Privacy policy

THIS PRIVACY POLICY WAS LAST MODIFIED ON MAY 13, 2024 AND IS EFFECTIVE IMMEDIATELY.

Thank you for enjoying Clif Family Winery & Farm products and services! Clif Family Winery & Farm (“Clif”) understands how important privacy is to you as a user or purchaser of our products and services (“User”).

This Privacy Statement describes how we collect, use, and share personal data that we collect from our Users through, without limitation, our websites, including cliffamily.com (the “Sites”) that link to this Privacy Statement. Users include purchasers of products on cliffamily.com; subscribers to our mailing lists; and recipients of any email, text or other electronic communications that we send (collectively, together with the Sites, our “Services”). This Privacy Statement does not apply to websites, applications, or services that are not operated by us or do not display or link to this Privacy Statement.

We collect and process personal data about you with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests as further described below.

Users in Non-US Jurisdictions: This website is designed for Users in the United States, and we only ship products to United States and US territories. Clif is headquartered in California and our collection, storage, and use of your information necessarily involves the transmission of data on an international basis. If you are located in the European Union, Canada, or elsewhere outside of the United States, please be aware that information you send us or that we collect will be processed in the United States.

California Users: California consumers can find specific disclosures, including “Notice at Collection” details, by clicking here.

Information We Collect

The personal data we collect depends on how you interact with us, the Services you use, and the choices you make.

Information You Actively Provide to Clif Family. We collect information that you provide to us, including:

Contact and account information such as username and password, name, address including country, telephone number, and e-mail address.
Demographic information such as birthdate, and similar demographic details.
Payment and commercial information such as credit or debit card numbers and account numbers. Note that credit or debit card numbers are immediately transmitted to and stored by our third party payment processor. We do not store credit or debit card numbers.
Content and files such as photos, documents, or other files you upload to our services. If you send us email messages or other communications, we collect and retain those communications.
Sensitive personal data
- Account access information. We collect information such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account.
- Government ID. We collect government-issued identifiers such as driver’s license, passport, and social security numbers.

Information You Provide in Public Areas on Clif Family Sites. Users have the opportunity to browse, find, follow, tag, message, comment or otherwise participate in public areas of our Services. By choosing to participate in these public areas of our Sites, please be aware that any information submitted through these areas is not private and your information, including personal data, associated with Clif Family or your other linked third-party accounts may be displayed to the public.

Please use caution in disclosing personal data in these public areas.

Information We Automatically Collect. When you use our Services, some information is automatically collected, including:

Identifiers and device information, such as your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in the Cookies and Similar Technologies section below, our websites and online services store and retrieve cookie identifiers, mobile IDs, and other data.
Geolocation data, depending on your device settings.
Usage data, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, searches you made on our Sites, access times, and other details about your use of and actions on our Site.

Information we create or generate. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.

Third Party Sources of Information. We may also obtain certain information described above from third parties. These third-party sources include, for example:

Data brokers and aggregators from which we obtain data to supplement the data we collect.
Third party partners and services, including social networks you choose to connect with or interact with through our services.
Service providers that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address.
Publicly available sources such as open government databases, widely available media outlets, or other sources that we reasonably believe have legally made the information public, including you.

When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

Cookies and Similar Technologies:

We use cookies, web beacons, and similar technologies to operate our websites and online services and to help collect data, including usage data, identifiers, and device information.

What are cookies and similar technologies?

Cookies are small text files placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We may also include web beacons in our email messages or newsletters to tell us if you open and act on them.

How do we and our partners use cookies and similar technologies?

We, and our analytics and advertising partners, use these technologies in our websites, apps, and online services to collect personal data (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our services, including personal data about your online activities over time and across different websites or online services. This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, deliver and tailor interest-based advertising, combat fraud, and fulfill other legitimate purposes. We and/or our partners also disclose the information we collect or infer to third parties for these purposes.

There are a range of cookie and related controls available through browsers, mobile operating systems, and elsewhere. See the “Choice and Control of Personal Data” section below for details.

