Privacy Policy
Dope October Privacy Policy
-----
This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from www.dopeoctober.com (the “Site”).
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
- We use a Facebook Pixel-Code on our page in order to track your data and behaviour on our page .We use these information for on-target marketing and re-marketing purposes.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information, credit card numbers, PayPal email addresses, email address, and phone number. We refer to this information as “Order Information”.
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns). As stated above again, we are using a Facebook-Pixel-Code in order to track your behaviour on our page, such as view content events, add to cart events and purchase events. We are using these data for marketing and re-marketing purposes.
TEXT MARKETING AND NOTIFICATIONS (IF APPLICABLE):
Text Marketing and notifications: By subscribing to text notifications you agree to receive recurring automated marketing messages at the phone number provided. Consent is not a condition of purchase. Reply STOP to unsubscribe. HELP for help. Msg & Data rates may apply. More info view Privacy Policy and ToS."
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
BEHAVIOURAL ADVERTISING
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
If you wish to opt-out from all these resources, please send us an E-Mail to friend@dopeoctober.com and we will delete your data off these resources.
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
YOUR RIGHTS
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
SMS MARKETING
"Text Marketing and notifications (if applicable): By entering your phone number in the checkout and initialising a purchase, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed 15 per month. You can unsubscribe from further text messages by replying STOP. Message and data rates may apply."
DATA RETENTION
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at friend@dopeoctober.com or by mail using the details provided below:
GDPR PRIVACY POLICY (EFFECTIVE BY 25TH MAY 2018)
1. INTRODUCTION
a. This Privacy Statement provides guidance and information to
Dope October customers regarding the processing of personal data by Dope October.
b. Dope October. ("us", "we" or "our") have a commitment to protecting
and respecting your privacy. This Statement together with the Term
and Conditions and Cookies Policy and the documents referred to in
them sets out the basis on which any personal data we collect from you
or that you provide to us (“Data”) will be processed by us. Please read
this Privacy Statement carefully to understand our treatment and use of
Data.
c. In this Privacy Statement, references to “you” means the person whose
personal information we collect, use and process.
d. We will use your personal data only for the purposes and in the manner
set forth below, which describes the steps we take to ensure the
processing of your personal data is in compliance with the Legislative
decree 30th June 2003, n. 196 and any subsequent data protection and
privacy legislation (the “Acts”), European Union Law including the
General Data Protection Regulation (the “GDPR”) and any subsequent
amendments (together the “Data Protection Legislation”).
e. If you do not agree with or are not comfortable with any aspect of this
Privacy Statement, your only remedy is to not become a customer of
Dope October.
f. We seek to maintain the privacy, accuracy, and confidentiality of
personal information (including your personal data) that we collect and
use concerning our customers.
2. IDENTITY OF THE CONTROLLER OF PERSONAL INFORMATION
For the purposes of the Data Protection Legislation, the Data Controller is
Dope October. a private company registered in the COUNTRY having its registered
office address at ADDRESS
CONTACT DETAILS OF THE PRIVACY OFFICER
The data protection officer appointed in respect of your entity (if applicable)
can be provided – please see clause 13 for further contact information.
3. WHEN DOES THIS PRIVACY STATEMENT APPLY
This Privacy Statement applies to personal information that we collect, use
and otherwise process about you in connection with your relationship with us
as a customer or potential customer.
4. WHAT PERSONAL INFORMATION IS COLLECTED AND
PROCESSED?
a. We may collect and process the following categories of information
about you:
1. your personal information (e.g. name, gender, date of birth,
address, email and phone number);
2. your authentication information (e.g. tokens); and
3. your financial information (e.g. credit card number and billing
data).
