GDPR Compliance Statement

Effective Date: 1.24.2026
Website: lottafarms.com

Lotta Farms (“we,” “our,” or “us”) is committed to protecting the privacy and personal data of all visitors—including individuals located in the European Union (EU) and European Economic Area (EEA)—in accordance with the General Data Protection Regulation (GDPR).

This statement explains how we comply with GDPR requirements and outlines the rights available to EU/EEA data subjects when interacting with lottafarms.com.


1. Lawful Basis for Processing Personal Data

Under GDPR, we process personal data only when there is a valid legal basis. These may include:

  • Consent: When you voluntarily provide data, e.g., email subscriptions or contact forms.

  • Contract: When data is necessary to fulfill an order or provide a requested service.

  • Legal Obligation: When we must retain information for tax, compliance, or regulatory reasons.

  • Legitimate Interests: To improve website function, security, analytics, or customer experience (only when such interests do not outweigh your rights).


2. Types of Personal Data We Collect

Depending on your interaction with our website, we may collect:

  • Name

  • Email address

  • Contact information

  • Payment and billing details (if purchases are available)

  • IP address

  • Browser, device, and analytics data

  • Cookie and tracking data (see Cookies Policy)

We do not intentionally collect sensitive personal data unless explicitly provided and necessary.


3. How Your Data Is Used

We may use personal data for:

  • Processing orders and customer service

  • Responding to inquiries

  • Sending newsletters or marketing communications (with consent)

  • Improving website performance and analytics

  • Ensuring security and fraud prevention

  • Complying with legal obligations

We do not sell personal data.


4. Data Transfers Outside the EU/EEA

Because Lotta Farms is located in the United States, personal data may be transferred outside the EU/EEA.

When we transfer data internationally, we ensure that safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)

  • GDPR-compliant third-party service providers

  • Secure encryption and data protection measures


5. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill the purpose for which it was collected

  • Meet legal requirements

  • Resolve disputes

  • Enforce agreements

Once data is no longer needed, it is securely deleted or anonymized.


6. Your GDPR Rights

If you are located in the EU/EEA, you have the following rights:

6.1 Right to Access

Request a copy of your personal data.

6.2 Right to Rectification

Request corrections to inaccurate or incomplete data.

6.3 Right to Erasure (“Right to Be Forgotten”)

Request deletion of your personal data under certain circumstances.

6.4 Right to Restrict Processing

Request limited use of your data.

6.5 Right to Object

Object to processing based on legitimate interests or direct marketing.

6.6 Right to Data Portability

Request transfer of your data to another controller in a structured, machine-readable format.

6.7 Right to Withdraw Consent

If processing is based on consent, you may withdraw it at any time.

6.8 Right to Lodge a Complaint

You may file a complaint with your local EU data protection authority.

To exercise these rights, contact us using the information below.


7. Data Security

We use industry-standard security measures to protect personal data from unauthorized access, alteration, or loss. However, no system is entirely secure.


8. Data Protection Officer (If Applicable)

If required or appointed, we will list our Data Protection Officer (DPO) here.
If you do not have a DPO, you can remove this section or update it later.


9. Updates to This GDPR Statement

We may update this compliance statement periodically. Changes will be posted on this page with a revised effective date.


10. Contact Us

If you have questions or would like to exercise your GDPR rights, contact us at:

Lotta Farms
Carlotta, California
Email: info@lottausa.com
Phone: (707) 740-7400

ARE YOU OVER 21 YEARS AGE?