Cannabiome Website Privacy Policy

Last Updated: July 1, 2020

Thank you for visitng Cannabiome.com (the “Website”) operated by HempFusion Wellness, Inc., a Canadian corporation (“we“, “us“, “our“, or “HempFusion“). We respect your privacy and want to protect your personal information. By visiting the Website directly or through another site, you accept the practices described in this Policy. By using the Website, you further represent and warrant that you (i) are located inside the U.S., or (ii) are located outside the European Union (“EU”) and agree to be bound by U.S. laws. You may not use the Website from the EU. Use of and access to the Website is void where prohibited. 

This Privacy Policy does not apply to websites, applications, or services that display or link to different privacy statements, or to those that are owned or operated by third parties. Please review their respective privacy policies to understand how they process your information. This Privacy Policy does not necessarily apply to any offline collection of your personal information.

1. Children 
We do not knowingly or intentionally collect Personal Information (defined below) from children. If you are under 18 years old, please do not submit any Personal Information to us.

INFORMATION COLLECTION AND USE

2. Types of Information We Collect
When you interact with the Website, we collect and process information that relates to identified or identifiable individuals, devices, or households (“Personal Information”). 

Personal Information does not include information that is:

• Publicly Available – Publicly-available information from federal, state, or local government records. 
• Deidentified or Aggregate information – “Deidentified Information” means information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular individual, and for which HempFusion has implemented technical safeguards and business processes that prohibit reidentification of the individual.  “Aggregate Information” means information that relates to a group or category of individuals, from which individual identities have been removed, that is not linked or reasonably linkable to any individual or household, including via a device. 

We collect and process the following categories of Personal Information (note, specific Personal Information elements listed in each category are only examples and may change):

1. Personal Identifiers. 
   1. During Account (as that term is defined in our Terms of Use) creation you will be prompted to provide identifiers such as name, email address, and password. 
   2. During checkout or subscription, you may provide information like your name, shipping and billing address(es), phone number, email address, and credit card number.
   3. If you choose to contact us on our Website, we will collect your name, phone number, mail, and whatever information you choose to include in your message.
   4. Several locations on the Website permit you to enter your email address for purposes like receiving newsletters, special offers, and notification of new brands, product styles, or products; or to create an Account.
2. Customer Records Information. You may store credit card information in your Account.
3. Internet Activity. We collect the IP from which you access the Website. We may place cookies, web beacons, or other trackers on your browser; see Cookies and Other Technology below for more information. We may also log your internet service provider and date/time stamp.
4. Commercial Information. If you interact with other healthcare providers on our forum, we will store any information you provide. Please do not provide Personal Information on the Website in this manner, however. If you have an Account with us, we may track which products you purchase, the addresses to which you send them, and your purchasing or consuming tendencies. 
5. Support Information. If you contact us for support, we retain information related to your query. We also may collect information offline, for example if you call us to place an order or to ask questions. You might also send us a letter including Personal Information, and this Policy does not discuss or try to predict all such possible Personal Information submission methods or uses.
6. Protected Health Information. 
   1. If you are a Covered Entity, as that term is defined by the Health Insurance Portability and Accountability Act (“HIPAA”), using the Website, you may upload certain PHI (as that term is defined by HIPAA) to the Website, including individually identifiable information related to prescriptions for an individual. 
   2. If you are not a Covered Entity but are paying for a prescription on the Website, we will collect your order(s), payment information, and any other information your health care provider may include.

3. How We Use Your Information

1. Personal Identifiers:  We use Personal Identifiers to provide services you request on the Website, for security, for billing purposes, to fulfill your orders, to communicate with you about your order and about the Website, to suggest other products or services you may find useful, and for internal business purposes. If we encounter a problem when processing your order, we may contact you using information you have provided. We always permit you to unsubscribe or opt out of marketing emails, but because we have to communicate with you about orders that you choose to place, you cannot opt out of receiving emails related to your orders. We also use your Personal Identifiers to administer referral rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by us or our third party partners.
2. Customer Records Information. When you pay on our Website, we require certain financial information (like your bank account or credit card information) in order to process payments, subscription payments, and comply with applicable law.
3. Internet Activity: We use your Internet Activity to improve our Website and services; to market more effectively to you; to understand your interests and preferences on our Website; and to secure the Website. 
4. Commercial and Support Information: We use your commercial information to provide a better, personalized experience on our Website, to understand your interests, to determine your eligibility to set up your Account, to market products or services, to communicate with you about your support requests, and related business purposes. 
5. Protected Health Information. We will use PHI in accordance with the applicable Business Associate Agreement (“BAA”) we have executed with the Covered Entity providing the PHI. In the event a HempFusion representative accesses PHI, such as to ship you products or assist in the management of an account, we will follow the procedures required by BAA. If required, we may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BAA and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BAA and would not violate the HIPAA Privacy Rule. In the event that PHI must be disclosed to a subcontractor or agent, HempFusion will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BAA with respect to PHI, including the implementation of reasonable and appropriate safeguards. We may also use PHI to report violations of law to appropriate federal and state authorities.
   

