Grandma’s Pot Shop
Last Revised: November 16, 2022
Here at Grandma’s Pot Shop LLC (“Grandma’s Pot Shop”, also referred to herein as “We”, “Us”, or “Our”), protecting your privacy is our priority. For this reason, we collect and use personal information only as it might be needed for us to provide our users (collectively our “Users”) access to our website and its features (the “Site”), to improve the user experience for you and other Users of the Site, and to provide Users with opportunities to learn new information and to discover and interact with each other (collectively the “Services”).
We at Grandma’s Pot Shop strive to uphold the highest standards of data and privacy protections. Regardless of where our customers are, we strive to adopt the principles and safeguards of both the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA). Your individual rights may be determined by the laws and regulations of the state and country in which you reside.
While we strive to materially comply with all federal, state, and local laws, you are personally responsible for ensuring that your use of the Site and our Services complies with all laws of the jurisdiction in which you reside.
How and why we collect your personal information
We at Grandma’s Pot Shop are defined by the General Data Protection Regulation (GDPR) as a “data controller”. This means that we collect your personal information for our own use in order to provide you full access to the Site and to provide our Services to
you or for your benefit. Most of the personal information we collect is provided directly by you when you create an account through the Site or when you otherwise provide information to us when registering for our Services. For example, we may collect your email address if you register for our mailing list. This information is used to send you emails via a general mailing list which you are voluntarily subscribing to. As another example, we may collect your name, email address, your chosen username and password, payment information, and verification of your age. This information is used to create your user account, to verify your eligibility to receive the Services, and to provide you with the Services. As another example, we may collect your location data to allow us to comply with federal, state, and local laws, to improve the Site, and to tailor future design implements to our Users’ unique needs. As one final example, we may collect information pertaining to your unique interests to tailor default behaviors of the Site and the information the Site displays to you by default.
Information you might be expected to provide includes, without limitation:
- Full Name
- Age range
- Email Address
- Medical or other health-related conditions
- Credit card or other payment information
We collect your personal information for the limited purpose of providing the Services to you and our other Users. We also collect your personal information to allow us to tailor our current and future Services to better meet your needs and preferences, as well as to better understand how you and others use the Site so as to refine it and create an ever
improving user experience. Lastly, we may collect your personal information to provide targeted advertisements to you based on criteria provided by selected advertisers. We do not market or sell your personal information to advertisers or to other third parties.
Information Collected Automatically
As you use and access the Site, we (including any third parties providing web design, hosting, and related services to us) may use a variety of technologies to automatically collect information, including, without limitation:
- Usage Information. The Site collects usage data such as the source address from which a page request originates (i.e., your IP address, domain name, type
of computer), date and time of the page request, the referring web site (if any), and other parameters in the URL (e.g., search criteria). We use this data, for example, to better understand the Site usage in the aggregate so that we know what areas of our Site users prefer based on the number of visits to those areas. This information is stored in log files and is used for aggregated and statistical reporting. It is not attributed to you as an individual – meaning log files are not associated with any particular user, computer, or browser.
- Location Information. We collect and process general information about the location of the device from which you are accessing the Site (e.g., your approximate geographic location as inferred from your IP address). This information may be used to, without limitation, verify your legal eligibility to use the Site or otherwise receive the Services.
- Web Beacons. Web beacons (also known as “web bugs”) are small strings of code that provide a method of delivering a graphic image on a web page or in an e-mail message for the purpose of transferring data. We may use web beacons (or clear GIFs) on our Site or include them in the e-mail messages we send you for many purposes, including site traffic reporting, unique visitor counts, advertising e-mail auditing and reporting, and personalization. Information gathered through web beacons may be linked to your Personal Information.
- IP Addresses and Log Files. An Internet Protocol (“IP”) address is a number assigned to each computer on a network to identify your computer every time you log on to the Internet. We may keep track of IP addresses to troubleshoot technical concerns and to maintain the safety and security of our Site (e.g., by reviewing your IP address in combination with your Personal Information for credit fraud protection and risk reduction.) In addition, we may use IP addresses to analyze trends, administer the Site, track traffic patterns, and gather demographic information for aggregate use.
