DATA PROTECTION DECLARATION

With this data protection declaration, we would like to inform all visitors to Our website in a transparent manner about the type, scope and purpose of the personal data collected, used and processed by Us and to inform them about their rights. As a rule, you can use our website without disclosing any personal data. However, if You wish to make use of the offer of Our online store, providing personal data is necessary in order to process Your order. Insofar as data is collected automatically when visiting our website, it is processed in accordance with the current legal regulations on data protection. If the processing of your personal data is necessary and there is no statutory basis for such processing, we generally obtain the consent necessary to process the data, e.g. to send commercial information and information of the Newsletter type. As a company responsible for the processing of personal data, we have established technical and organizational measures to guarantee the highest possible level of protection for your personal data.

Company contact details:

The administrator of the Personal Data is:
HEALTHCANN Ltd
ul. Klecińska 123, 54-413 Wrocław
VAT: 8943154198
REGON: 386107598

Mobile: +48 883 909 100
email: contact@canaticann.eu

General information.

1. Personal data are processed by the Data Administrator in accordance with
   accordance with the applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “RODO”
2. Taking into account the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Controller has implemented appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent the acquisition and modification by unauthorized persons, of personal data transmitted electronically.
3. The controller shall apply measures to maintain the confidentiality, integrity and availability of personal data processed by it.
4. Rights regarding the personal data of the subjects.
5. If you have questions about your personal data, you can contact us at any time in writing, by email, by phone, we will answer your questions.

---

 

Under the RODO, you have the following rights:

---

Right to information (Article 15 RODO).

1. Furthermore, you have the right to know to which recipients or categories of recipients the data have been or are being disclosed,

At any time you have the right to obtain information about which categories of personal data and which information regarding you we process and for what purpose we do so, as well as how long and according to which criteria these data are stored and whether profiling is used in this connection. Furthermore, you have the right to know to which recipients or categories of recipients the data have been or are being disclosed, in particular to recipients in third countries or international organizations. You also have the right to be advised of the relevant guarantees in connection with the transfer of your personal data. In addition to the right to lodge a complaint with a supervisory authority and the right to obtain information as to the origin of your data, you have the right to erasure, correction, as well as the right to restrict processing or to object to the processing of your personal data. In all cases mentioned above, you have the right to request from the Data Controller a free copy of your personal data that we process. For all other copies that you request or that go beyond the person’s right to information, we are entitled to charge an appropriate administrative fee.

2. Right to rectification (Article 16 of the RODO).

You have the right to request immediate rectification of the personal data processed and, taking into account the purposes of the processing, the right to request the completion of incomplete personal data. If you would like to exercise your right to rectification, you can contact the Data Controller at any time to make the necessary correction.

3. Right to erasure (Article 17 RODO).

You have the right to demand immediate erasure of your data (“right to be forgotten”) in particular when data collection is no longer necessary, when you have revoked your consent to data processing, when your data is unlawfully processed or has been unlawfully collected and there is a legal obligation to erase the data under European Union or national law. However, the right to be forgotten does not apply when there is a prevailing right to freedom of expression or freedom of information, the data collection is necessary to comply with a legal obligation (e.g. FV retention obligations), erasure is not possible due to AD’s archiving obligations or the data collection serves the assertion, exercise or defence of legal claims.

4. Right to restriction (Article 18 RODO).

You have the right to request the restriction of the processing of your data when you contest the accuracy of the data, the processing is unlawful, you refuse to erase your personal data and request the restriction of the processing instead, when the necessary purpose of the processing ceases to exist or you have objected to the processing in accordance with Article 21(1) as long as it has not yet been established whether the legitimate interests on our part outweigh your interests.

5. Right to data portability (Article 20 RODO).

You have the right to portability of your personal data, in a commonly used form, in order to transmit it without prejudice to another responsible entity, if, for example, there is consent on your part and the processing is carried out by automated procedure.

6. Right to object (Article 21 RODO).

You have the right to object at any time to the collection, processing or use of your personal data for the purposes of direct solicitation or market and opinion research and marketing (promotional) processing, unless we can provide compelling and defensible evidence regarding the processing which outweighs your interests, rights and freedoms. In addition, you cannot exercise your right to object when a legal provision stipulates or obligates the collection, processing and use of the data.

7. Right to lodge a complaint with a supervisory authority (Article 77 RODO).

You have the right to lodge a complaint with the competent supervisory authority if you believe that a breach has occurred in the processing of your personal data.

8. The right to withdraw your consent in relation to your data protection rights (Art. 7. 3 RODO).

You can revoke the consent you have given for the processing of your personal data at any time without giving reasons. This also applies to the revocation of consent statements granted to us before the European Union Data Protection Regulation (RODO) came into force.

Recipients of data.

