Collection of Information
This Site collects various types of information, such as:
- Voluntarily provided information which may include your name, address, email address, billing and/or credit card information etc., which may be used when you purchase products and/or services and to deliver the services you have requested.
- Information automatically collected when visiting our website, which may include cookies, third party tracking technologies and server logs.
Please rest assured that this Site shall only collect personal information that you knowingly and willingly provide by way of surveys, completed membership forms, and emails. It is the intent of this site to use personal information only for the purpose for which it was requested and any additional uses specifically provided in this policy.
We may also gather information such as the type of browser you are using, your IP address or the type of operating system you are using to assist us in providing and maintaining superior quality service.
It is highly recommended and suggested that you review the privacy policies and statements of any website you choose to use or frequent as a means to better understand the way in which other websites garner, make use of and share information collected.
Use of Information Collected
We may collect and may make use of personal information to assist in the operation of our website and to ensure delivery of the services you request. At times, we may find it necessary to use personally identifiable information as a means to keep you informed of other possible products and/or services that may be available to you from the Site. We may also be in contact with you with regards to completing surveys and/or research questionnaires related to your opinion of current or potential future services that may be offered.
We may from time to time, use information provided to us to make contact with you on behalf of other external business partners with regards to a potential new offer which may be of interest to you. If you consent or show interest in presented offers, then, at that time, specific identifiable information, such as name, email address and/or telephone number, may be shared with the third party. Users may opt-out of receiving communications at any time.
We may share specific data with our trusted partners in an effort to conduct statistical analysis, provide you with email and/or postal mail, deliver support and/or arrange for deliveries to be made. We reserves the right to anonymize, aggregate, and monetize certain types of data you provide us and that we collect, including, without limitation, data related to habits, preferences, location, and characteristics of our users, and may share that data with our trusted partners for marketing, development, and debugging purposes. Those third parties shall be strictly prohibited from making use of your personal information, other than to deliver those services which you have specifically requested, and we take steps to ensure such third parties maintain the strictest of confidentiality with regards to all your information.
We may deem it necessary to follow websites and/or pages that our Users may frequent in an effort to determine types of services and/or products may be the most popular to Users or the general public.
We may disclose your personal information, without prior notice to you, only if required to do so in accordance with applicable laws and/or in a good faith belief that such action is deemed necessary or is required in an effort to:
- Remain in conformance with any decrees, laws and/or statutes or in an effort to comply with any process which may be served upon Wikileaf and/or our website;
- Maintain, safeguard and/or preserve all the rights and/or property of the Owner; and perform under demanding conditions in an effort to safeguard the personal safety of Users of the Site and/or the general public.
PERSONS UNDER AGE 21
We do not knowingly collect personal identifiable information from persons under the age of twenty-one (21) or who are below the legal age of consumption of cannabis products in their jurisdiction. If it is determined that such information has been inadvertently collected on anyone under the age of twenty-one (21) or who is below the legal age of consumption of cannabis products in their jurisdiction, we shall immediately take the necessary steps to ensure that such information is deleted from our system's database.
Unsubscribe or Opt-Out
All Users and/or visitors to our website have the option to discontinue receiving communication from us and/or reserve the right to discontinue receiving communications by way of email or newsletters. To discontinue or unsubscribe to our communications please send an email that you wish to unsubscribe to firstname.lastname@example.org or click the “unsubscribe” button at the bottom of an email we send you. If you wish to unsubscribe or opt-out from any third party websites, you must go to that specific website to unsubscribe and/or opt-out.
Links to Other Web Sites
We shall endeavor and shall take every precaution to maintain adequate physical, procedural and technical security with respect to our offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure or modification of the User's personal information under our control.
Acceptance of Terms
How to Contact Us
Email: email@example.comData Privacy for California Residents.
This section applies solely to visitors and users of our site who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice.
For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device ("personal information").
