Accessibility Statement

Buy One, Get One 50% off
Mother's Day Gift Box 25-Pack. Shop Now

Search
Search
Begin typing to search, use arrow keys to navigate, Enter to select
Advanced Search
Cart

Baked By Melissa's Privacy Policy

Effective date: April 2, 2025

Notice At Collection

At Baked by Melissa, your privacy matters to us. This summary gives a brief explanation of how we collect, use, share, and protect your personal information when you use any of our products and services.

  1. What We Collect: We collect details like your name, contact info, info on your interaction with our website and preferences to improve your experience. Click here to view the full details on personal information we collect.
  2. How We Use It: We use your information to deliver products and services to you, market to you, provide better services, updates, and for other related purposes. Click here view the full details on how we use your personal information.
  3. Who We Disclose Information To: We may disclose your information with trusted partners and service providers to deliver products and services to you and otherwise improve your experience; we may also disclose your information when required by law. For more information, click here.
  4. Your Right to Opt Out from Sale/Sharing Your Data: Some of our information practices may be defined as “sale” or “sharing” under applicable laws. Specifically, we use cookies and other technologies for targeted advertising and analytics to deliver personalized, interest-based advertising to you. You can opt out at any time. Click here to begin opt out.
  5. Your Choices: You have control over your information. Depending on where you live, the laws afford you certain privacy rights, including the ability to access, delete, or opt out of certain personal information uses. To exercise your rights, please email us at [email protected].

For more details, please review our full Privacy Policy below or email us at [email protected] with any questions.

Table of Contents

  1. (A) Scope and Overview
  2. (B) Personal Information We Collect
  3. (C) Categories Of Sources From Which We Collect Personal Information
  4. (D) Business and Commercial Purposes of Collecting Personal Information From Consumers
  5. (E) Disclosure of Personal Information to Our Service Providers
  6. (F) Categories Of Personal Information We Have Sold Or Shared In The Preceding 12 Months; Categories of Third Parties To Whom Such Information Was Sold Or Shared
  7. (G) Information on Consumers Under The Age of Sixteen (16)
  8. (H) Our Use of Consumers' Sensitive Personal Information
  9. (I) Cookies and Similar Technologies
  10. (J) How Long Your Personal Information Will Be Kept
  11. U.S. Consumers Privacy Rights
  12. Notice To Residents Of Jurisdictions Other Than United States
  13. Managing Your Privacy Rights and Choices
  14. Global Opt Out Preference Signal
  15. Keeping Your Personal Information Secure
  16. Other Websites
  17. Disclaimer/Limitation of Liability For Data Input Errors
  18. Changes To Our Privacy Policy
  19. Contact Information

(A) Scope and Overview

Baked by Melissa (“Baked by Melissa, “we” or “us”) is dedicated to safeguarding and honoring your privacy. This Privacy Policy outlines our practices of collecting and handling personal information that we obtain from various sources such as customers, potential customers, website visitors, store visitors, suppliers, vendors, service providers, contractors, consultants, and other third parties (“you” or “your”).

This Privacy Policy applies to personal information collected on or via Baked by Melissa’s website, www.bakedbymelissa.com (“Website”), as well as personal information collected in any other manner from your interactions with us online or offline (e.g., in person). When referring to all the possible means by which we interact with you, we use the term our “Platform”. The term "personal information" used in this Privacy Policy refers to information that is linked or reasonably linkable to an identified or identifiable individual.

The data controller or business in charge of operating Baked by Melissa’s Platform is Baked by Melissa, LLC, located at 133 W 19th Street, 2nd Floor, New York, NY 10011, USA. To contact us with questions about this Privacy Policy, please see the Contact Information section below.

