Alchemy Farms Privacy Policy

Last Modified : 20th September 2025

Version 1.0

Introduction

Welcome to Alchemy Farms! We operate a farm store and website based in Barbados that offers vegetables, meats, subscription boxes, farm tours, and an informational blog. We value your privacy and are committed to protecting your personal information in accordance with industry best practices and applicable laws. This Privacy Policy explains what information we collect from you, how we use and safeguard it, the choices and rights you have, and the measures we take to protect your data. Alchemy Farms adheres to the Barbados Data Protection Act 2019-29, a law closely aligned with the European Union’s GDPR, ensuring robust standards for processing and protecting personal data. By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our site and services.

Information We Collect

We collect only the information necessary to provide you with our products and services. The types of data we may collect include:

  • Personal Information: When you create an account, place an order, subscribe to our newsletter, or contact us, we may collect identifiers such as your name, email address, mailing address, telephone number, and account login credentials. This information helps us to identify you, communicate with you, and fulfill your orders or requests. For instance, if you sign up for a farm tour or membership, we will collect your contact details to schedule and confirm your booking.
  • Payment Information: If you make a purchase, our third-party payment processors will collect your payment details. For credit card transactions, you will input your card number, expiration date, and CVV on a secure payment form. Alchemy Farms itself does not receive or store your full credit card details – we rely on PCI-compliant payment providers to handle card transactions securely. (We may retain limited information such as the last four digits of your card or transaction IDs for record-keeping.) If you choose to pay with cryptocurrency (e.g. Bitcoin, Ethereum, XRP), we may collect data like your wallet address or transaction ID to confirm payment. Please note that cryptocurrency transactions operate on public blockchains, meaning every crypto transaction is recorded on a public ledger visible to anyone. While these blockchain records do not include your name, they do tie transactions to wallet addresses and could potentially be linked to your identity through external data. We recommend you review the privacy practices of any crypto payment service we use (if applicable) and understand the public nature of blockchain transactions.
  • Order and Membership Details: When you purchase products or subscribe to our farm box service, we maintain a record of your orders, subscriptions, and preferences (e.g. selected products or delivery frequency). If you join as a member or loyalty program (if offered), we may assign you a membership ID and record benefits or rewards associated with your account. This information is used to manage your subscriptions and memberships effectively.
  • Communications: We collect any information you choose to provide when contacting us (for example, through emails, contact forms, or phone calls). This may include inquiries about our products, feedback, or details needed to resolve any issues. If our website blog allows comments or user contributions, any information you post (including your name, username, comments, and profile information) will be collected and may be visible to others on the site.
  • Newsletter and Marketing Preferences: If you subscribe to our newsletter or opt in to receive promotional communications, we will collect your email address and any preferences you provide (e.g. areas of interest). We use this to send you farm updates, product news, special offers, or educational content. You can opt out of marketing emails at any time (see Your Rights and Choices below).
  • Automatically Collected Data (Cookies & Usage): Like most websites, we use cookies and similar tracking technologies to automatically collect certain information about your device and browsing actions on our site. This includes your IP address, browser type, device identifiers, pages or products viewed, referring website, and the dates/times of access. We use analytics tools (such as Google Analytics) that place cookies on your browser to help analyze how users use our site, which pages are popular, and how we can improve the user experience. These tools may log information like how you navigated our site and interactions with our content. We also use functional cookies that remember your preferences (for example, keeping you logged into your account or remembering items in your cart). You will be notified about our use of cookies when you first visit our site, and where required, we will obtain your consent. You have control over cookies – you can adjust your browser settings to refuse or delete cookies, though some site features (like the shopping cart or account login) may not function properly without them. For more details, please see our Cookies section below.

We strive to be transparent about our data collection. If we ever need to collect personal information beyond what is described above, we will inform you at the point of collection and, if necessary, seek your consent.

