PRIVACY POLICY

This Privacy Policy governs the storage of and access to data on Website Users’ Devices for the purposes of electronic service provision by the Controller, as well as the collection and processing of Users’ personal data provided by Users personally and voluntarily through the tools available on the Website.

§1 DEFINITIONS

• Website – the “Hemplab” website at the address https://hemplab.ltd

• Third-Party Website – websites of partners, service providers or service recipients cooperating with the Controller

• Website/Data Controller – Hemplab Sp. z o.o., whose business address is at Pana Balcera 6/124, 20-262 Lublin, Tax Identification Number (NIP) 7123350221, providing its services electronically via the Website, is the Website Controller and the Data Controller

• User – a natural person which uses the services provided by the Controller electronically via the Website

• Device – an electronic device with software employed by the User to access the Website

• Cookies – text data stored as files on the User Device

• GDPR – Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)

• Personal data – means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

• Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

• Restriction of processing – means the marking of stored personal data with the aim of limiting their processing in the future

• Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements

• Consent – consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

• Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

• Pseudonymisation – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

• Anonymisation – anonymisation of data is the irreversible process of data operations resulting in the destruction / overwriting of “personal data” to prevent identification or linking a record to a specific user or natural person.

§2 DATA INSPECTION OFFICER

In accordance with Article 37 of the GDPR, the Controller has not appointed a Data Inspection Officer.

The Controller should be contacted directly in all matters related to data processing, including personal data.

§3 COOKIE TYPES

• Internal cookies – files stored on and read from a User Device by the Website’s ICT system.

• External cookies – files stored on and read from a User Device by the ICT systems of External Websites. External Website scripts which can store Cookies on a User Devices have been intentionally put on the Website by scripts and services made available and installed on the Website.

• Session Cookies – files stored and read from a User Device by the Website during a single session of a Device. After the session, these files are removed from the User Device.

• Persistent Cookies – files stored and read from a User Device by the Website until they are removed manually. These files are not removed automatically after a Device session, unless the “Clear All Cookies” setting is enabled on the User Device to remove all cookies after a Device session.

§4 DATA STORAGE SAFETY

• Mechanisms of storing and reading Cookies – the mechanisms of storing, reading and exchanging data between Cookies stored on a User Device and the Website occur through in-built mechanisms of web browsers and prevent the downloading of other data from the User Device or data from other websites visited by the User, including personal data and confidential information. It is also virtually impossible to infect a User Device with viruses, trojans and other computer worms through such mechanisms.

• Internal cookies – the Cookies used by the Controller are safe for User Devices and do not contain any scripts, contents or information which could compromise the security of personal data or User Devices.

• External cookies – the Controller takes all measures possible to verify and pick the Website’s partners with due consideration for the Users’ safety. The Controller selects well-known major partners which enjoy global public trust to cooperate with. However, it does not have complete control over the contents of third-party Cookies. To the extent allowed by law, the Controller is not liable for the security and contents of third-party Cookies, as well as for the license-compliant use of Scripts installed on the website. The list of Hemplab’s partners further below in this Privacy Policy.

• Control over Cookies

  • The User may, at any time and at their sole discretion, change the settings related to the storage and removal of, and access to, Cookie data by any website.

  • In the most popular web browsers, information on how to disable Cookies are available on the “How to Disable Cookies” page or in one of the following providers:

    • Manage Cookies in Chrome
    • Manage Cookies in Opera
    • Manage Cookies in FireFox
    • Manage Cookies in Edge
    • Manage Cookies in Safari
    • Manage Cookies in Internet Explorer 11

  • The User can, at any time, remove all Cookies saved so far with the tools available on the User Device through which the User is accessing the Website.

• User risks – the Controller has all possible technical measures in place to ensure that Cookie data are secure. It should be noted, however, that both parties, including the User’s activities, play a part in ensuring data security. The Controller will not be liable for any interception of cookies, User session hijacking or cookie removal as a result of intentional or non-intentional activities of the Users, viruses, trojans and any other spyware with which the User Device may be, or was, infected. In order to protect themselves against such risks, Users should follow recommendations on internet use.

• Storage of personal data – the Controller will use its best efforts to make sure that the processing of personal data provided voluntarily by Users is secure, and that access to such data is restricted and in line with the intended purpose of processing. Furthermore, the Controller will use its best efforts to protect the data it holds against loss by applying suitable physical and organisational protections.

• Password storage – the Controller warrants and represents that User passwords are stored in encrypted form in compliance with the latest encryption standards and guidelines. It is virtually impossible to de-encrypt access passwords provided on the Website.