BY INTERACTING WITH US AND/OR OUR PLATFORM IN ANY MANNER, YOU ACKNOWLEDGE THAT YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THIS POLICY, AND YOU HEREBY CONSENT THAT WE WILL COLLECT, USE, AND SHARE YOUR INFORMATION IN THE FOLLOWING WAYS UNLESS OTHERWISE REQUIRED BY LAW. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT INTERACT WITH THE PLATFORM AND NAVIGATE AWAY FROM THE WEBSITE. IF YOU USE OR INTERACT WITH THE PLATFORM ON BEHALF OF ANOTHER INDIVIDUAL OR ENTITY (SUCH AS YOUR EMPLOYER), YOU REPRESENT THAT YOU ARE AUTHORIZED BY SUCH INDIVIDUAL OR ENTITY TO ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL’S OR ENTITY’S BEHALF. YOU REPRESENT AND WARRANT THAT THE INFORMATION THAT YOU ARE INPUTTING IS ACCURATE.

(B) Personal Information We Collect

We collect personal information for the purposes of providing our products and services to you and for related business purposes disclosed in this Privacy Policy. The types of personal data relating to you that we may collect, and the purposes for which we process this data, depends on the nature of your interaction with us.

In particular, we may have collected the following categories of personal information from consumers within the last twelve (12) months:

Categories of Data Collected Examples of Datapoints Collected
A. Identifiers This may include your real name, alias, postal address, zip code, online identifier, Internet Protocol address, email address, or other similar identifiers. This may also include any information you provide to us about other people, such as personal information for gift recipients.
B. Personal information described in the California Consumer Records Act, Section 1798.80, subdivision (e). We collect your name, address, telephone number and information as to your current employment (for example, if you are making a purchase on behalf of a business). If you choose to make a purchase from us, our service provider(s) will collect your financial information to process the transaction. We will collect the last four digits of your credit card number, along with the expiration month and year, in order to display it to you if you want to confirm which payment method you had used. If you make a purchase for a gift recipient, we will collect from you the personal information the information for such gift recipient, such as their name, e-mail address, and shipping address, will be used solely for processing and delivering the gift.
C. Protected classification characteristics under state or federal law. Age (birthday).
D. Commercial Information Records of goods/services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, user communications, feedback and recommendations.
E. Internet or other similar network activity Information on a user’s interaction with a website or advertisement; such as browsing history or search history; any actions you make on the Website; interaction with hyperlinks, widgets and other features of the Website, and device information (such as operating system and its versions, device model, operating system settings, unique device identifiers, crash data, software and hardware attributes), cookies and similar technologies.
F. Geolocation data Approximate geolocation data (such as city and state from which your device is accessing our Website), time zone, and language settings. We do not collect precise geolocation.
G. Professional of Employment-Related Information We may receive information as to which company you are employed or affiliated with, for example when you make an order on behalf of a company. Providing this information is optional and is limited to your current employment or professional affiliation.
K. Inferences drawn from other personal information. Information to create a profile about a consumer reflecting a consumer’s preferences or trends, such as your purchase history, wish list and marketing preferences

(C) Categories Of Sources From Which We Collect Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you or your representatives. For example, information that our customers provide to us related to a transaction.
  • Operating systems and platforms. For example, we collect information about your device’s interaction with our Website.
  • Our vendors. For example, we may receive personal information from our vendors to fulfil transactions. If you interact with Apple, Google, or any other platform or social media account while using our services, we may receive information from your account, including your name, profile picture, email address, and any information defined as public pursuant to the policies of such platforms.
    • Payment Processors. When you pay for orders using a credit card or other payment method for our products and services, your credit card or other payment information is collected and processed by our payment processor vendors. For example, if you pay with a credit card, the payment information that you provide is transmitted directly to our payment processor. We may receive certain information about your payment card from our payment processors, such as the last 4 digits of your card number, in order to display this information to you so that you now which credit card you had used to pay for your order.

(D) Business and Commercial Purposes of Collecting Personal Information From Consumers

Baked by Melissa collects and processes your personal information as needed to sell and deliver goods, deliver marketing and advertising messages, promote our events, and to meet our contractual and other legal obligations.