Health Insurance Portability and Accountability Act (HIPAA)
The HIPAA Privacy Rule establishes standards to protect individuals' medical records and other personal health information. The Site has appropriate safeguards in place to protect the privacy of personal health information covered by HIPAA and sets limits and conditions on the uses and disclosures that may be made of such information without prior patient authorization.
Our website may use “cookies” to help personalize and enhance your online experience. Cookies are small text files, generally made up of letters and numbers, that are placed on your computer, tablet, mobile phone, or other device when you visit a web page. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
You have the ability to accept or decline cookies by activating the setting on your web browser that allows for you to refuse some or all cookies. Most web browsers automatically accept cookies by default, but almost all web browsers allow for limiting cookies to select websites or declining cookies altogether. If you choose to decline cookies issued by our website or by all websites, you may not be able to fully experience the interactive features of our website, including the ability to “log in” and remain logged in as a registered user.
We encourage you to review the privacy policies of websites you choose to visit so that you can understand how those other websites collect, use, and share your information. Here at Grandma’s Pot Shop, we take commercially reasonable steps to ensure that our
data processing partners handle your personal information responsibly and in compliance with all applicable laws and regulations. However, we are not responsible for the privacy policies or other content of websites unrelated to or uncontrolled by Grandma’s Pot Shop.
How and why we use your personal information
We strongly believe in using personal information only as necessary to provide you with our Services and with the best possible user experience. To that end, we may use your personal information to provide you with Services, to allow you to discover and reach out to other Users, to tailor our current and future Services to your needs by offering more relevant Services in the future, and to understand how you and others use our Site so that we can improve it and provide a better user experience for you and others.
We may share your data with our trusted partners, considered by the General Data Protection Regulation (GDPR) to be “data processors”, to help facilitate payments, perform statistical analysis, send you email or postal mail, or provide technical support. Any third parties with whom we share your personal information are prohibited by contract from using your personal information for any purpose other than to provide these services to us or to you on our behalf, and such third parties are required by contract to maintain the confidentiality of your personal information.
In order to tailor our services to your needs, we may use your personally identifiable information to inform you of other products or services available from us and our affiliates, including, potentially, other Users. We may also contact you via surveys to conduct research about your opinion on our current Services or potential new products or services that we may offer. We respect your privacy and give you an opportunity to opt-out of receiving these communications. You may, at any time, opt out of receiving any or all marketing communications from us by writing to us at email@example.com.
We will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal processes to which Grandma’s Pot Shop may become a party; (b) protect and defend Grandma’s Pot Shop’ rights under the law; and (c) act under exigent circumstances to protect the personal safety of our other users or the general public. For example, if a visitor to our website submits a comment or inquiry through our website’s built-in contact form expressing an intent to cause physical harm to themselves or others, we may proactively inform law enforcement to protect the public interest.
Security of your Personal Information
We take great effort to secure your personal information and justify the trust you have placed in us. Our website and other data processes meet or exceed industry standards and include the use of at least 256-bit Secure Sockets Layer (SSL) protection. The use of SSL technology encrypts data transmitted between you and our website and other web services. When we transmit your personal information to other websites or web-based services (e.g., payment processors), it is similarly encrypted.
General Data Protection Regulation (GDPR)
- Right to Access Personal Data. You have the right to access your personal data that has been collected by us. To exercise this right, please contact our Data Protection Officer at firstname.lastname@example.org. We will respond to any such request within thirty (30) days.
- Right to Rectification. You have the right to request modification of your personal data to correct any errors or to update incomplete or inaccurate information.
- Right to Erasure. You have the right to request that we stop using the personal data we collect from you, stop transmitting it to third-party data processors, and erase it from our records and databases. In most cases, we will simply grant this request. In some limited circumstances, such as when we are contractually required to provide Services to you and need the personal information we have collected to do so, we may delay granting your request until such time as it is feasible for us to stop using your personal data and erase it. We may also deny your request if your personal data is the subject of a valid law enforcement request or preservation and/or disclosure of your personal data is required by law or by order of a court of law.
