PRIVACY POLICY
This website is operated by Potential Supplements sp. z o.o., Ul. Warszawska 6 32 Bialystok, Poland (hereinafter – Potential).
This privacy statement covers only the information collected on this website and does not cover any other information collected offline by Potential.
SAFETY
The personal information provided on the Potential website is transmitted via a secure server and is processed by Potential as a data controller.
Potential undertakes to manage personal information with high standards of information transmission security.
We inform and ensure that all appropriate physical, electronic and administrative measures are taken to maintain the security and accuracy of the personal information that is collected, limiting the number of people who have physical access to the database servers, as well as employing electronic security systems and password protections that protect and protect against unauthorized access to data.
Potential website uses Secure Sockets Layer (SSL) encryption technology, in order to protect personal information during transport and data transmission. SSL encrypts the order information such as name, address and credit card number.
Potential customer service center operates within a private and secure network.
Note that the e-mail is not encrypted and is not considered a secure means of transmitting credit card information.
PRIVACY POLICY
In order to guarantee the provision of high quality services, Potential uses information deriving from interactions with customers within the website.
In respect of customer privacy, Potential has implemented procedures to ensure that personal information collected is handled in a safe and responsible manner.
Potential has published this privacy policy to illustrate and make transparent the practices for collecting personal information.
Given the constant technological advances, it should be noted that this information may undergo or have already undergone changes.
We therefore invite you to view them in a systematic manner, in order to implement any changes and updates.
INFORMATION COLLECTED
You can browse the Potential website without providing any personally identifiable information. However, you may be required to provide personally identifiable information in some areas of the site.
In some cases, if you choose not to provide the requested information, you may not be able to access all parts of the site or take part in all of its features.
HOW THE COLLECTED INFORMATION IS USED
We process personal data for these and related purposes:
– Provision of services (creating and managing your account, submitting an order, managing your order etc.). Legal basis for this purpose is performance of a contract with you and compliance to the legal obligations.
– Providing direct marketing via email or telephone. Legal basis is our legitimate interest to provide our existing customers with the relevant information about our promotions and other useful information and/or consent of our potential clients. Please note when personal data is collected based on your consent you have a right to withhold that consent or withdraw consent at any time without an adverse effect. We use Mailchimp for sending our newsletters.
– Providing important notifications. Legal basis is our legitimate interest – to provide good customer service and inform you about certain changes, cancelations or other important messages related to your orders.
– To analyze our website traffic and enhance user experience. We use cookies and similar technologies in order to achieve this purpose. Please find more details in our cookie policy below. Our legal basis for this purpose is our legitimate interest – to maintain and improve our website, improving the site design, products, customer service and special promotions. When you visit this Potential website, the server automatically collects anonymous information such as registry data and IP addresses and may collect general information relating to the geographical location.
All personal information stored on the site is stored each time purchases are made through the Potential website or through authorized sales channels.
The information provided in other ways is also stored, for example by subscribing to mailing lists or mobile messaging.
If you use a credit or debit card, the details of these will also be included.
If you use one of the services or participate in one of the promotions or sweepstakes, additional information may be required, such as age, interests or preferences about the products.
From the purchases made and from all the interactions on the Potential website, information will be obtained regarding specific products and / or services used.
OTHER SUBJECTS WITH WHICH THE INFORMATION IS SHARED
All information collected as described above may be shared with our carefully selected partners: IT service providers, cloud service providers, auditors, IT support, accounting partners, marketing partners.
Service providers: we reserve the right to share information with external companies that provide support in the supply of products and services.
For example, it is possible that you contact an external company to: (a) manage a database of customer information; (b) have a support in e-mail distribution; (c) have direct marketing support and data collection; (d) data storage and analysis; (d) to have support in fraud prevention; and (e) provide other services designed to maximize commercial potential.
It is required that these external companies accept to keep all information that is shared confidential, apply adequate security measures and to use the information only to fulfill their obligations.
Other companies: information may be provided to carefully selected external companies when it is deemed that their products or services may be of interest to the customer. This is done only if the customers agree to receive promotions from other companies.
It will be possible to transfer or share a copy of personal information within the group companies.
In the event that there is a change of ownership or control of the company, the user will receive a notification by e-mail or a notice on the Potential website.
Compliance with the law: it will be possible to provide access to information when requested by the authorities, to cooperate with police investigations or other legal proceedings, to limit legal liability.
Potential works with advertising companies to place its advertising on websites on the Internet. These advertising companies collect anonymous information about visits to the Potential website.
This technology involves the use of third-party cookies and which allow these companies to develop personalized advertising so that it refers directly to offers that may interest customers.
