- Home
- ›
- Privacy Policy
Privacy Policy
Dallmann Confections – Privacy Policy (Effective May 20, 2025)
Last updated: May 20, 2025
Dallmann Confections Inc. ("Dallmann," "Company," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit www.dallmannconfections.com (the "Site") or engage with any of our services (collectively, the "Services"). It also describes your privacy rights and how to exercise them.
Quick‑read: A concise Notice at Collection for California residents appears directly below. Detailed disclosures and instructions for all U.S. users follow in the full Policy.
1. Notice at Collection (California)
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), we are required to provide you with a notice at or before the point of collection describing:
| Category of Personal Information | Examples | Purpose of Processing | Retention Period | Sold or Shared¹? |
|---|---|---|---|---|
| Identifiers | Name, email, postal address, IP address, unique IDs, phone number | Account creation, order fulfilment, marketing communications, fraud prevention | 7 years (tax & legal); device identifiers 24 months | Yes (share) for cross‑context advertising |
| Commercial Information | Purchase history, shopping preferences | Order fulfilment, customer service, marketing analytics | 7 years | Yes (share) |
| Internet / Network Activity | Browsing data, device & session information, referring URLs | Site security, analytics, advertising, debugging | 24 months | Yes (share) |
| Geolocation (coarse) | City, state derived from IP | Content & promotional localization | 24 months | No |
| Sensitive Personal Information (SPI) | Precise geolocation (disabled by default); account log‑in & payment credentials | Fraud prevention, secure payment | For the life of the account + 7 years archival | Not sold or shared |
¹ "Sold" means we disclose personal information to a third party for monetary or other valuable consideration. "Shared" means we disclose personal information to a third party for cross‑context behavioural advertising.
You have the right to opt‑out of sale or sharing and to limit the use and disclosure of SPI (see § 10 below).
2. Who We Are
Dallmann Confections Inc.
757 N Twin Oaks Valley Rd #1,
San Marcos, CA 92069 USA
info@dallmannconfections.com
3. Applicability
This Policy applies to visitors, customers, and prospective customers in the United States. If you reside outside the U.S., additional rights may apply under your local law (see § 11.6 for GDPR).
4. Definitions
Capitalised terms used but not defined here have the meanings given in the CCPA or other applicable privacy statutes.
5. Personal Information We Collect
We collect personal information from the following sources:
-
Directly from you – e.g., when you place an order or sign up for emails.
-
Automatically – via cookies, pixels, and similar technologies.
-
Third parties – e.g., payment processors, advertising networks, analytics providers, social networks.
A full inventory of data elements, purposes and retention periods is provided in Appendix A.
6. Cookies & Tracking Technologies
We use first‑ and third‑party cookies, pixels, and local storage objects to:
-
Operate the Site (strictly necessary)
-
Measure performance (analytics)
-
Personalise content & ads (advertising)
Non‑essential cookies are disabled by default until you grant consent via our Consentmo banner. You can change your preferences at any time through the "Cookie Settings" link in the footer. We also honour the Global Privacy Control (GPC) signal for opt‑out of sale/sharing.
7. How We Use Personal Information
We use personal information to:
1. Provide, maintain and improve the Services
2. Process and deliver orders
3. Authenticate user accounts and prevent fraud
4. Send transactional and marketing communications
5. Provide real‑time customer support through recorded phone or chat interactions (with prior consent)
6. Personalise ads and measure campaign effectiveness
7. Comply with legal obligations
8. Detect, investigate, and remediate security incidents
9. Undertake business transfers (e.g., mergers, acquisitions)
8. How We Disclose Personal Information
We disclose personal information to:
-
Service Providers & Contractors (e.g., Shopify, Klaviyo, PayPal, Square) bound by written agreements.
-
Advertising & Analytics Partners (only identifiers, commercial info, and network activity; may be deemed "sharing").
-
Affiliates & Business Partners under common control.
-
Law enforcement or regulators when required by law.
-
Successors in the event of a merger or acquisition (with notice to you).
We do not knowingly sell or share the personal information of children under 16.
9. Sensitive Personal Information (SPI)
We do not use or disclose SPI for any purpose other than those permitted by Cal. Civ. Code § 1798.121(a) (e.g., completing a transaction, security and fraud prevention). Accordingly, we do not offer a "Limit SPI" link because our processing is already limited.
Audio & Electronic Communications (CIPA Compliance)
We value your privacy in all communications channels. To comply with the California Invasion of Privacy Act ("CIPA"):
-
Recorded phone calls – Our customer‑support and corporate phone lines may record calls for quality assurance and training. A voice prompt at the start of every call notifies all participants, and recording begins only after both parties remain on the line.
