Here you will find information about the processing of personal data of customers or visitors to the CBD SWISS online shop.
The data controller is CBD SWISS s.r.o., with registered office at Národní 364/39, Staré Město, 110 00 Prague 1, ID No.: 116 68 377, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 352583 (hereinafter referred to as “CBD SWISS” or “Controller”).
The customer account is primarily used to facilitate ordering of goods, tracking of order status and delivery of invoices. The customer has the option to create the account himself.
The contact data provided in the form (name, surname, e-mail address, delivery address, telephone number) and personal data in the form of purchase history will be processed. The Customer is free to update or supplement the data; the Customer is responsible for the accuracy of the data.
The aforementioned data will be processed for the entire duration of the account. If the account has not been actively used in the last three years, this personal data will be deleted.
In the event that the Customer does not want any form of commercial communication, his/her data from the registration form will be used only for the processing of individual orders and related actions or other purposes for which the Customer’s consent is not required. The customer has the option to cancel the account himself or contact CBD SWISS s.r.o. (info@cbdswiss.cz). However, cancellation is only possible after the last order has been completed in full.
For the purpose of the performance of the purchase contract, CBD SWISS processes the personal data of the Customer / Buyer to the extent necessary for the performance of the purchase contract (name and surname, delivery address, e-mail address, telephone and data regarding the goods, billing data). The Buyer provides this personal data directly during the ordering and receipt of goods or through his/her user account if he/she has an account. If the Buyer does not have a user account, his personal data will be processed for a period of two years from the conclusion of the purchase contract respectively. receipt of goods (period for making a claim) and selected data and documents for a period of 10 years; unless processing is necessary for other purposes permitted by law (litigation). After this processing period, the data will be deleted. If the Buyer has a user account, the personal data processing period set for the user account applies.
In connection with the processing of an order when paying by credit card on the CBD SWISS e-shop, the personal data provided in the order (name, surname, email address, billing address, delivery address, telephone number) may be passed on to payment gateway providers. The purpose is to facilitate payment by credit card on the CBD SWISS e-shop by the customer. This transfer to CBD SWISS is based on a legitimate interest.
CBD SWISS sends a newsletter – i.e. a commercial communication regarding its goods and services – to all its customers from whom it has obtained an e-mail address or telephone number in connection with its business activities, in accordance with Section 7(3) of Act No. 480/2004 Coll., on certain information society services. If the Customer does not wish to receive these mass commercial communications, he/she may express his/her disagreement by using the link provided in the e-mail by which such Newsletter is delivered; alternatively, he/she may write to info@cbdswiss.cz. The Customer hereby acknowledges that, with regard to technical settings, he/she may still receive the Newsletters for 14 days from the date of his/her dissent from the commercial communication.
What are cookies?
In order to improve the service we provide, our website uses cookies. Cookies are small files that store information in your browser and are commonly used to distinguish individual users. Cookies are used to ensure the correct functionality of the website, for example to help complete the purchase process or to remember our customers’ login details so that they do not need to be re-entered.
Cookies are also used to identify which pages and features our visitors use most often; this enables us to best tailor our offer to the customer’s requirements. Or, cookies help us to know which ads visitors are viewing most often; for example, next time an ad that visitors are not interested in will no longer be shown. However, the information we obtain through cookies cannot directly identify a specific person, only the end device. The processing of this data is based on our legitimate interest (adjustment and targeting of advertising, adjustment and improvement of the functionality of the website).
Further general information on cookies can be found, for example, here: https://cs.wikipedia.org/wiki/HTTP_cookie.
CBD SWISS may pass on the Customer’s personal data to other processors or recipients (in particular the carrier or the post office). The current list of processors is as follows:
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Cookies are processed by Google Inc. in accordance with its Privacy Policy, available at https://www.google.com/intl/cs/policies/privacy/#nosharing.
