LAST REVISED AND EFFECTIVE JULY 27, 2023

Welcome!

This Privacy Policy is here to help you understand how we collect, process, and share your Personal Data (as defined below). We also describe your Rights & Choices with respect to how we process that Personal Data. Please read this policy carefully.

Who We Are

This is the Privacy Policy (“Policy”) of Miller Milling Company, LLC (“Miller Milling”, “Company”, “us”, “our”, or “we”), a Minnesota limited liability company with offices at 7808 Creekridge Circle, Suite 100, Bloomington, MN 55439. You can contact us using the information below.

Scope & Acknowledgement

This Policy applies to information that relates to identified or identifiable individuals and households (“Personal Data”) collected through our “Services” which include our website at millermilling.com, or other of our websites that link to or post this Privacy Policy (including any subdomains or mobile versions) (collectively, the “Sites”).

This Policy reflects only how we collect and process Personal Data pertaining to our customers and visitors to our Services (collectively, “Users”, “you” or “your”). This Policy does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services, unless those parties collect or process information on our behalf. Please review any relevant third party’s privacy policy for information regarding their privacy practices.

Your use of our Services indicates your acknowledgement of the practices described in this Policy.

Additional Terms

If you are a customer (“Customer”), you may be subject to additional terms relating to your use of the Services, such as a Sales Contract or Purchase Contract.

Contact Us/Controller

The controller of your Personal Data is Miller Milling Company, LLC. You may contact our data privacy team as follows:

Physical Address	Miller Milling Company, LLC 7808 Creekridge Circle, Suite 100 Bloomington, MN 55439
Data Request (where available under applicable law):	Email privacy@millermilling.com, or call (833) 550-6050.
Marketing Choices, Direct Marketing Disclosure Requests, and Data Updates:	privacy@millermilling.com
General Inquiries	info@millermilling.com

Categories and Sources of Personal Data

Categories of Personal Data We Process

The categories of Personal Data we process may include:

Identity Data: Personal Data about you and your identity, such as your name, and other Personal Data you may provide on registration forms.

Contact Data: Identity Data used to contact an individual, e.g. email address, physical address, or phone number.

Device Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies.

User Content: Personal Data included in content provided by Users of the Service in any free-form or unstructured format, such as in a “contact us” box, free text field, in a photo, file or document, or messages.

Inference Data: Personal Data used to infer your preferences, characteristics, market segments, the products and services you use or intend to use or purchase, and your interests.

Sources of Personal Data

We collect Personal Data from various sources, which include:

You: We collect Personal Data from you directly, for example, when you input information into an online form, sign up for a list, or contact us directly.

Your Devices: We may collect certain Personal Data automatically from your devices. For example, we collect Device Data automatically using cookies and similar technologies when you use access our Sites or when you open our marketing communications.

Customers: We may process Personal Data from our Customers with whom we have a relationship, and who may provide us, or grant us access to systems providing, information about Users, personnel, account information, etc.

Service Providers: We receive Personal Data from third parties with whom we have a relationship in connection with their performance of services or processing of transactions on our behalf.

Contractors: We may receive Personal Data from individuals to whom we make available Personal Data for a business purpose pursuant to a written contract.

Data we create: We (or third parties operating on our behalf) create and infer Personal Data based on our observations or analysis of other Personal Data we process, and we may correlate this data with other data we process about you.

Data Processing Contexts / Notice at Collection

Note: please click the following links to view information on Data Retention or US State Rights for any of the processing contexts listed below.

Service Use

We automatically collect and process Device Data and Usage Data when you use our services. We use this data as necessary to initiate or fulfill your requests for certain features or functions through our Service, such as delivering pages, logging activities for security purposes, etc.

In addition, we may also process Contact Data, Identity Data, and Inference Data. We process this Personal Data as necessary to perform Services for you, to carry out fulfillment-related processing, and for our Business Purposes.

Marketing Communications

We process Identity Data, Device Data, Contact Data, and Inference Data in connection with marketing emails, or similar communications, and when you open or interact with those communications. You may receive marketing communications if you consent and, in some jurisdictions, as a result of account registration or a purchase.

We process this Personal Data to contact you about relevant Services and for our Business Purposes. Marketing communications may also be personalized or customized as permitted by applicable law. See your Rights & Choices to opt out of marketing communications.

Feedback and Surveys

We process Identity Data, Contact Data, and User Content collected in connection with Customer surveys or questionnaires. We generally process this Personal Data as necessary to respond to Customer requests/concerns, for our Business Purposes, and other legitimate interests, such as analyzing customer satisfaction.

Contact Us

We process Identity Data, Device Data, and User Content when you contact us though the Services using a “contact us” box or via email.

We process this Personal Data to respond to your request, and communicate with you, as appropriate, and for our Business Purposes. If you consent or if permitted by law, we may use Identity Data and Contact Data to send you marketing communications.

Cookies and Similar Tracking Technologies

We, and certain third parties, automatically collect and process Identity Data, Usage Data, and Device Data when you interact with cookies and similar technologies on our Services. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may also apply to these technologies and the Personal Data collected through them.

Subject to your rights & choices, we may use this information as follows:

for “essential” or “functional” purposes, such as to enable certain features of the Services;

for “analytics” and “personalization” purposes, consistent with our business interests in analyzing Users’ use of the Sites, or use by the Customer on whose behalf you use the Services. We use this data to understand how Users and Customers use the Service, how the Service performs, how Users engage with and navigate through the Service, referral sites or URLs, how often they visit our Site, and other similar information, as well as to tailor the Service based on geographic location, and understand characteristics of Users in certain locations.

