(hereinafter: Processing Manager)
The Processing Manager is a company whose primary activity is the production, sale, consulting and distribution of spices, herbs and dehydrates.
The Processing Manager sells his/her products in stores and through the web shop on this website. The Processing Manager is not focused on personal data nor does he/she engage in extensive processing of personal data of individuals. The personal data that the Processing Manager encounters and processes in his or her regular business are data collected with consent for the purpose of sales and purchases.
Purpose of the document
Value of personal data and responsibility for their protection
Personal information is any information relating to an individual whose identity is identified or identifiable („subject”); an individual whose identity can be determined is a person who can be indentified directly or indirectly, especially with the help of identifiers such as name, identification number, location information, network identity or with the help of one or more factors that are specific to the individual's physical, physiological, genetic, mental, economic, cultural or social identity.
Personal data that is collected and processed by the Processing Manager is constituted as a business secret. The Processing Manager shall implement technical and organizational security measures that ensure the confidentiality of all personal data, which includes the prevention of unauthorized access to personal data and equipment used in the processing of data or their unauthorized use.
All user information is strictly confidential and is only available to the employees when and where such information is necessary for them to perform their job. The staff of the Processing Manager is responsible for compliance with the privacy principles.
Personal data must be treated with particular care and may only be used for the reason for which they were collected.
We only collect personal information that is voluntarily provided to us or for which there is another lawful basis for processing.
Collection and processing of personal information
The collection of personal information may only be conducted in accordance with legal requirements and ethical principles. It is permissible to process personal data only when there is a clearly defined and documented legal or contractual basis for this, while all other processing of personal data is allowed only with the clear documented consent of the owner or his/her proxy.
We only collect personal information when the subject gives us consent to do the same: when registering on the site or through various forms on the site.
This same information is used for contracting purposes, and to familiarize the Seller with the purchasing habits of the Buyer, as well as for informational purposes, and for promoting purposes of the Seller's services and products.
We primarily collect personal information for the following reasons:
Ø to answer your question as efficiently as possible;
Ø in order to execute the purchasing contract;
Ø to promote our services and to express intention of entering into a contract;
Ø for our internal statistical data processing;
Ø the ability to send publications, brochures and other promotional materials;
Ø to fulfill our legal and contractual obligations;
Ø legitimate interest.
The Processing Manager processes personal data solely to the extent necessary in order to provide the service and achieve the above goals. When storing data, personal data are stored in as few places as possible and the information is adequately protected.
In the case that you are making a payment by credit or debit card on our site, our business partner WSPay, which enables the said service, gives the following Statement on the Protection of the Transfer of Personal Information.
WSPay as the executor of credit card authorization and collection handles personal data in the capacity of a processing agent, and handles personal data in accordance with the General Data Protection Regulations and according to the strict rules of the PCI DSS L1 regulations on the protection of data entry and transfer.
WSPay uses the SSL certificate 256 bit encryption and TLS 1.2 cryptographic protocol as the highest level of protection for data entry and transfer.
Personal data used for the purposes of authorization and collection, or for the performance of obligations under the Agreement or based on the Agreement, shall be considered confidential.
In order to execute the Contract (authorization and payment), the following Consumer's information is necessary: Name and surname, E-mail, Telephone number, Address, Place, Zip code, Country, Type of card, Card number, Card expiration date, CVV code.
WSPay does not process or use this personal information except for the purpose of executing the authorization and for billing.
WSPay guarantees the fulfillment of all conditions prescribed by the applicable regulations on the protection of personal data for the executors who process the personal data, and in particular taking all the necessary technical, organizational and security measures, and this is confirmed by the PCI DSS L1 certificate.
As Processing Manager, we always give you the choice on how your information will be used, including the ability to decide whether or not you want your name removed from the lists used for marketing campaigns. We do not require you to submit information in order for you to access our site.
The Processing Manager stores personal data that is collected up until the subject cancels the same. The individual may withdraw his/her consent for further collection of information at any time as well as the processing and use of personal information. A request to recall the storage of personal information must be sent, in writing, to the address of the company or by email: firstname.lastname@example.org
When you visit our sites, our web server always saves the name of your Internet Service Provider, the web location from which you visited us, the sites you viewed during your visit and the date and time of your visit. Our cookies do not contain any specific personal data, so your privacy remains protected, because it is not personal information, that is, we do not use the personal information we collect in order to identify you.
The IP address is transmitted with each request sent to the server, so the server knows where a response must be sent. The Internet Service Provider (ISP) assigns everyone an IP address when connecting to the internet. ISP can monitor which IP address is assigned to individual users and at which point. As long as the IP address is stored and hasn't been deleted, it can theoretically be possible to identify the end user through the ISP. For this reason, the Processing Manager does not store the IP addresses of visitors, rather the addresses are used to identify the session and to defend against attack. The IP address is deleted immediately afterwards, so the information collected remains anonymous and the ISP cannot be used to identify the end-user.
In addition, personal information is only stored if you voluntarily make it available to us, for example, through registration, surveys, contests or for the purpose of executing a Contract.
Data subject rights
The Processing Manager enables the realization of the data subject rights. You have the right to ask for the following at any time:
Ø deletion of personal information („the right to be forgotten“) if the processing of your personal information is no longer necessary for the purpose for which it was collected or if you withdraw your consent for the processing of personal data or if you object to the processing of your personal data and prove that your legitimate interests in deleting personal data outweigh the legitimate interest of the Processing Manager in processing your personal data;
Ø correction of personal information if any of your information has changed or if you have noticed an error in your personal information that has been collected;
Ø transfer of personal information, that is, request your personal information electronically and pass it on to a third party;
Ø object if you oppose the purpose for which your personal data is being processed;
Ø limitation of the processing of your personal data if you dispute the accuracy of the personal data, if you oppose the deletion of your personal data and instead seek a restriction on their use; if the Processing Manager no longer needs your personal data for processing purposes, but you are asking for them for the purpose of setting up, obtaining or defending legal claims; if you filed a complaint due to the processing of personal data.
You can exercise your rights at no cost, electronically, by email: email@example.com.
Exceptionally, if you require that you receive a certificate in a format other than electronic form for the purpose of transmitting your personal data, the Processing Manager reserves the right to charge a reasonable administrative fee for the issuance of an additional copy of the personal data.
In the event of personal data breach which could cause you considerable damage, the Company Manager will inform you without delay and take all necessary measures to remove the damage and to limit or mitigate the adverse effects of the personal data breach.