Here at HempBuzz, LLC (“HempBuzz”, also referred to herein as “We”, “Us”, or “Our”), protecting your privacy is our priority. For this reason, we collect and use personal information only as it might be needed for us to provide our users (collectively our “Users”) access to our website and its features, payment platform, and research tools (the “Site”), to improve the user experience for you and other Users of the Site, and to provide Users with opportunities to discover and interact with each other (collectively the “Services”).
We at HempBuzz strive to uphold the highest standards of data and privacy protections. Regardless of where our customers are, we strive adopt the principles and safeguards of both the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA). Your individual rights may be determined by the laws and regulations of the state and country in which you reside.
While we strive to materially comply with all federal, state, and local laws, including those pertaining to hemp, you are personally responsible for ensuring that your use of the Site and our Services complies with all laws of the jurisdiction in which you reside.
How and why we collect your personal information
We at HempBuzz are defined by the General Data Protection Regulation (GDPR) as a “data controller”. This means that we collect your personal information for our own use in order to provide you full access to the Site and to provide our Services to you or for your benefit. Most of the personal information we collect is provided directly by you when you create an account through the Site or when you otherwise provide information to us when registering for our Services. For example, we may collect your email address when you register for our mailing list. This information is used to send you emails via a general mailing list which you are voluntarily subscribing to. As another example, we may collect your name, email address, your chosen username and password, and verification of your age. This information is used to create your user account, to verify your eligibility to receive the Services, and to provide you with the Services. As another example, we may collect your location data to allow us to comply with federal, state, and local laws, to improve the Site, and to tailor future design implements to our Users’ unique needs. As one final example, we may collect information pertaining to your unique interests to tailor default behaviors of the Site and the information the Site displays to you by default.
Information you might be expected to provide includes, without limitation:
- Full Name
- Age range
- Email Address
- Personal interests
We collect your personal information for the limited purpose of providing the Services to you and our other Users. We also collect your personal information to allow us to tailor our current and future Services to better meet your needs and preferences, as well as to better understand how you and others use the Site so as to refine it and create an ever-improving user experience. Lastly, we may collect your personal information to provide targeted advertisements to you based on criteria provided by selected advertisers. We do not market or sell your personal information to advertisers or to other third parties.
Information Collected Automatically
As you use and access the Site, we (including any third parties providing web design, hosting, and related services to us) may use a variety of technologies to automatically collect information, including, without limitation:
- Usage Information. The Site collects usage data such as the source address from which a page request originates (i.e., your IP address, domain name, type of computer), date and time of the page request, the referring web site (if any), and other parameters in the URL (e.g., search criteria). We use this data, for example, to better understand the Site usage in the aggregate so that we know what areas of our Site users prefer based on the number of visits to those areas. This information is stored in log files and is used for aggregated and statistical reporting. It is not attributed to you as an individual – meaning log files are not associated with any particular user, computer, or browser.
- Location Information. We collect and process general information about the location of the device from which you are accessing the Site (e.g., your approximate geographic location as inferred from your IP address). This information may be used to, without limitation, verify your legal eligibility to use the Site or otherwise receive the Services.
- Web Beacons. Web beacons (also known as “web bugs”) are small strings of code that provide a method of delivering a graphic image on a web page or in an e-mail message for the purpose of transferring data. We may use web beacons (or clear GIFs) on our Site or include them in the e-mail messages we send you for many purposes, including site traffic reporting, unique visitor counts, advertising e-mail auditing and reporting, and personalization. Information gathered through web beacons may be linked to your Personal Information.
- IP Addresses and Log Files. An Internet Protocol (“IP”) address is a number assigned to each computer on a network to identify your computer every time you log on to the Internet. We may keep track of IP addresses to troubleshoot technical concerns and to maintain the safety and security of our Site (e.g., by reviewing your IP address in combination with your Personal Information for credit fraud protection and risk reduction.) In addition, we may use IP addresses to analyze trends, administer the Site, track traffic patterns, and gather demographic information for aggregate use.
Our website may use “cookies” to help personalize and enhance your online experience. Cookies are small text files, generally made up of letters and numbers, that are placed on your computer, tablet, mobile phone, or other device when you visit a web page. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
You have the ability to accept or decline cookies by activating the setting on your web browser that allows for you to refuse some or all cookies. Most web browsers automatically accept cookies by default, but almost all web browsers allow for limiting cookies to select websites or declining cookies altogether. If you choose to decline cookies issued by our website or by all websites, you may not be able to fully experience the interactive features of our website, including the ability to “log in” and remain logged in as a registered user.
We encourage you to review the privacy policies of websites you choose to visit so that you can understand how those other websites collect, use, and share your information. Here at HempBuzz, we take great care to ensure that our data processing partners handle your personal information responsibly, in compliance with all applicable laws and regulations, and in keeping with the principles of the EU-U.S. Privacy Shield program. However, we are not responsible for the privacy policies or other content of websites unrelated to or uncontrolled by HempBuzz, including, without limitation, those third-party websites and other resources we may provide links to.
How and why we use your personal information
We strongly believe in using personal information only as necessary to provide you with our Services and with the best possible user experience. To that end, we may use your personal information to provide you with Services, to allow you to discover and reach out to other Users, to tailor our current and future Services to your needs by offering more relevant Services in the future, and to understand how you and others use our Site so that we can improve it and provide a better user experience for you and others.
We may share your data with our trusted partners, considered by the General Data Protection Regulation (GDPR) to be “data processors”, to help facilitate payments, perform statistical analysis, send you email or postal mail, or provide client support. Any third parties with whom we share your personal information are prohibited by contract from using your personal information for any purpose other than to provide these services to us or to you on our behalf, and such third parties are required by contract to maintain the confidentiality of your personal information.