5. WHAT DO WE USE YOUR PERSONAL INFORMATION FOR?
a. The main purposes for which we use your personal information are:
1. process your account;
2. provide services relating to your account and to work on
improving our services to you (including service
communication, insight, research, customer surveys and
feedback);
3. to provide you with relevant marketing communications;
4. to support other administrative purposes;
5. comply with all legal and regulatory requirements; and
6. where you have given us permission, contact you from time to
time to keep you up to date with limited offers, new services,
company news and other promotions.
b. The legal basis for this use and other processing will include (as
relevant):
1. if you have provided us with your consent to the processing of
your personal data;
2. to enable us to perform our obligations under any contract with
you;
3. processing for legitimate interests provided these are not
overridden by your interests and fundamental rights and
freedoms (this includes our own legitimate interests and those
of other entities in the COMPANY.), in particular this is
relevant when we use and process your personal data in order
to respond to your enquiries and to address our good
governance obligations; and
4. we may also disclose your personal information to
governmental and regulatory bodies and other third parties
where required to do so by applicable law, such as to comply
with a court order or a request from a regulator or similar legal
process or where otherwise necessary to comply with a legal
obligation or for the administration of justice.
c. In addition, in the event of a merger, acquisition, or any form of sale of
some or all of our assets to a third party, we may also disclose your
personal information to the third parties concerned or their professional
advisors. In the event of such a transaction, the personal information
held by Dope October will be among the assets transferred to the buyer.
d. The provision of personal data is a contractual requirement and may
also be a statutory requirement, and is necessary to process your
application or for the performance of a contract. If your personal data
cannot be processed this may have an impact on fulfilling our rights
and obligations.
e. We do not knowingly process personal data from persons under the
age of 13 years. If it comes to our attention that we are processing such
personal data, we shall delete such personal data immediately.
f. When you close your account, we may continue to process your
personal data, to the extent permitted by applicable law, for the
purposes detailed above.
6. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE
PERSONAL DATA
a. We may disclose your personal information to third parties, including
the following:
1. third party service providers;
2. regulatory authorities;
3. Revenue who, under the Standard for Automatic Exchange of
Financial Account Information in Tax Matters (Common
Reporting Standard) may share information with the tax
authorities of other countries;
4. auditors;
5. relevant industry bodies;
6. professional advisers; and
7. others, where it is permitted by law, or where we have your
consent.
b. International transfers
1. Due to the global nature of Dope October, your personal data
will be transferred to Dope October entities located in other
countries, including outside the European Economic Area
(“EEA”). These other countries may either have different data
protection laws than your country of residence or they may not
have data protection laws. Steps will however be taken to put in
place safeguards (including around security) to protect your
personal data when it is in other countries. For example, in
respect of Europe, this includes use of European Model Clause
contracts. You can find out what these are online at the
following address:
http://ec.europa.eu/justice/dataprotection/international-
transfers/transfer/index_en.htm. If you have any questions or
wish to be provided with a copy please see clause 13 for further
contact information.
Please note commercially sensitive
information may be removed/blanked out from copies supplied
to you.
2. Your personal information may be transferred, stored and
processed in one or more countries outside the European
Economic Area (“EEA”), including the United States of
America.
3. For transfers of your personal data to third parties outside of the
EEA, we take additional steps in line with data protection laws.
These include EU Commission approved forms of contract
with the relevant recipients of your information, whether
members of Dope October or otherwise.
4. In addition, we take reasonable steps to ensure that your
personal information is adequately protected in accordance
with the Acts and the GDPR.
7. PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED,
OR IF THAT IS NOT POSSIBLE, THE CRITERIA USED TO
DETERMINE THAT PERIOD
1. Your personal data will not be kept for longer than is necessary to
fulfil the specific purposes outlined in this Privacy Statement and
Cookies Policy and to allow us to comply with our legal requirements,
including, without limitation, any tax and commercial obligations.
2. The criteria we use to determine data retention periods includes the
following:
a. Retention in case of queries
We may retain your personal data for a reasonable period after
you have enquired about Services, in case of follow up queries
from you.
b. Retention in case of claims
We may retain your personal data for the period in which you
might legally bring claims against us (this means we will retain
it for at least 7 years) if and to the extent this is relevant.
c. Retention in accordance with legal and regulatory
requirements
We will consider whether we need to retain your personal data
after the period of retention in the case of queries or claims
(above) because of a legal or regulatory requirement. Some or
all of these criteria may be relevant to retention of your
personal data collected from you in connection with our
Services.
d. Retention permitted under applicable law
We will continue to retain personal data where necessary to
provide our services to you and the retention of such personal
data is necessary for the purposes of pursuing our legitimate
interests or where it is necessary for public interest purposes.
