At Sensi CBD, we value your privacy and data security. We do everything to make sure your data is safe with us, and only with us, at all times.
We strongly believe that your privacy should be our priority, and it is our responsibility to take care of your privacy. Since we’re located in the Netherlands, we are bound by GDPR (the General Data Protection Regulation). We regularly consult with our lawyers to stay on top of things, and we keep a close eye on all the data we process.
1 What Personal Data we collect, how and why
- We also collect your IP address and geographical location from which you accessed our website, your internet connection and browser type, and information about how you use our website (for example, which pages you view, when you view them, and what you click on).
- The collection of this data is automatic as soon as you visit our website.
- Why do we collect this data? We use this data to understand more about how you and other users interact with our website.
- With your explicit permission, we may send you newsletters about our store, new products, and other updates. The following information is collected in context of the newsletter:
- First & last name
- E-mail address
- Why? To send newsletters and promotions, and we use your name to personalize these emails. You can always opt out of these emails through the unsubscribe link in the bottom, or by contacting us at email@example.com.
1.3 Comments, reviews, job applications, etc.
- We collect the Personal Data that you explicitly provide when you submit comments, feedback, questions, product reviews or job applications, and when you complete a survey or quiz or enter a contest on our website.
- Why? To respond to these events whenever necessary. We will not use this data to contact you for marketing purposes.
1.4 Customer service
- When you email us or send us something via postal service, we collect your Personal Data
- Why? To respond to you and keep a record of our correspondence.
- When you place an order on our website, we require you to create an account. You can also choose to create an account without placing an order. When you create an account, we collect the following data that you explicitly provide us:
- First & last name
- Phone number
- IP address
- E-mail address
- Payment details
- Why? To ship you your order, to be able to provide you with customer service, and to save you time if you want to place another order in the future. You can close your account at any time by contacting us at firstname.lastname@example.org
So, Sensi CBD processes Personal Data for the following purposes:
- the performance of the agreement (for example: fulfilling your order),
- compliance with a statutory obligation (for example: keeping invoices for tax purposes),
- the promotion of legitimate interests of Sensi CBD (for example: fraud prevention),
- after obtaining permission from the customer (for example: you explicitly subscribe to our newsletter),
- based on another reason included in Article 6 (1) of the General Data Protection regulation (EU 2016/679).
We do not intentionally or knowingly collect sensitive personal information about you, meaning, any information that reveals your race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information used to identify you, and any information concerning your health, sex life or sexual orientation. If you share sensitive personal information with us, we process it and may delete it with the understanding that you explicitly consented to its deletion.
- How we use Personal Data
We use your Personal Data to provide you with a rich and interactive experience on our website.
Your data is used to market and sell our products, to provide customer support, to fulfil your order requests and provide invoices, confirmations and updates, to improve and develop our products and website, to make product recommendations, and to send you promotional communications, targeted advertising and relevant offers.
We use your Personal Data to respond to your comments, feedback and questions, to notify you about changes to our website, and to provide you with emails, alerts or updates if you have consented to receiving these from us.
The Personal Data we collect can tell us a lot about how users interact with our website and other marketing communications. We perform various data analytics to deepen our understanding of our website users, and we anonymize this data whenever possible (for example: IP anonymization in Google Analytics). We can improve our websites and marketing activities when we better understand usage behaviour.
When legally required to do so, we will use Personal Data to comply with our legal obligations and any applicable laws and regulations.
- Where we store and process Personal Data
We are located in the Netherlands, with a global reach. To market and sell our products online, we use third party service providers that collect and process certain Personal Data on our behalf. These third parties have servers located in Canada and the U.S., and they may use servers located in other regions – see section “Who we share Personal Data with and why”, below, for more information.
If you live in the European Economic Area (“EEA”), your Personal Data is transferred outside the EEA. We ensure appropriate safeguards are in place whenever we transfer your data outside the EEA. Third parties who transfer your Personal Data outside the EEA on our behalf comply with the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. For more information, see www.privacyshield.gov.
- Who we share Personal Data with and why
We share your Personal Data only when we have a legitimate reason for doing so. We do not sell or give away your Personal Data.
We use a variety of third-party service providers to help us market and sell our products online. We have entered into a data processing agreement with all our third-party providers. The following third parties process Personal Data on our behalf:
- We use Google Analytics for web analytics services. We have configured Google Analytics to anonymize IP addresses so that no personal information is captured or shared with Google. You can read more about how Google uses your Personal Data here: https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- We use Zendesk, Inc. for customer service management and storing emails and messages you send us. See https://www.zendesk.com/company/customers-partners/privacy-policy/.
- We use Klaviyo to manage our E-mail marketing campaigns and sometimes for order processing emails. You can read more about how Klaviyo uses your Personal Data, or if you want to access, delete or correct your Personal Data here: https://www.klaviyo.com/privacy.
