Privacy Policy

Use of personal information and security

Personal information covers all information that can be used to identify a person, including first and last name, age, gender, home and/or work address, email address or other contact information.

In connection with your use of our website and your inquiries and/or subscriptions to newsletters, competitions etc., we collect and process different information. 

We of course respect all requests for confidentiality of personal information that you submitted online, and we are well aware of the need for an appropriate approach regarding protection and proper processing of all personal information that we receive and handle. 

The personal information is only used for the purpose it was provided for, including to make sure that can perform our services for you as a user. In addition to this, the information is used for statistical purposes for CBD Scandinavia. 

By using our website website, you accept that we process your personal information in agreement with this privacy policy.

To us, it is of great importance that the personal information is safe. Therefore, we have initiated and executed technical and organizational measures against your information being accidentally or illegally deleted, published, corrupted or somehow being shared with unauthorized individual, misused or otherwise processed in violation of the law.

If you do not agree to our privacy policy, please do not use our website nor our services. 

The collection and processing of personal data

You can usually access the website without telling us who you are or providing any personal information about yourself. However, we need certain personal information in order to serve and inform you and/or provide news and other services to you.

We collect and process the following information about you:

Personal information you provide when subscribing to our newsletter;

Personal information you provide when you order via our website;

Personal information you provide when dealing with a complaint or feedback;

At CBD Scandinavia we only collect the information necessary to provide the service you may request. This could for example be your name, email or phone number. We do not collect personal identifiable information from any third parties regarding our visitors.

The collected (personal) information is stored on servers that are certified and safe under the EU-US Privacy Shield. However, some personal data is managed by a third party (data processor). This third party processes the personal data on our behalf in accordance with this privacy policy and the applicable legislation on the protection of one’s personal data.

The information is stored for the period permitted by law and we delete it when the data is no longer needed. The period depends on the nature of the information and the background of the storage. It is therefore not possible to specify a general time frame for when different information is deleted and removed. 

Disclosure of information

Personal information (data) submitted on this website is only passed on to the company’s internal departments.

Selected and trusted third parties who use your personal information for the purpose of providing goods or services that you have ordered;

Abuse registers in accordance with applicable law if a customer commits any type of abuse or fraud against us.

In order to further develop and improve our website, we keep statistics on how our visitors maneuver around and uses the website. The statistics are used exclusively in summarized form, which for example could be to see which pages are visited the most and what browsers they prefer. 

We use Google Analytics to collect visitor statistics and in accordance to rules and regulations, provide IP addresses to Google Analytics.

Google may disclose this information to third parties where required by law or to third parties who perform tasks for them. Click here to read more about the Google Analytics Privacy Policy.

If you want access to the information that we registered regarding you with, please contact support@cbdscandinavia.dk. If any incorrect data has been registered, or if you have other questions, concerns or objections, please use the e-mail mentioned above. For additional information regarding your rights, please see below.

If you want to complain about the processing of your personal data, you do have the opportunity to contact the Danish Data Protection Agency directly.

Cookie Policy

We use cookies on cbdscandinavia.dk in order to provide the best possible service to the users of our website.

A cookie is a (text) data file that a website stores on your IT equipment. We use Google Analytics for this. The purpose for having cookies is to recognize the IT equipment and by that observe how you use the website. Today, virtually all websites have and use cookies, as it is often necessary to be able to provide a good service.

We use the following types of cookies on our website

First-party cookies

First-party cookies that expire when you close your browser. This type of cookie aims to recognize your IT equipment, remember your language choice, keep track of the amount of times you are on the website, manage different graphics and identify your requests when navigating around cbdscandinavia.dk

Persistent cookies

These cookies are used, can be stored for up to two years. They keep track of the number of times you have visited the website, length of stay, language choice, and how you access and maneuver around the website as well as whether or not you are a regular user of the website.

Google Analytics cookies

Google Analytics cookies are used to collect visitor statistics. These cookies collect information about your use of the website, including your IP address. You can opt out of cookies from Google Analytics here.

Marketing cookies

Marketing cookies are used to follow your search and reading habits, with the intend of showing you targeted marketing content in e.g. banners. Marketing cookies collect data that may contain personally identifiable information. Any information stored using the marketing cookies may be shared with 3rd parties.

