Privacy & Cookie Policy

Privacy Policy

Responsible for the processing of data is:
Hempro Int. GmbH
Münsterstr. 336
40470
Düsseldorf
service@hempro.com

Thank you for visiting our online shop. Protection of your privacy is very important to us. Below you will find extensive information about how we handle your data.

1. Access data and hosting

You may visit our website without revealing any personal information. With every visit on the website, the web server stores automatically only a so-called server log file which contains e.g. the name of the requested file, your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request.

These access data are analysed exclusively for the purpose of ensuring the smooth operation of the website and improving our offer. This serves according to Art. 6 (1) 1 lit. f GDPR the protection of our legitimate interests in the proper presentation of our offer that are overriding in the process of balancing of interests. All access data are deleted no later than seven days after the end of your visit on our website.

Third-party hosting services
Data are also processed by a third-party provider that we have engaged to render hosting and website presentation services on our behalf. This provider processes on its servers all data that are collected in the manner specified below when you visit our website or fill in forms made available for this purpose in our online shop. Data are processed on other servers only in the scope described herein. This service provider is based in an EU or EEA member state.

2. Data collection and use for processing the contract, making contact and for opening a customer account

We collect personal data that you voluntarily submit to us when you place an order, contact us (e.g. via contact form or by email) or open a customer account with us. Mandatory fields are marked as such because we absolutely need those data to perform the contract or process your contact request or open your customer account, and you would otherwise not be able to complete your order and/or create your customer account or send the contact request. It is evident in each input form what data are collected.

We use the data that you disclose to us to perform the contract and process your enquiries according to Art. 6 (1) 1 lit. b) GDPR. Upon completion of the contract or deletion of your customer account, any further processing of your data will be restricted, and your data will be deleted upon expiry of the retention period applicable under relevant regulations, unless you expressly consent to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by law, of which we inform you in this notice. Your customer account can be deleted at any time. For this purpose you can either send a message to the contact option specified below or use the relevant function available in the customer account.

3. Transfer of data

We disclose your data to the shipping company in the scope required for the delivery of the ordered goods according to Art. 6 (1) 1 lit. b) GDPR. Depending on the payment service provider you have selected during the ordering process, we disclose the payment details collected for order processing purposes to the bank commissioned to handle the payment and, as the case may be, to the payment service provider commissioned by us or to the selected payment service. Some of those data are collected by the selected payment service providers themselves if you open an account with them. In such a case, during the ordering process, you must register with your payment service provider using your access data. In this respect, the privacy notice of the relevant payment service provider applies.

Disclosure of data to a shipping provider
If, when or after placing your order, you have given your express consent to us doing so, we disclose your e-mail address and phone number to the selected shipping provider based on that consent according to Art. 6 (1) 1 lit. a) GDPR, in order to enable the shipping provider to contact you to advise you of the delivery or agree with you the delivery details.

You may revoke your consent at any time by sending a message to the contact option described below or by directly notifying the shipping provider at the contact address specified below. After you revoke your consent, we will delete the data disclosed for this purpose, unless you expressly consent to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by the law, of which we inform you in this notice.
DPD Deutschland GmbH
Wailandtstr. 1
63741 Aschaffenburg
Deutschland

Data transfer to debt collection companies
In order to fulfil the contract according to Art. 6 para. 1 s. 1 lit. b GDPR, we forward your data to an authorised debt collection agency if our payment claim has not been settled despite a previous reminder. In this case, the claim will be collected directly by the collection agency. In addition, the transfer of data serves to safeguard our legitimate interests in an effective assertion or enforcement of our payment claim in accordance with Art. 6 para. 1 s. 1 lit. f GDPR that are overriding in the process of balancing interests.

4. Email newsletter

E-mail advertising if you subscribe to the newsletter
If you subscribe to our newsletter, we will regularly send you our e-mail newsletter based on your consent according to Art. 6 (1) 1 lit. a) GDPR, using the data required or disclosed by you separately for this purpose.