If you do not want to receive any user-based advertising, you can disable the placement of ads by using contacting Cannaclicks at email@example.com.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites here: https://www.hotjar.com/legal/compliance/opt-out
- We use DocData Payments as our payment provider for credit card payments (Visa and Mastercard). For more information, visit https://www.docdatapayments.com
- We use NovaSystems and Mhasmo as our ICT partners. Find Mhasmo’s Privacy Statement here: https://www.mhasmo.nl/over-mhasmo/privacy-verklaring/
- How long we retain Personal Data
We will not retain your Personal Data for longer than necessary for the purposes set out in this policy, or longer than is required by (tax) law. Different retention periods apply for different types of data, but the longest we will hold any Personal Data is 10 years.
- Account information: We store your account-related data as long as you keep the account active. When an account is closed, the related data will be deleted within a reasonable period. Requests regarding inspection or correction of stored Personal Data, or the removal of an account can be sent to: firstname.lastname@example.org
- Newsletter information: We keep your data in our newsletter database as long you don’t revoke your consent. Consent can easily be revoked by using the unsubscribe option below each email, or by contacting us at email@example.com.
- How we keep your Personal Data secure
We use a range of measures to keep your Personal Data safe and secure:
- We have appointed a security manager, who is responsible for periodical checking and improving of security measures.
- We and our third-party service providers use secure servers to store your Personal Data. Secure Sockets Layer (“SSL”) technology is used to encrypt transfers of data to and from our servers and to encrypt payments you make on or via our website.
- We follow all PCI-DSS requirements and implement additional, generally accepted industry standards.
- Account-related information is shielded with a hashing method. This method transforms information into a generated hash. As a result, sensitive information is secured, and is even invisible to us.
- Our databases are exceptionally protected against unauthorised persons. For example, access to the database is only possible and permitted by approved IP addresses (such as Sensi CBD offices). Other attempts and addresses are refused at all times.
- We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect Personal Data when using and transferring such data. All third parties mentioned in “Who we share Personal Data with and why” are screened, GDPR compliant, and are provided with a processor agreement.
- Staff only has access to personal information that is strictly needed for their jobs. Only staff of Sensi CBD who are employed in the departments Sales & Marketing, Customer Service, Logistics & Procurement, E-commerce, ICT and Management Team have access to Personal Data.
If a data breach occurs which jeopardizes the security of your Personal Data, we will work with our third-party service provider(s) to address the breach. In case of a data breach of sensitive data, we will notify users promptly within 72 hours of discovery of the breach.
- How to access and control your Personal Data
You can contact us at any time to request access to, deletion of and/or edits to your Personal Data. Please contact us, outlining your request, at firstname.lastname@example.org, or at the address provided in the “How to contact us” section, below.
You can withdraw your consent at any time for anything you gave consent to. You can also object to or restrict our use of your Personal Data.
If you have a customer account on our website, or you have posted any comments our website, you can request to receive an exported file of your Personal Data.
You can also request that we delete any Personal Data we hold about you, excluding any data we are obligated to keep for administrative, legal or security purposes.
When you request access to your Personal Data, we are required to use all reasonable measures to verify your identity before granting access. We do this to protect your data and limit the risk of potential identity fraud/theft or unauthorized access.
Finally, you have the right to contact the privacy or data protection regulator in the country where you live to make a complaint. You can find a list of all European Data Protection Authorities here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
We collect website information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
We use these cookies and similar technologies on our websites to help us to:
- distinguish you from other users of our websites and help us improve your experience on our websites
- store your preferences and settings, enable you to sign-in to your customer account, and help us provide you with interest-based advertising
- combat fraud
- analyse how our website is performing
When we include links to other websites, those sites will have their own privacy and cookie policies that will govern the use of your Personal Data on those sites. We recommend you check their policies as we are not responsible or liable for their practices.
Web browsers are typically set up to accept cookies but if you wish to amend your cookie preferences, you can do this through your browser settings. If you choose to turn off certain cookies, it may affect the functionality of our website.
The cookies we use cannot look into your computer, smartphone or web-enabled device and obtain information about you or your family or read any material kept on your hard drive. If you use a public computer to access our websites, our cookies cannot be used by anyone else who has access to that computer to find out anything about you, other that the fact that someone using that computer may have visited this site.
8.1 How to control cookies?
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through sites such as: www.allaboutcookies.org and http://www.youronlinechoices.eu
We may modify this policy from time to time. When we do, we will provide notice to you by publishing the most current version and revising the date at the top of this page.
If we make a material change to the policy, we will provide additional notice by sending you an email and/or displaying a prominent notice on our websites.
By continuing to use our websites after changes to this policy come into effect, you agree to the revised policy.
- How to contact us