Unlock UNBEATABLE Member Prices-Join Cabana Club for FREE!

Privacy Policy - Grasscity.com

Grasscity takes your privacy very seriously and treats all personal information with great care. In order to guarantee your privacy Grasscity always acts in accordance with the General Data Protection Regulation (“GDPR”). This document sets out Grasscity’s Privacy Policy. Grasscity therefore recommends that you read this Privacy Policy carefully. The capitalized words are defined in the End User License Agreement and the General Terms.

The Privacy Policy can be downloaded and printed here.

Who is Grasscity?

SJV B.V. and SJV 2 B.V. are companies with limited liability established and existing under the laws of The Netherlands, having their registered office in (1042AC) Amsterdam, the Netherlands, at Gyroscoopweg 64, registered with the Chamber of Commerce under number 55042503 and 34115983. Both companies shall hereinafter jointly be referred to as “Grasscity”. High Tide Inc. is a company established and existing under the laws of Canada, having its registered office in Calgary, Alberta. High Tide Inc. Is the sole owner of Grasscity.

Grasscity offers an online headshop through the Website www.grasscity.com and a forum through the website forum.grasscity.com and the application "Grasscity Community" (hereinafter the “Services”). Through the Website you can order products of Grasscity. The Community may be used to discuss the products of Grasscity and the use thereof.

What information does Grasscity collect and process?

To purchase products on the Website or to read posts in the Community it is not necessary to register an Account. However, it is necessary for Grasscity to obtain certain information from you to process your purchase on the Website and to send the purchased products to you. Also, to be able to participate in the Community it is required that you register an Account.

Required information

In order to process your purchase and to send the purchased product to you, Grasscity requires you to provide the following information:

  • Your full (first and last) name;
  • Company name (optional);
  • Email address;
  • Address;
  • Telephone number;
  • Fax number (optional);
  • Payment information;
  • Account details.

Account

To enjoy a tailored browsing and shopping experience and to participate in the Community you can register an Account on the Website or in the Application. In addition to the required information as listed above the registration process requires you to provide and confirm your password. Grasscity shall send an email to the provided email address to activate your Account. It is therefore imperative that you provide a valid email address.

In your Account you may add (additional) information about yourself. You may also sign up for the Grasscity newsletter and view various data, such as your wish list, invitations and reward points. With your Account you can also post Material in the Community. See the  for more information about posting Material.

Grasscity saves and processes all the supplied information. Note however that the Community allows users to adjust the privacy settings to their Account on their preference. The information that is made public in the Account, such as Material and contact information, may be used by other You can change the information in your Account at any time in your Account.

Automatically generated data

Grasscity requires certain information in order for the Website and the Community to work as optimally as possible (for example, to display the Website and the Community correctly and to keep the Website and the Community secure). That is why Grasscity collects automatically generated data about your use of the Website and the Community. In so far as Grasscity uses this information, the data is always anonymized.

Private Chat data

When you use the private chat function on our website, we may keep a transcript of the conversation to support you better and improve our services. Please do not disclose anything in our private chat that you are not comfortable having accessed by DankStop and our third-party service providers.

For what purposes will Grasscity use information about you?

Grasscity may only process personal data if a valid legal basis exists. Grasscity therefore only processes the abovementioned data if:

  • the processing is necessary for the performance of an agreement with you or in order to take steps at your request prior to entering into an agreement, for example when Grasscity processes data in order to maintain a file for the client or to handle a job application (“fulfilment of agreement");
  • the processing is necessary for the purposes of the legitimate interests pursued by Grasscity or by another person, and those interests outweigh the interests or fundamental rights of the person whose data are concerned, as is the case, for example, when Grasscity uses contact details for sending unsolicited commercial messages for maintaining our business relationships (hereinafter "legitimate interest"); or
  • you have given your consent to the processing (“consent”).