In particular, Wikileaf has collected the following categories of personal information from California Data Subjects within the last twelve (12) months:
|Category||Examples||Do we collect this data?|
|Identifiers||Real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, or other similar identifiers||Yes|
|Characteristics of protected classifications under California or federal law||Race,   gender, ethnicity, disability status||Yes|
|Commercial information||Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies||Yes|
|Biometric information||Fingerprint, facial pattern, voice, typing cadence||No|
|Internet or other electronic network activity information||Information regarding usage of a site, software, or app||Yes|
|Geolocation data||Physical location||Yes|
|Audio, electronic, visual, thermal, olfactory, or similar information||Recordings of a California Data Subject||Yes|
|Professional or employment-related information||Place of work, current occupation, duration of occupation, position/title||No|
|Education Information||Information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)||No|
|Inferences drawn from any of the information identified above||Information used to create a profile about the California Data Subject reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes||Yes|
Sources of Personal Information. Wikileaf obtains the personal information listed above from the following sources:
|Source||Example||Do we receive from this source?|
|Directly from you||From forms you complete or orders for products and services you purchase.||Yes|
|Indirectly from you||From observing your actions on our services.||Yes|
|Third Parties||We are provided information by our third party vendors such as: Google, Hotjar, Mailchimp, Ipstack, Stackpath, Appsflyer, Sentry, and Sendgrid.||Yes|
Use of Personal Information. We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill the purpose for which you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may use personal information you provide us to provide technical support. In addition, we may use the above information:
- To provide, support, personalize, and develop our websites, products, and/or services;
- To create, maintain, customize, and secure your account with us;
- To process your requests, purchases, transactions, and payments and prevent transactional fraud;
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may sell personal information to third parties. Wikileaf also may share personal information with our third party service providers and vendors in order to provide you the Service.
Your Rights and Choices
This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and verify your request, we will disclose to you:
- The categories of personal information we collected about you;
- The categories of sources for the personal information we collected about you;
- Our business or commercial purpose for collecting or selling that personal information;
- The categories of third parties with whom we share that personal information;
- The specific pieces of personal information we collected about you (also called a data portability request);
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your disclosure and/or deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another California Data Subject to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with California Data Subject expectations based on your relationship with us;
- Comply with a legal obligation, such as other privacy or data protection statutes and regulations that place restrictions on our ability to disclose information including, but not limited to, the Gramm-Leach-Bliley Act, PCI Data Security Standards, and state privacy acts; and
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable California Data Subject request to us by sending us an email at firstname.lastname@example.org.
Only you or a person registered with the California Secretary of State, that you authorize to act on your behalf, may make a verifiable California Data Subject request related to your personal information. You may also make a verifiable California Data Subject request on behalf of your minor child.
You may only make a verifiable California Data Subject request for access or data portability twice within a twelve (12) month period. The verifiable California Data Subject request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable California Data Subject request does not require you to create an account with us. We will only use personal information provided in a verifiable California Data Subject request to verify the requestor's identity or authority to make the request.
We aspire to respond to a verifiable California Data Subject request within forty five (45) days of receipt of the request. If we require more time (up to ninety (90) days) we will inform you of the reason(s) why an extension is needed and how long we anticipate the period to be. Any disclosure we provide will only cover the twelve (12) month period preceding the receipt of your request. If applicable, the response may provide the reasons why we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable California Data Subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We reserve the right to refuse to respond to verifiable California Data Subject requests that are excessive, repetitive, or manifestly unfounded.
Right of Non-Discrimination.
We will not discriminate against you for exercising any of your CCPA rights. We will not take any of the following actions against you in response to an exercise of your rights:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
California Do-Not-Track Disclosures.
We do not track Users over time and across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals. Third parties that have content embedded on our Site, software, or mobile applications (e.g. social features) may set cookies on a User’s browser and/or obtain information about the fact that a web browser visited a specific website from a certain IP address. Third parties cannot collect any other personal identifiable information from our Site unless you provide it to them directly.
Privacy Notice for EU Residents
This Section governs personal data, information relating to an identified or identifiable natural person, gathered from data subjects located in the EU only.
General Data Protection Regulation (“GDPR”) Information The following information describes our commitments to you under EU General Data Protection Regulation (“GDPR”).
The GDPR makes a distinction between organizations that process personal data for their own purposes (known as "Data Controllers") and organizations that process personal data on behalf of other organizations (known as "Data Processors"). We only acts as a Data Controller for very limited types of data, such as the information you enter when you register an account with us or the information you submit when purchasing our products or services. The Owner is the Data Controller for information provided by our users about themselves as part of our business relationship. The Owner is the Data Processor for information provided by consumers, merchants, credit card companies, and banks when we processes payment information.
When We Act as a Data Controller
When we process your data as a Data Controller, the following applies.
We collect, use, and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:
Consent: Our use of your personal data is in accordance with your consent. If we process your personal data based on consent, you will be asked for said consent at or before the time of data collection. You may withdraw your consent at any time, and will not suffer any detriment for withdrawing your consent.
Contract: Our use of your personal data is to fulfill a contract between you and us.
Legal Obligation: Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal data to a court, or store information due to federal financial regulations); or
Legitimate Interest: Our use of your personal data is for a legitimate interest of ours, such as fraud prevention and ensuring our network’s security.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, EU residents have certain rights in relation to their personal data:
- Right to Access. You have the right to access to your personal data that is being processed; specifically you may request to view your personal data and obtain copies of your personal data.
- Right to Rectification. You have the right to request modifications to your personal data if it is out of date or inaccurate. In some circumstances, you may be able to exercise this right, in whole or in part, through your existing account with us.
- Right of Erasure. You have the right to ask that we delete your personal data. However, we are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.
- Right to Restriction of Processing. Under certain circumstances, you have the right to request we restrict processing your personal data You have the right to restrict the use of your personal data. However, we can continue to use your personal data following a request for restriction (a) where we have your consent; (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.
- Right to Data Portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal data in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
- Right to Object: You have the right to object to the processing of your personal data. However, we may still process your personal data if we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
- Right to Object to Automated Processing. You have the right to object to decisions based on automated processing, such as where a computer assesses factors in the data we collect about you and makes a determination. We do not currently make any decisions based on automated processing.
We retain your personal data for as long as necessary to provide you with our services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.
We ask that you please attempt to resolve any issues regarding your data protection or requests with us first before contacting the relevant supervisory authority. If you would like to exercise any of the rights described above, please send a request to support@Wikileaf.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the requested personal data.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
When We Acts as a Data Processor
Where we process your data in our capacity as a Data Processor, the processing of your data will not be governed by the foregoing provisions (“When We Act As Data Controller”), but you can contact the Data Controller directly to learn about their processing of your information and to exercise your rights, or we will forward your request directly to them at your request.
Our “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, Wikileaf will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.
EU-U.S. Privacy Shield Framework
As we are a global company, we may need to transfer your personal data outside of the country from which it was originally provided. This may be intra-group or to third parties that we work with who may be located in jurisdictions outside the EEA, Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe.
We may be required to disclose personal information pursuant to lawful requests made by public authorities, including to meet national security or law enforcement requirements.
Inquiries and Complaints
We take safeguarding your privacy very seriously. If you wish to verify, correct or delete any personal information we have collected, or if you have any questions or concerns, or if you have any complaints, please contact support@Wikileaf.com.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: support@Wikileaf.com.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If your claims as to data covered by the EU-U.S. Privacy Shield have not been remedied through dispute resolution directly with Wikileaf or through independent dispute resolution as described above, such "residual claims" may be heard by a "Privacy Shield Panel" composed of one or three arbitrators as agreed upon by the parties. The Privacy Shield Panel may only award individual-specific, non-monetary equitable relief (e.g. access, correction, deletion of the individual's data in question) necessary to remedy the violation of the Principles only with respect to the individual. Damages, costs, fees and other remedies may not be awarded, and each party bears its own attorney's fees. This arbitration option is only available for an individual to determine for such "residual claims" whether Owner has violated its obligations under the Principles as to that individual and whether any such violation remains fully or partially unremedied.
When we collect personal information from individuals, we will inform the individual of the purpose for which we collect and use the personal information and the types of non-agent third parties to which we disclose or may disclose that information. We shall provide the individual with the choice and means for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to us, or as soon as practicable thereafter, and in any event before we uses or discloses personal information for a purpose other than for which it was originally collected.
In instances in which we are not the controller or collector of the personal information, but only a processor, hawse have no means of providing individuals with the choice and means for limiting the use and disclosure of their personal information or providing notices when individuals are first asked to provide personal information to us. In such instances, we will comply with the instructions of the controller of such information; provide appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the controller in responding to individuals exercising their rights under the Principles.
In those instances in which we collect personal information from individuals, it will offer individuals the opportunity to choose (opt out) whether their personal information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Disclosures to Third Parties
In those instances in which we collect personal information from individuals, prior to disclosing personal information to a third party, we shall notify the individual of such disclosure and allow the individual the choice to opt out of such disclosure. We shall ensure that any agent third party for which personal information may be disclosed subscribes to these principles or are subject to law providing the same level of privacy protection as is required by these principles and agree in writing to provide an adequate level of privacy protection.
Accountability for Onward Transfers
To effectively process data on behalf of our clients, we may need to share data with certain third parties or sub-processors. We will remain liable for subsequent transfers to third parties acting as an agent on its behalf if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We shall take reasonable steps to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. We cannot guarantee the security of information on or transmitted via the Internet.
We shall only process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, we shall take reasonable steps to ensure that personal information is accurate, complete, current and reliable for its intended use.
In those instances in which we collect personal information directly from individuals, we shall allow those individuals access to their personal information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.