You have the right to object to us processing your personal data for direct marketing, which we do only with your explicit consent, and also to processing which is carried out for the purposes of our legitimate interests. For more information, see the your rights section below.
Changes to Data Protection Law
The law in relation to data protection changed in the EU with effect from May 25, 2018. This remains in place post-Brexit. This policy has been updated in compliance with the General Data Protection Regulation 2018 for those who receive marketing communications by email from CBD First, founded in 2019. You should read through this policy to fully understand the basis upon which we collect your personal data, how we use it, where we store it and to whom it is disclosed.
Commitment to Privacy
We are committed to protecting your personal data and right to privacy. We will always keep your personal data safe and comply with applicable data protection legislation.
Know Your Rights
By law, you have a number of rights when it comes to your personal data in the EU and UK. Further information and advice about your rights can be obtained from the data protection regulator in your country. If you are based in the UK, please go to https://ico.org.uk/ for more information.
What does this mean?
- The right to be informed – You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this policy.
- The right of access –You have the right to obtain access to your personal data (if we’re processing it), and certain other information (similar to that provided in this policy). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.
- The right to rectification – You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
- The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- The right to restrict processing –You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.
- The right to data portability –You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
- The right to object to processing – You have the right to object to processing for direct marketing (which we do only with your consent) and also to processing which is carried out for the purposes of our legitimate interests.
- The right to lodge a complaint – You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
- The right to withdraw consent – If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
Please see the ‘Requests’ section for more information on how we will handle your requests.
Who Are We?
Please see the “About Us” section of our website. The entities listed are of CBD First only. References in this notice to ‘we’ or ‘us’ are to the entities listed. The listed entities are committed to protecting your privacy and are joint data controllers within the meaning of data protection laws applicable in the European Union (EU) and European Economic Area (EEA).
As data controllers, we have arrangements between us to ensure that we handle your personal data correctly and in accordance with data protection law. We have nominated a Data Compliance Officer. These arrangements reflect our respective roles and responsibilities in relation to you, and considers which entity is in the best position to fulfil each obligation to you. If you would like more information, you can contact us at anytime, via the details provided on our homepage. Please insert ‘My Data Protection’ in the subject field of your email to us. Alternatively, you can call our head office in Derby on +44 (0) 1332 650 239 and ask to speak with the Data Compliance Officer.
What Personal Data Do We Collect About You?
We collect the personal data you freely provide to us as part of your registration to any of our mailing lists, and any further personal data you provide to update your details from time-to-time. This may include details like your name, address, place of residence, gender, date of birth, email address, landline and mobile phone numbers and perhaps other contact details relating to your preferences. As per our terms and conditions, our site requires age verification (18+)
We may also collect information about your preferences. We may ask you to provide us with information about your favourite products so that we may tailor our offers, products and competitions to your personal preferences, and about your marketing preferences so we can make sure that we are contacting you using your preferred method of communication.
Please note we may require the following in order to supply you with a product you have purchased, or a request you have submitted to management:
– Your name
– Your email address
– A contact number
– Your home address (for delivery)
– Your company’s name
– Your company’s contact number
– Your company’s address
– Some bank details
When you are added to a mailing list, we will request your email address and possibly your name.
Please note: Credit / debit card details are processed through a secure third-party website which specialises in this area and are not stored by us.
If you have given us permission to do so, we will collect information about your approximate location based on your IP address with Google Analytics when you open emails. We collect cookies from your mobile device when you visit a website associated with CBD First.
When we interact with you (for example, when you are using services we provide) we may learn certain details about you. We may record this information where it is necessary in order to ensure we can remember important details about you in future. We ensure that only a small number of authorised personnel within the management team has access to this personal data and we will not use it for any purpose other than to build an ongoing relationship with you.
If you have given us your consent to market to you, we may ask for your feedback on certain items or about your experiences with us from time-to-time. We may ask your opinion on our mailing list content and whether you are likely to recommend our products to a friend. The feedback we receive from you may affect the nature or volume of marketing material you receive from us where you have consented to receive such marketing material.
How We Use Your Personal Data
We are processing your personal data to be able to provide you with the latest news on products, offers and competitions.
In addition, we use your personal data:
- To manage and improve the marketing content we communicate to you via email
• To better understand your behaviour in order to develop and improve the products we market
• To analyse the effectiveness of our marketing and to help us provide more relevant offers, advice and information to you and other members;
• To ensure we provide you with a seamless, relevant and consistent service;
• To provide you with information about events, special offers, promotions and other relevant matters concerning CUBID CBD goods and services (if you have given your consent for us to do so);
• To advertise our brand on social media to other people who may also be interested in what we have to offer (if you have given your consent for us to do so);
• To advertise offers or promotions made available by our third party partners (as set out under the ‘Who We Share Your Personal Data With’ section) only if you have given us your consent to do so;
• To provide any services which you may request;
• To ensure that the information we hold about you is kept accurate and up to date; (if we have your consent, where this is required by law) for research and analysis and in order that we may contact you on occasion for such a purpose or for the purpose of conducting surveys or focus groups; and
• To notify you about changes to our services
How Long Do We Store Your Data For?
