User Privacy Rights

---

Last Updated: August 1, 2025

Midland Prairie Enterprises, LLC (“Midland Prairie,” “we,” “us,” or “our”)

We post this notice via a conspicuous hyperlink labeled, “Privacy Rights,” at the bottom of every page on our website, as well as at the top of every page, under the “Governance” drop-down menu option. If we offer a mobile app, we post the link on the app-store/download page and in the app’s settings menu. (Minn. Stat. § 325M.16, subd. 1(b)–(d), (g))

1.) Scope

This notice explains how we collect, use, share, and protect personal data when you visit our site, submit a manuscript, make a donation or purchase, sign up for updates, or otherwise interact with us in the United States. It also describes privacy rights available to Minnesota residents under the Minnesota Consumer Data Privacy Act (MCDPA). (Minn. Stat. §§ 325M.10–.21)

Minnesota coverage & voluntary compliance: The MCDPA applies to organizations meeting specific thresholds; if we do not meet those thresholds or we qualify as an SBA small business, we nevertheless voluntarily honor the rights and duties described in this notice (except where a law expressly requires otherwise). Small businesses must not sell sensitive data without prior consent. (Minn. Stat. § 325M.17; 13 C.F.R. Part 121)

2.) Key Definitions (Plain Language)

• Personal data: information linked or reasonably linkable to an identified or identifiable individual (not public records). (Minn. Stat. § 325M.11)
• Sensitive data: personal information revealing racial or ethnic origin; religious beliefs; health diagnosis; sexual orientation; citizenship or immigration status; genetic or biometric data for unique ID; specific geolocation; or personal data collected from a known child. (Minn. Stat. § 325M.11)
• Known child: under 13 where we have actual knowledge. (Minn. Stat. § 325M.11; COPPA, 15 U.S.C. §§ 6501–6506)

3.) What We Collect (Sources)

• You provide: name, email, optional phone, mailing address (for shipping/receipts), manuscript details (title/synopsis/samples), brief bio or social links, donation/order details, and preferences.
• Payments: processed by a PCI-DSS compliant processor. We do not store full card numbers, CVV, or PIN, and we follow Minnesota’s Plastic Card Security Act prohibiting retention of card security code, PIN verification data, or full magnetic-stripe track data after authorization (48-hour ceiling for PIN debit). (Minn. Stat. § 325E.64)
• Automatically: IP address, device/browser type, pages viewed, referral URLs, session metrics via cookies/SDKs.
• From others (if applicable): shipping vendors, fraud-prevention partners, and public/professional sources (e.g., an author website).

4.) Why We Use Data (Purposes & Minimization)

• Manuscript review and publishing operations
• Orders/donations and customer support
• Email newsletters and event updates (opt-out anytime)
• Analytics and site performance
• Security and fraud prevention
• Legal compliance and recordkeeping

We limit collection to what is adequate, relevant, and reasonably necessary for these purposes and will not use personal data for incompatible purposes without your consent. You can revoke consent by a method at least as easy as how you gave it; after revocation we stop the applicable processing within 15 days. (Minn. Stat. § 325M.16, subd. 2(b), (e))

Notice at collection: categories, purposes, retention, disclosures — We collect the following categories of personal data, for the listed purposes, retained for the period shown, and disclosed to these categories of service providers/third parties. We do not sell personal data or process for targeted advertising.

1. Identifiers (name, email, phone, postal address) — Purposes: account/communications, fulfillment, receipts; Retention: active relationship + 7 years for tax/records; Disclosed to: cloud hosting, email delivery, payment and shipping vendors.
2. Manuscript submission data (title, synopsis, samples, bio, social links) — Purposes: editorial review, author communications, production planning; Retention: review period + up to 24 months after decision (longer only with your consent); Disclosed to: editorial tools and contracted readers under NDA.
3. Transaction data (order/donation details, limited payment tokens) — Purposes: fulfillment, fraud prevention, accounting; Retention: 7 years for tax/records; Disclosed to: PCI-DSS processors, fraud tools, shipping firms.
4. Technical data (IP, device/browser, pages viewed) — Purposes: security and analytics; Retention: 13–24 months rolling; Disclosed to: analytics/hosting/security providers.
5. Marketing preferences/interactions— Purposes: newsletters and events (opt-out anytime); Retention: until you unsubscribe or 24 months after inactivity; Disclosed to: email delivery provider.

