PERSONAL DATA PROCESSING POLICY
(General Data Protection Regulation)
The controller of the personal data in the online shop www.cannatus.com is:
Cannatus Sp. z o.o.
Registry code: 0000813521
Address: Aleja Solidarnosci 68/121, Warsaw 00-240 Republic of Poland
THE PERSONAL DATA WE PROCESS
Personal data are any data collected by a company for identifying an individual or contacting him/her.
Personal data can be collected with the client’s consent in the following ways:
- Through the submission of contact information (including your name, postal address, phone number, e-mail address) on our website or in any other manner
- Through the use of the website, from the client’s account information or through cookies
- If you make a purchase or order in our online shop (in certain sections of the website, the shop may ask you to provide your personal data and information on a voluntary basis).
The purpose of processing
The personal data are processed for processing the client’s orders and delivering the goods.
Purchase history (date of purchase, amount, client’s information) is used to prepare an overview of the goods and services purchased and for analyzing the client’s preferences.
The bank account number is used to refund payments to the client.
Personal data such as e-mail, phone number and client name are processed in order to resolve any issues concerning the provision of goods and services.
The IP address or other network identifiers of the user of the online shop are processed for the provision of the service of the online shop as an information society service and for web use statistics.
Personal data are processed for the purpose of performing the contract signed with the client.
Personal data are processed to perform a legal obligation (e.g. accounting and resolving consumer disputes).
The recipients of personal data
Personal data are sent to the customer service of the online shop to manage the purchases and purchase history and resolve any issues the clients may have.
Name, phone number and e-mail address are sent to the transportation service provider selected by the client. If the goods are delivered with a courier, the client’s address is also sent in addition to the contact details.
Personal data may be sent to information technology service providers if necessary to ensure the functioning of the online shop or data hosting.
Security and data access
The personal data are stored in servers located on the territory of European Union Member States or states that are parties to the European Economic Area.
Access to the personal data is granted to the online shop employees who need to access the personal data in order to resolve any technical issues in the use of the online shop and provide customer support.
The online shop applies appropriate physical, organizational and information technology security measures to protect the personal data against accidental or illegal destruction, loss, rectification or unauthorized access and disclosure.
The personal data are transmitted to the processors authorized by the online shop (e.g. transportation service provider and data hosting) according to the contracts signed between the online shop and the processors. The processors are required to apply relevant security measures in processing the personal data.
Access to and rectification of personal data
The personal data can be accessed and rectified in the user profile of the online shop. If a purchase has been made without a user account, the personal data can be accessed through customer service. The personal data collected can be accessed, rectified and supplemented on our website in the “My account” section.
Withdrawal of consent
If the personal data are processed based on the client’s consent, the client will have the right to withdraw the consent at any time by notifying the customer service by e-mail.
If the user account in the online shop is closed, the personal data are deleted, except when such data need to be retained for accounting purposes or for resolving any consumer disputes.
If a purchase has been made in the online shop without a client account, the purchase history will be retained for three years.
In case of disputes concerning payments, and consumer disputes, the personal data will be retained until the claim has been complied with or until the expiry of the limitation period.
The personal data needed for accounting purposes will be retained for seven years.
To have your personal data deleted, kindly contact the customer service by e-mail. The request for deletion will be responded to within one month at the latest and the period for which the deletion is requested will be specified.
A request for the transfer of personal data, sent by e-mail, will be responded to within one month at the latest. The customer service will identify the person requesting and will notify of the personal data to be transferred.
With the client’s consent, direct marketing messages will be sent to his/her e-mail address and phone number. If the client does not wish to receive any direct marketing messages, the respective link in the footer of the e-mail should be clicked, or the customer service contacted.
Any disputes arising in personal data processing are resolved through the customer service (firstname.lastname@example.org).