- The information we collect or that you provide when you access the Website;
- Our practices for collecting, using, maintaining, protecting, and disclosing that information.
- We collect offline or through any other Company services; or
- You provide to or is collected by any third party, whether you access any third-party app or website via the Website. Those websites and apps may have their own privacy policies, which we encourage you to read before providing information on or through them.
B. Age and Residency Restrictions
The Website is offered and available to anyone of legal age to purchase our products or services. Please do not use this Website if you are not at least 21 years of age. We do not knowingly collect Personal Data from anyone who does not meet our age requirements. If we learn we have collected or received Personal Data from an individual who does not meet our minimum age requirements, we will delete that information.
C. Personal Data We Collect and How We Collect It
We collect information in several ways. The type of information we collect depends on how you are interacting with us and which of the Website services you are using.
We collect Personal Data when you provide it directly to us. For example:
- When you sign up for our newsletter, sign up for text updates, or ask us a question on our Website form, we may ask for contact information including, for example, your name, email address, or phone number (“Contact Data”);
- From time to time, we may ask for your Personal Data in connection with sweepstakes, contests, or other promotions we or our partners sponsor (“Contest Data”);
- We collect information when you make a purchase, online or in-person (“Purchase Data”);
- We collect Personal Data when you report a problem with our services or Website. If you contact us, we may keep a record of that correspondence (“Help Data”);
- If you fill out a survey that we request for research purposes, we may store your responses (“Survey Data”).
We also collect information automatically when you visit our Website:
- Through our server logs and other technologies that collect system/device and usage information, including without limitation IP address, browser type, device type, time spent on pages, and similar information (“Site Data”); and
- We may place cookies, web beacons, or other trackers on your browser; see Cookies and Other Technology below for more information.
We may also in rare cases collect information about you from third parties to verify your name and email address for marketing purposes.
D. Our Purpose in Collecting Personal Data
We use your Personal Data for our legitimate interests, including to provide and improve our services, administer our relationship with you and our business, for marketing, and to exercise our rights and responsibilities by law. In general, we also use the information we collect to (i) fulfill any other purpose for which you provide it; (ii) give you notices about your account including expiration and renewal notices; and (iii) carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
- We use Contact Data and Help Data to send you email marketing, text update, and to respond to your queries on our Website, as applicable. We share this Personal Data with hosting, CRM, email marketing, and SMS service providers;
- We use Contest Data to administer our sweepstakes and other promotions. We may also share Contest Data with our CRM, partners, or joint venturers if they are involved in those promotions, or with event promoters and administrators depending on the event;
- When you make a purchase from the Website, we provide the Purchase Data to third-party payment and logistics service providers to enable the transaction and deliveries to take place. We share Purchase Data with our third party CRM service provider. We do not receive, store, or maintain your financial information.
- We may internally use Site Data to improve the Website’s content and layout, to improve outreach, for our direct marketing, and to determine a general geographic and demographic profile of visitors to the Site. We also use Site Data for system administration, order verification, internal marketing, and system troubleshooting purposes. We share this Personal Data with our third party IT service providers to assist us in fulfilling this purpose.
E. Cookies and Other Technologies
- for “essential” or “functional” purposes, such as to enable various features of the Website like remembering passwords or staying logged in during your session;
- for social media integration e.g., via third-party social media cookies, when you share information using a social media sharing button or “like” button on our Site, or when you engage with our content on or through a social networking website such as Facebook or Twitter;
- for analytics purposes, consistent with our legitimate interests in how our Website is used or performs, how users engage with and navigate through the Website, what sites users visit before visiting our Website, how often they visit our Website, and other similar information;
- subject to any consent required by law, for the purpose of displaying advertisements via retargeting to those users who have visited our Website, or for advertising to visitors to our Website; and
- subject to any consent required by law, for the purpose of analyzing your feedback on our products on other platforms.
We do not perform targeted advertising as such term is defined by the CPA. While we may display advertisements to you on or off the Website, those advertisements are based on your interaction with the Website itself and not on your behavior across websites or applications.
F. Third-Party Information Collection
We share your information with third parties for the following purposes:
- If you subscribe to text updates, we share your phone number with third parties to administer those updates; those third parties are under confidentiality agreements.
- We may offer services in conjunction with a partner company. To provide co-branded services to you, we share your Personal Data with our partner company to provide co-branded services. If data is being collected and/or maintained by any company other than us, you will be notified prior to the time of such data collection or transfer. If you do not want your data to be shared, you can choose not to allow the transfer by not using a particular service. Certain third parties may use automatic information collection technologies to collect information about you or your device.
- We share your email address with third parties that help with our marketing efforts, such as email list administrators.
- We share Personal Data and anonymized data with third party hosting and analytics companies to host the Website and services, and to improve our offerings.