How We Use Your Information

Alchemy Farms uses your personal information only for legitimate business purposes and as disclosed in this Policy. The main purposes for which we process your information include:

  • Providing Products and Services: We use your information to process transactions and fulfill your orders for farm produce and other products. This includes using your name and address for shipping/delivery, arranging farm tours you’ve booked, and managing your subscription boxes (e.g. preparing and delivering recurring orders). Payment information is used to complete purchases you initiate (for crypto payments, to verify that your transaction was received). We also use your account data to maintain your user profile, allow you to log in securely, and provide you with membership features or loyalty rewards (if applicable).
  • Communication: We use contact details (email, phone) to communicate with you about your orders (e.g. order confirmations, shipping updates), respond to your inquiries or support requests, and provide customer service. If there are any issues with your order or schedule (such as a delivery delay or a farm tour change), we will use your information to notify you.
  • Marketing and Newsletters: With your consent, we use your email to send you our newsletter and promotional materials about new products, special offers, upcoming events (like farm tours or workshops), or other updates from Alchemy Farms. You can unsubscribe from these emails at any time by clicking the “unsubscribe” link in the email or contacting us. We will not send you marketing communications if you have opted out.
  • Personalization and User Experience: We may use data about your past purchases, interests, and browsing on our site to personalize your experience. For example, we might suggest products or produce that align with your previous orders, or customize content on our website to be more relevant to you. Cookies and analytics help us understand user behavior so we can improve site navigation, product offerings, and overall user satisfaction.
  • Analytics and Improvement: Information collected via cookies and analytics services is used to understand how our website is used and to improve our online services. We analyze metrics like which pages are most visited, how users find our site, and what times of day have heavy traffic. This insight guides us in optimizing our website’s layout, content, and functionality. It also helps us diagnose technical issues and maintain the security and performance of our site.
  • Security and Fraud Prevention: We process certain data (such as account login activity or order history) to protect our website, business, and users from fraud, abuse, or other malicious activities. For example, we may use automated tools to screen for suspicious transactions or multiple failed login attempts. If you use crypto for payment, transaction data may be used to ensure the payment is legitimate. These measures help us safeguard user accounts and financial transactions.
  • Legal Compliance: In some cases, we need to use or retain your information to comply with legal obligations. For instance, we may keep records of sales and payments for tax and accounting requirements. If we are required by law enforcement or regulatory authorities to provide information, we will only do so as legally necessary (see “Sharing of Information” below regarding lawful requests). We also use your data to enforce our terms of service or other agreements, or to establish or defend legal claims if needed.

We will not use your personal information for any purpose that is incompatible with the purposes described above without your consent. If we propose new uses for your data, we will update this Privacy Policy and notify you as appropriate.

Cookies and Tracking Technologies

Cookies are small text files that websites place on your device to store data that can be recalled by the web server in the domain that placed the cookie. Alchemy Farms uses cookies and similar technologies to ensure our website functions correctly, to understand and improve user experience, and to support our marketing efforts. We want to be transparent about our use of these technologies and give you control over them.

