Effective Date: February 1, 2023
We understand that you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about how we collect, use, and disclose information that we obtain from users of our Services (as defined below), and how we use and disclose that information.
For purposes of data privacy law, Cap Hill Brands, Inc. (113 Cherry St, PMB 89249, Seattle, WA 98104) is the data controller of personal information collected in connection with use of the Services. CHB is also the “business” which determines the purposes for which your personal information is used for purposes of the California Consumer Privacy Act. This means that we are responsible for deciding how and why we hold and use your personal information.
Residents of California may have different rights and obligations available to them. For more information, please see the “Consumer Privacy Rights Under State Law” section below.
We collect personal information through your use of our Services, as explained in more detail below. The specific information that we collect from or about you depends on the context of your interactions with us and our Services, the choices you make, and the products and features you use.
Additionally, note that we use personal information to create de-identified, aggregated information such as: information about demographics, de-identified location information, information about devices used to access our Services, and de-identified, aggregate information on transactions on our Services that help our users understand and optimize sales. Statistical, anonymised, and aggregated information which we may derive from personal information (“Anonymous Data”) is excluded from the definition of personal information because it does not personally identify you.
We receive and store any information you provide to us. If you create an account or place an order with us, we may collect personal information depending on how you interact with our Services.
When you register for an account to use our Services, we will collect identifying information including your first and last name, email address, phone number, and mailing address. If you are registering as a user of our Services for retail stores, we may also collect information such as the name and address of your store, years you have been in business, and related employment information.
If you place an order to purchase goods through us, we will also collect information to facilitate that order, such as your shipping address, and payment information.
In some cases, we may request additional information to validate your account, such as photos of your store or your social media profile. We may also request information such as your tax identifier or other government issued numbers or financial or lease records to establish your account limits.
When you browse and use our Services, we collect information about the items you browse, show interest in, and buy.
We collect personal information from you when you communicate with us, for example, when you request information about our services, or contact our Support team or Sales team.
Our Services may provide forums, blogs, social media pages, or other channels where individuals may review purchases, talk about their experience using our Services, or “like” or “share” content to social media. Note that content provided for and posted in these channels, including by you, is public and the information you provide is subject to the policies and notices of the third parties that make such channels available.
Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, including your IP address, geolocation data, device identification, the type of browser and/or device you’re using to access our Services, and the page or feature you requested.
These technologies are small data files that we transfer to your browser or device that allows us to provide and enhance our Services. Most browsers and many devices allow you to change your preferences to prevent or limit acceptance of these technologies, but this may impact the functionality of our Services and/or prevent you from taking advantage of some of our features.
Our use of information collected automatically falls into the following general categories:
We may use analytics service providers, including Google Analytics, to collect information regarding visitors to our Services, such as their behavior on our Services or information about their demographic. For more information about Google Analytics, see https://www.google.com/policies/privacy/partners/. To opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout. We may also receive information about you from business partners such as Target. For more information about the types of information that may be shared with us, please see “Will the Services Share Any of the Personal Information Received?”
As noted in our Terms of Service, we do not knowingly collect nor solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us with personal information, please contact us as described below.
We use the information that we collect about you for various business purposes as described below, in each case as permitted by applicable laws. We store personal information for as long as you use our Services or as may be necessary to fulfill the purposes for which the information was collected, provide our Services, resolve disputes or establish legal defenses, enforce our Terms of Service or other agreements, engage in audits, protect our Services, prevent fraud, comply with the law, or for legitimate business purposes.
Our business purposes include:
We retain and use your information in connection with potential legal claims, and for compliance, regulatory and auditing purposes. For example, we retain information where we are required by law, or if we are compelled to do so by a court order or regulatory body. Also, when you exercise any applicable legal rights you have to access, amend or delete your personal information, we may request identification and verification documents from you for the purpose of confirming your identity. In exceptional cases, we may further process your personal information to protect your vital interests or as further required for the public good.
We do not rent nor sell your personal information. We may share or disclose your personal information in an identifiable form as provided below.
Service Providers: We employ service providers to perform tasks on our behalf, and we need to share your information with them in order to provide products or services to you. For example, we may use a payment processing company to receive and process any credit card transactions for us. We may also use a software vendor to assist us in measuring the effectiveness of our advertising.