You can choose to forgo this service offered by the advertising partner.
It will be possible to use Potential cookies to provide advanced online marketing based on the user’s specific interests and preferences.
You can choose to forgo these advanced online marketing ads.
COOKIES, WEB BEACONS
A “cookie” is a small data file stored by the web browser on your computer or mobile device (hard disk) and allows you to recognize the specific computer (but not specifically who is using it) when you access the site by associating the identification numbers in the cookie with other client information.
Customer information is stored in the secured database.
A “web beacon” or “pixel tag” or “clear gif” is generally a one-pixel image used to transfer information from a computer or mobile device to a website.
We use cookies and web beacons to keep track of what is present in the cart and to remind the user when he returns to the website, to identify the pages he clicks on while visiting the site and the name of the website visited immediately before Click on the Potential website.
This information is used to improve site design, product assortments, customer support and special promotions. Of course, you can disable cookies and web beacons on your computer by indicating it in your browser preferences or options menus. However, some parts of the website may not work properly if you disable cookies. You could also use web beacons and other technologies to monitor and learn if our communications reach it, to measure their effectiveness or to collect certain non-personal information from the customer’s computer.
Potential may enter into contracts with third parties that may use cookies and web beacons and collect information on behalf of Potential or provide services such as credit card processing, shipping, promotional services or data management. These third parties are prohibited from sharing such information with anyone other than Potential employees or other customer support partners.
REGISTRATION OF ONLINE ACCOUNT
To make online shopping faster and easier, you can register on Potential website.
As a registered customer, it is sufficient to enter the shipping addresses and billing data only once; will be safely stored by Potential for future use. Using the name and password chosen by the user, the account can be accessed online at any time to add, delete or change the information.
If you are using a public computer, we recommend that you log off at the end of the session.
List of cookies used on our website:
| Cookie name | Purpose of the cookie | Expiration date |
| __stripe_mid | To initiate Stripe payment session | 7 days |
| _fbp |
Facebook pixel analytic tool
|
7 days |
| _ga |
Google Analytics tool
|
7 days |
| _gid |
Creates unique Google Analytics identificator
|
7 days |
| wfwaf-authcookie-* | Unique identification number created for the website firewall to identify a potentially malicious visitor | 7 days |
| woocommerce_cart_hash | Saving the contents of the shopping cart. | Session |
| wordpress_test_cookie | Checking whether the browser accepts cookies and whether there is an option to save the contents of the shopping cart | Session |
| wp-settings-time-1 | Determining user time zone | Session |
STORAGE OF DATA
We retain personal information in an identifiable format as long as required by law or as needed for our business purposes. We retain personal information for longer periods of time than is legally required if it is in our legitimate business interests and is not prohibited by law. For the exact retention periods, please contact us directly.
YOUR RIGHTS AS A DATA SUBJECT
We have a legal obligation to ensure that your personal data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your personal data that we are processing.
You may, at any time, exercise the following rights with respect to our processing of your personal data by contacting us via contact information referred to in this Privacy policy:
Right to access: you have the right to request access to any data that can be considered your personal data. This includes the right to be informed on whether we process your personal data, what personal data categories are being processed by us, and the purpose of our data processing;
Right to rectification: you have the right to request that we correct any of your personal data if you believe that it is inaccurate or incomplete;
Right to object: you are entitled to object to certain processing of personal data, including for example, making automated decisions based on your personal data or when we otherwise base the processing of your personal data on our legitimate interest;
Right to restrict personal data processing: you have the right to request that we restrict the processing of your personal data if you wish to: (i) object the lawfulness of the processing; (ii) fix unlawful processing of personal data; (iii) receive or avoid deletion of personal data for establishing or defending against legal claims; or (iv) demand restriction of the processing until assessing the plausibility of DAT’s legitimate interest in the specific processing activity;
Right to erasure: you may also request your personal data to be erased if the personal data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the personal data has to be erased to enable us to comply with a legal requirement;
Right to data portability: if your personal data is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that personal data in a structured, commonly used and machine-readable format. Moreover, you may request that the personal data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;
Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time without any adverse effect;
Right to submit your claim with the supervisory authority: if you are not satisfied with our response to your request in relation to personal data or you believe we are processing your personal data not in accordance with the law, you can submit your claim with the Polist Data Protection supervisory authority.
Please note that you will need to provide sufficient information for us to handle your request regarding your rights. Prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request.
DPO
We have a designated person for all privacy and data protection related matters. Should you wish to implement your data subject rights or have any question regarding your personal data processing, please contact our Data Protection Officer via info@cbdpotential.com.