  • Types of Cookies We Use:
    • Essential Cookies: These are necessary for our site’s core functionality. For example, when you add items to your cart or sign in to your account, essential cookies keep you logged in and remember the items in your cart as you navigate. Without these cookies, services you’ve asked for (like checking out or accessing your account) cannot be provided.
    • Analytics Cookies: We use third-party analytics tools (such as Google Analytics) that deploy cookies to collect information about how visitors use our site. This includes data like which pages you visit, how long you stay, how you arrived at our site, and what you click on. We use these insights to improve site content, features, and layout. The information collected is aggregated and does not directly identify you. However, analytics providers may receive your IP address or set their own identifiers through these cookies. We respect applicable laws by obtaining consent for analytics cookies where required.
    • Advertising and Marketing Cookies: If we run online advertisements or use marketing partners, we may use cookies or pixels to measure the effectiveness of our ads and deliver relevant marketing content. For example, a Facebook Pixel or Google Ads cookie could track that you visited our site, so we can later show you an ad for a product you viewed (this is called retargeting or remarketing). If we use any retargeting/advertising cookies, we will disclose it and ensure you have the ability to opt out. (Currently, our marketing is minimal and primarily via our newsletter; we do not heavily utilize targeted ads, but we include this for transparency.)
    • Preference Cookies: These cookies remember your choices and preferences on our site, such as your language selection or region, so we can provide localized content. They also may remember other customizations you make (e.g., if you prefer grid or list view for product listings). This makes your experience more convenient and tailored.
  • Third-Party Tracking: Some cookies on our site are placed by third parties that provide services or features on our website. For example, as mentioned, our analytics and possible advertising partners set their own cookies. In addition, if our blog content includes embedded videos (e.g., YouTube) or social media sharing buttons, those third-party services might set cookies when you interact with them. These third parties may monitor your actions on our site (such as viewing a video or clicking a share button) and use that information for their own purposes, like analytics or advertising on their platform. We do not have direct control over the information collected by these third-party cookies, so we encourage you to review the privacy policies of any third-party services we use (e.g., Google’s or Facebook’s policies) to understand their data practices. We will list the major third-party tools in use and provide links to their privacy information in this Policy or on our website for your reference.
  • Your Choices for Cookies: On your first visit to our site (and periodically thereafter), you will be presented with a notice about our use of cookies. Where required by law, we will give you the option to accept or decline certain categories of cookies (e.g., “Accept All” or “Reject non-essential cookies”). Even after consenting, you can always manage cookies through your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or notify you when new cookies are set. Please note that blocking all cookies might impact your ability to use some features of our website (for example, the site may not remember your cart or login session). You can also typically opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, and for interest-based ads you can use industry opt-out sites like the NAI’s opt-out page or youronlinechoices.eu (for EU users). We do not currently respond to “Do Not Track” signals from web browsers, because there is no consistent industry standard for compliance, but we will adhere to the choices you express through the opt-out mechanisms described here.

Sharing and Disclosure of Information

We treat your personal information with care and do not sell or rent your personal data to third parties for their own marketing purposes. However, in the normal course of running our farm store and website, we may share information with certain trusted third parties, under the circumstances described below, and always pursuant to appropriate safeguards and only as necessary:

  • Service Providers (Processors): We employ third-party companies and individuals to perform functions on our behalf and help deliver our services – for example, companies that process payments, handle shipping, send emails, provide marketing or analytics services, or host our website. These service providers will have access to the personal information needed to perform their functions, but they are not permitted to use it for other purposes. We require them to protect your data and to comply with privacy and security standards at least as stringent as our own. Key categories of service providers include:
    • Payment Processing Partners: As noted, we use third-party payment gateways for credit card transactions (such as Stripe or similar providers) and possibly cryptocurrency payment services. These partners process your payment information securely and are independent data controllers for your payment data, which means they may use and store your payment information according to their own privacy policies. We will make clear, at the point of payment, which payment provider is handling your transaction, and provide a link to that provider’s privacy policy. For example, if you pay by credit card, the transaction might be processed by Stripe (as an example) – Stripe would receive your card details directly. If you pay in cryptocurrency, and we utilize a third-party crypto payment gateway (e.g., BitPay or Coinbase Commerce), that service will handle the transaction and may collect data like your wallet address and payment amount. Alchemy Farms itself only receives confirmation of payment and necessary details to link the payment with your order. By outsourcing payments, we add a layer of security: we don’t keep sensitive financial details on our servers, reducing risk to you in the event of a security issue.
    • Website Hosting and IT Providers: Our website may be hosted on a third-party platform or server. The hosting provider may process technical data (IP addresses, error logs) to ensure our site runs smoothly and securely. We also use IT service providers or developers to maintain our website and databases. These parties might have incidental access to data while performing troubleshooting or updates, but they operate under confidentiality agreements.
    • Email and Marketing Platforms: We use external platforms to manage our email communications and newsletters (for example, services like Mailchimp, SendGrid, or similar). If you subscribe to our newsletter or transactional emails (order receipts, password resets, etc.), your name and email address are stored with these providers to facilitate those communications. They act on our instructions and cannot use your email for their own marketing. We also may use marketing tools or ad platforms to help deliver targeted offers (e.g., Google Ads, Facebook Business). Any such integrations will be disclosed, and those platforms might receive certain identifiers (like a hashed email or cookie ID) to assist with our campaigns.
    • Analytics Providers: As discussed in the Cookies section, we use third-party analytics (like Google Analytics) to understand site usage. These analytics providers act as our processors in analyzing aggregated data, but they may also set their own cookies and view your IP and device info. We ensure in our settings that no directly identifying information (like your name or exact contact details) is sent to analytics providers. You can opt out of inclusion in analytics as described above.
    • Delivery and Logistics Partners: If our operations expand to use third-party couriers or fulfillment centers for delivering subscription boxes or products, we would share only the necessary shipping information (name, address, possibly phone/email for delivery updates) with those third parties. They are not allowed to use your information except to deliver the products and confirm delivery. (Currently, since we operate in Barbados, we handle most deliveries internally, but if we engage a courier service in the future, the same privacy expectations apply.)
  • Business Transfers: In the unlikely event that Alchemy Farms undergoes a business transition such as a merger, acquisition by another company, or sale of some or all assets, personal information about our customers and users may be among the transferred assets. We would ensure the acquiring entity is bound to respect your personal data in a manner consistent with this Privacy Policy. If such a transfer occurs, we will provide notice on our website and/or contact you via email to inform you of any choices you may have regarding your information.
  • Legal Compliance and Protection: We may disclose your information if required to do so by law or in a good-faith belief that such action is necessary to comply with legal obligations or valid governmental requests (e.g., a court order, subpoena, or regulatory demand). We may also share information when we believe it is necessary to investigate, prevent, or act regarding suspected illegal activities, fraud, or situations involving potential threats to the safety or legal rights of any person or our company. This includes exchanging information with law enforcement or other companies and organizations for fraud protection and credit risk reduction. We will only disclose the minimum amount of information necessary and will object to overbroad requests when appropriate.
  • With Your Consent: Apart from the cases above, we will only share your personal information with third parties when we have your explicit consent to do so. For example, if we ever want to feature a customer testimonial on our website or partner with another company for a special promotion that involves sharing email lists, we would contact you and obtain your consent (you would have a clear choice to authorize or decline such sharing). We strive for transparency; if you’re ever unsure why a party received your data, please ask us.

