DATA PROTECTION STATEMENT.

With this data protection declaration, we would like to inform all visitors to our website in a transparent manner about the type, scope and purpose of the personal data collected, used and processed by us and to inform you about your rights. The use of Our website is generally possible without providing personal data. However, if You wish to make use of Our internet store’s offer, providing personal data is necessary to carry out Your order. Insofar as data is collected automatically when visiting our web pages, it is processed in accordance with the current legal regulations on data protection. If the processing of your personal data is necessary and there is no statutory basis for such processing, we will, as a rule, obtain the necessary consent to process the data, e.g. to send commercial information and information such as the Newsletter. As the company responsible for the processing of personal data, we have established technical and organizational measures to guarantee the highest possible level of protection for your personal data.

Contact.

The Administrator of Personal Information is:
HEALTHCANN SP. Z O.O
ul. Klecińska 123 , 54-413 Wrocław
NIP 8943154198
REGON 386107598

tel.: +48 883 909 100
email: contact@healthcann.eu

General information.

  1. Personal data are processed by the Data Controller in accordance with
    with the applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “RODO”
  2. Having regard to the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Controller has implemented appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to be able to demonstrate it. These measures shall be reviewed and updated as necessary.
  3. The Administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
  4. The Administrator shall apply measures to maintain the confidentiality, integrity and availability of personal data processed by it.
  5. Rights regarding personal information of data subjects.


If you have questions about your personal information, you can contact us at any time in writing, email, phone, we will answer your questions.


Under the RODO, you have the following rights:

  1. Right to information (Article 15 RODO).

At any time, you have the right to obtain information about which categories of personal data and which information regarding you we process and for what purpose, as well as how long and according to which criteria the data are stored and whether profiling is used in this connection. Furthermore, you have the right to know to which recipients or categories of recipients the data have been disclosed or are still being disclosed, in particular to recipients in third countries or international organizations. You also have the right to be advised of the applicable safeguards in connection with the transfer of your personal data. In addition to the right to lodge a complaint with a supervisory authority and the right to obtain information as to the origin of your data, you have the right to erasure, correction, as well as the right to restrict processing or object to the processing of your personal data. In all the cases mentioned above, you have the right to request from the Data Controller a free copy of your personal data that we process. For all other copies that you request or that exceed an individual’s right to information, we are entitled to charge an applicable administrative fee.

  1. Right of rectification (Article 16 RODO).

You have the right to request immediate rectification of the personal data processed and, taking into account the purposes of the processing, the right to request that incomplete personal data be completed. If you would like to exercise your right of rectification, you can contact the Data Controller at any time to make the necessary corrections.

  1. Right to erasure (Article 17 RODO).

You have the right to demand immediate deletion of your data (“right to be forgotten”) in particular when data collection is no longer necessary, when you have revoked your consent to data processing, when your data are unlawfully processed or have been unlawfully collected and when there is a legal obligation to delete the data under European Union or national law. However, the right to be forgotten does not apply when there is a prevailing right to freedom of expression or freedom of information, the data collection is necessary to comply with a legalobligation (e.g. FV retention obligations), erasure is not possible due to archiving obligations of AD, or the data collection serves the assertion, exercise or defence of legal claims.

  1. Right to Restriction (Article 18 RODO).

You have the right to request the restriction of the processing of your data when you contest the accuracy of the data, the processing is unlawful, you refuse to erase your personal data and request the restriction of the processing instead, when the necessary purpose of the processing ceases to exist or you have objected to the processing in accordance with Article 21(1) as long as it has not yet been established whether the legitimate interests on our part outweigh your interests.

  1. Right to data portability (Article 20 RODO).

You have the right to transfer your personal data, in a commonly used form, in order to transmit it without prejudice to another responsible entity, if, for example, there is consent on your part and the processing is carried out by automated procedure.

  1. Right to object (Article 21 RODO).

You have the right to object at any time to the collection, processing or use of your personal data for the purpose of direct solicitation or market and opinion research and marketing (promotional) processing, unless we can provide convincing and compelling evidence of the processing that outweighs your interests, rights and freedoms. Furthermore, you cannot exercise your right to object when a legal provision stipulates the collection, processing and use of data or obliges you to collect, process or use such data.

  1. The right to lodge a complaint with a supervisory authority (Article 77 RODO).

You have the right to lodge a complaint with the competent supervisory authority if you believe that a breach has occurred in the processing of your personal data.

  1. The right to withdraw consent in relation to data protection rights (Article 7. 3 RODO).

You can revoke your consent to the processing of your personal data at any time without giving reasons. This also applies to the revocation of consent statements granted to us prior to the entry into force of the European Union Data Protection Regulation (RODO).

Purpose, legal basis, scope and retention period of the personal data processed.

