Whenever you visit our website, we will collect some information from you automatically simply by you visiting and navigating through this site, and some voluntarily when you submit information using a form on the website, utilize the Live Chat feature on our website, enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our website. Through this website, we will collect information that can identify you and/or your activity.
Additionally, whenever you communicate, interact or do business with us, whether online or at any of our physical locations or facilities, or whether you are contracted to perform services for us or apply for a position of employment, we will be collecting personal information from you or about you in the course of our interaction or dealings with you.
Collection of Personal Information and Sensitive Personal Information
In the last 12 months, we have collected the following categories of personal information about you based on your specific transactions and interactions with us or our website. For each category of information, the categories of third parties and service providers to whom we have disclosed the information in the last 12 months are referenced by a letter that coincides with the letter in the list of categories of service providers and third parties that follows soon after this table.
|Category||Examples||Disclosed in Last 12 Months to||Retention Period|
|Personal Identifiers||Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number, employee ID number.||A, B, C, D, E, F||Duration of our relationship with you plus 4 years|
|Contact Information||Home, postal or mailing address, email address, home phone number, cell phone number.||A, B, C, D, E, F||Duration of our relationship with you plus 4 years|
|Account Information||Username and password for Company accounts and systems, and any required security or access code, password, or credentials allowing access to your Company accounts.||J||Username: permanent; Password or security code: while in use + 1 year|
|Protected Classifications||Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, disability, medical or mental condition, military status, familial status, language, or union membership.||A, B, C, D, E, F||Duration of our relationship with you plus 4 years|
|Physical Characteristics or Description||Information on your Driver’s License (such as eye color, hair color, height, weight), as well as information collected to the extent relevant for workplace investigations or for enforcement of Company policies on appearance and grooming (such as tattoos, piercings).||B, D, E, K||4 years after transaction, unless necessary to maintain for a longer period for product warranty, or OSHA / FDA (Food and Drug Administration) or other regulatory compliance|
|Financial Information||Bank account number for direct deposit, credit card number, debit card number, or other financial account information.||F||2 years|
|Pre-Hire Information||Information provided in your job application or resume, information gathered as part of background screening and reference checks, pre-hire drug test results, job interview notes by persons conducting job interviews for the Company, the information contained in candidate evaluation records and assessments, information in work product samples you provided, voluntary disclosures by you, and Wage Opportunity Tax Credit (WOTC) information.|| E
|Employment History||Information regarding prior job experience, positions held, names of prior supervisors, and when permitted by applicable law your salary history or expectations.||A||2 years|
|Education Information||Information from resumes regarding educational history; information obtained from transcripts or records of degrees and vocational certifications obtained.||Not Disclosed||4 years|
|Professional or Employment-Related Information||Information contained in your personnel file and in other employment documents and records, including information contained in the following types of records: new hire or onboarding records, I-9 forms, tax forms, time and attendance records, non-medical leave of absence records, workplace injury records, safety records, performance evaluations and records, disciplinary records, investigatory records, training records, licensing and certification records, compensation and health benefits records, COBRA notifications, business expense records, and payroll records.||A, B, C||Duration of our relationship with you plus 4 years
Job Applicants: If hired, this data will be retained for duration of employment plus 5 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.
