In a nutshell:
- Customers from around the world trust Canzon with improving their well-being through the use of our CBD and hemp-based products. It’s our privilege and duty to protect our customers’ data and yours.
- We collect and process personal information of our websites’ visitors, business contacts, and customers.
- We use your personal data to provide you with information about our company, products and services; to process your orders and transactions; to deliver our products and services; to conduct and promote our business; and to keep in touch.
- We respect your rights regarding your personal information. If you have any questions regarding your personal data, or want to unsubscribe from any direct marketing, please contact us, we’re here to help: [email protected].
1) Introduction and Definitions
We are CANZON EUROPE S.A, company no. B233875, based in Luxemburg, and including all its subsidiaries and affiliated companies – simply referenced here as “Canzon”. You can find our contact details below.
Canzon roduces, sells, and distributes various products based on Cannabidiol (CBD), a non-intoxicating cannabinoid found in cannabis and hemp. Canzon’s products help people worldwide with various conditions. We respect our customers’ privacy and apply the EU’s General Data Protection Regulation and other applicable regulations to our processing of personal data.
We also operate several Websites – such as Canzon.com – and collect personal data of Websites’ Visitors. Some Visitors and other people who communicate with us become our business Contacts, and some Visitors and Contacts who purchase products on our Websites become our Customers.
2) How Do We Collect Personal Data?
If you’re a Contact or Customer of ours, there might be several ways in which we receive your personal data:
- When you share it with us directly, through your communication with us on the Websites’ contact forms, newsletter registration forms, and order forms, by email, phone, on social networks (e.g. Facebook and Instagram), at events or trade fairs, or via any other communication channel;
- When you make a purchase online on a third-party website or through one of our resellers, or communicate with a business partner of ours or another third-party, and they share your information with us, based on their interaction with you, their purposes, their legal bases, and their privacy policies. In such cases, we take responsibility only for the personal data that we have received.
- We might augment the personal data we have about you with the information that you have provided us directly, with information that others have provided us about you, and with data we’ve collected about you from your use of our Websites (see below).
If you’re a Visitor to our Websites, we might receive some personal data through your device, operating system, and browser, and various hosting, tracking, support, analytics and advertising technologies used on our Websites, such as cookies (see below), Analytics and Advertising technologies, and other technologies. Our Websites do not currently respond to “Do Not Track” signals sent by your browser or device.
3) What Personal Data Do We Process?
If you’re a Contact or Customer of ours, we may collect and process these types of personal data about you:
- Identification information, such as your full name
- Contact details, such as country/time zone, delivery/shipping addresses, billing address, postal codes, phone numbers, email address, language and communication preferences
- Login credentials to create an account, such as an email address and a password
- Shopping data, such as products viewed, products added to shopping cart, product purchased, and order shopping history
- Payment information, such as payment card details (including card number, expiration date, and security code) or other billing information
- Social networking information you’ve shared with us
- Posts, chats, photos and videos shared with us on social networks, for example on our Facebook and Instagram pages
- Testimonials, feedback, rating, and commentaries you’ve shared with us about your experience with Canzon products, or any testimonials, feedback, rating, and commentaries you’ve communicated about us at a third-party website or application that shares such feedback with us
- Any personal data contained in any photos, media, and other files sent to us or shared with us
- Any other personal data you provide us on any communication channel, such as email correspondence, customer support, and phone conversations
We also collect and process these types of personal data about anyone using our Websites:
Usage, logs, analytics, and other devices- and technical data collected when you use our Websites, including device information and identification numbers, operating system information, IP address, browser and session information, browsing history and referrals, cookie information, web beacons, Internet Service Provider (ISP), advertising identification numbers, language information, connectivity information, configuration information, metadata of files, clickstream data and usage information (such as page views, clicks, and time on page).
4) What About Personal Data of Children?
Canzon is providing products to adult consumers and does not intentionally offer its products and services to children under 18 years old. We do not knowingly collect or process information about children. To the extent we’d learn that any information was collected about children, we will delete it immediately. Please contact us (contact details below) if you have any concerns with respect to children’s personal data.
We use various types of Cookies on our Website, including:
- Session cookies, which disappear when you log out and close your browser;
- Persistent cookies, which stay on your device until you or your browser deletes them or until they expire;
- First-party cookies, which are associated with the domain you are visiting; and
- Third-party cookies, which are associated with a different domain other than the one you are visiting.
