GDPR

Personal Data Protection Policy (GDPR)

of the website www.cannamed-pharma.pl operated by CANNA MED PHARMA SP. Z O.O. with its registered office in Warsaw, al. Solidarności 155/4, 00-877 Warsaw, KRS: 0001104367, NIP: 5273111445, REGON: 528551949

  1. Personal data controller. The controller of your personal data within the meaning of Article 4(7) of the GDPR is: CANNA MED PHARMA SP. Z O.O. Address: al. Solidarności 155/4, 00-877 Warsaw E-mail: rodo@cannamed-pharma.pl Tel.: +48 XXX XXX XXX
  2. Purposes and legal basis for data processing. We process your personal data only to the extent permitted by law, for the following purposes:

 

Purpose of processing

Legal basis

Legitimate interest

Handling inquiries via contact form or email

Article 6(1)(f) of the GDPR

Responding to an inquiry

Order fulfillment or service provision

Article 6(1)(b) of the GDPR

Performance of the contract

Marketing of own products and services (e.g., newsletter)

Article 6(1)(a) or (f) of the GDPR

Promoting business

Conducting statistical analyses

Article 6(1)(f) of the GDPR

Improvement of website functionality

Compliance with legal obligations (e.g., accounting, taxes)

Article 6(1)(c) of the GDPR

Compliance with legal regulations

Establishing, investigating or defending claims

Article 6(1)(f) of the GDPR

Protection of administrator rights

  1. Data recipients. Your personal data may be disclosed to the following categories of entities:
  • entities providing IT, hosting, and analytical services (e.g., Google, OVH, Microsoft),
  • companies providing legal, accounting and consulting services,
  • payment operators and payment systems (e.g. Przelewy24, PayPal),
  • couriers and postal operators (in the case of product shipment),
  • public authorities to the extent required by law.
  1. Transfer of data to third countries. Your data may be transferred outside the European Economic Area (EEA) only when necessary and with appropriate safeguards, such as:
  • European Commission decisions confirming an adequate level of protection
  • standard contractual clauses adopted by the European Commission,
  • binding corporate rules (Binding Corporate Rules).

We currently use service providers who may process data outside the EEA (e.g., Google, Meta). In such cases, we ensure compliance with Articles 44–49 of the GDPR.

  1. Data retention period. Your personal data will be stored:
  • for the duration of the contract and for the time necessary to pursue claims,
  • for the period required by law (e.g., 5 years for accounting documents),
  • until consent is withdrawn (if processing is based on consent),
  • until an effective objection to processing is lodged (if the basis is a legitimate interest).
  1. Twoje prawa. Zgodnie z RODO przysługują Ci następujące prawa:
  • Prawo dostępu do swoich danych osobowych (art. 15 RODO),
  • Prawo do sprostowania danych (art. 16 RODO),
  • Prawo do usunięcia danych („prawo do bycia zapomnianym”, art. 17 RODO),
  • Prawo do ograniczenia przetwarzania (art. 18 RODO),
  • Prawo do przenoszenia danych (art. 20 RODO),
  • Prawo do sprzeciwu wobec przetwarzania danych (art. 21 RODO),
  • Prawo do cofnięcia zgody w dowolnym momencie (art. 7 ust. 3 RODO),
  • Prawo do wniesienia skargi do Prezesa Urzędu Ochrony Danych Osobowych (PUODO).
  1. Your rights. Under the GDPR, you have the following rights:
  • Right of access to your personal data (Article 15 of the GDPR),
  • Right to rectification (Article 16 of the GDPR),
  • Right to erasure (“right to be forgotten,” Article 17 of the GDPR),
  • Right to restriction of processing (Article 18 of the GDPR),
  • Right to data portability (Article 20 of the GDPR),
  • Right to object to data processing (Article 21 of the GDPR),
  • Right to withdraw consent at any time (Article 7(3) of the GDPR),
  • Right to lodge a complaint with the President of the Personal Data Protection Office (PUODO).
  1. Automated decision-making and profiling. Your data is not used for automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, we may use analytical tools (e.g., Google Analytics) to analyze website traffic and optimize content—this is known as statistical profiling, which does not affect your rights or freedoms.
  2. Cookies and other technologies. For more information about cookies, please see our Cookie Policy, which forms an integral part of this document.
  3. Changes to the GDPR Policy

The administrator reserves the right to make changes to this policy. Changes will be published on the website along with an appropriate notice.

  1. Contact for matters related to the GDPR

If you have any questions, requests, or complaints regarding the protection of personal data, please contact us at:
rodo@cannamed-pharma.pl
or by mail to the Company’s registered office address.

Download the Right to be Forgotten Statement