1: Your Privacy
Your privacy is important to Hemp Fabric Ltd. and we are committed to protecting and safeguarding the rights to the privacy of your data.
2: Our policies
On the basis of legislation (General Data Protection Regulation, “GDPR“), we ensure that any processing of your personal data is in accordance with the following principles:
We only process your personal data for legitimate purposes. This means that the processing is necessary with a view to achieving the purposes specifically stated in the GDPR, or that you have given your permission to process your personal data. When it is justified to process your personal data, we do so neatly and responsibly. We will make it clear to you for which purposes your personal data will be processed and how this will be done.
We only collect and process your personal data for specific, explicit and legitimate purposes. If we later use your data for a different purpose, we will make sure that your purpose is compatible with the original collection purpose.
We ensure that the personal data we collect and process from you is adequate for the purpose for which we collect it, relevant and limited to what is necessary.
We take all reasonable measures to ensure that your personal data is correct and up to date. If your details are not (any more), we will delete or correct them.
We do not retain your personal data for longer than is necessary for the purpose for which we process it. If the data is no longer necessary, we will destroy or delete it.
We ensure that your personal data is well secured and remains confidential. We protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
We are responsible for adhering to all of the above principles and can demonstrate that the processing of your personal data is in line with these principles.
3: Where this policy applies to you
This policy applies to you when:
You visit our website (Website user)
We supply products and/or services to you as a customer (Customer)
You, as a supplier, supply products and/or services to us (Supplier)
4: How you contact us as the person responsible for your personal data
5: What Personal Data do we collect and use?
We collect and use basic information about our Website users, which we use primarily to improve our website. We look at how you use our website, how often you visit our website and when the website is used most. In addition, we also use website data to monitor visitor behavior and to optimise our campaigns in the context of re marketing.
We collect and use information about you to provide our products and/or services. When collecting data, we limit ourselves to the information that is necessary to achieve our objective. These are usually the personal information we may collect and use about you:
- First name
- House number
- Postal code
- E-mail address
- Phone number
- VAT number where applicable
- Bank details
- Order number
- Transmission mode
- Payment method
- Purchased items
- Amount of items purchased
For a Customer the e-mail address is used for 2 purposes:
- For sending an order confirmation
- For information about the delivery (Track & Trace)
In case of interruption of the ordering process, Hemp Fabric will send a reminder e-mail with the contents of the shopping cart (also called abandoned shopping card mail).
6: How do we collect your personal data?
We automatically collect your data using cookies when you visit our website, based on the cookie settings in our cookie bar. When you contact us via the website, we will also collect information from you.
We collect Personal Data from Customers in three ways:
- Personal data that you provide to us as a Customer
- Personal information we receive from other sources
- Personal data that we collect automatically.
7: How do we use your personal information?
Website user information helps us improve your user experience with our website.
We use customer data for this purpose:
Supply of products and/or services;
The main reason for using Customer data is to ensure that the contractually agreed arrangements can be met so that the relationship runs smoothly. In exceptional cases, we use your personal data in criminal proceedings.
9: How long do we store your personal data?
We will remove your personal data from our systems if:
The retention period at user level and at event levels associated with cookies, user IDs and advertising IDs are stored in Google Analytics for 26 months before they are automatically deleted.
A customer can unsubscribe from the newsletter. All personal data will be deleted after unsubscribing.
If we have not had any meaningful contact with you during a period of 5 years, we will delete your data, unless the law or relevant regulators require us to retain it for a longer period of time.
For the consumer the following applies:
All personal details concerning the placing of an order which end up in the back end of our website (WooCommerce), are automatically anonymised after 30 days. This is due to the fact that sending a package takes a number of days; in addition, a consumer has 14 days the right to return the package without giving any reason. As soon as we have received the return package, the amount will be refunded. For the entire process we need the personal data in WooCommerce.
10: Your rights under the GDPR.
Under the GDPR you have the following rights with regard to the personal data we hold of you. By contacting us, we can discuss them with you and deal with them within the time frame that stands for them.
Under the GDPR you have the following rights:
- The right to information
- The right to access your data
- The right to have the data corrected if they are incorrect
- The right of erasure and ‘the right to be forgotten’
- The right to limitation of data processing
- The right to object to the data processing
- The right to transfer your data (data portability)
- The right not to be subject to automated decision-making
Right to information
Right of access
You have the right to view the personal data we collect from you. You may therefore ask us at reasonable intervals whether and which of your personal data we process.
We are obliged to comply with such requests and to provide the available information within a period of one month. This period can, under certain conditions, be extended to 2 months.
If you so request, we will provide you with a copy of the information, or provide you with remote access to the information in a secure environment (such as a personal account/portal). We do not charge you for the copy of the data. If you wish to receive more than one copy, we will charge you a reasonable fee on the basis of administrative costs. We will provide you with the copy in writing (including in electronic form). When we receive a request for sowing, we will check that it is you who make the request. To this end, we will establish your identity. This is particularly true for online services.
Right of rectification
If the personal data we process about you are not correct or are no longer correct, you have the right to instruct us to correct this data. You also have the right to have the information supplemented when it is incomplete. If we have shared your information with other parties, we will notify these parties of the changes, unless this proves impossible, or requires a disproportionate effort on our part. We determine whether something requires a disproportionate effort by weighing your interests against the efforts (costs, time, etc.) we have to make to inform the recipients.
Right of expulsion and right to be forgotten
You have the right to have your data deleted by us as soon as possible, but only in one of the following cases:
Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You withdraw your consent to the processing and there is no other valid reason for us to continue the processing;
You have made a well-founded objection to the processing (see right to object);
Your personal data has been unlawfully processed;
Your personal data must be deleted in order to comply with a legal obligation incumbent on us;
Your personal data has been collected in connection with a direct provision of internet services to a child.