-
Chat transcripts – Messages you send through our on‑site chat widget are stored after you click “Send.” We do not capture keystrokes or text that you type before you submit the message.
-
Affirmative consent – By continuing the call after the recording notice or by clicking “Send” in the chat widget, you give consent to recording or logging. If you do not consent, please end the call or use alternative contact methods (email or postal mail).
-
No secret monitoring – We do not eavesdrop on, intercept, or monitor audio or electronic communications without notice and consent.
10. Your Privacy Rights
Depending on your state of residence, you may have the rights listed below. We will not discriminate against you for exercising any of them.
| Right | Available To |
|---|---|
| Access / Know | CA, CO, CT, VA, UT, TX, FL, OR, MT, IA, DE, NJ, NE, NH, MD, MN |
| Deletion | Same as above |
| Correction | CA, CO, CT, VA, OR, MT, TX, NJ, NH, MD |
| Data Portability | Same as above |
| Opt‑out of Sale | All states above |
| Opt‑out of Sharing / Targeted Ads | CA, CO, CT, VA, UT, MT, OR, TX, NJ, NH, MD |
| Opt‑out of Profiling | CO, CT, VA, OR, TX, NJ, NH |
| Appeal (for denied requests) | CO, CT, VA, OR, TX, NJ, NH |
10.1 How to Submit a Request
Email us at info@dallmannconfections.com or call *(760) ‑ (toll‑free). We will verify your identity by matching at least two data points (for sensitive requests, three) and respond within 45 days (extension of 45 more if reasonably necessary).
10.2 Opt‑out of Sale/Sharing & GPC
-
Click "Do Not Sell or Share My Personal Information" in the footer, or
-
Enable the Global Privacy Control (GPC) in your browser. We treat GPC as a valid request to opt‑out of sale/sharing for that device and browser.
11. Additional Disclosures
11.1 Colorado, Connecticut, Utah, Virginia, Florida, Texas, Oregon, Montana, Iowa, Delaware, New Jersey, Nebraska, New Hampshire, Maryland, Minnesota
If you reside in one of these states, the definitions of "sale," "targeted advertising," and "profiling" under your state law apply. We process opt‑out requests in a uniform manner.
11.2 Nevada
Nevada residents may opt‑out of the sale of covered information by emailing info@dallmannconfections.com with "Nevada Opt‑Out" in the subject line.
11.3 Children’s Privacy
Our Site is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe we have unintentionally collected such information, contact us at info@dallmannconfections.com and we will delete it.
11.4 Data Retention
We retain personal information only as long as necessary for the purposes described above or as required by law. See Appendix A for category‑specific periods. After retention periods expire, data is anonymised or securely deleted.
11.5 Data Security
We use industry‑standard administrative, technical and physical safeguards—including TLS‑encrypted transmission, limited‑access environments, and periodic security assessments—to protect your data. No system is 100 % secure; please use strong passwords and keep them confidential.
11.6 International Users & GDPR
We are located in the United States. If you access the Site from the EEA, UK or Switzerland, we process your personal data as a "data controller" under GDPR Art. 6(1)(b) (contract), (c) (legal obligation) or (f) (legitimate interests) as applicable. We rely on Standard Contractual Clauses (SCCs) for transfers.
12. Changes to This Privacy Policy
We may update this Policy from time to time. If we make material changes, we will post a prominent notice on the Site 30 days before the new policy takes effect and email registered users when feasible. The "Last updated" date will reflect the revision date.
13. Contact Us
Questions or concerns? Email info@dallmannconfections.com or write to Privacy Officer, Dallmann Confections Inc., 757 N Twin Oaks Valley Rd #1, San Marcos, CA 92069 USA.
Appendix A – Data Inventory & Retention Schedule
| Category & Elements | Source | Purpose | Retention |
|---|---|---|---|
| Identifiers (name, email, phone, address, IP, device IDs) | Direct; automatic | Fulfil orders, account login, marketing, fraud detection | 7 yrs; device IDs 24 mo |
| Commercial Info (purchase history, cart contents, preferences) | Direct | Fulfil orders, customer service, analytics | 7 yrs |
| Internet / Network Activity (page views, clicks, referrer, browser) | Automatic | Site security, analytics, targeted ads | 24 mo |
| Geolocation (city/state from IP) | Automatic | Localised content & ads | 24 mo |
| Payment & Transaction (last‑4 of card, tokenised IDs) | Direct via PCI DSS processors | Process payments, refunds, fraud prevention | 7 yrs |
| Sensitive Personal Info (account log‑in, precise location if enabled) | Direct; automatic | Security, fraud prevention, geofencing (opt‑in) | Life of account + 7 yrs archival |
