Personal data protection policy: rules on personal data protection and the use of cookies

The purpose of this Data Protection Policy (hereinafter the “Policy”) is to reiterate the privacy standards we observe, namely in relation to the new legislation, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, generally known as the GDPR, and related legal documents.

Reading this Policy will help you to understand, for example, what data we, Cannastra s.r.o., whose registered office is at Žižkova 708, Příbram II, 261 01, identification No. 108 34 311 and which is registered under file No. C 349215 in the Commercial Register maintained by the Municipal Court in Prague (hereinafter the  “Controller” or “we” ), collect about you, how we use it, who we may share it with and how you can exercise your data protection rights against us, the personal data Controller.

We want you to be confident that your data is secure with us and to understand how we use it to provide you with a better user and shopping experience.

 

1. User registration

If you register with us, your personal data shared with us as the Controller will be your e-mail address and we will also store the username and password you have chosen. Your e-mail address, which is your personal information, will be processed only in our internal database, namely for the purpose of your user account administration. As the administration is performed by an external entity – our webmaster, your data has to be passed on to the external entity. However, you do not have to worry about the security of your data as we have ensured that the external entity will maintain all legal standards in relation to your personal data and will effectively protect it from misuse.

If you register in our system only for the purpose of using our services, we will not need your explicit consent to the processing of your personal data. The processing of your email address is an essential part of administering your profile. Should you decide in the future not to use our services any longer and should you delete your profile on our website, we will be obliged to delete your data from all our databases.

 

2. Newsletter

If you subscribe to our newsletter, your personal data stored with us will be your e-mail address. Your e-mail address will be processed as personal data also for the purpose of us sending you our commercial messages. The commercial messages will always be related to the content of our website www.cannastra.com. They may be promotional offers from seedbanks we work with and cannabis fairs or commercial communications from the Cannapedia portal (www.cannapedia.cz) operated by us, or other related commercial communications. We may use your e-mail address to send you an offer to participate in our marketing contests or in surveys conducted by us. However, we will never send you messages that do not relate to the content of our website.

We would like to inform you that the newsletter management is performed by an external marketing application, which means that your e-mail address will be passed to an external entity. However, you do not need to worry about your personal data. As noted above, we have ensured that our contractor will abide by all statutory requirements and standards when handling your e-mail address so that it cannot be misused.

We process your e-mail address based on your express consent to receive such messages. If sometime in the future you decide to withdraw your consent, you can do so using the reference to the withdrawal of consent shown in the header of each such message e-mailed to you by us. You can also revoke your consent at any time by sending us an e-mail to office@cannastra.com. If you revoke your consent, we will delete your data from all our databases, and we will stop sending you any commercial messages. If you change your mind in the future, you can simply subscribe to the newsletter on our website again.

 

3. Marketing contests

From time to time, we run marketing contests for interesting prizes. If you decide to participate in our contest, we will need to know your name, surname (you can also give any fictional nickname) and your age, so that we can verify that you meet the conditions for participation in such contest, and your e-mail address so that we can contact you about a winning in the contest.

If you win in a contest, we will contact you with a request to provide your contact details so that we can send you the prize. When sending the prize, we of course will have to provide the carrier with your personal identification data. Even in this case, we have ensured that the legal standards for the protection of your personal data will be observed and your data will not be misused.

When filling out the contest form, you will always have the possibility to give us permission to send you commercial messages, which are described in greater detail in article “2. Newsletter” hereof, where you can also learn more about how your personal data will be handled.

 

4. Cookies and similar technologies

When you visit our website, we use certain technologies to make your browsing as easy as possible. These are especially cookies - small text files that are generated by the website´s server and placed on your computer when you access the website. Technically, they are a series of codes according to which the browser collects and then sends information about your browsing behaviour back to our server. Cookies are not directly linked to your name or email address, but they often include your system login information. A detailed description of all cookies collected can be found here.

We use cookies on our website primarily for the purpose of transferring messages or, where necessary, to provide services that you, as a user of our website or a customer of our e-shop, expressly request. In this case, the relevant legislation does not require your consent to the use of cookies. We call these cookies “Necessary”.

For all other types of cookies, we are required to obtain your consent. You may withdraw your consent to the use of different types of cookies at any time by changing the settings of your browser. The website can, of course, be also used in a mode that does not allow the gathering of data about your browsing on our website.

The first and foremost type of such cookies are the cookies allowing our website to remember information that changes how the website behaves or looks. This is for example your preferred language or the region you are in. We call these cookies “Preferences” cookies.

