top of page

Privacy Policy

Last updated December, 2023

Welcome to the Cactus Bloom Co Website, shopcactusbloomco.com (the “Website” or “Services”). The Services are operated by Cactus Bloom Shop, LLC (“we,” “us,” or “our”, or the “Company”). We believe that the privacy and security of your information and personal data (“Information”) is very important. This Privacy Policy (“Policy”) explains the type of Information we collect from users of the Services, how that Information is used, how the Information may be shared with other parties, and what controls our users have regarding their Information. We encourage you to read this Policy carefully.

Any updates or modifications to this Policy will be posted to our Website on this page. By using or accessing the Services, you signify that you have read, understand and agree to be bound by this Policy.

Our Services are operated in the United States but can be accessed worldwide.

If you are located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom, we are subject to the UK General Data Protection Regulation (“UK GDPR”, or “GDPR”) and the EU General Data Protection Regulation (“EU GDPR”, or “GDPR”) and are the Controller of your data.

If you have questions about this Policy, please contact us at hello@cactusbloomco.com

INFORMATION WE COLLECT AND HOW WE USE IT

We collect the following categories of information when you use our Services (including when you download or launch our mobile applications, when applicable) or when the application is running on your device in the background:

  • Information you provide directly to us.

    • Contact Information, including name, alias, maiden name, email address, telephone or mobile phone number, address;

    • Sign-In Information, including username and password, account name, account number;

    • Demographic and Profile Information, including your interests, preferences, physical characteristics or description, feedback, educational or professional information, employment, employment history; date of birth, and age;

    • Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;

    • Geolocation data;including geolocation information derived from your GPS, WiFi and Bluetooth signals, IP address, and other device information;

    • Transaction and Billing Data, including financial account and payment card details, (credit card number, expiration date, and credit card security code, where needed to complete a transaction), billing address, delivery address, signature, transaction history; and

    • Correspondence you send to us.

 

  • Information we collect automatically We collect internet, electronic activity, and other information automatically from the devices and browsers that you use, including your device type; Internet protocol (IP) address; device and advertising identifiers, probabilistic identifiers, and other unique personal or online identifiers; time zone setting and location; browser type and version; browser plug in types and versions; operating system and platform; Internet service provider; pages that you visit before and after using the Services, browsing history, and search history; the date and time of your visit; information about the links you click, pages you view, and advertising you interact with within the Services and other information about how you use the Services; the technology on the devices you use to access these Services; inferences used to create a profile about preferences, characteristics, psychological trends, predispositions, behavior, attitudes; and standard server log information. If you or your device experiences an error, we collect information about the error, the time the error occurred, the feature being used, the state of the application when the error occurred, and any communications or content provided at the time the error occurred. Consistent with your mobile device or app permissions, we also collect geolocation information including geolocation information derived from your GPS, WiFi and Bluetooth signals, IP address, and other device information.

 

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

  • Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.

  • Text marketing (if applicable): With your permission, we may send text messages about our store, new products, and other updates. Updates include Checkout Reminders. Webhooks will be used to trigger the Checkout Reminders messaging system.

 

We also receive the categories of information described above from other sources, including from users of our Services, publicly available sources, entities that acquire data and third-party services and organizations. For example, if you access any social media or similar services through the Services to login or to share information about your experience on our Services with others, we may collect information, such as photographs, audio and video recordings and social media posts, from these third-party services.

Without this information, we are not able to provide you with all the requested services, and any differences in services are related to your information.
We may aggregate or de-identify the information described above. Aggregated or de-identified data is not subject to this Privacy Policy.

 

In addition, you agree to our Messaging Terms (https://terms.pscr.pt/legal/shop/f4b466-3/terms_of_service) and Messaging Privacy Policy (https://terms.pscr.pt/legal/shop/f4b466-3/privacy_policy).

Personal Data

You may enter the Website and browse its content without submitting any Personal Data. However, we will need to collect relevant Personal Data to provide you with certain services offered by the Services, including if you choose to create an account on our website, contact us or otherwise communicate with us in any way, subscribe or opt in to our newsletter, alerts, or other communications, subscribe or opt in to SMS messages, sign up for product waitlists, participate in a contest or promotion, order our products, submit product reviews, questions, feedback or user comments, complete an optional survey, contact customer service or otherwise interact with the Services.

We use the Personal Data that we collect to respond to your requests, communicate with you regarding the Services and our content, send you promotional or marketing communications, guard against potential fraud, provide product information, service your requests and orders, and provide you with the applicable services, features or functionality associated with your submission. When you submit Personal Data through the Services, whether by directly providing it to us upon request or voluntarily disclosing it through comments, you are giving your consent to the collection, use and disclosure of your Personal Data as set forth in this Privacy Policy.

