Privacy Policy 121420

Harvest Food Solutions LLC Privacy Policy

Last Updated December [13], 2020

This is the privacy policy (“Privacy Policy”) for Harvest Food Solutions LLC and our affiliates (collectively, “Harvest,” “us,” “our” or “we”). It explains how we collect and treat information that you our Customer or your users (collectively, “you” or “your”) and your privacy controls. Please read this Privacy Notice carefully to understand our privacy practices.


This Privacy Policy applies to your use your use of Harvest DSD, Harvest ERP, Harvest BI or other digital software, portals, applications or solutions we offer (each a “Solution,” and collectively, the “Solutions”), our marketing website and any other websites we own, operate, or make available to our customers (the “Site”), and your communications with us by any means. This Privacy Policy is governed by and part of the terms and conditions applicable to our Site and/or any Solution you use. Any additional notices we may provide you about our privacy practices will be considered to form part of this Privacy Policy.


By visiting the Site or installing or using a Solution, you consent to this Privacy Policy and the collection and use of information as described herein. Your use of the Site or Solutions is subject to this Privacy Policy and the terms and conditions applicable to a given Solution, including the applicable limitations on damages and the provisions regarding resolution of disputes. If you do not agree with this Privacy Policy, do not visit the Site or use our Solutions.

Personal Information

As used in this Privacy Policy, “Personal Information” means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or device, such as:

  • Identifiers (e.g., name, email address, phone number);
  • Sensitive Personal Information (e.g. government identification number, medical or health insurance information, username combined with password);
  • Protected classification information (e.g. race, citizenship, marital status, sex);
  • Biometric information (e.g. image, voice, fingerprint, physical characteristics);
  • Internet or other similar activity (e.g. geolocation, browsing history);
  • Employment-related information (e.g. current or past employment);
  • Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99); and
  • Commercial information (e.g. products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).

Personal Information does not include: (i) publicly available information; (ii) aggregate information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (iii) de-identified information that cannot be easily linked back to the individual.

Collection of Personal Information

The categories of Personal Information we collect about you and the manner of collection depends on how you interact with us, whether as a Site visitor, a customer subscribed to use a Solution (“Customer”) or a Customer’s employee or other end user with access to a Solution (in each case a “User”). We only collect and use your Personal Information: (i) when applicable, with your consent; (ii) if we have a legitimate interest in doing so; or (iii) as authorized or required by law. We collect, process and store the minimum Personal Information necessary to provide you with the Site and Solutions.

Categories. During the preceding 12 months, we have collected these categories of Personal Information:

  • Identifiers
  • Employment information
  • Internet or other similar activity
  • Commercial information

Sources. Harvest collects Personal Information from these sources:

  • Directly from you as a Customer, with your consent. When you sign up for a Solution as a Customer, we collect employment and commercial information about your company and a payment method. We also collect contact information for a Customer point of contact including name, email address, and phone number, as well as login credentials. A Customer may also choose to provide us email addresses and other identifiers in order to grant one or more employees access to the Solution as a User. We collect this information directly from the Customer with the Customer’s consent, and we use the information to provide the Customer with Solution access, services and support, and for any other purposes stated at the time of collection.
  • Directly from you as a User of a Solution, with your consent. When you register as a User of a Solution, we collect identifiers like your name, email and login credentials. If you register using your work contact information, we will collect that employment information as well. When you use the Solutions, you may choose to input various commercial information related to current or planned product inventory, ordering information, deliveries, sales, and transaction settlements. The Solutions are developed to integrate with our Customer’s existing applications, and in doing so the Solution may collect Personal Information from your account with a Customer’s application. We collect this information with your consent, and we use the information to provide you with access to the Solution and its features, offer you support, and improve our services.
  • Directly from you when you communicate with us, with your consent. If you contact us via the Site, by email, or any other means, we will collect your name, email address and other information necessary to respond to your inquiry. If you complete one of our online surveys, we will collect your responses. We collect this information with your consent, and we use it for the purposes stated at the time of collection, to provide you with our Services, and to communicate with you or send you direct marketing communications.
  • From your Interactions with the App, with a legitimate interest. When visit the Site or use a Solution, we collect technical information like your: (i) device information (e.g., device type and settings, IP address, operating system, browser type, time zone, language, session duration, referring URL, and mobile network); (ii) usage details (e.g., searches, content interactions, commercial activity, communication activity); and (iii) geolocation. Like most commercial websites and platforms, we use cookies and other technologies to track use of our Site and Solutions. We use this information to maintain your settings and preferences across browsing sessions, provide technical support, and to analyze and improve our Solutions. You can opt-out of accepting cookies by adjusting your browser settings to not accept cookies or to notify you when you are sent a cookie. You can also install third-party plugins to control cookie behavior. Note that if you disable or refuse cookies, some features may not function properly.

Other Uses. In addition to the uses specified above, we may also use your Personal Information to:

  • Monitor your compliance with any of your agreements with
  • Protect your privacy and enforce this Privacy Policy.
  • If we believe it is necessary, to identify, contact, or bring legal action against persons or entities who may be causing injury to you, to us, or to others.
  • Comply with a law, regulation, legal process, or court order.
  • Fulfill any other purpose to which you consent.

