This Privacy Policy describes how SansaHerbs.com (the “Website,” “we,” “us,” or “our”) collects, uses, shares, and protects the personal information of users (“you”) who access our blog. We are committed to transparency and compliance with major global privacy frameworks, including the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA).
We operate as an informational website about growing herbs and DIY recipes. We rely on affiliate marketing links to products we recommend.
Section 1: Data Collection and Processing
We collect personal information from you through various interactions, as detailed below.
1.1. Personal Information Collected
| Data Category | Specific Data Points | Purpose of Processing | Legal Basis (GDPR) | Data Retention Period |
| Usage/Technical Data | IP address, browser type, operating system, referring URL, time/date of visits, pages viewed. | Site optimization, analytics, and security. To ensure the site is functional and protected against attacks. | Legitimate Interests (site security and improvement) | Up to 26 months (Standard for analytics) |
| Comments Data | Name, email address, website (if provided), IP address, browser user agent string, Gravatar hash. | To display your comment, authenticate your identity, and screen against automated spam/abuse. | Consent (when submitting the comment) / Legitimate Interests (spam detection) | Indefinitely, unless deletion is requested (standard practice for blog comments) |
| Contact Form Data | Name, email address, and content of your message. | To communicate with you and respond to your specific inquiries or requests. | Contract Fulfilment or Legitimate Interests (to respond to direct contact) | Up to 12 months after resolution of the query, then securely erased or anonymized |
| Affiliate Click Data | Anonymized click ID, referral source. | To track the efficacy of affiliate links and receive commissions when a qualifying action (like a purchase on a third-party site) occurs. | Legitimate Interests (running a commercial, ad-supported website) / Contract Fulfilment (with affiliate partners) | Session duration or as required by the specific affiliate partner, typically up to 90 days. |
1.2. Cookies and Tracking Technologies
- We use cookies, pixels, and other tracking technologies. We maintain a separate, detailed Cookie Policy where you can find complete information about the types of cookies we use, their purpose, and how to manage your consent.
- Non-Essential Cookies (Analytics, Affiliate Tracking): Used to analyze site traffic and track affiliate referrals. We require your explicit consent before setting these on your device (Legal Basis: Consent).
- Essential Cookies: Used for basic site functionality and security (Legal Basis: Legitimate Interests).
Section 2: Data Sharing and Third-Party Processors
We share personal data only as necessary for the functions described below or when legally obligated.
2.1. Third-Party Data Sharing
We share data with the following categories of third parties:
- Affiliate Marketing Partners: We share click and referral data, but we do not sell your Personal Information for monetary consideration. However, under the CCPA/CPRA, sharing data for cross-context behavioral advertising (e.g., using a click ID to track behavior for a commission) may be considered “sharing” or “sale.” We process this data strictly for affiliate link attribution.
- Analytics Providers (e.g., Google Analytics): We share anonymized Usage/Technical Data to analyze visitor behavior.
- Spam Detection Services (e.g., Gravatar, Anti-Spam Tools): We share Comment Data (like IP address and hash) to prevent automated abuse.
- Legal Authorities: We will disclose your data if legally required to do so by a warrant, court order, or governmental regulation.
2.2. International Data Transfer
We process data in the United States. By using our site, you understand that your information will be transferred to and processed in the United States. We ensure that any transfers of personal data from the EU/EEA are protected by appropriate safeguards (e.g., Standard Contractual Clauses), as required by GDPR.
Section 3: Data Security and Integrity
We implement reasonable technical and organizational security measures to protect your information:
- Data Retention Policy: Personal data is retained for no longer than is necessary for the purposes for which it was processed, as outlined in Section 1. When the retention period expires, the data is securely erased or anonymized.
- Encryption: We use SSL encryption for all site traffic.
- Access Control: Access to personal data is limited to personnel who require it for operational purposes.
- Internal Compliance: We maintain internal security policies and build awareness among our team members regarding data security best practices, including guidance on passwords and device encryption.
Section 4: Your Legal Rights
Depending on your location, you have several rights regarding your personal information.
4.1. General Privacy Rights (GDPR)
If you are an EU resident, you have the following rights:
- Right of Access: To request a copy of the personal data we hold about you.
- Right to Rectification: To have inaccurate or incomplete data corrected.
- Right to Erasure (Right to be Forgotten): To request the deletion of your data when there is no compelling reason for its continued processing.
- Right to Restrict Processing: To limit the way we use your data.
- Right to Data Portability: To receive your personal data in a portable format.
- Right to Object: To object to processing based on legitimate interests.
- Right to Withdraw Consent: To withdraw consent at any time for processing based on consent (e.g., non-essential cookies).
4.2. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights, including:
- Right to Know: The right to request disclosure of the categories and specific pieces of personal information collected about you in the preceding 12 months.
- Right to Opt-Out of Sale/Sharing: The right to stop the sharing of your personal information (as defined by CCPA/CPRA) to third parties. Although we do not sell data for monetary payment, we may share data for cross-context behavioral advertising via affiliate links.
- Right to Deletion: The right to request the deletion of your personal information.
- Right to Non-Discrimination: The right not to be discriminated against for exercising any of your CCPA/CPRA rights.
How to Exercise CCPA/CPRA Rights:
- Do Not Sell Or Share My Personal Information: We are required to provide a clear, conspicuous link on our website homepage and in this policy for you to opt-out.
- Verifiable Consumer Requests: To exercise your Right to Know or Right to Delete, you must submit a verifiable consumer request via the Contact Information below. We must verify your identity to ensure the request relates to the consumer about whom we have collected information.
- Response Timeline: We will respond to a verifiable request within 45 days of receipt. We may extend this period by another 45 days if necessary, provided we notify you within the initial period.
Section 5: Other Mandatory Disclosures
5.1. Children’s Privacy (COPPA)
Our Website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly.
5.2. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the “Last updated” date, and potentially through site notifications or email (if we have your contact information).
5.3. Contact Information
For privacy-related questions, requests to exercise your rights, or to submit a verifiable consumer request (CCPA/CPRA), please contact us:
Email: contact@sansaherbs.com