We also collect cookies that are used for the purpose of measuring site statistics and for the purpose of identification within the advertising network and for the re-targeting of ads. We call them “Statistics” cookies.

We also collect cookies for the purpose of targeted advertising. The intention is to preferentially display ads that are relevant and interesting to the particular user and thus more valuable to publishers and third-party advertisers. We call these cookies “Marketing” cookies.

The last category is Unclassified cookies. These are cookies that we are in the process of classifying, together with the providers of individual cookies. Once classified according to their type or purpose, they will be placed in one of the above groups.

When processing cookies, we adhere to the general principles arising from the general data protection regulation (Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)). These are primarily the principles contained in Article 25 and Article 5 (right to withdraw consent).

Information about how you use our website may be shared by us with our advertising and analytics partners. The partners may combine this information with other information that you have provided to them or that they have obtained as a result of your use of their services (on condition that we have your consent to this through the cookie settings).

 

5. Orders in e-shop

If you make an online order in our e-shop Cannastra, we will process the following data that you provided: your name, surname, e-mail address, telephone number, billing details (including your identification number and VAT number, if applicable) and your mailing details, unless they are the same as the billing ones. We further process your personal data in our internal database in order to fulfil our contractual obligations, in particular, sending you the goods that you have ordered.

In connection with your order in our e-shop, your personal data will be passed on to several other entities:

  1. Our website is administered by an external company and, therefore, the external company has access to its content as part of the administration and maintenance services.
  2. In order to fulfil our legal obligations, we will pass your personal data to an external accounting firm.
  3. Your personal data will be provided to the carrier (or alternatively, you can collect the order directly at our registered office).
  4. Your personal data will be provided to the payment service operator that you have chosen (an alternative is a cash payment on collecting your order directly at our registered office or a cash payment on delivery to another specified place).
  5. We ascertain your satisfaction with the purchase by means of e-mail questionnaires within the Verified by Customers Program, in which our e-shop takes part. These are sent to you every time you buy from us, unless pursuant to Section 7 (3) of Act No. 480/2004 Sb.,  on Certain Information Society Services you have refused the option of receiving our commercial communications or you have cancelled your previously granted consent  (for more details see article 2.  Newsletter herein). The services of sending questionnaires, evaluating your feedback and analysing our market position are provided to us by an external processor, the operator of the Heureka.cz portal; for this purpose, we may pass on information about the purchased goods and your e-mail address.

We want to assure you that you don't have to worry about anything. We have ensured that all these external entities will comply with all legal standards with respect to your personal data so that your personal data cannot be misused.

If you have placed an order in our e-shop, we may send you further offers of our goods or services without your explicit consent. If you are not interested in the offers, you can cancel receiving them by using the 'unsubscribe' link in the header of each such e-mail.

 

6. How do we protect personal data?

When collecting and storing your personal information, we use physical, electronic and process security. We have the following procedures in place to keep your personal data secure:

  1. We use computer security measures, such as password protection of files and the firewall.
  2. We control physical access to our premises and files.
  3. Access to your personal data is granted only to the employees who need it in order to perform their work duties.
  4. During the transmission of your data when you are placing an order in our Cannastra e-shop, we protect the security of your information by encrypting in with a Secure Sockets Layer (SSL).
  5. For situations when your personal data is passed on to another processor (e.g. our webmaster), we have ensured that each other processor will observe all legal standards in relation to personal data so that your personal data cannot be misused.

 

7. How long do we use your personal data?

We retain your personal data for no longer than is necessary. The purpose for which the data has been collected must always be considered. If the legal reason for retaining your personal data has already passed, we will be obliged to delete the data from all our databases. This will be the withdrawal of your consent to the processing of your personal data. 

Please note that in some cases the deletion of your personal data from any of our databases will be impossible for statutory reasons; for example, we must comply with the statutory obligation to record billing information regarding e-shop customers.

 

8. Other personal data protection rights

If you would like to learn more about your personal data protection rights, we recommend that you visit the https://www.gdpr.cz website set up for this purpose or approach directly the Office for Personal Data Protection.

 

9. How to contact us

In accordance with applicable law, you have the right to view your personal data. If you are interested in accessing your personal data, or if you have any further questions or comments regarding how we collect, store and use your personal information, please contact us by e-mail at: office@cannastra.com or write to us to our registered office address stated above.

 

1.12. 2022

Cannastra s.r.o

No item