How do we process your personal information?
Who is the controller of your personal information?
The administrator of the personal data is Hempley Sp. z o.o., NIP number: 9571124935, REGON number: 386369269 with the registered office in Gdansk, 132 /25 Jaśkowa Dolina Street, 80-286, Gdansk, Poland, which operates the online store www.hempley.pl.
How can I get more information about the processing of my personal data?
Write to our designated Personal Data Administrator. Here is his contact information:
telephone: +48 791 920 945
e-mail: [email protected] postal address: Hempley Sp. z o.o., NIP: 9571124935, REGON: 386369269 seated in Gdańsk, ul Ul. Jaśkowa Dolina 132 /25, 80-286, Gdańsk, Polska
How do we have your information?
We received them from you when you set up your account and also later, in connection with your transactions in our online store.
What is the purpose and legal basis of the processing of your personal data by hempley.co.uk?
We process your personal data because it is necessary for the performance of the contract entered into with you, including:
- Creating and managing your account, and providing support for your account, transactions and technical issues;
- Process online orders as well as returns, complaints and changes to those orders;
- Handle requests you send to us (e.g. via chat);
- Contacting you for the purposes of providing services;
- Provide payment services;
- Monitor your activity and that of all other users, including, for example, keyword searches, postings;
- Storing data for purposes arising from legitimate interests, including but not limited to:
- perform tax settlements in accordance with Polish tax law;
- perform bookkeeping in accordance with the Accounting Act and other applicable provisions of Polish law;
- collect receivables in accordance with the Civil Code and other applicable provisions of Polish law.
If you agree to process your personal information for marketing purposes, you further authorize us to:
- Conducting marketing activities towards you, including: newsletters, text messages, information about promotions and commercial offers;
- Contacting you, including for the purposes of permitted marketing activities, through available communication channels, in particular and with your consent – by e-mail and telephone;
Your personal data is processed pursuant to Article 6 and other provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”).
What personal information about you do we process?
- first and last name
- e-mail address
- phone number
- mailing address
- billing address
- IP address.
Do you need to give us your personal information?
The provision of data is voluntary, however, refusal to provide such data will result in the fact that you will not be able to enter into a contract with us and thus we will not be able to provide you with the service.
What rights do you have against Hempley Sp. z o.o., Poland with regard to data processing?
We make every effort to keep your personal information up to date. You can request access to your personal data and the correction of erroneous data. You have the right to receive a copy of the processed data. You may also request the deletion of your personal data and your account on the online store www.hempley.pl. Hempley will respond promptly to requests in accordance with applicable law. When may we not delete your personal data, despite requests? If applicable law requires us to retain certain data for a longer period of time for archiving, warranty and accounting purposes, as well as, for example, for the investigation of claims. If you would like your data deleted, please email us at [email protected]
You have the right to request that the Administrator immediately delete your personal information, and the Administrator is required to delete your personal information without undue delay (subject to exceptions provided by law) if any of the following circumstances apply:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
- the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
- the personal data was collected in connection with the offering of information society services directly to the child, based on the consent of the child or the child’s parent (guardian).
You have the right to request the Administrator to restrict processing in
the following cases:
- when the User questions the correctness of the personal data – for a period allowing the Administrator to verify the correctness of the data;
- when the processing is unlawful and the User opposes the erasure of the personal data and demands the restriction of its use instead
- when the Administrator no longer needs the personal data for the purposes of processing, but the User needs them to establish, assert or defend a claim;
You have the right to object at any time to the processing of your personal data for direct marketing purposes, and we are obliged to respect such objection.
Who do we share your personal information with?
Recipients of the User’s personal data may be:
- Employees, contractors, subcontractors, and other persons employed by or working with the Administrator;
- Accounting offices that cooperate with the Administrator;
- Law firms cooperating with the Administrator;
- Entities providing IT services to the Administrator, including in particular website hosting and e-mail services;
- Entities providing marketing services to the Administrator;
- Entities involved in making settlements, including invoicing system providers, online payment systems and banks;
- Entities providing postal and courier services.
NOTE: We do not transfer your data to third countries.
How long do we keep your personal information?
We will retain your personal data for the period necessary to fulfill the purposes of the processing, namely:
- the period of maintenance of your account on the Service;
- The period for maintaining communications, including, but not limited to, the period necessary to provide you with any requested information;
- the period of conducting marketing activities by the Administrator;
- period necessary for proper execution of agreements concluded with you;
- the period necessary for tax settlements concerning the User and the legally required period for storing documentation related to tax settlements;
- the legally required period for keeping accounting records;
- the period necessary for the execution of the Administrator’s receivables.
Your personal data will be permanently deleted when all the above-mentioned periods end.
How do we protect your personal information?
We make every effort to keep your data safe. We use technical and organizational measures to ensure the protection of the processed personal data appropriate to the threats and the category of data covered by the protection, and in particular to protect data from unauthorized access, from being taken by an unauthorized person, from being processed in violation of applicable regulations and from being altered, lost, damaged or destroyed. To protect data sent electronically, we use the following measures:
- Protection of the data set against unauthorized access.
- Access to an Account only after providing an individual login and password.
- SSL certificate
Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority, in particular the Member State of your habitual residence, your place of work or the place where the alleged infringement took place, if he/she believes that the processing of personal data concerning him/her violates the provisions of the RODO.
What are cookies?
Cookies are small pieces of information in the form of text files sent by a server and saved on the website of the Online Shop (e.g. on the hard drive of a computer, laptop or smartphone memory card – depending on the device used by the visitor to our Online Shop). Detailed information about cookies, as well as the history of their creation can be found, among others, here: https://pl.wikipedia.org/wiki/Ciasteczko.
For what purpose can we process the data contained in the cookies?
The Administrator may process the data contained in Cookies when visitors use the website of the Internet Shop for the following purposes:
- identify Customers as logged in to the Online Shop and show that they are logged in;
- remembering about Products added to the basket in order to place an Order;
- remembering data from completed Order Forms, surveys or login data to the Online Shop;
- adjust the content of the Internet Shop page to the individual preferences of the Customer (e.g. colors, font size, page layout) and optimise the use of the Internet Shop pages;
- keep anonymous statistics presenting the manner of use of the Internet Shop’s website.
Detailed information about changing the settings
Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):
What other data is processed?
The Administrator also processes anonymised operational data related to the use of the Internet Shop (so-called logs – IP address, domain) in order to generate statistics which are helpful in administering the Internet Shop. The data are collective and anonymous, i.e. they do not contain characteristics identifying persons visiting the Internet Shop website. The logs are not disclosed to third parties.