Apothem Privacy Notice and Policy
Reference in this Privacy Notice to “us”, “we”, “our”, means the applicable Apothem company with whom you have an agreement or with whom you have provided your personal data to. Providing any data including your personal data to one of the Apothem companies does not automatically mean that all other Apothem companies have received it although Apothem does share personal data with other group companies as provided for below. More details about the Apothem group of companies are outlined in section 1.1 below as may be updated from time to time.
The applicable Apothem company that collects your data is the data controller for the purposes of this Privacy Notice. This Privacy Notice applies only to third parties using or accessing our website or sub-domains and does not apply to employees or candidates for employment, which is covered by a separate Privacy Notice for such purposes.
This Privacy Notice gives you detailed information on when and why each applicable member of Apothem collects your personal data, what personal data we collect, how we use it, and how we keep it secure. It also sets out some information about your rights and how you can complain, either to us or to the Information Commissioner's Office in the United Kingdom or if you have dealings with a specific Apothem company outside of the United Kingdom, the applicable Supervisory Authority in that country.1. Who are we and how can you contact us?
1.1 Apothem Labs Limited (company number 11776595) and its parent company, Apothem Research Limited (company number 11468473) are both private limited companies incorporated in England and Wales. We are a data controller in the United Kingdom. The whole of the Apothem group of companies regard the UK Information Commissioner’s Officer as the Lead Authority for the purposes of data protection compliance.
Any questions regarding this Privacy Notice, our privacy practices, or any information we hold about you can be sent to us by:
- email: firstname.lastname@example.org; or
- telephone: + (44) 020 7903 6995
2.1 Some of the information we collect about you can be used to identify you. This type of information is defined as "Personal Data" under the UK Data Protection Act 2018 and/or the EU General Data Protection Regulation (EU) 2016/679 ("GDPR") as amended or replaced by legislation applicable in the country of domicile of the applicable Apothem company (“Data Protection Laws”). In this Privacy Notice we use the words "Personal Information" to talk about your Personal Data.
2.2 We collect your Personal Information:
(a) when you email, call us, text us or write to us or provide us with information in any other way, including by interacting with us via social media such as Facebook, Twitter, Pinterest, WhatsApp, YouTube, Google+ or Disqus;
(b) when you visit, or make enquiries, register, send any messages and/or purchase or receive products from us through the Apothem Website ("Website") and/or through or via any third party e-commerce or other platform (“eCommerce”);
(c) when you make any payments to us or we make any credit payments back to you;
(d) when you use any of our products or services;
(f) when you provide information to us in connection with any provision by Apothem of any goods or services to you, though whatever means and when you chose to receive any marketing communications from us or our selected partners.3. What types of Personal Information do we collect and process?
3.1 We process the following kinds of Personal Information if you provide it to us:
(a) Information about you, including your name, title, postal address, telephone number(s) and email/IP address, gender, age, location, occupation, computer or device information, use of CBD or other products, including why it was used and the benefits of use to you and what other wellness brands you like (including sensitive/special category personal data where relevant and only where we have your permission).
(b) Information about you which the applicable Apothem company needs to collect in order to assess your needs, wishes, allergies and use of any of the Apothem products or services including those of trusted Apothem partners which may be of interest to you.
(c) Information you provide as part of purchasing any products (or any other service) or relating to us or any service or product that we provide including from our chosen partners, including billing and shipping address(es) and information.
(d) Information you provide to us during communications you have with us and with our staff and agents, whether by email, social media, push notification, post, telephone, in person or through our Website, for example comments or queries or other information concerning the products and services we provide.
(e) Financial and payment information if relevant to the services or products that we provide including if applicable, payment details.
(f) Credit and anti-fraud data including credit history, credit score, sanctions and any information to ensure that a crime is not committed, and information received from various anti-fraud databases relating to you.
(g) Information about your use of our Website or any other website including any eCommerce website or platform and also any information concerning the Shopify supported merchants that you visit and all information about your browser and device usage.
(h) details of any other means of communication you use to contact us.
4.1 We collect and use your Personal Information for the following purposes:
(a) To provide our products and services in accordance with our contractual obligations (and/or in anticipation of them or for marketing purposes), for market research and also to keep you updated with your account and purchase of any products or services or where it is in our legitimate interest to do so in order to provide either products or other services, including:
(i) to provide quotes or prices to you and to set you up as a client and to process orders and payments; and
(ii) to process and to manage orders; and
(iii) to provide other services to you which you have agreed to receive under any contract that we both enter into together or with our chosen partners.
(b) To communicate with you via email, post, text, push notification, social media, web chat or web message or any other communication method and to answer your questions and enquiries, in accordance with our legitimate interest to provide our products and services and manage any account with you.
(c) To update our records and for audit purposes, in accordance with our legitimate interest to provide products and other services.
(d) To prevent or detect fraud, in accordance with our legitimate interest to provide products and/or other services.
(e) Where legally required or where it is in our legitimate interests to provide products, marketing and/or other services and also to comply with requests from law enforcement and regulatory authorities.
(f) to improve our website and understand how to enhance your use and experience of it.
If you do not provide your Personal Information to us, we may be unable to provide you with our products and/or services.5. How do we share your Personal Information?