The table below states for which purposes Grasscity processes personal data on you and on what legal basis:

 

Purpose

Legal Basis

Services’ functionality, analytics and security

Legitimate interest (specifically: our business interest, to exploit the Website), where appropriate: consent

Purchases, transactions and delivery of products and services

Fulfilment of agreement

Communicate with you (including as initiated by you: e.g. by email or phone)

 

Legitimate interest (specifically our business interest to communicate with our users and customers), where appropriate: consent

Legitimate interest (specifically: our business interest, our and your interest to respond to your questions and requests)

Age verification Compliance with legal obligation, legitimate interest (specifically: our interest to meet our duty of care, such as particularly in connection to minors)


Use by third parties

Grasscity will not share your personal data with third parties without informing you through this Privacy Policy. At this time, we share your personal data in particular situations with the following categories of recipients.

  1. Grasscity shares your personal data with third parties who help it to complete your orders and process payments. These recipients include banks, fulfillment houses and similar service providers. Your personal data will only be shared with these parties if that is necessary to process your order.
  2. Grasscity shares your personal data with service providers whose services permit Grasscity to provide the Services to you.
  • Grasscity may share your personal data that is collected through the cookies mentioned below with the parties mentioned in section 8 below. We may share your name and email address with [@] for direct marketing purposes, if you opt to receive direct marketing.

Finally, we may disclose your personal data in specific situations with your consent or in case of a legal obligation.

The Services may contain hyperlinks which take you away from the Grasscity environment and to the website or application of a third party. Grasscity has no authority over the services and/or websites of third parties to which is linked on the Website and/or the Community. It therefore may be the case that for the use of those services and/or websites of third parties another privacy policy is applicable. This Privacy Policy is exclusively applicable to the personal data that is obtained through the Services. Grasscity does not accept any responsibility or liability for the (use and/or content of the) services and/or websites of third parties.

How does Grasscity protect your personal information?

Grasscity takes appropriate technical and organizational measures to protect your (personal) information against loss or any form of unlawful use. For example, Grasscity does PCI DDS compatability tests twice a year and its websites are monitored continuously for possible vulnerabilities by services such as McAfee,

Your rights with regard to your personal data

The GDPR gives you the following rights with regard to personal data relating to you:

  1. The right to request whether or not personal data concerning them are processed, and, if this is the case, to get access to these;
  2. The right to request rectification and erasure of these personal data;
  3. The right to object the processing or to ask for a restriction of the processing;
  1. The right to withdraw the consent to the processing, if the processing is based on your consent;
  2. The right to receive your personal data or have this transmitted to an organisation designated by you, in a structured, commonly used and machine-readable format;
  3. Depending on the country where you live, the right to file a complaint with a supervisory authority that monitors the compliance with the rules for the protection of personal data. In the Netherlands, this is the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl).

We will deal with a request in connection with the exercise of these rights in the manner as prescribed by law. However, these rights are not absolute; they do not apply under all circumstances and the applicable rules provide for exceptions. If we do not grant your request, we will explain to you why. In order to exercise these rights, you can send an email to [email protected]. You can also use this email address if you wish to file a complaint about the manner in which we have processed your personal data.

Transfer of data to countries outside the EU

For technical and operational reasons, it may be necessary for your (personal) data to be transferred to (the servers of) companies affiliated to Grasscity located in the United States or other countries outside of Europe. If this is to happen, the information contained in your Account will also be saved in a foreign country. Since legislation concerning data protection may then not offer the same protection as in the European Union, we have taken steps to ensure that there are appropriate safeguards in place when we transfer that your data.

We shall use our best endeavors so that such transfers are conducted in accordance with applicable laws and using adequate and appropriate safeguards. In particular we may rely on the derogations in Article 49 GDPR, such as your consent or necessity to perform the contract between you and Grasscity. Also, we have EU Standard Contract Clauses in place (Article 46(2) GDPR). You can access this documentation on the European Commission website (see here, as updated from time to time).

How long do we retain your personal data

We retain your personal data as long as is necessary for the purposes for which they are processed:

  1. Technical information:
  2. Analytics information: 7 years;
  3. Communications between you and us: 7 years.
  1. Your name and contact information:7 years;
  2. Payment, ordering and invoice information: 7 years.

We determine retention periods based on the relevant purpose for which the personal data is processed.

