Who we are
Our website address is: https://www.rowansroyale.com. We are a small family-owned and operated farm in the Jamaican Blue Mountains.
We respect our customers and their personal data. As such, we safeguard any personal data or personally identifiable data to the best of our ability. We do not share such data with any outside party except as needed for shipping, payment processing, or when compelled by law enforcement or government requirements.
While not all our customers reside in the European Union (EU), we extend the EU General Data Protection Regulation (GDPR) protections to all our customers.
To request modification or deletion of your personal data, please use the form on this page.
What personal data we collect and why we collect it
Shipping and Order Processing
In order to process orders, payments and ship products to our customers we must collect your name, full mailing address, email address, and your credit card or crypto wallet address.
We collect the IP address of the machine which initiated the order on the customer side. This is done to facilitate anti-SPAM and anti-hacking and is required by our hacking and SPAM protection software. IP addresses are also used to prevent fraud with regard to coupon codes and discount code applications.
Payments processing is done by third parties, who may return a serial number, hash, or other identifying string to us and information regarding the status of the attempted payment. This is collected and stored indefinitely for fraud prevention and accounting purposes.
These details are necessary to validate payments and ship products to our customers.
Should a customer decide to create an account, the information submitted by the customer is retained indefinitely until the deletion of the account.
Comments and Form Submissions
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Recipe submissions and reviews, when published, are public and your first name and general location (i.e. State/Province or general area) will be displayed publicly.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
In order to better serve our customers we collect certain analytical data from all site visitors regardless or account creation or product orders.
We collect analytics data using the WordPress JetPack service as well as the Facebook Pixel service. This data is processed by those third parties according to their practices.
Who we share your data with
Payment processing is done entirely by third parties. PayPal and PayPal Express payments are processed by PayPal according to their practices. Stripe Payments are processed by Stripe according to their practices. Crypto payments are processed by the network belonging to the coin selected for payment by the customer.
With regard to credit card or debit card payments, your name, address, and credit card details are collected and transmitted to the third party processor.
With regard to crypto payments, your wallet address and payment amount is broadcast to the crypto network belonging to the coin selected for payment where it is broadcast publicly according to the rules and requirements of that network. Your name and address are NOT broadcast to the network. Some networks are more anonymous regarding wallet address details than others. It is your responsibility to know the working of the network you choose to process your crypto payment.
Your name email address and mailing address must be shared with shipping organizations in order for us to ship products to you and comply with legal standards. Standard and Expedited service shipment data will be shared with Jamaica Post, the EMS service, and the postal service which serves your domicile. Express services such as DHL, FedEX, UPS, etc. require the above shipping information also and use it according to their procedures.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Data submitted during the account creation process is kept until the account is deleted. However, order data, which may include personal or personally identifiable information, even if it is a duplicate of information contained in an account, will be retained after account deletion indefinitely for fraud and accounting purposes.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
We respect all European Union General Data Protection Regulation requests made under color of that law.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Payments data is sent to our payment processors and payment networks according to their practices and requirements.
We employ a Secure Socket Layer (SSL) certificate to protect customer data in transit to payment processors.
Your contact information
For privacy information and GDPR requests please use the form on this page.
How we protect your data
Only that personal data which we must share with third parties are transmitted from our servers or given to external parties. This includes payment processors, shipping processors and shipping companies, and when required, disclosure to law enforcement and government entities.
All personal data we keep is stored and backed up on our servers and in a secure, offline hard drive (HDD) in a secure space in San Francisco, California, USA.
The offline HDD is stored in an anonymous, secure location.
The servers are protected by a professional web security team employed by our server operator. Our web store and sensitive outflows of personal financial information are protected by an SSL certificate, and more than one layer of anti-hacker, anti-SPAM and anti-breach software.
What data breach procedures we have in place
In the event of a known data breach, all customers and account holders will be contacted by the most expedient means we know, according to our most recent backup of our files.
What third parties we receive data from
We receive certain data from our payment processors, shipment processors, shipping companies, crypto networks and WordPress and Facebook.
What automated decision making and/or profiling we do with user data
Comments and emails are checked automatically for SPAM.
Industry regulatory disclosure requirements