Policies
Your Satisfaction is Important to Us // We Value Your Business
Privacy Policy
Last Updated and Effective Date April 17, 2023
This Privacy Policy describes how Flowers Bakeries, LLC, its subsidiaries, affiliates, and their employees, officers, directors, and agents (collectively, “Flowers Foods”, the “Site,” “we,” “our”, or “us”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site. The term “Personal Information” refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. Personal Information does not include information that is publicly available, de-identified, or aggregated. Please review our Privacy Policy carefully to understand how we collect, use, protect, or otherwise handle your Personal Information in accordance with using the Site.
Information We Collect, the Categories of Source of Collection and the Purpose for Collection
When you visit the Site, we collect Personal Information from you and may collect Sensitive Personal Information, which is a subset of Personal Information. Please note that the type of Personal Information collected may vary depending on the nature of your interactions with us. Set for the below are the categories of Personal Information we collect and that have collected in the preceding 12 months, the categories of sources from which the Personal Information was collected and the business or commercial purpose for such collection.
Category of Personal Information | What We Collect | Categories of Sources from which Personal Information Collected | Business or Commercial Purposes for Collection |
PERSONAL INFORMATION | |||
Identifiers | Real name
Alias Postal address Telephone number Unique personal identifier Online identifier IP address Cookies that identify email address, account name, search terms, what kinds of products you view, type of browser, time zone, or other similar identifiers |
Directly from you when you create an account, when you communicate with us, when you make a purchase, when we fulfill a purchase, and other activities where you submit Personal Information to us
Cookies we collect from you through browsing the Site
|
To register or maintain an account or subscribing to marketing emails from us
To perform a transaction To fulfill a transaction with assistance of our affiliate To provide customer support To improve our Site in order to better serve you To allow us to better service you in responding to your customer service requests To ask for ratings, surveys, and reviews of services To follow up with you after correspondence (live chat, email, or phone inquiries) For marketing purposes to personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services |
Section 1798.80 Identifiers Not Included in Other Rows | Financial account and payment information
Debit card information Credit card information |
Our service providers**
** This information is collected by our service providers in connection with your interactions with us. However, we do not have access to this information. |
To process payments |
Commercial Information | Records of products purchased, obtained, or considered
Other purchasing or consuming histories or tendencies Account log in information in combination with any required security or access code, password or credentials allowing access to the account used to submit orders and make purchases on the Site Billing address |
Directly from you | To fulfill orders and provide refunds
To process payment information To arrange for shipping To provide invoices and order confirmation To screen orders for potential risk or fraud |
Internet Information | IP address
Browsing history Search history Information regarding your interaction with our Site |
Directly from you
Cookies we collect from you through browsing the Site |
To provide you with appropriate products, recommendations, and updates
To show you relevant ads while you are browsing the internet or using social media To improve the Site, set default options, and provide you with a better shopping experience |
Geolocation Data | IP address
|
Cookies we collect from you through browsing the Site | To provide you with appropriate products, recommendations, and updates
To show you relevant ads while you are browsing the internet or using social media To improve the Site, set default options, and provide you with a better shopping experience |
Inferences | We draw inferences from any of the information identified in this subdivision to create a profile about you reflecting your preferences. | Directly from you
Cookies we collect from you through browsing the Site |
To provide you with appropriate products, recommendations, and updates
To show you relevant ads while you are browsing the internet or using social media To improve the Site, set default options, and provide you with a better shopping experience |
SENSITIVE PERSONAL INFORMATION | |||
Sensitive Personal Information
|
Account log in information in combination with any required security or access code, password or credentials allowing access to the account used to submit orders and make purchases on the Site | Directly from you | To perform a transaction or facilitate a service
To provide authentications necessary to perform transactions and other services |
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor. Some cookies also personally identify the user, providing Personal Information such as an IP address, whereas other cookies are necessary for our Site to function properly. We use both of these types of cookies to optimize your experience on our Site and to provide our services. The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioral Advertising” section above.