Purpose of processing Basis of processing Stopę of data processing Storage period
Performing a contract or taking action at the request of the data subject before entering into a contract.This regulation also covers events relating to the processing of data that are necessary for the performance of activities prior to the conclusion of the contract, in particular, in order to create and manage an Account; handle and implement the Order; carry out the payment process; ensure the proper functioning and use of the service and the quality of service; settle contracts performed and services provided by the store within the service and the Seller; handle claims and requests made using the contact form; establish contact
in connection with the performance of the contract (provision of the service).
Article 6(1)(b) RODO First and last name, e-mail address, contact telephone number, street, house/flat number, postal code, city, delivery address of the order.For Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name, business/site address and tax identification number (NIP) of the Service Recipient or Customer. Data is retained for the period necessary to perform, terminate or expire
otherwise concluded agreement.
Direct marketing / sending commercial information. Article 6(1)(f) of the RODO in conjunction with Article 10(1) of the Act on Provision of Electronic Services and Article 172(1) of the Telecommunications Act.If the processing of your personal data is necessary for the purposes arising
of Our legitimate interests, the basis for processing of which is Article 6(1)(f) of the RODO we ensure that your fundamental rights and freedoms are overridden.
Name, address, email address, contact phone number. The data are processed until the data subject withdraws consent. The controller may not process the data for the indicated purpose after the withdrawal of consent.The controller may not process the data for direct marketing purposes if the recipient has not consented to receive commercial information and has not provided an electronic address (e.g. email) which identifies the data subject for this purpose in the event of an objection in this regard by the data subject.
Duty to keep books of account. Article 6(1)(c) of the RODO Regulation in connection with Article 74(2) of the Accounting Act, i.e. of 29 September 1994 (Journal of Laws 2021.217 t.j. of 2021.02.01) First and last name; residential or business address, company name and tax identification number (NIP), bank account number. Data are kept for the period required by law
Determination, investigation and defense of claims by AD. Article 6(1)(f) RODO The data shall be stored for the period of time during which there is a legitimate interest pursued by the Administrator, however, not longer than the period of limitation of claims against the data subject resulting from the Administrator’s business activities. The period of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic limitation period for claims related to business activities is three years, while for claims under a sales contract made by an entrepreneur – two years).
Use of COOKIES files Article 6(1)(a) RODO We process textual information on the website. We process personal data on the basis of your freely given consent (when you first access the website, you are asked whether you agree to the use of cookies). The data shall be processed until the data subject withdraws consent. The controller may not process the data for the indicated purpose after the withdrawal of consent.


Data recipients.

  1. Transfers to third parties outside the scope of this data protection declaration shall only be made if necessary for the purpose of providing the requested service.
  2. We only transmit data if there is a corresponding legal obligation. This occurs when state entities (e.g. criminal prosecution authorities) request information in writing.
  3. Your personal data is not transferred to so-called third countries outside the European Union/European Economic Area.
  4. Your personal data will not be sold to third parties. Data collected during registration will be processed only to enable the use of the service, make a possible purchase and for the purpose of the contract.
  5. In order to ensure proper functioning of the AD Store, including execution of concluded agreements on the provision of Services, it is necessary for Us to use services of external entities, such as:

  • IT companies, suppliers of software supporting the conduct of business by AD e.g. in the scope of sending Newsletter, commercial information, marketing activities,
  • entities providing accounting, legal and advisory services,
  • courier services
  • entities that process electronic and credit card payments.

  1. The controller shall only use such processors that provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the RODO Regulation and protects the rights of the data subjects.

The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy.

The Controller shall only transfer data where it is necessary for the specific purpose of the processing and only to the extent necessary for that purpose.

Automated Decision Making – Profiling.

  1. The RODO Regulation imposes an obligation on the Controller to provide information on automated decision-making, including profiling as referred to in Article 22(1) and (4) of the RODO Regulation, and – at least in those cases – relevant information on the modalities of such decision-making, as well as on the significance and the envisaged consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling in this section of the privacy policy.
  2. We kindly inform you that on the basis of your personal data we may make decisions in an automated manner, including on the basis of profiling, which means any form of automated processing of personal data, involving the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or forecast personal preferences and interests related to the offer of Our store and the location from which you use Our store.
  3. The profiling we conduct involves us monitoring the activity of users of Our store, including the number and frequency of visits to the site. We use profiling to help us provide advertising content as part of our promotional and marketing efforts.
  4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning the data subject or significantly affects the data subject in a similar manner.

Analytics, cookies and usage data.