5.1 For the purposes specified above, the Personal Information that you provide to us (including any sensitive personal data as appropriate and permitted by you) may be shared with:
(a) our directors, contractors, consultants, employees, workers, agents and professional advisors;
(b) our chosen selected partners, including eCommerce partners;
(c) our distribution and fulfilment houses and manufacturers or suppliers of our products and services;
(d) credit or checking agencies and payment providers who process payments and refunds;
(e) our other service providers, including Shopify;
(f) organisations such as the Food Standards Agency (including any equivalent regulatory body elsewhere) and other regulatory authorities where we are required to do so by law or regulation and any relevant authority for the purposes of regulatory compliance, collection of taxes or duties and the detection of crime;
(g) prospective buyers or investors or providers of finance in the event Apothem wishes to attract investment, funding or to sell all or part of its business;
(h) our cloud service providers who host any of our services and any accounting provider, marketing or communications provider and any analytical firm.
(i) other companies within the Apothem group of companies, for the purposes of (i) developing our services and enhancing them; (ii) reporting, management control, audit and accounting purposes and (iii) for corporate governance, legal and regulatory purposes.6. Where do we store your Personal information?
6.1 We store your Personal Information on our servers, which are managed by us or provided to us under an enforceable contract and are located within the UK and/or EEA. However, we reserve the right to process your Personal Information outside of the UK and/or EEA but will only do so, where we have in place adequate legal measures to protect that Personal Information, as provided for at section 8.3 below.7. How long do we retain your Personal Information?
7.1 We will keep your Personal Information only for so long as is necessary and for the purpose for which it was originally collected. In particular, we will keep your Personal Information for so long as there is any possibility that either you or we may wish to bring a legal claim under a supply agreement or under any other agreement with you, or where we are required to keep your Personal Information due to legal or regulatory reasons and have a lawful basis to do so.
7.2 Depending on the record types and our relationship with you, retention periods range from a short period which may be days or weeks or months but up to seven years or for the period during which you request our services or as we are required under applicable law and regulation, whichever is the longer period of time.
7.3 If you would like more detailed information about our retention policy, please email us at email@example.com. How do we protect your data?
8.1 We aim to keep your Personal Information secure. In order to prevent unauthorised access or disclosure, we use appropriate physical, technical and organisational measures to keep the Personal Information we collect secure. Our service providers are required to do the same.
8.2 Unfortunately, transmission of information via the internet or other means is not completely secure. Although we will do our best to protect your Personal Information once we receive it, we cannot guarantee the security of your Personal Information transmitted to our Website, any eCommerce website or through other electronic media; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to try to prevent unauthorised access or loss in accordance with Data Protection Laws.
8.3 We may need to transfer your data to Apothem group affiliates or our suppliers’ sub-contractors, eCommerce websites which are located outside of the European Economic Area (EEA) and/or UK. Those transfers would always be made in compliance with the relevant legislation. If you would like further details of how your personal data would be protected if transferred outside the UK/EEA, please email us at firstname.lastname@example.org. Your acceptance of this Privacy Notice comprises your agreement to this transfer outside of the UK/EEA.9. Your rights
9.1 You have a right to access your Personal Information to check that the information we hold about you is accurate and that it is being processed lawfully, and to request that it is corrected if you think it is inaccurate (see "How you can access and update your Personal Information" below).
9.2 You have the following rights:
(a) to ask us to restrict the processing of your data (meaning that we could store it but not use it);
(b) to object to how we use your data; and
(c) to request that we delete your data.
Our response will depend on the circumstances and our legal obligations, including our obligations under Data Protection Laws.
9.3 You also have the right to ask us to "port" (transfer in an electronic format) personal data to another service provider if it is stored electronically, we received it from you, and if we are processing it on the grounds of your consent or for the performance of a contract.
For more information about your rights please see: https://ico.org.uk/your-data-matters/ or enquire of your local Supervisory Authority.
10. How can you access and update your Personal Information?
10.1 The accuracy of your Personal Information is important to us. You have the right to get information held about you by us corrected or removed if you think it is inaccurate.
10.2 If you have any concerns about the accuracy of your Personal Information, or if you would like us to remove the Personal Information, we hold about you, please let us know using the below contact details.
10.3 You can request full details of Personal Information we hold about you, including a copy of it by contacting email@example.com. Please include a description of the information you would like to see, together with proof of your identity (a copy of your driving licence or passport and a recent utility bill). Please confirm in your email to us that you consent to us using your identity documents in order to check your identity, since in some cases it is possible that identity documents could reveal racial or ethnic origin or religion. We will delete your identification information after we have completed responding to your request and you have confirmed that you are satisfied with our answers.11. Complaints to the ICO or other Supervisory Authority
11.1 If you are unhappy with the way that we treat your Personal Information please contact us and we will work with you to resolve your issue. You also have the right to contact the UK data protection authority, the Information Commissioner's Office ("ICO"). You can contact the ICO through its website: https://ico.org.uk/global/contact-us/. You can also call the ICO helpline from the UK on 0303 123 1113, or +44 1625 545 700 if calling from outside of the UK.12. Governing Law and Changes to this Privacy Notice
12.1 This Privacy Notice is governed by the law of England and Wales and the parties submit to the exclusive jurisdiction of the English Courts in respect of any of it. Any changes we may make to our Privacy Notice in the future will be posted on our Website.