Personal Information We Sell, Share or Disclose and the Purpose for It
We use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you.
We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our marketing service providers. We collect and share some of this information directly with our marketing service providers, and in some cases through the use of cookies or other similar technologies (to which you may consent). Some of the entities with which we share this information include social media companies and search engines.
For more information, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
In addition, you can opt out of targeted advertising by visiting these websites:
- FACEBOOK – https://www.facebook.com/settings/?tab=ads
- GOOGLE – https://www.google.com/settings/ads/anonymous
- BING – https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
You can also opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
We use data analytics, such as through Google and Meta. Among other things, these services ensure website functionality and improve our website and services. These software may record information such as your IP address, location, age and gender, browser type and language, operating system, access time, duration of visit, pages you view within our website, search terms you enter and other actions you take while visiting us, the pages you view immediately before and after you access the services, how often you use our Services, aggregated usage and performance data, app errors and debugging information.
Google Analytics is owned and controlled by Google LLC. Data collected by Google is subject to its privacy policy. To learn how Google uses data related to website analytics, please click here [Link: https://policies.google.com/technologies/partner-sites].
Meta Business Suite is owned and controlled by Meta. Data collected by Meta is subject to its privacy policy. To learn how Meta uses data related to website analytics, please click here [Link: https://www.facebook.com/business/tools/meta-business-suite].
The data collected by the foregoing entities may be considered a sale of Personal Information.
The chart below shows the categories of personal information we have sold or shared in the past 12 months, the categories of third parties to whom we have sold or shared personal information and the business purpose for the sale or sharing of the personal information.
Categories of Personal Information that We Have Sold or Shared in the Past 12 Months | Categories of Third Parties to Whom We Have Sold or Shared Personal Information | Business Purposes for Sale or Sharing of Personal Information |
PERSONAL INFORMATION | ||
Identifiers | Social media platforms used for advertising (e.g. Facebook, Instagram)
Analytics companies Search engines |
Targeted advertising
Analytics |
Commercial Information | Social media platforms used for advertising (e.g. Facebook, Instagram)
Analytics companies Search engines |
Targeted advertising
Analytics |
Internet Information | Social media platforms used for advertising (e.g. Facebook, Instagram)
Analytics companies Search engines |
Targeted advertising
Analytics |
Geolocation Data | Social media platforms used for advertising (e.g. Facebook, Instagram)
Analytics companies Search engines |
Targeted advertising
Analytics |
Inferences | Social media platforms used for advertising (e.g. Facebook, Instagram)
Analytics companies Search engines |
Targeted advertising
Analytics |
We do not have actual knowledge that we collect, sell or share the Personal Information of consumers under 16 years of age.
In addition, we disclose and have disclosed in the preceding 12 months Personal Information to our service providers and contractors for the following business purposes. We disclose your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. We have entered agreements with these service providers to use your Personal Information only for the purposes described in this policy, and we commit to you that we will follow all relevant privacy laws when collecting and disclosing your Personal Information.
- Security and Fraud Detection: We disclose Personal Information for our security and fraud detection services including detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity.
- Functionality & Debugging: We disclose Personal Information to engage in debugging to identify and repair errors that impair existing intended functionality.
- Short-Term / Transient Use: We disclose Personal Information for short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s Personal Information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business.
- Services on Our Behalf: We disclose Personal Information in order to receive services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf. Some of these companies include Shopify (which provides website hosting services) and CPG.IO (which provides order fulfillment services).
- Advertising and Marketing Services: We disclose Personal Information to provide advertising or marketing services on our own behalf (g., Mailchimp).
The following chart sets forth the categories of Personal Information we disclose for a business purpose.