Sharing Personal Information

Categories. We do not share or release Personal Information without your permission except as described below or as required by law. In the preceding 12 months, we have disclosed the following categories of Personal Information for a business purpose:

  • Identifiers
  • Employment information
  • Internet or other similar activity
  • Commercial information

Recipients. Harvest may disclose Personal Information to the following recipients:

  • Service Providers. Harvest’s service providers, such as customer support vendors, analytics companies, and email and data hosting providers, may have access to your Personal Information in order to perform their contractual obligations to us. The type of information that we share with a service provider will depend on the service that they provide to We prohibit our service providers from selling the Personal Information we provide or using it for their own marketing purposes, and we require all service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information.
  • Affiliates. We may disclose the Personal Information we collect to our business affiliates or subsidiaries. Their use and disclosure of your Personal Information will be subject to this Privacy Policy.
  • Law enforcement, and other governmental agencies, at our sole discretion in connection with an investigation of any matter that is illegal or that could expose Harvest or our subsidiaries to liability.
  • Cookie information recipients, subject to their respective privacy policies. In some cases, we may also allow specific partners to use cookies or similar technologies to collect non-personal data from your browser or device for measurement purposes.
  • Other Third Parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.

Customer Access to User Personal Information. Users access the Solutions under their Customer’s subscription, usually in the User’s role as an employee to the Customer. Any Personal Information a User submits or saves to a Solution may be accessible by their respective Customer.  The Customer’s access to and use of your Personal Information is governed by the Customer’s privacy policy and practices, not ours. Please contact your Customer if you have questions about these activities related to your Personal Information collected via the App.

Aggregated and Deidentified Information. We reserve the right to share aggregated, anonymized, or deidentified information about any individuals with nonaffiliated entities for marketing, advertising, research or other purposes, without restriction.

Your Privacy Controls

Depending on where you reside and how you use the Solutions, your legal rights to control your Personal Information may include some or all of the following:

  • Change your event registration or account information.
  • Change your preferences for how and about what we communicate with you.
  • Correct, update, or delete the Personal Information in your account. Please note that certain legal obligations may limit or prevent our ability to fulfill these requests, and that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Services for a period of time.
  • Request access to the Personal Information we hold about you.
  • Choose whether to receive marketing communications from us.
  • Control how the cookies we use interact with your device.

This Privacy Notice provides supplemental notices of privacy rights specific to residents of California and Canada.

No Sale of Personal Information. Harvest does not sell Personal Information. If we ever choose to sell Personal Information in the future, we will update this Privacy Policy and provide you with a method to opt out of the sale of your Personal Information.

Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed below.

Consumer Privacy Requests. Users may access, change, or delete certain Personal Information by logging into the Solution. If you wish to exercise your privacy rights beyond these methods, or if you want to express concerns, lodge a complaint or request information, please submit a verifiable Consumer Privacy Request by contacting us by email at or toll free at (888) 243-3147.

Harvest may only legally fulfill a Consumer Privacy Request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Information, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so, such as requests that are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Note that if we process your Personal Information in our capacity as a service provider or data processor to a Customer, we may need to instruct you to submit your request to that Customer. Also, in some cases, we may need to deny or limit our response to your request to comply with applicable laws or if we have a legally recognized need to retain certain Personal Information for legal, security, fraud or abuse prevention or recordkeeping purposes.

Children’s Privacy

Harvest Food Solutions does not knowingly collect personal identifiable information from children under the age of 16 without verifiable parental consent. If we discover that we have collected Personal Information from a child under 16 without such consent, we will delete that information from our systems.  Anyone under the age of 16 must seek and obtain parent or guardian permission to use the Site or any Solution. If you believe we might have collected information online from a child under 16, or if you are aware of any unauthorized submission of information to us, please contact us at

California Privacy Rights

This section provides residents of the State of California (“California Consumers”) with the disclosures and notices required under the California Consumer Privacy Act of 2018 (“CCPA”). The following paragraphs apply solely to California Consumers and describe the specific rights afforded under the CCPA.

Employee Data Exception. In most cases, the Personal Information we collect about you is in a business-to-business context when you use a Solution or visit the Site or as part of your employment with a Customer. Please note that Personal Information collected and used in this context is not subject to legal protections under the CCPA as of the date this Privacy Policy was last updated. As such, the notices and information in this section apply only to the extent that we collect Personal Information from California Consumers in a context not associated with the California Consumer’s employment or business functions.

Without limiting the foregoing, California Consumers may exercise the following rights over their Personal Information, subject to our receipt a verifiable Consumer Privacy Request and any exceptions and limitations that may apply.

