On the Green LLC Data Privacy Policy and Data Privacy Notices Effective date: April 2nd 2020




1. Introduction

We are On The Green LLC (“Company”, “Us”, “We”) registered in California with file number 201922110170 of 550 W Date Street, Unit 615, San Diego CA 92101 USA.

This page sets forth our Privacy Policy and explains the obligations of the Company regarding data protection and the rights of parties in relation to their data (such as and without limitation: staff, customers and business contacts) in respect of their personal information. The Policy also sets forth the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal information.

The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company. If you are a resident of California USA, you should refer to our section 14 “California Residents” below.

If you are a resident of the United Kingdom or the European Economic Area (meaning all European Union member states together with Norway, Lichtenstein and Iceland) you may have additional rights to those set out in this Policy. In that case you should refer to our associated company website: https://www.onthegreencbd.co.uk/.


2. Types of data collected

We collect several different types of information for various purposes to provide and improve our Service to you:

Personal Data

Whenever engaging with Us, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information includes:

· Email address

· First name and last name

· Phone number

· Address, State, Province, ZIP/Postal code, City

· Financial/billing information (not stored by Us).


We use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you.


You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send. Marketing consent is not required as a condition of use of any of our products or services.


Usage Data

We may also collect information on how our website is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s IP address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.


Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our website and hold certain information.


Cookies are files with a small amount of data, stored on your device that may uniquely identify your browser and collect certain anonymous information about you, and which are necessary to provide the functionality of our Service and websites (such as for authentication) or, with your opt-in consent, help us analyze our web page flow, customize our products and services, measure promotional effectiveness, and promote trust and safety. Certain features are only available through the use of cookies.


You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.


Examples of Cookies we use:

· Session Cookies. We use Session Cookies to operate our website.

· Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

· Security Cookies. We use Security Cookies for security purposes.


You can view the Cookie Policy page on our website which provides further detail on what information we gather, how we use it and why we sometimes need to store these cookies.


3. Use of data

We use the collected data for various purposes:

· To provide and maintain our website, products and services.

· To notify you about changes to our products and services.

· To allow you to participate in interactive features of our website when you choose to do so.

· To provide customer support.

· To gather analysis or valuable information so that we can improve our products and services

· To monitor the usage of our Service

· To detect, prevent and address technical issues

· To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.


We are not in the business of selling personal data to third parties, in the course of providing our products and services, or otherwise.


4. Retention of data

We will retain your Personal Data only for as long as we have a legitimate business or legal need to do so. Our retention periods depend on the type of data and its purpose.


We will retain your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), to resolve disputes, and to enforce our legal agreements and policies.


We will retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.


5. Transfer of data

Your information, including Personal Data, may be transferred to— and maintained on— computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.


We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with these Data Privacy Notices and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.


6. Disclosure of data

Business transaction:

If we are involved in a merger, acquisition or asset sale (“Transaction”), your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy or Data Privacy Notices. In the eventuality of this event taking place you will be informed about the Transaction and new Privacy Policy or Data Privacy Notices as required by law at the time of the Transaction.


Legal requirements:

We may disclose your Personal Data in the good faith belief that such action is necessary:

· To comply with a legal obligation

· To protect and defend our rights or property

· To prevent or investigate possible wrongdoing in connection with the Service

· To protect the personal safety of users of the Service or the public.

· To protect against legal liability.


7. Security of data

The security of your data is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable, best practice, and state-of-the-art means to protect your Personal Data, we cannot guarantee its absolute security.


8. Your rights

We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.


Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.


If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.


You can submit a justified request:

· To access and receive a copy of the Personal Data we hold about you.

· To rectify any Personal Data held about you that is inaccurate.

· To request the deletion of Personal Data held about you.


You have the right to data portability for the information you provide to us. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it.


You may exercise your right to object, if no opt-out mechanism is otherwise made available to you (including objecting to the basis of use for the purpose of our legitimate interest), by sending an email to us.

