Privacy Policy
PRIVACY POLICY
PFG Holding Corporation d/b/a ProFarm
Last Updated: May 18, 2026
PFG Holding Corporation d/b/a ProFarm (“ProFarm,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information through the ProFarm website located at profarm.com and any related webpages that link to this Privacy Policy (the “website”).
This Privacy Policy applies to website visitors, business contacts, prospective customers, distributors, growers, professional agricultural users, and job candidates who interact with our website. It does not apply to employee data, supplier data collected outside the website, offline commercial contracts, or third-party websites that we do not control.
- Who We Are
The website is operated by:
PFG Holding Corporation d/b/a ProFarm
1530 Drew Ave.
Davis, CA 95618
Attn: [Privacy Contact Name]
Email: [Email]
For privacy rights requests, cookie-consent questions, or other questions about this Privacy Policy, please contact us using the information above.
- Personal Information We Collect
We collect limited personal information through the website. We do not allow visitors to create user accounts, post comments, or upload media files.
- Information You Provide Directly
- “Careers” Form. If you submit a careers inquiry through the website, we collect your first name, last name, email address, and any information you choose to include in the message field. Formal job applications are processed through Paycom, a third-party applicant tracking provider. If you apply through Paycom, Paycom’s own privacy disclosures also apply.
- “Contact Us” Form. If you contact us through the website, we collect your reason for contact, name, company name, state/province/region, ZIP/postal code, email address, phone number (if provided), and any information you choose to include in the message field.
Please do not include sensitive personal information in free-text message fields unless it is strictly necessary to address your specific request.
- Information Collected Automatically
When you visit our website, we and our service providers may automatically collect technical and usage information, including:
- IP address and approximate geographic location inferred from IP address;
- Browser type, device type, and operating system;
- Referring pages and pages viewed;
- Time spent on pages and click interactions; and
- Cookie identifiers and similar online identifiers.
We use Google Analytics and Google Tag Manager to understand website traffic and performance. Google Analytics may collect first-party cookies, device and browser data, IP-related data, and on-site activity depending on its configuration.
- Cookies and Similar Technologies
We use cookies, tags, pixels, and similar technologies for site functionality, security, analytics, user preferences, and, if enabled by the visitor, advertising and retargeting. Non-essential cookies and tags are managed through Cookiebot and are only activated where consent is provided or not required by law. Please see our Cookie Policy for more information.
- Why We Use Personal Information
Purpose | Examples | Legal Basis Where GDPR or UK GDPR Applies |
Responding to inquiries | Answering Contact Us submissions, routing requests, providing requested information | Legitimate interests (Art. 6(1)(f) GDPR/UK GDPR); steps prior to contract (Art. 6(1)(b)); consent where required |
Careers inquiries and applications | Responding to careers inquiries; directing applicants to Paycom; evaluating applications submitted through Paycom | Pre-contractual steps/employment contract (Art. 6(1)(b) GDPR/UK GDPR); legal obligations (Art. 6(1)(c)); legitimate interests (Art. 6(1)(f)) |
Website operation and security | Hosting, troubleshooting, fraud and security monitoring, access controls, abuse prevention | Legitimate interests (Art. 6(1)(f) GDPR/UK GDPR); legal obligations (Art. 6(1)(c)) |
Analytics and improvement | Measuring site traffic, improving content, understanding website performance | Consent where required (Art. 6(1)(a) GDPR/UK GDPR); legitimate interests where permitted (Art. 6(1)(f)) |
Advertising and retargeting | Optional media tags, remarketing, measuring advertising effectiveness | Consent where required (Art. 6(1)(a) GDPR/UK GDPR); opt-out rights where applicable under U.S. state law |
Legal and compliance | Responding to legal requests, enforcing rights, maintaining records | Legal obligations (Art. 6(1)(c) GDPR/UK GDPR); legitimate interests (Art. 6(1)(f)) |
Product and regulatory content | Making product labels, safety data sheets, and regulatory information available to professional users | Legal obligations (Art. 6(1)(c) GDPR/UK GDPR); legitimate interests (Art. 6(1)(f)) |
We do not use website form submissions for newsletter subscriptions or general email marketing unless we provide a separate notice and obtain any required consent at the time of collection.
- Product Label and Regulatory Information
The website may include product labels, safety data sheets (SDS), regulatory information, and other agricultural product materials. These materials are provided for informational and regulatory purposes and may be subject to pesticide, agricultural, environmental, labeling, and product-specific laws and regulations. Users are responsible for reading and following the applicable product label and regulatory materials for their jurisdiction and intended use.
