2-3 days delivery within EU countries
RegistrationHUSK

Adatvédelmi szabályzat

Cannadolcbd.eu – Data Protection & Privacy Policy (GDPR Compliant)

Last updated: 14 October 2025 (EU/Budapest time)

This Data Protection & Privacy Policy ("Policy") explains how CANNADOL (the "Controller", "we", "us", "our") collects and processes personal data when you visit or purchase from our webshop cannadolcbd.eu (the "Website"). It is drafted to comply with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable Slovak law.

1) Controller & Contact

Controller: MULTIGREEN s.r.o.
Registered address: Komenského 215/25, 94301 Štúrovo / Slovakia
Company ID (IČO): 54776741 | Tax ID (DIČ): 2121804245 | EU VAT ID (IČ DPH): SK2121804245
Email: office@multigreen.sk | Website: https://www.cannadolcbd.eu
No Data Protection Officer (DPO) is appointed as we are not required to do so under GDPR. You can contact us at office@multigreen.sk for any privacy question.

2) What Data We Collect

  • Identity & contact data: name, email, phone, billing and shipping address.
    • Order & payment data: purchased items, order ID, invoices, payment status (we do not store full card details).
    • Account data (optional): login email, password hash, order history, preferences.
    • Support data: messages, call notes, attachments you send to customer support.
    • Marketing & communications data: newsletter opt-ins, preferences, campaign metrics.
    • Device/technical data: IP address, device ID, browser type, cookies and similar technologies (see Cookies section).
    • Age-related data: we may ask to confirm you are 18+ to comply with applicable rules for hemp products.

3) Sources of Personal Data

We collect data directly from you when you place an order, create an account, subscribe to newsletters or contact support; and automatically via cookies/SDKs when you browse the Website (subject to your consent where required).

4) Purposes & Legal Bases (Art. 6 GDPR)

  • Purchasing & delivery of products – to process your order, take payment, deliver goods, manage returns; legal basis: performance of a contract (Art. 6(1)(b)).
    • Customer account – to create and maintain your account; legal basis: contract (Art. 6(1)(b)) or legitimate interest to provide account functionality (Art. 6(1)(f)).
    • Customer support – to respond to queries, handle complaints and warranties; legal basis: contract (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)).
    • Legal & tax compliance – invoicing, accounting, product safety obligations; legal basis: legal obligation (Art. 6(1)(c)).
    • Marketing communications (email/SMS) – only with your consent (Art. 6(1)(a)); you may withdraw consent anytime.
    • Analytics & performance cookies – only with your consent (Art. 6(1)(a)); strictly necessary cookies are based on legitimate interest (Art. 6(1)(f)).
    • Fraud prevention & security (e.g., IP reputation checks, access logs) – legitimate interest (Art. 6(1)(f)).

5) Cookies & Similar Technologies

We use cookies/SDKs to run the Website and understand its performance. Non-essential cookies (analytics/marketing) are disabled until you grant consent via our banner. You can change or withdraw consent at any time. Categories:
• Strictly necessary – for core site and cart functionality (cannot be switched off).
• Preferences – remember choices (enabled only with consent).
• Analytics – measure traffic and usage (consent).
• Marketing/retargeting – personalise ads (consent).

Important: We do not use pre-ticked boxes or implied consent. Consent must be a clear affirmative action. For full details, see our separate Cookie Policy.

6) Categories of Recipients (Processors/Controllers)

  • Payment processors/gateways: [insert provider(s), e.g., Stripe, Barion, GoPay] – card processing, fraud prevention.
    • Logistics & delivery partners: [e.g., Packeta, Slovenská pošta, DHL] – shipping and returns.
    • Email marketing & CRM: MailerLite – newsletters and campaign management.
    • IT hosting & support: hosting providers, e-commerce platform, developers.
    • Professional services: accountants, auditors, legal advisors (controllers).

7) International Transfers

If we transfer personal data outside the EEA, we rely on an adequacy decision (e.g., EU–U.S. Data Privacy Framework for certified U.S. recipients) or on Standard Contractual Clauses with supplementary measures where needed. Details are available on request.

8) Retention Periods

We keep data only as long as necessary for the purposes above:
• Orders & invoices: 10 years (tax/accounting laws).
• Customer account: as long as the account is active; then deleted or anonymised within 30 days.
• Customer support: typically 3 years after resolution (claims limitation).
• Marketing data: until you withdraw consent or after 24 months of inactivity.
• Technical logs: 6–24 months depending on security needs.

9) Your GDPR Rights

You may request access, rectification, erasure, restriction, portability, and object to processing. Where processing is based on consent, you may withdraw consent at any time without affecting prior processing. To exercise rights, email cbd@cannadolcbd.eu. We will respond within one month.

10) Supervisory Authority (Slovakia)

Úrad na ochranu osobných údajov Slovenskej republiky (Office for Personal Data Protection of the Slovak Republic)
Address: Hraničná 12, 820 07 Bratislava 27, Slovak Republic
Tel.: +421 2 3231 3214 | Email: statny.dozor@pdp.gov.sk | Website: https://dataprotection.gov.sk/
You have the right to lodge a complaint with the supervisory authority.

11) Children

Our Website and products are intended for adults (18+). We do not knowingly collect data from children. If you believe a child has provided personal data, contact us to delete it.

12) Security Measures

We implement appropriate technical and organisational measures (encryption in transit, access controls, backups, least-privilege, incident response). While no system is perfectly secure, we aim to protect your data against unauthorised access, alteration, or loss.

13) Automated Decision-Making

We do not carry out decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

14) How to Contact Us & Policy Updates

For any request or complaint, contact office@multigreen.sk We may update this Policy to reflect legal or operational changes. The current version and its effective date are shown at the top. Material changes will be announced on the Website before they take effect.

Annex – Key Legal References

  • GDPR Art. 6 – Lawfulness of processing; Arts. 12–22 – Data subject rights; Arts. 24–32 – Controller responsibilities and security.
    • EDPB Transparency & Legitimate Interest Guidelines.
    • CJEU Planet49 – valid cookie consent (no pre-ticked boxes; separate consent for non-essential cookies).
    • EU–U.S. Data Privacy Framework adequacy decision (EU 2023/1795), upheld by the EU General Court in case T‑553/23 (2025).