Privacy Policy Statement and Privacy Notice on Collection

The California Department of Food and Agriculture (CDFA) is committed to promoting and protecting the privacy rights of individuals, as enumerated in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal laws.

It is the policy of the CDFA to limit the collection and safeguard the privacy of personal information collected or maintained by the Department. Electronic privacy is crucial for the ongoing success of the Internet as a convenient means to provide customer service. Your personal information will be used only to conduct CDFA related business. The Department’s information management practices conform to the requirements of the Information Practices Act (Civil Code Section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, and other applicable laws pertaining to information privacy.

Our privacy policy reflects CDFA’s current business practices and is subject to change without notice. We reserve the right to make a revised notice effective for personal information we may already maintain, as well as any information we receive in the future.

The CDFA collects personal information on individuals only as allowed by law. The Department limits the collection of personal information to what is relevant and necessary to accomplish its lawful purpose. For example, if you choose to enroll in our electronic email alerts or Newsletters, you may need to provide personal information so that your request can be fulfilled.

CDFA must tell all individuals who provide personal information to the department the purpose(s) for which the information is collected. At the time of collection, we must also tell individuals who provide personal information about the specific use of that information and provide a privacy notice on or with the form used to collect personal information.

Personal information is information that identifies or describes an individual, including, but not limited to, his or her first and last name, social security number, physical description, home address, home telephone number or personal cell phone number, education, financial information, and medical or employment history, readily identifiable to that specific individual. Personal information will not be disclosed, made available, or otherwise used for purposes other than those specified, except with the consent of the subject of the data, or as authorized by law or regulation. A domain name or Internet Protocol address is not considered personal information. However, it is considered "electronically collected personal information". CDFA allows individuals who provide personal information to review the information and contest its accuracy or completeness.

Electronically collected personal information means any information that is maintained by a Department that identifies or describes an individual user, including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, medical or employment history, password, and information that reveals any network location or identity, but excludes any information that is manually submitted to a state agency by a user.

Electronically collected personal information that we automatically collect includes your domain name or Internet Protocol (IP) address and information about web pages you may visit. This information is defined as electronically collected information, under Government Code 11015.5. The IP address is the unique Internet Protocol address of the user. Registration of a user’s IP address in the web log of the host server is standard among web servers. CDFA does not reuse the IP address. CDFA does not distribute or sell electronically collected personal information. Electronically collected personal information is exempt from requests made pursuant to the California Public Records Act, Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1. If you voluntarily participate in an activity that asks for specific information (i.e., subscribe for updates, file a complaint, license applications, sending an e-mail, or participating in a survey), more detailed data will be collected.

The Public Records Act exists to ensure that government is open, and that the public has a right to have access to appropriate records and information possessed by state government. At the same time, there are exceptions in both state and federal law to the public's right to access public records. If you choose not to participate in these activities, your choice will not affect your ability to use any other features of the web site. If the form contains open fields where users may input unrestricted content, users should not provide personal information that is not requested. You have the right to have any electronically collected personal information deleted by CDFA without reuse or distribution. Please see contact information at the end of this document to request deletion of electronically collected personal information.

We may use electronic “cookies” in some areas of this website to improve the overall usability of the site. Additionally, when a user accesses the CDFA website, a session ID is stored in a cookie on the user's PC. A cookie is simply a packet of information that is stored on the user's computer. The session ID stored in the cookie upon visiting the CDFA website is randomly generated and is not being used or redistributed by the CDFA. The session ID does not contain any information about the user and is merely a default functionality of the CDFA website software. The session cookies are used to facilitate the interaction between you and our website. Consequently, no information identifying you or your device is being stored. The cookie may remain stored on the user's hard drive until such time as the user manually removes the cookie.

Additionally, CDFA’s Public website has many areas of functionality which act as independent applications that may or may not request and collect personal information to provide a service or information to the public at large. If information is collected, please note that it is required to enable the Department to contact the reporting individual, deliver the service, or provide the requested information as required by law, statute, or regulation. Please be aware of this as you navigate and explore each area of the public website.

We use information security safeguards. We take reasonable precautions to protect the personal information collected or maintained by the CDFA against loss, unauthorized access, and illegal use or disclosure. The Department uses encryption software to protect the security of individuals' personal information during transmission of such information through the Department's Websites. Such personal information is stored by the Department in secure locations. The Department's staff is trained on procedures for the management of personal information, including limitations on the release of information. Access to personal information is limited to members of CDFA’s staff whose work requires authorized access. Confidential information is destroyed according to the Departments records retention schedule. The Department conducts periodic reviews to ensure that proper information management policies and procedures are understood and followed.

CDFA's Privacy Program Coordinator shall prepare, publish, and maintain a General Privacy Policy Statement and a Privacy Notice on Collection for each personal information collection in accordance with the Privacy Statement and Notices Standard (SIMM 5310-A).

If you have questions, comments, complaints or would like additional information regarding our privacy policy, email us or write to:

California Department of Food and Agriculture
Privacy Program Coordinator c/o CDFA IT Service Desk
1220 N Street
Sacramento, CA 95814
(916) 651-4357

This policy is effective March 5, 2022.