Note: Some of these technologies can be used to identify you across platforms, devices, sites, and services.

Business Purposes of Processing

We and our Service Providers process Personal Data for several common business purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. We generally process Personal Data for the following “Business Purposes.”

Service Delivery

We process any Personal Data as is necessary to provide the Services, and as otherwise necessary to fulfil our obligations to you, e.g. to provide you with the information and services you request.

Internal Processes and Service Improvement

We may use any Personal Data we process through our Services as necessary in connection with our improvement of the design of our Services, understanding how our Services are used or function, for customer service purposes, in connection with the creation and analysis of logs and metadata relating to service use, and for ensuring the security and stability of the Services. Additionally, we may use Personal Data to understand what parts of our Service are most relevant to Users, how Users interact with various aspects of our Services, how our Services perform or fail to perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our Users. This processing is subject to Users’ rights and choices.

Compliance, Safety & Public Interest

Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data subject to this Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Aggregate Analytics

We process Personal Data as necessary in connection with our creation of aggregate analytics relating to how Customers, and Users use our Services, such as the products and services used, service delivery metrics, Customer trends, and to create other reports regarding the use of our Services and other similar information and metrics. The resulting aggregate data will not contain information from which and User, or Customer may be readily identified.

Personalization

We process certain Personal Data in connection with our legitimate business interest in personalizing our Services. For example, aspects of the Services may be customized to you based on your interactions with our Services and other content. This processing may involve the creation and use of Inference Data relating to your preferences.

Disclosure/Sharing of Personal Data

Service Providers and Contractors

In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share Personal Data with service providers, contractors, or subprocessors who provide certain services or process data on our behalf.

Corporate Events

Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Affiliates

In order to streamline certain business operations, share promotions and content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of a Sales Contract, or in the vital interests of us or any person.

Note: These disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

YOUR RIGHTS & CHOICES

You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law. See the following sections for more information regarding your rights/choices in certain US States/California.

Your Rights

You may have certain rights and choices regarding the Personal Data we process. See the “US State Rights” section below for rights available to you in your jurisdiction. To submit a request, contact us at privacy@millermilling.com. We verify your identity as described below.

Verification of Rights Requests

All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) and we may request additional information such as an address, phone number, or other data we have on file, in order to verify your identity. Depending on the sensitivity of the Personal Data you request and what type of request you submit, we may request additional information from you. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

Your Choices

You may have the following choices regarding the Personal Data we process, to the extent required under applicable law:

Consent/Opt-Out: If you consent to processing, you may withdraw your consent at any time. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of our Services.

Direct Marketing: You have the choice to opt-out of or withdraw your consent to marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us regarding direct marketing.

Cookies &

Similar Tech: If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies and certain similar technologies using your browser’s settings menu. You must opt out of the use of some third party services directly via the third party. For example, to opt-out of Google’s analytic services, please see the Google Analytics Opt-out.

Do-Not-Track Our Services do not respond to your browser’s do-not-track request.

Security

We implement and maintain reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and though we may enter contracts to help ensure security, we do not control third parties’ security processes. We do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.

Data Retention

We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):

Retention periods established under applicable law;
Industry best practices;
Whether the purpose of processing is reasonably likely to justify further processing;
Risks to individual privacy in continued processing;
IT systems design considerations/limitations; and
The costs associated with continued processing, retention, and deletion.

We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.

Minors

Our Services are neither directed at nor intended for use by individuals under the age of 18. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it.

Changes to Our Policy

We may change this Policy from time to time. Please visit this page regularly so that you are aware of our latest updates. Your use of the Services following notice of any changes indicates acceptance of any changes.

International Transfers

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. may not provide the same legal protections guaranteed to Personal Data in foreign countries. Contact us for more information regarding transfers of data to the U.S.

US State & California Privacy Rights & Choices

Under the California Consumer Privacy Act (“CCPA”) and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.

Confirm

– Right to confirm whether we process your Personal Data.

Access/Know

– Right to request any of following: (1) the categories of Personal Data we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the purposes for which we collected or sold/shared your Personal Data; (4) the categories of third parties to whom we have sold/shared your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

Portability

– Right to request that we provide certain Personal Data in a common, portable format.

Deletion

– Right to delete certain Personal Data that we hold about you.

Correction

– Right to correct certain Personal Data that we hold about you.

Opt-Out (Sales, Sharing, Targeted Advertising, Profiling)

– Right to opt-out of the following:

If we engage in sales of data (as defined by applicable law), you may direct us to stop selling Personal Data.
If we engage in Targeted Advertising (aka “sharing” of Personal Data or cross-context behavioral advertising,) you may opt-out of such processing.
If we engage in certain forms of “profiling” (e.g. profiling that has legal or similarly significant effects), you may opt-out of such processing.

Please note – at this time, we do not engage in process to which individuals have a right to opt-out.

Non-Discrimination

– California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.

List of Direct Marketers

– California residents may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.

Submission of Requests

You may submit requests as follows. If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at privacy@millermilling.com or call us at (833) 550-6050. We will respond to any request to appeal within the period required by law.

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, we have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:

Category of Personal Data	Category of Recipients
Identity Data	Service Providers and Contractors; Corporate Events; Affiliates; Legal Disclosure
Contact Data
Device Data
User Content
Inference Data

Categories of Personal Data Sold, Shared, or Disclosed for Commercial Purposes

For purposes of the CCPA, we do not “sell” or “share” Personal Data, or disclose it for commercial purposes (as such terms are defined in the CCPA).