This privacy policy (“Privacy Policy”) describes how Charlotte’s Web, Inc. (“we”, “us” or “our”) collects, processes, uses and shares your personal information when you use our website (the “Site”) and to provide you with our products and services, including through our online store (collectively, the “Services”).
This Privacy Policy is a part of our Terms and Conditions. By using our Services, you agree to be bound by and comply with this Privacy Policy and our Terms and Conditions.
SECTION 1 - WHAT PERSONAL INFORMATION WE COLLECT
We may collect or receive the following categories of personal information from or about you, including when you use our Services (such as signing up for an account, making a purchase, browsing our website, or contacting us):
- Personal Identifiers, including name, phone number, addresses, email address, password, age, veteran status, occupation, and payment information.
- Billing and Commercial Information, including billing and shipping address, email address, order history and transaction information, and payment information.
- Device, Website usage, and Website Features Usage Information, including device information (the Operating System (OS) running on your device), Internet Protocol (IP) address (which may be used to obtain your geolocation), access times, browser type, language and the website(s) you visited before our Site, which we collect through cookies, web beacons and other tracking technologies. We also collect information about how you use our Site, including the elements you interact with, metadata and other details about these elements, change states and other user actions. If you use the chat features on the Site, we may collect additional information through that feature as well, including about your device, usage information, and date and time of communications.
- Communications with Us, including when you contact us via phone, email, the “Contact Us” form on our Site, chat features on the Site, or on blog posts, including chat transcripts, contents, and message history. We will also collect any information you provide in these communications.
SECTION 2 – HOW WE USE YOUR PERSONAL INFORMATION
In general, we use the information we collect primarily to provide, maintain, protect and improve our current Services and to develop new Services. We use personal information collected through use of our Services to:
- Provide and Improve Our Services. We may use your personal information to provide and improve our Services. This includes performing necessary operations to create, update, maintain, secure and otherwise manage your account; fulfill your orders and/or complete the transactions you request; process your payments; provide you with receipts and send you with notifications related to your account and orders; save transaction history; ensure our Services are working as intended, including to investigate and fix bugs and operational issues that you report; conduct data analysis, testing and research; training of artificial intelligence or automated decision-making systems to increase efficiencies; and otherwise understand and enhance your experience using our Services. We may link or combine your personal information with other personal information we receive from third parties about you to help understand your needs and provide you with better service.
- Communicate with You. We may use your personal information to communicate with you, such as to respond to and/or follow-up on your requests, issues, comments or questions and for our support team to provide customer service. This includes communicating to you by phone, email, our chat feature, or otherwise.
- Advertising and Marketing. We may use your personal information to communicate with you about promotions, upcoming events and news about products and services offered by us and our selected partners, and for other marketing purposes, including online targeted advertising. This may include to analyze and optimize the performance of those promotions and advertisements based on your visits to and/or usage of the Services, information we receive from partners and that you otherwise provide.
- Ensure Security and Prevent Fraud. We may use your personal information to protect against, detect, investigate and deter against malicious, deceptive, fraudulent, unauthorized or illegal activity.
- Comply with Legal Obligations. We may use your personal information to comply with our legal or regulatory obligations, to establish or exercise our rights and to participate in legal proceedings.
SECTION 3 – HOW WE DISCLOSE YOUR PERSONAL INFORMATION
We provide your personal information with third parties in the following circumstances (subject to your prior consent where required under applicable law):
- Third-Party Service Providers. We may disclose personal information with third-party service providers who provide services on our behalf, such as payment processing, website usage analytics and marketing. We require that such third parties provide at least the same level of privacy protection as required by this Privacy Policy. Where we make chat features available, we utilize service providers such as HubSpot.
- Advertising and Analytics Partners. We may share personal information with third-party advertising and analytics partners, including Google Analytics, through third-party cookies and similar tracking technologies to provide analytics about the use of our Services and to provide marketing and advertising of our Services, including through targeted advertising based on your use of the Site.
- Legal Reasons. We may share your Personal Information to comply with legal or regulatory requirements; to respond to lawful requests and legal process; to protect our rights and property and those of our agents, customers and others, including to enforce our agreements, policies and terms included in this Privacy Policy or our Terms of Service; to prevent fraud; and to protect the personal safety of any person.
- Change of Control. We may share personal information with third parties for the purposes of a business deal (or negotiation of a business deal), including any sale, merger, financing, acquisition, divestiture or dissolution transaction, proceeding or change in control involving all or a portion of our assets. In the event of an insolvency, bankruptcy or receivership, personal information may also be transferred as a business asset. If another company acquires our company, business or assets, that company may also acquire and possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.
SECTION 4 – PAYMENT PROCESSING
The store on our Site is hosted on the Shopify platform that allows us to sell our products and services to you.
If you provide us with your credit card information during the payment process, we send it to our PCI-DSS compliant payment gateway for processing using SSL encryption technology. Your credit card information is stored for recurring subscription orders as well as within your account for a faster checkout experience. You may remove your credit card information from your account at any time.
