Effective Date: As of January 1, 2023
This California Privacy Notice (“Notice”) supplements, for California residents with which we interact in the business-to-business context (collectively referred to throughout this Notice as “you” or “your”), the general privacy policies of S&B FOODS INC., S&B International Corporation, and our affiliated companies (“S&B,” “Company,” “our,” “us,” or “we”), including, without limitation, our Website Privacy Policy, and any other privacy policies, notices, or statements providing on a website, mobile app, or any other digital assets that we own and operate.
In the event of a conflict between any other Company policy, notice, or statement and this Notice, this Notice will prevail as to California residents unless stated otherwise. You have certain privacy rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the regulations promulgated thereunder (together, the “CCPA”). This Notice is designed to meet our obligations under the CCPA and provides information regarding our data practices, including our collection, use, disclosure, and Sale of your personal information (“PI”). Capitalized terms used but not defined in this Notice shall have the meanings given to them under the CCPA.
Applicability:
- Section 1 of this Notice provides notice of our data practices, including our collection, use, disclosure, and sale of Consumers’ Personal Information or Personal Data (collectively, “PI”).
- Sections 2-5 of this Notice provide information regarding Consumer rights and how you may exercise them.
Non-Applicability, Human Resources:
This Notice does not apply to our job applicants, current employees, former employees, or independent contractors (“Personnel”), however, our California Personnel may obtain a separate privacy notice that applies to them by contacting our human resources department at privacypolicy@sbfoods.co.jp. It also does not apply where we Collect or otherwise Process PI with respect to commercial conduct occurring wholly outside of California.
1. NOTICE OF DATA PRACTICES
The description of our data practices in this Notice covers the twelve (12) months prior to the Effective Date. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.
(a) PI Sources and Use
We may Collect your PI directly from you such as when you fill out the contact us form on our website, visit one of our facilities, or participate in one of our events (e.g., identification/identity data, contact details); your devices; our affiliates; service providers; public sources of data; third parties (e.g., marketing and event management platforms), or other businesses or individuals.
Generally, we Process your PI to provide you services and as otherwise related to the operation of our business, including for one or more of the following Business Purposes: Performing Services; Managing Interactions and Transactions; Security; Debugging; Advertising & Marketing; Quality Assurance; Processing Interactions and Transactions; and Research and Development. For example, in the course of you interacting with us, we may use PI for the following purposes:
- Respond to inquiries and complaints regarding products and services;
- Operate campaigns, including confirmation of eligibility, draws, notification of winners, and delivery of prizes;
- Facilitate receptions, guidance and facility tours;
- Provide information on events, products, and services;
- Hold, manage, and operate events and seminars;
- Conduct surveys, including questionnaires;
- Execute operations related to sales, delivery, and payment of products and services; and
- Develop and improve products and services.
We may also use PI for “Additional Business Purposes” in a context that is not a Sale or Share under the CCPA, such as:
- Disclosing it to S&B’s parent company which acts as our Service Provider pursuant to our intracompany data processing agreement;
- Disclosing it to our Service Providers or Contractors that perform services for us (“Vendors”);
- Disclosing it to you or to other parties at your direction or through your actions (e.g., software platform operators and partner companies for the purpose of marketing activities);
- For the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice);
- As required or permitted by applicable law;
- To the government or private parties to comply with law or legal process, protect or enforce legal rights or obligations, or prevent harm;
- Where we believe we need to in order to investigate, prevent or take action if we think someone might be using information for illegal activities, fraud, or in ways that may threaten someone’s safety or violate our policies or legal obligations; and
- To assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”).
Subject to restrictions and obligations under the CCPA, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.
We provide more detail on our data practices in the chart that follows.