In addition to the right of expulsion, you have the right to be ‘forgotten’.
In situations where we have disclosed your personal data (for example, by putting it online) and you ask us to delete it, in addition to deleting the data from our own systems, we will take reasonable technical and organisational measures to inform other data controllers who process your personal data that you wish to be forgotten. This means that any link to, or copy or reproduction of, the data must be deleted.
Based on the GDPR, there are a number of situations in which we do not have to comply with your request for removal and the request for for forgetting. This is the case, for example, if the processing is necessary in order to comply with a statutory processing obligation that rests with us. If, in our opinion, such a situation applies, we will reject your request, stating our reasons. If we have shared your information with other parties, we will inform these parties of the fact that the information must be deleted at your request, unless this proves impossible; or requires a disproportionate effort on our part.
We determine whether something requires a disproportionate effort by weighing your interests against the efforts (costs, time, etc.) we have to make to inform the recipients.
We only have the right to refuse to comply with your request for reasons stated in the GDPR.
Right to limitation of processing
You can invoke your right to restriction of processing in the following situations:
You dispute the correctness of the personal data during a period that enables the controller to verify the correctness of the personal data;
The processing is unlawful and you oppose the deletion of the personal data and instead request a restriction on its use;
We no longer need the personal data for processing purposes, but you need them for the institution, exercise or substantiation of a legal claim;
You have objected to the processing, pending the answer to the question of whether our justified grounds outweigh yours.
In the above situations, we will ensure that the processing is limited in such a way that the personal data cannot be further processed. If we have shared your personal data with third parties, we will inform them of the restriction on processing, unless this is impossible or would require a disproportionate effort. When we remove the restriction, we will notify you in advance.
Right of objection
Of the three situations described in the GDPR in which you are entitled to
If you are able to exercise any right of objection, two are applicable to you as a Website Visitor, Customer, Supplier or Candidate:
You may object to processing based on our legitimate interest due to personal circumstances. In that case we will stop the processing unless there are compelling, justified grounds as a result of which our processing interest exceeds your interest in having the processing stopped;
You can object to the processing of your personal data when we use it for direct marketing purposes. We will always listen to this. We will respond to your request within 30 days (although in certain cases we may extend this period).
The right to transfer your data (data portability);
You have the right, if you so wish, to transfer your personal data to other data controllers. In fact, this means that you can take the data stored about you with you to the provider of another online platform (depending on the nature of the data and data systems). To enable you to do so, we will provide you with the information in a common machine-readable format protected by a password. If desired, we can pass on the data directly to you.
The right to transfer only applies to provided data that are processed automatically on the basis of the following principles:
the unambiguous or explicit consent of the data subject;
the need to exercise the rights conferred by the Agreement.
The right not to be subject to automated individual decision-making including profiling
You have the right not to be subject to a single decision based on automated processing (including profiling), when this is the case:
has legal consequences for you; or
it otherwise affects you to a considerable extent.
In the following situations, we can use automated individual decision-making, including profiling:
- when this is necessary for the conclusion or performance of a contract between you and us
- when you have given your express consent
- when permitted to do so to us by an applicable law that also provides for the protection of your legitimate interests.
Right to lodge a complaint with a supervisory authority:
You also have the right to complain to your local supervisory authority. Details can be found in Appendix 2.
11: What are cookies and how do we use them?
If you want to check what type of cookies you accept when you visit our website, you can view this via the cookie bar. Check Appendix 4 to see which of our clients’ cookies are managed by us. Appendix 4 shows which cookies we use, why we use them and what type of cookies we use.
How you can delete/adjust cookies
If you do not wish to receive cookies that are not strictly necessary for the performance of the basic functions of our site (functional and analytical cookies), you can change your other cookie preferences (marketing cookies) on the website via the cookie bar.
For general information about cookies, you can view www.aboutcookies.org. Here you will also find details on how to delete cookies from your computer.
12: Our legal basis for processing your data
Hemp Fabric Ltd may process your data when it is necessary for the protection of the legitimate interests of the company or of a third party, except when the interests or the fundamental rights and freedoms of the data subject that require the protection of personal data outweigh those interests.
However, you have the right to object to our processing of your personal data on this ground. In that case you can contact us.
In certain circumstances, we may be required to obtain your consent for the processing of your personal information in connection with certain activities. Depending on what we do with your information, this consent will be either opt-in consent or soft-on consent.
You must give us your permission freely, without us putting you under any kind of pressure;
You need to know what you are agreeing to – so we make sure we give you enough information;
you should have control over the processing activities for which you give your consent and the processing activities for which you give your consent; and
You must give your consent through a clear active action – we will probably show you a box that you can tick so that this requirement is met in a clear and unambiguous manner.
We will keep track of the permissions you have given in this way.
We have already mentioned that in some cases we can rely on soft opt-in consent. We are allowed to offer you products or services related to Hemp Fabric Ltd as long as you do not actively sign out for these messages.
Right to withdraw consent
If we have obtained your consent to process your personal data for certain activities (for example, our marketing activities or automatic profiling), you may withdraw that consent at any time, at which time we will cease the activity for which you had given your consent, unless we believe that there is an alternative ground to justify continued processing of your data for this purpose. In that case we will inform you about this condition.
The formulation. conduct or defense of criminal proceedings
We may sometimes need to process personal information and, where appropriate and in accordance with local laws and regulations, sensitive personal information in connection with conducting or defending criminal proceedings. GDPR permits this if the processing is ‘necessary for the institution, exercise or substantiation of a legal claim or if courts act within the scope of their jurisdiction’.