For pesticide products registered in the United States, the product label is a legally binding document under the Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA). As the U.S. EPA has stated, the label is the law.
- How We Disclose Personal Information
Service providers and processors. We disclose personal information to vendors that host, secure, support, analyze, or operate the website on our behalf, including WP Engine (managed WordPress hosting), Google Analytics, Google Tag Manager, Cookiebot (consent management), Paycom (applicant tracking), and website development and support providers. These providers are permitted to use personal information only as directed by us and in accordance with applicable law.
Advertising and media partners. If advertising or retargeting tags are enabled and the visitor has provided required consent (or has not opted out where applicable), we may disclose online identifiers, cookie IDs, device information, and website activity data to advertising and media partners for retargeting, ad delivery, frequency capping, attribution, and campaign measurement. Specific partners are identified in the Cookiebot cookie declaration and Cookie Policy.
Professional advisers and legal/compliance recipients. We may disclose personal information to legal counsel, auditors, insurers, consultants, or government authorities where reasonably necessary for legal, regulatory, security, or compliance purposes.
Business transactions. We may disclose personal information in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to appropriate confidentiality obligations and safeguards.
We do not sell personal information for monetary consideration. However, some U.S. state privacy laws define “sale,” “sharing,” or “targeted advertising” broadly enough to encompass certain advertising, retargeting, analytics, or cross-context behavioral advertising activities. Where applicable, you may opt out as described in Section 6.
- Cookies, Analytics, and Advertising Choices
You can manage non-essential cookies and similar technologies through the cookie consent banner or “Cookie Settings” link on our website.
Where required by law, analytics, advertising, retargeting, and similar non-essential tags will not be placed unless you consent. You may change or withdraw your consent at any time by clicking “Cookie Settings” on the website. Withdrawal of consent does not affect the lawfulness of any cookie use that occurred before withdrawal.
You may also use your browser settings to block or delete cookies. Blocking certain cookies may affect the functionality of the website.
Where legally required (including under applicable U.S. state privacy laws), we will honor recognized opt-out preference signals, including the Global Privacy Control (GPC), as an opt-out from sale, sharing, or targeted advertising for the browser or device sending the signal.
To opt out of Google Analytics across websites, you may install the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.
- Your Privacy Rights
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information:
- Confirm whether we process your personal information;
- Request access to your personal information;
- Correct or rectify inaccurate or incomplete personal information;
- Request deletion (erasure) of your personal information;
- Receive a portable copy of certain personal information;
- Restrict or object to certain processing activities;
- Withdraw consent where processing is based on consent (without affecting the lawfulness of prior processing);
- Opt out of sale, sharing, targeted advertising, or certain profiling;
- Limit the use or disclosure of sensitive personal information where applicable;
- Appeal a denial of a privacy request; and
- Lodge a complaint with a data protection authority or supervisory authority in your jurisdiction.
Specific rights, timeframes, and mechanisms vary by jurisdiction. See Sections 9 and 10 below for jurisdiction-specific information. We will not discriminate against you for exercising any privacy rights available to you under applicable law.
- How to Submit a Privacy Request
To submit a privacy request, please contact us at:
Attn: [Privacy Contact Name]
Email: [Email]
Please include your name, contact information, jurisdiction, and a description of your request. We may ask for additional information to verify your identity or your authority to act on behalf of another person. We will use verification information only to process the request and will not retain it longer than necessary for that purpose.
If we deny your request in whole or in part, you may appeal by emailing us with the subject line “Privacy Appeal.” We will review the appeal and respond as required by applicable law. If you remain unsatisfied after our appeal response, you may have the right to lodge a complaint with the applicable supervisory authority in your jurisdiction.
- U.S. State Privacy Notice
This section applies to residents of U.S. states with comprehensive consumer privacy laws whose requirements may apply to ProFarm, including California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Texas (TDPSA), and other states with similar laws.
- Categories of Personal Information Collected
During the past 12 months, we may have collected the following categories of personal information:
Category | Examples |
Identifiers | Name, email address, phone number, IP address, cookie ID, device ID |
Customer records/contact information | Company name, contact details, inquiry details, state/province, ZIP/postal code |
Commercial or professional information | Company affiliation, agricultural or business inquiry, careers-related information |
Internet or electronic network activity | Pages visited, browser and device information, referring pages, session duration, website interaction data |
Geolocation data | Approximate location inferred from IP address |
Inferences | Limited advertising or analytics segments if retargeting tags are enabled |
Sensitive personal information | Not intentionally collected through the website. Users should not submit sensitive personal information in free-text fields unless necessary. |
- Sources
We collect personal information directly from you (through website forms and voluntary submissions), automatically from your browser or device (through cookies and similar technologies), and from service providers such as Paycom in connection with job application processing.
