As data controller, we represent that we process personal data in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) and the French Data Protection Law No.78-17 of 6 January 1978 (amended).
SECTION 1 – PERSONAL DATA WE COLLECT
1.1 Account Information and Data Collection
You may only make purchases if you have an account. Whenever you create an account or purchase a product on our website, we collect the following personal data you provide:
- First name and last name
- Shipping address and billing address
- Phone number
- IP address
- Email address
This information is necessary to deliver the product(s). Furthermore, whenever you browse our website, we automatically receive the IP (internet protocol) address of your computer. Based on this data, we can optimize your online experience while protecting our online environment.
Purpose of the data collection
We collect and store account information to:
- Fulfill our obligations arising out of any contract between you and us, and to provide you with information, products and services that you request.
- Prepare and manage your account and orders, and contact you about your account and orders.
- Carry out analysis and market studies.
- Confirm your identity for identification purposes and to avoid fraud.
With your explicit permission, we may send you newsletters about our online shop, new products and other news. We send newsletters with your consent. The following information is collected through the newsletters service:
– First and last names
– Email address
You may withdraw your permission at any moment by clicking on the unsubscribing link included in the newsletter or by contacting us at the address mentioned in Section 2.
1.3 Customer Service
To be able to provide you with appropriate assistance, our customer service team has access to account information. As such, the assistance provided will be very efficient and friendly.
SECTION 2 – CONSENT
Whenever your provide us with personal information to complete a transaction, check your credit card, place an order, make arrangements for a delivery or return a purchase, we imply that you consent to our collecting it for that specific purpose only.
If we ask for your personal information for another purpose, such as marketing, we will either ask you directly for your express consent or provide you with an opportunity to refuse.
2.1 How Can You Withdraw Your Consent?
If you change your mind after giving your consent, you may withdraw your consent for the continued collection, use or disclosure of your personal data, at any moment, by contacting us at: firstname.lastname@example.org
SECTION 3 – DISCLOSURE
We may disclose your personal data if required by law or if you breach our Terms and Conditions.
SECTION 4 – RETENTION
4.1 Account Information
Information related to an account remains relevant as long as the consumer owns an account. As such, we will retain your personal data as long as your account exists. Whenever our customers delete an account, the corresponding data is deleted within a reasonable time. Requests related to the inspection or rectification of personal data stored or the deletion of an account can be sent to the following address: email@example.com.
Consent to our newsletters and all corresponding data remain valid as long as our customers remain registered to the newsletters. However, we perform an assessment of relevance periodically (every month). Registered customers (and their personal data) will be deleted whenever they fail to reply to our request. Furthermore, our communication via newsletter includes a link to unsubscribe. Consumers may withdraw their consent by using this unsubscribing function.
SECTION 5 – COOKIES
Cookies are small files of information that inform your computer of previous interactions with our website. These cookies are stored on your hard drive and not on our website. Essentially, whenever you use our website, your computer will show us its cookies, informing us of any prior visit to our website. Cookies enable our website to operate more smoothly as well as track information from your previous visits (such as your username) to enhance the user experience. At Cbdologic, we use two types of cookies: functional cookies and analytical cookies.
To use “cookies” to store and analyze personal data, your consent will necessarily be required upon browsing.
If the user of our website chooses to disable or block “cookies”, he or she can still browse our website. However, as a result, our website may malfunction or be partially or totally inaccessible to the user through no fault of our own nor our website publisher’s.
5.1 Functional Cookies
Functional cookies are used to enhance the online user experience. For instance, these cookies keep track of any product placed in the shopping cart. The use of these cookies does not require prior authorization.
5.2 Analytical Cookies
Analytical cookies are used to carry out market studies and analysis. Collected data through these analytical cookies is made anonymous, rendering it useless for third parties. The use of these cookies does not require prior authorization.
SECTION 6 – DATA CONTROLLER AND DATA PROTECTION OFFICER
The personal data controller is Cbdologic. They may be contacted by mail at the following email address: firstname.lastname@example.org.
The data controller is tasked with identifying the purposes of the data collection and the measures carried out to collect and process data.
The data controller shall notify the user in the event of an alteration or erasure of data unless such notification requires disproportionate paperwork, costs and steps.