You may unsubscribe from the newsletter service at any time. For this purpose you can either send a message to the contact option specified below or use the opt-out link in the newsletter. Upon unsubscription, we will delete your email address unless you have expressly consented to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by the law, of which we inform you in this notice.

The newsletter is sent to you by our service provider who processes data on our behalf and to whom we disclose your email address.

This service provider is based in the USA and is certified to the EU-US Privacy Shield. The current certificate can be looked up here. Based on this agreement between the USA and the European Commission, the latter has recognised entities certified to the Privacy Shield as those ensuring an adequate level of data protection.

5. Use of data for payment processing

Identity and credit assessment in the case of selecting Klarna's payment services
If you select the payment services offered by Klarna, we will ask you to provide your consent according to Art. 6 (1) 1 lit. a) GDPR in order to transfer to Klarna the data required for the processing of the payment and for identity and credit assessment. In Germany, the identity and credit assessment may be carried out by credit reference agencies listed in Klarna's privacy policy.
Klarna uses the information it obtains about the statistical probability of default for making a well-balanced decision about the establishment, performance or termination of the contractual relationship.
You may revoke your consent at any time by sending a message using the contact data below. The consequence may be that we will no longer be able to offer you certain payment options. You may revoke your consent to such use of your personal data also by notifying Klarna thereof at any time.

Data protection provisions about the use of secupay.debit, secupay.purchase on account or secupay.credit card
On this website, the controller has integrated the components secupay.debit and secupay.credit card (subsequent "secupay"), Goethestr. 6, 01896 Pulsnitz. secupay is a payment institution as defined by the Payment Services Supervision Act (ZAG) and is registered with the Federal Financial Supervisory Authority (BaFin), Graurheindorfer Str. 108, 53117 Bonn. (Registernummer: 126737) and allows cashless payment of products and services on the Internet.
secupay represents a procedure by which the purchase price claim is assigned to secupay. This enables a dealer to deliver goods, services or downloads to the customer immediately after placing the order.
If you as the data subject chooses "debit", "purchase on account" or "credit card" as the payment option in our online shop during the order process, we automatically transmit the data of the data subject to secupay. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.
When making a purchase via secupay, you as the purchaser transmit the payment data to secupay. secupay then carries out a technical examination of the risk of non-payment. The execution of the financial transaction is then automatically communicated to the online merchant.
The personal data transmitted to secupay is usually first name, last name, address, email address, IP address, telephone number or other data necessary for payment processing. The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to secupay, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between secupay and the controller for the processing of the data will be transmitted by secupay to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
secupay will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.
The data subject has the possibility to revoke consent for the handling of personal data at any time from secupay. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
The applicable data protection provisions of secupay may be retrieved under https://www.secupay.com/en/privacy


6. Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.

This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 (1) f GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here.

When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.

This is necessary for the fulfillment of our and Trusted Shops' legitimate prevailing interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with Art. 6 para. 1 s. 1 lit. f GDPR. Further details, including your right to object, can be found in the Trusted Shops Privacy Policy linked above and within the Trustbadge.

7. Cookies and web-analysis

In order to make a visit to our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages, provided that you have given your consent to do so in accordance with Art. 6 (1) 1 a GDPR. In addition, we use cookies to the extent that this is necessary to fulfil a legal obligation to which we are subject, in accordance with Art. 6 (1) 1 c GDPR and to safeguard our predominant legitimate interests in an optimised presentation of our offer in the context of a balancing of interests in accordance with Art. 6 (1) 1 f GDPR. Further information on individual cookies and the respective legal basis can be found in the following sections of this privacy policy.

Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser during your next visit (persistent cookies).The duration of storagecan be seen in the cookie settings of your web browser.
You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or whether to exclude the acceptance of cookies in certain cases or in general (detailed information on the settings options of your browser can be found below).
If cookies are not accepted, however, the functionality of our website may be restricted. Below we present information on cookies we use and how you can customise your browser in that respect.

How can I configure the cookie settings of my browser?