4. Behavioral Advertising 

We may use third-party advertising companies to help tailor Website content to users or to serve ads on our behalf off the Website. These companies may employ cookies and web beacons to measure advertising effectiveness (such as which web pages are visited or what products are purchased and in what amount). We will not share PHI with any third-party advertising companies.

For example, Facebook collects certain information via cookies and web beacons to determine which web pages are visited or what products are purchased.

The parties that control the processing of Personal Information for behavioral advertising purposes may build a profile of you containing this information, and may be able to identify you across sites, devices, and over time. These services may also track whether you view, interact with, or how often you have seen an ad, or whether you complete a purchase for a good or service you were shown in an advertisement. See your Rights and Choices below for information about how you can limit or opt out of this processing.

5. Personal Information Sharing

We share Personal Information with the following types of recipients:

1. Third Party Service Providers. In connection with our general business operations, Website improvements, to enable certain features, and in connection with our other legitimate business purposes, we may share your Personal Information with service providers who provide certain services or process Personal Information on our behalf. For example, we may use such third parties to contact customers who have not checked out to follow up on abandoned shopping carts or to see if there was a problem with use of the Website. The third-party service providers are not allowed to use Personal Information except for the purpose of providing these services.
2. Affiliates. In order to streamline certain business operations and develop products that better meet the interests and needs of our customers, and to inform our customers about relevant products and other news, we may share your Personal Information with any of our current or future affiliated entities, parent companies, or subsidiaries.
3. Legal Obligations. We may disclose Personal Information in response to requests from law enforcement officials conducting investigations; subpoenas; a court order; or if we are otherwise required to disclose such information by law. We also will release Personal Information where disclosure is necessary to protect our legal rights, enforce our Terms of Use or other agreements, or to protect ourselves or others.
4. Corporate Events. We may acquire or merge with, or be acquired by, another company. We might sell or dispose of some or all of our assets. If that happens, your Personal Information may be disclosed to another company, but that disclosure will be subject to the Privacy Policy then in effect.
5. Marketers. In order to deliver certain advertisements and develop better products, we may share your Internet Activity with trusted third parties for marketing, advertising, or similar business purposes. We may also share non-personal information, such as the number of daily visitors to a particular web page or the size of an order placed on a certain date, with advertising partners. 
6. Consent. We may ask if you would like us to share your Personal Information with other third parties, such as our investors, who are not described elsewhere in this policy, and we may do so with your consent obtained at the time of collection.
7. Social Media. The Website may offer you the ability to share your Personal Information through a social networking website (e.g., Facebook, Twitter), using such site’s integrated tools (e.g., Facebook “Like” button, or Twitter “Tweet” button).  The use of such integrated tools enables you to share personal information about yourself with other individuals or the public, depending on the settings that you have established with such social networking site.  For more information about the purpose and scope of information collection and use in connection with a social networking site or a site’s integrated tools, please visit the privacy policies of the entities that provide these social networking sites.

6. Cookies and Other Technology

“Cookies” are small pieces of information that a website stores on your computer while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (most of which have an expiration date, based on the purpose of the cookie, at which point they self-delete) to provide you with a more personal and interactive experience on our Website. We place three kinds of cookies: essential, advertising, and performance/analytics.

a. Essential Cookies

These cookies are strictly necessary to provide you with the Website and services available through our Website and to use some of their features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Website, you cannot refuse them without impacting how our Website functions. 

b.  Non-Essential Cookies

We use two kinds of non-essential cookies: performance and advertising. You may opt out of non-essential cookies using the cookie banner on the Website.

Non-essential performance cookies help us analyze how the Website is are being accessed and used, enable us to track performance, and secure the Website.  For example, we use those cookies to get insights regarding users and Website performance, such as page speed or to help us customize our Website and services for you in order to enhance your experience. 

Non-essential advertising cookies are used to make advertising messages more relevant to you and your interests.  We sometimes use cookies delivered by third parties to track the performance of our advertisements.  For example, these cookies remember which browsers have visited our Website.  The information provided to third parties does not include Personal Information, but this information may be re-associated with Personal Information after we receive it. This process helps us manage and track the effectiveness of our marketing efforts.