In all cases of sharing, we maintain responsibility for the information we collect about you and ensure that any third party that receives your information is contractually obligated to handle it with care and only for the purposes we specify. We do not sell personal data, and if that policy ever changes, we will update this Privacy Policy and provide any required opt-out mechanisms in accordance with laws like the CCPA.

Data Security and Protection Measures

Alchemy Farms takes the security of your personal information very seriously. We implement industry-standard security measures to safeguard your data from unauthorized access, alteration, disclosure, or destruction. While no website or online service can guarantee 100% security, we follow best practices and continuously improve our defenses to protect your privacy. Our cybersecurity and data protection measures include:

  • Encryption: We secure our website with HTTPS, using SSL/TLS encryption for all data transmitted between your browser and our site servers. This means that when you enter personal information (like your login credentials or payment details) on our site, it is encrypted in transit and cannot be easily intercepted by third parties. We also encrypt sensitive data at rest where appropriate. For instance, any passwords associated with user accounts are stored in hashed (and salted) form, not in plain text, in our database. This cryptographic protection helps ensure that even if our data storage were compromised, your actual password remains secure and unintelligible.
  • Access Controls & Authentication: We enforce strict access controls to limit who within our organization and among our service providers can access personal data. Only authorized personnel who need to process your information (for example, our fulfillment team or customer service staff) are allowed access, and even then only to the data relevant for their role. Our staff are trained in privacy and security practices to ensure your data is handled safely. We also employ measures like multi-factor authentication (MFA) and strong password policies for our internal systems and administrative access to the website. Internally, we follow a principle of “least privilege” – each team member can only access the minimum data necessary to perform their duties, and access is revoked when it’s no longer needed.
  • Secure Payment Processing: As described earlier, we do not handle sensitive credit card data directly on our site – instead, we outsource payment processing to reputable third-party providers that comply with PCI-DSS (Payment Card Industry Data Security Standard). These providers are experts in payment security and use advanced measures to protect your payment information. By not storing full credit card details on our systems, we greatly reduce the risk to you; your payment data is processed on secure, dedicated payment networks. For cryptocurrency transactions, we use secure wallets or payment gateways and follow recommended security practices (such as using addresses unique to each transaction where possible and securing any crypto keys on our end, if applicable).
  • Firewalls and Network Security: Our website hosting environment is protected by firewalls which act as a barrier between our trusted internal network and untrusted external networks (like the internet). These firewalls help block unauthorized traffic and mitigate common web-based attacks. We also utilize security services and software to monitor for unusual activities or intrusion attempts. For example, we maintain up-to-date security plugins and settings (especially if our site runs on a content management system like WordPress) to defend against threats like SQL injection, cross-site scripting (XSS), and other vulnerabilities. Regular vulnerability scans are conducted to identify and address potential security weaknesses proactively.
  • Software Updates and Patching: We keep our website platform, server software, and any third-party plugins or libraries updated to the latest secure versions. Many cyber incidents exploit known flaws in outdated software. By promptly applying security patches and updates, we reduce the risk of breaches. We have procedures to apply critical updates as soon as practicable and to test our systems to ensure stability after updates.
  • Monitoring and Auditing: We perform regular security audits and monitor our systems for signs of suspicious activity. This includes reviewing logs for unusual login locations or spikes in errors, using intrusion detection systems where possible, and employing anti-malware tools. If we were to detect an attempted breach or anomaly, our team would investigate and take immediate action to secure the system. We also periodically review our data handling practices to ensure we maintain high standards and comply with our policies.
  • Data Minimization: As a fundamental security strategy, we collect and retain only the minimum amount of personal data necessary for our purposes. The less data we have, the less can be compromised in the event of any incident. For example, we do not store personal data that we no longer need – if you cancel your account or unsubscribe, we will remove or anonymize your information after fulfilling any legal retention requirements. We avoid collecting sensitive personal data that isn’t relevant to our services. This practice of data minimization is a key privacy principle and also reduces security risk. Additionally, where feasible, we employ techniques like tokenization for sensitive information – substituting sensitive data with non-sensitive equivalents (tokens) that have no exploitable meaning outside our systems. This way, even if data is intercepted, it’s not useful to an attacker.
  • Organizational Policies and Training: We maintain internal cybersecurity policies and regularly train our team on best practices for data protection and privacy. All employees and contractors are required to adhere to confidentiality obligations. We promote a “security-first” culture where everyone is vigilant about potential threats (like phishing emails) and knowledgeable about how to handle personal data safely. Regular drills or exercises may be conducted to ensure our team can respond effectively to security scenarios.
  • Incident Response Plan: Despite robust precautions, no system is completely immune to cyber threats. That’s why we have a data breach response plan in place. In the event of a security incident involving personal data, we will promptly contain and investigate the incident. If a data breach is likely to result in a high risk to your rights (for example, a leak of sensitive personal details), we will notify the affected individuals and relevant authorities as required by law. Our plan includes steps for communicating with users about what happened and advising on any protective measures they should take. We continuously refine these plans to incorporate learnings from any incidents or industry best practices.

Our goal is to ensure the integrity and confidentiality of personal data by using appropriate technical and organizational security measures. However, it’s important for you as a user to also play a role in keeping your data safe. Protect your account credentials – use a strong, unique password for our site and do not share it. If you suspect any unauthorized activity in your account or have any reason to believe your interaction with us is no longer secure (for instance, if you feel your account password has been compromised), please contact us immediately so we can assist.

In summary, we employ multiple layers of security – encryption, access control, secure infrastructure, and vigilant practices – to shield your personal information. We stay updated on cybersecurity trends and continuously improve our defenses. Your trust is of utmost importance to us, and we work hard every day to justify that trust by keeping your data safe.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law or legitimate business needs. This means:

  • If you have an account or membership with us, we will keep your personal details on file while your account is active so that we can provide you with services (e.g. manage your orders and subscriptions). If you choose to delete your account or if your account has been inactive for a long period, we will initiate the process to delete or anonymize your information, unless we need to keep it for legal reasons.
  • Order and Transaction Records: We retain records of your purchases (including personal information linked to those transactions) for a period necessary to process the orders, handle any returns or complaints, and satisfy accounting, tax, or regulatory requirements. For example, financial regulations or tax laws may require us to keep transaction records for a certain number of years. During this retention period, your data will continue to be protected under the terms of this Privacy Policy.
  • Newsletter/Marketing Data: If you have signed up for our newsletter or given consent to receive marketing emails, we will retain your contact information and marketing preferences until you opt out or unsubscribe. If you unsubscribe, we will remove you from the mailing list promptly, though we may keep a record of your request to ensure we don’t accidentally contact you again (as required by anti-spam regulations).
  • Communications: If you contact us (via email, contact form, etc.), we may retain those communications and our responses for a period to effectively manage our customer service and keep a record of any issues addressed. Typically, we won’t keep routine customer service emails longer than needed, but some records (especially if a complaint or legal matter) may be kept as long as reasonably necessary to protect our legal interests.
  • We periodically review the data we hold and erase or anonymize information that is no longer needed. In fact, we have implemented automated data retention policies for certain systems, which means that old or unnecessary data is regularly deleted on a schedule. This minimizes the amount of personal information we store long-term, thereby reducing risk. For example, web server logs that capture IP addresses might be set to purge after a few months once we have extracted useful analytics. Similarly, if we ever collected log-in metadata or similar, we wouldn’t keep it indefinitely without purpose.
  • Criteria for Retention: When determining how long to keep personal data, we consider the quantity, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure if we kept it too long, the purposes of processing, and whether those can be achieved by other means, as well as applicable legal requirements. In jurisdictions with data protection laws (like Barbados’ Data Protection Act or EU’s GDPR), we comply with obligations to not retain personal data longer than necessary for the purpose it was collected (storage limitation principle).
  • After Retention Period: When we no longer need your personal information, we will securely dispose of it. This may involve erasing electronic records using secure deletion methods or shredding physical documents. Alternatively, we may anonymize the data so that it can no longer be associated with you, in which case we may retain and use the anonymized information (for example, aggregate analytics) without further notice.

If you have any specific questions about our data retention practices for a particular type of information, you are welcome to contact us (see Contact Us below). We can provide more details or accommodate requests to delete data (in line with your rights, described next).

Your Rights and Choices

We believe in putting you in control of your personal information. Subject to applicable law (such as the Barbados Data Protection Act and other international privacy laws), you have a number of rights regarding the personal data we hold about you. We are committed to respecting these rights and have processes in place to enable you to exercise them. These rights include:

  • Right to Access: You have the right to request a copy of the personal information we hold about you, and to obtain information about how we process it. This is sometimes called a “data subject access request.” We will provide you with a summary of the data, and explanations of the purposes, the categories of data, the categories of recipients with whom it is shared, and other required details. In most cases, this will be provided free of charge (unless the request is manifestly unfounded or excessive as per applicable law).
  • Right to Rectification: If any of your personal details that we have are inaccurate or incomplete, you have the right to ask us to correct them. We encourage you to keep your account information up to date, and you can usually do so directly by logging into your account settings. For any data you cannot update yourself, contact us and we will make the corrections. Our goal is to maintain accurate, current information; we will update our records and inform any third parties that received incorrect information, where required.
  • Right to Erasure: Commonly known as the “right to be forgotten,” this right allows you to request deletion of your personal data in certain circumstances. For example, if you no longer want to have an account with us, you can request that we delete all personal information we have about you. We will honor such requests provided that we do not have a compelling reason or legal obligation to keep the data (for instance, we may need to retain certain transaction records for auditing purposes, but we can isolate and securely store them until the retention period expires). When we delete personal data, we will do so in a secure manner.
  • Right to Restrict Processing: You have the right to ask us to limit or “pause” the processing of your personal information in certain scenarios – for instance, if you contest the accuracy of the data, or if you want to restrict processing while you pursue an objection (see below). When processing is restricted, we can still store your data but will not use it for the time being (aside from maintaining the restriction).
  • Right to Object: You have the right to object to our processing of your personal information when that processing is based on our legitimate interests (or those of a third party) and you have a specific situation that makes you want to object. If you raise an objection, we will assess whether our legitimate grounds for processing override your rights or if we need to cease that processing. You always have the right to object to processing of your data for direct marketing purposes – meaning if you don’t want any marketing communications, let us know and we will stop sending them. This includes profiling related to direct marketing.
  • Right to Withdraw Consent: In cases where we rely on your consent to process your personal information (for example, sending promotional emails or certain types of cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted based on consent before its withdrawal. If you withdraw consent, we will stop the processing that was based on consent (for instance, we will stop sending the newsletter you had signed up for). Note that if you opt out of marketing emails, we may still send you transactional messages related to your purchases or account (since those are not based on consent but on contract necessity).
  • Right to Data Portability: Under certain circumstances, you may have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another service provider (where technically feasible). This typically applies to data processed by automated means that you provided by consent or contract. If applicable, we will provide the data in a CSV or similar format upon request.
  • Right Not to Be Subject to Automated Decisions: Alchemy Farms does not make any significant decisions about you based solely on automated decision-making (without human involvement), such as automated profiling that has legal or similarly significant effects. In the event we ever implement such processes, you would have the right to human review of any decision made solely by algorithms, and to express your point of view or contest the decision.
  • Cookies Choices: As described in the Cookies section, you have control over cookie preferences. You can refuse non-essential cookies and adjust browser settings to manage tracking. This right is more about choice and control rather than a formal request, but we include it here to emphasize that users should always have the option of not being tracked by unnecessary data collection technologies. We honor such choices through our consent banners and opt-out tools.

