Who We Are
This website is operated by Alpha CBD, a CBD products retailer based at 6 Elizabeth Terrace, Widnes WA8 8SE, United Kingdom. When we refer to "we", "us", or "our" in this policy, we mean Alpha CBD.
If you have any questions about how we handle your data, you can contact us at [email protected] or call 07749 923051.
What Data We Collect
We may collect the following personal information when you interact with our website or place an order:
- Your name, email address, and phone number
- Your delivery and billing address
- Payment information (processed securely by our payment provider -- we do not store card details)
- Order history and product preferences
- Information you provide when contacting us via our contact form, email, or phone
- Technical data such as your IP address, browser type, and pages visited (collected automatically via server logs)
How We Use Your Data
We use your personal data for the following purposes:
- To process and fulfil your orders, including delivery and payment
- To respond to enquiries you submit through our contact form or by email
- To send you order confirmations and dispatch notifications
- To improve our website and the products we offer
- To comply with legal obligations, including tax and accounting requirements
We will never sell your personal data to third parties. We do not send marketing emails unless you have specifically opted in to receive them.
Lawful Basis for Processing
Under UK GDPR, we process your personal data on the following legal bases:
- Contract: Processing necessary to fulfil orders you have placed with us
- Legitimate interest: Improving our services and website functionality
- Legal obligation: Retaining transaction records as required by UK tax law
- Consent: Where you have opted in to receive marketing communications
Data Sharing
We may share your personal data with the following third parties, only to the extent necessary to provide our services:
- Delivery and courier companies, to dispatch your orders
- Payment processors, to handle transactions securely
- Web hosting providers, who store our website data on UK or EEA-based servers
We require all third-party service providers to handle your data in accordance with UK data protection law. We do not transfer personal data outside the UK or European Economic Area without appropriate safeguards in place.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Order records are kept for six years to comply with UK tax and accounting requirements. Contact form submissions are retained for 12 months unless a longer period is required to resolve an ongoing enquiry.
If you request deletion of your account or data, we will action this within 30 days, unless retention is required by law.
Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:
- Right of access: You can request a copy of the personal data we hold about you
- Right to rectification: You can ask us to correct any inaccurate or incomplete data
- Right to erasure: You can request that we delete your personal data, subject to legal retention requirements
- Right to restrict processing: You can ask us to limit how we use your data in certain circumstances
- Right to data portability: You can request your data in a structured, machine-readable format
- Right to object: You can object to our processing of your data where we rely on legitimate interest
To exercise any of these rights, contact us at [email protected]. We will respond to your request within one month.
Cookies
Our website uses essential cookies that are necessary for the site to function correctly. These do not track your browsing activity across other websites. We do not use advertising or third-party tracking cookies.
If we introduce non-essential cookies in the future, we will update this policy and provide you with the option to accept or decline them.
Security
We take the security of your personal data seriously. All data transmitted through our website is encrypted using SSL/TLS technology. We regularly review our security practices to ensure your information remains protected. Payment card data is processed by PCI DSS-compliant payment providers and is never stored on our servers.
Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at [email protected].
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any significant changes will be posted on this page. We encourage you to review this policy periodically.
Last updated: January 2024