All direct payment gateways comply with the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of credit card companies, including Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and our payment processors and service providers.
SECTION 5 – STATE PRIVACY RIGHTS
Certain U.S. states provide residents with specific rights regarding their personal information. If you are a resident of one of these states, you may have one or more of the following rights, subject to exceptions:
- Right to Know. You may request to receive the categories of personal information we have collected about you, the categories of sources from which that personal information was collected, the categories of third parties with whom we have disclosed that personal information, and the specific pieces of personal information we collected about you.
- Right to Delete. You may request that we delete the personal information we maintain about you.
- Right to Correct. You may request that we correct any incomplete or inaccurate personal information about you that we maintain about you.
- Right to Opt Out of the “Sale” of Personal Information or “Sharing” of Personal Information for Targeted Advertising Purposes. We may use advertising and analytics services, including those which leverage cookies to deliver advertisements (such as interest-based, cross-context, behavioral, or targeted advertisements) to you. You may opt out of such disclosures by using your right to reject all cookies except functional cookies. You may need to re-select your preferences if you visit us from a different device or browser. Residents of certain jurisdictions may also set the Global Privacy Control to opt out of such disclosures.
To exercise these rights, please contact us using the information in Section 14.
We maintain procedures to verify that you are authorized to make a request to exercise the above rights. You may designate an authorized agent to make these requests on your behalf by providing your written permission and verifying your identity.
Residents of certain states have the right to appeal our decision if we deny your request to exercise any of the above rights within 45 days. You can do so by replying directly to our denial or emailing privacy@charlottesweb.com. If the appeal is denied, we will also provide you with a method through which you may submit a complaint.
We will not discriminate against you for exercising any of the rights outlined above, though we are not able to provide some Services to you without receiving such information.
SECTION 6 – THIRD-PARTY LINKS
Our Site may contain links to websites and/or products that we do not own or control. When you click on one of these links, you may be directed away from our Site. Our Privacy Policy does not cover any third-party websites or services. To learn about those third parties' practices related to your personal information, please read their privacy policies. We are not responsible for the privacy practices of such other websites, and we are not liable for their misuse of your personal information.
SECTION 7 – SECURITY
We seek to protect your personal information from unauthorized access, use, disclosure, loss, alteration or destruction. To protect your personal information, we take reasonable precautions and follow generally accepted industry practices, including using appropriate physical, technical, organizational and administrative security measures based on the type of personal information and nature of the processing. For example, if you provide us with your credit card information, the information is transmitted to our server using secure socket layer technology (SSL) which employs the AES-256 encryption standard.
The safety and security of your personal information also depends on you. The personal information stored in your account is protected by your password. You are responsible for keeping this password confidential – never share this password with anyone. We will never contact you to ask you for your password.
Unfortunately, no system for safeguarding personal or other information is completely secure. Even though we have taken steps to protect your personal information, we cannot guarantee the security of your personal information.
SECTION 8 – RETENTION OF PERSONAL INFORMATION
We will only retain your personal information for as long as necessary for the purposes identified under this Privacy Policy, and as permitted and required by applicable law. The data retention period actually applied to your personal information depends on the purposes for which we collected and use it, the length of our relationship with you, whether we have a legal obligation to retain it, whether retention is advisable in light of our legal position (e.g., where there is an ongoing dispute) and best practices.
SECTION 9 – CHILDREN
Our Site is not intended for use by or directed towards, and we do not seek or knowingly collect personal information from or about, children under the age of 18. By using this Site, you represent that you are at least the age of majority in your state or province of residence. If you believe that we have collected personal information from or about a child under the age of 18, please contact us at privacy@charlottesweb.com.
SECTION 10 – INTERNATIONAL USERS
The Services are intended only for users located in the United States and Canada.
SECTION 11 – CALIFORNIA’S SHINE THE LIGHT LAW
California’s “Shine the Light” law allows California residents to request and obtain, annually and free of charge, information about the disclosure (if any) of their personal information to third parties for their direct marketing purposes in the previous calendar year. We do not share personal information with third parties for such purposes.
SECTION 12 – DO NOT TRACK
We currently do not share personal information with third parties for their direct marketing permissions. We therefore do not respond to Do Not Track (“DNT”) signals.
SECTION 13 – CHANGES AND UPDATES
We reserve the right to modify this Privacy Policy at any time, so suggest that you review it frequently. Changes that do not materially affect your rights shall take effect immediately upon their posting on the Site. We will also provide notice, as appropriate, if we make a change to the Privacy Policy that are significant and materially affect your rights.
SECTION 14 – CONTACT INFORMATION
If you have any questions or comments about this Privacy Policy, or if you would like to exercise your rights, register a complaint, or simply want more information, please contact us by email at: privacy@charlottesweb.com, or by mail at:
Charlotte's Web, Inc.
700 Tech Court
Louisville, CO 80027