Puropse of processing	Basis of processing	Scope of data processing	Storage period
Performing a contract or taking action at the request of the data subject before entering into a contract.This regulation also covers events relating to the processing of data that are necessary for the performance of activities prior to the conclusion of the contract, in particular, in order to create and manage an Account; handle and implement the Order; carry out the payment process; ensure the proper functioning and use of the service and the quality of service; settle contracts performed and services provided by the store within the service and the Seller; handle claims and requests made using the contact form; establish contact in connection with the performance of the contract (provision of the service).	article 6 (1) (b) RODO	First and last name, e-mail address, contact telephone number, street, house/flat number, postal code, city, delivery address of the order.For Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name, business/site address and tax identification number (NIP) of the Service Recipient or Customer.	Data is retained for the period necessary to perform, terminate or expire otherwise of the agreement.
Direct marketing / sending commercial information.	Article 6(1)(f) of the RODO in conjunction with Article 10(1) of the Act on Provision of Electronic Services and Article 172(1) of the Telecommunications Act.If the processing of your personal data is necessary for the purposes arising of Our legitimate interests, the basis for processing of which is Article 6(1)(f) of the RODO, we ensure that your fundamental rights and freedoms are overridden.	Name, address, email address, contact phone number.	The data are processed until the data subject withdraws consent. The controller may not process the data for the indicated purpose after the withdrawal of consent.The controller may not process the data for direct marketing purposes if the recipient has not consented to receive commercial information and has not provided an electronic address (e.g. email) which identifies the data subject for this purpose in the event of an objection in this regard by the data subject.
Duty to keep books of account.	Article 6(1)(c) of the RODO Regulation in connection with Article 74(2) of the Accounting Act, i.e. of 29 September 1994 (Journal of Laws 2021.217 t.j. of 2021.02.01)	First and last name; residential or business address, company name and tax identification number (NIP), bank account number.	Data are kept for the period required by law
Determination, investigation and defense of claims by AD.	Article 6 (1)(f) RODO		The data shall be stored for the period of time during which there is a legitimate interest pursued by the Administrator, however, not longer than the period of limitation of claims against the data subject resulting from the Administrator’s business activities. The period of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic limitation period for claims related to business activities is three years, while for claims under a sales contract made by an entrepreneur – two years).
Use of COOKIES files	Article 6(1)( a) RODO	We process textual information on the website. We process personal data on the basis of your freely given consent (when you first access the website, you are asked whether you agree to the use of cookies).	The data shall be processed until the data subject withdraws consent. The controller may not process the data for the indicated purpose after the withdrawal of consent.

---

Recipients of data.

1. Transfers of data to third parties beyond those indicated in this data protection declaration are only made if necessary for the performance of the requested service.
2. Transfers of data to third parties beyond those indicated in this data protection declaration are only made if necessary for the performance of the requested service.
3. We only pass on data if there is a corresponding legal obligation. This occurs when state entities (e.g. criminal prosecution authorities) request information in writing.
4. Your personal data is not transferred to so-called third countries outside the European Union/European Economic Area.
5. Your personal data will not be sold to third parties. The data collected during the registration will be processed only to enable the use of the service, to make a possible purchase and to perform the contract.

• Your personal data will not be sold to third parties. The data collected during the registration will be processed only to enable the use of the service, to make a possible purchase and to perform the contract. In order to ensure proper functioning of the AD Store, including execution of concluded agreements on the provision of Services, it is necessary for Us to use services of external entities, such as: IT companies, suppliers of software supporting the conduct of business by AD, e.g. in the field of sending Newsletter, commercial information, marketing activities,
• entities providing accounting, legal and advisory services,
• courier companies,
• entities processing electronic and credit card payments.

6. The Administrator only uses the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the RODO Regulation and protects the rights of the data subjects.

The transfer of data by the Controller does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy.

The Administrator transfers data only when it is necessary for the realization of a given purpose of processing and only to the extent necessary for its realization.

Automated decision-making – profiling.

1. The RODO Regulation imposes an obligation on the Controller to provide information on automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the RODO Regulation, and, at least in those cases, relevant information on the modalities of such decision-making, as well as on the significance and the envisaged consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling in this section of the privacy policy.
2. We kindly inform you that on the basis of your personal data we may make decisions in an automated manner, including on the basis of profiling which means any form of automated processing of personal data, involving the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or forecast personal preferences and interests related to the offer of Our store and the locations from which you use Our store.
3. The profiling we conduct consists in the fact that we monitor the activity of users of Our store, including the number and frequency of visits to the site. We use profiling to help us provide advertising content as part of promotional and marketing activities.
4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects in relation to the data subject or materially affects the data subject in a similar manner.

Analytics, cookies and usage data.

1. Google Analytics, Universal Analytics – provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator to analyse traffic on the Website. The data collected is processed within the framework of the above services in an anonymised manner (this is the so-called exploitation data, which prevent identification of the person) to generate statistics which are helpful in administration of the Website. The data are collective and anonymous, i.e. they do not contain identifying characteristics (personal data) of persons visiting the Website. When using the above services in the Website the Administrator collects such data as the sources and medium of obtaining the visitors to the Website and their behaviour in the Website, information about the devices and browsers from which they visit the Website, IP and domain, geographical data and demographic data (age, gender) and interests.
2. It is possible for a person to easily block Google Analytics from sharing information about his or her activities on the Website – for this purpose, you can install a browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
3. Remarketing tags – used in Google Ads campaigns. They allow tracking user’s movements on the web and adjusting ads. Within the scope of Store operations, these will mainly be tags which will allow the ad (in text or graphic form) to follow the user.
4. Google Ads tags – allow ads to be linked to the website and collect similar data as Google Analytics. This data is visible in Google Analytics.
5. Cookies are small information in the form of text files sent by a server and stored on the website visitor’s side (e.g. on the hard drive of a computer, laptop or smartphone memory card – depending on the device used by the visitor to our Website). Detailed information concerning cookies as well as the history of their creation can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
6. Detailed information concerning cookies as well as the history of their creation can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.

