Privacy Policy
Your privacy is important to us. This policy explains how CBD Malta collects, uses, and protects your personal information.
Last updated: January 18, 2025
Introduction
CBD Malta ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cbdmalta.mt, use our services, or interact with us in any way.
This policy complies with the General Data Protection Regulation (GDPR), Malta's Data Protection Act, and other applicable privacy laws.
1. Information We Collect
1.1 Personal Information
We may collect the following types of personal information:
- Contact Information: Name, email address, phone number, postal address
- Account Information: Username, password, preferences
- Order Information: Purchase history, delivery details, payment information
- Communication Data: Messages, inquiries, customer service interactions
1.2 Automatically Collected Information
When you visit our website, we automatically collect:
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent, click patterns, referral sources
- Location Data: General geographic location based on IP address
2. How We Use Your Information
We use your personal information for the following purposes:
Service Provision
- • Process and fulfill orders
- • Provide customer support
- • Manage your account
- • Deliver products and services
Communication
- • Send order confirmations
- • Provide product updates
- • Send marketing communications
- • Respond to inquiries
Legal & Security
- • Comply with legal obligations
- • Prevent fraud and abuse
- • Protect our rights and property
- • Ensure website security
Improvement
- • Analyze website usage
- • Improve our services
- • Develop new products
- • Personalize user experience
3. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
Contract Performance
Processing necessary to fulfill our contract with you (e.g., order processing, delivery)
Legitimate Interest
Processing for our legitimate business interests (e.g., fraud prevention, website analytics)
Consent
Processing based on your explicit consent (e.g., marketing communications, cookies)
Legal Obligation
Processing required to comply with legal requirements (e.g., tax records, age verification)
4. Information Sharing and Disclosure
We may share your personal information in the following circumstances:
Third-Party Service Providers
We work with trusted partners to provide our services:
- • Wolt: Order processing and delivery services
- • Payment Processors: Secure payment processing
- • Email Services: Marketing and transactional emails
- • Analytics Providers: Website performance analysis (Google Analytics)
- • Cloud Services: Data storage and hosting
5. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Website functionality, security | Session/1 year |
| Analytics | Usage statistics, performance | 2 years |
| Marketing | Personalized ads, tracking | 1 year |
| Preferences | User settings, language | 1 year |
6. Your Privacy Rights
Under GDPR and Malta data protection laws, you have the following rights:
Right of Access
Request copies of your personal data
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data
Right to Restrict Processing
Limit how we use your data
Right to Data Portability
Transfer your data to another service
Right to Object
Object to certain types of processing
How to Exercise Your Rights
To exercise any of these rights, contact us at:
- • Email: hello@cbdmalta.mt
- • Phone: +356 7709 1016
- • Address: 271, Apt 1, Tower Road, Sliema, SLM 1600, Malta
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
Encryption
SSL/TLS encryption for data transmission
Access Controls
Restricted access to authorized personnel
Secure Storage
Protected servers and regular backups
8. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
- Account Data: Until account deletion or 3 years of inactivity
- Order Information: 7 years for tax and legal compliance
- Marketing Data: Until consent withdrawal or 2 years of inactivity
- Website Analytics: 26 months (Google Analytics default)
9. International Data Transfers
Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure adequate protection through:
10. Children's Privacy
Age Restriction
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
12. Contact Information
Data Controller
Company: CBD Malta
Address: 271, Apt 1, Tower Road, Sliema, SLM 1600, Malta
Email: hello@cbdmalta.mt
Phone: +356 7709 1016
Supervisory Authority
If you have concerns about how we handle your personal data, you can contact Malta's Data Protection Authority:
Office of the Information and Data Protection Commissioner
Level 2, Airways House, High Street, Sliema SLM 1549, Malta
Email: commissioner.dataprotection@gov.mt
Phone: +356 2328 7100
Questions or Concerns?
If you have any questions about this Privacy Policy or our data practices, please don't hesitate to contact us. We're committed to addressing your concerns and protecting your privacy rights.