- Who we are
- Information we may collect about you
- How we may use that information
- Disclosure of your details to third parties
- Security of your personal information
- Your rights to access your personal information
- Contact details and further information
Who we are
MACCTI, LLC is a Limited Liability Company, registered in the Commonwealth of Massachusetts since 2018.
Our mission is to provide quality training, best practices, and general information regarding the cannabis industry, including but not limited to compliance and workforce excellence.
We are committed to protecting your personal information and to being transparent about the information we hold about you.
We will use the information that we collect about you in accordance with:
- 201 CMR 17
- 801 CMR 3
- The Data Protection Act 1998
- The Privacy and Electronic Communications (EC Directive) Regulations 2003
- The General Data Protection Regulation (EU) 2016/679, which replaces the Data Protection Act 1998 from 25 May 2018
If you have any questions, please contact [email protected]
Information we may collect about you
We collect different information about you in a number of ways:
Information you give us
When you create an account from our website, we’ll store the personal information you give us such as your name, email address, mailing address, phone number, and the course you have signed up to take. We do not retain any payment card details beyond processing needs.
When setting up an account with MACCTI, we will ask you to answer some random questions that only you will know the answer to. This information will be stored to enable us to do further security checks on occasion to confirm your identity.
When you create an account with MACCTI, we use a company called BioSig to confirm your identity. They will do this by comparing your selfie to your photo-ID. We only store your photo for the time it takes to analyze and confirm if a match.
At the time your identity is confirmed by our partner BioSig, you will have set up a four-digit access code to enable you to log into your account with us. This access code is stored and will be referred to on occasion as and when required.
Information about your interactions with us
When you visit our website and our courses, we collect information about how you interact with our content.
We take note of the course you take and will store the results of your exams, the date you completed the course and the renewal date that the course should be taken again.
When we send you an email we store a record of this, and we keep a record of which ones you have opened and which links you have clicked on.
We use social media to broadcast messages and updates. Occasionally, we may reply to comments or questions you make to us on social media platforms.
We may also make a note of conversations we have had with you in person, and/or of communications you send us. This helps us manage our relationship with you and ensures you only receive communications from us that are relevant and timely.
Information from third parties
MACCTI has entered into a contractual relationship with BioSig LLC, a third-party vendor providing identity verification services. In the course of this relationship, relevant individual user and/or aggregate statistical information shall be stored and shared between the parties for purposes of recordkeeping, billing, verification, and other business uses. MACCTI shall store all data received according to this policy.
Sensitive personal data
We recognize that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. In order to ensure that we can meet our commitment to the diversity goals of the Commonwealth of Massachusetts and the Cannabis Control Commission, we would kindly ask you to let us know your ethnicity for statistical purposes.
How we may use your information
There are three bases under which we may process your data:
When you buy a course from us, you are entering into a contract with us. In order to perform this contract, we need to process and store your data. For example, we may need to contact you by email or telephone in the case difficulties arise with our courses, or in the case of problems with your payment.
Legitimate business interests
In certain situations, we collect and process your personal data for purposes that are in our legitimate organizational interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.
With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely, respectful, and never excessive. To do this, we use data that we have stored about you, such as when your certificate expires and provide you details about the course or other courses that might interest you.
We use our legitimate organizational interest as the legal basis for communications by post and email. We do not foresee any reason to conduct postal mailings at this time, but we wanted you to be aware that in the event that we believe it useful to you, we may do so in the future however you may opt out of receiving these at any time using the contact details at the end of this policy.
In the case of email, we will give you an opportunity to opt out of receiving marketing communications during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we send you subsequently. Alternatively, you can use the contact details at the end of this policy or update your contact preferences in your online account with us.
We may also contact you about our work by telephone. You may opt out of receiving these at any time using the contact details at the end of this policy or by updating your contact preferences in your online account with us. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases.
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organizational interests.
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyze data we hold about you in order to identify and prevent fraud.
In order to improve our website, we may analyze information about how you use it and the content that you interact with.
In all of the cases above we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
Disclosure of your details to third parties
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
1) To BioSig, LLC who assist MACCTI with the identification process.
2) To other trusted third-party vendors providing services to MACCTI, with approved privacy policies.
∙ In these cases, we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
∙ Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
We do not sell personal details to third parties for any purpose.
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function.as well to provide website operators with information on how the site is being used and what improvements we can make.
Security of your personal information
Your debit and credit card information
When you use your credit or debit card to purchase from us, we will ensure that this is carried out securely, we will not store your payment details.
Maintaining your personal information
We store your personal information indefinitely such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.
Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
Your rights to access your personal information
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
Our MACCTI website and courses are designed and intended for those who have reached the age of majority (18 years of age). We do not knowingly collect or market to any individuals under the age of 18 through our website or courses. By using MACCTI courses, you affirm that you are at least 18 years of age or older. We are not liable for any damages that may result from a user’s misrepresentation of age on our sites.
For California Residents
If you reside in California and have provided personally identifiable information to us, you may request information about our disclosure of certain categories of personal information to third parties for their direct marketing purposes under California’s Shine the Light law. Such requests must be submitted to us at [email protected] or by calling 617.383.7717 and leaving a detailed message.
If you are a resident of California, effective January 1, 2020, you have the following rights under the California Consumer Privacy Act of 2018 (“CCPA”):
- to know what categories of personal information about you we have collected and used, including how the personal information was collected;
- to know what categories of personal information is being sold or disclosed and to know that your personal information has not been sold.
- to access your personal information, including the right to download or transfer personal information collected during the previous 12 months.;
- to request that your personal information be deleted, scroll down for more information on “Deletion Request Rights”
- to equal service and equal price for goods or services even if you exercise your rights under the CCPA.
If you are a California resident and you want to exercise any of your rights as set forth above, please contact us [email protected]. For all requests, it is helpful to put the statement “California Privacy Rights” in the body of your request, describe the nature of your request, and provide your name, street address, city, state, and zip code. In your request, you need to attest to the fact that you are a California resident and provide a current California address for our response.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech protect the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising access, data portability, and deletion rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
emailing at [email protected] or by calling 617.383.7717 and leaving a detailed message.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. For all requests, it is helpful to put the statement “California Privacy Rights” in the body of your request, describe the nature of your request, and provide your name, street address, city, state, and zip code. In your request, you need to provide enough information that allows us to reasonably verify that you are the person that we collected information about. We will not require you to incur any costs or fees in order to process or provide a verifiable request.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Contact details and further information
Email us: [email protected] MACCTI Inc,