GDPR Compliance Statement
Effective Date: 1.24.2026
Website: lottafarms.com
Lotta Farms (“we,” “our,” or “us”) is committed to protecting the privacy and personal data of all visitors—including individuals located in the European Union (EU) and European Economic Area (EEA)—in accordance with the General Data Protection Regulation (GDPR).
This statement explains how we comply with GDPR requirements and outlines the rights available to EU/EEA data subjects when interacting with lottafarms.com.
1. Lawful Basis for Processing Personal Data
Under GDPR, we process personal data only when there is a valid legal basis. These may include:
-
Consent: When you voluntarily provide data, e.g., email subscriptions or contact forms.
-
Contract: When data is necessary to fulfill an order or provide a requested service.
-
Legal Obligation: When we must retain information for tax, compliance, or regulatory reasons.
-
Legitimate Interests: To improve website function, security, analytics, or customer experience (only when such interests do not outweigh your rights).
2. Types of Personal Data We Collect
Depending on your interaction with our website, we may collect:
-
Name
-
Email address
-
Contact information
-
Payment and billing details (if purchases are available)
-
IP address
-
Browser, device, and analytics data
-
Cookie and tracking data (see Cookies Policy)
We do not intentionally collect sensitive personal data unless explicitly provided and necessary.
3. How Your Data Is Used
We may use personal data for:
-
Processing orders and customer service
-
Responding to inquiries
-
Sending newsletters or marketing communications (with consent)
-
Improving website performance and analytics
-
Ensuring security and fraud prevention
-
Complying with legal obligations
We do not sell personal data.
4. Data Transfers Outside the EU/EEA
Because Lotta Farms is located in the United States, personal data may be transferred outside the EU/EEA.
When we transfer data internationally, we ensure that safeguards are in place, such as:
-
Standard Contractual Clauses (SCCs)
-
GDPR-compliant third-party service providers
-
Secure encryption and data protection measures
5. Data Retention
We retain personal data only for as long as necessary to:
-
Fulfill the purpose for which it was collected
-
Meet legal requirements
-
Resolve disputes
-
Enforce agreements
Once data is no longer needed, it is securely deleted or anonymized.
6. Your GDPR Rights
If you are located in the EU/EEA, you have the following rights:
6.1 Right to Access
Request a copy of your personal data.
6.2 Right to Rectification
Request corrections to inaccurate or incomplete data.
6.3 Right to Erasure (“Right to Be Forgotten”)
Request deletion of your personal data under certain circumstances.
6.4 Right to Restrict Processing
Request limited use of your data.
6.5 Right to Object
Object to processing based on legitimate interests or direct marketing.
6.6 Right to Data Portability
Request transfer of your data to another controller in a structured, machine-readable format.
6.7 Right to Withdraw Consent
If processing is based on consent, you may withdraw it at any time.
6.8 Right to Lodge a Complaint
You may file a complaint with your local EU data protection authority.
To exercise these rights, contact us using the information below.
7. Data Security
We use industry-standard security measures to protect personal data from unauthorized access, alteration, or loss. However, no system is entirely secure.
8. Data Protection Officer (If Applicable)
If required or appointed, we will list our Data Protection Officer (DPO) here.
If you do not have a DPO, you can remove this section or update it later.
9. Updates to This GDPR Statement
We may update this compliance statement periodically. Changes will be posted on this page with a revised effective date.
10. Contact Us
If you have questions or would like to exercise your GDPR rights, contact us at:
Lotta Farms
Carlotta, California
Email: info@lottausa.com
Phone: (707) 740-7400