We are required by law to provide to the public our W3C Compliant Privacy Policy, which we have done below. Most of it is completely unintelligible, technical nonsense. Here's what you really need to know:
We will not sell or distribute your personal information (name, address, email address, etc) for ANY REASON to ANYONE at all;
We may, if you've purchased something from us in the past and you elected to receive our newsletter, email you from time-to-time with coupons, discounts or new products;
Our store software requires cookies to be enabled in order to function. We do not use these cookies to determine anything personal about you or what you do on our site: cookies are used by the software to (1) determine whether or not you're a returning customer who has an account with us so you can use your account's express checkout, order tracking and address book features, and (2) to hold your shopping cart's contents in the cart until you check out. We can't see these cookies ourselves, though we can bake some good chocolate chip ones if you want us to;
Our store is secure. Our checkout process runs behind a 128 bit security certificate, and your credit card information is not stored on our webserver at all, but is securely transmitted directly to the card processor.
Now here's the stuff the government requires us to have here. Don't ask us what any of this means, we don't know:
We have the following privacy seals and/or dispute resolution mechanisms. If you think we have not followed our privacy policy in some way, they can help you resolve your concern.
Privacy Violations: If you feel your privacy has been violated by Norm's Market, please email support@normsmarket.com.
Additional Information
This policy is valid until 1 Jan, 2008 at 12:00:00 PST.
Data Collection
P3P policies declare the data they collect in groups (also referred to as "statements"). This policy contains 5 data groups. The data practices of each group will be explained separately.
Group "Access log information"
We collect the following information:
Click-stream data
HTTP protocol elements
This data will be used for the following purposes:
Completion and support of the current activity.
Web site and system administration.
Research and development.
This data will be used by ourselves and our agents.
The following explanation is provided for why this data is collected:
Our Web server collects access logs containing this information.
Group "Cookies"
We collect the following information:
HTTP cookies
This data will be used for the following purposes:
Research and development.
One-time tailoring.
This data will be used by ourselves and our agents.
The following explanation is provided for why this data is collected:
Cookies are used to track visitors to our site, so we can better understand what portions of our site best serve you. We also use cookies to allow our server to maintain information about the contents of your shopping cart.
Group "Transaction info (required)"
We collect the following information:
Physical contact information
Online contact information
Demographic data
Purchase information
This data will be used for the following purposes:
Completion and support of the current activity.
Research and development.
This data will be used by ourselves and our agents. In addition, the following types of entities will receive this information:
Delivery services.
The following explanation is provided for why this data is collected:
Information we collect in order to process your purchase.
Group "Transaction info (optional)"
At the user's option, we will collect the following data:
Physical contact information
Online contact information
Demographic data
Purchase information
This data will be used for the following purposes:
Contacting visitors for marketing of services or products.
This data will be used by ourselves and our agents. In addition, the following types of entities will receive this information:
Delivery services.
The following explanation is provided for why this data is collected:
Information we collect in order to process your purchase.
Group "eCommerce"
We collect the following information:
HTTP cookies
Transaction history
Client's IP address or hostname
User's Name
User's Home Contact Information
This data will be used for the following purposes:
Anonymous user analysis.
Anonymous user profiling and decision-making.
Contacting visitors for marketing of services or products.
Telemarketing.
This data will be used by ourselves and our agents. In addition, the following types of entities will receive this information:
Delivery services.
The following explanation is provided for why this data is collected:
Our Shopping Cart software uses a cookie to keep track of which items are in your cart at any given time. Our statistics software tracks the total amount of unique users on our website each week, access attempts for individual pages on the site, which type of web browser users are using, and which search engine they came from, if any. Certain portions of the site may allow users to post personal information for the public to see. In these instances, the user must agree to post their information in a public area.
Cookies
Cookies are a technology which can be used to provide you with tailored information from a Web site. A cookie is an element of data that a Web site can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it.
Our site makes use of cookies. Cookies are used for the following purposes:
Contacting users
User targeting
Pseudononymous analysis
Pseudonym-based decision-making
Research and development
Compact Policy Summary
The compact policy which corresponds to this policy is:
CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONa TELa OUR DELa STP BUS IND PHY ONL UNI PUR COM NAV INT DEM STA"
The following table explains the meaning of each field in the compact policy.