We may use Your personal information for the following business purposes:

  • To process your orders and transactions.
  • To fulfill and manage purchases, orders, deliveries, and payments.
  • To provide information related to goods, services, promotions, special offers, or other relevant information through our Website and/or trusted partners.
  • To deliver to you electronic coupons or offers, newsletters, in-store receipt messages, emails, mobile messages, advertising and social media notifications.
  • To provide interactive features of the Website, such as product reviews, send marketing communications and other information regarding products, services and promotions.
  • To assist our customer service department with resolving issues.
  • To identify and prevent fraud.
  • To respond to legal/regulatory inquiries.
  • To improve our goods and services offerings.
  • As part of processing requests for information, feedback and reviews of products and services and our Website.
  • To respond to your requests for information, including about our products/services.
  • To communicate to you and your authorized representatives the information on goods, services, experiences, and other special offers we believe may be of genuine interest to you.
  • To market and promote Baked by Melissa brand.
  • For testing, research, analysis, and development of products and service offerings.
  • To operate and improve online services and customer experiences.
  • To personalize online and offline content.
  • To improve the accuracy of potential or current Baked by Melissa records.
  • To provide features to simplify user experience upon return to our Website (for example, keeping items in your cart even if you navigate away from our Website).
  • For internal administration, data analysis, billing, and detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement.
  • As necessary or appropriate to protect the rights, property or safety of Baked by Melissa, our clients or others, including system and network administration and security, infrastructure monitoring, identity and credential management, verification and authentication, and access control, monitoring and other controls needed to safeguard the security and integrity of transactions and/or recordation of information.
  • To host, store and otherwise process information needed for business continuity and disaster recovery.
  • To respond to law enforcement requests and subpoenas from law enforcement agencies and courts in the United States, and as required by applicable law, court order, or governmental regulations.
  • To comply with laws and to assist law enforcement as may be needed.
  • To evaluate or conduct a merger, reorganization, dissolution, or other sale or transfer of some or all of our assets, or similar corporate transaction or proceeding, in which personal information held by us is among the assets transferred.
  • To assess our compliance obligations under the data privacy laws.
  • To determine how customers in different jurisdictions interact with our Website and product offerings.
  • As described to you when collecting your Personal Information or as otherwise set forth in the California Consumer Privacy Act (CCPA).

We may also process Your personal information for the following commercial purposes:

  • Analyze traffic on our Website and on the sites of third parties.
  • For interest-based advertising.
  • For conducting research and analysis.
  • For cross-context and cross-device linking.
  • To identify and share advertising that is relevant to you based on your preferences, patterns of interaction with our Website or advertising, and location that enables us to deliver more relevant marketing and advertising to you on our Website and on third party sites and applications.
  • Evaluate and optimize your use of our Platform and the advertising you see and/or with which you interact.

(E) Disclosure of Personal Information to Our Service Providers

In order to fulfill the purposes identified in Section D above, we partner with service providers. For example, we may partner with service providers to (a) manage a database of customer information; (b) assist us in distributing e-mails; (c) assist us with direct marketing and data collection; (d) provide data storage and analysis; (e) provide fraud prevention; (f) provide customer service; (g) provide order fulfillment and/or delivery services; and (h) provide other services designed to assist us in developing and running our Platform and maximizing our business potential. We may disclose your personal information to a service provider for a disclosed business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the service provider to both keep that personal information confidential and not use it for any purpose except performing the contract. In addition to service providers, we work with third parties for targeted advertising and analytics for commercial purposes, as discussed in Section E below.

Information Processed by Our Service Providers:

Below you can find a list of the categories of our service providers by whom personal data may be processed or transferred to and for what purposes.

