Last updated: October 2022
Thank you for using Purple Lotus! We are committed to protecting your privacy and, for that reason, we have adopted this Privacy Policy to explain our data collection, use, and disclosure practices for the Purple Lotus services (including its website, and mobile and web-based applications, and any other tools, products, or services provided by Purple Lotus that link to or reference this Privacy Policy) (collectively, the “Services”). The Services are owned and operated by VMK, Inc., a California corporation (“Purple Lotus”, “we”, “us” or “our”).
This Privacy Policy applies to information Purple Lotus collects through the Services, as well as other information provided to us by third parties, when we associate that information with customers or users of the Services; however, it does not apply to information collected from our employees, contractors, or vendors. It also does not apply to information that you ask us to share with third parties or is collected by Online Tool Providers (as further described below). You acknowledge and agree that Purple Lotus is not responsible for the data collection or use practices of any other Services user or third party utilized in providing the Services.
This Privacy Policy describes, among other things:
- Personal and other information we collect about you;
- How we use your information;
- How we may share your information with third parties; and
- Your choices regarding the personal information we collect about you.
Consent
By accessing or using the Services, you consent to this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Services. Information gathered through the Services may be transferred, used, and stored in the United States or in other countries where our service providers or we are located. If you use the Services, you agree to the transfer, use, and storage of your Personal Information (as defined below) in those countries. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. You agree that all transactions relating to the Services or Purple Lotus are deemed to occur in the United States, where our servers are located.
You also understand and acknowledge that, to the extent you visit Purple Lotus’ physical store or otherwise enter any Purple Lotus physical premises, you shall also be required to read, understand, and agree to Purple Lotus’ Customer Agreement. If you would like a copy of Purple Lotus’ Customer Agreement, please contact us by email at customercare@purplelotuspatientcenter.com.
Collection of Your Personal and Other Information
When you register for, or use our Services, we collect Personal Information. By “Personal Information” we mean information that can identify or reasonably be linked to an individual, such as:
- Names;
- Home addresses;
- Email addresses;
- Phone numbers;
- Date of birth;
- Medical marijuana doctor recommendation;
- Proof of military service documentation;
- Credit or debit card or ACH account information (which you submit for payment purposes);
- Driver’s license information, including driver’s license number, and/or other government-issued identification information (for age verification purposes);
- Scan or photo of government issued ID;
- IP addresses;
- Device IDs;
- Order, support and marketing communications; and
- Purchase histories.
We also collect user website experience recordings, which reproduce your interactions with the Services, including mouse movements, page scrolling, and information you type (including Personal Information), screen taps, and other actions you take while using the Services. Recordings may include technical and usage data, as well as visual representations of actions you take while using the Services. We use these recordings to help us understand how users interact with our Services and to design a better user experience for you.
You may choose not to provide Personal Information, (subject to the controls offered by your mobile device’s operating system), but this may prevent you from using certain features of the Services.
We also collect non-Personal Information relating to the Services, that is, information that does not personally identify an individual. The non-Personal Information we collect includes how you interact with the Services, information generally collected or “logged” by Internet websites or Internet services when accessed or used by users, and information about your web browser or device accessing or using the Services.
Examples of the non-Personal Information we collect are:
- The pages of our website that you viewed during a visit;
- What information, content or advertisements you view or interact with using the Services;
- Language preferences;
- The city and state in which you are located (but not your precise geographic location); and
- Unique identifiers that are not connected and cannot reasonably be connected to your identity.
We will not use non-Personal Information to try to identify you, and if we associate any non-Personal Information with information that personally identifies you, then we will treat it as Personal Information. As discussed in more detail below, we sometimes use cookies and other automatic information gathering technologies to gather non-Personal Information.
Information collected by the Services may be collected by us or one of our Service Providers or Online Tool Providers.
Use of Your Information
We may use the information we collect to:
- Assist us in providing, maintaining, and protecting the Services;
- Set up, maintain, and protect accounts to use the Services;
- Improve our online operations;
- Process transactions;
- Provide customer service;
- Communicate with you, such as provide you with account- or transaction-related communications, or other newsletters, RSS feeds, and/or other communications relating to the Services;
- Send you offers from Purple Lotus, including via email;
- Perform research and analysis aimed at improving our products and services and developing new products or services; and
- Manage and maintain the systems that provide the Services.
When you’ve submitted Personal Information to us that includes your telephone number (which submission you understand and agree to constitute making an “inquiry” to us and our affiliated entities), including when you enter your phone number in the checkout and initialize a purchase, or subscribe via our subscription form, you consent to allow us to contact you or allow our vendors to contact you via telephone for a limited period. Text marketing messages will not exceed thirty (30) per calendar month. Text message and data rates may apply. You acknowledge that consent to such contact via telephone is not a condition for any purchase.
