At Canna Health Amsterdam, we value your privacy and data security. We do everything to make sure your data is safe with us, and only with us.

We believe that your privacy should be our priority, and it is our responsibility to take care of your privacy. Since we’re located in the Netherlands, we are bound by GDPR (the General Data Protection Regulation). 

Continue reading our privacy policy to learn more about when we collect your information, what we do with it and how we protect it.

This Privacy Policy describes how your personal information is collected, used, processed and shared when you visit or make a purchase from (the “website”). It also informs you of your rights regarding your personal information that we hold.

  1.  What Personal Data we collect, how and why

1.1 Website

  • Our website uses cookies to collect data about you and your web-enabled device (for example, your computer, smartphone or other device) – see the “Terms & Conditions” section, for more information.
  • We also collect your IP address and geographical location from which you accessed our website, your internet connection and browser type, and information about how you use our website (for example, which pages you view, when you view them, and what you click on).
  • The collection of this data is automatic as soon as you visit our website.
  • Why do we collect this data? We use this data to understand more about how you and other users interact with our website.

1.2 Newsletter

  • With your explicit permission, we may send you newsletters about our store, new products, and other updates. The following information is collected in context of the newsletter:
    • First & last name
    • E-mail address
  • Why? To send newsletters and promotions, and we use your name to personalise these emails. You can always opt out of these emails through the unsubscribe link in the bottom, or by contacting us at

1.3 Comments, reviews, job applications, etc.

  • We collect the Personal Data that you explicitly provide when you submit comments, feedback, questions, product reviews or job applications, and when you complete a survey or quiz or enter a contest on our website.
  • Why? To respond to these events whenever necessary. We will not use this data to contact you for marketing purposes.

1.4 Customer service

  • When you email us or send us something via postal service, we collect your Personal Data
  • Why? To respond to you and keep a record of our correspondence.

1.5 Accounts

  • When you place an order on our website, we require you to create an account. You can also choose to create an account without placing an order. When you create an account, we collect the following data that you explicitly provide us:
    • First & last name
    • Address
    • Phone number
    • IP address
    • E-mail address
    • Payment details
    • Password
  • Why? To ship you your order, to be able to provide you with customer service, and to save you time if you want to place another order in the future. You can close your account at any time by contacting us at

1.6 Accounts

  • When you place an order on our website, we require you to create an account. You can also choose to create an account without placing an order. When you create an account, we collect the following data that you explicitly provide us:

Canna Health Amsterdam processes Personal Data for the following purposes:

  • the performance of the agreement (for example: fulfilling your order),
  • compliance with a statutory obligation (for example: keeping invoices for tax purposes),
  • the promotion of legitimate interests of Canna Health Amsterdam (for example: fraud prevention),
  • after obtaining permission from the customer (for example: you explicitly subscribe to our newsletter),
  • based on another reason included in Article 6 (1) of the General Data Protection regulation (EU 2016/679).

We do not intentionally or knowingly collect sensitive personal information about you, meaning, any information that reveals your race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information used to identify you, and any information concerning your health, sex life or sexual orientation. If you share sensitive personal information with us, we process it and may delete it with the understanding that you explicitly consented to its deletion.

  1. How we use Personal Data

We use your Personal Data to provide you with a rich and interactive experience on our website.

Your data is used to market and sell our products, to provide customer support, to fulfil your order requests and provide invoices, confirmations and updates, to improve and develop our products and website, to make product recommendations, and to send you promotional communications, targeted advertising and relevant offers.

We use your Personal Data to respond to your comments, feedback and questions, to notify you about changes to our website, and to provide you with emails, alerts or updates if you have consented to receiving these from us.

The Personal Data we collect can tell us a lot about how users interact with our website and other marketing communications. We perform various data analytics to deepen our understanding of our website users, and we anonymise this data whenever possible (for example: IP anonymization in Google Analytics). We can improve our websites and marketing activities when we better understand usage behaviour.

When legally required to do so, we will use Personal Data to comply with our legal obligations and any applicable laws and regulations.

  1. Where we store and process Personal Data

We are located in the Netherlands, with a global reach. All your data is safely and securely stored on our servers, with our website, when you provided your information for an order or when you visit our site or make a payment for a purchase from our e-shop.

  1. Who we share Personal Data with and why

We share your Personal Data only when we have a legitimate reason for doing so. We do not sell or give away your Personal Data.