- Business or Commercial Purposes
We collect and use personal information for the purposes described in Sections 2, 3, and 5 of this Privacy Policy.
- Disclosure, Sale, Sharing, and Targeted Advertising
We disclose personal information to service providers and processors for business purposes as described in Section 5. We do not sell personal information for monetary consideration. We may share online identifiers and website activity data with advertising and media partners for cross-context behavioral advertising or targeted advertising if non-essential advertising cookies or tags are enabled by the visitor.
You may opt out of sale, sharing, or targeted advertising through Cookie Settings, the “Do Not Sell or Share My Personal Information” link if displayed on the website, or a recognized opt-out preference signal such as Global Privacy Control, where required.
- Sensitive Personal Information
We do not intentionally collect sensitive personal information through the website for purposes that would require a right to limit under California law or equivalent provisions of other state privacy laws. Users should not submit sensitive personal information in free-text fields unless necessary for their request.
- Retention
See Section 12 of this Privacy Policy.
- Non-Discrimination
We will not discriminate against you for exercising your U.S. state privacy rights, including by denying goods or services, charging different prices, or providing a different quality of service.
- Authorized Agents
Residents of California and other states whose laws permit authorized agents may designate an agent to submit a privacy request on their behalf. We may require proof of authorization and may ask the individual to verify their identity directly with us, as permitted by applicable law.
- EU, UK, and EEA Visitors — GDPR and UK GDPR
This section applies to individuals located in the European Union (EU), the European Economic Area (EEA), or the United Kingdom (UK) whose personal data is processed in connection with the website, pursuant to Regulation (EU) 2016/679 (GDPR) and/or the UK GDPR as retained by the Data Protection Act 2018.
- Controller. PFG Holding Corporation d/b/a ProFarm is the data controller for personal data processed in connection with the website.
- Legal bases. We process personal data only where we have a valid legal basis under Article 6 of the GDPR/UK GDPR, as identified in Section 3. Where processing is based on legitimate interests (Art. 6(1)(f)), those interests are typically to operate and secure the website, respond to inquiries, and maintain business records. You may request further information about our legitimate interest assessments by contacting us as described in Section 8.
- Data subject rights. You have the rights described in Section 7, including: access (Art. 15); rectification (Art. 16); erasure (Art. 17); restriction of processing (Art. 18); data portability (Art. 20); and objection (Art. 21). Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
- Response timeframe. We will respond to data subject requests within one month of receipt. This period may be extended by up to two additional months where the request is complex or where numerous requests are received; in such cases, we will notify you of the extension and reasons within the first month.
- Supervisory authority. You have the right to lodge a complaint with the data protection supervisory authority in your EU member state or, for UK individuals, with the Information Commissioner’s Office (ICO) at ico.org.uk. A list of EU/EEA supervisory authorities is available at edpb.europa.eu.
- International transfers. See Section 11 of this Privacy Policy.
- Retention. See Section 12 of this Privacy Policy. We encourage EU/UK individuals who believe their personal data is no longer necessary for any identified purpose to submit a deletion request using the contact information in Section 8.
- International Transfers of Personal Information
ProFarm operates primarily from the United States. Personal information collected through the website may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.
Where required by applicable law, we use appropriate safeguards for international transfers of personal data, which may include:
- Standard Contractual Clauses (SCCs) adopted by the European Commission for transfers of EU/EEA personal data to third countries, and the equivalent International Data Transfer Agreement (IDTA) or IDTA Addendum for transfers of UK personal data;
- Data processing agreements incorporating appropriate contractual protections with service providers; and
- Consent, where provided by the individual and required for the specific transfer.
You may request further information about the safeguards we use for international transfers, or a copy of any relevant standard contractual clauses, by contacting us as described in Section 8.
- Retention of Personal Information
We retain personal information for as long as we determine is reasonably necessary for the purposes for which it was collected, to fulfill applicable legal, regulatory, or business-record obligations, to resolve potential disputes, or as otherwise required or permitted by law. Our current retention practices are described in the table below.