We disclose our retention approach as required by Minnesota law. (Minn. Stat. § 325M.16, subd. 1(a)(7))

Portability format: When you request a copy of your data, we provide it in a readily usable, commonly used, machine-readable format that enables transfer to another organization, when technically feasible. (Minn. Stat. § 325M.14)

5.) Targeted Ads, “Sale,” and Profiling

We do not sell personal data, process for targeted advertising, or use automated profiling that produces legal or similarly significant effects. If that changes, we will: (i) disclose it here; (ii) provide a conspicuous “Privacy Rights” link throughout our website that leads directly to this Privacy Policy, whereby a user may request to opt-out (see “Opt-Out by Form (Email Submission)”); and (iii) honor universal opt-out signals (including Global Privacy Control (GPC)) recognized by Minnesota and other states. (Minn. Stat. § 325M.14; Cal. Civ. Code § 1798.135; 11 CCR § 7025)

Opt-Out by Form (Email Submission): To opt-out of targeted advertising, the sale or sharing of personal data, or certain automated profiling, simply download and complete our Opt-Out Request Form at the bottom of this page. Sign and date it, then email the form to privacy@midlandprairie.com with the subject line “Opt-Out.” Include your full name, email address, mailing address, and the specific opt-out(s) you are exercising; if you are an authorized agent, attach written authorization (and, if applicable, proof of your authority). Please do not include sensitive numbers (e.g., Social Security number or full payment-card details). We will verify your request using reasonable steps and respond within 45 days (we may extend once by 45 days with notice).

6.) When We Share Data

• Service providers (processors): hosting, email/SMS delivery, payment processing, analytics, order fulfillment, security, and professional advisors—under contracts that require confidentiality; limit use to our instructions; require notice and a chance to object before sub-processors are added; mandate deletion/return at end of services; require reasonable assessments or independent annual audits; and require assistance with security and consumer requests, including breach notification obligations. (Minn. Stat. § 325M.13; § 325E.61)
• Legal/safety: to comply with law or protect rights and security.
• Small-business rule: as a small business (if applicable), we will not sell sensitive data without consent. (Minn. Stat. § 325M.17)

7.) Your Privacy Choices & Rights

• Access to confirm processing and the categories of data we process
• Correction of inaccuracies
• Deletion of personal data
• Portability of data you provided to us
• Opt-out of targeted advertising, sale, and certain automated profiling
• A list of the specific third parties to whom we disclosed your personal data
• If profiling produces legal or similarly significant effects, question the result, get an explanation, and seek reevaluation after correction

1. How to submit: email privacy@midlandprairie.com (subject: “Privacy Request”).
2. Timelines: We respond within 45 days (may extend once by 45 days with notice). If denied, you may appeal; we answer appeals within 45 days (extendable by up to 60 more days where necessary) and will tell you how to contact the Minnesota Attorney General. We maintain appeal records for 24 months. (Minn. Stat. § 325M.14)
3. Authorized agents & universal signals: You may designate an authorized agent for opt-outs; we also honor recognized opt-out preference signals (UOOMs/GPC). (Minn. Stat. § 325M.14; 11 CCR § 7025)

8.) Email & Text Marketing

Email: Our marketing emails an easy way to unsubscribe. We honor email opt-outs within 10 business days. (CAN-SPAM, 15 U.S.C. § 7704; 16 C.F.R. part 316)

Text (SMS/MMS): We send marketing texts only with prior express written consent. You can reply STOP (or similar) to opt-out. Consumers may revoke consent by any reasonable means, and we will honor revocation promptly. (TCPA, 47 U.S.C. § 227; 47 C.F.R. § 64.1200)

9.) Cookies & Similar Technologies

We use first-party cookies/SDKs for core features and analytics. You can control cookies via your browser or our site controls; blocking some cookies may affect functionality. If you send a recognized universal opt-out signal, we treat it as an opt-out of any sale/sharing or targeted advertising (if enabled in the future). (Minn. Stat. § 325M.14; Cal. Civ. Code § 1798.135)