Facebook Inc., located at 1601 Willow Road, Menlo Park, CA 94025, USA. Cookies are processed by Facebook Inc. in accordance with its Privacy Policy, available at https://www.facebook.com/full_data_use_policy, https://www.facebook.com/legal/EU_data_transfer_addendum.
Seznam.cz, a.s., registered office Radlická 3294/10, Praha 5, Smíchov, 15000. Cookies are processed by Seznam.cz in accordance with the Privacy Policy, available at: https://napoveda.sklik.cz/pravidla/smluvni-podminky/#ochrana_spotrebitele.
Mailchimp – The Rocket Science Group, LLC675 Ponce De Leon Ave NE Suite 5000 Atlanta, GA 30308 USA. The Personal Data Policy is available here: https://mailchimp.com/legal/privacy/.
Recipients of personal data (contact details for delivery only)
PPL CZ s.r.o., company with registered office at K Borovému 99, Jažlovice, 251 01 Říčany, ID No.: 25194798
Relevant payment gateways
VIVA PAYMENT SERVICES S.A., ID No.: 090 03 525, payment gateway provider, to whom the data is transferred in order to facilitate payment by credit card on the CBD WSISS e-shop
In the event that a Customer or visitor to the Online Shop wishes to exercise their legal rights regarding personal data, they may contact the Data Protection Officer: info@cbdswiss.cz. The customer also has the right to lodge a complaint with the OOOÚ (www.uoou.cz).
The customer/visitor of the online shop has the right as a personal data subject to information about the processing of his/her personal data, the right to request access to, rectification or deletion of personal data (in particular incorrect, incomplete and outdated personal data) and the right to an explanation from CBD SWISS regarding the processing of his/her personal data if he/she finds or believes that the processing is carried out in violation of the protection of his/her private and personal life or in violation of applicable law and the right to request the rectification of the situation and the provision of remedies.
The customer/visitor to the online shop may also request a restriction of processing or object to the processing of data and has the right to withdraw his/her consent to the processing of personal data at any time in writing by sending an e-mail to info@cbdswiss.cz, without prejudice to the lawfulness of the processing prior to such withdrawal.
The customer/visitor has from 25. 05. 2018 the right to portability of personal data to another controller, if permitted by law, and the right to lodge a complaint against the processing of personal data with the supervisory authority, which is the Office for Personal Data Protection.
The customer/visitor of the online shop is aware of and agrees that CDD SWISS may provide the personal data provided by him/her for possible further processing of the personal data to the above extent to other recipients listed above. The customer/visitor has provided his/her true personal data freely, knowingly and voluntarily and is aware that he/she cannot be sanctioned in any way for not providing it.
Personal data is stored in a secure database. Access to personal data is only granted to authorised personnel and only via secure means using approved access. Personal data will be processed in electronic form in an automated manner or in paper form in a non-automated manner. The controller has taken appropriate technical and organisational measures to ensure adequate protection of personal data and has selected and vetted suitable processors. The Controller uses encryption and pseudonymisation wherever possible and practical, in particular when transferring data.
All reports are taken seriously and dealt with immediately. Any lessons learned can also be used to further improve data protection.
Our employees follow internal guidelines for reporting, in particular the Data Protection Directive.
For others, here are the answers to the most common questions:
What is a data breach?
These are events that have led or could lead (i) accidental or intentional loss of personal data (electronic or paper), (ii) the destruction of data; or (iii) unauthorised access to data (e.g. loss or theft of a laptop, smartphone, paper documents, disclosure of access data, etc.).
When should I report such an incident?
In certain cases, the data controller is obliged to report a personal data breach to the Data Protection Authority within 72 hours of becoming aware of it. Therefore, if you become aware of a personal data breach where our company acts as a data controller, please do not hesitate to report the incident immediately.
What incidents should be reported and how?
All incidents involving personal data are reported to info@cbdswiss.cz. The severity and impact is assessed by the data controller.
What happens after the message is sent?
The data controller will review the incident report and contact you for further information or, if necessary, assist you with actions to remedy the effects of the incident.
CBD SWISS s.r.o.
