Who are we?
This policy applies to the processing (use) of any personal data carried out by Hempika d.o.o. (operator) or performed on behalf of the operator.
Cankarjeva ulica 84
5000 Nova Gorica
What kind of personal data is processed?
- Basic contact information (name, address, telephone number, e-mail);
- Information about using our web pages (clicks on links, time spent), and response information to our emails (if the message was open, to which links you clicked);
- Information needed to complete the contract and delivery of purchased goods (subject to purchase, price, delivery address, delivery time, method of payment, date of payment, information on complaints, invoice information, etc.).
Legal basis for the processing of personal data
We may process your personal information on the following legal bases:
- When necessary to fulfill our legal obligations (eg. issue invoices for purchased goods),
- when the processing of your personal information is necessary for the conclusion and fulfillment of a contract that you have concluded with us or because you wanted an offer,
- when you gave consent for processing your personal information for the specific purpose.You are always entitled to revoke the consent,
- when we have a legitimate interest in processing your personal information (when we send you an email in case you left the shopping cart on our website without completing the purchase).
Purpose of the processing of personal data
We may use your personal information for one or more of the following purposes:
- communicate with you about providing our services and answering to your inquiries;
- contract conclusion and the fulfillment of the obligations arising from the concluded contract;
- marketing communication (e-mail and/or SMS);
- to enforce any legal claims and to settle disputes;
- for statistical analysis of the sale of our goods and the use of our websites.
How long do we store your personal information and what happens to them?
We store basic personal information for as long as you have the status of our registered user on our website.
Personal information that is processed with your consent is stored permanently or until consent is withdrawn from your site.
Data of issued invoices is stored for 10 years from the date of issue.
We keep the data necessary for concluding and fulfilling the contract between you and us, for 5 years from the completion of the contract (delivery of goods).
After the expiration of the retention period, your personal information is effectively erased or anonymised, which means that we process them in such a way that they can no longer be associated with you or attributed to you.
Mandatory or voluntary communication of data and possible consequences of a failure to provide it
The provision of personal data is voluntary. You do not have to provide us with personal data, but if you do not, you can not conclude a contract with us (as we need it to deliver the order). What information is such, that failure to provide it, causes these consequences, we will provide a list of information needed, each time we receive personal information from you.
Who can access your personal information?
We do not provide your personal information to third parties (outside Hempika), except for those who have a written contract with us, that they perform certain tasks related to data processing and are obliged to comply with the legislation regarding the processing and protection of personal data (e.g. contractors).
Contractors to whom we provide personal information are:
- marketing service providers;
- e-mail service providers;
- software solution providers;
- delivery services.
Contractors may process personal information only under our instructions and can not process your personal information for their own purposes. They are bound, together with their employees, to protect the confidentiality of your personal information. Contracted processors of personal information do not transmit information in third countries (outside the European Economic Area – these are EU Members and Iceland, Norway and Liechtenstein).
What kind of rights do you have regarding personal information, how can you revoke consent for processing, and what are the consequences of the cancellation
You have the following rights regarding your personal information:
- The right to request at any time:
- confirmation if your information is being processed
- access to personal information and the following information: processing purposes; types of personal information; users or categories of users to whom personal data have been or will be disclosed, in particular users in third countries or international organizations; planned period of retention of personal data or, if this is not possible, the criteria used to determine this period; existence of automated decision-making, including the creation of profiles and the reasons for it, as well as the significance and intended consequences of such processing for you;
- one (free) copy of personal information in a format you specify yourself (if the request is provided by electronic means of communication and you do not request otherwise, the copy shall be provided in electronic form); For additional copies you request, we can charge a reasonable fee, taking costs into account;
- correction of inaccurate personal data;
- limit processing when:
- You dispute the accuracy of your personal information, for a period that allows us to verify the accuracy of your personal information;
- the processing is illegal and you are opposed to the deletion of your personal information, and instead request a restriction on their use;
- We do not need personal information for processing purposes, but you need them to enforce, implement, or defend legal claims;
- deletion of all personal information (the right to forget) if the assumptions referred to in Article 17 of the General Data Protection Regulation are fulfilled, and in particular when you revoke the consent for the processing of personal data;
- printout of personal data in a structured, widely used and machine-readable form, with the right to forward this information to another controller, without us hindering you;
- termination of use of personal information for direct marketing purposes, including the creation of profiles;
- that you are not subject to a decision based solely on automated processing, including the creation of profiles if the assumptions under Article 22 of the General Data Protection Regulation are met.
- the right to file an appeal against us with the Information commissioner, if you believe that the processing of your personal information violates the General Data Protection Regulation.
Procedure for exercising rights
You may address your requests regarding the exercise of rights in connection with personal data by writing to any contact listed at the top of this document under the Personal Data Manager and contact details.
For the purposes of reliable identification in the event of the exercise of rights in connection with personal information, we may request additional information from you and we can only reject action if we can prove that you can not be reliably identified.
At your request, with which you exercise your rights in connection with personal information, we must respond without unnecessary delay, and no later than one month after receiving your request.