In order to guarantee a safe online environment and data protection, we strictly adhere to the legal requirements. In this data protection declaration we provide an insight into the type and purpose of data collection, security measures, retention periods and contact details.
1. Personal information we collect
Purchases can only be made if you have a personal account. When you create an account or make a purchase in our store as part of the buying and selling process, we collect the following personal information that you provide to us:
• First and Last Name
• Private and billing address
• Telephone number
• your gender
• IP address
• Birth date
These data are required to carry out the delivery. When you browse our shop, we also automatically receive the IP address (Internet Protocol) of your computer. Based on this information, we can optimize your online experience while protecting our online environment.
Purpose of data collection
We collect and store account-related data for the following purposes:
a. Performing our obligations under contracts between you and us and providing the information, products and services that you request from us;
b. Set up, manage and contact your account and orders.
c. Conduct market research and analysis;
d. to identify your age and identity in order to prevent fraud.
With your express permission, we may send you newsletters about our shop, new products and other updates. We send newsletters with express consent. The following information is collected as part of the newsletter:
• First and Last Name
• Your gender
Purpose of data collection
The data collected is used to:
a. Personalized emails, including your name and gender, to provide product-specific content.
You can revoke your consent at any time via the link given in the newsletter or the contact information given in section 2.
1.3 Customer Service
In order to be able to offer adequate support, our customer service representatives have access to account-related information. As a result, your assistance will be very effective and enjoyable. We will only use your details to respond to your message.
If you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you consent to us collecting this information for that reason only.
If we need data for your personal information, such as marketing, we will either ask you to either explicitly agree to this or offer you the opportunity to say no.
2.1 How can I withdraw my consent?
If you change your mind after you have given your consent, you can revoke your consent to contact us for the further collection, use or disclosure of your information at any time by contacting us at email@example.com
4. How long do we keep your data?
Data minimalism is of great importance. Therefore, we will not keep your information longer than is necessary for the purposes set out in this policy. Different retention periods apply to different types of data. However, the longest retention period for personal data is typically seven years.
4.1 Account information
Account-related data remains relevant as long as the consumer has an account. Therefore, the data remains documented as long as the account exists. If our customers remove an account, the associated data will be deleted within a reasonable period of time. Inquiries regarding the review or correction of stored personal data or the removal of an account can be sent to the following address: firstname.lastname@example.org
The consent to the newsletter and the associated data remain relevant as long as our customers are registered for the newsletter. We carry out a relevance check at regular intervals. Registered customers (and their personal data) will be deleted if customers do not respond to our request. In addition, our newsletter communication consists of an opt-out function. Consumers can revoke their consent with this opt-out function.
Cookies are sweet and tasty. These are cookies that inform us about previous interactions with our website. These cookies are stored on your hard drive, not on our website. When you use our website, your computer basically shows us the cookies and tells our website whether you have used them before. This allows our website to run faster and remember things related to your previous visits (e.g. username) to make it more convenient for you. At Cannatrends we use two types of cookies: functional and analytical cookies.
5.1 Functional cookies
Functional cookies are used to improve your online experience. Among other things, these cookies track what is put in the shopping cart. The use of these cookies does not require prior authorization.
5.2 Analytical cookies
Analytical cookies are used to carry out market research and analysis. Data collected with these analytical cookies is anonymized and therefore useless for others. The use of these cookies does not require prior authorization.
6. Third Party Services
Third party services are required to conduct transactions and provide our services. In general, the third party providers we use will only collect, use and disclose your information to the extent necessary to enable them to provide the services they provide to us.
However, certain third party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies. These are required to complete your payment transaction.
For these providers, we recommend that you read their privacy policies so that you understand how your personal information is treated by these providers.
In particular, certain providers may be located in or have facilities in a different jurisdiction than you or us. So if you choose to enter into a transaction that involves the services of a third party, your information may be subject to the laws of the jurisdiction (s) in which that service provider or its facilities are located.
6.1 Web analysis service (anonymized data)
We have integrated a component of a web analysis service (with the anonymization function) on this website. Web analytics can be defined as the gathering, gathering and analyzing of data regarding the behavior of website visitors. A web analysis service collects, among other things, data about the website from which a person comes (the so-called referrer), which sub-pages were visited or how often and for how long a sub-page was displayed. Web analytics are mainly used to optimize a website and to carry out a cost-benefit analysis of Internet advertising.
6.2 Shipping service provider
We use a shipping service to complete deliveries. This carries out the dispatch between our company and the address of the consumer. To complete this logistics, the company needs access to information about the name and address of the consumer. Furthermore, e-mail and telephone number are sent to the shipping service provider to enable rapid delivery. In the event that your package is lost, cannatrends is obliged to send a copy of the invoice and a description of the package contents to the shipping service provider.
6.3 Mailing Service
At Cannatrends we use an external mail service provider to send the newsletter. This provider has access to limited account information related to consent (e.g. email address).
6.4 Marketing Service
Cannatrends is supported by a company specializing in marketing and communication activities. Your access to personal information is very limited and largely anonymized.
6.5 Payment Services
At Cannatrends, we use external payment services to process transactions (e.g. credit card payments). Payment services collect data via our site that they need to process the payment. These are name, address, date of birth, credit card number, expiration date and other data. The collection of this data is also necessary to prevent payment fraud.
To protect your personal information, we take reasonable precautions and follow industry best practices to ensure that it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, this information is encrypted using Secure Socket Layer technology (SSL) and stored with AES-256 encryption. While no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI DSS requirements and implement additional, generally accepted industry standards. Account-related information is protected with a hashing method. This method converts information into a generated hash. This secures confidential information and is even invisible to us. In addition, our databases are exceptionally protected against unauthorized persons. For example, access to the database is only possible and permitted via approved IP addresses. Other attempts and addresses will be rejected at any time.
In addition, the data was anonymized as much as possible. Therefore, the data cannot be linked directly to a specific consumer. However, with this data we could conduct market research and analysis. In addition, stakeholders from third-party providers (e.g. mailing service) are checked before we work together, are DGSVO-compliant and receive a processor agreement. Within cannatrends, employees are assigned different access authorizations. The specific privilege only provides access to the information strictly necessary to complete a task.
Digital security measures are subject to change and must meet high requirements in order to guarantee the security of online customers. That's why we've appointed a safety manager at cannatrends. The regular review and improvement of the security measures (if necessary) is part of the function.