MOJO APOTHECARY

Privacy Policy

Mojo Apothecary Cold-pressed, organic, full spectrum CBD products

Privacy Policy

 

Introduction

 

This privacy notice (notice) applies to the processing of personal data by Mojoapothecary Ltd (referred to as “Mojo Apothecary”, “we”, “us”, or “our” in this notice).

Mojo Apothecary respects your privacy and is committed to protecting your personal data. This privacy notice will inform you about how we handle your personal data when you contact us or visit our website (regardless of your location) and will also explain your privacy rights and how the law protects you.

 

Purpose of this privacy notice

 

The purpose of this privacy notice is to provide you with information on how Mojo Apothecary collects and processes your personal data through your use of this website. This includes any data you may provide when purchasing a product, signing up for our newsletter, participating in a competition, or engaging in any other communication with us, such as calling or emailing us or contacting us via social media.

Please note that this website is not intended for children, and we do not knowingly collect data relating to children.

It is important that you read this privacy notice in conjunction with any other privacy notice or fair processing notice we may provide on specific occasions when we collect or process personal data about you. This will ensure that you fully understand how and why we use your data. This privacy notice supplements other notices and is not intended to override them.

 

Controller

 

Mojo Apothecary is the controller and responsible for your personal data.

If you have any questions about this privacy notice or if you wish to exercise your legal rights, please contact the [data privacy manager] using the details provided below.

 

Contact details

 

Our full details are as follows:

Full name of legal entity: Mojoapothecary Ltd

Email address: [email protected]

Postal address: 50 Killermont Road, Glasgow, G61 2JF

 

Filing a complaint

 

You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us initially.

 

Changes to the privacy notice and your duty to inform us of changes

 

We will keep this notice updated and inform you of any material changes to how we process your personal data. Any future changes will be posted on this website and, if necessary, notified to you by email. We encourage you to stay informed by reading about the changes.

This version of the notice was last updated on [20th May 2023].

It is important to ensure that the personal data we hold about you is accurate and up to date. Please inform us of any changes to your personal data during our relationship.

 

Third-party links

 

We do not include or offer third-party products or services on our website.

However, our website may contain links to third-party websites, plugins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we recommend reading the privacy notice of every website you visit.

 

The data we collect about you

 

Personal data, or personal information, refers to any information about an individual from which that person can be identified. This includes information such as your name, email address, telephone number, and address. It does not include data where the identity has been removed (anonymous data).

 

We collect, use, store, and transfer various types of personal data about you, which we have grouped together as follows:

 

* Identity Data: This includes your first name, last name, username or similar identifier, marital status, title, date of birth, and gender.

* Contact Data: This includes your billing address, delivery address, email address, and telephone numbers.

* Financial Data: This includes your bank account and payment card details.

* Transaction Data: This includes details about payments to and from you, as well as other details of products you have purchased from us.

* Technical Data: This includes your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

* Profile Data: This includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

* Usage Data: This includes information about how you use our website, products, and services.

* Marketing and Communications Data: This includes your preferences in receiving marketing communications from us and our third parties, as well as your communication preferences.

 

We also collect, use, and share Aggregated Data, which is statistical or demographic data that does not directly or indirectly reveal your identity. This data may be derived from your personal data but is not considered personal data in the eyes of the law. However, if we combine Aggregated Data with your personal data in a way that directly or indirectly identifies you, we will treat the combined data as personal data and handle it in accordance with this privacy notice.

 

We do not collect any Special Categories of Personal Data about you, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, or genetic and biometric data. We also do not collect any information about criminal convictions and offences.

 

If you choose to provide any special categories of personal data when using our website or contacting us, it is your responsibility to ensure that you are comfortable with us using that personal data in accordance with this notice. Please be aware that this type of data is more sensitive and is subject to stronger protection under data protection legislation. Therefore, it is advisable to avoid including this kind of data if possible.

 

If you fail to provide personal data that we need to collect by law or under a contract we have with you, we may not be able to perform the contract or provide you with the requested goods or services. In such cases, we will notify you of the implications at the time.

 

How is your personal data collected?

 

We use different methods to collect data from and about you, including:

 

* Direct interactions: You may provide us with your Identity, Contact, Financial, Profile, and Marketing and Communications Data by filling in forms, corresponding with us by post, phone, email, or other means. This includes personal data you provide when you create an account on our website, purchase products, subscribe to publications or updates, request marketing materials, enter competitions or promotions, complete surveys, or contact us with queries, feedback, or complaints.

* Automated technologies or interactions: As you interact with our website, we may automatically collect Usage Data about how you use our website and Technical Data about your device, browsing actions, and patterns. We collect this personal data using cookies, server logs, and similar technologies. Please refer to our cookie policy in Section 10 for more details.

* Third parties: We may receive personal data about you from third parties, including Technical Data from analytics providers like Google, and Identity, Contact, and Profile Data from social media platforms such as Facebook, Twitter, Instagram, and LinkedIn.