How We Use Your Information

We use each of the categories of personal data that we collect (as described in Section 1 above) for the purposes described in this Privacy Statement (or as otherwise disclosed to you prior to collection). For example, we use personal data for the following purposes:

Product and service delivery, for example to fulfill your order or schedule your visit.
Business operations, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
Improvement, development, and research, for example to develop new services or better understand our current services.
Personalization, to better understand you and your preferences to enhance your experience and enjoyment using our services.
Customer support, such as responding to your questions.
Communications, including via email and text message to send you information such as confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
Marketing, including via email and text message, to communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners (see the Choice and Control section of this privacy statement for how to change your preferences for promotional communications).
Advertising, including through third party advertising services (see the Choice and Control section of this statement for information about personalized advertising and your advertising choices).

We also combine data that we collect from different sources for these purposes to provide you with a more seamless, consistent, and personalized experience.

Disclosure of Your Information

Clif Family may disclose personal data to third parties as follows:

With your consent or when we utilize our authorized third-party service providers. We use service providers to help us run our business and perform various functions related to the Services. Service providers process your personal data only on our behalf and do not further disclose or sell your information. For example, Commerce7 provides our current web store services on our behalf and they may collect personal data from you as our service provider.
Financial services and payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
Third Party Advertising and Analytics Companies. We may ask advertisers or other partners to serve ads or services to your devices, which may use cookies or similar technologies placed by us or the third party to automatically collect and store the information described in our Cookies and Other Technologies Section
Business transfers. We may share your information in connection with or during negotiation of a substantial business transaction, such as the sale, merger, financing, acquisition, consolidation, asset sale, or in the unlikely event of bankruptcy, dissolution transaction, or other transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company.
Legal purposes. We may disclose your information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, debt collections, or government inquiries, and to protect and defend the rights, interests, property, safety, and security of Clif Family, our Users, or the public.
Safety, security, and protecting rights. We will disclose personal data if we believe it is necessary to protect our customers and others, operate and maintain the security of our services, and/or to protect the rights or property of ourselves or others.

Third party analytics and advertising companies, some of which are acting on our behalf as our service providers, also collect personal data through our website and apps including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in the “Cookies” section of this statement. These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.

Other third-party analytics and advertising providers we use on our websites include, for example:

Company / Service	Purpose(s)	Privacy Notices	Manage Settings (Opt-Out)
Hotjar	Analytics	https://www.hotjar.com/legal/policies/privacy/	https://www.hotjar.com/policies/do-not-track/
Google Tag Manager	Analytics	https://policies.google.com/technologies/partner-sites	https://policies.google.com/technologies/partner-sites
DoubleClick	Advertising	https://policies.google.com/technologies/partner-sites	https://policies.google.com/technologies/partner-sites
Facebook Connect	Advertising	https://www.facebook.com/privacy/explanation	See association links below.
Facebook Custom Audience	Advertising	https://www.facebook.com/privacy/explanation	https://www.facebook.com/settings?tab=ads See association links below.
AddThis	Analytics	https://www.oracle.com/legal/privacy/privacy-policy.html	https://datacloudoptout.oracle.com/#optout See association links below.
LiveChat	Functional	https://www.livechat.com/legal/privacy-policy/	No optout link.
Moat	Analytics	https://www.oracle.com/legal/privacy/privacy-policy.html	https://datacloudoptout.oracle.com/#optout See association links below.

Categories of information shared with third parties. The categories of information that we may share with third party advertising and analytics companies is described in our Cookies and Other Technologies Section above.

Please note that some of our services include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or allow us to share personal data with them, that data is governed by their privacy statements.

Finally, we may share de-identified information in accordance with applicable law.

Choice and Control of Personal Data

We provide a variety of ways for you to control the personal data we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.

Access, portability, correction, and deletion. If you wish to access, correct, or delete personal data about you that we hold, you may contact us using the methods described below. To change your account information, you may access your account by logging into your account on the Site.

Communications preferences. You can choose whether to receive promotional communications from us by email, SMS, physical mail, and telephone. If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in that message or by contacting us as described in the “Contact Us” section below. If you receive a sales call from us, you can ask to be placed on our do-not-call list. These choices do not apply to certain informational communications including surveys and mandatory service communications.