Protection of Company and Others: We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of our company, our employees, our users, or others.
When You Request That We Share Your Information: We may offer Services, features, or promotions that involve sharing your information with a third party or with other users of our Services. If you request or agree to have your information shared with a third party as part of a feature or Services, we will share that information at your request.
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us, use our Services or to take advantage of some of our features.
Opting Out of Communications: If you no longer wish to receive electronic communications from us, please contact us using the information provided in our "Contact Information” for guest inquiries link. Note you may still receive transactional emails from us. We process requests to be placed on do-not-mail and do-not-call lists as required by applicable law.
Opting Out of Cookies: You may stop or restrict the placement of cookies on your device or remove them as your browser or device permits.
Updating Your Account Information: Through your account settings, you may access, and, in some cases, edit or delete the following information you have provided to us:
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us as described below.
Subject to the requirements of applicable law, you may also have privacy rights under state privacy laws. Please see “Consumer Privacy Rights Under State Law” below.
Our Services are set to honor and process certain commonly used “opt-out preference signals”, which are settings through which consumers can indicate that they have opted out of the sale and sharing of their personal information without sending an individual or manual request.
We recognize and honor the following opt-out preference signals: “Do Not Track” and Global Privacy Control. All such opt-out preference signals are processed in a frictionless manner (as that term is defined by the CCPA). To learn more about how to implement opt-out preference signals and/or Global Privacy Control, you should consult your browser’s privacy settings or visit the Global Privacy Control website.
To implement an opt-out preference signal on your device or browser, you may download the appropriate browser that uses a recognized opt-out preference signal or a browser extension that can be enabled to support your single opt-out preference signal.
Note that our acknowledgment of opt-out preference signals are based on browser settings, not your device. If you use multiple devices, or if your browser settings do not carry over between devices, you may need to implement such opt-out preference signals across each of your devices and browsers to ensure that your preferences are properly recognized.
We take commercially reasonable and appropriate measures to help us in protecting the personal information that we collect from unauthorized access, use, disclosure, alteration, or destruction. Unfortunately, no data transmission or storage system is guaranteed to be 100% secure. As such, we are unable to guarantee the security of your personal information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
You are advised to prevent unauthorized access to your personal information and other account details by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. You should use caution whenever submitting information online and take special care in deciding which information you provide.
If you are located in the United States, you may have additional privacy rights under the law of the state in which you reside.
For further information relating to the Virginia Consumer Data Privacy Act or the California Consumer Privacy Act please contact us using the information provided in our "Contact Information” for guest inquiries link.
If you are not a Data Subject, the provisions in this Section 8 do not apply to you.
Lawful Grounds for Processing Personal Data of Data Subjects
We rely upon the following legal grounds to process Personal Data under the GDPR:
Data Transfer Notice
We use servers located in the United States to process your Personal Data. By using our Services, you acknowledge and agree that we are authorized to transfer your Personal Data for processing in the United States. Under the GDPR, the transfer of Personal Data to a country outside the EU may take place where the European Commission has determined that the country ensures an adequate level of protection. The transfer of your Personal Data to the United States in the absence of an adequacy decision by the European Commission is made because it is necessary for the performance of a contract with you, or with your explicit consent.
Retention of Personal Data
Pursuant to the GDPR, we will permanently erase your Personal Data at such time there is no lawful basis or legal obligation for us to store or process the Personal Data.
Individual Rights and Data Subject Requests
If you are a Data Subject and we process your Personal Data, you may exercise certain rights under the GDPR, which are described below. We will endeavor to respond to any requests within 30 days from receipt, but in some instances it may take longer. We will inform you within 30 days from receipt of your request if an extension is necessary and the reason for the delay.
To exercise your lawful rights as a Data Subject (enumerated below), please contact us as specified in Section 9, and provide specific and detailed information about your request necessary for us to respond to and carry out your request.
In addition to the rights granted by applicable laws, you may submit a complaint about our processing of your Personal Data to your national data protection regulator.
If you have any questions or concerns regarding our privacy policies, you may contact us using the information provided in our “Contact Information for guest inquiries link.