Privacy Policy

We are an Oregon company doing business as The Human Bean® (“us” “The Human Bean” or “THB”). We respect your privacy and try to comply with all applicable privacy and data protection rules. Our privacy practices are based on the fundamental principles of notice, choice, accuracy, data minimization, and limited disclosure. Read on for the details about how The Human Bean handles personal data.

Personally Identifiable Information. Personally identifiable information (“PII”) is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you. PII does not include information that has been effectively aggregated or de-identified.

Sales:  We do not sell PII for monetary compensation, and we will not do so in the future unless we first ask for and obtain your verifiable consent. We do share PII with service providers for purposes of targeted advertising and marketing of our own goods and services; this sharing may be considered a “sale” under state law. We take appropriate measures to help protect PII in our control from misuse or unauthorized access.

Application: This Privacy Policy is our representation and notice to you regarding our information privacy practices. It applies to all PII collected at our branded outlets, and also to PII collected from your use of any online services that post a link to this Privacy Policy, including our websites (at thehumanbean.com and franchise.thehumanbean.com), applications, platforms, loyalty program, stored value cards, franchisee programs, and any other THB programs (collectively the “THB Services”).

When you visit or use the THB Services, we collect the following categories of information:

  • Identifiers – We collect PII, such as your first and last name, phone number, email address, postal address, day and month of your birthday, and demographic information (such as gender). We may ask you to create a username and password linked to your PII, or to share your contacts with us.
  • Financial – We collect PII necessary to process payments for purchases through the THB Services, such as financial account or payment card information.
  • Commercial – We  may collect PII about your transactions in our stores, on our websites or via our Rewards Application, including what products you purchase, how frequently you purchase them, any Rewards or promotions associated with a purchase, and products placed in a Shopping Cart for future purchase.
  • Online Activity – We collect information about your device such as its IP address, MAC address, and associated advertising identifier (such as IDFA or AAID). If permitted, we collect PII related to your online activity, such as your browsing history. This Privacy Policy describes some ways to limit this type of collection.
  • Geolocation – We collect PII about your location of your device, but our ability to collect this information can be limited.  We may use location-based technology in our retail locations, to detect the presence of your device, if your device settings allow this.
  • Likeness & Biometrics – We
    collect biometric PII such as your image or likeness when you use certain THB Services.  Video surveillance cameras are installed at some of our retail locations for premises security. These cameras collect visual images and similar information.  With your notice and consent, we may also record voice or video calls to our customer service for quality assurance.
  • Resume Data –  If you apply for employment, we or our
    independent franchisee will collect PII such as your name, email, phone number, employment and education history.
  • Inferences – We may draw inferences from the PII and other information described above, such as inferences about the identity of the user of a particular device.

This Privacy Policy explains: 

-what categories of PII we collect and from where;

-how we use the PII;

-with whom we may share the PII;

-what choices you have about our collection, use and disclosure of the PII;

-what data security procedures we employ to protect PII under our control;

-how you can correct any inaccuracies in the PII; and

-how you can exercise any additional rights granted by applicable state law.

Updates & Changes: We may update or modify this Privacy Policy from time to time, and we will post the changes here. If we change this Privacy Policy in a way that materially alters your rights, we will provide notice to the last-known email address, and an opportunity to exercise your rights. If state law or other applicable law gives you additional rights in these circumstances, we will follow the applicable law.

Limiting Our Collection and Use of Your PII

Industry Organization Opt-Outs

Two major US-based trade organizations offer opt-outs from interest-based advertising by their members. The Digital Advertising Alliance (DAA) and the Network Advertising Initiative (NAI) offer opt-out of interest-based advertising from their members. See the DAA’s opt-out portal and the NAI’s opt-out portal, and for mobile applications the DAA’s application.

Do Not Contact & Do Not Track

If you do not want to be contacted by us, we will promptly honor your do-not-contact request. You can opt out by replying STOP to any SMS message, following the instructions at the bottom of any THB marketing email, calling our toll-free number at (888) 262-2215, sending email to info@thehumanbean.com, sending a letter to The Human Bean, Attention: Customer Relations, 623 Rossanley Drive, Medford, OR 97501, or clicking here. The THB Services recognize the Global Privacy Control browser setting, which opts the user out of cookies on the browser for which it is enabled. See https://globalprivacycontrol.org/.

