Data controller

Jo Hemp Italia S.r.l.s.
Via E. Ponti 53
20143 Milano 
Italia
Email of the owner: info@johemp.it

Types of Data collected

Among the Personal Data collected by this Site, independently or through third parties, there are: Cookies; Usage data; email address; first name; last name; username; website; password; country; various types of Data; geographical location; telephone number; address; corporate name; image.

We also process the data necessary to manage the payment of the products purchased and the delivery of the same (your name, surname, delivery address, and shipping number), as well as information about your purchases and your authentication in your personal area. Your phone number and e-mail address allow us to keep you up to date on the status of your shipment.

Full details of each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the collection of the data.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Site.
Unless otherwise specified, all the Data requested by this Site are mandatory. If the User refuses to communicate them, it may be impossible for this Site to provide the Service. In cases where this Site indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or on its operation.
Users who have doubts about which Data are mandatory, are encouraged to contact the Owner.
Any use of Cookies – or other tracking tools – by this Site or by the owners of third-party services used by this Site, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Site and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

Mode and place of processing of the collected Data

Processing methods

The Data Controller shall take appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data.
The processing is carried out using computer and/ or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Owner, in some cases, other parties involved in the organization of this Site (administrative, commercial, marketing, legal, system administrators) or external parties may have access to the Data (as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller. The updated list of Data Processors may always be requested from the Data Controller.

Legal basis of processing

The Data Controller processes Personal Data relating to the User if one of the following conditions is met:

  • the User has given consent for one or more specific purposes; Note: in some jurisdictions the Owner may be authorized to process Personal Data without the consent of the User or another of the legal bases specified below, until the User opposes (“opt-out”) such processing. However, this is not applicable if the processing of Personal Data is regulated by European legislation on the protection of Personal Data;
  • the processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
  • the processing is necessary to fulfil a legal obligation to which the Data Controller is subject;
  • processing is necessary for the performance of a task in the public interest or for the exercise of official authority vested in the Owner;
  • the processing is necessary for the pursuit of the legitimate interest of the Owner or third parties.

However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on the law, provided for by a contract or necessary to conclude a contract.

Place

The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the owner.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User can refer to the section relating to the details of the processing of Personal Data.

The User has the right to obtain information about the legal basis of the transfer of Data outside the European Union or to an international organization of public international law or consisting of two or more countries, such as the UN, as well as regarding the security measures taken by the Data Controller to protect the Data.

The User can check whether one of the transfers described above takes place by examining the section of this document relating to the details of the processing of Personal Data or ask for information from the Data Controller by contacting him at the opening details.

Storage period

The Data are processed and stored for the time required by the purposes for which they were collected.

Therefore:

  • The Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of this contract is completed.
  • The Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User may obtain further information about the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When processing is based on the User’s consent, the Data Controller may retain the Personal Data for longer until such consent is revoked. In addition, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this period, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Purposes of the Processing of Collected Data

The User’s Data is collected to allow the Owner to provide the Service, comply with legal obligations, respond to requests or executive actions, protect their rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities, as well as for the following purposes: Statistics, Managing contacts and sending messages, Interaction with external social networks and platforms, Contacting the User, Payment management, Remarketing and behavioral targeting, Access to accounts on third-party services, Displaying content from external platforms, SPAM protection, Registration and authentication, Commercial affiliation, Content commentary, Interaction with data collection platforms and other third parties, Hosting and backend infrastructure, Data transfer outside the EU, Permissions for access to Personal Data on the User’s device, Infrastructure Monitoring, Location-based Interactions, Online Data Collection and Survey Management, and Social Features.

To obtain detailed information on the purposes of the processing and on the Personal Data processed for each purpose, the User can refer to the section “Detailed information on the processing of Personal Data”.

Comment on the contents

The comment services allow Users to formulate and make public their comments regarding the content of this Site.
Users, depending on the settings decided by the Owner, can also leave the comment anonymously. In case among the Personal Data released by the User there is the email, this may be used to send notifications of comments regarding the same content. Users are responsible for the content of their comments.
In case a comment service provided by third parties is installed, it is possible that, even if the Users do not use the comment service, the same collects traffic data related to the pages where the comment service is installed.
When visitors leave comments on the site, we collect the data shown in the comments form in addition to the IP address of the visitor and the string of the user agent of the browser to facilitate spam detection.

