are interested in; payment details to take payment, fulfil contractual obligations, or for related purposes; delivery details; personal opinions or insights included in any feedback relating to your interactions with us; other commercial or financial information; and legal information relating to your commercial interactions with us, such as fraud checks or flags raised about your transactions, complaints and information related to their resolution.

    4. Internet or other electronic network activity information, such as your browsing history, search history, and information regarding your interactions with and use of the Digital Properties. For more information about cookies and other device data, please see Section 5 below.

    5. Non-precise geolocation data, such as your location as derived from your IP address.

    6. Audio, visual, or other sensory information, such as recordings of your conversations with account representatives.

    7. Professional or employment-related information, such as job title, organization, professional licenses, credentials, specialty, professional affiliations, or other professional information.

    8. Inferences drawn from any of the information we collect to assess the level of interest in our products and services based on frequency of visits and contact, evaluate the industries showing interest in our products and services based on IP address (where we can infer your approximate location to improve our communications to you), and determine your preferred frequency for receiving offers.

  3. How We Use Personal Data

    We may use Personal Data for the following purposes:

    1. To provide you or your company with products and services, such as providing you the goods and services you or company requests; providing customer service; processing or fulfilling orders and transactions, verifying customer information, processing payments; maintaining internal business records; communicating with you about your product, service or subscription; hosting informational webinars; verifying eligibility for certain programs or benefits; responding to requests, complaints, and inquiries; and providing similar services or otherwise facilitating your relationship with us.

    2. For our internal business purposes, maintaining or servicing accounts; operating our Digital Properties and customizing the content; maintaining internal business records;

      enforcing our policies and rules; organizational analysis; management reporting; managing Company assets and global workforce; work planning, both administratively and organizationally (including work schedules and billing of clients); project management; auditing; maintaining records on business activities, such as accounting, commercial, procurement, document management and other similar activities; budgeting; real estate management; IT administration of our technologies, network, and intranet; and IT security management and tasks.

    3. For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our products or services; improving our products and services; designing new products and services; customizing advertisements to you; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.

    4. For legal, safety or security reasons, such as complying with legal requirements; complying with reporting and similar requirements; investigating and responding to claims against the Company and its customers; completing due diligence (such as in connection with a corporate transaction); protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity.

    5. In connection with a corporate transaction, such as if we acquire, or some or all of our assets are acquired by, another entity, including through a sale in connection with bankruptcy and other forms of corporate change.

    6. For marketing, such as marketing our products or services or those of our affiliates, business partners, or other third parties. For example, we may use Personal Data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars. You can unsubscribe to our email marketing via the link in the email or by contacting us using the information in Section 8.

      We may use anonymized, de-identified, or aggregated information for any purpose permitted by law.

  4. How We Disclose Personal Data

    We may disclose Personal Data to third parties, including the categories of recipients described below. We do not “sell” or “share” your Personal Data.

    Categories of Personal Data We Collect

    Categories of Third Parties With Whom We Disclose Personal Data for a Business or Commercial Purpose

    Identifiers (Section 2.A)

    • Affiliates and subsidiaries

    • Service providers

    • Professional consultants

    • Vendors necessary to complete transactions you request

    • For legal, security, and safety purposes

    Personal information subject to the California Customer Records Act (Section 2.B)

    Commercial information

    (Section 2.C)

    Internet or other electronic network activity (Section 2.D)

    Geolocation data (Section 2.E)

    Audio, electronic, visual, olfactory, or similar information (Section 2.F)

    Professional or employment-related information (Section 2.G)

    • In connection with a corporate transaction

    • Entities to which you have consented to the disclosure

    • Affiliates and subsidiaries

    • Service providers

    • Professional consultants

    • Vendors necessary to complete transactions you request

    • For legal, security, and safety purposes

    • In connection with a corporate transaction

    • Entities to which you have consented to the disclosure

    • Affiliates and subsidiaries

    • Service providers

    • Professional consultants

    • Vendors necessary to complete transactions you request

    • For legal, security, and safety purposes

    • In connection with a corporate transaction

    • Entities to which you have consented to the disclosure

    • Affiliates and subsidiaries

    • Service providers

    • Professional consultants

    • Vendors necessary to complete transactions you request

    • For legal, security, and safety purposes

    • In connection with a corporate transaction

    • Entities to which you have consented to the disclosure

    • Affiliates and subsidiaries

    • Service providers

    • Professional consultants

    • Vendors necessary to complete transactions you request

    • For legal, security, and safety purposes

    • In connection with a corporate transaction

    • Entities to which you have consented to the disclosure

    • Affiliates and subsidiaries

    • Service providers

    • Professional consultants

    • For legal, security, and safety purposes

    • In connection with a corporate transaction

    • Entities to which you have consented to the disclosure

    • Affiliates and subsidiaries

    • Service providers

    • Professional consultants

    Inferences (Section 2.H)

    • For legal, security, and safety purposes

    • In connection with a corporate transaction

    • Entities to which you have consented to the disclosure

    • Affiliates and subsidiaries

    • Service providers

    • Professional consultants

    • Vendors necessary to complete transactions you request

    • For legal, security, and safety purposes

    • In connection with a corporate transaction

    • Entities to which you have consented to the disclosure

    The categories of recipients in the chart above are used to mean:

    1. Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership.