Categories of Recipient/Services Business Purpose Categories of Information Processed
Customer Service, Database Management and Communication, Order fulfillment and delivery.
  • To provide customer service and communicate with you concerning your orders or questions.
  • To reach out to you with our newsletter, surveys and notifications
  • To obtain customer feedback.
  • To deliver information to you of commercial and promotional nature
  • To process and fulfill your orders and to deliver products to you
  • Identifiers, such as name and email address
  • Personal information described in the California Consumer Records Act, Section 1798.80, subdivision (e)
  • Protected classification characteristics under state or federal law
  • Commercial Information
  • Internet or other similar network activity
  • Identifiers, such as name and email address
  • Commercial Information
Payment processors; fraud prevention
  • To collect and process payments for goods or services purchased
  • Identifiers
  • Personal information described in the California Consumer Records Act, Section 1798.80, subdivision (e)
  • Protected classification characteristics under state or federal law
  • Commercial Information
  • Professional of Employment-Related Information
  • Internet or other similar network activity
Infrastructure and storage
  • Secured storage of personal data when you use our services or purchase products from us.
  • Backup of all data
  • Data management
  • Technical support
  • Authentication and authorization services
  • Identifiers
  • Personal information described in the California Consumer Records Act, Section 1798.80, subdivision (e)
  • Protected classification characteristics under state or federal law
  • Commercial Information
  • Internet or other similar network activity
  • Geolocation data
  • Professional of Employment-Related Information
  • Inferences drawn from other personal information.
Features providers
  • To make available additional features of our services
  • Identifiers
  • Personal information described in the California Consumer Records Act, Section 1798.80, subdivision (e)
  • Protected classification characteristics under state or federal law
  • Commercial Information
  • Professional of Employment-Related Information
  • Internet or other similar network activity

(F) Categories Of Personal Information We Have Sold Or Shared In The Preceding 12 Months; Categories of Third Parties To Whom Such Information Was Sold Or Shared

While under most circumstances Baked by Melissa’s information practices do not involve the sale or sharing of consumer personal information, some consumer privacy laws broadly define these and similar terms. Like many companies, we use services that help deliver interest-based ads to you and may transfer personal information to business partners for their use. Making information such as online identifiers or browsing activity available to these companies may be considered a “sale” or “sharing” under some laws. For example, according to California consumer privacy law, a “sale” includes disclosing, making available or communicating personal information to a third party (except our service providers or contractors) in exchange for monetary or other valuable consideration. “Sharing” includes disclosing, making available or communicating personal information to a third party for cross-context behavioral advertising, whether or not for any monetary or valuable consideration.

Certain of our services to you may be deemed a “sale” or “sharing” under applicable law. For example, Baked by Melissa may share the information it collects with third parties, such as data management companies, analytics companies (e.g. Google Analytics), chat providers, promotions vendors, and data enhancement services. We utilize third party services for the commercial purposes discussed in Section D of this Policy.

In the preceding 12 months, we have sold or shared to third parties the following categories of personal information:

Categories Of Third Parties To Whom The Information Was Sold Or Shared Purposes of Sale or Sharing Categories of Personal Information Sold or Shared
Analytics and advertising companies (like ad servers, advertising agencies, technology vendors, providers of sponsored content, and others)
  • Analytics and support, specifically, to track the performance of our Website, to understand our target audiences better and tailor our content strategies accordingly.
  • To generate personalized advertisements or content. Our advertising partners build a profile of your interests using your interactions on our Platform together with personal information you have provided to them elsewhere.
  • Identifiers
  • Personal information described in the California Consumer Records Act, Section 1798.80, subdivision (e)
  • Protected classification characteristics under state or federal law
  • Commercial Information
  • Internet or other similar network activity
  • Geolocation data
  • Professional of Employment-Related Information
  • Inferences drawn from other personal information.

Baked by Melissa does not knowingly sell or share the personal information of known minors under 16 years of age and has no actual knowledge of such sale or sharing occurring.

Consumers have the right to opt out of the sale and sharing of personal information. To exercise this right, please follow the instructions on our Do Not Sell or Share My Personal Information link.