8. Please note that, although reasonable efforts will be taken, it may not
always be possible to completely remove or delete all of your personal
information from our databases because of back-ups and other
technical reasons. Where this is the case, we will take steps to ensure
that your personal data is suppressed in order to render it unusable.
9. YOUR RIGHTS
a. You may have various rights under data privacy laws in your country
(where applicable). These may include (as relevant):
1. the right to withdraw your consent to the processing of your
personal data. However, we may continue to process your
personal information if there is an alternative legal basis for the
processing;
2. the right to request access to or a copy of the personal data we
hold about you. Please note that there is no fee for this request
and any request for a copy of your personal data will be
processed within thirty (30) days in accordance with the
GDPR;
3. the right to rectification including to require us to correct
inaccurate personal data;
4. the right to request restriction of processing concerning you or
to object to processing of your personal data if:
i. processing is based on legitimate interests or the
performance of a task in the public interest or exercise
of official authority;
ii. processed for direct marketing; or
iii. processed for the purposes of scientific or historical
research and statistics;
5. the right to prevent further processing in specific circumstances
and where there is no other lawful ground for continuing to
process that information. These include for example:
i. where the personal data is no longer necessary in
relation to the purpose for which it was originally
collected/processed;
ii. where you withdraw consent; or
iii. where you object to us processing your information;
6. the right to request the erasure of your personal data where it is
no longer necessary for us to retain it;
7. the right to block or suppress processing of personal
information. While we are entitled to store your personal
information, we cannot further process it if you request it to be
blocked;
8. the right to data portability including to obtain personal data in
a commonly used machine readable format in certain
circumstances such as where our processing of it is based on a
consent; and
9. the right to object to automated decision making including
profiling (if any) that has a legal or significant effect on you as
an individual; and the right to withdraw your consent to any
processing for which you have previously given that consent.
b. You have the right to be informed of the identity of the privacy local
representative (if we are required by law to have a local
representative);
c. You also have the right to any details of any persons to whom
Dope October disclosed your personal data (unless Dope October is
prohibited from providing such information pursuant to applicable
law)
d. Please see clause 13 if you wish to exercise any of these rights (as
relevant).
10. YOUR RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY
AUTHORITY
Without prejudice to any other administrative or judicial remedy you might
have, you may have the right under data privacy laws in your country (where
applicable) to lodge a complaint with the relevant data protection supervisory
authority in your country (i.e. the Office of the Data Protection Commissioner
in United Kingdom) if you consider that we have infringed applicable data
privacy laws when processing your personal data. This means the country
where you are habitually resident, where you work or where the alleged
infringement took place.
11. SECURITY
a. We endeavour to use appropriate technical and physical security
measures to protect your personal data which is transmitted, stored or
otherwise processed by us, from accidental or unlawful destruction,
loss, alteration, unauthorised disclosure of, or access. These measures
include: storing personal data in a private database which is accessed
via an internal control panel protected with the username, password
and IP address of our authorized users; storing hashed information as
opposed to passwords and using secure cloud storage on AWS for
database backups. Our service providers are also selected carefully and
required to use appropriate protective measures.
b. As effective as modern security practices are, no physical or electronic
security system is entirely secure. The transmission of information via
the internet is not completely secure. Although we will do our best to
protect your Data, we cannot guarantee the security of your Data
transmitted to our Site. Any transmission of Data is at your own risk.
Once we receive your Data, we will use appropriate security measures
to seek to prevent unauthorised access. We will continue to revise
policies and implement additional security features as new
technologies become available.
c. In the event that there is an interception or unauthorised access to your
personal data, we will not be liable or responsible for any resulting
misuse of your personal information.
12. UPDATING THE PRIVACY STATEMENT
We reserve the right to change this Privacy Statement at any time in our sole
discretion. If we make changes, we will send you an in app notification so that
you can see what information we gather, how we might use that information
and in what circumstances we may disclose it.
13. CONTACT US
For further information or if you have any questions about this Privacy
Statement, please contact friend@dopeoctober.com