Targeted advertising. To opt-out from or otherwise control targeted advertising, you have several options. First, you can use the controls available through our website cookie banner to decline advertising-related cookies. Second, you can use the Global Privacy Control setting in a web browser or browser extension as described below. Third, you can use the opt-out controls offered by the organizations our advertising partners may participate in, which you can access at:

United States: NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/)
Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/)
Europe: European Digital Advertising Alliance (http://www.youronlinechoices.com/)

Fourth, you can use the other cookie or mobile ID controls described below.

These choices are specific to the device or browser you are using. If you access our services from other devices or browsers, take these actions from those devices or browsers to ensure your choices apply to the data collected when you use them.

Data sales. Some privacy laws define “sale” broadly to include some the disclosures described in the “Our Disclosure of Personal Data” section above. To opt-out from such data “sales,” you may click the “Do Not Sell or Share My Personal Information” link on our homepage or enable a Global Privacy Control in your browser.

Browser or platform controls.

Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
Global Privacy Control. Some browsers and browser extensions support the “Global Privacy Control” (GPC) or similar controls that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales and/or targeted advertising, as specified by applicable law. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting or similar control that is recognized by regulation or otherwise widely acknowledged as a valid opt-out preference signal.
Do Not Track. Some browsers include a “Do Not Track” (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the GPC, cookie controls, and advertising controls described above.
Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.

Email web beacons. Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, and the automatic connection to the web servers that host those images.

Except for the automated controls described above, if you send us a request to exercise your rights or these choices, to the extent permitted by applicable law, we may decline requests in certain cases. For example, we may decline requests where granting the request would be prohibited by law, could adversely affect the privacy or other rights of another person, would reveal a trade secret or other confidential information, or would interfere with a legal or business obligation that requires retention or use of the data. Further, we may decline a request where we are unable to authenticate you as the person to whom the data relates, the request is unreasonable or excessive, or where otherwise permitted by applicable law. If you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal using the contact method described at the bottom of this privacy statement.

California Residents:
Under California law, if you are a California resident and the processing of personal data about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information. To exercise your options as described below, you may contact us in one of two ways: by telephone at (855) 628-7732 or by submitting a request winery@cliffamily.com (collectively, “Communication Methods”). To effectively exercise your privacy options, you must use one of these Communication Methods.

Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this statement by clicking on the above links.

Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this privacy statement. You may make such a “request to know” by using the Communication Methods described above.

Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, contact us using the Communication Methods above.

Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.

Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and some of our data disclosures described in this privacy statement may be considered a “sale” or “sharing” under those definitions. In particular, we let advertising and analytics providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our sites and apps when you use our online services, but do not “sell” or “share” any other types of personal information. If you do not wish for us or our partners to “sell” or “share” personal information relating to your visits to our sites for advertising purposes, you can make your request by visiting our “Do Not Sell or Share My Personal Information” page, using a Global Privacy Control, emailing us using the contact information at the bottom of this Statement, or using other controls described in the “Choice and Control” section of this statement. If you opt-out using these choices, we will not disclose or make available such personal information in ways that are considered a “sale” or “sharing” under the CCPA. However, we will continue to make available to our partners (acting as our service providers) some personal information to help us perform advertising-related functions. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal information or stop all interest-based advertising.

We do not knowingly sell or share the personal information of minors under 16 years of age.

Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law.

Note that we do not use sensitive personal information for any such additional purposes.

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

Further, to provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.

Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.

Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes.

Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.

California Customers may request further information about our compliance with this law by emailing winery@cliffamily.com. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address.

Retention of Personal Data

We retain personal data for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and for other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.

Security of Personal Data

We take reasonable and appropriate steps to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction. Please be aware, though, that despite our efforts, no measures to safeguard data are perfect, and we cannot guarantee complete security.

To help us protect personal data if you set up an account with us, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.

Privacy Statement Modifications

From time to time Clif Family may modify or amend this Privacy Statement in order to comply with new laws or regulations or to reflect future changes in our business practices. If we make any changes to this Privacy Statement, we will change the “Last Modified” date above or provide such notice about or obtain consent to changes as may be required by applicable law.

Prior versions of our Privacy Statement may be found by clicking here.

Still Have Questions?

If you have any questions, concerns, or complaints regarding our Privacy Statement or otherwise about our privacy practices, please contact us at winery@cliffamily.com