1. Introduction
Wounded Warrior CBD is committed to protecting and respecting your privacy. This GDPR Policy explains how we collect, use, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
For the purpose of GDPR, the data controller is:
Wounded Warrior CBD
4780 I-55 North
Suite 100 #1111
Jackson, Mississippi 39211
(601) 751-7655
support@woundedwarriorcbd.com
(update if needed)
3. Personal Data We Collect
We may collect and process the following types of personal data:
Identity Data: Name, billing/shipping address
Contact Data: Email address, phone number
Transaction Data: Purchase history, payment details (processed securely via third-party providers)
Technical Data: IP address, browser type, device information
Usage Data: Website interactions and browsing behavior
Marketing Data: Preferences for receiving marketing communications
4. How We Use Your Data
We use your personal data to:
Process and fulfill orders
Provide customer support
Improve our website and services
Send transactional and (if opted-in) marketing communications
Prevent fraud and ensure website security
Comply with legal obligations
5. Legal Basis for Processing
Under GDPR, we rely on the following lawful bases:
Contractual necessity: To fulfill your orders
Legitimate interests: To improve services and prevent fraud
Consent: For marketing communications
Legal obligation: To comply with applicable laws
6. Data Sharing & Third Parties
We may share your data with trusted third parties, including:
Payment processors
Shipping and logistics providers
Website hosting and analytics services
Marketing platforms (if consent is provided)
All third parties are required to handle your data securely and in compliance with GDPR.
7. International Data Transfers
As we operate in the United States, your data may be transferred and processed outside the European Economic Area (EEA). We ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.
8. Data Retention
We retain your personal data only as long as necessary to:
Fulfill the purposes outlined in this policy
Comply with legal, tax, and regulatory obligations
Resolve disputes and enforce agreements
9. Your GDPR Rights
If you are located in the EEA, you have the right to:
Access your personal data
Request correction of inaccurate data
Request deletion (“Right to be Forgotten”)
Restrict or object to processing
Data portability
Withdraw consent at any time
To exercise your rights, please contact us using the details below.
10. Cookies & Tracking
Our website uses cookies and similar technologies to enhance your browsing experience, analyze traffic, and personalize content. You can manage cookie preferences through your browser settings.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or disclosure.
12. Children’s Privacy
Our website is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors.
13. Changes to This Policy
We may update this GDPR Policy from time to time. Any changes will be posted on this page with an updated effective date.