To exercise any of your rights, please contact us using the information provided in the Contact Us section below. For security, we may need to verify your identity before fulfilling certain requests (for example, we might ask you to confirm some details we already have on file or log into your account, to ensure the request is coming from the correct individual). We will respond to your request as soon as possible and within any timeframes required by law. Under Barbados law and other applicable regulations, we will generally respond within 30 days of receiving a valid request (and will inform you if we need more time in rare cases).

We will not discriminate against you for exercising any of these rights. That means if you choose to exercise your privacy rights (such as opting out of marketing or requesting deletion), we will not deny you our services, charge you different prices, or provide a different level of service, except as permitted by law (for example, if we no longer have your data, some personalized features might not function, but we will inform you of any such impact).

Access and control are central to privacy – we want to ensure you can view, update, or delete your information easily. Our website provides tools for you to edit certain information (like your profile details and newsletter preferences). For other actions, a simple request to our privacy contact is sufficient.

If you have any concerns about how we handle your data or your requests, please let us know so we can address them. Additionally, if you feel we have not adequately resolved your privacy-related issue, you have the right to lodge a complaint with the Data Protection Commissioner in Barbados or other relevant supervisory authority in your jurisdiction.

Children’s Privacy

Protecting the privacy of minors is extremely important to us. Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old without verifiable parental consent. If you are under 13, please do not register an account, make purchases, or provide any personal data to us. Parents or guardians should supervise children’s online activities and consider using parental controls available from online services.

For teens and minors above 13: If you are between 13 and 18 (or the age of majority in your jurisdiction), you should use our website only with involvement of a parent or guardian. Some features like financial transactions or farm tour bookings may require an adult’s participation. We might ask for a parent/guardian’s email to verify consent if we suspect a user is a minor.

We comply with laws that aim to protect children’s personal data online, such as the U.S. Children’s Online Privacy Protection Act (COPPA) which imposes requirements on websites regarding the collection of data from children under 13. Similarly, Barbados’ Data Protection Act and other international regulations treat children’s data with special care.

If we learn that we have inadvertently collected personal information from a child under 13 (or applicable minimum age) without proper consent, we will take prompt steps to delete that information from our records. For example, if a child somehow creates an account or places an order providing personal details, once we verify the individual is a minor, we will cancel the account/order and remove the data (except perhaps to maintain a record that ensures the minor cannot re-register, in compliance with legal guidance).

Parents or guardians who believe their child may have provided us personal information can contact us directly (see Contact Us below). We will be happy to review and delete the child’s information as appropriate, or to provide information about what (if anything) was collected.

International Data Transfers

While Alchemy Farms is based in Barbados and currently operates only in Barbados, we recognize that the internet is a global service and users from other regions might visit our site or interact with us. Also, we utilize certain third-party service providers that may be located outside of Barbados. As such, your personal information may be transferred to, stored in, or processed in other countries, including the United States, Canada, or countries in the European Union, where our service providers or hosting servers are located.

