top of page

Privacy Policy

1) Information on the collection of personal data and contact details 

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when you use our website.  

Personal data is all data with which you can be personally identified. Statistical data that we collect, for example, when you visit our website and that cannot be linked to you personally is not considered personal data. You can print or save this privacy policy by using the usual functionality of your browser. 

The contact person and controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is 

Cannaflos Genetics SL, 

Calle Catedrático Agustín Escardino Benlloch 9, 46980 Paterna (Valencia), Spain 

E-mail: mail@cannaflos-genetics.com

 

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge of it. These measures are adapted in line with the current state of the art. This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the character string "https://" and the lock symbol in your browser line.

 

2) Data collection when visiting our website 

If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you: 

  • Our visited website 

  • Date and time at the time of access 

  • Amount of data sent in bytes 

  • Source/reference from which you reached the page 

  • Browser used 

  • Operating system used

  • IP address used (if applicable: in anonymised form) 

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use. 

3) Cookies 

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable your browser to be recognised the next time you visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser. 

In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. 

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.  

Please note that if you do not accept cookies, the functionality of our website may be limited. 

 

4) Hosting & Content-Delivery-Network 

We use the system of the following provider for the hosting of our website and the presentation of page content: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel 

Data is also transferred to: Wix Inc, 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA 

All data collected on our website is processed on the provider's servers. 

We have concluded an order processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties. 

When data is transferred to the provider's location, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 

 

5) Making contact or registration for an event 

Personal data is collected when you contact us (e.g. via contact form or email) or register for an event (e. g. via registration form). Which data is collected in the case of a contact or registration form can be seen from the respective form. This data is stored and used exclusively for the purpose of responding to your enquiry, for contacting you and for ticket delivery and/or access verification at the event and the associated technical administration related to the aforementioned purposes. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract/registration for an event, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your enquiry. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary. 

 

6) Newsletter 

You have the option of subscribing to our newsletter, in which we regularly inform you about company and industry news and availability. We use the so-called double opt-in procedure for ordering our newsletter, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you would like to receive our newsletter. If you confirm your wish to receive the newsletter, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of this storage is to send you the newsletter and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose. The legal basis for the aforementioned data processing is your consent in accordance with Art. 6 para. 1 a) GDPR. 

Our e-mail newsletters are sent via this provider: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel 

Data is also transferred to: Wix Inc, 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA 

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when you register for the newsletter to this provider in accordance with Art. 6 para. 1 lit. f GDPR so that it can send the newsletter on our behalf. 

We have concluded an order processing contract with the provider that protects the data of our website visitors and prohibits it from being passed on to third parties. 

When data is transferred to the provider's location, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. 

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

 

7) Tools and miscellaneous 

7.1 - Zoom 

We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc. based in the USA. 

We are responsible for data processing that is directly related to the holding of "online meetings". Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, it is only necessary to access the website to use "Zoom" in order to download the software for using "Zoom". 

Various types of data are processed when you use Zoom. The scope of the data also depends on the data you provide before or when participating in an "online meeting". The following personal data is processed: 

  • User details: first name, surname, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), Department (optional) 

  • Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information 

  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat. 

  • When dialing in by phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved. 

  • Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" applications. 

To take part in an "online meeting" or to enter the "meeting room", you must at least provide your name. 

If you are registered with "Zoom" as a user, reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to 12 months at "Zoom". 

The legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective conduct of "online meetings". 

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties unless it is intended to be passed on. 

Other recipients: The provider of "Zoom" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with "Zoom". 

"Zoom" is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider of "Zoom" that meets the requirements of Art. 28 GDPR. 

An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. Furthermore, the provider of Zoom is certified in accordance with the EU-U.S. Data Privacy Framework (DPF). As additional protective measures, we have also set up our Zoom configuration in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct "online meetings". 

 

8) Rights of the data subject 

8.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below: 

  • Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries; 

  • Right to rectification pursuant to Art. 16 GDPR: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us; 

  • Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right does not apply in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims; 

  • Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to unauthorised data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail; 

  • Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients. 

  • Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible; 

  • Right to withdraw consent granted in accordance with Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal; 

  • Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy. 

 

8.2 RIGHT OF OBJECTION 

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. 

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS. 

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE. 

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES. 

 

9) Duration of storage of personal data 

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if applicable - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). 

When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject withdraws their consent. 

If there are statutory retention periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfilment or contract initiation and/or we no longer have a legitimate interest in further storage. 

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims. 

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR. 

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed. 

 

10) Recipients of the data 

The data collected by us will only be passed on if: 

  • you have given your express consent in accordance with Art. 6 para. 1 a) GDPR or Art. 9 para. 2 a) GDPR, 

  • the disclosure pursuant to Art. 6 para. 1 f) GDPR or Art. 9 para. 2 f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, we are legally obliged to pass on data in accordance with Art. 6 para. 1 c) GDPR or 

  • this is legally permissible and required in accordance with Art. 6 para. 1 b) GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request. 

 
In principle, we process your data ourselves. In some cases, however, we also use service providers for this purpose. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centres that store our website and databases, IT service providers that maintain our systems and consulting companies. If we pass on data to service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us. 
 
In addition, data may be passed on in connection with official enquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement. 

 

11) Changes to the privacy policy

We occasionally update this privacy policy, for example when we customise our website or the legal requirements change. 

bottom of page