OUR COMMITMENT TO DATA PRIVACY

Global Cannabis Product (“we,” “our,” or “the Platform”) is committed to protecting the privacy, integrity, and security of personal and business data processed through our international trade infrastructure.

We operate as a global B2B marketplace connecting verified buyers and licensed suppliers, and we fully respect applicable data protection laws, including the General Data Protection Regulation (GDPR).

We are committed to ensuring that all personal data is:

• Processed lawfully, fairly, and transparently
• Collected only for legitimate and specified purposes
• Minimised to what is strictly necessary
• Stored securely with appropriate technical safeguards
• Retained only for as long as required by law or operational need

---

 

2. LEGAL BASIS FOR DATA PROCESSING (GDPR ARTICLE 6)

We process personal data under the following legal bases:

• Contractual necessity: to provide platform services and execute transactions
• Legal obligation: to comply with AML, KYC, tax, customs, and regulatory requirements
• Legitimate interest: to prevent fraud, ensure platform security, and improve services
• Consent: where required for optional communications or marketing

---

 

3. HOW WE COLLECT YOUR DATA

We collect data in the following ways:

   3.1 Direct Collection

• Account registration details
• KYC/KYB verification documents
• Business and licensing information
• Transaction and escrow data

   3.2 Platform Usage Data

• Login activity and device information
• IP address and location signals
• System logs and interaction history

   3.3 Third-Party Sources

• Identity verification providers
• Compliance screening databases
• Payment and escrow partners (regulated entities only)

---

 

4. HOW WE USE YOUR DATA

We use personal data strictly for:

• Identity verification (KYC/KYB compliance)
• Facilitating secure trade transactions
• Managing escrow payment systems
• Regulatory and legal compliance (AML, customs, sanctions screening)
• Fraud prevention and platform security
• Customer support and dispute resolution
• Improving platform performance and reliability

We do not sell or misuse personal data under any circumstances.

---

 

5. DATA SUBJECT RIGHTS (GDPR RIGHTS)

As a data subject under GDPR, you have the following rights:

   5.1 Right of Access

You may request access to the personal data we hold about you.

   5.2 Right to Rectification

You may request correction of inaccurate or incomplete data.

   5.3 Right to Erasure (“Right to be Forgotten”)

You may request deletion of your personal data, subject to legal and regulatory retention obligations.

   5.4 Right to Restriction of Processing

You may request limitation of how your data is processed in certain circumstances.

   5.5 Right to Data Portability

You may request a copy of your data in a structured, machine-readable format.

   5.6 Right to Object

You may object to processing based on legitimate interest, subject to legal limitations.

---

 

6. DATA RETENTION POLICY

We retain personal and transactional data only as long as necessary for:

• Regulatory compliance (AML/KYC laws)
• Financial recordkeeping obligations
• Dispute resolution and legal enforcement
• Operational and audit requirements

Retention periods may range from 5 to 10 years, depending on applicable jurisdiction.

---

 

7. DATA SECURITY MEASURES

We implement industry-leading security controls, including:

• End-to-end encryption (E2EE)
• Secure cloud infrastructure with redundancy
• Multi-factor authentication (MFA)
• Role-based access controls (RBAC)
• Continuous monitoring and intrusion detection systems
• Regular security audits and compliance reviews

Despite these measures, no system can guarantee 100% security.

---

 

8. INTERNATIONAL DATA TRANSFERS

As a global platform, data may be transferred outside the European Economic Area (EEA).

We ensure appropriate safeguards, including:

• Standard Contractual Clauses (SCCs)
• Encryption of data in transit and at rest
• Restricted access policies for third-party processors

---

 

9. DATA SHARING

We may share data only with:

• Verified counterparties involved in transactions
• Regulated financial and escrow service providers
• Logistics and customs authorities (where required by law)
• Compliance, AML, and fraud prevention partners
• Legal or regulatory authorities upon valid request

We never sell personal data to third parties.

---

 

10. AUTOMATED DECISION-MAKING

Certain compliance processes (such as AML screening or risk scoring) may involve automated systems.

These systems are used to:

• Detect fraud or suspicious activity
• Ensure regulatory compliance
• Assess transaction risk levels

Users may request human review where applicable.

---

 

11. DATA PROTECTION OFFICER (DPO)

We have appointed a dedicated Data Protection Officer responsible for GDPR compliance and privacy governance.

Data Protection Officer (DPO)
Email: [Insert DPO Email]
Department: Global Data Compliance Office

The DPO oversees:

• GDPR compliance enforcement
• Data subject request handling
• Internal privacy audits
• Regulatory coordination

---

 

12. SECURITY BREACH NOTIFICATION

In the event of a personal data breach that poses a risk to users, we will:

• Investigate and contain the incident immediately
• Notify affected users where legally required
• Report to relevant supervisory authorities within GDPR timelines (72 hours where applicable)
• Implement corrective security measures

---

 

13. CHANGES TO THIS POLICY

We may update this GDPR Compliance Notice periodically to reflect legal, technical, or operational changes.

Updated versions will always be published with a revised effective date.

---

 

14. CONTACT INFORMATION

For GDPR-related inquiries, data requests, or compliance concerns:

Global Cannabis Products Privacy & Compliance Office
Email: info@globalcannabisproduct.com
Support:  Global Cannabis Product Support