The information above is provided in accordance with the Executive Order on requirements for information and consent when storing and accessing information in end users equipment, for example your computer or smartphone. 

If you have any questions or concerns regarding our policies, please do not hesitate to send us an email at support@cbdscandinavia.dk

Your rights

The personal information we process belongs to the data subject. Therefore, the data subject naturally also has specific rights. These rights are set out in Chapter 3 of the Regulation.

Below is an overview of these rights, which you always have as a registered user. 

1.1 Duty to provide information

When dealing with the collection of personal information, we as the data controller must inform the data subject of a number of different information. Your rights are listed below.

1.2 Right of access

As a registered user, you have the right to receive our approval of whether personal data concerning you is being processed, if so, access to the personal data and additional information, that you can find described below: 

the purposes of the management of data

what kind of personal data are we working with (involved data)

the recipients or categories of recipients to whom the personal data are or will be transferred. In particular recipients in third (part) countries or international organizations;

if possible, the intended period during which the personal data will be stored or, if this is not possible, the criteria used to determine that period;

the right to request the data controller to correct or delete personal data or to restrict the processing of personal data concerning the data subject or to object to such a processing;

the right to file a complaint with a supervising authority

any available information on the origin of the personal data, if not collected from the data subject (i.e. the equipment)

the existence of automatic decisions, including profiling, as referred to in Article 22 (1); 1 and 4, and as a minimum meaningful information about the logic therein as well as the significance and the expected consequences of such treatment for the data subject.

If the personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the necessary guarantees pursuanto Article 46 in connection with the transfer.

We provide a copy of the personal data we process regarding you, if you were to request it, as long as the copy does not violate the rights and freedoms of other users. 

For the delivery of additional copies, we charge a reasonable fee based on the administrative costs.

Unless otherwise requested, the information is provided in a commonly used electronic form.

1.3 Correction

If we, for some reason, have registered information regarding you that is incorrect, you have the right to have this changed and corrected.

You also have the right to have incomplete personal data completed, considering the purposes of the processing. This can be done, for example, by submitting a supplementary statement.

1.4 Right to be forgotten

You have the right to have your personal data deleted, and we have a duty and responsibility to delete your personal data without unnecessary delay if one of the following conditions were to apply to your given situation:

The personal information is no longer necessary to fulfill the purposes for which it was collected or otherwise processed.

You withdraw the consent that is the basis for the processing and there is no other legal basis for the processing of the data. 

You object to the processing pursuant to Article 21 (1). And there are no legitimate reasons for the data processing that precede the objection, or you object to the processing pursuant to Article 21 paragraph 2.

The personal data has been illegally processed.

The personal data must be deleted in order to comply with a legal obligation in EU law or the national law of the Member States, in which we are subject.

The personal data have been collected in the context of the provision of information society services as referred to in Article 8 (1). 1.

If we have published the personal data and we are obliged to delete the personal data, then considering the technology available and the costs of implementation, we will take reasonable steps, including technical measures, to inform the data controllers.

However, the above does not apply to the extent that the treatment is necessary:

to exercise the right to freedom of expression and information

to comply with a legal obligation requiring treatment under EU law or the national law of the Member States to which we are subject, or to carry out a task in the public interest or which falls within the exercise of official authority imposed on the data controller;

in the public interest in the field of public health in accordance with Article 9.2. Article 9.2 (h) and (i) and Article 9.2.3

for archival purposes in the interest of society, for scientific or historical research purposes or for statistical purposes in accordance with Article 89.2. To the extent that the right referred to in paragraph. 1, it is likely (nearly) to make it impossible or seriously hinder the fulfillment of this treatment, or

for legal claims to be established, asserted or defended.

1.5 Limitation of (potential) treatment

You have the right to limit our processing of your information if one of the following conditions applies to your current situation:

the accuracy of the personal data is disputed by you, in the period until we have had the opportunity to determine whether the personal data is correct

the processing is illegal and you oppose the removal of personal data and instead request that its use to be restricted;

We no longer need the personal data for the processing, but they are necessary for a legal claim to be determined, asserted or defended.