Contact the user
Mailing list or newsletter

By registering to the mailing list or newsletter, the User’s email address is automatically inserted into a list of contacts to which email messages may be sent containing information, including commercial and promotional information, related to this Site. Your email address may also be added to this list as a result of signing up to this Site or after making a purchase. Personal Data processed: surname; email; first name.

Contact form

By filling in the contact form with his Data, the User consents to their use to respond to requests for information, quotes, or any other nature indicated by the form header. Personal Data processed: surname; email; first name

Managing contacts and sending messages

This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User.
These services may also allow the collection of data relating to the date and time of the display of messages by the User, as well as the User’s interaction with them, such as information on clicks on links inserted in messages.

Mailchimp (The Rocket Science Group, LLC.)

Mailchimp is an address and email management service provided by The Rocket Science Group LLC. Personal Data processed: email. Place of treatment: USA – Privacy Policy. Subject adherent to the Privacy Shield.

Payment processing

Payment management services allow this Site to process payments by credit card, bank transfer or other means. The data used for the payment are acquired directly by the operator of the payment service requested without being processed in any way by this Site.
Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or notifications regarding payment.

PayPal (Paypal)

Paypal is a payment service provided by Paypal Inc., which allows the User to make online payments. Personal Data processed: various types of Data as specified in the privacy policy of the service

Stripe (Stripe Inc)

Stripe is a payment service provided by Stripe Inc. Personal Data processed: various types of Data as specified in the privacy policy of the service. Place of treatment: USA – Privacy

Hosting and backend infrastructure

This type of service has the function of hosting data and files that allow this Site to work, allow its distribution and provide a ‘ready-to-use infrastructure to deliver specific features of this Site.
Some of these services operate through servers located geographically in different places, making it difficult to determine the exact place where Personal Data is stored.

SiteGround Hosting (SiteGround Spain S.L.)

Siteground Hosting is a hosting service provided by Siteground Spain S.L. Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service. Place of treatment: Spain – Privacy Policy.

Interaction with external social networks and platforms

This type of service allows you to interact with social networks, or with other external platforms, directly from the pages of this Site.
The interactions and information acquired by this Site are in any case subject to the User’s privacy settings related to each social network.
This type of service may still collect traffic data for pages where the service is installed, even when Users do not use it.
It is recommended to disconnect from the respective services to ensure that the data processed on this Site are not linked to the User’s profile.

The collection and use of the information obtained through the plugin are governed by the respective privacy policies of the social networks, to which please refer:

Protection against spam

This type of service analyzes the traffic of this Site, potentially containing Personal Data of Users, in order to filter it from parts of traffic, messages and content recognized as SPAM.

Akismet (Automattic Inc.)

Akismet is a SPAM protection service provided by Automattic Inc. Personal Data processed: various types of Data as specified in the privacy policy of the service. Place of treatment: United States – Privacy Policy.

Remarketing and behavioral targeting

This type of service allows this Site and its partners to communicate, optimize and serve advertisements based on past use of this Site by the User.
This activity is carried out through the tracking of Usage Data and the use of Cookies, information that is transferred to the partners to which the remarketing and behavioral targeting activity is linked.
In addition to the possibility of making the opt-out offered by the services listed below, the User can opt out of receiving cookies related to a third party service, by visiting the opt-out page of the Network Advertising Initiative. 

Facebook Remarketing (Facebook, Inc.)

Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Site with the Facebook advertising network. Personal Data processed: Cookies; Usage data. Place of processing: USA – Privacy Policy – Opt Out.

Remarketing Google Ads (Google Ireland Limited)

Remarketing Google Ads is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the activity of this Site with the advertising network Google Ads and the Doubleclick Cookie. Users can choose not to use Google cookies for personalizing ads by visiting the Google Ad Settings. Personal Data processed: Cookies; Usage data. Place of processing: Ireland – Privacy Policy – Opt Out. Subject adherent to the Privacy Shield.

Remarketing with Google Analytics (Google Ireland Limited)

Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the tracking activity carried out by Google Analytics and its cookies with the advertising network Google Ads and the Doubleclick Cookie. Personal Data processed: Cookies; Usage data. Place of processing: Ireland– Privacy Policy – Opt OutOpt Out. Subject adherent to the Privacy Shield.