We want to ensure that wherever your data is handled, it is afforded an adequate level of protection. Barbados’ Data Protection Act permits international transfers of personal data only if the receiving country ensures an adequate level of protection (similar to GDPR’s requirements). In cases where we transfer data out of Barbados, we will take steps to comply with these requirements. This may include:

  • Adequacy Decisions: If your data is sent to a country that Barbados (or relevant authorities) has deemed to have adequate data protection laws, we rely on that determination. (For example, data sent to a service provider in the EU would be covered under GDPR adequacy.)
  • Contractual Safeguards: For transfers to countries without an adequacy finding (such as the United States), we use standard contractual clauses or similar legal mechanisms in our contracts with the service provider, obligating them to protect the data according to high standards. These clauses are a set of commitments approved by regulatory bodies to ensure privacy rights travel with your data.
  • Privacy Shield or Successor Frameworks: Where applicable, we may rely on certified frameworks for data transfer (though the previous EU-U.S. Privacy Shield was invalidated, we stay tuned for any new frameworks or the UK extension thereof). In any case, we ensure that our U.S. service providers commit to strong privacy principles.
  • Your Consent: In specific situations, we might ask for your consent for a transfer. For instance, if you are engaging with us from a country far from our usual operations, we might inform you that by using our services your data will be transferred to Barbados and ask for your agreement (continued use in that context can serve as implied consent, but we will make it clear).

Regardless of where your data is processed, we will apply the same level of protection and security described in this Privacy Policy. Our privacy practices are global in nature – meaning whether your data is handled in Barbados or elsewhere, we enforce confidentiality, use limitations, and security measures consistently.

If you are accessing our website from outside of Barbados, please be aware that your information may be transferred to and stored in Barbados or other jurisdictions. The data protection or privacy laws of those countries might be different from those in your home country. However, we will take steps to ensure that your privacy rights continue to be protected. By using our services or providing us with your information, you acknowledge the transfer of your personal data in accordance with this section.

Should you require more details on the safeguards we have in place for international data transfers, feel free to contact us. We can provide copies of relevant contractual clauses or answer any questions you have about how we keep your data safe across borders.

Updates to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the top of the Policy. Any changes will become effective when posted on this page, so we encourage you to review our Privacy Policy periodically.

If we make any material changes – for example, if we start collecting additional categories of personal data or share information in new ways that you wouldn’t expect under the current policy – we will provide a more prominent notice. This may include posting a notice of the change on our homepage or sending you a direct notification (e.g., via email or a message through your account, if appropriate).

Your continued use of our website or services after the effective date of the updated Privacy Policy will signify your acceptance of the changes. However, if changes require your consent (under applicable laws), we will obtain that consent separately. For instance, if a new law requires additional consent for certain data uses, we’ll comply with that.

In summary, we are committed to keeping you informed about how we handle your privacy. We won’t surprise you with unexpected data practices – any significant shift in how we treat personal information will be communicated and reflected in this Policy. Always feel free to reach out with questions or for a prior version of this Policy if you want to compare changes.

Contact Us

Your feedback and questions about privacy are important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or how Alchemy Farms handles your personal information, please do not hesitate to contact us. We have a dedicated contact for privacy inquiries and we will respond as promptly as we can.

You can reach our privacy team by email at: privacy@alchemyfarms.com
Or by mail at: Alchemy Farms Office, Spencer’s Christ Church Bridgetown, Barbados (if applicable).

When contacting us, please provide your name and contact information and a detailed description of your request or question. If you are making a rights request (as described in the “Your Rights and Choices” section), please specify which right you wish to exercise and the scope of the request. We may need to verify your identity for security reasons, but we will use the information you provide in connection with the request solely for verification and to fulfill your request.

We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data. If you feel your inquiry has not been satisfactorily addressed, you also have the right to contact the Barbados Data Protection Commissioner’s Office (or your local data protection authority) and file a complaint.

Thank you for reading our Privacy Policy. We appreciate your trust in Alchemy Farms and are dedicated to safeguarding your personal information. Your privacy is a priority for us, and we’ll continue to invest in policies and practices that uphold that commitment. If you have any further questions, we are here to help.

Regards,
The Alchemy Farms Team