Cookie	What it does	When it’s set	Persistent/Session
Google Tag Manager (Essential)	It provides measurement codes and related code fragments collectively known as tags on the Website or mobile app.	Page Load	Persistent
Google Analytics (Performance)	It collects data on a user’s device, browser, location and ad campaign information. It also records behavior on the web, leading up to visiting the Website and on the Website.	Page Load	Persistent or Session
Facebook Custom Audience (Advertising)	Tracks a user’s ad campaigns and behavior on the web to check for conversions. Also, records agent info such as browser, location, and device.	Page Load	Persistent

We use generally use cookies and similar technologies as follows: 

• for “essential” or “functional” purposes, such as to enable various features of the Website like remembering passwords or staying logged in during your session;
• for social media integration e.g. via third-party social media cookies, when you share information using a social media sharing button or “like” button on our Website, or when you engage with our content on or through a social networking website such as Facebook;
• for analytics purposes, consistent with our legitimate interests in how our Website is used or performs, how users engage with and navigate through the Website, what sites users visit before visiting our Website, how often they visit our Website, whether an email was received or opened, and other similar information; 
• subject to any consent required by law, for the purpose of displaying advertisements via retargeting to those users who have visited our Website, or for targeting advertising to visitors to our Website; and
• subject to any consent required by law, for the purpose of analyzing your feedback on our products on other platforms.

If you’d like to remove or disable cookies via your browser, refer to your browser’s settings. 

Most advertising networks offer you a way to opt out of interest-based advertising. If you wish to limit third parties’ collection of information about your use of our Website, you can opt-out of such at the Digital Advertising Alliance in the US, the Digital Advertising Alliance of Canada in Canada, or the European Digital Advertising Alliance in Europe.  PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE WEBSITE.

7. Rights and Choices 

You may make the following choices regarding your Personal Information. Please contact us using the contact information below, or by logging into your Account.

1. Access to Your Personal Information.  You may request access to your Personal Information by contacting us as described below or by logging into your Account.  We will grant you reasonable access to the information that we have about you as required by law.  

1. Changes to Your Personal Information.  We rely on you to update and correct the Personal Information contained in your Account or contacting us at the address below.  Note that we may keep historical information in our backup files as permitted by law.  If our Website does not permit you to update or correct certain Personal Information, please contact us.

1. Deletion of Your Personal Information.  We will delete your Personal Information from your Account if you request us to do so, but you should note that in many situations we must keep your Personal Information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. 

8. Information Retention 

Subject to the earlier exercise of your Rights and Choices, we will store your Personal Information as long as you have an Account on the Website. We may keep your email as long as you do not request its deletion. We will store your other Personal Information as long as we deem reasonably necessary to provide our goods and services, according to internal policy. Cookies remain on your browser for varying amounts of time; to see how long each cookie is stored, please visit a cookie tracker site, such as www.cookiebot.com. We are developing ways to retain your information for shorter periods and will update this Privacy Policy accordingly.

9. No Sale; Disclosure

We do not sell Personal Information obtained  through the Website.

We disclose the following types of Personal Information to the following kinds of service providers for internal business purposes:

Category	Categories of Third Parties with whom Information is Shared
A. Individual Identifiers and Demographic Information	Website hosts, advertisers, joint venture partners, sales support providers
B. Customer Records	Payment processors, security and IT providers
C. Commercial Information	Advertisers, marketing providers
D. Internet or Network Activity	Website hosts, security and IT providers, advertisers
E. Support Information	Customer service providers

10. Do Not Track

While you may disable the usage of cookies through your browser settings, the Website currently does not respond to all “Do Not Track” signals in the HTTP header from your browser or mobile application due to lack of standardization regarding how that signal should be interpreted. We will update this Policy when that becomes possible.

11. Data Security

HempFusion uses appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BAA. We have implemented safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI that we may access in the course of performing services. Such safeguards include:

 • Maintaining appropriate clearance procedures and providing supervision to assure that our information processing follows appropriate security procedures. All PHI is stored in a secure server according to HIPAA Security Rule guidelines;

• Providing appropriate training for our staff to assure that our staff complies with our security policies;

• Reporting any use or disclosure of PHI not provided for by the BAA and any security incident of which we become aware to the Covered Entity; and 

• Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA. 

After a transaction, your payment information (credit cards, social security numbers, financials, etc.) will not be stored on our servers. While we use industry-standard precautions to safeguard your Personal Information, we cannot guarantee complete security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Account you might have with us is compromised), please immediately notify us of the problem.

12. Updates to this Policy; Contact Information

If we change or update this Privacy Policy, we will post changes on the Website so that you will always be aware of what information we collect, use and disclose. We will also change the “Last Updated” date above. We encourage you to review this Privacy Policy from time to time. If you have any questions about the Privacy Policy, please contact us at our physical address:

1550 Larimer St, Suite 224 

Denver, CO, 80202

info@cannabiome.com 

877.669.4367