HolyWorld SA ("us", "we", or "our") operates the https://www.cbdetc.com website (the “Site”).
This website is not intended for children and we do not knowingly collect data relating to children.
“Data Controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed.
Data Processor (or Service Providers)
“Data Processor” (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
“Personal Data” means any information about an individual whose identity is apparent or can be ascertained, directly or indirectly.
3. PERSONAL INFORMATION WE COLLECT
We collect various types of information about you when you use or make a purchase from our Site.
Personal contact information
This includes any information you provide to us that would allow us to contact you, such as your name, postal address, e-mail address, social network details, or phone number.
Account login information
Any information that is required to give you access to your specific account profile. Examples include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer.
Demographic information & interests
Any information that describes your demographic or behavioral characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g. postcode/zip code), favorite products, hobbies and interests, and household or lifestyle information.
Technical information about computer/mobile device
Any information about the computer system or other technological device that you use to access our Site, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access the Site via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data.
Websites/communication usage information
Examples of cookies we use:
Session Cookies: we use session cookies to operate our Site.
Preference Cookies: we use preference cookies to remember your preferences and various settings.
Security Cookies: we use security cookies for security purposes.
4. HOW IS YOUR PERSONAL DATA COLLECTED?
We collect information from you when you register on the site, place, or pay for an order or participate in a Site feature including, without limitation, requesting marketing to be sent to you, subscribing to our publications, submitting content to the Site, entering a competition, promotion or survey, or writing a review.
5. HOW WE USE YOUR PERSONAL DATA
In general, we use your Personal Data to respond to your requests, conduct your requested transactions, maintain and customize your account and our interactions with you and provide, maintain and improve our products and services. The specific purposes for which we process your Personal Data are:
- to administer your online account and profile (the legal basis for this processing is our legitimate interest in better understanding user needs and expectations and improving our Site);
- to provide products and services to you, sending notifications related to your purchases, and processing exchanges or returns (the legal basis for this processing is the performance of the purchase agreement between you and us);
- to conduct or administer events, contests, prize draws, sweepstakes or other promotions in which you have participated (the legal basis for this processing is the performance of the agreement between you and us related to such contest, prize draw, sweepstakes or other promotion);
- to respond to any communications from you, including to troubleshoot problems with our Site (the legal basis for this processing is our legitimate interest in providing you with a functional Site);
- to analyse your use of and customise your experience on our Site (the legal basis for this processing is our legitimate interest in better understanding user needs and expectations and improving our Site);
- to develop and manage our business and operations (the legal basis for this processing is our legitimate interest in understanding shopping behaviour, improving our selection of products and services, and exploring ways to develop and enhance our business);
- to detect, investigate and prevent fraudulent transactions, error, negligence, breach of contract, and other illegal activities (the legal basis for this processing is our legitimate interest in preventing fraud, error, negligence, contractual breach and other illegal activities);
- to comply with our legal obligations, including our tax obligations, those related to the prevention of fraud and money laundering, and those required for you to benefit from rights recognized by law, or any regulatory requirements or provisions (the legal basis for this processing is compliance with our legal obligations under laws in the Switzerland related to, for instance, taxation, money-laundering and terrorism financing and consumer protection law); and
- to offer you opportunities to purchase products or services that we believe may be of interest to you, by supplementing the information we collect about you with information from third parties (the legal basis for this processing is our legitimate interest in providing information about products and services that may be of interest to you, unless applicable law requires us to obtain your consent, in which case we will do so).
6. DISCLSOURE OF YOUR PERSONAL DATA
We do not share Personal Data about you with third parties except as follows:
Internal Third Parties
HolyWorld SA is a subsidiary of MPX International Corporation (“MPXI”). We may disclosure your Personal Data to MPXI. Since MPXI is located outside of Switzerland, please note that these disclosures involve cross-border transfers of your Personal Data as described in the “Data Transfers” section below.