- We share your Personal Data with payment processors and third-party logistics providers for processing and shipping of your order from the Website.
- Under confidentiality agreements, we may match user information with third party data. We may also disclose aggregated user statistics (for example, 47% of our Website users are female) to describe our services to prospective partners, advertisers, or other third parties, and for other lawful purposes.
- We may share your information with third parties in special circumstances, such as when we believe in good faith that the law requires it, pursuant to a corporate transaction, or under circumstances described below.
- We may disclose account information where we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our Terms and Conditions of Use or who may be causing injury or interference with (intentionally or unintentionally) our rights or property, those of other Website users, or anyone else that could be harmed by such activities.
- We do not sell your Personal Data to third parties for consideration. We do not share your Personal Data for targeted advertising.
G. Disclosure of Aggregated Information
We may disclose aggregated information about our users and information that does not identify any individual without restriction in any way permitted by applicable law.
H. Your Choices About Collection, Use, and Disclosure of Your Information
We strive to provide you with choices regarding the Personal Data you provide to us. This section describes mechanisms we provide for you to control certain uses and disclosures of your information.
- Promotions by the Company. When you sign up for various services on our Website, you are agreeing to receive marketing and promotional materials from us. We may deliver marketing and communications to you across various platforms such as e-mail, text messaging, and direct mail. Where required by law, we will ask you to explicitly opt in to receive such marketing from us. If we send you marketing communications, it will include instructions on how to opt out of receiving those communications in the future. If you do not want us to use your telephone number or e-mail address to promote our own or third parties’ products or services, you can also opt-out by sending us an email at Legal@nativerootsdispensary.com.
- Colorado Privacy Act Rights. Under the CPA, Consumers (as defined in the CPA) have the following rights in their Personal Data:
- If we ever sell Personal Data or processes Personal Data for targeted advertising, as defined by the CPA, you have the right to opt out of such sale or advertising.
- To access, correct inaccuracies in, delete, confirm the processing of, or port in a commonly usable format, Personal Data that we collect and maintain about you.
- Exercising your Rights. To exercise your rights under the CPA, please email us at the contact information below or use this webform. We reserve the right to authenticate your request, retain certain Personal Data to verify your request was completed, or refuse or comply with your request in a modified way as permitted by the CPA. If we refuse or modify your request, we will tell you why and how you may appeal our decision.
I. Loyalty Club
If you participate in the Native Roots Loyalty Club, we will provide you with customized deals, discounts, and recommendations. The following additional provisions apply to our use of your Personal Data in our Loyalty Club.
- We still collect Contact Data, Purchase Data, Site Data, in addition to other kinds of Personal Data depending on your activities on our Website or participation in Contests. We do not you’re your Personal Data from the Loyalty Club, nor do we engage in targeted advertising as defined by the CPA.
- We use your Purchase Data and Contact data obtained through the Loyalty Club to suggest products and deals you might like.
- We share the same categories of Personal Data as disclosed in Sections D and F above. We do not provide Personal Data to Data Brokers.
- We provide all Loyalty Club benefits, including points, wallet, and rewards.
- If you ask for deletion of your Loyalty Club account, we will remove your Contact Data and prevent a Loyalty Club account from being created with that Personal Data again, subject to our requirements under the CPA and other applicable privacy laws such as HIPAA.
- If you request deletion of your Loyalty Club account, you will lose all accrued but unused points, rewards, and your wallet. The value of your participation in the Loyalty Club to us is the data that your purchases provide us over time, for which we compensate you with custom deals, discounts, and recommendations; without that data, we are unable to provide you with Loyalty Club discounts, points, and rewards. You will still be able to take advantage of our general sales and deals, but without knowledge of your specific preferences through the Loyalty Club, we cannot customize offers to you.
J. Data Security and Retention
We take the security of your data seriously and we use appropriate technologies and procedures to protect it according to the risk level and the service provided. We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. Financial information will be encrypted using SSL technology.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access any part of the Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through our Website. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.
We retain your Personal Data for the period we reasonably believe necessary to fulfill the purpose for which you provided it, usually 4 years from your last interaction with us, whether making a purchase, opening an email, using your account, participating in contests, or similar actions. If you are a medical customer, we retain your Personal Data for 6 years from the date of your last interaction with us.
K. Your Rights
Outside of the CPA, when provided by applicable law, you may have rights to access your Personal Data and ask us to rectify, erase or restrict use of your Personal Data. You may also have rights to object to your Personal Data being used, to ask for the transfer of Personal Data you have made available to use, and to withdraw consent to use your Personal Data. We will honor your rights under applicable data protection laws. If you believe you have rights under applicable law that you would like to exercise, please contact us at the email address below.
L. Contact Information
Native Roots Cannabis Co.
Attn: Legal Department
3150 S. Sheridan Blvd, Unit 1
Denver, CO 80227