 

Device Information & Usage Data

Whether or not you submit Personal Data, any time you visit our Services, we or our service providers may collect, store or accumulate certain Device Information and Usage Data. This Information may be used in furtherance of the purposes described above with respect to Personal Data and in aggregate form for internal business purposes, such as optimizing the Services, evaluating the popularity of content, generating statistics and developing marketing plans, and otherwise for general administrative, analytical, research, optimization, and security purposes.

Information to and from Social Networks

We may provide functionality that will allow you to connect to our Services through a third-party social network such as Facebook, TikTok, Twitter or Instagram (each, a “Social Network”). If you connect through a Social Network, we may collect Personal Data from your profile, such as your name, username, and e-mail address, and we will use that Personal Data for the purposes set forth herein. In addition, our Services may offer social sharing features which will allow you to “Share” or “Like” on a Social Network. If you decide to use such features, it may allow the sharing and collection of Information both to and from such Social Network, so you should check the privacy policy of each Social Network before using such features.

Behavioral Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

  • We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

  • We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

 

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

FACEBOOK - https://www.facebook.com/settings/?tab=ads

GOOGLE - https://www.google.com/settings/ads/anonymous

BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

 

SHARING OF INFORMATION

In no event will we disclose, rent, sell or share any of your Personal Data to third parties for direct marketing purposes. We only share your Information with third parties for the purposes described below.

We contract with companies or individuals to provide certain services related to the functionality and features of the Services, including content streaming, email and hosting services, software development, data management, orders, payment processing, management of forms, quizzes and polls, customer service, returns, live chat, marketing, fraud prevention, product review and questions, and administration of contests and other promotions. We call them our “Service Providers.” We may share your Information with Service Providers as appropriate for them to perform their services for us and our Service Providers are permitted to use your Information only for such purposes.

Shopify

We use Shopify, Inc. to process our orders. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

 

Payment
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.


For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

 

The server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system.

In certain instances, as with Paypal and Afterpay, which process payments, you may also be directed to a third-party website which is governed by its own privacy policy:

https://www.paypal.com/us/webapps/mpp/ua/privacy-full
https://www.afterpay.com/privacy-policy

We may also share or transfer Device Information and Usage Data in aggregated, anonymized form with or to our affiliates, licensees, partners and Service Providers for administrative, analytical, research, optimization, and security purposes, but no such Information will be linked with your Personal Data or be used to identify or contact you.

Finally, we may share your Information: (i) In response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us; (ii) When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company, our users, or others; and in connection with the enforcement of our Terms of Use and other agreements; or (iii) In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

 

AUTOMATED DATA COLLECTION / COOKIES

We may use certain automatic analytics and tracking technologies to assist us in performing a variety of functions, including storing your Information, collecting Device Information and Usage Data, understanding your use of the Services and customizing the content offered to you on the Services. We may use platforms like Google Analytics to provide aggregated or anonymized information relating to demographics, geography, interests or affinities. Other technologies we may use include:

(1) Cookies. Cookies are text files placed in your computer's browser to store your preferences. We use cookies or other tracking technologies to understand site and Internet usage and to improve or customize the Services and the content, offerings, or advertisements you see on the Services. For example, we may use cookies to personalize your experience on the Services or remember any settings you have chosen. Most web browsers automatically accept cookies, but you can usually configure your browser to prevent this. However, not accepting cookies may make certain features of the Services unavailable to you.

(2) Web Beacons. We may also use "web beacons" or clear GIFs, or similar technologies, which are small pieces of code placed on a web page or in an email, to monitor the behavior and collect data about the visitors viewing a web page or email. For example, web beacons may be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. Web beacons may also be used to provide information on the effectiveness of our email campaigns (e.g., open rates, clicks, forwards, etc.).

(3) Mobile Device Identifiers and SDKs. We also sometimes use, or partner with publishers or app developer platforms that use, mobile Software Development Kits ("SDKs") that are incorporated into the Services to collect Information, such as mobile identifiers (e.g., IDFAs and Android Advertising IDs), geolocation information, and other information about your device or use of the Services. A mobile SDK may act as the mobile version of a web beacon (see "Web Beacons" above).

By visiting the Services, whether as a registered user or otherwise, you acknowledge, and agree that you are giving us your consent to track your activities and your use of the Services through the technologies described above, as well as similar technologies developed in the future, and that we may use such tracking technologies in the emails we send to you. Please note that no such tracking technologies will collect any Personal Data from you unless you choose to submit it to us and that data relating to you individually is not shared with any third parties.

 

PERSONAL DATA RETENTION

We retain the Personal Data we receive as described in this Privacy Policy for as long as you use the Services or as necessary to fulfill the purpose(s) for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

 

PRIVACY AND SECURITY

We take reasonable precautions to protect our customers' Personal Data against loss, misuse, unauthorized disclosure, alteration, and destruction. However, please remember that no transmission of data over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any Information that you transmit to us or from us, and you do so at your own risk. You hereby acknowledge that we are not responsible for any intercepted information sent via the Internet, and you hereby release us from any and all claims arising out of or related to the use of intercepted information in any unauthorized manner.

If you believe your Personal Data is being improperly used by us or any third party, please immediately notify us via email at hello@cactusbloomco.com

 

USE OF AUTOMATED DECISION MAKING AND PROFILING

Except to the extent personal data is used by third-party ad networks for online behavioral advertising, neither we, nor service providers on our behalf, engage in profiling or automated decision-making activities that produce legal and/or similarly significant effects upon you.

CHILDREN UNDER 16

Children under 16 years of age are not permitted to use the Services. We do not knowingly collect or solicit Personal Data directly from anyone under the age of 16. If you are under 13, please do not send any Personal Data about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Data from a child under age 13, we will delete that information as quickly as possible. If you are a parent or guardian of a child under 13 years of age and you believe your child has provided us with Personal Data, please contact us at hello@cactusbloomco.com

 

LINKS TO THIRD PARTY PLATFORMS

Our Services or communications may contain links to third party websites, over which we exercise no control, including the form of embedded content, sponsored content or co-branded content. Except as set forth in this Policy, we do not share your Personal Data with those third parties and are not responsible for the privacy policies of any third party or their management of your Personal Data. Because they may treat your Information differently than we do, we suggest you read the privacy policies on those third-party websites prior to submitting any Personal Data to such sites.

In addition, you may be redirected to a third-party platform for certain functions, including returns, forms, and customer service. See above section regarding “Sharing of Information.”

YOUR RIGHTS

Opting Out of Communications

As described above, we may use the Personal Data we collect from you to send you newsletters or other communications from us, including those promotional or marketing in nature. If you do not want to receive such communications, you can opt out by clicking here.

You may also at any time opt out of receiving communications from us by sending an e-mail to hello@cactusbloomco.com with the subject line “Opt Out.”

 

Disallowing Cookies and Location Data Collection

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimize your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as:

http://optout.networkadvertising.org
http://www.youronlinechoices.eu
https://youradchoices.ca/choices
http://optout.aboutads.info

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioral Advertising” section above.

Your Personal Data Rights

Depending on your geographical location and citizenship, your rights are subject to local data privacy regulations. These rights may include:

Right to Access (PIPEDA, GDPR Article 15, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA)

You have the right to learn whether we are processing your Personal Data and to request a copy of the Personal Data we are processing about you.

Right to Rectification (PIPEDA, GDPR Article 16, CPRA, CPA, VCDPA, CTDPA, LGPD, POPIA)

You have the right to have incomplete or inaccurate Personal Data that we process about you rectified.

Right to be Forgotten (right to erasure) (GDPR Article 17, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA)

You have the right to request that we delete Personal Data that we process about you, unless we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

●Right to Restriction of Processing (GDPR Article 18, LGPD)

You have the right to restrict our processing of your Personal Data under certain circumstances. In this case, we will not process your Data for any purpose other than storing it.

●Right to Portability (PIPEDA, GDPR Article 20, LGPD)

You have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to transmit such Personal Data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you or the third party that subscribes to services.

●Right to Opt Out (CPRA, CPA, VCDPA, CTDPA, UCPA)

You have the right to opt out of the processing of your Personal Data for purposes of: (1) Targeted advertising; (2) The sale of Personal Data; and/or (3) Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. Under CPRA, you have the right to opt out of the sharing of your Personal Data to third parties and our use and disclosure of your Sensitive Personal Data to uses necessary to provide the products and services reasonably expected by you.

●Right to Objection (GDPR Article 21, LGPD, POPIA)

Where the legal justification for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process the Personal Data for the establishment, exercise or defense of a legal claim.

●Nondiscrimination and nonretaliation (CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA)

You have the right not to be denied service or have an altered experience for exercising your rights.

●File an Appeal (CPA, VCDPA, CTDPA)

You have the right to file an appeal based on our response to you exercising any of these rights. In the event you disagree with how we resolved the appeal, you have the right to contact the attorney general located here:

If you are based in Colorado, please visit this website to file a complaint.
If you are based in Virginia, please visit this website to file a complaint.
If you are based in Connecticut, please visit this website to file a complaint.