PII of Minors

We do not knowingly collect or maintain the PII of any persons under 13 years of age. If you are the parent or guardian of a person under 13 years of age and you believe we have collected such information, please ask us to delete it by calling our toll-free number at (888) 262-2215 or emailing to info@thehumanbean.com.

For persons aged 13-18, we will not sell or share your PII for purposes of marketing the goods or services of third parties in the future, unless we first ask for and obtain verifiable consent from you or (if required by applicable law) your parent or guardian.

Sources of PII

PII We Collect Directly from Your Input

The THB Services collect PII directly from you when you use the THB Services, such as when you visit one of our locations or contact us to
express interest in employment, to learn about franchise opportunities, for customer service, to order merchandise or to express interest in our products. If you use our loyalty rewards mobile application, we collect PII associated with your use of the application such as name, phone number, device identifier, purchases and locations. The mobile application also collects your date of birth, if you participate in a birthday-based promotion or give-away. Use of the mobile application requires your consent to use of your PII by the provider of the mobile
application, Incentivio, and by the payment processor, Stripe, according to the Incentivio Privacy Policy and Stripe Privacy Policy, respectively. If
you ask us to verify your eligibility to apply for a THB franchise, we will (through our service provider, FranData) collect and store additional PII regarding your income, account balances, payment history, credit history, credit scores and related financial information in accordance with our privacy policy and FranData’s. We will also collect and store PII provided to us about any potential co-owners of your franchised business.

PII We Collect Passively

The THB Services passively
collect PII or information that may be combined with PII (such as browser type, ISP, IP address, referring/exit pages, platform type, date/time stamp, and number/nature of clicks) when you use the THB Services. Sources for this type of collection include internet service providers, device operating systems, our advertising and data analytics providers. If we combine your PII with information that is not by itself personally identifiable, we will treat the combined result as PII.

PII from Cookies, Web Beacons & Other Technologies

The THB Services use various technical means to collect information about the usage of our sites and mobile applications, such as cookies, web beacons, local storage, entity tags and JavaScript. Most device and software browser settings can be adjusted to prevent or reduce the use of these technologies.

The THB Services use first and third-party cookies to collect information about how the THB Services are used, such as the pages viewed and the amount of time. The THB Services use both session ID cookies and persistent cookies. The session ID cookie terminates once you close the browser or application. The persistent cookie stores a text file on your computer. If you allow the persistent cookie, we can recognize your computer and your browser can remember your login information. If you reject the cookie, your user experience may be limited.

Third-party web beacons and similar technologies may associate your actions across different web sites. Web beacons (also known as clear gifs or pixel tags) are graphics with a unique identifier, used to track the online actions or movements of users. We may include web beacons in email messages or newsletters to determine whether messages have been opened and acted upon. We may use such information to improve the THB Services, reconstruct activity from a session or by a user, and for troubleshooting.

Local storage and entity tags allow sites to store part of their content on your device, allowing the site to load more quickly. These technologies are also used for performance monitoring and targeted advertising.

JavaScript is code embedded in sites or applications. The code is executed (if allowed) by your device and software, for example, to speed load times and monitor systems usage.

PII From Social Media & Other Sources

We may collect PII from our interactions with you on social media websites and applications, and we may use this PII for the purposes and uses described in this Policy. If you follow or interact with one of our social media accounts, our access to your information on that platform will be as allowed by the terms of service and privacy policy of that platform. Generally, when you use a separate entity’s site, platform, or service, the terms of service and privacy policy of that entity apply, so you should determine the information practices of that separate entity. We also may obtain PII of actual or potential customers from third parties such as consumer data resellers, credit reporting agencies, government
agencies, public records and other sources.

Our Use of Your PII

Use for Marketing Communications:
We may send you notices about THB products or services, unless you withdraw your permission to receive marketing communications from us. You may do this at any time. You can opt out by replying STOP to any SMS message, following the instructions at the bottom of any THB marketing email, calling our toll-free number at (888) 262-2215, emailing to info@thehumanbean.com or clicking here.

