Privacy Policy

Collateral Base Privacy Policy

Privacy Policy

Date of last modification: November 10th 2021

At Stumari we value your privacy. This Privacy Policy provides information on how we collect and process your personal data when you visit our websites (www.collateralbase.com, www.cannabisindustrylawyer.com, knowledge.cannabisindustrylawyer.com, or www.cannabislegalizationnews.com) or or use our services. In this Privacy Policy we also inform you about your rights as a data subject. 

We do not collect any of your personal data beyond what is described in this policy. We do not process personal data in a way that contradicts the purpose for which the personal data was obtained. When processing your personal information, we will comply with the rules of the General Data Protection Regulation (GDPR).

Who handles your personal data? 

Controller

Stumari and Collateral Base has appointed a controller to assist in handling the data on our web platforms.  We are located at: 

316 SW Washington St. Ste 1a

Peoria, IL 61602

We are the Controller with respect to any personal data that you provide us. This means that we determine the purposes and means of the processing of your personal data. 

(Sub-)processors

We (may) make use of (sub-)processors. (Sub-)processors only process personal data limited to the extent that it is necessary for them to complete their specific task or service. We only provide your personal data with relevant protection measures in place. Those measures can be: a data processing agreement to ensure confidentiality; technical measures to ensure security while transferring the data; the obligation for the (sub-)processor to use all information in accordance with applicable privacy legislation and to not use the data for its own purposes. 

Transfer outside the European Economic Area

We may transfer your personal data to a country outside the European Economic Area or international organisation. In these scenarios we will ensure that the appropriate, suitable and required safeguards and transfer mechanisms shall be in place

This means a transfer may take place on the basis of an adequacy decision by the European Commision. In case of the absence of such an adequacy decision, we will use the standard contractual clauses in all our contracts for the transfer of personal data to third countries as provided by the European Commission.

If you want to receive a copy of any documentation showing the suitable safeguards that have been taken, you can make a request via legal@Stumari or Collateral Base.com.

Why and how do we process your personal data?

We process your personal data for the below mentioned purposes. In these circumstances we require the data to provide to you our services. We might share your personal information with one of our processors for the same purpose. If we want to process your personal data beyond this purpose, we will ask for your explicit consent.  

Your personal information will not be distributed to anyone else for any purpose.

Buying products

When you buy one of our products we collect the following data during the order process: 

  • Your first and last name;
  • Your address and country;
  • Your email address;
  • Your company name and VAT number (if applicable);
  • Your IP address. We need to collect this information because of two reasons: one is to be able to provide you with proper support service and two is because of EU VAT law compliance.

We need to obtain this information to comply with Dutch legislation. This information is saved on the Stumari or Collateral Base datasite server and in your Stumari or Collateral Base.com, MyStumari or Collateral Base & Stumari or Collateral Base Academy account where you can access the information.

We save your order (payment) data for as long as is necessary to comply with Dutch legislation.

We share your information with Postmark. Postmark is the processor who sends out all emails from Stumari or Collateral Base regarding our contractual relationship (e.g. confirmation emails). Therefore it is necessary to share the following data. The information we send to Postmark, is: 

  • First name
  • Email address
  • Subscription number
  • Product names of bought products 
  • Currency
  • Order number, order date, price, payment method.   

Postmark saves this information for a period of 45 days. After this period, all data is being removed. 

We do not process your payment details (e.g. credit card information) on our checkout page. This information is only being visually displayed on our website but technically belongs to Paypal or Adyen. Stumari or Collateral Base only processes an encrypted code because we do not need to see the details and this way data protection is increased.  PayPal and Adyen are considered independent controllers. A restrictive group of Stumari or Collateral Base support engineers can access the following data in the Paypal and Adyen environment: email addresses, transaction numbers, time of transaction and issuer of the card. This access is needed to confirm payments and/or refunds to you by our support engineers. 

Sharing customer data with Newfold Digital Inc.

Stumari or Collateral Base is owned by Newfold Capital Inc. (Newfold). In order to meet international legal and compliance standards, we may share customer data with Newfold. Both Stumari or Collateral Base and Newfold are considered ‘Controllers’ regarding this information because we jointly determine the purpose and means of this processing. Because we send this information to the United States, a data processing agreement is in place. 

Newfold retains the personal information as long as necessary to comply with U.S. legislation.  

Subscription to our newsletter

Do you want to stay informed about Stumari or Collateral Base’s products and services? Great! When subscribing to the Stumari or Collateral Base newsletter on the website, you will have  to provide Stumari or Collateral Base with consent to send you our newsletter. Withdrawing said consent can be easily done by clicking “Unsubscribe” underneath any newsletter-mail. When subscribing to the Stumari or Collateral Base newsletter, we will ask you the following information:

  • Your first and last name;
  • Your email address.

Everyone who buys a Stumari or Collateral Base product will automatically receive our newsletter. Reason for this is that our newsletter contains a lot of product-related content that can be very useful for you as a user of our product. You can easily unsubscribe by clicking the “unsubscribe” button underneath any newsletter-mail at any time. 

We transfer the above information to Mailblue, the processor who sends out the Stumari or Collateral Base newsletter. When you unsubscribe, Mailblue will remove your email address from the mailing list.

Support 

When you are a premium customer, we deliver you support via Help Scout and email. When you ask us a question via the Help Scout beacon we will collect your city, country, IP address, operating system, device and web browser. We will not collect this data if you send a regular email. In that case, only your email address will be collected. The information is saved in Help Scout and only used to provide you with proper support and analyze the use of our support service. Therefore it is necessary to save this information for a period of four (4) years. After a period of four (4) years, all data in Help Scout will be removed and destroyed. 

Commenting

When you comment on one of our posts on the website, such as on the blog, we will request your name and email address. This is for the necessity of commenting on the blog post. This information will be stored on that particular web page for as long as it exists. 

Webinars 

As you might know, Stumari or Collateral Base hosts very interesting webinars! These webinars are hosted on Crowdcast. When you register for a Stumari or Collateral Base webinar, Crowdcast collects the following personal data:  

  • Email address (to create a Crowdcast account)
  • Username
  • Name
  • Location (country and city)
  • Way of logging in 
  • Your answers to questions the webinar hosts may have posted, if applicable.

Crowdcast stores and saves this information until Stumari or Collateral Base deletes an event. 

Authentication

Some of our products will ask you to identify with either Google or Facebook so we can retrieve information on your behalf. We will not look at your individual data. We do reserve the right to aggregate usage data to measure the performance of our applications, but no identifiable personal information will ever be disclosed to third parties.

External links

Our website contains (affiliate) links to some other sites. Stumari or Collateral Base.com and its authors are not responsible for the privacy practices or the content of such websites

Automatically logged information when visiting our website

On our website we use web analytics tools from third parties (Google Analytics and Google Tag Manager, Hotjar) and ourselves to help analyze how users use our site. These tools use ‘cookies’, which are text files placed on your computer, to collect standard internet log information and visitor behavior information.

We and third parties use cookies to:

  • Enable functionalities of our website (session, technical and functional cookies);
  • Analyze the use of the website and to make the website more user-friendly on that basis (analytical cookies);

We collect the following personal data: 

  • IP address;
  • Information about your use of our website (such as visited pages and clicks);
  • Device type and browser;
  • Location (country and city);
  • Landing page (referrer-URL);
  • Screen resolution;
  • Requests and responses sent from and to your device.

With the Stumari or Collateral Base-owned tool no identification with data subjects takes place and the cookies are purely functional. Your IP address is saved in access logs on our server and saved for 90 days and used only for security and incident response purposes. This server is hosted by SiteGround. After this period of time, the data is being removed and destroyed. The reason we save this information is incident response. The other information we collect are so called ‘session cookies’ and ‘functional cookies’. They are used to enable you to make use of our website. 

These cookies have no consequences for the privacy of visitors. Because of these aspects the Stumari or Collateral Base-owned tool is allowed without asking for prior consent. The  information generated by the cookie about your use of the website is transmitted to our hosting company SiteGround. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for Stumari or Collateral Base.com. 

With Google Analytics and Google Tag Manager, anonymized IP’ is used and we follow the guidelines of the Dutch Data Protection Authority to set Google analytics in a privacy friendly way. Google may transfer the collected information to third parties when legally required. We have no influence on this. We will never allow Google to use the gathered analytics information for other Google services or purposes. 