Each browser is different in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these for each browser under the following links:
Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

What types of cookies are being used?

Necessary cookies: These cookies are necessary to enable you to use our website. This includes e.g. cookies that enable you to log into the customer area or add items to your shopping cart.

Analytical / performance cookies: These cookies enable collecting anonymised data about user behaviour on our website. We analyse them e.g. to improve the functionality of our website and recommend you products that will be interesting to you.

Functionality cookies: These cookies are used for certain features of our website, e.g. to improve the website’s navigation, or deliver to you customised and relevant information (e.g. ads that match your interests).

If you have given your consent in accordance with Art. 6 (1) 1 a GDPR, you can also revoke your consent at any time by sending a message to the contact option described in the privacy policy.

Usercentrics Consent Management Platform
On our website we use the Usercentrics Consent Management Platform ("Usercentrics") to inform you about the technologies we use on our website and to obtain, manage and document your consent to the processing of your personal data by these technologies. This is required under Art. 6 (1) 1 c GDPR to fulfil our legal obligation under Art. 7(1) GDPR to be able to prove your consent to the processing of your personal data, to which we are subject. The consent management service Usercentrics is provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, which processes your data on our behalf. When you visit our website, Usercentrics' web server stores a so-called server log file, which also contains your anonymised IP address, the date and time of your visit, device and browser information as well as information on your consent behaviour. Your data will be deleted after three years, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) 1 a GDPR or we reserve the right to use your data in a manner that goes beyond this, which is legally permitted and about which we inform you in this privacy policy.

Using of Google (Universal) Analytics for web analytics
Insofar as you have given your consent according to Art. 6 (1) 1 lit. a) GDPR, this website uses Google (Universal) Analytics, a web analytics service provided by Google for the purpose of website analytics. Google Analytics is an offer from Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.co.uk). Google (Universal) Analytics uses methods, like e.g. cookies, that enable an analysis of your use of the website. The information collected automatically by cookies about your use of this website are as a rule transmitted to and stored on a Google server in the United States. At the same time, as IP anonymisation is enabled on this website, the IP address will be shortened before being transmitted within the area of member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be sent to a Google server in the USA and shortened there. Generally, Google does not associate the anonymised IP address, transmitted from your browser through Google Analytics, with any other data held by Google.

Where information is transmitted to and stored by Google on servers located in the United States, the U.S. company Google LLC is certified under the EU-US Privacy Shield. You will see the up-to-date certificate here. Based on this agreement between the USA and the European Commission, the latter has recognised entities certified to the Privacy Shield as those ensuring an adequate level of data protection.

You may revoke your consent at any time with future effect by downloading and installing the browser plug that is available at this link.This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google.

Alternatively to the browser plugin, you may click deactivate Google Analytics, to prevent Google Analytics from recording your data on this website in the future. In this process, an opt-out cookie will be stored on your end-user device. If you clear your cookies, you will have to click the link again.

You can change your cookie settings anytime by clicking this link.

8. Further technologies

On our website we may use other technologies (e.g. cookies, web analysis tools, online marketing tools, social plugins) which are not listed individually in this privacy policy. Further information on these technologies and the respective legal basis can be found on the platform of our consent management service Usercentrics, which we have integrated on our website. You can access the Usercentrics platform by clicking on the fingerprint button in the lower left corner of the page.

9. Online Marketing

Google Ads remarketing
We use Google Ads to advertise our website in Google search results and on third-party websites. As far as you have given your consent according to Art. 6 (1) 1 lit. a) GDPR for every visit of the website the so-called remarketing cookie of Google is set by Google, which allows the automatic displaying of interest-based advertising using a pseudonymous cookie ID and information about your website visits. After the purpose of use has ceased to exist and the use of Ads Remarketing has ended from our side, the data collected in this context will be deleted.

Any data processing that goes beyond that scope takes place only if you have allowed Google to associate your web and app browsing history with your Google account and to use information from your Google account to personalise ads that you see across the web. If, in such a case, you visit our website while being signed in to Google, Google will use your data together with Google Analytics data to build and define audience lists for cross-device remarketing. For this purpose, Google will temporarily join your data with Google Analytics data to build audiences.