§5 PURPOSES OF COOKIES

• Improving website performance and access
• Website customisation for Users
• Allowing Users to log on to the Website
• Marketing, Remarketing on third-party websites
• Ad serving
• Affiliate services
• Website traffic statistics (users, visits, device type, connection, etc.)
• Multimedia serving
• Providing social media services

§6 PURPOSES OF PERSONAL DATA PROCESSING

All personal data provided by Users are processed for one of the following purposes:

• Providing the following electronic services:
  
  • User account registration and maintenance on the Website and associated features
  • Newsletter (including advertising content subject to User consent)
  • Like / comment option for Website entries for non-registered Users
  • Sharing Website content on social media or other websites.
• Controller’s communication with Users in matters related to the Website and data protection
• Ensuring the legitimate interest of the Controller

User data are collected anonymously and processed automatically for one of the following purposes:

• Keeping statistics
• Remarketing
• Ad serving based on User preferences
• Supporting affiliate schemes
• Ensuring the legitimate interest of the Controller

§7 THIRD-PARTY COOKIES

The Controller uses javascripts and web components from partners, which may place their own cookies on the User Device with which the Website is accessed. Please keep in mind that browser settings allow you to decide which cookies to enable for individual websites. Below is a list of partners, or their services implemented on our Website, which may place cookies on User Devices:

• Multimedia services:
  
  • YouTube
• Social media / bundled services:
  (Registration, Logging content sharing, communication, etc.)
  
  • Twitter
  • Microsoft
  • Facebook
  • Google+
  • LinkedIn
• Content sharing:
  
  • Pinterest
  • Reddit
  • WhatsApp
  • Instagram
• Newsletter services:
  
  • MailChimp
• Ad serving and affiliate networks:
  
  • MyLead
• Statistics:
  
  • Google Analytics
• Other services:
  
  • Google Maps

The Controller has no control over third-party services. Third parties may revise their terms of service, privacy policies, purposes of processing data and cookie use policies at any time.

§8 TYPES OF COLLECTED DATA

The Website collects User data. Some of the data are collected in an automated and anonymous manner, and some are provided voluntarily by Users when subscribing for the individual services offered by the Website.

Anonymous data collected in an automated manner:

• IP Address
• Browser type
• Screen resolution
• Approximate location
• Website pages opened by the User
• Time spent on individual pages of the Website
• Type of operating system
• Last page address
• Referrer address
• Browser language
• Internet connection speed
• Internet service provider
• Demographics (age, gender)

Data collected during registration:

• First name / last name / pseudonym
• Login
• Email address
• Residence address
• Telephone number
• IP Address (collected automatically)
• Tax Id. Number
• Other ordinary data

Data collected when subscribing for the Newsletter

• First name / last name / pseudonym
• Email address
• Residence address
• IP Address (collected automatically)

Data collected when adding a comment

• First name / last name / pseudonym
• Email address
• Website address
• IP Address (collected automatically)

Some data (excluding identification data) may be stored in cookies. Some data (excluding identification data) may be shared with providers of statistical services.

§9 THIRD-PARTY ACCESS TO PERSONAL DATA

As rule, the Controller is the only recipient of personal data provided by Users. The data we collect to provide you with our services are not shared with, nor resold to, any third parties.

Access to data (usually under a data processing agreement) may be provided to third parties responsible for the maintenance of the Website’s critical infrastructure and services:

• Web hosting services, providers of web hosting services or related services for the Controller
• Providers through which the Newletter service is provided
• Payment service providers handling payments for goods and services offered on the Website (when the purchase is made on the Website)
• Companies responsible for the physical delivery of products to the User (postal / courier services if the purchase)

Data processing agreement – Newsletter

In order to provide the Newsletter service, the Controller uses the services of a third party – MailChimp,. The data entered in the newsletter subscription form are provided to and stored and processed on the third-party website of that provider.

Please keep in mind that the provider may modify its privacy policy without the Controller’s consent.

Third-party processing of personal data – Hosting Service, VPS or Dedicated Server

For the purposes of running the website, the Controller uses a third-party provider of a hosting service, VPS or Dedicated Servers – Hostinger. All data collected and processed on the website are stored and processed within the service provider’s infrastructure located in the European Union. Personal data may be accessed in connection with maintenance work performed by the service provider’s staff. Access to such data is governed by the agreement between the Controller and Service Provider.

Data processing for online payments

In the case of an online payment, all payment-related data are provided by the User directly to the payment service provider – <arel=”nofollow external”=”” href=”https://poland.payu.com/prywatnosc/” style=”box-sizing: inherit;”>PayU. Some of the data required to complete the transaction are then sent by that provider to the Controller. The provision of such data is governed by the agreement between the Controller and Service Provider.</arel=”nofollow>

Personal data provision – Courier Services

In the case of transactions requiring the delivery of an ordered item by post or courier, some of the personal data of natural persons or data of natural persons who conduct economic activity will be provided to the post / courier service provider chosen by the User from among of the Controller’s providers. The provision of such data is governed by the agreement between the Controller and Service Provider.

