CONCERNING THE PROCESSING OF PERSONAL DATA BY KANABIOTECH SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ IN CONNECTION WITH THE USE OF THE ONLINE SHOP AT biomedicanna.com
This document sets out the rules for the processing of your personal data in the online shop biomedicanna.com (hereinafter referred to as the “Online Shop“), in connection with your use of the Online Shop and placing and executing orders for our products.
Your personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Journal of Laws EU L 119, p. 1), hereinafter referred to as “GDPR” and the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2018 item 1000), hereinafter referred to as the “Act“.
Please be advised that we make every effort to protect the privacy and data provided to us by customers of the Online Shop, using appropriate technical measures, including of a programming and organizational nature, ensuring protection of processed data, in particular protecting data against unauthorized sharing, disclosure, loss and destruction, unauthorized modification, as well their processing in violation of applicable law.
Personal Data Controller
The Personal Data Controller of the Online Shop is Kanabiotech Spółka z ograniczoną odpowiedzialnością with its seat in Warsaw, address: Al. Jana Pawła II 61 C lok. 304, 01-031 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under the number KRS 0000439493, REGON: 146391013, NIP: 5272686474, share capital: PLN 30,000.00, hereinafter referred to as the “Controller” or “Kanabiotech“.
- Regarding your personal data, you can contact the Controller using:
- e-mail: [email protected]
- by post: Kanabiotech Sp. z o.o., Al. Jana Pawła II 61 C lok. 304, 01-031 Warsaw
- contact form, which you can find in the tab at: biomedicanna.com
Purposes and legal basis for processing of personal data
The Controller processes Customers’ personal data in order to ensure the functionality of the Online Shop, in accordance with its Terms and conditions. The purposes of processing include in particular:
- taking actions by the Customer before concluding the agreement, e.g. creating the Customer account,
- providing services that do not require the creation of an account and purchase of goods, such as browsing the Online Shop website, using the goods search engine,
- ensuring order placement and performance of the agreement for the sale of goods, including in particular receiving payments from the customer, delivery of goods, issuing a sales document, enabling the customer to exercise his warranty rights,
- consideration of customers’ complaints, actions and requests, as well as contact for the purpose of conducting correspondence with customers in order to answer questions related to goods and the Online Shop,
- securing the Controller’s legitimate interests related to the operation of the Online Shop, such as determination, investigation and enforcement of claims, as well as defense against claims in court or in enforcement proceedings.
- marketing goals – informing about products, promotions, new offer and business partners.
Providing personal data by the Customer is voluntary and is a condition for the provision of services by the Controller via the Online Shop.
Depending on the purpose for which Customers’ personal data are processed, the legal basis is the fact that it is necessary to perform agreements for the sale of Kanabiotech products (Article 6 (1) (b) of GDPR) or is the consent given by the Customer when making purchases or registering on the Website biomedicanna.com (art.6 par.1 lit.a) of GDPR). The basis for the processing of Customers’ personal data may also be the fact that the processing is necessary for purposes arising from legitimate interests pursued by Kanabiotech (Article 6 paragraph 1 point f) of the GDPR). The legitimate interest includes direct marketing of own products, proper presentation of our offer, security and redress, as well as security and protection against the claims of the Customer or third parties.
Categories of personal data processed
The Controller processes the following personal data of Customers provided by Customers in the process of creating a Customer account in the Online Shop or placing an order:
1) name and surname;
2) email address;
3) phone number;
6) postal code;
8) cookies related to order processing;
and in the case of business activity also:
9) the company;
10) NIP (Tax Identity Number).
Period for data processing
The period of personal data processing depends on the purpose of the processing. The data processing period in the Online Shop is as follows:
a) in the case of data provided for registration purposes – for the period of remaining a registered Customer, until the time of signing out of the Online Shop (cancellation of the Customer account); however, after this period, the Controller is legally obliged to process the Customer’s data for the purposes resulting from the provisions of the GDPR and the Act, tax and accounting regulations, to examine complaints, actions and applications, as well as for the period of limitation of claims, but not longer than 10 years,
b) in the case of data provided for the purpose of sales – for the duration of the agreement; however, after this period, the Controller is required by law to process the Customer’s data for the purposes of the provisions of the GDPR and the Act, tax and accounting regulations, to examine complaints, actions and applications, as well as for the period of limitation of claims, but not longer than 10 years,
c) in the case of personal data processed for purposes resulting from Kanabiotech’s legitimate interests – for a period no longer than 10 years.
Recipients of personal data
Customer’s personal data is provided only to persons and entities operating the Online Shop and order fulfillment as well as contact with customers. Your data will be transferred to:
a) Website hosting service;
b) a courier company that delivers orders;
c) the online payment processor;
d) the bank keeping the Kanabiotech’s bank account.
In the above cases, the transfer of data takes place only on the basis of relevant agreements, on the basis of which protection of such data in accordance with the GDPR and the Act will be ensured, as well as the fact that personal data will be processed for the above-mentioned purposes.
In addition, we may transfer customers’ personal data to state authorities for their request.
Transfer of data to a third country or international organization
Customer’s personal data is not transferred to a third country or international organization.
The rights of the data subject
Under the GDPR, you have the right to:
- request access to your personal data;
- request rectification of your personal data;
- request to delete your personal data, so-called “the right to be forgotten”;
- requests to limit the processing of personal data;
- object to the processing of personal data;
- requests to transfer personal data,
- withdrawal of consent to the processing of personal data.
The Controller without undue delay – and in any case within a month of receiving the request – provides you with information about the actions taken in relation to your request. If necessary, the monthly period may be extended by another two months due to the complex nature of the request or the number of requests.
In any case, the Controller will inform you about such an extension within one month of receiving the request, stating the reasons for the delay.
The right to lodge a complaint with a supervisory authority
If you think that the processing of your personal data violates applicable law on the protection of personal data, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, your workplace or place of alleged violation.
In Poland, the supervisory authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.