Please note that we may ask you to verify your identity before responding to such requests.


9. Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.


These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.



We may use third-party Service Providers to monitor and analyze the use of our Service.


Behavioral remarketing:

We may use remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.


Image manipulation:

We may use third-party software Service Providers to manipulate images and PDFs that you may upload to the Service. Images and PDFs provided to our third-party image manipulation Service Providers could include Personal Data, and we use our best endeavors to ensure that they adhere at least to the same standards of data privacy as our own.



We may use third-party software Service Providers for sending and receiving email, SMS, push messages and support interactions. Messages provided to our third-party messaging Service Providers could include Personal Data, and we use our best endeavors to ensure that they adhere at least to the same standards of data privacy as our own.



We may provide paid products and/or services within our website. In that case, we use third-party services for payment processing.


We will not store your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.


10. Links to other sites

Our website may contain links to other sites that are not operated by Us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy and Data Privacy Notices of every site you visit.


We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.


11. Children’s privacy

Our website does not address anyone under the age of 16 (“Children” or “Child”). Additionally, if you are under the age of majority in your jurisdiction (most commonly, 18 years of age), you represent that your parent or legal guardian has reviewed and agreed to this Policy.


We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your Child has provided Us with Personal Data, please contact Us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.



12. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.


We will let you know via email and/or a prominent notice on our website, prior to the change becoming effective and update the “Effective date” at the top of this Privacy Policy.


You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.


13. Contact us

If you have any questions or requests in relation to this Privacy Policy, please contact us by email or any other method of communication set forth on our website.


14. California Residents

The California Consumer Privacy Act (“CCPA”) applies to you if you are a “Consumer” as defined by that Act. The CCPA defines a consumer as either an individual who is in the State for other than a temporary or transitory purpose or an individual who is domiciled in the State who is outside the State for a temporary or transitory purpose. Therefore, California law may provide you with certain rights regarding our use of your personal information.


We set forth below the provisions which we believe apply in our dealings with you, but it is your responsibility to check the full provisions of the Act which you can find here on the website of the State of California Department of Justice.


14.1 “Do Not Track” under the CCPA:

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. We are not aware of any processes for others collecting personal information about your activities on our websites over time and across third party websites, apps, or other online services, nor do we knowingly collect information about your activities over time across third party sites and services.

14.2 “Do Not Sell My Personal Information” under the CCPA: As we set forth in section 3 “Use of Data” above, we are not in the business of selling personal data to third parties in the course of providing our products and services, or otherwise. Further, the CCPA gives you a specific right to require Us not to sell your personal information, and you may so indicate your preference by checking this box in a document that identifies you to Us:


Do Not Sell My Personal Information


14.3 CCPA – General Preamble:

Terms defined in the CCPA have the same meaning when used in this Policy. Note that provision of this CCPA notice is not an admission on our part that we are a “business” within the meaning of the CCPA, and nothing in this Policy may be construed as such an admission.

This notice to you is effective upon the effective date of enforcement of the CCPA, which took place on January 1, 2020.

14.4 Personal information we collect:

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person (“Personal Information”) that falls within the following categories of personal information, and have done so within the last 12 months:


Category Information Collected

Identifiers A real name, postal address, unique identifier, online identifier, Internet Protocol address, email address, and account name.

Personal Information categories listed in

the California Customer Records statute

(Cal. Civ. Code § 1798.80(e)) A name, address, telephone number, financial and business information.

Commercial information Records of services purchased, obtained, or considered, or other transaction histories.

Internet or other similar network activity A consumer’s interaction with a website.


Personal Information does not include:

(a) publicly available information from government records;

(b) deidentified information or aggregate consumer information;

(c) information excluded from the CCPA’s scope; and

(d) personal information covered by certain sector-specific privacy laws.