(b) PI Collection, Disclosure, and Retention – By Category of PI
We collect, disclose, and retain PI as follows:
| Category of PI | Examples of PI Collected and Retained | Categories of Recipients |
|---|---|---|
1. Identifiers |
Real name, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, e-mail address, and social media account name. |
Disclosures for Business Purposes:
Sale/Share: None |
2. Personal Records |
Name, address, telephone number, and financial information (e.g., payment card information). Some PI included in this category may overlap with other categories. |
Disclosures for Business Purposes:
Sale/Share: None |
3. Commercial Information |
Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
Disclosures for Business Purposes:
Sale/Share: None |
4. Internet Usage Information |
When you browse our sites or otherwise interact with us online, we may Collect browsing history, search history, and other information regarding your interaction with our sites, applications, or advertisements. |
Disclosures for Business Purposes:
Sale/Share: None |
5. Geolocation Data |
If you interact with us online we may gain access to the approximate location of the device or equipment you are using. |
Disclosures for Business Purposes:
Sale/Share: None |
6. Sensory Data |
We may Collect audio, electronic, or similar information when such as when you contact us through our customer service line or video security recordings. |
Disclosures for Business Purposes:
Sale/Share: None |
7. Professional or Employment Information |
Business contact details, title or position, company affiliation, and company address. |
Disclosures for Business Purposes:
Sale/Share: None |
8. Inferences from PI Collected |
Drawn from PI to create a profile about you reflecting your preferences in respect of our products or similar products. |
Disclosures for Business Purposes:
Sale/Share: None |
There may be additional information we Collect that meets the definition of PI under the CCPA but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category.
As permitted by applicable law, we do not treat Deidentified data or Aggregate Consumer Information as PI and we reserve the right to convert, or permit others to convert, your PI into Deidentified data or Aggregate Consumer Information, and may elect not to treat publicly available information as PI. We will not attempt to reidentify data that we maintain as deidentified.
Because there are numerous types of PI in each category of PI, and various uses for each PI type, our retention periods vary for each of the categories of PI described above. The length of time for which we retain each category of PI depends on the purposes for our collection and use and requirements pursuant to applicable laws. In no event do we retain your PI for any longer than reasonably necessary to achieve the purposes for which it was collected or processed, or as required by applicable law. The criteria used to determine the retention period of PI includes the nature and sensitivity of the PI, the potential risk of harm from unauthorized use or disclosure of the PI, as well as applicable laws (such as applicable statutes of limitation).
2. YOUR RIGHTS AND HOW TO EXERCISE THEM
As described more below, subject to meeting the requirements for a Verifiable Consumer Request (defined below) and limitations permitted by applicable laws, we provide you the privacy rights described in this section.
To submit a request to exercise your privacy rights, or to submit a request as an authorized agent, use our California Resident Privacy Rights Webform
, or call us at 833-774-7242, and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.). More details on the request and verification process is in Section 2(g) below. The rights we accommodate are as follows:
(a) Right to Limit Sensitive PI Processing
We do not Process your Sensitive PI under the CCPA.
(b) Right to Know/Access
You are entitled to access PI up to twice in a 12-month period.
(1) Categories
You have a right to submit a request for any of the following for the period that is 12-months prior to the request date:
- The categories of PI we have Collected about you.
- The categories of sources from which we Collected your PI.
- The Business Purposes or Commercial Purposes for our Collecting, Selling, or Sharing your PI.
- The categories of Third Parties to whom we have disclosed your PI.
- A list of the categories of PI disclosed for a Business Purpose and, for each, the categories of recipients, or that no disclosure occurred.
- A list of the categories of PI Sold or Shared about you and, for each, the categories of recipients, or that no Sale or Share occurred.
(2) Specific Pieces
You may request to confirm if we are Processing your PI and, if we are, to obtain a transportable copy, subject to applicable request limits, of your PI that we have Collected and are maintaining. For your specific pieces of PI, as required by the CCPA, we will apply the heightened verification standards as described below. We have no obligation to re-identify information or to keep PI longer than we need it or are required to by applicable law to comply with access requests.
(c) Do Not Sell / Share
We do not Sell or Share PI. We do not knowingly Sell or Share the PI of Consumers under 16, unless we receive affirmative authorization (“opt-in”) from either the Consumer who is between 13 and 16 years old, or the parent or guardian of a Consumer who is less than 13 years old. If you think we may have unknowingly collected PI of a Consumer under 16 years old, please Contact Us.