Categories of Personal Information that We Disclose | Business Purposes for the Disclosure of Personal Information | |
PERSONAL INFORMATION | ||
Identifiers | Security and Fraud Detection
Functionality & Debugging Short-Term / Transient Use Services on Our Behalf Advertising and Marketing Services |
|
Section 1798.80 Identifiers Not Included in Other Rows | Services on Our Behalf | |
Commercial Information | Security and Fraud Detection
Services on Our Behalf Advertising and Marketing Services |
|
Internet Information | Security and Fraud Detection
Functionality & Debugging Short-Term / Transient Use Services on Our Behalf Advertising and Marketing Services |
|
Geolocation Data | Security and Fraud Detection
Functionality & Debugging Short-Term / Transient Use Services on Our Behalf Advertising and Marketing Services |
|
Inferences | Services on Our Behalf
Advertising and Marketing Services |
|
SENSITIVE PERSONAL INFORMATION | ||
Account Information | Security and Fraud Detection
Services on Our Behalf |
|
As Necessary: We may also disclose Personal Information, as necessary: (a) to comply with any legal process; (b) to respond to requests from public and government authorities; (c) to enforce our terms and conditions; (d) to protect our operations and protect our rights, privacy, safety or property, and/or that of you or others; and (e) to allow us to pursue available remedies or limit the damages that we may sustain. We may also use Personal Information in connection with or during negotiation of any reorganization, acquisition, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
Retention Period
We retain your Personal Information for a minimum of 12 months and as long as needed for the purposes for which it was collected and other permitted purposes, including retention of Personal Information pursuant to any applicable contract, law, or regulation. Our retention periods vary based on business, legal, and regulatory needs. We commit to retaining your Personal Information no longer than necessary to comply with the intended purpose of legal obligation. For more information on your right of erasure, please see the ‘Your California Rights’ section below.
Aggregated/De-identified Information
We may aggregate and/or de-identify your Personal Information so that it can no longer be linked to you. We may use and share aggregated/de-identified information for any purpose at our sole discretion. We commit to you that we will maintain this data in its de-identified form.
Information Security
We are committed to the protection of your Personal Information and have implemented appropriate and reasonable physical, technical, and administrative safeguards to help prevent the unauthorized access to, use of, and disclosure of, your Personal Information. Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. We use regular Malware Scanning to detect harmful programs that could compromise your data.
Your Personal Information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your Personal Information.
All transactions are processed through a gateway provider and are not stored or processed on our servers. Please note, however, that no system or network can be guaranteed to be 100% secure. You should take special care in deciding what information you send to us electronically. Please keep this in mind when disclosing any Personal Information.
Minors
The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. We do not have actual knowledge that we sell or share the Personal Information of consumers under 16 years of age. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us using the contact information provided at the end of this policy.
Email Communications
The CAN-SPAM Act gives recipients of commercial email the right to have emails stopped from being sent to them. You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in every commercial email we send, or (if you have an account with us) by sending Guest Services request to unsubscribe. If you opt-out of receiving our marketing email communications, we may still send you email messages related to your account or specific transactions with us. Unsubscribing yourself from our marketing emails will not affect our service to you.
Emails that we and our marketing service providers send may include tracking tools that provide us with information related to whether you’ve opened an email or clicked on a link contained in an email.
Your California Rights and How to Exercise Them
California consumers have certain rights, which are described below. Please note that these rights are subject to certain exceptions and certain of these rights are subject to verification mechanisms.
Your California Rights
Right to Know Personal Information Collected About You. You have the right to know: (1) the categories of Personal Information we have collected about you; (2) the categories of sources from which the Personal Information is collected; (3) the business or commercial purpose for collecting, selling, or sharing Personal Information; (4) the categories of third parties to whom we disclose Personal Information; and (5) the specific pieces of Personal Information we have collected about you. You also have the right to know the list of all third parties to whom we have disclosed Personal Information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third party direct marketing purposes. Please note that due to the different requirements of the applicable laws, our response times may vary depending on the specific type(s) of information sought. We respond to all verifiable requests for information as soon as we reasonably can and no later than legally required.