We obtain the categories of Personal Information listed above from the following categories of sources:

· directly from you or publicly available sources. For example, from forms you complete or products and services you purchase or sell, or from information you choose to display in publicly accessible social media accounts.

· indirectly when you use our services (eg cookies when using our website).


14.5 Our use of Personal Information:

We may use or disclose the Personal Information we collect for the purposes set forth in this Policy, and one or more of the following business purposes:

· to fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote

or ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you provide your Personal Information to purchase a product or service, we will use that information to process your payment and facilitate delivery,

· to provide, support, personalize, and develop our website, products, and services,

· to create, maintain, customize, and secure your account with Us.

· to process your requests, purchases, transactions, and payments and prevent transactional fraud,

· to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses,

· to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our sites, third-party sites, and via email or text message (with your consent, where required by law),

· to help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business,

· for testing, research, analysis, and product development,

· to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations,

· as described to you when collecting your Personal Information or as otherwise set forth in the CCPA,

· auditing related to a current interactions and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards,

· detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity,

· debugging to identify and repair errors that impair existing intended functionality,

· to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Us is among the assets transferred.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice. We will not sell Personal Information (other than in connection with a sale of business or merger as explained above).

14.6 Sharing personal information:

We may disclose any or all of the categories above of your Personal Information to a third party for a business purpose, as set forth in section 9 “Service Providers” above, and we have done so in the last 12 months. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the Personal Information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.

We disclose your Personal Information for a business purpose to the following categories of third parties:

• third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Information in the same way as set out in this Policy,

• any other third parties to whom you have permitted us to disclose your personal information,

• as set forth in this Policy.


14.7 Your rights and choices:

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

· the categories of Personal Information we collected about you,

· the categories of sources for the Personal Information we collected about you,

· our business or commercial purpose for collecting or selling that Personal Information,

· the categories of third parties with whom we share that Personal Information,

· the specific pieces of Personal Information we collected about you (also called a data portability request),

· if we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing: (a) sales, identifying the personal information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.


14.8 Deletion request rights:

You have the right under the CCPA to request that we delete any of your Personal Information that we have collected and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request (see below), we will delete (and direct our service providers to delete) relevant Personal Information from our records, unless an exception applies.

We may deny California residents’ deletion request if retaining the information is necessary for us or our service provider(s) to:

· complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with the requesting individual, or otherwise perform our contract with a requesting individual,

· detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities,

· debug products to identify and repair errors that impair existing intended functionality,

· exercise free speech, ensure the right of another to exercise their free speech rights, or exercise another right provided for by law,

· enable solely internal uses that are reasonably aligned with consumer expectations,

· comply with a legal obligation,

· make other internal and lawful uses of that information that are compatible with the context in which you provided it.


14.9 Verifiable consumer request:

To exercise the access, data portability, and deletion rights under the CCPA described above, please submit to Us a verifiable consumer request by email to us at info@onthegreencbd.com or as set forth in the Contact section of our website.


Only a California resident, or a person registered with the California Secretary of State that a California resident has authorized to act on their behalf, may make a verifiable consumer request related to their Personal Information. A California resident may also make a verifiable consumer request on behalf of their minor child.


A verifiable consumer request for access or data portability can only be made twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify the California resident about whom we collected Personal Information or an authorized representative, and contain sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.


Making a verifiable consumer request does not require you to create an account on our website. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.


We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically.


Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


14.10 Non-discrimination:

We will not discriminate against you for exercising any of your CCPA rights. Except as permitted by the CCPA, we will not:

deny you goods or services,

· charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties,

· provide you a different level or quality of goods or services,

· suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.


14.11 California’s “Shine the Light” law (Civil Code Section § 1798.83):

This law permits users of our website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to Us.



Always remember:

- We are committed to providing you with the best possible experience, which includes the security, privacy and integrity of your Personal Information.

- You may opt out of receiving any, or all, communications from us by following the unsubscribe link or instructions provided in any communication we send, or by contacting us at any time