Cookies

For the collection of (personal) data, Grasscity uses cookies. Cookies are small text files that are placed on the hard drive or in the memory of your computer or mobile device. The cookies that are stored through the Website and Community cannot harm your computer or mobile device, or any files that are saved on this equipment.

Grasscity uses functional cookies. These cookies are necessary to provide the services you request. For instance, functional cookies allow you to proceed through different pages of a website with a single login and they remember selections in language choice, shopping carts and (order)forms that are filled out on the Website.

Besides functional cookies Grasscity uses cookies for the advertisements on the Websites. These cookies store data about your location. Grasscity uses this information to show you advertising particularly targeted at you. Also information is saved about your use of the Website to present you with offers specifically tailored to you on the basis of the products you view or purchase on the Website.

Furthermore Grasscity uses Google Analytics to collect data on the usage of the Website and visits to the Website. Google Analytics stores a permanent cookie on your computer which is subsequently used to register your use of the Website. This data is then analyzed by Google and the results given to Grasscity. This enables Grasscity to get more insight in the way in which the Website is used and, based on this information, to make adjustments to the Website or the provided services.

Google can give this information to third parties if it is legally obligated to do so and/or if third parties are processing the information on behalf of Google. Google cannot use the information for other Google services.

Cookies and similar technologies      

Cookies are files or pieces of information that may be stored in your computer’s hard drive when you visit a website. Grasscity uses cookies to recognize a device when a person visits our Website. We use cookies to better tailor our Website and our products to your interests and needs. Cookies may also be used to help speed up your future activities or improve your user experiences by remembering the information that you have already provided to us. We do not use cookies to retrieve information from your computer that was not voluntarily provided by you (i.e., during membership registration or a contest). The use of cookies is an industry standard and you will find them at most websites. Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to refuse cookies or to alert you when cookies are being sent so that you can flush them from your browser if you object to their presence.

We use cookies on our Website for the following purposes:

  • To make our Website work ("functional");
  • [To map the overall use of our Website ("statistical");
  • To personalize our Website ("personalization");
  • To promote and improve our own services and products and/or to deliver personalized advertisements ("advertising");
  • To integrate with social media platforms ("social media").]

The cookies used by us can be classified in the following categories: necessary and non-necessary cookies.

 

Necessary cookies:

Name

Type

Provider

Purpose

Expiry

NR-data.net

Analytics

Newrelic.com

Server / App Performance monitoring

 

Trustedsite

Analytics

Trustedsite.com

Security

 

Accessibe

Accessibility

Accessibe.com

Accessibility Support

 

 

 

Non-necessary cookies:

Name

Type

Provider

Purpose

Expiry

Ipredictive

Marketing

hellofyllo.com

Advertisement

 

Shop.pe

 

 

Advertising

 

 

Addshoppers.com


Marketing


 

Nosto

Advertising

Nosto.com

Upsell product suggestion

 

Klevu

Advertising

Klevu.com

Track search activity

 

Klaviyo

 

Advertising

Klaviyo.com

 

E-mail marketing

 

 

 

Delete cookies

The consent you have given to store and read cookies, can be withdrawn at any time by setting your browser to disable cookies and/or to remove all cookies from your browser. Please consult the help-function of your browser to learn how you can delete cookies. Please take into account that deleting cookies may cause some parts of the Website and Community to work incorrectly.

Note: refusing or deleting cookies only effects the computer and the browser on which you perform this action. If you use different computers and/or browsers you will need to repeat the above described actions on these computers and/or browsers. If you wish to use cookies, make sure you log-out of your Account when you leave a computer for public use. Also keep your password secret in order to prevent others form using your Account without your consent.

Can this Privacy Policy be changed?

It is possible for the Privacy Policy to be amended in the future. That would then be mentioned on this page, in the Community and/or your Account. It is therefore recommended to regularly have a look at this page, the Community and your Account.

Contact

If you have any questions or would like to exercise the rights described in this Privacy Policy, please do not hesitate to contact us here or by sending an email to [email protected]

 

Last Update: This document is last updated on 08-10-2024 - 11:29AM