PERSONAL DATA PROTECTION – TERMS AND CONDITIONS

I. Initial provisions

1. Personal data controller as per Art. 4 (7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as GDPR only) is ZONER s.r.o., Company Identification Number: 35 770 929, with its registered office in Bratislava, Jaskový rad 5, 831 01 Bratislava, entered in the Commercial Register kept by the District Court Bratislava I., Section Sro, File No. 19487 / B  (hereinafter referred to as Controller only).
2. The Controller’s contact details – e-mail: info@kanabigerol.co.uk, phone +44 (0) 7495 406576
3. Personal data refer to all information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a specific identifier such as name, identification number, location data, network identifier or one or more specific elements of this natural person’s specific physical, physiological, genetic, mental, economic, cultural or social identity.
4. The Controller did not appoint any Data Protection Officer.

II. Sources and categories of processed personal data

1. The Controller processes personal data that you have provided or personal data that the Controller obtained when performing your order.
2. The Controller processes your identification and contact data and data required to perform the contract.
3. When you enter our website, your IP address is recorded if you have agreed to cookie storage in your browser; cookies track the data on websites you visit. We are using the Google Analytics service on our website, all details about this service are provided directly at the Google website. We are also using advertisement at social networks to offer our services; this is not directly linked to your personal data processing but our advertisement can pop up if you have, for example, visited our websites before.

III. Legal reason and purpose of personal data processing

1. The legal reason to process personal data is
   • performance of a contract between you and the Controller as per Art. 6 (1)(b) GDPR,
   • a legitimate interest of the Controller to provide direct marketing services (in particular sending commercial communications and newsletters) as per Art. 6 (1)(f) GDPR,
   • your consent with data processing for the purposes of direct marketing (in particular sending commercial communications and newsletters) as per Art. 6 (1)(a) GDPR in connection to Section 7 (2) Act no. 480/2004 Sb., on some Information Society services if no goods or services have been ordered.

2. The purpose of personal data processing is

• • execution of your order and exercise of rights and obligations resulting from a contractual relationship between you and the Controller; when placing the order, personal data are required in order to execute the order successfully (name and address, contact details), personal data must be provided so that the contract can be concluded and performed, the contract cannot be concluded or fulfilled by the Controller if personal data are not provided,
  • sending of commercial communications and performance of further marketing activities.

3. The Controller does not / does perform automated individual decision-making in terms of Art. 22 GDPR. You have expressed your explicit consent to such data processing.

IV. Data retention period

1. The Controller retains the personal data

• • for the period necessary to exercise the rights and obligations resulting from a contractual relationship between you and the Controller and entitlements resulting from such contractual relationships (for a period of 15 let from the termination of the contractual relationship).
  • for a period before the consent to personal data processing for marketing purposes is withdrawn, however no longer than for five years.

2. The Controller shall delete the personal data after the data retention period expires.

V. Recipients of personal data (Controller’s sub-contractors)

1. The personal data are received by persons

• • involved in goods or service delivery or execution of payments resulting from the contract,
  • providing e-shop operations and other services related to the e-shop operations,
  • providing marketing services.

2. The Controller intends to hand over personal data to a third country (a non-EU country) or to an international organisation. The recipients of personal data in third countries are providers of mailing / cloud services.

VI. Your rights

1. Under the conditions set forth in GDPR, you have the

• • right to access your personal data as per Art. 15 GDPR,
  • right to rectify the personal data as per Art. 16 GDPR, or to restrict their processing as per Art. 18 GDPR,
  • right to have the data erased as per Art. 17 GDPR,
  • right to object against data processing as per Art. 21 GDPR and
  • right to data portability as per Art. 20 GDPR.
  • right to withdraw your consent with data processing submitted in writing or electrically at the Controller’s address or e-mail set in Art. III of these Terms and Conditions.

2. You have also the right to submit a complaint with the Personal Data Protection Authority should you assume your right to personal data protection has been impaired.

VII. Personal data security conditions

1. The Controller declares all suitable technical and organisational measures to secure the personal data have been taken.
2. The Controller made technical measures to secure data storage and paper-based personal data storage.
3. The Controller declares that the access to personal data is restricted only to persons delegated by the Controller.

VIII. Final provisions

1. By sending the order via the website order form you confirm that you have read and understood the Terms and Conditions of Personal Data Protection and that you accept these Terms and Conditions in their full scope.
2. You express your consent with these Terms and Conditions by checking off the Agree check-box in the website form. By checking off the Agree check-box you confirm that you have read and understood the Terms and Conditions of Personal Data Protection and that you accept them in their full scope.
3. The Controller is entitled to change these Terms and Conditions. Any new version of these Terms and Conditions of Personal Data Protection shall be published by the Seller at its website and sent to you at your e-mail address that you have provided to the Controller.

These Terms and Conditions come into force on 1 May 2021.