(G) Information on Consumers Under The Age of Sixteen (16)

Consistent with the Children's Online Privacy Protection Act of 1998 (“COPPA”), we do not, and will never knowingly, request personal information from anyone under the age of 13 online without prior verifiable parental consent. As a policy, no person under the age of 18 is permitted to interact with Baked by Melissa’s Platform.

We do not knowingly collect any personal information from visitors or users of our Platform who are under the age of 16. If you are under 16, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Policy by instructing their children to never provide personal information through the Internet without their permission. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us using the CONTACT INFORMATION below, and we will endeavor to delete that information from our databases.

Baked by Melissa does not intentionally sell or share the personal information of minors under 16 years of age and does not have any actual knowledge of any such sale or sharing.

For parents and guardians, we urge you to repeatedly discuss with your children the risks of giving personal information to anyone (online or in person) whom they do not personally know. For additional tips on how to help children stay safe on the internet, please see the Federal Trade Commission’s Consumer Advice website available at: a href="https://consumer.ftc.gov/identity-theft-and-online-security/protecting-kids-online">https://consumer.ftc.gov/identity-theft-and-online-security/protecting-kids-online.

(H) Our Use of Consumers’ Sensitive Personal Information

Baked by Melissa does not process sensitive personal information on our customers, potential customers, visitors to our Platform or consumers that interact with us in person at events or our stores. To the extent that you submit your financial information for the purposes of making a purchase from us, payments are processed by our service providers and Baked by Melissa only receives information on the last four digits of the payment account and the expiration month and year of the card you used. We receive this information in order to be able to show to you which payment account You used to make a purchase from us.

(I) Cookies and Similar Technologies

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings when accessing and interacting with our Website, combating fraud, analyzing how our Website performs, customizing advertisements, and fulfilling other legitimate purposes. We also may use “web beacons” to help deliver cookies and gather usage and performance data. Our Website may include web beacons, cookies, or similar technologies from third party service providers.

You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies.

(J) How Long Your Personal Information Will Be Kept

We will keep your personal information while you have an account with us or while we are providing goods or services to you. Thereafter, we will keep your personal information for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf.
  • To comply with legal obligations and to enforce our rights.
  • To show that we treated you fairly.
  • To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of personal information.

U.S. CONSUMERS PRIVACY RIGHTS

Depending on your state of residence, you have certain rights with respect to your personal information that we collect and use. These may include:

Right to Know - the right to know what personal information the business has collected about the consumer, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of personal information the business has collected about the consumer.

You may also have the right to request that we transfer information about you to a third party. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • If requested by you, we will provide you with a copy of the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.
  • You also have the right to request us to correct inaccurate information and to limit the use and disclosure of sensitive personal information.

Right to Delete - the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you employer requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your or your employer’s relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you or your employer provided it.

Right to Correct - the right to request that we update any information about you that is inaccurate or incomplete. Once we receive and confirm your verifiable consumer request, we will update (and direct our service providers to update) your personal information in our records. You also have the right to require us to restrict processing of your personal information in certain circumstances, e.g. if you contest the accuracy of the personal information.

Right to Opt-Out of the Sale or Sharing of Personal Information - the right to opt-out of the sale or sharing of their personal information by us. Once we receive and confirm your verifiable consumer request, we will no longer sell or share your personal information.

Right to Opt-Out of Automated Decision Making – you have the right to opt-out of automated decision making, including profiling, against information we have collected about you.

Right to Limit the Use or Disclosure of Sensitive Personal Information - the right to request that we limit our use of your sensitive personal information to that which is necessary to perform the services or provide the goods that you reasonably expect of us, with some narrowly tailored exceptions. Baked by Melissa does not process any sensitive personal information.