In order to tailor our services to your needs, we may use your personally identifiable information to inform you of other products or services available from us and our affiliates, including, potentially, other Users. We may also contact you via surveys to conduct research about your opinion on our current Services or potential new services that we may offer. We respect your privacy and give you an opportunity to opt-out of receiving these communications. You may, at any time, opt out of receiving any or all marketing communications from us by writing to us at email@example.com
We will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal processes to which HempBuzz may become a party; (b) protect and defend HempBuzz’ rights under the law; and (c) act under exigent circumstances to protect the personal safety of our other users, our clients, or the general public. For example, if a visitor to our website submits a comment or inquiry through our website’s built-in contact form expressing an intent to cause physical harm to themselves or others, we may proactively inform law enforcement to protect the public interest.
Security of your Personal Information
We take great effort to secure your personal information and justify the trust you have placed in us. Our website and other data processes meet or exceed industry standards and include the use of at least 256-bit Secure Sockets Layer (SSL) protection. The use of SSL technology encrypts data transmitted between you and our website and other web services. When we transmit your personal information to other websites or web-based services (e.g., payment processors), it is similarly encrypted.
General Data Protection Regulation (GDPR)
- Right to Access Personal Data. You have the right to access your personal data that has been collected by us. To exercise this right, please contact our Data Protection Officer at firstname.lastname@example.org We will respond to any such request within thirty (30) days.
- Right to Rectification. You have the right to request modification of your personal data to correct any errors or to update incomplete or inaccurate information.
- Right to Erasure. You have the right to request that we stop using the personal data we collect from you, stop transmitting it to third-party data processors, and erase it from our records and databases. In most cases, we will simply grant this request. In some limited circumstances, such as when we are contractually required to provide Services to you and need the personal information we have collected to do so, we may delay granting your request until such time as it is feasible for us to stop using your personal data and erase it. We may also deny your request if your personal data is the subject of a valid law enforcement request or preservation and/or disclosure of your personal data is required by law or by order of a court of law.
- Right to Restrict Data Processing. You have the right, in any of the following circumstances, to request that all processing of your personal data be stopped:
- you wish to contest the accuracy of your personal data, in which case, we will suspend processing of your personal data for a period while we verify its accuracy;
- you believe the processing of your personal data is unlawful but you oppose the erasure of your personal data and request the restriction of its use instead;
- you believe we no longer need your personal data for our business purposes, but the personal data must be preserved for the establishment, exercise, or defense of legal claims; or
- you have objected to our continued processing pursuant to Article 21 of the GDPR, in which case we will suspend processing of your personal data unless our legitimate need to continue processing it overrides your objection.
- Right to Data Portability. You have the right to request that your personal data be sent electronically to a third party of your choosing. The personal data must be provided by us in a commonly used, machine readable format if doing so is technically feasible.
- Right to Object. You have the right to object to any denial by us of your request that we stop processing your data per your Right to Restrict Data Processing.
- Right to Reject Automated Individual Decision-Making. You have the right to refuse the automated processing of your personal data to make decisions about you if such decisions significantly affect you or produce legal effects concerning you.
Data Retention Policy
California Consumer Privacy Act of 2018
If you are a California resident, you are afforded special protections under the CCPA, which include:
- The right to request disclosure of our data collection and sales practices as they may apply or pertain to your data, including the categories of personal information we collect, the source of that information, our use of the information, and, if the information is to be or has been disclosed or sold to third parties, the categories of personal information that may be or was disclosed or sold to third parties and the categories of third parties to whom such information may be (or was) disclosed or sold (a “Personal Information Request”).
- The right to request a copy of the specific personal information collected about you during the twelve (12) months immediately prior to your request (also a “Personal Information Request”).
- The right to have any such information deleted, with limited exceptions.
- The right to request that your personal information not be sold to third parties; and
- The right not to be discriminated against because you choose to exercise any of your newly afforded rights under the CCPA.
Personal Information Requests
To submit a Personal Information Request or to request the erasure of your personal information per the terms of the CCPA, please contact us by using the form on our website’s “Contact Us” page or by emailing our Data Protection Officer at email@example.com Please note that the CCPA only affords California residents the right to make Personal Information Requests twice in a rolling 12-month period, we may require you to provide additional information to verify your identity prior to complying with any such request, and we will respond to any such request within forty-five (45) days of receiving it.
Categories of Personal Information
HempBuzz has collected the following categories of information within the past twelve (12) months or may reasonably expect to collect such information in the future:
- Identifiers (e.g., your name, contact information, cookies)
- Commercial information
- Internet/electronic activity
- Inferences from the foregoing
We have collected and/or expect to collect information pertaining to each category from our Users (including you).
We have not sold any such information within the past twelve (12) months and do not have any plans to sell such information in the future.
We have disclosed within the past twelve (12) months or reasonably expect to disclose in the future, for purposes of providing the Services and/or other business purposes as defined by the CCPA: identifiers, information protected against security breaches, protected classification information, commercial information, internet/electronic activity, geolocation, and inferences from the foregoing. We do not anticipate disclosing biometric data.
Sale of Personal Information; Opt-Out Process
We at HempBuzz cannot control the spread or dissemination of any personal information you voluntarily disclose to third parties, whether through the Site or otherwise. While your rights remain effective as to our collection and use of any such information, we cannot and will not act on your behalf in making any requests, whether under the CCPA or otherwise, to any other parties to whom you voluntarily disclosed your personal information.
Persons under Eighteen
We do not knowingly collect personally identifiable information from children under the age of thirteen (13) years. We may collect personally identifiable information from children under the age of eighteen (18) years only with written permission from their parents or legal guardians and in the performance of Services.