 

How we use your personal data

 

According to data protection legislation, we can only use your personal data if we have a legal basis for doing so, as established by data protection legislation. We will only use your personal data when permitted by law. The following are the most common circumstances in which we will use your personal data:

  • When we need to fulfill or have already fulfilled the contract we have entered into with you.
  • When it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not outweigh those interests.
  • When we need to comply with a legal or regulatory obligation.
  • With your consent (for example, when you have provided consent for us to send you marketing materials), which you have the right to withdraw at any time by contacting us using the contact details provided above.

 

Purposes for which we will use your personal data

 

Below, we have provided a table describing all the ways we plan to use your personal data, along with the legal bases we rely on for processing. We have also identified our legitimate interests where applicable.

Please note that we may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. If you require details about the specific legal ground we are relying on to process your personal data when multiple grounds are applicable, please contact us using the contact details provided above.

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest
To register you as a new customer

(a) Identity

(b) Contact

Performance of a contract with you

To process and deliver your order including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you;

(b) Necessary for our legitimate interests (to recover debts due to us).

To manage our relationship with you which will include:

(a) Responding to your queries;

(b) Notifying you about changes to our terms and conditions or privacy notice

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you;

(b) Necessary to comply with a legal obligation;

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products)

To enable you to complete a survey

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(a) Necessary for our legitimate interests (to study how customers use our products, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Technical

(f) Marketing and Communications

Necessary for our legitimate interests (to study how customers use our products, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

Necessary for our legitimate interests (to develop our products and grow our business)

 

Change of Purpose

 

We will only utilise your personal data for the purposes we initially collected it, unless we reasonably determine that we need to use it for another purpose that is compatible with the original intent. If you would like an explanation regarding how the processing for the new purpose aligns with the original intent, please contact us.

In the event that we need to use your personal data for an unrelated purpose, we will inform you and provide an explanation of the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in accordance with the aforementioned regulations, when required or permitted by law.

 

Marketing

 

We strive to offer you choices regarding the utilisation of certain personal data, particularly related to marketing and advertising. When you initially register an account with us, we will provide you with a clear option to opt into receiving marketing materials and communications.

We use your Identity, Contact, Technical, Usage, Profile, Marketing, and Communications Data to provide you with information about products and offers that may be relevant to you.

You will receive marketing communications from us if you have requested information from us, provided your details when purchasing products or contacting us, and in each case, have not opted out of receiving such marketing.

 

Opting Out

 

You can request us to stop sending you marketing messages at any time by logging into the website and deselecting relevant options to adjust your marketing preferences. Alternatively, you can follow the opt-out links provided in any marketing message sent to you or contact us directly at any time.

Opting out of receiving these marketing messages will not affect the personal data provided to us as a result of a product purchase, warranty registration, product experience, or other transactions.

 

Third-Party Marketing

 

We do not sell, trade, or transfer your personal data to external parties.

 

Disclosure of Your Personal Data

 

We will treat all your personal data as private and confidential, following the data protection laws. However, we may need to share your personal data with third parties who provide services to us, enabling them to render their services, such as IT providers, payment facilitators, delivery services, and system administration services.

When we utilise third parties to process your personal data on our behalf, we will conduct checks to ensure that appropriate safeguards are in place to protect your personal data. We will also monitor the performance of these third parties (including their approved subcontractors) to ensure the security of your personal data.

Any third-party service provider instructed by us will only process your personal data:

* for the same purposes for which we may use your personal data (as described in this notice);

* as strictly necessary to fulfil their obligations to us; and

* in accordance with our instructions.

We require all third parties to respect the security of your personal data and handle it in compliance with the law. Our third-party service providers are not permitted to use your personal data for their own purposes and are only authorised to process your personal data for specified purposes in accordance with our instructions.

Typically, we will not disclose your personal data except as outlined above. However, there may be circumstances where we need to share personal data for reasons other than those anticipated above. These may include:

* situations where we are legally obligated to disclose information, such as when ordered by a court;

* instances where the disclosure of personal information is required for the purposes of preventing and detecting crime, including sharing such information with tax authorities and law enforcement agencies;

* situations where we need to disclose personal information for the purpose of or in connection with any legal proceedings, or to obtain legal advice, or when disclosure is otherwise necessary to establish, exercise, or defend legal rights;

* situations where disclosure is necessary to protect your vital interests (for example, if you fall ill at one of our events, we may need to

seek medical assistance); and

* disclosure to any actual or prospective purchaser of our business assets or organisation.

 

International transfers

 

We disclose your personal data to consultants and contractors who collaborate with us to provide our services to you. Some of our external third parties are located outside the European Economic Area (EEA), which means that the processing of your personal data will involve the transfer of data outside the EEA.