Right to Non-Discrimination – We will not discriminate or retaliate against you for exercising any of your privacy rights. In that regard, we will not take the following actions in response to your exercising of your privacy rights, unless permitted by the applicable laws:

  • Deny you products or services.
  • Charge you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of services.
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

Promotional Offers - If you do not wish to receive our email promotional offers, you may opt-out by checking the relevant box when we collect your information, logging into your account to update your preferences, or clicking on the “unsubscribe” link found in emails we send to you. Please allow up to ten (10) business days for changes to your email preferences to take effect. During that time, you may continue to receive email communications from us that were already in process. Opting out of receiving our communications will not affect your receipt of service-related communications, such as payment confirmations and delivery status updates, notifications if we have a data breach, or other such communications for which we have a legal obligation to inform you and/or to prevent fraud or harm to our Website, our business, our service providers and/or third parties.

NOTICE TO RESIDENTS OF JURISDICTIONS OTHER THAN UNITED STATES

The server on which our Platform is hosted and/or through which the services are processed may be outside the country from which you access them and may be outside your country of residence. Our computer systems are based in the United States. If you reside in other jurisdictions and if you visit our Platform or subscribe to our services, we may collect and process your personal data in the United States, where data protection and privacy regulations may or may not be equal to the level of protection as in other parts of the world. BY VISITING OUR PLATFORM OR SUBSCRIBING TO OUR SERVICES, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF YOUR PERSONAL INFORMATION COLLECTED OR OBTAINED BY US THROUGH YOUR VOLUNTARY SUBMISSIONS, AND THAT UNITED STATES LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.

If you are a resident of a jurisdiction other than United States, please be aware that the laws of your jurisdiction may confer upon you similar or additional rights with respect to your personal information compared to the rights outlined in this Privacy Policy. To learn more about your specific rights and how to exercise them, we encourage you to contact us at [email protected]. Your privacy is important to us, and we are dedicated to assisting you in understanding and exercising your privacy rights.

MANAGING YOUR PRIVACY RIGHTS AND CHOICES

Exercising Your Rights

To exercise the rights described above, please submit your request to us by either: Email: [email protected] Postal Address: Baked by Melissa, LLC 336 Forest Ave Amsterdam, NY 12010

Before responding to your privacy rights request, we must verify your identity. We will do so by matching at least two reliable data points from your request to the information that we maintain about you. For certain more sensitive personal information, we may require further verification, including obtaining the consumer’s signed declaration under penalty of perjury to further confirm that the requestor is the consumer. Once you contact us to exercise your rights, we will further guide you as to our verification process.

You may be limited in the number of verifiable consumer requests for access or data portability in any given 12-month period (for example, twice per 12-month period for California residents). The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or a legally authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Authorized Agents

Only you or a person that you or your employer authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may use an authorized agent to submit a privacy rights request on your behalf if you provide the authorized agent a written permission signed by you. We may also require you to do either of the following:

  1. Verify your own identity directly with us.
  2. Directly confirm with us that you provided the authorized agent permission to submit the request.

We may deny a request from an authorized agent if the agent cannot/does not provide to us your signed permission demonstrating that they have been authorized by the consumer to act on your behalf or if you do not confirm to us that you provided the authorized agent permission to submit the request.

The requirement to obtain and provide written permission from the consumer does not apply to requests made by an opt-out preference signal.

Response Timing and Format

We will acknowledge your request no later than ten (10) business days after receiving your request to delete, request to correct, or request to know and provide information about how we will process the request. The information provided shall describe in general our verification process and when you should expect a response, except in instances where we have already granted or denied the request.

We shall respond to a verifiable consumer request within the time period permitted by the applicable law, which is usually 45 days in the United States and 30 days in certain other countries. For example, if you are a European Resident, we will respond within 30 days of receiving your written request. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. For California residents, any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. For example, in cases where requests from a consumer are distinctly unsubstantiated or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, in our discretion, taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request altogether.

Under certain circumstances, we may deny your request for the reasons permitted by the applicable law, which we will specifically identify for you. You have the right to appeal our denial of a rights request. If Baked by Melissa denies or does not take action on your request of a consumer, we shall inform you without undue delay and at the latest, within forty-five (45) days after receipt of your request, of the reasons for not taking action and instructions for how to appeal our decision. Please see more information on the Appeal Process below.