Interactions based on location
Geo-localization

This Site may collect, use and share Data relating to the User’s geographical location, in order to provide services based on the location. In particular, the calculation of taxes and shipping costs.
Most browsers and devices provide default tools to deny geographical tracking. If the User has expressly authorized this possibility, this Site may receive information about its actual geographical location. Personal Data processed: geographical position.

Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of the User’s behavior.

Google Analytics with anonymized IP (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize the ads of its advertising network.
This Google Analytics integration anonymizes your IP address. Anonymization works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries participating in the Agreement on the European Economic Area.  Only in exceptional cases will the IP address be sent to Google’s servers and shortened within the United States. Personal Data processed: Cookies; Usage data. Place of processing: USA – Privacy Policy – Opt Out.

Facebook Ads Conversion Tracking (Facebook pixels) (Facebook, Inc.)

The Conversion Tracking of Facebook Ads (Facebook pixels) is a statistical service provided by Facebook, Inc. that connects data from the Facebook ad network with the actions carried out within this Site. The Facebook pixel monitors conversions that can be attributed to Facebook, Instagram, and Audience Network ads. Personal Data processed: Cookies; Usage data. Place of processing: USA – Privacy Policy. Subject adherent to the Privacy Shield.

Google Analytics Display Advertisers Extension (Google Inc.)

Google Analytics on this Site may use Google interest-based advertising, third-party audience data and information from the Doubleclick Cookie to extend statistics with demographic data, interests and data on interactions with advertisements. Personal Data processed: Cookies; Usage data. Place of processing: USA – Privacy Policy – Opt Out

Google Analytics (Google Ireland Limited)

Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize the ads of its advertising network. Personal Data processed: Cookies; Usage data. Place of processing: Ireland – Privacy Policy – Opt Out. Subject adherent to the Privacy Shield.

Data transfer outside the EU

The Data Controller may transfer the Personal Data collected within the EU to third countries (that is, all non-EU countries) only in accordance with a specific legal basis. Therefore, such Data transfers are executed according to one of the legal bases described below. The User may request information from the Owner about the legal basis applicable to each individual service.

Transfer to third countries based on consent

When this is the legal basis, the transfer of Personal Data from the EU to third countries takes place only when the User has expressly consented to such transfer after being informed about the risks due to the absence of an adequacy decision and the appropriate safeguards taken.
In such cases, the Data Controller informs the Users and collects their consent through this Site. Personal Data processed: various types of Data.

Transfer to third countries on the basis of standard contractual clauses

When this is the legal basis, the transfer of Personal Data from the EU to third countries takes place on the basis of standard clauses for the protection of Personal Data adopted by the European Commission.
In such cases, the recipients of the Data have agreed to process the Personal Data in accordance with the levels of protection provided by the legislation. Users can request further information by contacting the Data Controller at the details indicated in this document. Personal Data processed: various types of Data.

Data transfer to countries that guarantee European standards

When this is the legal basis, the transfer of Personal Data from the EU to third countries takes place on the basis of an adequacy decision adopted by the European Commission. The European Commission adopts adequacy decisions with reference to individual third countries that it considers to ensure a level of protection of Personal Data comparable to that provided by European legislation on the protection of Personal Data. The User can view the updated list of adequacy decisions on the website of the European Commission. Personal Data processed: various types of Data.

Other legal basis for the transfer of data to third countries

When no other legal basis is applicable, Personal Data may be transferred from the EU to third countries only under one of the following conditions:

  • the transfer is necessary to execute a contract concluded between the User and the Owner or pre-contractual measures adopted at the request of the User;
  • the transfer is necessary to execute a contract entered into in the interest of the User by the Owner and another natural or legal person;
  • the transfer is necessary for reasons of public interest;
  • the transfer is necessary to establish, exercise or defend a legal claim;
  • the transfer is necessary to protect the vital interests of the Data Subject or of other persons, when the Data Subject is physically or legally unable to express consent.
  • In such cases, the Owner will inform the User about the legal basis applicable to the transfer through this Site. Personal Data processed: various types of Data.
Display of content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this Site and interact with them.
In the case in which a service of this type is installed, it is possible that, even if the Users do not use the service, the same collects traffic data relating to the pages in which it is installed.

Widget Video YouTube (Google Inc.)

Youtube is a video content visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages. Personal Data processed: Cookies; Usage data. Place of processing: USA – Privacy Policy.

Gravatar (Automattic Inc.)

