Privacy Policy
Last Updated: [January 7, 2025]
Version 1.2
đź“‘ Table of Contents
- Information We Collect
- How We Use Your Information
- Legal Bases & Your Rights
- 3.1 GDPR (EU) Rights
- 3.2 CCPA/CPRA (California) Rights
- 3.3 COPPA (Under-13) Safeguards
- 3.1 GDPR (EU) Rights
- Cookies & Tracking Technologies
- Automated Decision-Making & Profiling
- Information Sharing & Disclosure
- Third-Party Data Processors
- Data Retention Schedule
- Data Security Practices
- Data Breach Notification
- International Transfers
- Changes to This Policy & Version History
- Contact & Supervisory Authority
1. Information We Collect
a. Information You Provide
- Registration, newsletter sign-ups, comments, tips, form submissions
- Payment details if you purchase directory listings or sponsored content
b. Information Collected Automatically
- Usage data (pages viewed, session duration, click paths)
- Cookies, web beacons, device identifiers
c. Information from Third-Party Sources
- Social login details (e.g., Google, Facebook)
- Analytics and advertising partners (e.g., Google Analytics)
2. How We Use Your Information
- Operate & Improve the Site: Deliver content, diagnose issues, personalize your experience
- Communicate: Send newsletters, marketing, survey requests
- Legal Compliance & Safety: Prevent fraud, respond to legal requests, enforce our Terms
- Business Purposes: Mergers, acquisitions, site analytics
- If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
- For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
3. Legal Bases & Your Rights
3.1 GDPR (EU) Rights
If you’re in the EU, we process data under:
- Consent (e.g., newsletter opt-in)
- Legitimate Interests (site analytics, fraud prevention)
- Contractual Necessity (fulfilling paid services)
You have the right to: access, rectify, erase, restrict processing, data portability, object to profiling, and withdraw consent. To exercise, contact our DPO at [[email protected]].
3.2 CCPA/CPRA (California) Rights
California residents may:
- Know what personal information we collect, use, share, or sell
- Delete personal information we hold (with legal exceptions)
- Opt-Out of the “sale” or “sharing” of personal information
- Limit use of sensitive personal data
To submit a request, visit Do Not Sell My Info or email us at [[email protected]]. We verify requests by matching account details; responses are provided within 45 days.
3.3 COPPA (Under-13) Safeguards
We do not knowingly collect data from children under 13. If we learn that we have, we will promptly delete it. Parents may request deletion by contacting us at [[email protected]].
4. Cookies & Tracking Technologies
We use cookies and similar tech to remember preferences, analyze traffic, and deliver personalized ads. You can manage or disable cookies via your browser settings; note that disabling may impact functionality. See our Cookie Policy for details.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
5. Automated Decision-Making & Profiling
We use analytics and advertising tools that may profile your interests to serve tailored content or ads. You may opt out by disabling cookies or using browser Do-Not-Track settings.
6. Information Sharing & Disclosure
We do not sell your personal data. We may share it:
- With service providers (hosting, email, analytics) under confidentiality agreements
- To comply with legal obligations (subpoenas, court orders)
- In business transfers (merger, acquisition) with confidentiality covenants
- Media – If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
- Embedded content from other websites – Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
- If you request a password reset, your IP address will be included in the reset email.
7. Third-Party Data Processors
Key partners include:
- Google Analytics (analytics.google.com)
- Kit (kit.com)
- Stripe (stripe.com)
All processors are bound by Data Processing Agreements requiring GDPR-level protections.
8. Data Retention Schedule
| Data Type | Retention Period |
| Newsletter sign-up & email logs | 1 year after last interaction |
| User account data | Until account deletion + 6 months backup |
| Comments & tips | Indefinitely, unless removal requested |
| Analytics & cookie IDs | 24 months |
| Transaction records (paid listings) | 7 years (tax/legal compliance) |
9. Data Security Practices
We employ:
- Encryption in Transit: TLS 1.2+ for data transfer
- Access Controls: Role-based permissions, MFA for admin access
- Regular Audits: Quarterly security reviews and vulnerability scans
10. Data Breach Notification
In the event of a data breach, we will:
- Investigate and contain the incident promptly
- Notify affected users within 72 hours of confirmation via email and/or site banner
- Report to supervisory authorities as required by law
11. International Transfers
Data may be stored or processed outside your country. We safeguard transfers via Standard Contractual Clauses or equivalent measures to ensure continued protection.
12. Changes to This Policy & Version History
We may update this Policy periodically. Material changes will be highlighted via email or a prominent banner.
| Version | Date | Notes |
| 1.0 | 12/10/2024 | Initial release |
| 1.1 | 12/15/2024 | Added CCPA/CPRA and GDPR sections |
| 1.2 | 01/07/2025 | Expanded breach & retention details |
13. Contact & Supervisory Authority
Privacy Inquiries & Requests:
- Email: [[email protected]]
- Address: 939 W North Ave, Chicago, IL 60642
EU DPO Contact: [[email protected]]
California CCPA Office: [[email protected]]
If you believe your rights have been violated, you may lodge a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France, or the California Attorney General).
Thank you for placing your trust in CannaBusinessNews.com. We are committed to protecting your privacy and keeping your data secure.
