Thrive Privacy Policy
Introduction
This Privacy Policy (the “Policy”) describes the type of information that Thrive Dispensary (the “Company,” “we” or “us”) gathers from visitors to the Company website (the “Site”) and users of the services provided on the Site (the “Services”). The Service are intended to permit users to learn about available products, reserve products for pickup, and, at their election, enroll in Company’s loyalty program.
Collection and Use of Personal Information
“Personal Information” means information that can be associated with a particular user. The two charts below detail – separately with respect to the Services and the Site – what Personal Information we collect, how we collect it, and why we collect such Personal Information.
The Site
|
WHAT PERSONAL INFORMATION WE COLLECT |
HOW WE COLLECT THE PERSONAL INFORMATION |
WHY WE COLLECT THE PERSONAL INFORMATION |
|
Account creation information, including name, email address, and password. |
For users who choose to create an account, we ask users to provide their name, email address, and password. |
We use this information to secure a user’s account. |
|
Age |
Upon visiting the Site, we ask users to affirm that they are 21 years of age or older. |
It is necessary for us to limit use of the Site to individuals 21 years of age or older (and adult caretakers of individuals who are eligible to participate in a state medical cannabis program under state law). |
|
Automatic information collection, such as the use of cookies, web beacons, or pixel tags that give information about browsing and search history, as well as interactions with the Site. |
When users access the Site, they are asked to consent to the use of cookies and other forms of automatic information collection. Such collection does not occur if the user does not consent. |
Collection of information about use of the Site and how users come to locate the Site is helpful in improving and promoting use of the Site. |
The Service – Reserve Ahead
|
WHAT PERSONAL INFORMATION WE COLLECT |
HOW WE COLLECT THE PERSONAL INFORMATION |
WHY WE COLLECT THE PERSONAL INFORMATION |
|
Name. |
Users of the reserve ahead functionality are required to enter their name as part of the reservation. The information is collected through the Dutchie Online Ordering System, which is utilized by the Service for the Reserve Ahead functionality. |
It is necessary to match each reservation with the proper customer when the customer arrives at the dispensary to pick up the order. |
|
Mobile phone number. |
Users of the reserve ahead functionality are required to enter their mobile phone number as part of the reservation. The information is collected through the Dutchie Online Ordering System, which is utilized by the Service for the Reserve Ahead functionality. |
We utilize the mobile phone number to provide the user with status updates regarding the reservation. |
|
Birth date. |
Users of the reserve ahead functionality are required to enter their birth date as part of the reservation. The information is collected through the Dutchie Online Ordering System, which is utilized by the Service for the Reserve Ahead functionality. |
It is necessary to match each reservation with the proper customer when the customer arrives at the dispensary to pick up the order, as well as to affirm that the customer is 21 years of age or older. |
|
Preferred pickup time. |
Users of the reserve ahead functionality are required to enter their preferred pickup time as part of the reservation. The information is collected through the Dutchie Online Ordering System, which is utilized by the Service for the Reserve Ahead functionality. |
It is necessary to manage the flow of customers at the dispensary by scheduling preferred pickup times at the dispensary. |
The Service – Loyalty Program
|
WHAT PERSONAL INFORMATION WE COLLECT |
HOW WE COLLECT THE PERSONAL INFORMATION |
WHY WE COLLECT THE PERSONAL INFORMATION |
|
Email address. |
Email address is collected when a user opts in to the loyalty program, and is collected through Social Fire Solutions LLC. |
Email addresses are used to communicate with users regarding updates from the relevant store. |
|
Postal code. |
Postal code is collected when a user opts in to the loyalty program, and is collected through Social Fire Solutions LLC. |
Postal codes are used to determine which store or stores may be nearby and relevant to a user. |
|
Transaction history. |
Transaction history is collected when a user opts in to the loyalty program, and is collected through Social Fire Solutions LLC. |
Transaction history is used to assign loyalty points and progress towards incentives based on purchases. |
|
Opt in date. |
The date on which a user opts in to the loyalty program is collected when a user opts in to the loyalty program, and is collected through Social Fire Solutions LLC. |
Opt in date is used to record the date on which a user opted in to the loyalty program, and to ensure that only users who opt in receive communications through the loyalty program. |
|
Preferred store. |
Preferred store information is collected when a user opts in to the loyalty program, and is collected through Social Fire Solutions LLC. |
Preferred store is used to ensure that users receive information about the store or stores that are nearby and relevant to them. |
We do not share Personal Information, except as explained below under “Sharing of Personal Information.”
Sharing of Personal Information
Third-Party Contractors – We may use contractors (“Service Providers”) to perform limited services on our behalf, such as hosting websites and providing email services. Service Providers are required to obtain only the Personal Information they need to perform the function for which they are hired, to maintain the confidentiality of Personal Information, and not to use Personal Information for any other purpose. Note that certain among our service providers – namely, Dutchie (which is used for the reserve ahead functionality) and Social Fire Solutions LLC (which is used for the loyalty program) – may have their own privacy policies, which you should review and understand.
Compliance with Law and Prevention of Harm – We may disclose Personal Information if we have a good faith belief that such disclosure is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce any applicable terms of service, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to the rights, property or safety of the Company, our users, yourself or the public. We may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Business Transitions – We may share information with businesses that are legally part of the same group as the Company, or that become part of that group. We reserve the right – in the event of a business transition such as a merger – to transfer Personal Information to a new business owner, on the condition that such Personal Information must be treated in accordance with this Policy.
Aggregated and De-identified Data – As noted above, this Policy addresses the collection and sharing of Personal Information, that is, information that can reasonably be connected with a particular user. We may occasionally de-identify and/or aggregate Personal Information – to the extent permitted by law – to the point that it can no longer be associated with a particular user. When that occurs, such information is no longer Personal Information, and is no longer subject to the restrictions described above.