The Administrator may process data contained in Cookies when visitors use the Website for the following purposes:

• realization of the basic functionality of the Website, such as identification of Users as logged in and maintaining the logging session, storing dynamic data, e.g. statistics, summaries;
• adapting the content of the Website to individual preferences of the Customer (e.g. language);
• memorize IP location, time zone;
• keep anonymous statistics showing the manner of use
  use of the Website;
• remembering the ordered Services in the shopping cart, recommending Services related to the ordered Services
  The Store’s operation is proper;
• personalize and publish advertising content on the Website, according to
  Personalization and publication of advertising content on the Site, according to the interests of the Users.
• remarketing, i.e. advertising activities in which, after the creation of appropriate remarketing lists on the basis of selected behavioural characteristics (using Google Analytics), banner ads are targeted which are displayed to users when they visit various websites in the Google advertising network.

7. By default, most web browsers available on the market accept the storage of cookies. You can determine the conditions for the use of cookies via your browser settings. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the storage of cookies – in the latter case, however, this may affect some of the functionality of the Website (for example, it may not be possible to follow the path of the Order through the order form due to failure to remember the Services in the shopping cart during the subsequent steps of submitting the Order).
8. The settings of the Internet browser regarding cookies are important
   from the point of view of consent for the use of cookies by our Website – in accordance with the law, such consent may also be expressed through your Internet browser settings. In the absence of such consent, the settings of the Internet browser concerning Cookies shall be changed accordingly.
9. Detailed information about changing the settings for Cookies and their independent deletion in the most popular web browsers are available in the help section of the web browser and on the following pages (just click on the link): in the Chrome browser

the Internet Explorer browser

Firefox

the Internet Explorer browser

The Opera browser

the Safari browser

the Microsoft Edge browser

Final provisions.

To the extent not covered by this document, the provisions on data protection apply.
Any changes to this document will be notified to you by e-mail
This Privacy Policy is effective from 22.09.2021

Puropse of processing	Basis of processing	Scope of data processing	Storage period
Performing a contract or taking action at the request of the data subject before entering into a contract.This regulation also covers events relating to the processing of data that are necessary for the performance of activities prior to the conclusion of the contract, in particular, in order to create and manage an Account; handle and implement the Order; carry out the payment process; ensure the proper functioning and use of the service and the quality of service; settle contracts performed and services provided by the store within the service and the Seller; handle claims and requests made using the contact form; establish contact in connection with the performance of the contract (provision of the service).	article 6 (1) (b) RODO	First and last name, e-mail address, contact telephone number, street, house/flat number, postal code, city, delivery address of the order.For Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name, business/site address and tax identification number (NIP) of the Service Recipient or Customer.	Data is retained for the period necessary to perform, terminate or expire otherwise of the agreement.
Direct marketing / sending commercial information.	Article 6(1)(f) of the RODO in conjunction with Article 10(1) of the Act on Provision of Electronic Services and Article 172(1) of the Telecommunications Act.If the processing of your personal data is necessary for the purposes arising of Our legitimate interests, the basis for processing of which is Article 6(1)(f) of the RODO, we ensure that your fundamental rights and freedoms are overridden.	Name, address, email address, contact phone number.	The data are processed until the data subject withdraws consent. The controller may not process the data for the indicated purpose after the withdrawal of consent.The controller may not process the data for direct marketing purposes if the recipient has not consented to receive commercial information and has not provided an electronic address (e.g. email) which identifies the data subject for this purpose in the event of an objection in this regard by the data subject.
Duty to keep books of account.	Article 6(1)(c) of the RODO Regulation in connection with Article 74(2) of the Accounting Act, i.e. of 29 September 1994 (Journal of Laws 2021.217 t.j. of 2021.02.01)	First and last name; residential or business address, company name and tax identification number (NIP), bank account number.	Data are kept for the period required by law
Determination, investigation and defense of claims by AD.	Article 6 (1)(f) RODO		The data shall be stored for the period of time during which there is a legitimate interest pursued by the Administrator, however, not longer than the period of limitation of claims against the data subject resulting from the Administrator’s business activities. The period of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic limitation period for claims related to business activities is three years, while for claims under a sales contract made by an entrepreneur – two years).
Use of COOKIES files	Article 6(1)( a) RODO	We process textual information on the website. We process personal data on the basis of your freely given consent (when you first access the website, you are asked whether you agree to the use of cookies).	The data shall be processed until the data subject withdraws consent. The controller may not process the data for the indicated purpose after the withdrawal of consent.