  1. As a company that is aware of its responsibilities and the services we offer on our website, we would like to inform you that in order to increase the efficiency and quality of our services, we use profiling of visitors to our website only with your consent using tools such as:
  2. Google Analytics, Universal Analytics – provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator to analyse traffic on the Website. The data collected is processed within the framework of the above services in an anonymised manner (this is the so-called exploitation data, which prevent identification of the person) to generate statistics which are helpful in administration of the Website. The data are collective and anonymous, i.e. they do not contain identifying characteristics (personal data) of persons visiting the Website. The Administrator, while using the above services in the Website, collects such data as the sources and medium of obtaining the visitors to the Website and their behaviour in the Website, information on the devices and browsers from which they visit the Website, IP and domain, geographical data and demographic data (age, gender) and interests.
  3. It is possible for a person to easily block Google Analytics from providing information about his/her activity on the Website – for this purpose, you can install a browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
  4. Remarketing tags – used in Google Ads campaigns. They allow tracking user’s movements in the network and adjusting ads that appear. As far as the functioning of the Store is concerned, these will be mainly tags which will allow the advertisement (in text or graphic form) to follow the user.
  5. Google Ads tags – allow you to link ads to your website and collect similar data as Google Analytics. This data is visible in Google Analytics.
  6. Cookies are small information in the form of text files sent by a server and stored on the website visitor’s side (e.g. on the hard drive of a computer, laptop or smartphone memory card – depending on the device used by the visitor to our Website). Detailed information concerning cookies as well as the history of their creation can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.

The Administrator may process data contained in Cookies when visitors use the Website for the following purposes:

  • performing basic functions of the Website, such as identification of Customers as logged in and maintaining login sessions, storing dynamic data, e.g. statistics, summaries;
  • adapting the content of the Website to the User’s individual preferences (e.g. with respect to language);
  • memorize IP location, time zone;
  • keep anonymous statistics on the use of
    from the Website;
  • remembering the Services ordered in the shopping cart, recommending related Services
    with the ordered Services, as well as the proper functioning of the Store;
  • personalization and publication of advertising content posted on the Website, consistent with
    with the interests of Service Recipients.
  • remarketing, which is an advertising activity in which, after the creation of appropriate remarketing lists based on selected behavioral characteristics (using Google Analytics), banner ads are targeted and displayed to users when they visit various websites in the Google advertising network.

  1. By default, most web browsers available on the market accept the storage of cookies. You can determine the conditions for the use of cookies through the settings of your web browser. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the storage of cookies – in the latter case, however, this may affect some of the functionality of the Website (for example, it may not be possible to follow the path of the Order through the order form due to failure to remember the Services in the shopping cart during the subsequent steps of submitting the Order).
  2. Your browser’s cookie settings are important
    Your browser’s cookie settings are important
  3. Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):

in Chrome browser

In Firefox browser

In Internet Explorer browser

In Opera browser

In Safari browser

In Microsoft Edge browser

Final Provisions.

To the extent not covered by this document, the data protection legislation applies.strong
lbAny changes to this document will be communicated to you by e-mailstrong
, lbThis Privacy Policy is effective as of 22.09.2021

Purpose of data processing Basis for processing Rate of data processing Storage period
Performing a contract or taking action at the request of the data subject before entering into a contract.This regulation also covers events relating to the processing of data that are necessary for the performance of activities prior to the conclusion of the contract, in particular, in order to create and manage an Account; handle and implement the Order; carry out the payment process; ensure the proper functioning and use of the service and the quality of service; settle contracts performed and services provided by the store within the service and the Seller; handle claims and requests made using the contact form; establish contact
in connection with the performance of the contract (provision of the service).
Article 6(1)(b) RODO First and last name, e-mail address, contact telephone number, street, house/flat number, postal code, city, delivery address of the order.For Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name, business/site address and tax identification number (NIP) of the Service Recipient or Customer. Data is retained for the period necessary to perform, terminate or expire
otherwise concluded agreement.
Direct marketing / sending commercial information. Article 6(1)(f) of the RODO in conjunction with Article 10(1) of the Act on Provision of Electronic Services and Article 172(1) of the Telecommunications Act.If the processing of your personal data is necessary for the purposes arising
of Our legitimate interests, the basis for processing of which is Article 6(1)(f) of the RODO we ensure that your fundamental rights and freedoms are overridden.
Name, address, email address, contact phone number. The data are processed until the data subject withdraws consent. The controller may not process the data for the indicated purpose after the withdrawal of consent.The controller may not process the data for direct marketing purposes if the recipient has not consented to receive commercial information and has not provided an electronic address (e.g. email) which identifies the data subject for this purpose in the event of an objection in this regard by the data subject.
Duty to keep books of account. Article 6(1)(c) of the RODO Regulation in connection with Article 74(2) of the Accounting Act, i.e. of 29 September 1994 (Journal of Laws 2021.217 t.j. of 2021.02.01) First and last name; residential or business address, company name and tax identification number (NIP), bank account number. Data are kept for the period required by law
Determination, investigation and defense of claims by AD. Article 6(1)(f) RODO The data shall be stored for the period of time during which there is a legitimate interest pursued by the Administrator, however, not longer than the period of limitation of claims against the data subject resulting from the Administrator’s business activities. The period of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic limitation period for claims related to business activities is three years, while for claims under a sales contract made by an entrepreneur – two years).
Use of COOKIES files Article 6(1)(a) RODO We process textual information on the website. We process personal data on the basis of your freely given consent (when you first access the website, you are asked whether you agree to the use of cookies). The data shall be processed until the data subject withdraws consent. The controller may not process the data for the indicated purpose after the withdrawal of consent.