Use for Franchise or Employment Communications:  If you express interest in a THB Franchise, we will share your contact information with our franchise document service provider, FranData, and communicate with you about the application process and other aspects of the franchise in accordance with this privacy policy and FranData’s. If you express interest in employment at a particular location, we will share your contact information with the manager of that location. The manager may be employed by one of our corporate affiliates or by an independent franchisee. The manager may communicate with you about the application process and other aspects of the franchise. The manager will use your PII to evaluate your eligibility. You may terminate your application process at any time and opt out of further communications from us. If you have consented to receive franchise or employment related communications via phone or text message (SMS), you can opt out by replying STOP to any SMS message or contacting us by calling our toll-free number at (888) 262-2215.

Use for Internal Business Purposes (last 12 months): We use PII for our internal business purposes, such as:

  • To administer, maintain, and understand your use of, or interest in, the THB Services;
  • To personalize the THB Services to your preferences;
  • To respond to you or communicate with you;
  • To measure and improve the overall effectiveness of our advertising and content; and
  • For data analysis, research, audits, fraud monitoring and prevention, and new product development. 

Our Disclosures of Your PII (last 12 months):

THB discloses your PII as follows:

To Service Providers:  We may share your PII with professional service providers that perform services on our behalf. For our customers, they include our payment processor and the
provider of our mobile rewards application. For prospective franchisees and franchisees, they include our franchise document service provider. These third parties are required to treat your PII according to their own respective privacy policies, and to follow applicable law.

To Providers of Analytics and Targeted Advertising on Our Behalf
(last twelve months):

We use Google Analytics and other analytics providers to help measure trends, performance and traffic, and to provide targeted advertisements. These analytics providers collect PII through tracking technologies, including those embedded in the THB Services. The tracking technologies use PII to make inferences based on connections among related browsers and devices, such as those using the same
wi-fi access point, combined with geolocation data if available, and to show advertisements based on such inferences. You may limit some of this tracking and advertising through technical means, such as the Google Analytics opt-out browser extension, and by exercising industry organization opt-outs as
described above.

To THB Franchisees: If you express interest in employment at a franchised location, we will share your PII with the independent franchisee managing the location. We may share customer PII with our independent franchisees; they have agreed to treat it in accordance with this privacy policy.

As Required by Law or Legal Process:  We may disclose your PII in response to a lawful subpoena, court order or request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as we
reasonably believe is required by law. In such cases, we may raise or waive any legal objection or right available to us.

To Protect Our Business: We
may disclose your PII when we reasonably believe disclosure is necessary to investigate or prevent actual or suspected unlawful activity; to protect and defend the rights, property or safety of our company, employees, customers or others; or to enforce our Terms of Service or other agreements between us and you.

To Successors in Business Transitions:
If THB goes through a business transition, such as a merger, being acquired by another company, or sale of its assets, PII held by us will, in most instances, be part of the assets transferred. We will use our best efforts to ensure that the transferee assumes the responsibility of maintaining the PII under a policy at least as protective as this Policy.  

Accuracy and Maintenance of Your PII

Accuracy:  We will strive to ensure that your PII held
by us, if any, is accurate. Prospective franchisees or employees have multiple opportunities to review, update and correct PII during the proposal and application processes. You may also contact us to inquire about or correct the accuracy of your records: call us toll-free at (888) 262-2215, emailing to info@thehumanbean.com or clicking here.

Maintenance and Retention:  We retain PII as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required by law. In determining the retention period, we consider the need to satisfy our legal or reporting requirements; the nature and sensitivity of the PII; the potential risk of harm from unauthorized use or disclosure of the PII; the purposes for which we use the PII; and
whether we can achieve the purposes through other means. We may be unable to delete your information from our database until the expiration of the applicable period. State law may give you additional rights; see the
state-specific notices at the end of this Privacy Policy.

