1. Introduction
Express Highs (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit and use our blog at blog.expresshighs.com (the “Blog”).
This policy is drafted in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data protection laws.
Please read this policy carefully. By using our Blog, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
Express Highs Website: https://www.expresshighs.com Blog: https://blog.expresshighs.com Contact email: [INSERT CONTACT EMAIL] [INSERT REGISTERED ADDRESS]
If you have any questions or concerns about how we handle your data, please contact us at the address above.
3. What Personal Data We Collect
Depending on how you interact with our Blog, we may collect the following categories of personal data:
3.1 Data You Provide Directly
- Newsletter subscriptions: Your email address and name (if provided) when you subscribe to our weekly newsletter covering cannabis, CBD, legal highs, and related topics.
- User account registration: Your name, email address, and password when you create an account on our Blog.
- Contact enquiries: Any information you submit when contacting us via forms or email, including your name, email address, and the content of your message.
- Free sample requests: Name, email address, and delivery address when requesting free product samples through the Blog.
3.2 Data Collected Automatically
When you visit our Blog, we and our third-party service providers may automatically collect:
- Usage data: Pages visited, time spent on pages, links clicked, and referring URLs.
- Device and technical data: IP address, browser type and version, operating system, screen resolution, and device identifiers.
- Cookie data: Information stored via cookies and similar tracking technologies (see Section 8 for details).
4. Legal Basis for Processing
We process your personal data on the following legal bases under Article 6 GDPR:
| Processing Activity | Legal Basis |
|---|---|
| Newsletter delivery | Consent (Art. 6(1)(a)) |
| User account management | Contractual necessity (Art. 6(1)(b)) |
| Responding to enquiries | Legitimate interests (Art. 6(1)(f)) |
| Website analytics and security | Legitimate interests (Art. 6(1)(f)) |
| Free sample fulfilment | Contractual necessity (Art. 6(1)(b)) |
| Legal compliance obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
5. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
- To operate and maintain our Blog and deliver the content and services you request.
- To send you our weekly newsletter (cannabis, CBD, legal highs, and related news) if you have subscribed.
- To respond to your enquiries and provide customer support.
- To process and fulfil free sample requests.
- To monitor and analyse Blog usage for performance improvement and security purposes.
- To comply with applicable legal obligations.
- To prevent fraud and protect the integrity of our Blog.
We will not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
6. Newsletter and Marketing Communications
If you subscribe to our newsletter, we will send you a weekly email covering cannabis, CBD, legal highs, cannabinoids, and related news.
- Opt-in: Subscription is based on your explicit consent.
- Opt-out: You may unsubscribe at any time by clicking the unsubscribe link in any newsletter email or by contacting us directly.
- Withdrawal of consent does not affect the lawfulness of any processing carried out prior to your withdrawal.
We do not send unsolicited commercial communications.
7. Sharing Your Personal Data
We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients only as necessary:
- Service providers: Third-party providers who help us operate the Blog, including hosting providers, email delivery platforms (e.g. newsletter tools), and analytics services. These providers act as data processors and are bound by data processing agreements.
- Legal authorities: Where required by law, court order, or to protect our legal rights and the safety of users.
- Business transfers: In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the acquiring entity.
All third-party service providers are required to implement appropriate technical and organisational security measures and to process personal data only as instructed by us.
8. Cookies and Tracking Technologies
Our Blog uses cookies and similar technologies to enhance your experience, analyse traffic, and support security functions.
Types of Cookies We Use
| Cookie Type | Purpose |
|---|---|
| Strictly necessary | Required for the Blog to function (e.g. session management, login) |
| Analytics/performance | Help us understand how visitors use our Blog (e.g. Google Analytics) |
| Preference | Remember your settings and preferences |
| Marketing | Used to serve relevant content (only with your consent) |
You can manage or withdraw your consent to non-essential cookies at any time via our cookie consent banner or your browser settings. Please note that disabling certain cookies may affect the functionality of the Blog.
For more information about managing cookies, visit www.allaboutcookies.org.
9. International Data Transfers
Express Highs is a European-based company. Some of our third-party service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place to protect your personal data, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Transfers to countries with an adequacy decision by the European Commission.
You may request details of the specific safeguards applied to any international transfer by contacting us.
10. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:
| Data Type | Retention Period |
|---|---|
| Newsletter subscriber data | Until you unsubscribe or withdraw consent |
| User account data | For the duration of your account + 2 years after deletion |
| Contact enquiry data | 2 years from the date of your enquiry |
| Website analytics data | Up to 26 months (aggregated/anonymised where possible) |
| Legal/compliance records | As required by applicable law (typically up to 7 years) |
After the applicable retention period, personal data is securely deleted or anonymised.
11. Your Rights Under the GDPR
As a data subject under GDPR, you have the following rights with respect to your personal data:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): You may request deletion of your personal data (“right to be forgotten”), subject to legal exceptions.
- Right to restriction of processing (Art. 18): You may request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20): Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent (Art. 7(3)): Where we rely on consent, you may withdraw it at any time.
- Right not to be subject to automated decisions (Art. 22): We do not engage in solely automated decision-making with legal or similarly significant effects.
To exercise any of these rights, please contact us at: [INSERT CONTACT EMAIL]
We will respond to your request within 30 days. We will not charge a fee for reasonable requests. We may need to verify your identity before processing your request.
12. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with a supervisory authority. In the EU, you may contact the data protection authority in your country of residence.
A list of EEA supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
We encourage you to contact us first so we can address your concerns directly.
13. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:
- Secure HTTPS encryption for all data transmitted through the Blog.
- Access controls limiting who can access personal data.
- Regular security reviews of our systems and processes.
- Data minimisation — we only collect personal data that is necessary.
No method of transmission over the internet is completely secure. If you have reason to believe that your data has been compromised, please contact us immediately.
14. Children’s Privacy
Our Blog is intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.
15. Third-Party Links
Our Blog may contain links to third-party websites, including our main shop at www.expresshighs.com and social media platforms (Facebook, Twitter, Pinterest, WhatsApp). This Privacy Policy applies only to blog.expresshighs.com. We are not responsible for the privacy practices of third-party websites and encourage you to review their respective privacy policies.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any significant changes by posting the updated policy on this page with a revised “Last updated” date. Where required by law, we will seek your renewed consent.
We encourage you to review this policy periodically.
17. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Express Highs — Data Privacy Contact Form Website: https://www.expresshighs.com Blog: https://blog.expresshighs.com