You have objected to the treatment pursuant to Article 21.1, during the period while checking whether our legitimate interests take priority over your legitimate interests.

If processing has been restricted pursuant to the above, such personal data, other than storage, may only be processed with your consent or for the purpose of establishing, enforcing or defending a legal claim. Or to protect another natural or legal person, or in the interests of the Union or of a Member State.

If you have obtained a restriction of treatment (processing), you will be notified by us before the restriction of the treatment is potentially lifted.

1.6 A Duty to notify when dealing with removal or correction

We notify each recipient to whom your personal data has been passed on of any correction or deletion of the personal data or limitation of processing carried out in accordance with sections 1.3, 1.4 or 1.5 unless this proves impossible or is excessively difficult.

We will inform you of these receivers if we receive a request from you. 

1.7 Data portability

You have the right, in a structured, commonly used and machine-readable format, to receive personal information about yourself that you have provided to us.

Furthermore, you have the right to transmit this information to another data controller without any form of interference from us when:

the treatment is based on your consent, or on our contract and

the treatment is done automatically.

When you exercise your right to data portability in accordance with the above, you have the right to have the personal data transmitted directly from us to another, if this is possible technically.

This right does not affect the right to be forgotten (1.4)

This right to data portability does not apply to processing what is necessary for the performance of a task in the interest of society or which falls within the exercise of public authority that we have been assigned.

This right to data portability must also not overstep on the rights or “freedoms” of others.

1.8 Right of objection

You have the right, at any time, for reasons relating to your particular situation, to object to the processing of your personal data, which is based on Article 6.1. (1, e) on societal interest or f)) on our legitimate interest, including profiling based on these supplies.

If you object, we may no longer process the personal data unless we demonstrate compelling legitimate reasons for the processing that take precedence over your interests, rights and freedoms, or the processing is necessary for legal claims to be established, asserted or defended.

If you object to our processing for the purpose of direct marketing, the personal data may no longer be processed for this purpose.

At the latest, at the time of the first communication with you, you must be clearly informed of the above right, and information about this must be communicated openly and separately from all other information.

If your personal data is processed for scientific or historical research purposes or statistical purposes in accordance with Article 89.1 of the Regulation. 1, you have the right, for reasons relating to your special situation, to object to the processing of your personal data, unless the processing is necessary to perform a task in the interest of society.

1.9 Automatic decisions, including profiling

You have the right not to be the subject of a decision based solely on automatic processing, including profiling, which has lawful effect or in a similar way significantly affects you

However, this does not apply if the decision is necessary for the conclusion or performance of a contract between the data subject and a data controller.

is enshrined in EU law or the national law of the Member States to which we are subject and which also provides for appropriate measures to protect your rights and freedoms as well as legitimate interests, or is based on your express consent.

If we use automatic decisions in the cases mentioned in b) and c), then we implement appropriate measures to protect your rights and freedoms as well as legitimate interests, at least your right to human intervention on our part, to express your views and to challenge the decision.

Automatic decisions may not be based on sensitive personal data, except where Article 9.1 of the Regulation provides: 2 (a) or (g) shall apply and appropriate measures have been put in place to protect your rights and freedoms as well as legitimate interests.

1.10 Restrictions

EU law or Danish law, to which we or the data processor are subject, may by legislative measures limit the possibility of the obligations and rights you have under the above, when such restriction respects the essential content of the fundamental rights and freedoms and is a necessary and proportional measure in a democratic society, for the sake of:

State security, defense, public security, the prevention, investigation, detection or prosecution of criminal offenses or the enforcement of criminal sanctions, including the protection and prevention of threats to public security; , in particular the essential economic or financial interests of the Union or a Member State, including monetary, budgetary and fiscal matters, public health and social security, protection of the independence of the judiciary and litigation; , supervisory or regulatory functions, including temporary tasks related to the exercise of official authority in the cases referred to in Article 23.2 of the Regulation. 1 (a) to (e) and (g) protection of the rights and freedoms of the data subject or others; enforcement of civil claims.

We understand and appreciate that all the information provided above might be difficult to put into context or perhaps even understand some of the more technical terms. If you do have any questions or concerns, please do not hesitate to reach out to us.