Data Security: We take
reasonable precautions in accordance with industry standards to protect PII held by us from unauthorized access. We reasonably restrict access to PII according to its sensitivity, and we employ information security safeguards when allowing employees and service providers with proper authorization to access it. We use firewalls and other intrusion detection and prevention controls to help prevent unauthorized persons from gaining access to your PII. We also use administrative and physical security measures. These measures include secured files and buildings. Security measures are by nature not a perfect or complete defense against malicious actors.  Accordingly, we do not guarantee that your PII will be completely secured against unauthorized access. 

Data Breach Notification: THB maintains procedures for notifying you in the event of a data security breach. If THB experiences a data security breach and is required to notify you under applicable law, THB will notify you by electronic mail using the last-known e-mail address you have provided. You are responsible for ensuring that your contact information is current and correct. To review or change your information and correct any inaccuracies, call us toll-free at (888) 262-2215, email to info@thehumanbean.com or click here.

Procedures

Questions about this Policy:
If you have questions about this Policy, our information practices or other aspects of the THB Services, please call us toll-free at (888) 262-2215, email to info@thehumanbean.com or click here, or send us a letter at The Human Bean, Attention: Customer Relations, 623 Rossanley Drive, Medford, OR 97501.

Rights under Applicable State Law

If your state has adopted a law granting you additional rights relating to PII collected by us, and the state law applies to us, we will comply with the state law. As of August 2023, four states had currently effective and potentially applicable laws of this type: California, Colorado, Connecticut, and Virginia.

California

If you are a resident of California, you have the rights to request additional information from us regarding our collection and use of PII, to ask us to correct or delete your PII, to opt out of the sale or sharing of your personal information, to limit our use and disclosure of sensitive PII, and to opt out of the use of your PII for automated decision-making.

To maintain data security, we will verify your identity before taking action on your request. Our procedure for verifying your identity is to match identifying information provided by you with PII held by us. We may need to request additional information to verify your identity, but if so we will use it only to process your request. We may also use a third-party identification service. We will not discriminate or take any adverse action against you for exercising these rights. You may designate an authorized agent to exercise these rights on your behalf. To exercise these rights, call us toll-free at (888) 262-2215, email to info@thehumanbean.com, click here, or send us a letter at The Human Bean, Attention: Customer Relations, 623 Rossanley Drive, Medford, OR 97501. We will respond within 10 days or the period required by applicable law. We will comply with verifiable requests within 45 days (90 days if we notify you of the reason for the delay), or as required by applicable law.

You have the right to ask us for the specific PII we have collected about you during the preceding calendar year, as well as the following for the preceding calendar year:

  • The categories of PII we collected;
  • The categories of sources of PII we collected;
  • The purposes for which we collected PII;
  • The categories of third parties that received PII from us;
  • The categories of business purposes for which we used PII; and
  • The categories of PII sold/shared for marketing purposes, and the categories of the recipients.

California Residents - Individual Rights

Correction or Deletion. You
have the right to ask us to correct or delete your PII collected or maintained by us. If we use deidentification to satisfy a deletion request, we will maintain the data in deidentified form and not attempt to reassociate it with PII. Applicable laws, regulations and legal obligations may prevent us from completely deleting all of your PII.  

Sensitive PII.  You have the right to ask us to limit our use and disclosure of sensitive PII in a way that reasonably corresponds to the purpose of collection.

Advertising Opt-Out.  You have the right to opt out of the sale of your PII, and to request that we not share your PII
for targeted or behavioral advertising.

Colorado, Connecticut, and Virginia – Individual Rights

THB does not sell PII as sales are defined under the laws of Colorado, Connecticut, or Virginia. Residents of these states, and of any other state that makes effective a law granting similar rights, may exercise these rights using the same mechanisms as California residents (above).

Access & Portability. You have the right to obtain a copy of your PII in data-portable format.

Correction or Deletion. You have the right to ask us to correct or delete your PII collected or maintained by us. If we use deidentification to satisfy a deletion request, we will maintain the PII in deidentified form and not attempt to reassociate it with PII. Applicable laws, regulations and legal obligations may prevent us from completely deleting all of your PII. 

Advertising Opt-Out.  You have the right to opt out of sales of your PII, and to request that we not share your PII for targeted or behavioral advertising.

Automated Decision Making. You may have the right to opt out of use of your PII for automated decision making.

Last Revised: December 4, 2023