Google Ads is an offer from Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.co.uk). Where information is transmitted to and stored by Google on servers located in the United States, the U.S. company Google LLC is certified under the EU-US Privacy Shield. Here you can see the up-to-date certificate. Based on this agreement between the USA and the European Commission, the latter has recognised entities certified to the Privacy Shield as those ensuring an adequate level of data protection.

You can revoke your consent at any time with future effect by clickng the remarketing cookie via this link. In addition, you can obtain information about the setting of cookies from the Digital Advertising Alliance and accordingly adapt the settings of your browser.

10. Social Media

Our online presence on Facebook, Instagram, Pinterest
Our presence on social networks and platforms serves a better, active communication with our customers and interested parties. We inform there about our products and current special offers.
When you visit our websiteson social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from these data using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your terminal. The visitor behaviour and the interests of the users are stored in these cookies. This serves in accordance with Art. 6 (1) 1 lit. f) GDPR to protect our legitimate interest in an optimised presentation of our offer and effective communication with customers and interested parties that are overriding in the balancing of interests. If you are asked by the respective social media platform operators for a consent into the data processing, e.g. with the help of a checkbox, the legal basis of data processing is Art. 6 (1) 1 lit. a) GDPR.
If the aforementioned social media platforms are headquartered in the USA, the following applies: The European Commission has adopted a decision on appropriateness for the USA. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.
For detailed information on the processing and use of the data by the providers on their pages as well as a contact option and your rights and setting options for the protection of your privacy, in particular opt-out options, please refer to the providers' data protection information linked below. If you still need help, you can contact us.

Facebook: https://www.facebook.com/about/privacy/

The data processing is based on an agreement between jointly responsible parties in accordance with Art. 26 GDPR, that can be viewed here.
Further information on data processing in the context of visiting a Facebook fan page (information on Insights data) can be found here.

Instagram: https://help.instagram.com/519522125107875

Pinterest: https://about.pinterest.com/en/privacy-policy

Possibility to object (opt-out):

Facebook: https://www.facebook.com/settings?tab=ads

Instagram: https://help.instagram.com/519522125107875

Pinterest: https://www.pinterest.co.uk/settings

11. Contact possibilities and your rights

Being the data subject, you have the following rights according to:

  • art. 15 GDPR, the right to obtain information about your personal data which we process, within the scope described therein;
  • art. 16 GDPR, the right to immediately demand rectification of incorrect or completion of your personal data stored by us;
  • art. 17 GDPR, the right to request erasure of your personal data stored with us, unless further processing is required
    • to exercise the right of freedom of expression and information;
    • for compliance with a legal obligation;
    • for reasons of public interest or
    • for establishing, exercising or defending legal claims;
  • art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as
    • the accuracy of the data is contested by you;
    • the processing is unlawful, but you refuse their erasure;
    • we no longer need the data, but you need it to establish, exercise or defend legal claims, or
    • you have lodged an objection to the processing in accordance with art. 21 GDPR;
  • art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller;
  • art. 77 GDPR, the right to complain to a supervisory authority . As a rule, you can contact the supervisory authority at your habitual place of residence or workplace or at our company headquarters.

If you have any questions about how we collect, process or use your personal data, want to enquire about, correct, restrict or delete your data, or withdraw any consents you have given, or opt-out of any particular data use, please contact us directly using the contact data provided in our supplier identification.

********************************************************************
Right to object
If we process personal data as described above to protect our legitimate interests that are overriding in the process of balancing of interests, you may object to such data processing with future effect. If your data are processed for direct marketing purposes, you may exercise this right at any time as described above. If your data are processed for other purposes, you have the right to object only on grounds relating to your particular situation.

After you have exercised your right to object, we will no longer process your personal data for such purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

This does not apply to the processing of personal data for direct marketing purposes. In such a case we will no longer process your personal data for such purposes.
********************************************************************