10.) Children’s Privacy

We do not knowingly collect personal data from children under 13 without verifiable parental consent; if we learn we collected such data without consent, we delete it. Parents can review or delete their child’s data by contacting us. (COPPA: 15 U.S.C. §§ 6501–6506; 16 C.F.R. part 312)

For ages 13–16, we will not sell personal data or use it for targeted advertising without prior consent where we know the consumer’s age. (Minn. Stat. § 325M.16)

Parental consent methods: For any child-directed feature or where we have actual knowledge a user is under 13, we obtain verifiable parental consent using methods recognized by the FTC and allow parents to review/delete their child’s information. (16 C.F.R. part 312)

See COPPA Compliance page for more information.

11.) Security & Privacy Assessments

We maintain reasonable administrative, technical, and physical safeguards appropriate to our size and the data we handle. Where applicable, we conduct and maintain data privacy and protection assessments (for sensitive data processing, profiling with significant effects, targeted ads, or sale) and will provide them to the Minnesota Attorney General upon lawful request. (Minn. Stat. § 325M.18)

For card payments, we use a PCI-DSS compliant processor and follow Minnesota’s card-data retention prohibitions. (Minn. Stat. § 325E.64)

12.) Data Retention

We keep personal data only as long as needed or required by law, then delete or de-identify it. Examples: manuscript submissions (review period + up to 24 months after decision unless you ask us to retain); customer/donor records (while active + legal recordkeeping); marketing (until you unsubscribe or your account is inactive for a defined period). We disclose our retention approach as required. (Minn. Stat. § 325M.16, subd.1(a)(7))

13.) De-identified & Pseudonymous Data

When we use de-identified or pseudonymous data, we commit not to try to re-identify it, maintain safeguards and contractual controls, and exercise reasonable oversight to address any breaches of those commitments. (Minn. Stat. § 325M.15)

14.) Minnesota Breach Notification

If unencrypted personal information is acquired by an unauthorized person, we will notify affected Minnesota residents without unreasonable delay and, if more than 500 residents are notified, we will notify the nationwide consumer reporting agencies within 48 hours of consumer notice. (Minn. Stat. § 325E.61)

15.) Nondiscrimination

We will not process personal data in a way that unlawfully discriminates against consumers with respect to housing, employment, credit, education, or places of public accommodation, including on the basis of protected characteristics. (Minn. Stat. §§ 325M.10–.21; Minn. Stat. ch. 363A)

16.) Third-Party Links

Our site may link to third-party sites or features. Their privacy practices are governed by their own notices.

17.) Changes to this Policy

We post the “Last Updated” date above and provide notice of material changes, including a chance to withdraw consent for materially different new uses. We take reasonable electronic measures to notify affected consumers and honor withdrawals.

18.) How to Contact Us

Questions, concerns, or requests? Email privacy@midlandprairie.com.

Notes about who we are (role clarity): Midland Prairie is the controller of your personal data for the activities described here. We engage processors under written contracts that include required terms: confidentiality, sub-processor controls, deletion/return, security, and cooperation. (Minn. Stat. § 325M.13)

Appendix: U.S. State-Specific Disclosures (California, Colorado, and others)

For residents of California, Colorado, Connecticut, Virginia, Oregon, Texas, and certain other states with privacy laws, we provide the following additional disclosures:

• We do not sell or share personal information for cross-context behavioral advertising and do not use sensitive personal information beyond permitted purposes.
• We recognize Global Privacy Control (GPC) and other authorized signals as opt-out preference signals for sales/sharing or targeted advertising, as applicable. (11 CCR § 7025)
• California residents receive this Notice at Collection: we collect the categories listed in “Notice at collection,” for the stated purposes, from the sources described in “What we collect,” and disclose them to the categories of service providers/third parties listed there.
• If we ever offer a loyalty or financial incentive program, we will provide a separate Notice of Financial Incentive before enrollment. (Cal. Civ. Code § 1798.125)

Employment/Applicant Data

Personal data collected in an employment or contractor context is governed by our separate HR privacy notice and is generally excluded from some state consumer privacy laws.