You expressly consent to receive phone calls whether or not you are on the Do Not Call list (federal or state). By including your telephone number and/or email address in any submission to us, you are extending an express invitation and providing your express written consent to us and to contact you by (i) telephone at the numbers you have provided (including through auto-dialed, pre-recorded, artificial voice, and/or text messages) so we or they may assist you with your transaction, and you hereby consent to any such calls even if your phone number is on any Do Not Call list; and (ii) email at any email address you provide. By submitting your Personal Information to us, you are providing your written and signed consent to receive telemarketing calls. You agree that Purple Lotus has obtained your consent to receive a prerecorded message sales call in a manner permitted by the Electronic Signatures In Global and National Commerce Act (E-SIGN Act).
If you wish to unsubscribe from receiving text marketing messages and notifications, you may reply with “STOP” to any mobile message sent from us, or use the unsubscribe link within any of our messages (where applicable). You understand and agree that alternative methods of opting out, such as using alternative words or requests, may not be an effective means of opting out. If you have any questions regarding our text messages, you may text “HELP” to the number you received the messages from. You can also contact us for more information at customercare@purplelotuspatientcenter.com.
Disclosure of Your Information
We may disclose your Personal Information to third parties as described below.
We may disclose Personal Information to provide the Services, or when you authorize or instruct us to do so, for example when you use the Services to submit content or profile information. We may also disclose Personal Information and non-Personal Information to Service Providers. By “Service Providers” we mean companies, agents, contractors, service providers, or others engaged to perform functions on our behalf (such as processing of payments, provision of data storage, hosting of our website, marketing of our products and services, and conducting audits). When we use a Service Provider, we require that the Service Provider use and disclose the Personal Information and non-Personal Information received from us only to provide their services to us or as required by applicable law.
We may also disclose Personal Information and non-Personal Information to Online Tool Providers. By “Online Tool Provider” we mean a licensor of software that we include in, or use with, the Services, including an API or SDK, that provides a specialized function or service to us and that requires the transmission of Personal Information and/or non-Personal Information to the Online Tool Provider. Online Tool Providers may have the right to use Personal Information and non-Personal Information about you for their own business purposes. Use and disclosure of Personal Information and non-Personal Information by an Online Tool Provider is described in its privacy policy. See Section 5 below for some of the key Online Tool Providers we use.
We may also disclose your Personal Information to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the Services, including investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property or safety of us, our users or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent or otherwise address fraud, security or technical issues.
Finally, we reserve the right to transfer information (including your Personal Information) to a third party in the event of a sale, merger, or transfer of all or substantially all of the assets of our company relating to the Services, or in the unlikely event of a bankruptcy, liquidation, or receivership of our business. We will use commercially reasonable efforts to notify you of such transfer, for example via email or by posting notice on our website.
Lastly, we may also disclose non-Personal Information, aggregated with information about our other users, to our clients, business partners, merchants, advertisers, investors, potential buyers and other third parties if we deem such disclosure, in our sole discretion, to have sound business reasons or justifications.
Cookies and Automatic Information Gathering Technologies
Every time you use the Services (e.g., access a Service webpage) we collect Personal Information and non-Personal Information (discussed above in Section 2) regarding that use. For example, to improve our Services, we collect how, when, and which parts of the Services or its features you use. Also, we may use your device’s unique identifier (UDID) or other unique identifiers to assist us in collecting and analyzing this data.
To assist us in collecting and storing this non-Personal Information, we may employ a variety of technologies, including “Cookies,” local browser storage, and “web beacons,” “pixels,” or “tags.” A “Cookie” is a small amount of data a website operator, or a third party whose content is embedded in that website, may store in your web browser and that the website operator or, as applicable, the third party, can access when you visit the website. A Cookie may also refer to web-browser-based storage provided by Adobe’s Flash plugin (a “Flash Cookie”). A web beacon, pixel or tag is a small, usually-transparent image placed on a web page that allows the operator of that image, which may be the operator of the website you visit or a third party, to read or write a Cookie.
Your operating system and web browser may allow you to erase information stored in Cookies, Flash Cookies, and local browser storage. But if you do so, you may be forced to login to the Services again and you may lose some preferences or settings. You may also be able to set your browser to refuse all website storage or to indicate when it is permitted, but some features of our Services may not function properly without it. We may use Cookies to keep you logged in, save your preferences for the Services, and to collect information about how you use our Services.
