Skip To Content

Absoluut de beste kwaliteit CBD

TERMS & PRIVACY

Privacy Policy

  1. General Statement

    Every EU citizen may ask how a company handles their personal data. Every company must be able to answer the following questions for all customers:

    • Which personal data is stored?
    • For what purpose is the data stored?
    • Is personal data passed on to third parties? If so: which?
  2. Gathering and use of Personal Information

    In the case of a data breach, companies must notify the responsible data protection authority within 72 hours. For serious incidents it is also necessary to inform the affected persons.

  3. Use of Cookies

    Privacy by Design intends to minimise the collected data. This also includes the use of advanced encryption methods.

  4. Disabling Cookies

    Along with the technical aspects, the standard settings of the used applications should be as private and privacy-friendly as possible. This ensures that personal data is not shared with the public.

  5. Links

    Customers, who wish to change providers, must be able to simply migrate their data. Therefore, the export and transfer of data must be barrier free, e.g. all documents can be exported in one data packet.

  6. Rignt of Access

    Companies, which manage sensitive data, must employ a data protection officer. This requirement is already enforced in Germany today, and will be introduced in other countries such as Switzerland. The data protection officer can be internal or external to the company. It is recommended for most companies to fill this role as the topic of data protection is complex.

  7. Revisions of Privacy Policy

    The protection of customer data outside of the EU and Switzerland is still precarious because the data protection regulations of non-member states are often less strict. If companies wish to continue to protect data in non-member states, the evaluation of the EU Commission is to be observed. Data transfer to Switzerland is unproblematic due to the decision of the EU Commission.

  8. Companies outside of the EU are also affected

    The new data protection directive applies to all companies, which manage the data of EU citizens. As a result, many companies with their registered office outside of the EU area are also affected.

  9. Infringements may be punished with heavy fines

    Although the new legislation is very complex, it is important that all affected companies take steps to comply with it. After all, the penalties may assume existential proportions – in the worst case up to four percent of the worldwide annual turnover or up to 20 million euros.

General Data Protection Regulation

General Statement

Every EU citizen may ask how a company handles their personal data. Every company must be able to answer the following questions for all customers:

  • Which personal data is stored?
  • For what purpose is the data stored?
  • Is personal data passed on to third parties? If so: which?

In the case of a data breach, companies must notify the responsible data protection authority within 72 hours. For serious incidents it is also necessary to inform the affected persons.