GDPR

Dear Customers,

A new generally binding regulation regarding Privacy Policy came into force on 25 May 2018.

It is known as GDPR (General Data Protection Regulations, or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data; and the repeal of Directive 95/46/EC).

This fact fundamentally affects the way the personal data of customers are handled. Nothing changes in the scope and quality of our goods and services. On the contrary, from now on, our customers enjoy even greater protection of their personal data.

Protecting our customers' contact information is a long-term priority of HempSapa® - A brand of the company HEMP SAPA s.r.o. 

The new "GDPR" regulation primarily extends the definition of what are personal data by a class of biometric and genetic data.

Personal data is, according to GDPR, any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

What does it mean for customers of our e-shop https://www.hempsapa.com?

Limit data collection for EU buyers is ActivatedUnder the European Union's General Data Protection Regulation (GDPR), customers must give permissions before their data can be tracked.

The internal computing system is now set up to delete all acquired data automatically each time after settlement of a commercial transaction but not later than 30 days after the date of the initial order.

This means that HempSapa® shall not store any personal data of its clients longer than is necessary to successfully deliver the goods ordered and/or no longer than 30 days from the date of the initial order.

The client is strongly advised to keep the receipts in case of any future claims. Without the receipt, it will not be possible to consider and settle the claim.

Consent to the processing of customer's personal data

For order processing and shipping to a customer's specified address, it is necessary to first receive and process customer’s data. This can be done most effectively by explicit customer’s consent.

Pursuant to Article 4 (11) GDPR, 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Consent to the processing of personal data should be granted specific, informed, unambiguous and freely given.

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

Declaration in accordance with GDPR

HempSapa® processes and temporarily stores personal information of its customers and business partners exclusively for the purpose of processing its commercial agenda. The data collected is subject to deletion after the processing of the order but not later than 30 days after their acquisition.

HempSapa® processes personal data exclusively for the purpose of carrying out a business-contract agenda with its customers and business partners. Personal data is subject to automatic deletion upon completion of contract, but no later than 30 days after the order is made.

Cookies and usage data

Usage Data: we may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data: we use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings
  • Security Cookies. We use Security Cookies for security purposes

Privacy Information:

1) The legal basis for the processing of personal data is in accordance with the provisions of General Regulation on the Protection of Personal Data (GDPR), Art. 6:

(a) the data subject (the natural person whose data is being processed) has granted consent to the processing of his/her/its personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for the compliance with a legal obligation to which the controller is subject;

(d) processing is necessary for the purposes of the legitimate interests of the relevant controller or a third party (the forwarder of the exchanged goods).

2) Personal data are not passed on to other persons except those necessary for the fulfilment of the contract, such as the forwarder of the exchanged goods.

3) Processing personal data with HempSapa® does not involve automated decision-making including profiling, which produces legal effects concerning him/her/it, or similarly significantly affects him/her/it.

4) Personal data are processed and stored only for a limited time needed for processing purposes. This time can be extended only if required by law. After this time all personal data are destroyed by electronic deletion, and in the case of their printed form, by shredding.

5) Customer has the right to: 

(a) access his/her/its personal data processed by HempSapa® during the period until their deletion or shredding;

(b) require the correction of inaccurate personal data (where personal data are concerned) processed by HempSapa® inaccurately;

(c) require the deletion of personal data, or demand their limitation;

(d) lodge a complaint with the supervisory authority;

6) The requirements of our customers will always be properly assessed and settled in accordance with the relevant provisions of GDPR;

7) Claims to HempSapa® within the scope of GDPR can be lodged via the Contact Person for the processing of personal data in writing by email: info@hempsapa.com with the "Personal Information" reference in the subject line.