More information about managing Cookies is available here. Cookie management tools provided by your browser may not affect Flash Cookies. More information about managing Flash Cookies is available here. To learn how to manage privacy and storage settings for your local browser storage, please refer to the end user documentation for your browser.
An Online Tool Provider may collect information automatically, in which case Personal Information and non-Personal Information it receives are subject to the Online Tool Provider’s privacy policy. Some Online Tool Providers may allow you to opt out of certain collection and/or uses of your information.
Our site uses the following Cookies and/or Online Tool Providers:
- Local Storage (age verification)
- Google Analytics (stores website traffic information)
- Google Tag Manager
- iHeartJane (Google Analytics, Algolia, and TapAd)
Transparency and Choice; Do Not Track Signals
You may request access to your Personal Information by sending an email to customercare@purplelotuspatientcenter.com. We will try to locate and provide you with your Personal Information and give you the opportunity to correct this data, if it is inaccurate, or to delete it, at your request. But, in either case, we may need to retain it for legal reasons or for legitimate business purposes. You may also remove any content that you post to the Services using the deletion or removal options within the Service. However, we (and you) are not able to control information that you have already shared with other users or made available to third parties through the Services.
If you need further assistance with removing any content you posted through the Services, you can email us at customercare@purplelotuspatientcenter.com. Removal of your posted content may not ensure complete or comprehensive removal from our computer systems.
We ask individual users to identify themselves and the information requested to be accessed, corrected, or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, would be extremely impractical (for instance, requests concerning information residing on backups), or relate to information that is not associated with your Personal Information. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
Please be aware that if you request us to delete your Personal Information, you may not be able to continue to use the Services. Also, even if you request that we delete your Personal Information, we may need to retain certain information for a limited period of time to satisfy our legal, audit and/or dispute resolution requirements.
We support the development and implementation of a standard “do not track” browser feature that provides customers with control over the collection and use of information about their web-browsing activities. Once a standardized “do not track” feature is released, we intend to adhere to the browser settings accordingly.
You can opt out of receiving marketing e-mails from us by clicking on the “unsubscribe” link in the e-mails. Please note that it may take up to ten (10) business days for your opt-out request to be processed. Also, even if you opt out of marketing e-mails, we may continue to send you certain account-related e-mails, such as notices about your account and confirmations of transactions you have requested.
Residents of Canada
If you have an objection to the use of your Personal Information as described in this Privacy Policy, you may file a complaint by sending an email to customercare@purplelotuspatientcenter.com. We will attempt to accommodate your objection or complaint, but you understand that, to the extent you object to our processing of Personal Information that is necessary for us to provide the Services to you, certain features and functionalities of the Services may no longer be available to you. Nothing in this Privacy Policy prejudices your rights to file a complaint with the Office of the Privacy Commissioner of Canada, and/or with any other applicable data protection authorities.
Minors
Purple Lotus’ products and Services are not intended for users under 21 years of age. We do not knowingly collect Personal Information from users under 21 years of age. We do not authorize users under 21 years of age to use the Services or to purchase any of our products.
Information Security
We utilize reasonable information security measures to safeguard your Personal Information against unauthorized access, modification, or destruction. For example, we utilize Secure Socket Layer (SSL), Transport Layer Security (TLS), or similar encryption technology when sensitive data is transmitted over the Internet, and use firewalls to help prevent external access into our network. However, no data transmission over the Internet and no method of data storage can be guaranteed to be 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its security.
We restrict access to Personal Information in our possession to our employees, Service Providers, and Online Tool Providers who need to know that information in order to operate, develop, improve or support our Services. If we share Personal Information with Service Providers or Online Tool Providers, we require that they also use reasonable information security measures to safeguard your Personal Information, and only use your Personal Information for the purposes for which we share it with them.
Third Party Websites
Please note that the Services may link or integrate with third-party sites, services or apps. We are not responsible for the privacy or security policies or practices or the content of such third parties. Accordingly, we encourage you to review the privacy and security policies and terms of service of those third parties so that you understand how those websites collect, use, share and protect your information.
Changes to this Policy
We may modify or update this Privacy Policy periodically with or without prior notice by posting the updated policy on this page. You can always check the “Last Updated” date at the top of this document to see when the Privacy Policy was last changed. If we make any material changes to this Privacy Policy, we will notify you by reasonable means, which may be by e-mail or posting a notice of the changes on our website prior to the changes becoming effective. We encourage you to check this Privacy Policy from time to time. IF YOU DO NOT AGREE TO CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES (WHICH IS THE “LAST UPDATED” DATE OF THIS PRIVACY POLICY).
Questions
To ask questions about our Privacy Policy or to lodge a complaint, contact us at:
VMK, Inc.