|Travel Information||Information regarding business travel, vacation, and personal travel plans, and for infectious disease contact tracing purposes the locations travelled to within the applicable infectious period prior to coming to the workplace and the dates spent in those locations.||Do not Disclose||2 years|
|Family Information||Contact information for family members listed as emergency contacts, contact information for dependents and other dependent information, medical and health information for family members related to COVID-19 symptoms, exposure, diagnosis, testing, or vaccination, as well as information related to their travel and whom they have been in close contact with during the applicable COVID-19 infectious period.||A, C||Surveillance video – 90 days; duration of our relationship with you plus 4 years|
|Information of Friends, Co-workers, and Other Associates with Whom You Have Been in Close Contact within the COVID-19 infectious period per applicable guidelines||Medical and health information provided to the Company for an employee’s friends, co-workers, and other associates related to COVID-19 symptoms, exposure, diagnosis, testing, or vaccination, as well as information related to their travel and whom they have been in close contact with during the applicable COVID-19 infectious period.||C||If hired, this data will be retained for duration of employment plus 5 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.|
|Medical and Health Information||Medical information contained in such documents as doctor’s notes for absences or work restrictions, medical leave of absence records, requests for accommodation, interactive process records, ergonomic assessment and accommodation records, and correspondence with you and your medical or mental health provider(s) regarding any request for accommodation or medical leave of absence, as well as information in post-hire drug test results, and information related to COVID-19 symptoms, exposure, contact tracing, diagnosis, testing, or vaccination.
This includes medical information and health benefits information for dependents and beneficiaries.
|C||If hired, this data will be retained for duration of employment plus 5 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.|
|Internet, Network, and Computer Activity||Internet or other electronic network activity information related to usage of Company networks, servers, intranet, shared drives, or Company-issued computers and electronic devices, including system and file access logs, security clearance level, browsing history, search history, and usage history||Not Disclosed||Duration of our relationship with you plus 4 years|
|Mobile Device Security Information||Data identifying employee’s devices accessing Company networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider||Not Disclosed||2 years|
Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about consumers, independent contractors, or applicants:
- Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
- Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
- Protected Classifications (racial or ethnic origin, religious or philosophical beliefs, union membership, or sexual orientation)
- Biometric Information (used for the purpose of uniquely identifying you)
- Medical and Health Information
- Geolocation Data (IP (Internet Protocol) address and/or GPS location, latitude & longitude)
Personal information does not include:
- Publicly available information from government records.
- Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media.
- Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience.
- Deidentified or aggregated information.
We may collect your personal information from the following sources:
- You the consumer, independent contractor, or job applicant, when you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our stores or physical locations, when you purchase or inquire about any of our products or services, when you enter into a contract to perform services for us, or when you apply for a position of employment
- Our employees and contractors when you interact with them
- Other customers and visitors when you interact with them or when they observe you
- We utilize cookies to automatically collect information about our website visitors
- Surveillance cameras at our physical locations
- Lead generators and referral sources
- Credit and consumer reporting agencies
- Social media platforms
- Company-issued computers, electronic devices, and vehicles
- Company systems, networks, software applications, and databases you log into or use
We may disclose your personal information to/with the following categories of service providers, contractors, or third parties:
- Financial Institutions
- Government Agencies
- Benefits Administrators
- Employee Tracking and Talent Management Systems
- Professional Employer Organizations
- Payroll Processors
- Communications Providers
- Social Media Platforms
- Our Corporate Customers
- Technology Partners
- Legal/Compliance Consultants
We may collect your personal information for the following business purposes:
- To fulfill or meet the purpose for which you provided the information.
- To process and submit financing applications, including to apply for credit, or credit pre-qualification.
- To process, complete, and maintain records on transactions.
- To provide warranty coverage on products and services.
- To retain your selection for Text opt in/opt out to ensure customers who opted out are not sent any text messages.
- To provide and communicate recall notifications to customers.
- To schedule, manage and keep track of customer appointments.
- To complete appraisals.
- To maintain records of when customers decline a service or sale.
- To respond to consumer inquiries, including requests for information, customer support online, phone calls, and in-store inquiries.
- To provide interest-based and targeted advertising.
- To improve user experience on our website.
- To understand the demographics of our website visitors.
- To detect security incidents.
- To debug, identify, and repair errors that impair existing intended functionality of our website.
- To protect against malicious or illegal activity and prosecute those responsible.
- To verify and respond to consumer requests.
- To prevent identity theft.
- JOB APPLICANT PURPOSES:
- To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to apply for a job with the Company, we will use that Personal Information in connection with your candidacy for employment.