    2. Service providers that work on our behalf to provide the products and services you request or that support our relationship with you, such as IT providers, companies that provide business support services, financial administration, and event organization.

    3. Professional consultants, such as accountants, lawyers, and financial advisors.

    4. Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.

    5. For legal, security, or safety purposes, such as when we share information with law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Terms of Use and other agreements; and to protect our, your, our customers’, or other third parties’ safety, property, or rights.

    6. In connection with a corporate transaction, such as if we, or some or all of our assets, are acquired by another entity, including through a sale in connection with bankruptcy or other forms of corporate change.

    7. Entities to which you have consented to the disclosure.

  5. Cookies and Other Tracking Technologies

    We also collect information (or permit third parties to directly collect information on our website) via cookies, web beacons, pixels, tags, session replay tools, or other tracking technologies, such as your Internet Service Provider and IP address, device identifier, browser type, operating system, the date and time you access our website, the pages you accessed while visiting our website, and the Internet address from which you accessed our website. Some cookies exist only during a single session and some are persistent over multiple sessions over time. We use these technologies to remember user preferences, maximize the performance of our website and services, provide you with offers that may be of interest to you, measure the

    effectiveness of our email campaigns and to personalize online content. These cookies and other technologies may be used to track you across time, devices, and services.

    Some browsers have incorporated Do Not Track (“DNT”) preferences. Most of these features, when turned on, send signals to the website you are visiting that you do not wish to have information about your online searching and browsing activities collected and used. As there is not yet a common agreement about how to interpret DNT signals, we do not honor DNT signals from website browsers at this time. However, you may refuse or delete cookies. If you refuse or delete cookies, some of our website functionality may be impaired. If you change computers, devices, or browsers, or use multiple computers, devices, or browsers, and delete your cookies, you may need to repeat this process for each computer, device, or browser. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other tracking technologies.

  6. Privacy Rights

    California residents may have certain rights concerning collection, use, and sharing of Personal Data.

    • Right to Know. You have the right to request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, selling, or sharing the Personal Data, and the categories of third parties with whom we have shared or sold your Personal Data, as well as the specific pieces of Personal Data we have collected about you.

    • Right to Delete. You have the right to request that we delete Personal Data that we have collected from you.

    • Right to Correct. You have the right to request that we correct inaccurate Personal Data that we maintain about you.

    You may exercise the any of the rights available to you by emailing us at legal@harvestsherwood.com or calling us at 800-653-2333.

    Verification: In order to process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases we will collect some or all of the following data elements: first and last name, email address, and telephone number. In some cases, we may request different or additional information, including a signed declaration that you are who you say you are, and will inform you if we need such information.

    Authorized Agents: Authorized agents may exercise rights on behalf of you by submitting a request via email at legal@harvestsherwood.com or via phone at 800-653-2333 and indicating that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on behalf of you by providing signed permission from you. We may also require you to verify your own identity directly with us or to directly confirm with us that you provided the authorized agent permission to submit the request.

    Timing: We will respond to requests within 45 calendar days, unless we need more time in which case we will notify you and may take up to 90 days total to respond to your request.

  7. Data Security and Data Retention

    We maintain reasonable security procedures and technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, disclosure or use.

    Your Personal Data will be retained as long as necessary to fulfill the purposes we have outlined above unless we are required to do otherwise by applicable law. This includes retaining your Personal Data to provide you or your company with the products or services requested and interact with you; maintain our business relationship with you or your company; improve our business over time; ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once you or your company has terminated your relationship with us, we may retain your Personal Data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to enable easier future user onboarding, in order to demonstrate our business practices and contractual obligations, or provide you with information about our products and services in case of interest. If you would like to know more about the retention periods applicable to your Personal Data, you can contact us using the details provided in Section 8 below.

  8. Contact Information

If you have questions regarding this Notice, please contact us by email at legal@harvestsherwood.com or by phone at 800-653-2333 (toll free) or 313-659-7300.

Not a Harvest Customer?