752 Commercial Street., San Jose, CA 95112, U.S.A.
Email: customercare@purplelotuspatientcenter.com
Privacy Notice for California Residents
This Privacy Notice for California Residents (the “Notice”) supplements the information contained in our Privacy Policy and applies only if you reside in the State of California (you are a “California Consumer”).
For purposes of this Notice “Sell,” “Selling,” “Sale,” or “Sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Personal Information to another business or a third party for monetary or other valuable consideration.
“Verifiable Request” means the identifying information provided by a consumer in connection with a request matches the personal information of the consumer already maintained by us. Identifying information includes name, mailing address, and email address. We reserve the right to request additional information for purposes of verification. If we maintain a password-protected account with you, we may verify your identity through our existing authentication practices for the password-protected account and if so, we will require you to re-authenticate yourself before fulfilling your request.
Information We Collect
In the past twelve (12) months, Purple Lotus has collected the following categories of Personal Information from California residents:
- Identifying and contact information;
- Age verification information;
- Payment information;
- Purchase history;
- Medical marijuana reference information;
- Military service information; and
- Technical information about your device
Purple Lotus obtains this Personal Information directly from you. For example, from forms you complete or products and services that you purchase.
Use of Personal Information
Purple Lotus may use or disclose the Personal Information we collect for one or more of the following “Business Purpose(s):”
- To fulfill or meet the reason you provided the information
- To provide our website and online services
- To send you offers regarding Purple Lotus products (e.g. via email)
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations
- To respond to your requests under the California Consumer Privacy Act of 2018 (the “CCPA”)
- For any other purpose described to you when we collect your Personal Information; and
- For any other acceptable purposes as set forth in the CCPA.
Unless we notify you otherwise, we will not collect additional categories of Personal Information, nor use the Personal Information we collect for any other materially different, unrelated, or incompatible purposes.
Sharing Personal Information
Within the last 12 months Purple Lotus has disclosed your Personal Information as described in this Notice.
Purple Lotus discloses Personal Information to third parties for a Business Purpose. When we disclose Personal Information for a Business Purpose, we enter into an agreement with the receiving party that describes the purpose for sharing the Personal Information, and that requires the receiving party to keep that Personal Information confidential and not use it for any purpose other than performing the services according to the agreement.
We may disclose your Personal Information with the following categories of third parties: service providers.
In the past twelve (12) months, Purple Lotus has not Sold any Personal Information about California Consumers.
Your Rights and Choices
If you are a California Consumer, you may request information about our collection, use, disclosure and Sale of your Personal Information over the past twelve (12) months, whether or not it was collected electronically. If you submit a Verifiable Request, we will disclose:
- the categories of Personal Information we have collected about you; the categories of sources from which your Personal Information was collected; our business or commercial purpose for collecting or Selling your Personal Information; the categories of third parties with whom we share that Personal Information; and the specific pieces of Personal Information we collected about you; and
- if we Sold or disclosed your Personal Information for a Business Purpose: what categories of Personal Information we Sold, and to which categories of recipients we Sold it to; and what categories of Personal Information we disclosed for a Business Purpose, and to which categories of recipients we disclosed it to.
You also have the right to request that we delete any of your Personal Information that we collect or maintain by submitting a Verifiable Request. We may deny your deletion request if retaining your Personal Information is necessary for us or our service providers to:
- Complete the transaction for which we collected your Personal Information, provide goods or services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the achievement of such research, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
If you choose to exercise a privacy right under the CCPA, you have the right not to receive discriminatory treatment.
You may submit a Verifiable Request for the information listed above, or exercise any of your rights enumerated under this Notice, by calling us at 408-456-0420, or by email to customercare@purplelotuspatientcenter.com. You may also submit a Verifiable Request on behalf of your minor child.
After we receive your Verifiable Request, we will provide to you, in writing and free of charge (unless your request is excessive, repetitive, or manifestly unfounded), the requested information for the 12-month period preceding your request. You can choose to have this information delivered to you by postal mail or electronically. We will try to respond to your verified request within forty-five (45) days of receipt, but if we require more time (up to another forty-five (45) days) we will inform you of the reason and extension period in writing. Please note that we are not required to comply with your request for information more than twice each year. If applicable, our response will explain the reasons why we cannot comply with your request.
Purple Lotus does not and will not, without first obtaining your consent, Sell Personal Information.
Should you choose to exercise any of the rights enumerated under this Notice, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, please be aware that it may be a functional necessity for our Services to have Personal Information about you in order to operate, and we may not be able to provide some or all of our Services to you if you direct us to delete your Personal Information.