Appeal Process

Baked by Melissa has an internal process whereby you may appeal a refusal to take action on a request to exercise any of the rights above within the controller thirty (30) days after your receipt of the notice sent us informing you that we have rejected your request. If you would like to appeal a denial of a rights request, please contact us via email at [email protected].

Within forty-five days after receipt of an appeal, we will inform you of any action taken or not taken in response to the appeal, along with a written explanation of the reasons in support of the response. We may extend the forty-five-day period by sixty additional days where reasonably necessary, taking into account the complexity and number of requests serving as the basis for the appeal. We will inform you of an extension within forty-five days after receipt of the appeal, together with the reasons for the delay.

Grievances and Complaints

California residents: Under California Civil Code Section 1789.3, residents of California who use this Website are entitled to know that they may file grievances and complaints with: (by mail) Department of Consumer Affairs Consumer Information Center 1625 North Market Blvd., Suite N 112 Sacramento, CA 95834 (or by telephone): Main: (800) 952-5210 Hearing-impaired persons: 711, or 1-800-735-2929 (TTY) California Relay Service: 1-800-735-2922 (Voice)

Colorado residents: Under Colorado’s Revised Statutes C.R.S. § 6-1-1306, you have the ability to contact the attorney general if you have concerns about the result of the Appeal Process described above: Office of the Attorney General Colorado Department of Law Ralph L. Carr Judicial Building 1300 Broadway, 10th Floor Denver, CO 80203 (720) 508-6000

Connecticut Residents: Under Connecticut’s General Statutes, Conn. Gen. Stat. § 42-518, you have the right to contact the Attorney General and submit a complaint if you are not satisfied with the results of the Appeal Process described above, using the following link: https://portal.ct.gov/ag/common/complaint-form-landing-page.

Indiana Residents: Under Indiana Code IC 24-15-3-1, you have the right to contact the Attorney General and submit a complaint if you are not satisfied with the results of the Appeal Process described above, using the following link: https://www.in.gov/attorneygeneral/consumer-protection-division/file-a-complaint/.

GLOBAL OPT OUT PREFERENCE SIGNAL

Global Opt-Out Preference Signal or Global Privacy Control (GPC) is a feature available in some web browsers that allows users to communicate their preference for not being tracked across websites. Currently, only certain internet browsers (DuckDuckGo, Brave, Mozilla Firefox) or a separately installed plug-in enable universal opt-out signals. While the Global Privacy Control and universal opt-out signals are still developing, we are monitoring the status of implementation and are consistently configuring our Website to honor consumer’s opt-out signals.

Processing this signal typically involves several steps, including: Receipt and verification of the signal: When we first receive the opt-out preference signal from the consumer, we will verify that it is authentic and valid. This may involve confirming the identity of the consumer, ensuring that the signal was sent from a valid email or other contact address, or using other methods to ensure that the signal is legitimate.

Updating data systems: Once the opt-out preference signal has been verified, we will update our data systems to reflect the consumer's preferences. This may involve adding your name and contact information to a "do not contact" list or other database or marking your existing record in a customer relationship management (CRM) system as opted-out.

Communicating changes to relevant parties: If your opt-out preference signal affects other parties who have access to your personal information, such as third party service providers or partners, we will communicate the changes to those parties and ensure that they also update their data systems accordingly.

Compliance monitoring: We will monitor our data systems and processes to ensure ongoing compliance with your opt-out preference signal. This may involve periodically reviewing our data systems to ensure that your preferences are being respected and taking corrective action if necessary.