- To comply with local, state, and federal law and regulations requiring employers to maintain certain records, as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements.
- To evaluate your job application and candidacy for employment.
- To obtain and verify background check and references.
- To communicate with you regarding your candidacy for employment.
- To reduce the risk of spreading infectious diseases in or through the workplace.
- INDEPENDENT CONTRACTOR PURPOSES:
- To fulfill or meet the purpose for which you provided the information.
- To comply with state and federal law and regulations requiring businesses to maintain certain records (accident or safety records, and tax records/1099 forms).
- To engage the services of independent contractors and compensate them for services.
- To evaluate, make, and communicate decisions regarding an independent contractor, including decisions to hire and/or terminate.
- To grant independent contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon.
- To implement, monitor, and manage electronic security measures on independent contractor devices that are used to access Company networks and systems.
- To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.
- To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
- To reduce the risk of spreading infectious diseases in or through the workplace.
We may disclose your personal information for the following business purposes as numbered above: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19(a), 19(b), 19(d), 20(a), 20(e), 20(f), 20(g), 20(h), and 20(i).
We do NOT and will not sell your personal information in exchange for monetary or other valuable considerations. We do not share your personal information for cross-context behavioral advertising.
We do not and will not use or disclose your sensitive personal information for purposes other than the following:
- To perform the services reasonably expected by an average employee who requests those services.
- To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
- To ensure the physical safety of natural persons.
- For short-term, transient use.
- To perform services on behalf of the Company.
- To verify or maintain the quality or safety of a product, service or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the Company.
- For purposes that do not involve inferring characteristics about the consumers, contractors, and applicants.
Retention of Personal Information
We will retain each category of personal information in accordance with our established data retention schedule as indicated above. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.
We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.
Third Party Vendors
We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.
In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.
Compliance with Law and Safety
We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.
- Provide you with services available through the website and to enable you to use some of its features
- Authenticate users and prevent fraudulent use of user accounts
- Compile data about website traffic and how users use the website to offer a better website experience
- Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the website
- Track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website
Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals.
The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.
Children Under the Age of 16
We do not knowingly collect, sell, or share the personal information of consumers under 16 years of age.
[How We Protect the Information that We Collect
The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:
- We use internal encryption on all data stores that house voluntarily captured data.
- We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.
- We restrict access to private information to those who need such access in the course of their duties for us.
We do not target, market to, or offer our products or services to consumers outside of the United States. You agree not to submit your personally identifiable information through the website if you reside outside the United States.
Rights Under the CCPA and CPRA
- Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected about you going back to January 1, 2022, unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time period, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your personal information,
- Right to Access. The right to request, up to 2 times in a 12-month period, that we disclose to you, free of charge, the specific pieces of personal information we have collected about you going back to January 1, 2022, unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time period;
- Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions;
- Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;
- The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and
- The right to not be discriminated or retaliated against for exercising any of the above rights, including an applicant’s and independent contractor’s right not to be retaliated against for exercising the above rights.
You can submit any of the above types of consumer requests through any of the 3 options below:
- Submit an online request by contacting us at email@example.com.
- Call our privacy toll-free line at 925.456.2450.
- Complete a paper form, which can be requested at the Wente Vineyards Tasting Lounge.
How We Will Verify That it is Really You Submitting the Request
If you are a California resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, amount of your last purchase with the business, and/or date of your last transaction with the business.
Responding to Your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests
Upon receiving a verifiable request from a California resident, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessary information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.
If You Have an Authorized Agent:
If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.
Other California Privacy Rights
The California Civil Code permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email to firstname.lastname@example.org, or write to us at the address listed below. Please mention that you are making a “California Shine the Light” inquiry.
Consent to Terms and Conditions
Consumers With Disabilities
This policy is in a form that is accessible to consumers with disabilities.
Questions About the Policy
**This policy was last updated May, 2023.