We use a variety of third-party service providers to help us market and sell our products online. We have entered into a data processing agreement with all our third-party providers. The following third parties process Personal Data on our behalf:

  • We use Google for analytics for web analytics services. We have configured Google Analytics to anonymize IP addresses so that no personal information is captured or shared with Google. You can read more about how Google uses your Personal Data here: You can also opt-out of Google Analytics here:
  • We use UPS and PostNL  as our shipping carriers to send your order to you. The data we share with them is that required to print a shipping label for your order and to be able to track the delivery of your order. Please read UPS’s and PostNL’s  Privacy Policy at the corresponding websites Privacy Policy pages.
  • We use Facebook Apps, for logging into your account via Facebook. Facebook asks for access via your personal Facebook profile. We do not see or use any of other information, collected by Facebook, apart from the ones we mention on this Privacy Policy Statement.
  • We use different share buttons (Facebook’s “like” button, Twitter’s “tweet” button, Pinterest’s “pin” button and LinkedIn’s share button). Even if you do not click on these plug-ins, they may collect information about you, such as your IP address and the pages that you view. They also may set and/or access a cookie. These plugins are governed by the privacy policy of the company providing them.
  • Trustpilot: We use for collecting reviews from our customers in order to give you a better experience using this website.  Refer to trustpilot’s privacy policy and Cookies pages for more information on how they use your date.
  • Omnisend: We use Omnisend in to send emails for promotions and informations regarding your purchases. Please refer to Omnisend’s Privacy Policy page to see how they use your information.
  1. How long we retain Personal Data

We will not retain your Personal Data for longer than necessary for the purposes set out in this policy, or longer than is required by (tax) law. Different retention periods apply for different types of data, but the longest we will hold any Personal Data is 10 years.

  • Account information: We store your account-related data as long as you keep the account active. When an account is closed, the related data will be deleted within a reasonable period. Requests regarding inspection or correction of stored Personal Data, or the removal of an account can be sent to:
  • Newsletter information: We keep your data in our newsletter database as long you don’t revoke your consent. Consent can easily be revoked by using the unsubscribe option below each email, or by contacting us at
  1. How we keep your Personal Data secure

We use a range of measures to keep your Personal Data safe and secure:

  • We and our third-party service providers use secure servers to store your Personal Data. Secure Sockets Layer (“SSL”) technology is used to encrypt transfers of data to and from our servers and to encrypt payments you make on or via our website.
  • Our databases are exceptionally protected against unauthorised persons. For example, access to the database is only possible and permitted by approved IP addresses. Other attempts and addresses are refused at all times.
  • We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect Personal Data when using and transferring such data. All third parties mentioned in “Who we share Personal Data with and why” are screened, GDPR compliant, and are provided with a processor agreement.
  • Staff only has access to personal information that is strictly needed for their jobs. 

If a data breach occurs which jeopardises the security of your Personal Data, we will work with our third-party service provider(s) to address the breach. In case of a data breach of sensitive data, we will notify users promptly within 72 hours of discovery of the breach.

  1. How to access and control your Personal Data

You can contact us at any time to request access to, deletion of and/or edits to your Personal Data. Please contact us, outlining your request, at, or at the address provided in the “How to contact us” section, below.

You can withdraw your consent at any time for anything you gave consent to. You can also object to or restrict our use of your Personal Data.

If you have a customer account on our website, or you have posted any comments our website, you can request to receive an exported file of your Personal Data.

You can also request that we delete any Personal Data we hold about you, excluding any data we are obligated to keep for administrative, legal or security purposes.

When you request access to your Personal Data, we are required to use all reasonable measures to verify your identity before granting access. We do this to protect your data and limit the risk of potential identity fraud/theft or unauthorized access.

Finally, you have the right to contact the privacy or data protection regulator in the country where you live to make a complaint. You can find a list of all European Data Protection Authorities here:

  1. How we use cookies and similar technologies

We collect website information using the following technologies:

  • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier.
  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • “Analytics”, tracking time spent on the site, number of visits, and behaviour on the site.

When we include links to other websites, those sites will have their own privacy and cookie policies that will govern the use of your Personal Data on those sites. We recommend you check their policies as we are not responsible or liable for their practices.

Web browsers are typically set up to accept cookies but if you wish to amend your cookie preferences, you can do this through your browser settings. If you choose to turn off certain cookies, it may affect the functionality of our website.

The cookies we use cannot look into your computer, smartphone or web-enabled device and obtain information about you or your family or read any material kept on your hard drive. If you use a public computer to access our websites, our cookies cannot be used by anyone else who has access to that computer to find out anything about you, other that the fact that someone using that computer may have visited this site.

8.1 How to control cookies?

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. You can also choose to delete cookies via your browser settings.

  1. Changes to this Privacy Policy

We may modify this policy from time to time. When we do, we will provide notice to you by publishing the most current version and revising the date at the top of this page. By continuing to use our websites after changes to this policy come into effect, you agree to the revised policy.

  1. How to contact us

If you have any questions or requests about this Privacy Policy, please contact our Data Protection Officer at:

  • Email: