Kimberton Whole Foods Inc. ("Kimberton Whole Foods," "we," "us," or "our") respects the privacy of our customers, site visitors, and applicants ("you" or "your"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you:
● visit our primary website and related pages (collectively, the “Website”);
● shop through our online ordering / e-commerce experience powered by WebKart/WebCart by ECRS (the “Online Store”);
● subscribe to or receive our email newsletters and marketing communications (including via Campaign Monitor) (the “Newsletter”); and
● apply for jobs or interact with recruiting and hiring workflows (including via Paylocity and related SMS communications) (the “Recruiting Services”).
The Website, Online Store, Newsletter, and Recruiting Services are referred to collectively as the “Services.”
Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not use the Services.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about changes by updating the “Last updated” date above. Any changes are effective immediately upon posting. You are encouraged to periodically review this Privacy Policy to stay informed of updates. Your continued use of the Services after the posting of a revised Privacy Policy means you will be deemed to have accepted the changes.
● This Privacy Policy applies to information we collect through the Services. It does not apply to third-party websites, applications, or services that may be linked from our Services.
● The Online Store is supported by third-party vendors (including ECRS). Those vendors may collect and process information to provide the Online Store. Where applicable, their privacy practices may also apply.
● No method of transmission is 100% secure. We use reasonable administrative, technical, and physical measures to protect information, but we cannot guarantee complete security.
We may collect information about you in a variety of ways. The information we may collect through the Services includes:
You may voluntarily provide information such as:
● Identifiers and contact information: name, email address, telephone number, mailing/shipping address.
● Account and login information: username/email, password, and security-related information for the Online Store account.
● Order and transaction information: items purchased, order details, delivery/pickup preferences, and communications related to orders.
● Communications: information you provide when you contact us, submit forms, request support, submit vendor or donation requests, or otherwise communicate with us.
● Newsletter information: your email address and preferences when you subscribe to our Newsletter.
● Recruiting information: application materials and information you provide through Recruiting Services, such as contact information, employment history, education, availability, and other information included in your application.
You are under no obligation to provide personal information; however, refusal to provide certain information may prevent you from using certain features of the Services.
Our servers and service providers may automatically collect certain information when you access the Services, such as:
● IP address and approximate location derived from IP;
● browser type, device type, operating system, and device identifiers;
● access times, referring/exit pages, and pages viewed;
● interactions with the Services (e.g., clicks, scrolling, and page response times);
● cookie identifiers and related online identifiers.
When you make purchases through the Online Store, payment information (such as credit/debit card details) is typically processed by the Online Store platform and/or its payment processor(s). We store limited payment card information (for example, a tokenized payment reference and/or partial card details such as last four digits) with your consent via our partner ECRS as required to operate the Online Store and support customer service, refunds, fraud prevention, and accounting.
We may receive information from third parties in limited circumstances, such as:
● Service providers (e.g., newsletter and recruiting vendors) that help operate the Services.
● Advertising and analytics partners (e.g., Meta and Google) that provide analytics, measurement, and advertising tools.
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected through the Services to:
● Provide and operate the Services (including processing orders, delivering/picking up purchases, creating and managing accounts, and providing customer support).
● Respond to inquiries and requests (including product questions, vendor submissions, donation/event requests, and customer service requests).
● Administer Recruiting Services (including communicating with applicants, scheduling interviews, sending application status updates, and managing hiring workflows).
● Send transactional and administrative messages (such as account verification, receipts, service notices, updates to our policies, and security alerts).
● Send marketing communications (such as our Newsletter) and manage preferences.
● Deliver targeted advertising and measure effectiveness (including using cookies, pixels, and similar technologies to help show ads that may be more relevant to you and to measure ad performance).
● Monitor and analyze usage and trends to improve the Services.
● Improve security and prevent fraud (including detecting suspicious activity and protecting against misuse).
● Comply with legal obligations and enforce our agreements and policies.
We may share information we have collected about you in certain situations, including:
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by applicable law. This may include exchanging information with other entities for fraud protection and credit risk reduction.
We may share your information with third parties that perform services for us or on our behalf, such as:
● website hosting and infrastructure (including VPS/hosting providers);
● e-commerce and ordering technology providers (including WebKart/WebCart by ECRS and associated vendors);
● payment processing providers (used by the Online Store);
● email delivery and marketing vendors (including Campaign Monitor);
● recruiting and hiring platform providers (including Paylocity);
● analytics and measurement providers (including Google Analytics);
● advertising technology providers (including Meta/Facebook Pixel);
● customer service and communications support.
Where appropriate, we use vendor agreements and confidentiality/security obligations designed to restrict how service providers use information and to protect it.
We may work with advertising partners to deliver ads and measure performance. These partners may receive information such as cookie identifiers, device identifiers, IP address, and information about your interactions with the Services. In some jurisdictions, this may be considered “sharing” for cross-context behavioral advertising or targeted advertising.
If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer information to the successor entity. If we go out of business or enter bankruptcy, information may be transferred or acquired as an asset.
We may share information as you direct or consent (for example, when you request we share information to complete a service request).
