DCP is a product that offers a variety of services to legal cannabis retailers. We would like to make you aware of what personally identifiable information (PII) we collect about consumers and how we use this information.
What Personally Identifiable Information does DCP collect?
DCP may collect the following categories of PII from users, retailers, consumers, patients, and caregivers:
- Personal identifiers, such as name, date of birth, uploaded picture, state ID, email address, and phone number.
- Internet activity information, such as IP addresses and GPS location.
- Commercial activity, such as dispensary or medical facility name and location.
DCP does not store customer payment information and product purchase history.
How does DCP collect this information?
All data collected by DCP is manually entered into the product by users or ingested into the product from an existing record system or online service.
How does DCP use this information?
DCP uses your data to deliver and improve its product. Data from employees is used to log into our system and deliver content. Data from customers enables retailers to deliver a customized service. Data from patients is used to comply with state's medical cannabis legislation. DCP does not sell personally identifiable information to third parties. DCP may share aggregated, anonymized data to third parties. DCP takes appropriate steps to ensure anonymous data cannot be linked to individual's identities. DCP may disclose information to law enforcement to comply with relevant laws.
Does DCP collect data from individuals under the age of 16?
DCP collects data that is input into it by its users. DCP software is not intended for use by individuals under the age of 16. DCP will never sell the data of individuals 16 years or younger. Please consult with your local retailer or medical provider for more information on how they use your data.
DCP uses a service called FullStory to track user actions on the site, troubleshoot issues, and enhance the user's experience. To provide this functionality, DCP creates a first party cookie for FullStory upon login. FullSory does not use this data for any purpose other than to deliver this service to its customers.
Most browsers allow you to manage, delete, and prevent downloading cookies from a particular site.
Is DCP secure?
DCP stores user data in secure, SOC2 certified data centers. All traffic between users and the product is secured with AES encryption to prevent data from being intercepted in transit. All users are authenticated with a username and password. Network security rules isolate DCP servers from the internet. Server and database access is restricted to approved users. Automated, manual, and third party testing are used to maintain the security of the product.
DCP encourages users to log out of the system when they are finished working with it and to never share login credentials.
Where is my data stored?
Your data is processed and stored within the United States or Canada, depending on the location of the establishment you visited. Server and database backups are stored in the United States.
Does DCP support Do Not Track browser settings?
DCP does not currently support Do Not Track browser settings, however, DCP also does not use tracking cookies.
DCP will provide, or work with retailers to provide, any information the site has collected on verified users or consumers. DCP will destroy collected user information if it is legally permitted to do so. You may receive an email or phone call to your documented contact method to verify ownership of the data. If DCP cannot verify your identity, please contact your retailer to ensure your data is properly deleted. DCP will not discriminate against anyone who exercises their rights under the California Consumer Privacy Act.
For information about your personal data, please contact DCP at the following:
855 Publishers Parkway
Webster, NY 14580