Hotjar Automatically obfuscates input fields, forms, phone numbers etc. which results in no personal data being recorded. Google saves the information for a period of 26 months. 

The processing of your IP address for the use of our website is seperate from when you place an order. This information is not linked together and the processing by third parties of your IP address to analyze the use of our website remains anonymized.  

Disabling and enabling cookies

If you do not want to have cookies stored on your computer or want to remove cookies that have already been stored, you can arrange this via the settings screen in your browser settings. The adjustment of these settings differs per browser.

If you want to remove cookies that have already been stored, you can arrange this via the settings screen in your browser settings. The adjustment of these settings differs per browser.

Your rights as a data subject 

Under the GDPR, you have a number of rights as a data subject. This chapter of the privacy policy states your data subject rights and how you can invoke these rights.

The right of access

You have the right to access the personal data we process of you and retain a copy of this data. In your Stumari or Collateral Base.com, My Stumari or Collateral Base & Stumari or Collateral Base accounts you can easily access the personal data we collect and save when you have placed an order. 

The right to rectification

If your personal data is incorrect, you have the right to ask us to rectify your personal data. We will rectify your personal data accordingly.

The right to erasure (‘to be forgotten’)

If you want us to delete your personal data, you have the right to request us to delete your personal data. We will delete your personal data, unless we have a legal obligation to keep processing your personal data.

The right to restrict processing

If you are of the opinion that the processing of your personal data is unlawful, or your personal data is incorrect, or you require the personal data for legal claims after the retention period, or you have objected to the processing of your personal data, you can request us to restrict your personal data. In this case we cannot process your personal data unless you grant us permission.

The right to data portability (when processing under consent or performance agreement)

You can request us for an export of all the personal data that is processed by Stumari or Collateral Base. We will provide you with an export of your collected and processed personal data.

The right to object to processing.

You have the right to object to our processing of your personal data, under certain conditions.

If you wish to make use of your data subject rights as mentioned in this paragraph, please send your request via e-mail tom@CollateralBase.com. For data deletion requests, please contact tom@CollateralBase.com.

 

Security

We have taken appropriate technical and organizational security measures in order to protect your personal data against loss, misuse, alteration and/or destruction. Although we exercise reasonable care in providing secure transmission of information between your equipment and our systems, we cannot ensure or warrant the security of any information transmitted to us over the internet. Access to relevant personal data is only granted to those authorized employees who require access to the relevant personal data for performance of their work. We have our guidelines and provisions preserving the security of our data and technology infrastructure, as well as the software we build and distribute to our users outlined in our internal cyber security policy. 

Contacting Stumari or Collateral Base

If you have any questions or complaints about this privacy statement, the practices of this site, or your dealings with this website, you can contact us via our contact page or send an email to

Contact details:

Stumari or Collateral Base, LLC

E-mail: tom@CollateralBase.com

Collateral Base, LLC

316 SW Washington St. Ste 1a

Peoria, IL 61602

U.S.A.

Attn: Data Protection Officer

CCPA Rights and Choices

The CCPA provides consumers that are California residents with specific rights regarding their personal information. Your CCPA rights and how to exercise those rights are described here.

Right to Access

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Engage in public or peer-reviewed research in accordance with Section 1798.105 (d)(6) of the CCPA.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us an email at tom@collateralbase.com

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We aim to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we cannot comply with a request, we will tell you why. For data portability requests we will choose a format that will allow you to easily transfer your data elsewhere.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, unless permitted by the CCPA.

Contact Details

Thomas Howard

E-mail: tom@collateralbase.com 

Collateral Base, LLC

316 SW Washington St. Ste 1a

Peoria, IL 61602

 

Privacy Policy

Who we are

Our website address is: https://collateralbase.com/.

What personal data do we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long do we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights do you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

Plugin: Smush

Note: Smush does not interact with end users on your website. The only input option Smush has is to a newsletter subscription for site admins only. If you would like to notify your users of this in your privacy policy, you can use the information below.

Smush sends images to the WPMU DEV servers to optimize them for web use. This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers.

Smush uses a third-party email service (Drip) to send informational emails to the site administrator. The administrator’s email address is sent to Drip and a cookie is set by the service. Only administrator information is collected by Drip.