Our Service Providers
We share Personal Data with external companies who perform services for us.
For example, we use PrestaShop SA, a company registered in France with its registered office at 12 rue d’Amsterdam, 75009 Paris, France (“PrestaShop”), with servers located in the European Union, United States and Canada, to power our online store and to transact payments (you can read more about how PrestaShop uses your Personal Data here: https://www.prestashop.com/en/privacy-policy).
We only share with service providers the Personal Data that they need to perform services for us. Since our service providers are located around the world, please note that these disclosures involve cross-border transfers of your Personal Data as described in the “Data Transfers” section below.
Third party companies using Personal Data for their own marketing purposes.
Except in situations where you have given your consent, we do not license or sell your Personal Data to third party companies for their own marketing purposes. Their identity will be disclosed at the time your consent is sought.
Third party recipients using Personal Data for legal reasons or due to merger/acquisition
We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger.
Compliance with Law
We will disclose Personal Data when we believe doing so is reasonably necessary to comply with applicable law or legal process (including requests from authorities) and to respond to claims (including inquiries by you in connection with your purchases from us).
7. DATA TRANSFERS
The Personal Data we collect may be transferred to and stored or otherwise processed by our services providers and internal third party outside of Switzerland including (but not limited to) in the United States and Canada. Some of these jurisdictions have different data protection standards to those which apply in Switzerland. Where a third party processes your Personal Data on our behalf, we will ensure that one of the following safeguards is implemented:
- we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the Federal Data Protection and Information Commissioner;
- where we use certain service providers, we may use specific contracts approved by the Federal Data Protection and Information Commissioner which give Personal Data the same protection it has in Switzerland; and
- where we use providers based in the US, we may transfer data to them if they are part of the Swiss-US Privacy Shield which requires them to provide similar protection to Personal Data shared between Switzerland and the US.
8. YOUR PERSONAL DATA RIGHTS
Subject to certain limitations and exceptions, you have the following legal rights regarding our processing of your Personal Data:
A right to obtain information: you have the right to request information about how we process your Personal Data.
A right of access: you have the right to request access to, or a copy of, the Personal Data we process about you.
A right of rectification: you have the right to request that we correct or supplement inaccurate or incomplete Personal Data we process about you.
A right of erasure: you have the right to request that we delete Personal Data about you.
A right to restriction of processing: you have the right to request that we restrict processing of your Personal Data, so that we can store such data but not otherwise process it.
A right to data portability: in certain circumstances, you have the right to request that we provide the Personal Data which you provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another controller without hindrance from us.
A right to object to processing: you have the right to request that we stop processing Personal Data about you. For example, when your Personal Data is processed for email marketing purposes, you have the right to object to such processing at any time by clicking on the “unsubscribe” link at the bottom of such marketing communications.
A right to revoke your consent: when our processing is based on your consent, you have the right to revoke such consent at any time.
The right to file a complaint: you have the right to file a complaint regarding our data protection practices with a supervisory authority. You can do so by contacting your country’s supervisory authority.
Please note that we may ask you to verify your identity before responding to such requests.
9. DATA SECURITY
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If you have access to parts of our websites or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
10. RETENTION OF YOUR PERSONAL DATA
We retain Personal Data only for as long as necessary to achieve the purpose for which such Personal Data was collected, unless a different retention period is required under applicable law. We also retain Personal Data for as long as you have your account, or as long as is needed to be able to provide the services or products to you, or for as long as is necessary to provide support-related reporting and trend analysis. If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep Personal Data as required, after an account is closed or is no longer necessary to provide services. Unless otherwise required by applicable law, we will take reasonable steps to destroy or permanently de-identify Personal Data it holds if such Personal Data is no longer needed for the purpose for which it was collected.
Telephone: +41 (0) 587 48 48
CBDetc. c/o Holyworld SA,
Rue de Nant 8,
Attn: Data Protection Manager.
Last Updated: December 2nd, 2020