●File a Complaint (GDPR Article 77, LGPD, POPIA)

You have the right to bring a claim before their competent data protection authority.

If you are based in the EEA, please visit this website (http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061) for a list of local data protection authorities.

Your Right to Access, Review, and Delete Personal Data

Under certain laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), you may have the right to: obtain confirmation that we hold Personal Data about you, request access to and receive information about the Personal Data we maintain about you, restrict the use of the data, receive the data in a portable format, receive copies of the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, object to the continued processing or use of your Personal Data, complain to a supervisory authority, and have the Personal Data blocked, anonymized or deleted, as appropriate. The right to access Personal Data may be limited in some circumstances by local law. If you qualify, in order to exercise these rights, please contact us as set forth below.

 

CONTACT

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at hello@cactusbloomco.com or by mail using the details provided below:

Cactus Bloom Co., 1715 7th St W, #16012, Saint Paul MN, 55116

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: https://ico.org.uk/make-a-complaint/]

We may ask you to provide additional information for identity verification purposes, or to verify that you are in possession of an applicable email account.

Please understand, however, that we reserve the right to retain an archive of such Personal Data for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such Information.

Do Not Track

We use analytics systems and providers and participate in ad networks that process Personal Information about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. We process or comply with any web browser’s “do not track” signal or similar mechanisms.
Note, however, that you may find information about how to opt out of online behavioral advertising and/or block or reject certain tracking technologies in the section caption “Disallowing Cookies and Location Data Collection” above.

Legal Requirement

We may use or disclose your Personal Data in order to comply with a legal obligation, in connection with a request from a public or government authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical to do so, we will tell you in advance of such disclosure.

 

YOUR CALIFORNIA PRIVACY RIGHTS

California residents, see our “California Privacy Notice” for more information about certain legal rights.

 

YOUR NEVADA PRIVACY RIGHTS

Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to hello@cactusbloomco.com

 

INTERNATIONAL DATA TRANSFERS

If you are located outside the United States, including in the EEA, we transfer Personal Data for processing in the United States, including Personal Information sent via e-mails or when you make an order. Under the GDPR, we are considered a “controller” of the Personal Data of EEA Data Subjects. By using the Services outside the United States, you acknowledge that we will transfer your data to, and store your Personal Data in, the United States, which may have different data protection rules than in your country, and Personal Data may become accessible as permitted by law in the United States, including law enforcement and/or national security authorities in the United States. For transfers of data into and out of the EEA, pursuant to Article 46 of the GDPR, we use standard contractual clauses adopted by the European Commission.

Rights of EEA Residents

This section of the Privacy Policy is applicable to individuals located in the EEA, Switzerland, and the United (“EEA Data Subjects”).

Our purpose for collecting and processing Personal Data from EEA Data Subjects is to provide them with the features and functionalities of our Services and information regarding our Services. The legal basis for processing Personal Data is because it is necessary for performance of a contract between us to provide you with the Services and its related features and functionality and in other circumstances may be necessary for our legitimate interests in making the Services available and secure, or to exercise our rights or comply with legal obligations. We also rely on your consent to receive information about our Services. You may withdraw consent from receiving marketing and promotional communications by clicking the “Unsubscribe” link on the communication or sending an e-mail to hello@cactusbloomco.com with the subject line “Opt Out.” If EEA Data Subjects do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such individuals with certain features or functionalities of the Services or information regarding the Services, including processing orders. Note that we do not collect any sensitive personal information about you.

EEA Data Subjects may obtain information about the Personal Data that we hold about them by contacting us at hello@cactusbloomco.com.

 

CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this Policy at any time. In the event we make changes to this Policy, such policy will be re-posted in the "Privacy" section of our Services with the date such modifications were made indicated on the top of the page. Therefore, please review this Policy from time to time so that you are aware when any changes are made to this Policy. If you have any questions about the changes that were implemented, please contact us at hello@cactusbloomco.com and include “Information Regarding Updated Policy” in the subject line. In any event, your continued use of the Services after such change constitutes your acceptance of any such change(s), and if you do not accept any changes, you may choose not to use the Services or opt out by sending us an appropriate notice.

 

GENERAL LEGAL

All other terms governing this Privacy Policy shall be those set forth in our Terms of Use which are incorporated herein by this reference.

If you have questions or comments about this Policy, please contact us at hello@cactusbloomco.com with “Privacy” in the subject line of your email.

cookies-2.png
cookies-1.png
bottom of page