Data Type | Retention Practice |
“Contact Us” and “Careers” form submissions | We retain form submission data indefinitely, unless you request deletion of your information or we determine that the data is no longer necessary for any identifiable business, legal, or compliance purpose. We do not apply a fixed deletion schedule to website form submissions at this time. Individuals with deletion rights under applicable law, including under GDPR Article 17 and UK GDPR, may submit a deletion request as described in Section 8. We will evaluate such requests in accordance with applicable law. |
Cookie consent records | Retained for the period necessary to document consent and withdrawal, generally 3-5 years depending on jurisdiction and applicable limitation periods. |
Analytics data | Per Google Analytics retention configuration. We recommend the shortest retention period consistent with business needs (e.g., 14 months). |
Security and activity logs | Retained for security monitoring, incident response, and investigative purposes for as long as reasonably necessary. |
WP Engine backups | Per WP Engine backup cycle, typically 30-40 days, unless a backup is preserved for security investigation or legal purposes. |
Paycom applicant records | Per ProFarm’s applicant-record retention schedule and Paycom platform configuration, consistent with applicable employment recordkeeping obligations. |
Notwithstanding the foregoing, we may retain personal information for longer periods where required by applicable law, regulation, court order, or other legal obligation, or where necessary to establish, exercise, or defend legal claims.
- Security
We use reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:
- HTTPS/TLS encryption for all data in transit, with HSTS enforced across the website;
- Managed WordPress hosting on WP Engine, which maintains SOC 2 Type II compliance and infrastructure hosted on ISO 27001-certified cloud platforms;
- Platform-level Web Application Firewall (WAF), DDoS mitigation, and automated blocking of known malicious IPs;
- Content Security Policy (CSP) headers to mitigate cross-site scripting (XSS) and data injection attacks;
- Role-based access controls for WordPress administration and the WP Engine portal;
- Automated platform-level intrusion detection, malware scanning, and activity logging;
- Regular plugin, theme, and WordPress core security updates; and
- Automated daily backups retained in geographically distributed data centers with physical security controls.
No method of transmission over the internet or electronic storage is completely secure. While we endeavor to use commercially reasonable measures to protect personal information, we cannot guarantee its absolute security.
- Data Breach and Incident Response
If we become aware of a confirmed or reasonably suspected security incident involving personal information, we will:
- Evaluate the incident and its scope, utilizing platform-level threat detection, malware scanning, intrusion detection alerts, and activity logs;
- Involve appropriate internal personnel (including the Group Director of MarTech as designated incident response contact), WP Engine support, and any relevant third-party processors;
- Take reasonably practicable steps to contain the incident and mitigate harm; and
- Provide notifications to affected individuals and supervisory authorities as required by applicable law, within the timeframes mandated by law.
EU/UK. Under the GDPR/UK GDPR, we will notify the relevant supervisory authority of a personal data breach without undue delay and, where feasible, within 72 hours of becoming aware, where the breach is likely to result in a risk to the rights and freedoms of natural persons. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay.
United States. We will comply with applicable U.S. state and federal data breach notification requirements.
- Third-Party Websites and Services
The website may contain links to third-party websites and services, including Paycom for job applications and third-party sites containing product, regulatory, distributor, or partner information. We do not control those third-party websites or their privacy practices. This Privacy Policy does not apply to third-party websites, and we encourage you to review the privacy policy of any third-party site before providing personal information.
- Children’s Privacy
The website is intended for business and professional agricultural users. It is not directed to children under the age of 13 (or a higher age threshold as applicable in your jurisdiction), and we do not knowingly collect personal information from children. If you believe we have inadvertently collected personal information from a child, please contact us using the information in Section 1 and we will take appropriate steps to delete that information.
- Automated Decision-Making and Profiling
We do not use personal information collected through the website to make decisions that produce legal or similarly significant effects on individuals through solely automated processing.
Advertising and analytics service providers may use cookies and similar technologies to create advertising segments or profiles if the visitor has consented or has not opted out where required by law. You can manage these technologies through Cookie Settings on the website.
- Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. The “Last Updated” date at the top of this Policy indicates when it was last revised. Material changes will be posted on this page. We encourage you to review this Privacy Policy periodically.
- Contact Us
For questions about this Privacy Policy, to exercise your privacy rights, or to submit a privacy request, please contact:
PFG Holding Corporation d/b/a ProFarm
1530 Drew Ave.
Davis, CA 95618
Attn: [Privacy ContactName]
Email: [Email]
If you are located in the EU, UK, or EEA and are not satisfied with our response, you may lodge a complaint with your local data protection supervisory authority.