§10 MANNER OF PERSONAL DATA PROCESSING

Personal data provided by Users voluntarily:

• Personal data will not be sent outside the European Union, unless they have been published through the User’s personal actions (e.g. adding a comment or entry) and consequently made available for all visitors to the website.
• Personal data are used for automated decision-making (profiling).
  Personal data profiling does not produce any legal effects concerning the data subject nor similarly significantly affects him or her.
• Personal data will not be re-sold to third parties.

The following anonymous data (excluding personal data) will be collected automatically:

• Anonymous data (excluding personal data) will be sent outside the European Union.
• Anonymous data (excluding personal data) will not be used for automated decision making (profiling)
• Anonymous data (excluding personal data) will not be re-sold to third parties.

§11 LEGAL BASIS OF PERSONAL DATA PROCESSING

The Website collects and processes User data based on:

• Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)
  
  • Article 6 (1) (a)
    the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Article 6 (1) (b)
    processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Article 6 (1) (f)
    processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
• Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000)
• Telecommunications Act of 16 July 2004 (Journal of Laws of 2004, No. 171, item 1800)
• Copyrights and Related Rights Act of 4 July 1994 (Journal of Laws of 1993, No. 24, item 83)

§12 DURATION OF PERSONAL DATA PROCESSING

Personal data provided by Users voluntarily:

As a rule, the personal data provided are stored on the Website by the Controller only for the duration of the Service provision. The data will be erased or anonymised within 30 days from the conclusion of service provision (e.g. removal of user’s registered account, unsubscribing from the Newsletter, etc.).

The exception to this is when the situation requires that the legitimate purposes of the further processing of data by the Controller be secured. In such a case, if the User breaches or is suspected of breaching the rules of the website, the Controller will store that User’s data for no longer than three years from being requested by the User to erase the data.

The following anonymous data (excluding personal data) will be collected automatically:

Anonymous statistics that are not personal data will be stored by the Controller for the purposes of keeping website statistics indefinitely.

§13 USER RIGHTS IN RESPECT OF PERSONAL DATA PROCESSING

The Website collects and processes User data based on:

• The right to access personal data
  The Users have the right to access their personal data on request to the Controller.

• The User’s right to have their personal data rectified
  Users have the right to request the Controller to immediately rectify their personal data if they are inaccurate and/or to complete incomplete personal data

• The User’s right to have their personal data erased
  Users have the right to request the Controller to immediately erase their personal data. As regards user accounts, data are erased by the anonymisation of any data allowing User identification. The Controller reserves the right to discontinue the fulfilment of the User’s request for data erasure to protect its legitimate interests (e.g. when the User has breached the Rules or when the data have been collected as a result of correspondence).
  As regards the Newsletter service, Users have the option of erasing their personal data themselves by using the link provided in each Newsletter email.

• The User’s right to have the processing of their personal data restricted
  Users have the right to request the Controller to restrict the processing of their personal data in cases described in Article 18 of the GDPR, including to contest the accuracy of their personal data.

• The right to data portability
  Users have the right to request the Controller to provide them with personal data concerning them – which they have provided to the Controller – in a structured, commonly used and machine-readable format.

• The User’s right object to the processing of their personal data
  Users have the right to object to the Controller’s processing of their personal data in cases described in Article 21 of the GDPR.

• The right to lodge a complaint
  Users have the right to lodge a complaint to a supervisory body in charge of personal data protection.

§14 CONTACT WITH THE CONTROLLER

You can contact the Controller in any of the following ways:

• Postal address – Hemplab Sp. z o.o., Pana Balcera 6/124, 20-262 Lublin

• Email address – info@hemplab.pl

• Telephone – +48 534 700 646

• Contact form – available at: http://pure-plant.pl/index.php/kontakt/

§15 WEBSITE REQUIREMENTS

• Restricting Cookie storage and access on the User Device may cause some features of the Website to work improperly.

• The Controller waives any liability for any improperly working Website features if the User has in any way restricted the storage and reading of Cookies.

§16 EXTERNAL LINKS

The Website, including articles, posts, entries and User comments published on it, may feature links to third-party websites with which the Owner of the Website does not cooperate. Such links, as well as any websites or files thereunder, may put the User Device or User data at risk. The Controller waives any liability for any content published outside the Website.

§17 AMENDMENTS TO PRIVACY POLICY

• The Controller reserves the right to amend this Privacy Policy with regard to the use of anonymous data or Cookies in any way it sees fit without having to notify Users about this.

• The Controller reserves the right to amend this Privacy Policy with regard to the processing of Personal Data in any way it sees fit, notifying any such amendment to Users having user accounts or subscribing for the Newsletter service by email within seven days from such amendment. By choosing to continue using our services, the User is deemed to have read and accepted the amendments to the Privacy Policy. If the User disagrees with the amendments, the User must remove his or her account from the Website or unsubscribe from the Newsletter.

• Any amendments to the Privacy Policy will be published on this page of the Website.

• Any amendment to the Privacy Policy will become effective once it is published.