  • Right to Disclosure. You have the right to request that we disclose information to you about our collection and use of your Personal Information over the past 12 months, such as: (i) the categories of Personal Information we have collected about you; (ii) the categories of sources for the Personal Information we have collected about you; (iii) our business purpose for collecting or selling that Personal Information; (iv) the categories of third parties with whom we share that Personal Information; and (v) if we sold or disclosed your Personal Information for a business purpose, two separate lists stating: (a) sales, identifying the Personal Information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. UMU is only required to respond to two disclosure requests within a 12-month period.
  • Right to Access. You have the right to request that we provide you with access to specific pieces of Personal Information we have collected about you over the past 12 months (also called a data portability request). You may exercise your right to access by logging into your account to view or export your Personal Information. Alternatively, if you submit a right to access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that Harvest is prohibited by law from disclosing copies of certain pieces of Personal Information because the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our business systems, or your account. Harvest is only required by law to respond to two access requests within a 12-month period.
  • Right to Deletion. You have the right to request that we delete any of your Personal Information that we collected from you and retained, with certain exceptions. You may exercise your right to deletion by logging into your account and deleting your editable Personal Information. Alternatively, if you submit a Consumer Privacy Request to delete your Personal Information, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete. Harvest may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion.
  • Right to Nondiscrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services; (iii) provide you a different level or quality of goods or services; or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under the CCPA.
  • Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.

No Sale of Personal Information. UMU does not sell Personal Information. If we ever choose to sell Personal Information in the future, we will update this Privacy Policy and provide you with a method to opt out of the sale of your Personal Information.

California Consumer Privacy Requests. California Consumers may exercise these rights as to Personal Information collected in a context not associated with their employment or business by submitting a verifiable Consumer Privacy Request as instructed above under Your Privacy Rights. We endeavor to respond to a verifiable Consumer Privacy Request from a California Consumer within 45 days of receipt. If we require more time, we will notify you in writing of the reason and extension period. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable consumer request. If we cannot comply with part or all of your request, we will explain the reasons in our response.

Canadian Privacy Rights

We adopted this section to provide supplemental information in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). This section applies solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Information offering details on an identifiable person without the inclusion of name, title, telephone number, and business address of an employee of a business or organization. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.

  • Right to know why we collect, use and distribute the Personal Information we process. We have set the required notices in this Privacy Policy. We may provide you with additional notices about other ways we process your Personal Data, such as by sending you a notice via email or by other means of communication.
  • Right to expect us to collect, use, or disclose Personal Information responsibly and not for any other purpose other than which you consented. We set your expectations in this Privacy Policy and collect express or implied consent at various stages of collection or processing. If we collect or use your Personal Information based on your consent, we will also notify you of any changes and will request your further consent as needed. You may withdraw your consent at any time with reasonable notice by contacting us at
  • Right to accuracy of your Personal Information. We take steps to reasonably ensure that your Personal Information we are using is accurate. In most cases, we rely on you to ensure that the Personal Information in your account is current, complete, and accurate. We provide methods for you to correct, update, and delete inaccurate Personal Information in your account, and we will provide you with reasonable assistance to ensure that your Personal Information is accurate in our systems and with our service providers.
  • Right to access your Personal Information. You may access your Personal Information my logging into your account. Alternatively, upon written request and identity authentication, we will provide you with your Personal Information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Information you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal, and outline further steps that are available to you.

Canadian Consumer Privacy Requests. Canadian Consumers may exercise their privacy rights by submitting a verifiable Consumer Privacy Request. We endeavor to respond to such requests in accordance with the requirements of PIPEDA. Depending on the circumstances and the nature of your request, we may be unable to fulfill your request in part or in whole, for example, if your request falls within a statutory exception or if fulfilling your request would prevent us from complying with a statutory or contractual obligation.

Data Security

Harvest Food Solutions endeavor and take every precaution to maintain adequate physical, procedural and technical security with respect to our information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure or modification of the user’s personal information under our control. Our Solutions are built with a range of security features tailored with role-based activities and security in mind. We also restrict access to Personal Information to Harvest employees, contractors, and agents who need that information in order to process it. Please note, however, that no transmission of data over the Internet is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes.

Your Account. If you create an account with us, you will have a login and password. We encourage you to take steps to protect against unauthorized access to your password and your devices by, among other things, choosing a robust password that nobody else knows or can easily guess, and keeping your password private, and signing off after using a shared device. We are not responsible for any lost, stolen, or compromised passwords, or for any unauthorized activity on your account.

Data Transfers. Data protection laws vary among countries, with some providing more protection than others. We apply the protections described in this Privacy Policy to all Personal Information we collect, regardless of where that information is processed. Personal Information of EU Residents is stored in servers located in the European Union. However, we maintain servers around the world and your information may be processed on servers located outside of the country where you live. By allowing us to collect Personal Information about you, you consent to the transfer and processing of your Personal Information as described in this paragraph.

Third Party Websites. The Site or Solutions may contain links to websites owned or operated by third parties. We have no ability to control, and we are not responsible for, the privacy and data collection, use, and disclosure practices of third-party websites. We encourage you to read the privacy statements of each website that collects your Personal Information.

Changes to this Privacy Policy

If we make material changes to how we treat your Personal Information, we will post the revised Privacy Policy on this page. Your continued use of our Site or Solutions after we make changes is deemed to be your acceptance of those changes. The date that this Privacy Policy was last revised is identified at the top of the page. You are responsible for periodically checking this Privacy Policy for changes.

Contact Harvest

If you have questions about our privacy practices or would like to make a complaint, please contact us at