- Right to Restrict Data Processing. You have the right, in any of the following circumstances, to request that all processing of your personal data be stopped:
- you wish to contest the accuracy of your personal data, in which case, we will suspend processing of your personal data for a period while we verify its accuracy;
- you believe the processing of your personal data is unlawful but you oppose the erasure of your personal data and request the restriction of its use instead;
- you believe we no longer need your personal data for our business purposes, but the personal data must be preserved for the establishment, exercise, or defense of legal claims; or
- you have objected to our continued processing pursuant to Article 21 of the GDPR, in which case we will suspend processing of your personal data unless our legitimate need to continue processing it overrides your objection.
- Right to Data Portability. You have the right to request that your personal data be sent electronically to a third party of your choosing. The personal data must be provided by us in a commonly used, machine readable format if doing so is technically feasible.
- Right to Object. You have the right to object to any denial by us of your request that we stop processing your data per your Right to Restrict Data Processing.
- Right to Reject Automated Individual Decision-Making. You have the right to refuse the automated processing of your personal data to make decisions about you if such decisions significantly affect you or produce legal effects concerning you.
Data Retention Policy
California Consumer Privacy Act of 2018
If you are a California resident, you are afforded special protections under the CCPA, which include:
- The right to request disclosure of our data collection and sales practices as they may apply or pertain to your data, including the categories of personal information we collect, the source of that information, our use of the information, and, if the information is to be or has been disclosed or sold to third parties, the categories of personal information that may be or was disclosed or sold to third parties and the categories of third parties to whom such information may be (or was) disclosed or sold (a “Personal Information Request”);
- The right to request a copy of the specific personal information collected about you during the twelve (12) months immediately prior to your request (also a “Personal Information Request”);
- The right to have any such information deleted, with limited exceptions; 4. The right to request that your personal information not be sold to third parties; and
- The right not to be discriminated against because you choose to exercise any of your newly afforded rights under the CCPA.
Personal Information Requests
To submit a Personal Information Request or to request the erasure of your personal information per the terms of the CCPA, please contact us by using the form on our website’s “Contact Us” page or by emailing our Data Protection Officer at email@example.com. Please note that the CCPA only affords California residents the right to make Personal Information Requests twice in a rolling 12-month period, we may require you to provide additional information to verify your identity prior to complying with any such request, and we will respond to any such request within forty-five (45) days of receiving it.
Categories of Personal Information
Grandma’s Pot Shop has collected the following categories of information within the past twelve (12) months or may reasonably expect to collect such information in the future:
- Identifiers (e.g., your name, contact information, cookies)
- Information protected against security breaches (e.g., your name, financial account information, username, and password)
- Commercial information
- Internet/electronic activity
- Audio/video data
- Professional or employment related information
- Education information
- Inferences from the foregoing
We have not sold any such information within the past twelve (12) months and do not have any plans to sell such information in the future.
We have disclosed within the past twelve (12) months or reasonably expect to disclose in the future, for purposes of providing the Services and/or other business purposes as defined by the CCPA: identifiers, information protected against security breaches, protected classification information, commercial information, internet/electronic activity, geolocation, and inferences from the foregoing. We do not anticipate disclosing biometric data.
Sale of Personal Information; Opt-Out Process
We at Grandma’s Pot Shop cannot control the spread or dissemination of any personal information you voluntarily disclose to third parties, whether through the Site or otherwise.
While your rights remain effective as to our collection and use of any such information, we cannot and will not act on your behalf in making any requests, whether under the CCPA or otherwise, to any other parties to whom you voluntarily disclosed your personal information.
Persons under Eighteen
We do not knowingly collect personally identifiable information from children under the age of thirteen (13) years. We may collect personally identifiable information from children under the age of eighteen (18) years only with written permission from their parents or legal guardians and in the performance of Services.