- Delivery of our Website, Performance, and Analytics to display our Websites, analyze the traffic and usage of our Websites, enable an easy online shopping experience, and improve our Websites and our business
- Security of our Websites, your data, payment processing on our Website, as well as detection and prevention of fraud and malware
- Authentication of your account and credentials
- Marketing and Personalization based on your data and preferences – deliver promotions and ad campaigns, track marketing performance, gather information about your activities on our Websites and other sites in order to provide you advertising based on your browsing activities and interests, both on our Websites and on third-party websites.
Your choices regarding Cookies:
- Web browsers usually accept Cookies from websites you visit automatically, but you can change your browser settings to disable Cookies or ask you before accepting Cookies. You can also delete stored Cookies from your device at any time.
- You may opt-out of receiving personalized advertisements from certain Ad Networks, like Google and Facebook. Even after opting-out, you will continue to see ads, but generic ones.
Please note – if you don’t accept Cookies, our Websites might not function properly.
6) What Are The Purposes for Processing Personal Data? How Is Your Personal Data Used?
Our overarching purpose and goal is to improve our Customers’ well-being by providing our products and services, and to enable the operation of our business.
We may process your personal data for our own business purposes, including:
- Establishing and managing your account, identifying and authenticating you
- Delivering our products and services, including enabling you to discover and purchase products, fulfilling your order, shipping and delivering products to you, and clearing customs
- Providing information about our products, services and our business
- Providing customer support, billing, and invoicing
- Contacting you and communicating with you via any communication channel, including email, phone, SMS, social networks, third-party websites and applications, and other messaging platforms
- Posting and sharing your testimonials and reviews of our products and services
- Analyzing and optimizing Websites traffic and usage
- Improving our Website, products, and services, and developing new offerings
- Protecting our company, staff, Customers, business, and partners
- Protecting our systems and business against attacks, fraud, and other criminal activity
- Complying with any applicable law and assisting law enforcement agencies under any applicable law
- Online advertising in all forms and channels, including targeting you and others who share similar characteristics as you (lookalikes) online on search engines, websites, apps, messaging platforms, social networking platforms, and offline
- Direct Marketing in all forms and channels, including email, SMS, messaging, postal service, and more; you can always opt-out from Direct Marketing by unsubscribing yourself through links on any communication or by contacting us and notifying us accordingly.
We may use anonymous, statistical or aggregated information we collect, in a form that does not enable the identification of a specific individual, by posting, disseminating, transmitting or otherwise communicating or making available such information to Customers, vendors, partners, and any other third party.
7) What Is The Legal Basis For The Processing of Data?
We process personal data based on any or some of the following legal bases:
- Processing is necessary for the performance of a contract with you, or in order to take steps at your request prior to entering into a contract – for example, ordering Canzon products;
- Processing is necessary for compliance with a legal obligation to which we are subject, for example the need to maintain billing and shipping records;
- Processing is necessary in order to protect your vital interests or the vital interests of another person, for example sending products to Customers whose medical and mental condition would improve as a result of using the products, or protecting our staff, or for the establishment, exercise, or defense of legal claims;
- Processing is necessary for the purposes of the legitimate interests pursued by us, for example, the conduct of our business, the delivery of our services, and the promotion of the Company;
- We received your consent to the processing of your personal data for specific purposes communicated in this Policy. If our processing is based on your consent, you can always withdraw your consent by contacting us.
8) Who Is Your Information Shared With?
We may share your personal information with our staff, subsidiaries, parent companies, affiliates, contractors, consultants, resellers, distributors, carriers, and other third-party business partners, to the extent needed for the provision of our services and our operations.
We process your personal data on our servers and computers, but also third-party services, such as cloud hosting services, support systems and services, payment gateways, billing systems, SMS gateways, Email and SMS notification and communication services, and backup systems.
