1. General matters
1.1 What constitutes personal data
Personal data means information that reveals, or is capable of revealing, the identity of the user. We adhere to the principle of data avoidance. The collection of personal data is avoided whenever possible.
1.2 Handling of personal data
Personal data will only be used for the purpose of establishing, formulating and performing a contract (Article 6(1) b GDPR). Beyond this, personal data will only be processed if we have received your consent (Article 6(1) a GDPR). Personal data will not be disclosed to third parties. Your personal data will only be processed within the EU unless otherwise stated below.
1.3 Usage data
When you visit the website, general technical information is collected. This includes the IP address used, time, duration of your visit, browser type and, where applicable, the originating site. These usage data are recorded in a log file for technical reasons and can be used and stored for statistical evaluation of this website. These usage data are not linked to your personal data.
1.4 Registration data
Registration is required for full use of the website’s functions. The registration data are collected from the information that you enter and are used for the specifically stated purpose in accordance with your consent (Art. 6(1) a GDPR).
1.5 Duration of storage
On completion of the purpose for which the data was collected, we will store your personal data only for as long as is required by statutory (in particular tax law‐related) regulations.
2. Your rights
You may request confirmation from us as to whether personal data concerning you are being processed, and, where that is the case, you have a right to access to the personal data and to the additional information specified in Article 15 GDPR.
2.2 Right to rectification
You have the right to rectification of inaccurate personal data concerning you, and may have incomplete personal data completed in accordance with Article 16 GDPR.
2.3 Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay. We have the obligation to erase these data without undue delay where one of the following grounds applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing of your data is based, and where there is no other legal ground for the processing.
- Your data have been unlawfully processed.
The right to erasure does not apply to the extent that your personal data are required for the establishment, exercise or defence of our legal claims.
2.4 Right to restriction of processing
You have the right to obtain from us restriction of processing your personal data where
- you contest the accuracy of the data and we therefore verify the accuracy,
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
- we no longer need the data, but you require these for the establishment, exercise or defence of legal claims,
- you have objected to the processing of your personal data pending verification of whether our legitimate grounds override your grounds.
2.5 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine‐readable format, and have the right to transmit those data to another controller without hindrance from us, provided that the processing is based on consent or on a contract and the processing is carried out by us by automated means.
2.6 Right to withdraw consent
Where the processing of your personal data is based on consent, you have the right to withdraw that consent at any time.
2.7 General matters and right to lodge a complaint
The exercise of your rights as outlined above shall be free of charge. You have the right directly to contact the supervisory authority with competence for us, the state data protection officer, in the event of complaints.
3. Data security
3.1 Data security
All data on our website are protected by technical and organisational measures against loss, destruction, access, modification and distribution.
3.2 Sessions and cookies
If you use the comment function on our website, the date and time of creation, your chosen pseudonym and also, temporarily, your IP address will be stored in addition to the comments themselves. This is done in order to enable us to defend our rights in the event of any unlawful content.
5. Third‐party services
5.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), and uses this web analytics service to collect and store data, from which usage profiles are created using pseudonyms. The usage profiles created in this way are used to evaluate visitor behaviour in order to tailor and improve the services presented on our website as required. Google Analytics uses “cookies”, which are small text files placed on your computer in order to analyse how you use the website. The information generated by the cookies about your use of this website is normally transferred to a Google server in the United States and stored there. If IP anonymisation is enabled on this website, your IP address will, however, be truncated by Google within member states of the European Union or other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, for compiling reports on website activity and for providing other services relating to website activity and Internet usage to the website operator. Google will not associate the IP address transferred by your browser for the Google Analytics service to any other data held by Google. Furthermore, the user profiles managed under a pseudonym will not be combined with the personal data concerning the user without the user’s explicit and separately declared consent. Thus the balancing of interests show that there are no overriding interests on your part (Article 6(1) f GDPR). You can prevent the storage of cookies by making the appropriate settings in your browser software; please note, however, that you may then no longer be able to use all the functions of this website. You can also prevent the data generated by the cookie with regard to your usage of the website (including your IP address) from being sent to Google and processed by Google if you download and install the browser plug‐in available via the following link (https://tools.google.com/dlpage/gaoptout?hl=en‐GB).
5.2 Google Web Fonts
We also use web fonts from Google in order to display a uniform font on our website for you. These are stored automatically in your browser cache when you visit one of our web pages in order to
enable the desired display. If your browser does not support the web fonts used, one of your computer’s default fonts may be used. In this case, none of the users’ interests are affected that override this technical requirement (Article 6(1) f GDPR). You can view Google’s privacy statement here: https://www.google.com/policies/privacy/ For more information about Google web fonts, visit https://developers.google.com/fonts/faq
5.3 Other tools
When you visit our website, your surfing behaviour may be statistically evaluated. This is done primarily by means of cookies and analytics programs. Your surfing behaviour will generally be analysed on an anonymous basis, so it cannot be traced back to you. You can object to this analysis or prevent it by avoiding the use of specific tools. You will find detailed information on this subject in this Privacy Statement.
You may object to this analysis. We will inform you about the ways in which you can object in this Privacy Statement.
6. Data protection officer
We have appointed a data protection officer for our company:
Tilray Deutschland GmbH
In den Feldern 2
Telephone: +49 (0)800 400 3100
Withdrawal of your consent to data processing:
Many data processing operations are only possible with your express consent. You may at any time withdraw consent that you have already given. An informal notification sent to us by email is sufficient. The legality of the data processing performed prior to the withdrawal shall remain unaffected by the withdrawal.
Right to object to the collection of data in special cases and to direct marketing (Article 21 GDPR)
If the data processing is based on point (e) or (f) of Article 6(1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling based on those provisions. The relevant legal basis on which processing is based can be found in this Privacy Statement. If you object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (objection pursuant to Article 21(1) GDPR).
If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will then no longer be processed for direct marketing purposes (objection pursuant to Article 21(2) GDPR).
Tilray Deutschland GmbH, 24 June 2020