Certain forms on our Website (for example, general inquiries, vendor submissions, and donation/event requests) may be stored on our servers and used for the purpose stated at the time of collection. In some cases, submissions may also be routed to internal staff via email or internal systems to respond to your request.
We may use cookies, web beacons, tracking pixels, and similar technologies on the Services to help operate the Services, customize content, improve performance, and measure marketing effectiveness.
Cookies may be:
● First-party cookies (set by us), and/or
● Third-party cookies (set by our service providers and partners).
Most browsers are set to accept cookies by default. You can remove or reject cookies through your browser settings. Please note that blocking certain cookies may affect the availability and functionality of the Services.
We use Google Analytics to understand how visitors use our Services, such as which pages are visited, how long visitors stay, and what features are used. Google Analytics may use cookies and similar technologies to collect information about your use of the Services.
We may use the Meta Pixel (also known as the Facebook Pixel) and similar tools to:
● measure the effectiveness of our advertisements;
● understand actions taken after you view or click an ad; and
● help deliver ads that may be more relevant to you.
These tools may collect or receive information from the Services and elsewhere on the internet and may use that information to provide measurement services and targeted advertising.
You can generally opt out of interest-based advertising by adjusting device settings and using industry opt-out mechanisms (where available). You can also manage ad preferences directly with certain platforms (for example, Google and Meta).
Helpful opt-out resources:
Digital Advertising Alliance (DAA) opt-out: https://www.aboutads.info/choices
Network Advertising Initiative (NAI) opt-out: https://optout.networkadvertising.org/
Google Ads Settings: https://adssettings.google.com/
Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
Meta Ad Preferences: https://www.facebook.com/adpreferences/
If we offer a cookie banner or preference center, you may use it to set certain cookie preferences (subject to availability and local legal requirements). In some jurisdictions, we may also honor legally required opt-out preference signals (such as Global Privacy Control) for certain types of data use.
If you subscribe to our Newsletter, we may send you marketing emails. Our emails may include tracking technologies (such as pixels) that let us understand whether a message was opened and which links were clicked, to help improve communications.
● Opt-out: You can unsubscribe at any time by using the unsubscribe link in our emails.
● Preferences: Where available, you may update preferences through links in the Newsletter or by contacting us.
If you apply for jobs or opt in to receive recruiting-related text messages, we may use Paylocity and related services to send SMS messages for recruiting purposes (for example, application status updates, interview scheduling, and hiring communications).
● Opt-out: You may opt out of receiving SMS messages at any time by replying STOP to any message.
● Help: You may be able to reply HELP for additional assistance.
● Message and data rates may apply, and message frequency may vary.
● SMS security: Text messaging is not a fully secure communication method. Please avoid sending sensitive information by SMS.
The Services may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you use these links to leave the Services, any information you provide to such third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. We are not responsible for the content or privacy and security practices of any third parties.
We retain information for as long as reasonably necessary to:
● provide the Services;
● fulfill the purposes described in this Privacy Policy;
● comply with legal obligations (including accounting and recordkeeping);
● resolve disputes and enforce our agreements; and
● maintain security and prevent fraud.
Retention periods may vary depending on the type of information and the context in which it was collected.
We use administrative, technical, and physical security measures designed to help protect personal information. These measures may include access controls, vendor security commitments, encryption where appropriate, and other safeguards.
However, despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against interception or misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security.
If we experience a security incident that triggers notification obligations, we will comply with applicable law, including the Pennsylvania Breach of Personal Information Notification Act (as amended) and other applicable breach notification laws.
We do not knowingly solicit information from or market to children under the age of 13. If you believe we have collected information from a child under 13, please contact us using the contact information below.
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
Depending on how you interact with the Services, you may be able to:
● update your Online Store account information through your account settings;
● unsubscribe from marketing emails using links in the emails;
● opt out of recruiting SMS by replying STOP;
● adjust cookie settings through your browser or (where available) a cookie preference center.
Certain U.S. states provide residents additional privacy rights, which may include the right to:
● request access to personal information;
● request deletion of personal information;
● request correction of inaccurate personal information;
● obtain a copy of personal information (data portability);
● opt out of certain processing, such as targeted advertising;
● opt out of the “sale” or “sharing” of personal information as defined under certain laws; and
● limit the use/disclosure of certain sensitive information (where applicable).
We will respond to verifiable requests as required by applicable law. To protect your information, we may need to verify your identity (for example, by confirming account access or requesting additional information). In some cases, we may deny requests as permitted by law (for example, where we must retain information for legal compliance or security).
Where required by law, you may use an authorized agent to submit certain requests on your behalf. We may require proof of authorization and may still need to verify your identity directly.
We will not discriminate against you for exercising privacy rights provided by applicable law.
Our Services are operated in the United States. If you access the Services from outside the United States, you understand that information may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate.
If you have questions or comments about this Privacy Policy, or if you would like to submit a privacy request, please contact us:
Kimberton Whole Foods Inc.
PO Box 760
Kimberton, PA 19442
You may also contact us via our Website “Contact Us” page or by calling your local store.
Helpful contact links:
Contact Us: https://www.kimbertonwholefoods.com/contact-us/
Locations/Phone Numbers: https://www.kimbertonwholefoods.com/kimberton-locations/locations-map/