We may disclose your PI for the following purposes, which are not a Sale or Share: (i) if you direct us to disclose PI; (ii) to comply with a rights request you submit to us; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.
(d) Right to Delete
Except to the extent we have a basis for retention under applicable law, you may request that we delete your PI. Our retention rights include, without limitation:
- to complete transactions and services you have requested;
- for security purposes;
- for legitimate internal Business Purposes (e.g., maintaining business records);
- to comply with law and to cooperate with law enforcement; and
- to exercise or defend legal claims.
Note also that, we may not be required to delete your PI that we did not Collect directly from you.
(e) Correct Your PI
You may bring inaccuracies they find in their PI that we maintain to our attention and we will act upon such a complaint as required by applicable law.
(f) Automated Decision Making/Profiling
We do not engage in Automated Decision Making or Profiling.
(g) How to Exercise Your Privacy Rights
To submit a request to exercise your privacy rights, or to submit a request as an authorized agent, use our California Resident Privacy Rights Webform , or call us at 833-774-7242, and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.).
(1) Your Request Must be a Verifiable Request
As permitted or required by the CCPA, any request you submit to us must be a Verifiable Request, meaning when you make a request, we may ask you to provide verifying information, such as your name, e-mail, phone number, and address. We will review the information provided and may request additional information via e-mail or other means to ensure we are interacting with the correct individual. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we Collected PI. We do not verify opt-outs of Sell/Share requests unless we suspect fraud.
We verify each request as follows:
- Right to Know (Categories): We verify your Request to Know Categories of PI to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. If we cannot do so, we will refer you to this Notice for a general description of our data practices.
- Right to Know (Specific Pieces): We verify your Request To Know Specific Pieces of PI to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you together with a signed declaration under penalty of perjury that you are the individual whose PI is the subject of the request. If you fail to provide requested information, we will be unable to verify you sufficiently to honor your request, but we will then treat it as a Right to Know Categories Request if you are a California resident.
- Do Not Sell/Share: We do not sell or share PI so you do not need to opt-out of sell/share.
- Right to Delete: We verify your Request to Delete to a reasonable degree of certainty, which may include matching at least two reliable data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three reliable data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the individual posed by unauthorized deletion. If we cannot verify you sufficiently to honor a deletion request, you can still make a Do Not Sell/Share/Target and/or Limit SPI request.
- Correction: We verify your Request to Correct PI to a reasonable degree of certainty, which may include matching at least two reliable data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three reliable data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the individual posed by unauthorized correction.
If we are unable to verify you sufficiently we will be unable to honor your request. We will use PI provided in a Verifiable Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
(2) Agent Requests
You may use an authorized agent to make a request for you, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you. You can learn how to do this by visiting the agent section of our California Resident Privacy Rights Webform . Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of the CCPA.
(h) Our Responses
Some PI that we maintain is insufficiently specific for us to be able to associate it with a verified individual (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in response to those requests. If we deny a request, in whole or in part, we will explain the reasons in our response.
We will make commercially reasonable efforts to identify PI that we Process to respond to your request(s). In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
3. NON-DISCRIMINATION / NON-RETALIATION
We will not discriminate or retaliate against you in a manner prohibited by the CCPA for your exercise of your privacy rights. We may charge a different price or rate, or offer a different level or quality of goods or service, to the extent that doing so is reasonably related to the value of the applicable PI.
4. NOTICE OF FINANCIAL INCENTIVE PROGRAMS
We do not currently offer discounts or rewards to Consumers for providing us PI, or set price or service differences related to the collection, retention, Sale, or Sharing of PI. If we offer such programs in the future, we will update this Notice to describe such program(s), including how you may opt-in and how we value the PI required.
5. OUR RIGHTS AND THE RIGHTS OF OTHERS
Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your rights under the CCPA. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.
6. CONTACT US
If you have any questions, comments, or concerns about our privacy practices, please contact us by e-mail at privacypolicy@sbfoods.co.jp or by mail at S&B International Corporation, 21241 S. Western Ave., Suite 110, Torrance, CA 90501. Please note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.