We believe that your privacy should be our priority. It is our responsibility to take care of your privacy and the data that is processed. Since we’re located in the Netherlands, we are bound by GDPR (the General Data Protection Regulation) and have to comply with it.
In short, your data is safe with us. Continue reading to learn more about when we collect your information, what we do with it and how we protect it.
1. What Personal Data we collect, how and why
- We also collect your IP address and geographical location from which you accessed our website, your internet connection and browser type, and information about how you use our website (for example, which pages you view, when you view them, and what you click on).
- The collection of this data is automatic as soon as you visit our website.
- Why do we collect this data? We use this data to understand more about how you and other users interact with our website.
- With your explicit permission, we may send you newsletters about our store, new products, and other updates. The following information is collected in context of the newsletter:
- First & last name
- E-mail address
- Why? To send newsletters and promotions, and we use your name to personalize these emails. You can always opt out of these emails through the unsubscribe link in the bottom, or by contacting us at [email protected]
1.3 Comments, reviews, job applications, etc.
- We collect the Personal Data that you explicitly provide when you submit comments, feedback, questions, product reviews or job applications, and when you complete a survey or quiz or enter a contest on our website.
- Why? To respond to these events whenever necessary. We will not use this data to contact you for marketing purposes.
1.4 Customer service
- When you email us or send us something via postal service, we collect your Personal Data
- Why? To respond to you and keep a record of our correspondence.
- When you place an order on our website, we can create an account. You can also choose to create an account without placing an order. When you create an account, we collect the following data that you explicitly provide us:
- First & last name
- Phone number
- IP address
- E-mail address
- Payment details
- Why? To ship you your order, to be able to provide you with customer service, and to save you time if you want to place another order in the future. You can close your account at any time by contacting us at [email protected]
The Weedseedsexpress processes Personal Data for the following purposes:
- the performance of the agreement (for example: fulfilling your order),
- compliance with a statutory obligation (for example: keeping invoices for tax purposes),
- the promotion of legitimate interests of the Weedseedsexpress (for example: fraud prevention),
- after obtaining permission from the customer (for example: you explicitly subscribe to our newsletter),
- based on another reason included in Article 6 (1) of the General Data Protection regulation (EU 2016/679).
We do not intentionally or knowingly collect sensitive personal information about you, meaning, any information that reveals your race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information used to identify you, and any information concerning your health, sex life or sexual orientation. If you share sensitive personal information with us, we process it and may delete it with the understanding that you explicitly consented to its deletion.
2. How we use Personal Data
We use your Personal Data to provide you with a rich and interactive experience on our website.
Your data is used to market and sell our products, to provide customer support, to fulfil your order requests and provide invoices, confirmations and updates, to improve and develop our products and website, to make product recommendations, and to send you promotional communications, targeted advertising and relevant offers.
We use your Personal Data to respond to your comments, feedback and questions, to notify you about changes to our website, and to provide you with emails, alerts or updates if you have consented to receiving these from us.
The Personal Data we collect can tell us a lot about how users interact with our website and other marketing communications. We perform various data analytics to deepen our understanding of our website users, and we anonymize this data whenever possible (for example: IP anonymization in Google Analytics). We can improve our websites and marketing activities when we better understand usage behaviour.
When legally required to do so, we will use Personal Data to comply with our legal obligations and any applicable laws and regulations.
3. Where we store and process Personal Data
We are located in the Netherlands, with a global reach. To market and sell our products online, we use third party service providers that collect and process certain Personal Data on our behalf. These third parties have servers located in Canada and the U.S., and they may use servers located in other regions – see section “Who we share Personal Data with and why”, below, for more information.
If you live in the European Economic Area (“EEA”), your Personal Data is transferred outside the EEA. We ensure appropriate safeguards are in place whenever we transfer your data outside the EEA. Third parties who transfer your Personal Data outside the EEA on our behalf comply with the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. For more information, see www.privacyshield.gov.
4. Who we share Personal Data with and why
We share your Personal Data only when we have a legitimate reason for doing so. We do not sell or give away your Personal Data.
We use a variety of third-party service providers to help us market and sell our products online. We have entered into a data processing agreement with all our third-party providers. The following third parties process Personal Data on our behalf:
- We use Google Analytics for web analytics services. We have configured Google Analytics to anonymize IP addresses so that no personal information is captured or shared with Google. You can read more about how Google uses your Personal Data here: https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites here: https://www.hotjar.com/legal/compliance/opt-out.
5. How long we retain Personal Data
We will not retain your Personal Data for longer than necessary for the purposes set out in this policy, or longer than is required by (tax) law. Different retention periods apply for different types of data, but the longest we will hold any Personal Data is 10 years.
- Account information: We store your account-related data as long as you keep the account active. When an account is closed, the related data will be deleted within a reasonable period. Requests regarding inspection or correction of stored Personal Data, or the removal of an account can be sent to: [email protected]
- Newsletter information: We keep your data in our newsletter database as long you don’t revoke your consent. Consent can easily be revoked by using the unsubscribe option below each email, or by contacting us at [email protected]
6. How we keep your Personal Data secure
We use a range of measures to keep your Personal Data safe and secure:
- We and our third-party service providers use secure servers to store your Personal Data. Secure Sockets Layer (“SSL”) technology is used to encrypt transfers of data to and from our servers and to encrypt payments you make on or via our website.
- We follow all PCI-DSS requirements and implement additional, generally accepted industry standards.
- Account-related information is shielded with a hashing method. This method transforms information into a generated hash. As a result, sensitive information is secured, and is even invisible to us.
- Our databases are exceptionally protected against unauthorised persons. For example, access to the database is only possible and permitted by approved IP addresses (such as Weedseedsexpress offices). Other attempts and addresses are refused at all times.
- We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect Personal Data when using and transferring such data. All third parties mentioned in “Who we share Personal Data with and why” are screened, GDPR compliant, and are provided with a processor agreement.
- Staff only has access to personal information that is strictly needed for their jobs. Only staff of the Weedseedsexpress who are employed in the departments Sales & Marketing, Customer Service, Logistics & Procurement, E-commerce, ICT and Management Team have access to Personal Data.
If a data breach occurs which jeopardizes the security of your Personal Data, we will work with our third-party service provider(s) to address the breach. In case of a data breach of sensitive data, we will notify users promptly within 72 hours of discovery of the breach.
7. How to access and control your Personal Data
You can contact us at any time to request access to, deletion of and/or edits to your Personal Data. Please contact us, outlining your request, at [email protected], or at the address provided in the “How to contact us” section, below.
You can withdraw your consent at any time for anything you gave consent to. You can also object to or restrict our use of your Personal Data.
If you have a customer account on our website, or you have posted any comments on our website, you can request to receive an exported file of your Personal Data.
You can also request that we delete any Personal Data we hold about you, excluding any data we are obligated to keep for administrative, legal or security purposes.
When you request access to your Personal Data, we are required to use all reasonable measures to verify your identity before granting access. We do this to protect your data and limit the risk of potential identity fraud/theft or unauthorized access.
Finally, you have the right to contact the privacy or data protection regulator in the country where you live to make a complaint. You can find a list of all European Data Protection Authorities here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
We may modify this policy from time to time. When we do, we will provide notice to you by publishing the most current version and revising the date at the top of this page.
If we make a material change to the policy, we will provide additional notice by sending you an email and/or displaying a prominent notice on our websites.
By continuing to use our websites after changes to this policy come into effect, you agree to the revised policy.
10. How to contact us
- Email: [email protected]
- Phone: +31 23 30 20 309