Let's start by saying that we don't do anything with your information that you wouldn't reasonably expect us to. We're a small business running a retail website and the only information we're interested in is how to contact you and where to have your orders delivered.
However, we're required by law to make it absolutely clear what we do with your data, why we do it, and what your rights are regarding your personal information, so please forgive us if some of the following sounds obvious or even a little silly!
What do we do with your personal information?
Name and address
We need this information so that we can have the products that you've ordered delivered to you by a postal/courier service. Use of your name and address in this manner is on the legal basis of "performance of a contract". Failure to provide a name and address will mean that we can't dispatch your orders.
If there's ever a problem with your order, or if you've had an issue with something you've bought from us, or if you're just making a general enquiry, we find that the quickest and best way is usually to call you so that we can get it sorted out. We may also send a text if you've give us a mobile number and we can't get through to speak with you. Use of your telephone number in this manner is on the legal basis of assisting with the "performance of a contract". Failure to provide a telephone number will mean that any issues (either at your end or ours) will take longer to rectify.
We need your email address for a number of reasons. Firstly, your email address is your unique identifier (i.e. your username) for our website - even if there are a dozen Joe Bloggs, there's only one email@example.com, and this is how we'll keep your personal information tied together. As such, failure to provide an email address will mean that you cannot register for an account on our website.
We'll use your email address so that we can keep you updated on the progress of your orders - we'll let you know when your order has been accepted, dispatched etc.
If there's a problem (or if you've contacted us) and we can't get through to you by telephone (or if an email is more appropriate) then we may contact you by email in order to resolve the issue (as above, on the legal basis of assisting with the "performance of a contract").
We'll also send you special offers by email, either if you've asked us to (on the legal basis of "consent"), or if you've recently made a purchase from us (on the legal basis of "legitimate interest" insofar as the furthering of our goals as a business). You can opt out of email marketing at any time, either by contacting us via the details below, or by following the "unsubscribe" link in any of our marketing emails.
Date of birth
As vaping-related products are age-restricted, your date of birth helps us to ensure that we are only supplying products to people who are legally old enough. However, providing us with this information is optional, as you are required to confirm that you are over 18 when you visit our website. We may sometimes offer special promotions on or around your birthday if you are eligible to receive our marketing emails as above. Failure to provide your date of birth will mean that you will not receive such tailored offers.
Do you store my payment (i.e. card) details?
We don't store card details, however our payment providers give us access to the first 6 and last 4 digits of cards used for payments for reference and diagnostic purposes. If you choose to pay by bank transfer, your bank details are not visible to us - all we can see is the name of the account that the transfer has been made from.
How long will you store my personal information?
VAT invoices (including customer details) are automatically generated for each transaction we process, and under UK law we must store these for 6 years from the end of the financial year in which they are issued. As such, that's how long we'll have your information on file for.
Who will see your data?
For the purposes of GDPR (General Data Protection Regulations) we are the "data controller". Official CBD UK is a trading name of Can You Get Me Ltd (UK company number 04560133). Any third-party companies we use are known as "data processors". Under GDPR law these data processors are forbidden from using your information in any way except when we instruct them to do so. We use such third parties for delivery of goods (including Royal Mail, UPS and DPD), and processing of electronic payments (including QuickPay and VivaWallet). We have ensured that the relevant companies have put in place appropriate safeguards for data processing in line with GDPR.
What rights do I have regarding my personal information?
If the information we have is incorrect, you have the right to have it amended. You can generally do this yourself in your account settings, however please contact us if you'd prefer us to do it for you.
You have the right to request a list of any information that we have about you, and to request that we delete your personal information from our records.
If you have consented to the processing of your data (e.g. for email marketing) then you have the right to withdraw that consent at any time.
And finally, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) if we cannot resolve your request.
Cookies are small files saved to your hard drive that track, save and store information about your interactions and usage of the website. In real terms, this allows the website to keep track of whose basket is whose. Imagine 100 people going to the supermarket and all using the same trolley - things would get a little messy at the checkout, and this is what would happen without cookies!
No personally identifiable information is collected or stored by the cookies on this website.
If you have any questions, comments or concerns about any of the above, then please don't hesitate to contact us and we'll be happy to help.