Field
Meaning
CP=
This is the compact policy header; it indicates that what follows is a P3P compact policy.
CAO
Access is available to contact and other information.
DSP
The policy contains at least one dispute-resolution mechanism.
COR
Violations of this policy will be corrected.
CURa
The data is used for completion of the current activity.
ADMa
The data is used for site administration.
DEVa
The data is used for research and development.
TAIa
The data is used for tailoring the site.
PSAa
The data is used for pseudononymous analysis.
PSDa
The data is used for pseudononymous decision-making.
CONa
The data is used for contacting the user.
TELa
The data is used for telemarketing.
OUR
The data is given to ourselves and our agents.
DELa
The data is given to delivery services.
STP
The data is kept for the stated purpose only.
BUS
Our business practices specify how long the data will be kept.
IND
The data will be kept indefinitely.
PHY
Physical contact information is collected.
ONL
Online contact information is collected.
UNI
Unique identifiers are collected.
PUR
Purchase information is collected.
COM
Computer information is collected.
NAV
Navigation and clickstream data is collected.
INT
Interactive data is collected.
DEM
Demographic and socioeconomic data is collected.
STA
State-management data is collected
The compact policy is sent by the Web server along with the cookies it describes. For more information, see the P3P deployment guide at http://www.w3.org/TR/p3pdeployment.
Policy Evaluation
Microsoft Internet Explorer 6 will evaluate this policy's compact policy whenever it is used with a cookie. The actions IE will take depend on what privacy level the user has selected in their browser (Low, Medium, Medium High, or High; the default is Medium. In addition, IE will examine whether the cookie's policy is considered satisfactory or unsatisfactory, whether the cookie is a session cookie or a persistent cookie, and whether the cookie is used in a first-party or third-party context. This section will attempt to evaluate this policy's compact policy against Microsoft's stated behavior for IE6.
Note: this evaluation is currently experimental and should not be considered a substitute for testing with a real Web browser.
Unsatisfactory policy: this compact policy is considered unsatisfactory according to the rules defined by Internet Explorer 6. The behavior of Internet Explorer 6 regarding cookies set under this compact policy is as follows:
First-party usage
Third-party usage
Persistent Cookies
Low: Policy satisfactory at this level; cookies will be accepted.
Medium: Opt-out is not provided for all unsatisfactory purposes and recipients, so the cookie will be downgraded to a session cookie.
Medium High: No opt-out is provided, so the cookie will be blocked.
High: Since opt-in is not required, the cookie will be blocked.
Low: Opt-out is not provided for all unsatisfactory purposes and recipients, so the cookie will be downgraded to a session cookie.
Medium: Opt-out is not provided for all unsatisfactory purposes and recipients, so the cookie will be blocked.
Medium High: Since opt-in is not required, the cookie will be blocked.
High: Since opt-in is not required, the cookie will be blocked.
Session Cookies
Low: Policy satisfactory at this level; cookies will be accepted.
Medium: Policy satisfactory at this level; cookies will be accepted.
Medium High: Policy satisfactory at this level; cookies will be accepted.
High: Since opt-in is not required, the cookie will be blocked.
Low: Policy satisfactory at this level; cookies will be accepted.
Medium: Opt-out is not provided for all unsatisfactory purposes and recipients, so the cookie will be blocked.
Medium High: Since opt-in is not required, the cookie will be blocked.
High: Since opt-in is not required, the cookie will be blocked.
A policy which is considered unsatisfactory by Internet Explorer 6 contains certain categories of data which are used or shared in a particular manner. This policy is placed in the unsatisfactory category, because the following categories of data are associated with this policy's cookies:
Physical contact information is collected.
Online contact information is collected.
In addition, the data is used in the following manner, marking the policy as unsatisfactory:
The data is used for contacting the user.
The data is used for telemarketing.
Note that allowing an opt-out will make this policy acceptable under the Low and Medium settings, and under Medium High for first-party cookie usage. At the High setting, and at the Medium High setting for third-party cookies, all of these data uses must be opt-in for the policy to be considered satisfactory.
