AllBuD (“we,” “us,” or “our”) is committed to protecting the privacy of visitors to our website, Allbud.org (“Site”). This Privacy Policy describes the types of information we collect from and about you when you visit the Site, how we use that information, and the choices you have regarding your information. We comply with the General Data Protection Regulation (GDPR) and applicable Canadian privacy laws.
Information We Collect
We collect two main categories of information:
- Personal Data:Â Under GDPR, “personal data” is any information that relates to an identified or identifiable individual. We may collect personal data from you such as:
- Name
- Email address
- Phone number (optional)
- Medical cannabis recommendation information (with your explicit consent)Â [We will need a separate consent form for this]
- Non-Personal Information:Â This information does not directly identify you and may include:
- Browsing habits on the Site (pages visited, links clicked, searches conducted)
- Device information (IP address, browser type, operating system)
Use of Personal Data
We will only use your personal data for the purposes for which it was collected, with your consent, or as required by law. These purposes may include:
- Responding to your inquiries and requests
- Sending you information about AllBuD, including promotions and special offers (with your consent)
- Processing your orders (if applicable)
- Improving the Site and our services
We will never share your personal data with third parties for marketing purposes without your explicit consent. We may share your data with third-party service providers who help us operate the Site (e.g., website hosting, email marketing). These providers are contractually obligated to keep your data confidential and secure.
Use of Non-Personal Information
We use non-personal information to:
- Analyze how users interact with the Site
- Improve the Site and our services
- Personalize your experience on the Site (without identifying you)
Legal Basis for Processing Personal Data
We rely on the following legal bases for processing your personal data:
- Consent:Â You may give us your consent to collect and use your personal data for specific purposes, such as receiving marketing communications.
- Contract:Â If you choose to purchase products or services from us, we may need to process your personal data to fulfill the contract.
- Legal Obligation:Â We may be required to process your personal data to comply with applicable laws.
- Legitimate Interests:Â We may process your personal data for our legitimate interests, such as improving the Site and our services, preventing fraud, and ensuring the security of the Site.
Your Rights under GDPR
Under GDPR, you have certain rights regarding your personal data:
- Right to Access: You have the right to request a copy of your personal data that we hold.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: You have the right to request that we erase your personal data, subject to certain exceptions.
- Right to Restrict Processing: You have the right to restrict our processing of your personal data.
- Right to Data Portability: You have the right to request that we transfer your personal data to another controller.
- Right to Object:Â You have the right to object to our processing of your personal data.
To exercise any of these rights, please contact us using the information below.
Data Retention
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We will then securely delete or anonymize your data.
Security
We take reasonable steps to protect the information you provide to us from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These steps include:
- Secure storage of your data
- Use of encryption technologies
- Regular security audits
However, no internet transmission is completely secure, and we cannot guarantee the security of your information.
Children’s Privacy
Our Site is not directed to children under the age of 19. We do not knowingly collect personal data from children under 19. If you are a parent or guardian and you believe your child has provided us with personal data, please contact us. We will take steps to remove the information from our servers.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post any changes on