1. When do we collect information about you?
1.1 Some of the information we collect about you can be used to identify you. This type of information is defined as "Personal Data" under the UK Data Protection Act 2018 and/or the EU General Data Protection Regulation (EU) 2016/679 ("GDPR") as amended or replaced by legislation applicable in the country of domicile of the applicable Little Green's CBD (“Data Protection Laws”). In this Privacy Notice we use the words "Personal Information" to talk about your Personal Data.
1.2 We collect your Personal Information:
(a) when you email, call us, text us or write to us or provide us with information in any other way, including by interacting with us via social media such as Facebook, Twitter, Pinterest, WhatsApp, YouTube, Google+;
(b) when you visit, or make enquiries, register, send any messages and/or purchase or receive products from us through the Little Green's CBD Website ("Website") and/or through or via any third party e-commerce or other platform (“eCommerce”);
(c) when you make any payments to us or we make any credit payments back to you;
(d) when you use any of our products or services;
(f) when you provide information to us in connection with any provision by Apothem of any goods or services to you, though whatever means and when you chose to receive any marketing communications from us or our selected partners.
2. What types of Personal Information do we collect and process?
2.1 We process the following kinds of Personal Information if you provide it to us:
(a) Information about you, including your name, title, postal address, telephone number(s) and email/IP address, gender, age, location, occupation, computer or device information, use of CBD or other products, including why it was used and the benefits of use to you and what other wellness brands you like (including sensitive/special category personal data where relevant and only where we have your permission).
(b) Information about you which the applicable Little Green's CBD needs to collect in order to assess your needs, wishes, allergies and use of any of the Little Green's CBD products or services including those of trusted Little Green's CBD partners which may be of interest to you.
(c) Information you provide as part of purchasing any products (or any other service) or relating to us or any service or product that we provide including from our chosen partners, including billing and shipping address(es) and information.
(d) Information you provide to us during communications you have with us and with our staff and agents, whether by email, social media, push notification, post, telephone, in person or through our Website, for example comments or queries or other information concerning the products and services we provide.
(e) Financial and payment information if relevant to the services or products that we provide including if applicable, payment details.
(f) Credit and anti-fraud data including credit history, credit score, sanctions and any information to ensure that a crime is not committed, and information received from various anti-fraud databases relating to you.
(g) Information about your use of our Website or any other website including any eCommerce website or platform and also any information concerning the Shopify supported merchants that you visit and all information about your browser and device usage.
(h) details of any other means of communication you use to contact us.
3. Why do we collect your Personal Information, how do we use it, and what are our lawful grounds for collection and use?
3.1 We collect and use your Personal Information for the following purposes:
(a) To provide our products and services in accordance with our contractual obligations (and/or in anticipation of them or for marketing purposes), for market research and also to keep you updated with your account and purchase of any products or services or where it is in our legitimate interest to do so in order to provide either products or other services, including:
(i) to provide quotes or prices to you and to set you up as a client and to process orders and payments; and
(ii) to process and to manage orders; and
(iii) to provide other services to you which you have agreed to receive under any contract that we both enter into together or with our chosen partners.
(b) To communicate with you via email, post, text, push notification, social media, web chat or web message or any other communication method and to answer your questions and enquiries, in accordance with our legitimate interest to provide our products and services and manage any account with you.
(c) To update our records and for audit purposes, in accordance with our legitimate interest to provide products and other services.
(d) To prevent or detect fraud, in accordance with our legitimate interest to provide products and/or other services.
(e) Where legally required or where it is in our legitimate interests to provide products, marketing and/or other services and also to comply with requests from law enforcement and regulatory authorities.
(f) to improve our website and understand how to enhance your use and experience of it. If you do not provide your Personal Information to us, we may be unable to provide you with our products and/or services.
4. How do we share your Personal Information?
4.1 For the purposes specified above, the Personal Information that you provide to us (including any sensitive personal data as appropriate and permitted by you) may be shared with:
(a) our directors, contractors, consultants, employees, workers, agents and professional advisors;
(b) our chosen selected partners, including eCommerce partners;
(c) our distribution and fulfilment houses and manufacturers or suppliers of our products and services;
(d) credit or checking agencies and payment providers who process payments and refunds;
(e) our other service providers, including Shopify;
(f) organisations such as the Food Standards Agency (including any equivalent regulatory body elsewhere) and other regulatory authorities where we are required to do so by law or regulation and any relevant authority for the purposes of regulatory compliance, collection of taxes or duties and the detection of crime;
(g) prospective buyers or investors or providers of finance in the event Little Green's CBD wishes to attract investment, funding or to sell all or part of its business;
(h) our cloud service providers who host any of our services and any accounting provider, marketing or communications provider and any analytical firm.
5. Where do we store your Personal information?
5.1 We store your Personal Information on our servers, which are managed by us or provided to us under an enforceable contract and are located within the UK and/or EEA. However, we reserve the right to process your Personal Information outside of the UK and/or EEA but will only do so, where we have in place adequate legal measures to protect that Personal Information.
6. How long do we retain your Personal Information?
6.1 We will keep your Personal Information only for so long as is necessary and for the purpose for which it was originally collected. In particular, we will keep your Personal Information for so long as there is any possibility that either you or we may wish to bring a legal claim under a supply agreement or under any other agreement with you, or where we are required to keep your Personal Information due to legal or regulatory reasons and have a lawful basis to do so.
6.2 Depending on the record types and our relationship with you, retention periods range from a short period which may be days or weeks or months but up to seven years or for the period during which you request our services or as we are required under applicable law and regulation, whichever is the longer period of time.
7. How do we protect your data?
7.1 We aim to keep your Personal Information secure. In order to prevent unauthorised access or disclosure, we use appropriate physical, technical and organisational measures to keep the Personal Information we collect secure. Our service providers are required to do the same.
7.2 Unfortunately, transmission of information via the internet or other means is not completely secure. Although we will do our best to protect your Personal Information once we receive it, we cannot guarantee the security of your Personal Information transmitted to our Website, any eCommerce website or through other electronic media; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to try to prevent unauthorised access or loss in accordance with Data Protection Laws.
8. Your rights
8.1 You have a right to access your Personal Information to check that the information we hold about you is accurate and that it is being processed lawfully, and to request that it is corrected if you think it is inaccurate (see "How you can access and update your Personal Information" below).
8.2 You have the following rights:
(a) to ask us to restrict the processing of your data (meaning that we could store it but not use it);
(b) to object to how we use your data; and
(c) to request that we delete your data.
Our response will depend on the circumstances and our legal obligations, including our obligations under Data Protection Laws.