Who’s Who and What This Privacy Notice Covers
Let’s talk first about who we are at CannaHeal, what we do, and what this Privacy Notice covers. We are the folks behind a variety of products and services designed to allow anyone–from medical marijuana patients to cannabis enthusiasts, to anyone who wants a high-quality experience-to have full control over the session however they want.
We collect information about visitors to our Users’ Sites in a few different ways–we collect certain information that the visitors provide to the Site, we collect some information automatically, and we collect any information that our Users provide to us about their visitors.
We’ll start with information that visitors provide directly to a Site, which primarily happens when visitors type into a text field on a Site, like a comment field or a sign-up form. Our Users may also implement other ways to allow Site visitors to provide information directly through their Sites. Here are the most common ways in which a visitor directly provides information to a Site:
- Follower and Subscriber Information: When a visitor signs up to follow or subscribe to our Site, we collect the sign-up information requested by the Site, which typically includes an email address.
- Site Comments: When a visitor leaves a comment on a Site, we collect that comment, and other information that the visitor provides along with the comment, such as the visitor’s name and email
- Order and Shipment Information: If a visitor orders something (hooray!) from our Site using our ecommerce store, we may collect information to process that order, such as credit card and billing information, and an address for shipping the package along to the recipient and calculating applicable taxes. We may also use this information for other purposes on behalf of our Users–for example, to send marketing and other communications from our Users to their customers, and to provide our User with analytics information about their ecommerce site (e.g., the number of orders from particular geographic areas).
- Other Information Entered on the Site: We may also collect other information that a visitor enters on the Site–such as a contact form submission, a search query, or Site registration.
We also automatically collect some information about visitors to a Site. The information we automatically collect depends on which of our services the Site uses. We’ve listed examples below:
- Technical Data from a Visitor’s Computer and Etcetera: We collect the information that web browsers, mobile devices, and servers typically make available about visitors to a Site, such as the IP address, browser type, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information.
- Visitor Interactions: We collect information about a visitor’s interactions with a Site, including the “likes” and “ratings” left by visitors to our Site.
- Location Information: We may determine the approximate location of a visitor’s device from the IP address. We collect and use this information to, for example, tally for our Users how many people visit their Sites from certain geographic regions.
- Akismet Commenter Information: We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address…oh, and the comment itself, of course).
We also collect any other information that our Users provide to us about visitors to our Site.
We may share information collected about Site visitors in the limited circumstances spelled out below:
- Subsidiaries, Employees, and Independent Contractors: We may disclose Site visitor information to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our services to our Users and their Sites, or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Notice for information about visitors that we share with them.
- Third Party Vendors: We may share Site visitor information with third party vendors who need to know this information in order to provide their services to us. This group includes vendors that help us provide our services to our Users and their Sites. We require vendors to agree to privacy commitments in order to share information with them.
- Legal Requests: We may disclose Site visitor information in response to a subpoena, court order, or other governmental request. For more information on how we respond to requests for information, please see our Legal Guidelines.
- To Protect Rights, Property, and Others: We may disclose Site visitor information when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Automattic, our Users, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Automattic goes out of business or enters bankruptcy, Site visitor information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Notice would continue to apply to Site visitor information and the party receiving this information may continue to use this information, but only consistent with this Privacy Notice.
- Information Shared Publicly: Information that visitors choose to make public is–you guessed it–disclosed publicly. That means, of course, that information like visitor comments and “likes” are all available to others, including information about the visitor that is displayed in connection with a comment or “like”. We provide a “firehose” stream of public data (including comments) from Sites to provide that data to firehose subscribers, who may view and analyze the content, but do not have rights to re-publish it publicly. Public information may also be indexed by search engines or used by third parties.
If we are not legally required to keep it, we generally discard information about Site visitors when no longer needed for the purposes for which we collect and use it on behalf of our users — those purposes which are described in the “How We Use Visitor Information” section above.
For example, we keep the web server logs that record information about a visitor to one of our user’s Sites — such as the visitor’s IP address, browser type, and operating system — for approximately 30 days. We retain the logs for this period of time in order to, among other things, investigate issues if something goes wrong on a user’s Site.
As another example, when a Site visitor views your Site we use their IP address in order to update your Site Stats with information about their visit, like what country they are in. We keep that IP address for approximately 30 days to give us time to calculate your monthly Site Stats and address any issues with those counts.