We will keep your personal data for as long as you continue to interact with us (for example, if you read or click on an email we send you, make a purchase from this site, or attend an event we host or organise.) If we do not have any interaction with you for three years, we will attempt to contact you to see if you still want to be on our mailing list.
If we do not hear from you or if you tell us, at any time, that you no longer want to be on our mailing list, we will delete your personal data from our records and unsubscribe you from our mailing list. This will mean you may no longer receive communications from the CBD First team, unless you make a purchase from us again.
Who Do We Share Your Data With?
We share your personal data between ourselves – as we are identified in the ‘About Us’ section. The marketing team is the main department within the company which has access to this information. Within this department, access to mailing lists and databases is restricted.
For the purposes set out above, we may also provide your personal data to our suppliers and processors who perform certain business services for us. We share your personal data with third parties who:
- Process transaction information
• If you have given your consent for us to do so communicate with you on our behalf via email;
In addition, we may disclose your personal data:
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect the rights, property or safety of our business, our customers or others. This includes, in specific cases, exchanging information with other companies and organisations for the purposes of fraud protection; and
• To successors in title or replacement operators of all or part of our respective businesses.
The Legal Basis for us Using Your Personal Data
- It may be necessary for us to process your personal data for the performance of the contract between us, ie, if you make a purchase through our site
- In certain circumstances, we process your personal data after obtaining your consent to do so for the purposes of:
- Sending you marketing communications;
• Advertising on social media platforms;
• Using your location to deliver specific messaging and content to you; and
• Using your location to monitor the effectiveness of our messaging.
- In most cases, it is in our legitimate interests to collect and use the personal data referred to above (see ‘What Personal Data Do We Collect About You?’ above) so that we can:
- Provide you with a service that is as useful, enjoyable and beneficial to you as possible, including by personalising our contact with you, making sure we tell you about all the offers that relate specifically to your preferences, and contacting you using your preferred method of communication; and
- Better understand our customer base so that we can improve our services and marketing activities (which could also benefit you).
When we rely on our legitimate interests in order to collect and use your personal data, we must consider whether those legitimate interests are overridden by your interests or your fundamental rights and freedoms by carrying out a legitimate interest assessment. We may continue only if we decide that your interests, rights and freedoms do not override our legitimate interests. We have undertaken a legitimate interests assessment to reaffirm this legal basis is suited to our mailing lists.
We have considered these matters, and where we think there is a risk that one of your interests or fundamental rights and freedoms may be affected we will not use your personal data unless there is another legal basis for us to do so (either that it is necessary for us to perform our contract with you, or on the basis of your consent). For example, we believe that collecting your location data may be intrusive, and so we will only do so with your consent.
What happens if you do not provide us with the personal data we request or ask that we stop processing your personal data?
If you ask that we stop using your personal data (see ‘Your Rights’ above) then we may not be able to provide you with all the benefits of the CUBID CBD network.
How we may contact you
We work best when we are free to communicate with you to share details of promotions, products, rewards, giveaways and events you might be interested in.
In order to provide you with the benefits of our brand, we may, if we have your consent, contact you by phone or email.
If you no longer wish to receive such or certain communications, you can let us know by getting in touch via the ‘Contact Us’ page on this site. When emailing us, please insert ‘My Data Protection’ in the subject field. You may also choose to click unsubscribe on the bottom of any email you receive from us at any time and this will notify us that you wish to be removed from our mailing list. Your email address will be removed from such list and it will be placed on a list of unsubscribers, which we will never use for communications again.
Please note that the legal basis for us carrying out automated decision making or “profiling” activity is that it is in our legitimate interests to do so, having taken into account whether your interests and fundamental rights and freedoms are overridden by this type of processing. See ‘The legal basis for us using your personal data’ (above) for more information.
Requests to us
We are required, by law, to act on requests and provide information free of charge, except where your requests are manifestly unfounded or excessive (in particular because of their repetitive nature) in which case we may charge a reasonable fee (taking into account the administrative costs of providing the information or communication, or taking the action requested), or refuse to act on the request.
Please consider your request responsibly before submitting it. Please submit your request in writing via the email address provided on our homepage. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
If you need to contact us for any reason (including to exercise any of your rights in relation to data protection as set out above) please get in touch via the details provided on our homepage. There you will find the most up-to-date information for our team and the fastest way of getting through to our Data Compliance Officer. If you are emailing us, please insert ‘My Data Protection’ in the subject field. Alternatively, you may call the head office on +44 (0) 1332 650 239.