Sale of Personal Information – We do not sell Personal Information.
Users’ Rights Regarding Personal Information
Users of both the Site and the Service have the right to request information about our collection, use, and disclosure of their information (a “Request to Know”), including:
- the categories and specific pieces of Personal Information we have collected about the user;
- the categories of sources from which we have collected the user’s Personal Information;
- the business or commercial purpose for collecting the user’s Personal Information;
- the categories of Personal Information we have sold about the user; and
- the categories of Third Parties with whom we have shared, disclosed for a business purpose, or sold the user’s Personal Information, and which categories of Personal Information we have sold to which categories of Third Parties.
Users of both the Site and Service also have the right to request that we delete their Personal Information (a “Request to Delete”).
Requests to Know
Users may submit a Request to Know by emailing us at [email protected].
Users may submit two types of Requests to Know: (1) A request for the specific pieces of Personal Information that we have collected about you in the past twelve months; or (2) a request for the categories of Personal Information that we have collected about you in the past twelve months, and how we have used and disclosed that Personal Information.
When you submit a Request to Know, we may ask you to provide certain pieces of information in order to verify your identity, such as your name, email address, and phone number. If you submit a Request to Know for the specific pieces of information that we have collected about you, we may also require you to submit a signed declaration under the penalty of perjury stating that you are the consumer whose Personal Information is the subject of the Request to Know.
If we are able to verify your identity, we will respond to your Request to Know by: (a) providing the requested information; or (b) explaining why we are not required to provide the requested information. If we are unable to verify your identity, we will respond by explaining why we cannot verify your identity. We will confirm receipt of your Request to Know within 10 days and will respond to your Request to Know within 45 days. If a response requires additional time, we will notify you of the basis for the delay and may extend our response period up to an additional 45 days.
If we provide the information requested, we will provide the information free of charge and in a readily useable portable format. We have no obligation to provide Personal Information to you more than twice in a 12-month period. If a Request to Know or series of Requests to Know are manifestly unfounded or excessive, we may charge a reasonable fee for processing the Request(s) to Know, or may refuse to process the Request(s) to Know.
Requests to Delete
Users may submit a Request to Delete by emailing us at [email protected]. When you submit a Request to Delete, we may ask you to provide certain pieces of information in order to verify your identity, such as your name, email address, and phone number. If we are able to verify your identity, we will respond to your Request to Delete by (a) deleting your Personal Information and, if applicable, directing any of our Service Providers to delete your Personal Information; or (b) explaining why we are not required to delete your Personal Information. We may choose to delete Personal Information by de-identifying, aggregating, or completely erasing the Personal Information. We will specify the manner in which we delete your Personal Information.
If a Request to Delete or series of Requests to Delete are manifestly unfounded or excessive, we may charge a reasonable fee for processing the Request(s) to Delete, or may refuse to process the Request(s) to Delete.
Protection and Retention of Personal Information
We follow generally accepted industry standards, including the use of appropriate administrative, physical, and technical safeguards, to protect Personal Information. The appropriate administrative, physical, and technical safeguards employed by us may vary depending on the nature of Personal Information collected, with more stringent measures applied to information of a more sensitive nature.
No method of transmission over the Internet or method of electronic storage, however is entirely secure. Therefore, while we strive to use appropriate administrative, physical, and technical safeguards to protect Personal Information, we cannot guarantee its absolute security or confidentiality. Please be aware that certain Personal Information and other information provided by you in connection with your use of the Service or the Site may be stored on your device (even if that information is not collected by us). You are solely responsible for maintaining the security of your device from unauthorized access.
Personal Information will be retained for as long as is reasonably necessary to achieve the purposes set forth in this Policy, and to comply with all applicable laws.
Other Provisions
International Users – Use of the Site and Service is limited to individuals located in the United States of America. The Company and its servers are located in the United States and are subject to applicable local, state, and federal laws. Users who choose to access the Service or the Site do so on their own initiative and at their own risk, and are responsible for complying with all applicable laws, rules and regulations. Users who choose to access the Service or the Site consent to the use and disclosure of information in accordance with this Policy and subject to such laws. We may limit the Service’s or the Site’s availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion. We do not represent or warrant that the Service or the Site, or any part thereof, is appropriate or available for use in any other jurisdiction.
Children’s Privacy – The Service and the Site are neither directed to nor structured to attract Users under the age of 21. If you are under the age of 21, you are not permitted to use the Service or the Site. The Company does not knowingly collect Personal Information from users under the age of 21. If you are a parent with concerns about children’s privacy issues in conjunction with the use of the Service or the Site, please contact the Company at [email protected].
Do Not Track Signals and Collection of Information for Third-Party Advertising – The Company discloses how it responds to “Do Not Track Signals” and whether third parties collect personally identifiable information about users when they use online services. The Company honors “do not track” signals and does not track, use cookies, or use advertising when a “do not track” mechanism is in place. The Company does not authorize the collection of personally identifiable information from our users for third-party use through advertising technologies.
Amendments – We may modify or amend this Privacy Policy from time to time. If we make any material changes, as determined by us, to this Privacy Policy, including in the way in which Personal Information is collected, used or transferred, we will notify you by e-mail to the address specified in your profile or by means of a notice on the Site prior to the change becoming effective.
Contact Information
If you have questions about this Policy, please contact [email protected].
Illinois residents who believe a violation of their privacy rights has occurred may contact the Illinois Department of Financial and Professional Regulation at FPR@[email protected] and the Illinois Department of Public Health at [email protected].
Effective Date
The effective date of this Policy is November 22, 2021.