Gravatar is an image visualization service provided by Automattic Inc. that allows this Website to incorporate content of this kind on its pages.
Please note that if Gravatar images are used for comment systems, the commentator’s email address (or parts of it) may be sent to Gravatar, even if it is not registered with this service. Personal Data processed: Usage data; email address. Place of processing: USA – Privacy Policy.

Automated decision-making processes

When a decision that can produce legal effects for the User or can affect his person in a similar way is made exclusively with technological tools and without human intervention, there is an automated decision-making process.
As part of the purposes described in this document, this Site may use your Personal Data to make decisions based entirely or partially on automated processes. This Site uses automated decision-making processes to the extent that it is necessary to conclude or execute a contract between the User and the Owner or, if required by law, with the consent given by the User.
Automated decisions depend on technological tools provided by the Owner or third parties and are generally based on algorithms that meet predefined criteria. The logic behind automated decision-making aims to:

  • allow or improve decision-making;
  • ensure fair and impartial treatment of Users;
  • reduce potential harm resulting from human error, personal bias or other similar circumstances which could result in discrimination or imbalance in the treatment of individuals;
  • reduce the risk of breach of the obligations of a contract by the User.

To obtain further information on the purposes, any third-party services and the logical specifications of the automated decision-making processes adopted by this Site, the User can refer to the respective sections of this document.

Effects of automated decision-making processes and rights of Users subject to them

Users subject to this type of processing may exercise specific rights aimed at preventing or limiting the potential effects of automated decision-making processes. In particular, Users have the right to:

  • receive an explanation of and opinion on any decision taken following an automated decision-making process;
  • challenge the decision asking the Holder to reconsider it or adopt a new decision on different bases;
  • request and obtain from the Owner a human intervention in the treatment. To obtain further information on the rights of Users and their exercise, the User can refer to the section of this document relating to the rights of Users.
User rights

Users may exercise certain rights with reference to the Data processed by the Data Controller. In particular, the User has the right to:

  • revoke consent at any time. The User may revoke consent to the processing of their Personal Data previously expressed.
  • object to the processing of their Data. The User may object to the processing of their Data when it takes place on a legal basis other than consent. Further details on the right to object are given in the section below.
  • access their Data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.
  • verify and ask for rectification. The User can verify the correctness of their Data and request its update or correction.
  • obtain the limitation of treatment. When certain conditions are met, the User may request the restriction of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than their storage.
  • obtain the deletion or removal of their Personal Data. When certain conditions are met, the User may request the deletion of their Data by the Owner.
  • receive your Data or have it transferred to another data controller. The User has the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, to obtain its transfer without hindrance to another holder. This provision is applicable when the Data are processed with automated tools and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures related to it.
  • lodge a complaint. The User may lodge a complaint with the competent personal data protection supervisory authority or act in court.
Details on the right of objection

When the Personal Data are processed in the public interest, in the exercise of public authority vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation. Users are reminded that, if their Data are processed for direct marketing purposes, they can object to the processing without providing any reason. To find out whether the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.

How to exercise rights

To exercise the rights of the User, Users can direct a request to the contact details of the Owner indicated in this document. Requests are filed free of charge and processed by the Owner as soon as possible, in any case within one month.

Cookie Policy

This Application uses Cookies and other Identifiers. To learn more, the User can consult the Cookie Policy.

Further information on the processing
Legal defence

The User’s Personal Data may be used by the Owner in Court or in the stages preparatory to its possible establishment for defence against abuse in the use of this Site or related Services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of public authorities.

Specific information

At the request of the User, in addition to the information contained in this privacy policy, this Site may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

System logs and maintenance

For needs related to operation and maintenance, this Site and any third-party services used by it may collect system logs, ie files that record interactions and may also contain Personal Data, such as the IP address User.

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time to the Data Controller using the contact details.

Response to “Do Not Track” requests

This Site does not support “Do Not Track” requests.
To find out if any third-party services used support them, the User is invited to consult their respective privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, on this Site and, where technically and legally feasible, sending a notification to Users through one of the contact details of which it is in possession. Please, therefore, consult this page frequently, referring to the date of last modification indicated at the bottom. If the changes affect processing whose legal basis is consent, the Owner will collect the User’s consent again, if necessary.

The document was updated on 02/04/2020 to comply with the relevant regulatory provisions, and in particular in accordance with EU Regulation 2016/679.