Right to Know Personal Information Disclosed, Sold or Shared and to Whom. Since we sell, share and/or disclose your Personal Information, as described above, you have the right to request that we disclose to you: (1) the categories of Personal Information that we collected about you; (2) the categories of Personal Information that we sold or shared about you and the categories of third parties to whom the Personal Information was sold or shared, by category or categories of Personal Information for each category of third parties to whom the Personal Information was sold or shared; and (3) the categories of Personal Information that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
Right to Request Deletion of Your Personal Information. You have the right to request that we delete your Personal Information, subject to a number of exceptions. Following receipt of a request, we will let you know what, if any, Personal Information we can delete from our records. We will also notify our service providers and contractors, and any third parties to whom we have transferred your information about your request to delete. If we cannot delete all of your Personal Information, we will let you know the reason.
Right to Correct Inaccurate Information. If you believe that any of the Personal Information we maintain about you is inaccurate, you have the right to submit a request for us to correct that information. Upon receipt of a request, we will use commercially reasonable efforts to correct the information as you direct.
Right to Opt-Out of the Sale and Sharing of Your Personal Information. You may opt-out of the sale or sharing of your Personal Information by clicking here: Do Not Sell or Share My Personal Information
To the extent the Personal Information is collected from your accessing the internet through a web browser, you can also exercise your right to opt-out by using a browser that supports an opt-out preference signal (also known as a Global Privacy Control (GPC)). If you choose to use this signal, you will need to turn it on for each browser you use.
Right to Limit the Use of Your Sensitive Personal Information. You may request that we limit the use or disclosure of your sensitive Personal Information to that use which is necessary to perform the services or provide the goods reasonably expected, and certain other authorized purposes. We do not use your Sensitive Personal Information beyond the purposes necessary to perform functions of our business. As such, this right is not applicable.
Right to Non-Discrimination for Exercising Your Rights. If you choose to exercise any of your rights, you have the right to not receive discriminatory treatment by us.
How to Exercise Your CA Rights and Related Issues
You may submit requests regarding your rights to know, delete and correct, described above by emailing your request to support@canyonglutenfree.zendesk.com or contacting us by phone at (888) 900-5120.
To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your Personal Information or complying with the requests to know, delete and/ or the correct. Our verification procedure may differ depending on whether you have an account with us or not and the request you are making. The following generally describes the verification processes we use:
- Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity but will require re-authentication before disclosing, correcting or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with a request to know or delete.
-
Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
- For requests to know categories of Personal Information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
- For requests to know specific pieces of Personal Information, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us. We will also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative. We will maintain all signed declarations as part of our records.
- For requests to correct or delete Personal Information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the Personal Information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply.
If there is no reasonable method by which we can verify your identity, we will state so in response to a request to know or delete Personal Information, including an explanation of why we have no reasonable method to verify your identity.
If you use an authorized agent to submit a request to know, delete or correct, we may require the authorized agent to provide proof that you gave the agent signed permission to submit the request. We may also require you to do either of the following: (a) verify your own identity directly with us; or (b) directly confirm with us that you provided the authorized agent permission to submit the request. This requirement does not apply if you have provided the authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130. Please contact us by email at support@canyonglutenfree.zendesk.com or contacting us by phone at (888) 900-5120 in this regard.
We will respond to requests to know, requests to delete and / or delete no later than 45 calendar days. If we cannot verify your request within 45 days, we may deny your request. If necessary, we may take up to an additional 45 days to respond to your request but in such an event will provide you a notice and an explanation of the reason that we will take more than 45 days to respond to your request.
Nevada Privacy Notice
Nevada law provides that Nevada residents may opt-out of the “sale” of “covered information” to third parties, including but not limited to names, addresses, social security numbers, and online service activity. Our uses of your Personal Information are not sales under Nevada law, so no opt-out is required.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Contact
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at support@canyonglutenfree.zendesk.com, contacting us by phone at (888) 900-5120, or by mail using the details provided below:
Flowers Foods, Attention: Legal Department, 1919 Flowers Circle Thomasville, GA, 31757.