Personal Data Protection
1. The operator of the web portal www.cbdium.eu (hereinafter referred to as the “portal”) is Hemp M&S GmbH, Fabriksplatz 1a, 2410 Hainburg an der Donau, e-mail: firstname.lastname@example.org (hereinafter referred to as the “Company”). The seller of goods and services on the portal is the Company. The Company is processing the personal data and is hereinafter referred to as the “controller”.
2. In the protection of personal data, we comply with the applicable legislation on personal data protection (Data Protection Act Datenschutzgesetz (DSG), BGBl. I No. 165/1999 as amended and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) and we follow the principles described in this document.
3. We obtain personal data from the customer exclusively in connection with the provision of services and the sale of goods. In order to provide the service or deliver the goods properly, we also need some personal data of the customer. We collect personal data to the extent of the registration form or contact form or later when provided by the customer.
4. We request the provision of personal data in the following range: name and surname, delivery address, e-mail and telephone number. These data are necessary for registration of the customer, for the creation of the purchase contract, delivery of goods, as for other purposes related to the legal relationship between the customer and the controller.
5. We archive personal data in accordance with valid legal regulations, for a period of 7 years.
6. By registering, the customer obtains a user account, through which he has individualized access to the offer of goods and services, as well as to his personal data and data on the purchase history. The customer can enjoy the loyalty benefits only if he/she is properly registered and has a functional user profile. The data contained in the user account are processed automatically. They can be aggregated and evaluated for the purpose of processing the shopping behaviour of the customer, as well as for the personalized display of content on the portal pages.
7. The obtained personal data are securely stored in a database located on the servers of our web and cloud service providers – WebSupport, sro, Staré Grunty 12, 841 04 Bratislava, ID number: 36 421 928, Sync.com Inc., 105-155 Gordon Baker Road Toronto, ON M2H 3N5, Canada and Woocommerce.com – Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, United States of America.
8. We use an encrypted connection to collect, use and share personal information.
9. We do not disclose, sell, lend or otherwise provide personal information to third parties. We will provide personal data to a third party only if it is required by law or if it is necessary for enter into a contractual relationship with a third party in connection with the performance of the controller’s obligations.
10. We provide personal data to the contracting party / service provider, whose services need to be used when providing the service or selling goods to the customer. These are, for example, transport companies / postal companies. In such a case, we will always contractually adjust and agree on the method of using personal data.
11. We do not process data on payment cards or logging in to internet banking or Paypal. Payments are processed through third parties – payment gateway providers and banks. We have no access to the data provided by the customer to the payment processor. We only receive information on whether or not the payment has been processed.
12. We may process personal data for marketing purposes associated exclusively with the promotion of the Company’s activities, goods and services. It is mainly the sending of news in the form of a “newsletter”, addressing in the framework of announced competitions or discounts. If we use third party services (e.g. MailChimp service) for such communication, the third party will only be provided with an email address and at the same time it will be an intermediary who meets all legal requirements for working with personal data.
13. When personalizing the services offered to customers and when communicating with customers, we will use exclusively analytical services, which are from reputable providers responsible for handling personal data. These are, in particular, automated data collection services when visiting websites (eg IP address, date and time of presence on the website, type of device or Internet browser used to browse the website, language setting, clicks, displayed pages). However, the data obtained in this way are not linked to the personal data of the specific person browsing the website and are therefore not considered as personal data.
14. We do not use or provide any data obtained for so-called remarketing.
15. We use the functionality of cookies, as they allow the person browsing our website to recognize users’ devices via the Internet browser and store information about the user’s preferences, which will be automatically offered to him/her on the next visit. Cookies provide us with anonymous and aggregated data, and therefore are not assignable to a specific person. The customer can delete or block cookies through his/her web browser.
16. Personal data can be changed and deleted by a customer, resp. request their change and deletion. The customer has at any time the right to refuse to provide personal data, request the termination of their processing, their deletion. We will comply with the customer’s request immediately.
17. In connection with the processing of personal data, you have the following rights as a customer:
- a) the right to access your personal data,
- b) the right to correct incorrect personal data,
- c) the right to restrict (block) the processing of personal data,
- d) the right to object to the processing of personal data,
- e) the right to delete personal data,
- f) the right to transfer personal data,
- g) the right to propose the initiation of proceedings before the Office for Personal Data Protection.
The customer can exercise these rights by sending a written request to the controller’s address or by email to: email@example.com.
18. The customer has the right at any time to withdraw his consent to the processing of data with effect for the future. Revocation of consent shall not affect the lawfulness of the processing of data carried out based on the consent prior to its revocation. After revoking the consent, the processor shall ensure the deletion of the personal data of the customer, unless it is necessary to keep this data for legal reasons.
19. Contact details of the responsible person: firstname.lastname@example.org. A customer may at any time contact the responsible person with questions concerning the protection of personal data.