We use additional processors around the world for various processing activities needed for the performance of our Websites, our services, our operations, and our business, and share information with such processors on a need basis. Such processors include hosting and backup providers (such as DigitalOcean and CloudFlare), analytics providers (such as Google, Hotjar, and Drip), website and content delivery technology (such as Magento, WordPress, WordPress plug-ins, WordFence, Elementor, SPF, StackPath Bootstrap CDN, Amazon CloudFront, HoverIntent, Pingback, and Yoast SEO), customer relations management and ecommerce services (such as Magenta, WordPress, and WooCommerce), payment processors and gateways (such as Dimoco, Paytriot, and Klarna), customer support services (such as Zendesk and Zopim), feedback and review services (such as TrustPilot), advertising technology (such as Google, Facebook, Twitter, Outbrain, RevContent, Mantis, Puff Media, and HasOffers), mail, SMS and newsletter services (such as Mailchimp and SendGrid), security technology and services (such as CloudFlare and reCAPTCHA), and more. We limit the information we share with each processor based on the business need in using such a processor, to protect your information while still effectively benefiting from the services of such processors.
We may also share non-personally identifiable information and aggregate information for any purpose. Such data is not personal data, and its sharing cannot be used to identify you.
We may need to share your information with law enforcement agencies, courts of law, and other governmental organizations, if ordered to do so by competent bodies and according to applicable law.
Mergers and Acquisitions
If we are involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part of our business to another company, we may share your information with that company and its advisors before and after the transaction date.
9) How Do We Safeguard Your Personal Data?
We take information security seriously. We implement state of the art security standards to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information. We encrypt our Websites and major data communication transmissions to avoid interception (for example, through SSL encryption and PCI compliance) and securely backup the information on our platforms to avoid data loss. We also implement appropriate organizational measures to protect your information.
We apply our security standards also when working with business and technology partners. We only select and contract with processors and third parties who use appropriate security measures and provide sufficient guarantees, including technical and organizational measures, to ensure the appropriate protection of the data we entrust with them.
Unfortunately, although we make significant efforts to keep your data safe, we cannot fully ensure or warrant the security of your personal information.
10) Do We Transfer Personal Data Internationally?
We store data mostly over the cloud, mainly on Digital Ocean servers in the European Economic Area (EEA) in Germany and Luxembourg. Digital Ocean complies with GDPR in their processing of data on our behalf.
At the same time, our business is international – Our staff may access the data on our platform from our subsidiary’s offices in Israel. Resellers, distributors, and carriers around the world would access your data from their respective country. We serve Customers worldwide and we utilize additional processors and service providers in various countries. Therefore, we transfer, store or otherwise process your personal information in other countries. We take appropriate safeguards in the selection of our processing vendors around the world to require that your personal information is well protected. Despite our efforts, it may be the case that a country where your personal information is processed has different, or less protective, data protection and privacy regulation than the country you live in.
11) For How Long Do We Keep Personal Data?
We keep personal information we collect for different periods, depending on the type of information, for example: the required period for keeping billing records according to Luxembourg law, the span of your subscription service with Canzon, the frequency of your use of our services, and other factors.
Please be aware that third parties with whom we’ve shared your information (other than our data processors), based on the legal bases detailed in this Policy, may retain your information even after we’ve deleted or anonymized any data related to you on our systems. Such data retention by third parties is subject to their privacy policies, purposes, legal bases, agreements with you, and any applicable law. We take no responsibility over third parties’ use of personal data outside of Canzon’s control.
12) What Are Your Rights With Respect to Your Personal Data?
According to the data protection and privacy regulations, or where you live, you may have certain rights with respect to your personal information.
Your rights may include, under certain terms and conditions set in the EU General Data Protection Regulation (GDPR) or other applicable law:
- Right of Access to your personal data processed by us;
- Right to Rectification of inaccurate or incomplete personal data;
- Right to Erasure of your personal data (“Right to be Forgotten”);
- Right to Restriction of Processing for a certain period or under certain conditions;
- Right to Data Portability of your personal data to another data controller in a structured format;
- Right to Object the processing of your personal data. Specifically, you have the right to object further processing of your personal data for direct marketing purposes;
- Right Not To Be Subject to a Decision Based Solely on Automated Decision-Making. We do not make any decisions with legal effect based solely on automated decision-making;
- Right to File a Complaint with the applicable data protection authority in your country.
After deletion or anonymization of your personal data following its retention period, the rights to access, erasure, rectification, and data portability cannot be enforced.
Your personal information is processed based on several legal bases, sometimes including your consent. You can withdraw your consent at any time by contacting us. Other legal bases, including statutory or contractual requirements that apply to you might remain intact even following the withdrawal of your consent.