If you want to turn on Global Privacy Control on your browser, you can follow these steps:

  1. Open your web browser and go to the settings or preferences menu. The location of this menu may vary depending on the browser you are using.
  2. Look for the "Privacy" or "Security" section in the settings or preferences menu.
  3. Scroll down to find the option for "Global Privacy Control" or "Do Not Track."
  4. Toggle the switch to turn on Global Privacy Control. In some browsers, you may need to check a box or select a radio button to enable this feature.
  5. Once Global Privacy Control is turned on, your browser will send a signal to websites that you do not want to be tracked. However, it's important to note that not all websites may honor this signal, and some may continue to track your activity.
  6. To verify that Global Privacy Control is working, you can visit the website https://globalprivacycontrol.org/ and check if it displays a message indicating that your browser is sending the "Do Not Track" signal.

By turning on Global Privacy Control on your browser, you can have greater control over your online privacy and limit the amount of information that websites and advertisers can collect about you

KEEPING YOUR PERSONAL INFORMATION SECURE

We strive to keep your personal information confidential and safe. Baked by Melissa has reasonable technical, physical and administrative security measures in place to prevent personal information from being accidentally lost or used or accessed without authorization. These measures offer appropriate reasonable security level, considering the state of the technology, the implementation costs and also the nature, the scale, the context and the processing purposes. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. The measures are also intended to prevent unnecessary collection and further processing of personal information. The personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

All payment transactions will be handled through our third party payment processors, and we will only have access to the last four digits of the payment account and the expiration month and year of the card you used. We do not have access to any other financial data.

Unfortunately, despite our best efforts, the transmission of data over the Internet cannot be guaranteed to be 100% secure. While we will use reasonable means to ensure the security of information you transmit through the Platform, any transmission of personal information is at your own risk. We cannot guarantee that such information will not be intercepted by third parties, and we will not be liable for any breach of the security of your personal information resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism, and we are not responsible for unauthorized circumvention of any privacy settings or security measures contained on the Website.

OTHER WEBSITES

Our Website may contain links or references to websites operated by third parties, or you may have come to our Website using a link found in another website. We do not endorse these websites or the goods or services they provide and do not make any representations or warranties about any website that may be linked to our Website. Such other websites are independent from us, and we have no control over, or responsibility for, their information, products or activities. Our privacy practices may differ from those of these other websites. If you provide personal information at one of these third party websites, you are subject to the privacy policy of the operator of that website, not our Privacy Policy. Please make sure you understand the other website's privacy policy before providing such website with any personal information.

If you use a third party website or application (e.g. Facebook, Google +, X) to access our Website or your account on our Website, your activities on such third party sites or apps are governed by the privacy practices of those sites or apps. The privacy policies of other sites and apps may differ significantly from ours, and we have no control over the operation of those sites or apps or the manner in which the collect, store, or process data.

DISCLAIMER/LIMITATION OF LIABILITY FOR DATA INPUT ERRORS

Baked by Melissa is not responsible for any errors that are made by you in inputting data, nor for data entered by someone using your credentials. PLEASE SECURE YOUR CREDENTIALS AND DO NOT DISCLOSE THEM TO ANYONE ELSE. If your credentials are compromised, please notify us at [email protected].

Under no circumstances shall Baked by Melissa be liable to you, including but not limited to any liability for the system not being available for use, for lost or corrupted data, for errors in the documentation provided to you, if any, or for the failure of data archiving. Except as expressly agreed, Baked by Melissa will not be liable for any consequential, special, indirect, or punitive damages, even if advised of the possibility of such damages, or for any claim by any third party.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Policy at our discretion and at any time. When we make changes to this Policy, we will notify you of a material revision using the manner we regularly interact with you, such as by email or through a notice on our Website’s homepage. You will also be able to determine the date that our current Policy has become effective, by viewing the Effective Date at the top of this document.

CONTACT INFORMATION

Our privacy program is managed by Baked by Melissa’s legal team. If you have any questions or comments about this Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under this Policy, please do not hesitate to contact us at:

Email: [email protected] Phone: (844) 913-7160 Postal Address: Baked by Melissa, LLC 133 W 19th Street, 2nd Floor New York, NY 10011, USA