 

Whenever we transfer your personal data outside the EEA, we ensure that a similar level of protection is applied to it. We achieve this by ensuring that our consultants and contractors enter into data transfer agreements that impose obligations on them to adequately safeguard your personal data when it is transferred to non-EU countries.

 

Apart from the aforementioned, we do not engage with any other third parties located outside the EEA, and we do not store, host, or transfer any of your personal data outside the EEA.

 

In the event that this situation changes, and we transfer personal data outside the EEA to other third parties, we will update this notice accordingly and provide further information about the specific mechanisms we employ to transfer your personal data.

 

Data security

 

We have implemented appropriate security measures to prevent accidental loss, unauthorised access, alteration, or disclosure of your personal data. Our website undergoes regular scans to identify and address security vulnerabilities and weaknesses, ensuring your visit to our site is as safe as possible. We conduct regular malware scans, and your personal data is stored behind secure networks.

 

Access to your personal data is limited to a select number of individuals who have special access rights to these systems. They are obligated to keep the information confidential. Furthermore, any sensitive/credit information you provide is encrypted using Secure Socket Layer (SSL) technology.

 

When a user places an order, submits information, or accesses their account, we implement various security measures to maintain the safety of your personal data. All transactions are processed through a gateway provider and are not stored or processed on our servers.

 

We have also established procedures to address any suspected personal data breaches, and we will notify you and any relevant regulatory authorities in the event of a breach if it is legally required.

 

Data retention

 

How long will my personal data be retained?

 

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including any legal, accounting, or reporting requirements.

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as the applicable legal requirements.

 

We will retain your personal data for as long as you have an account with us and generally for a period of [3 years] following the closure of your account or our response to your query. However, if we have a statutory obligation to retain the personal data for a longer period or if we may need to retain your personal data for a longer period to handle a legal claim or address ongoing queries or complaints, the retention period may be extended.

 

Your legal rights

 

You have several rights regarding your personal data. Within certain limitations, you have the right to:

 

– Request access to your personal data (referred to as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and verify its lawful processing.

– Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data corrected, although we may need to verify the accuracy of the new data you provide.

– Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no valid reason for us to continue processing it. You also have the right to request the deletion or removal of your personal data where you have exercised your right to object to processing (

 

as explained below), where we may have unlawfully processed your information, or where erasure is required to comply with local law. Please note that we may not always be able to comply with your erasure request due to specific legal reasons, which will be communicated to you, if applicable, at the time of your request.

– Object to the processing of your personal data when we rely on legitimate interests (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground, as it affects your fundamental rights and freedoms. You also have the right to object to the processing of your personal data for direct marketing purposes. In some cases, we may demonstrate compelling legitimate grounds to process your information that override your rights and freedoms.

– Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) you want us to establish the accuracy of the data; (b) our use of the data is unlawful, but you do not want us to erase it; (c) you require us to retain the data, even if we no longer need it, as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

– Request the transfer of your personal data to you or to a third party. We will provide your personal data to you or a third party of your choice in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.

– Withdraw your consent at any time, where we rely on consent as the legal basis for processing your personal data. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will inform you if this is the case at the time you withdraw your consent.

 

If you wish to exercise any of the rights mentioned above, please contact us using the provided contact details.

 

No fee usually required

 

You will not be required to pay any fees to access your personal data (or to exercise any of the other rights). However, we may impose a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may decline to fulfil your request under these circumstances.

 

What we may need from you

 

We may need to ask for specific information from you to verify your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to prevent the disclosure of personal data to unauthorised individuals. We may also reach out to you for additional information regarding your request to expedite our response.

 

Time limit to respond

We strive to respond to all valid requests within one month. Occasionally, if your request is particularly complex or if you have made multiple requests, it may take us longer than a month. In such cases, we will notify you and keep you informed.

 

Cookies

 

Cookies are small files that a website or its service provider transfers to your computer’s hard drive through your web browser (if permitted) to enable the website’s or service provider’s systems to recognise your browser and capture and remember certain information. For example, we use cookies to assist us in remembering and processing items in your shopping cart. They are also used to help us understand your preferences based on previous or current website activity, allowing us to provide you with improved services. Additionally, cookies help us compile aggregated data about website traffic and interactions, so that we can offer better site experiences and tools in the future.

 

You can choose to have your computer notify you each time a cookie is being sent, or you can choose to disable all cookies. This can be done through your browser settings (e.g., Internet Explorer). Each browser has its own method for modifying cookie settings, so consult your browser’s Help menu for the correct instructions.

 

We respect “Do Not Track” signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. However, if you disable cookies, certain parts of our website may become inaccessible or may not function properly.

 

Our cookies help to:

* ensure that our website functions as expected;

* remember your preferences during and between visits;

* enhance your experience and that of other users on our website;

* allow you to subscribe to marketing and updates if you choose to do so; and

* improve the speed and security of our website.

© 2023 Mojo Apothecary