In the event that the integrity, confidentiality or protection of the user’s personal data is compromised, the data controller shall notify the user by any mean necessary.
The data protection officer is the following company:
Cbdologic, 104St No56, Pano Polemidia, 4130 Limassol Cyprus Chypre
The role of the data protection officer is to ensure the proper implementation of national and supranational provisions on the collection and processing of personal data.
The data protection officer can be contacted by mail at the following email address: email@example.com
SECTION 7 – THIRD-PARTY SERVICES
Third-party services are necessary to complete transactions and provide our services. In general, the third-party providers we use will only collect, use and disclose your personal data insofar as is necessary to perform the services they provide.
In accordance with the article 28 of GDPR on processors, we disclose your data to service providers who help us run our website and all related processes. Our service providers are strictly bound by our instructions and by contract.
These providers may only use your data to process orders.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, uphold their own privacy policies with respect to the data we are required to provide them for your purchase-related transactions.
For these processors, we recommend that you read their privacy policies to understand how your personal data will be processed by these providers.
In particular, certain providers may be located or have facilities located in a jurisdiction different from yours or ours. As such, if you elect to proceed with a transaction involving the services of a third-party, your data may be subject to the legislation of the jurisdiction(s) in which the provider or its facilities are located.
7.1 Internet Analysis Service (anonymous data)
On this website, we have included an internet service analysis’s component (with an anonymous function). Internet analysis can be defined as the collection, gathering and analysis of data relating to the behavior of website users. An internet analysis service collects, for instance, data from the website from which a user has been redirected (also known as referring domain), sub-pages visited, or the frequency and time spent on a sub-page. Internet analysis is mainly used to optimize a website and to carry out a cost-benefit analysis of advertising on the internet.
7.2 Delivery Service
For deliveries, we use a delivery service. This delivery service handles the shipping from our company to the consumer’s delivery address. To arrange for deliveries, the delivery service needs access to information concerning the consumer’s name and address.
7. Email Service
We use an external messaging service provider to send our newsletter. This provider has access to a limited number of account information subject to explicit consent (such as email address).
7.4 Marketing Service
Cbdology relies on a company specialized in marketing and communication activities. Its access to personal information is very limited and most of the time anonymous.
7.5 Payment Service
We use external payment services to handle transactions (such as payment by credit card).
SECTION 8 – SECURITY
To protect your personal information, we take reasonable precautions and follow the industry best practices to ensure that your personal information is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, this information is encrypted using SSL technology (secure socket layer technology) and stored with an AES-256 encryption. Although no method of transmission over the internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional industry standards. Account information is protected by hash techniques. Hashing is the transformation of data to an unreadable piece of data. As a result, sensitive information is secured and even invisible to us. Furthermore, our databases are exceptionally secure against non-authorized persons. For instance, access to our database is only possible and authorized for approved IP address (such as the headquarter of Cbdologic). Other addresses and attempts are systematically rejected.
Furthermore, data has been made anonymous to the largest possible extent. As a result, data cannot be directly linked to a consumer in particular. With this data, however, we are able to carry out market studies and analysis. Furthermore, third-party providers (such as Email Services) are subject to a screening process before a collaboration is established; they must comply with the requirements set out by GDPR and are submitted to a processing agreement. At Cbdologic, different access rights are granted to employees. A specific authorization only gives access to information strictly necessary to perform a task.
Digital security measures are subject to change and must conform with high security standards to guarantee the security of online customers. Therefore, we have appointed a security manager. Periodic monitoring and improvement of security measures (if necessary) are part of the security manager’s tasks.
SECTION 10 – PERSONAL DATA RIGHTS OF THE USER
In compliance with applicable law regarding personal data, the user has the following rights:
- The right of access, right to rectification and erasure
- The right to data portability
- The right to restrict processing, the right to object
- The right to not to be subject to a decision based solely on automated processing
- The right to lodge a complaint with a supervisory authority
- The right to establish instructions for the management of the user’s personal data after death
SECTION 11 – CONTACT INFORMATION
You can contact us:
- By email at: firstname.lastname@example.org
- By phone: +33 9 73 03 38 31