This notice describes, pursuant to and for the purposes of art. 13 and art.14 of EU Regulation 2016/679 (General Data Protection Regulation, hereinafter referred to as GDPR), the ways in which the named Adastra companies – as Joint Data Controllers – processes the data provided by You through the website. The processing of personal data will be based on the principles of lawfulness, transparency, correctness and protection of confidentiality and rights of the User, always in compliance with the European and Canadian legislation currently in force.
When we collect personal data, we follow the principles of minimizing the processed data, legality, transparency, and security. We strive to process only personal data that is essential and appropriate for the purposes for which the data was collected.
You can ask questions about the terms of processing your personal data or about the observance of your rights under the GDPR to any of the contacts listed in the section below. We will answer any questions or requests for free.
JOINT CONTROLLERS (referred later as “we”)
The named Adastra companies are part of the Adastra Group. When you interact with this website, your personal data will be jointly processed by the Adastra companies in their capacity as joint controllers.
The Joint Controllers, pursuant to Art. 26 GDPR, are:
- Adastra Corporation, Royal Bank Plaza, South Tower 200 Bay Street, Suite 1401, PO Box 82, Toronto, ON M5J 2J2, Canada
Email: [email protected]
- Adastra GmbH, Niedenau 36, 60325 Frankfurt am Main
Email: [email protected]
- Adastra Bulgaria Ltd., 1407 Sofia, Atanas Dukov St. No. 32
Email: [email protected]
- Adastra Thailand, 24080/24088, 24 Fl, Chamchuri Square,319 Phaya Thai Rd., Pathum Wan, Bangkok 10330
Email: [email protected]
- Adastra Hellas I.K.E., Vasileos Irakleiou 53 & Karolou Ntil 54623 Thessaloniki, Greece
Email: [email protected]
In addition to the methods set out above, you can contact us regarding any questions you have about the processing of your personal data through this website, by Adastra, via email at: [email protected]
- Site navigation data. The information systems and software procedures used to operate the website may acquire, during their normal use, some data whose transmission is involved in the use of Internet communication protocols. This category could include IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the User. These data are used for the sole purpose of receiving anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
- Contact Us form. In addition to the data collected when the User sends a message by e-mail to the e-mail addresses indicated on the site, the Contact Us form also collects: name, surname, email, phone number and any other data that the User enters in the message section. This data is used exclusively for the purpose of satisfying the User’s requests.
- Newsletter Sign Up. When a User subscribes to the newsletter through the appropriate form, the User is asked to enter his/her e-mail address. By registering for the newsletter, the e-mail address is included in a list of contacts to whom we may send information, including commercial and promotional information, relating to Adastra. The User’s e-mail address could also be added to this list, with previous consent, as a result of purchasing Adastra services.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
Generally, the data is processed for the following purposes:
- To execute the User’s requests and answer the User’s questions. The legal basis of processing is the legitimate interest of the Joint Controllers (Article 6, (1) (f) of GDPR) to be more efficient, to provide information about the services offered, and to improve and develop new products and services.
- For the internal administrative purposes of managing purchasing operations and, in general, to implement all contractual and pre-contractual measures adopted at the request of the User concerned, as well as all related operational and management requirements. The legal basis is the need to execute the agreement to which the User concerned is a party, or to implement pre-contractual measures (Article 6, (1) (b) of GDPR).
- For marketing and advertising purposes, to send you news about products, and services. The processing of data collected and stored for this purpose has as legal basis the express consent is given by the User (Article 6, (1) (a) of GDPR).
- To comply with the legal obligations to which the Joint Data Controllers are subject. In this last case, the legal basis is represented by the need to comply with legal obligations that require the Joint Data Controllers to collect and/or further process certain types of personal data (Article 6, (1) (c) of GDPR).
THE PROVISION OF PERSONAL DATA
The mandatory or optional nature of the provision of personal data, in relation to the individual requested information, is specified from time to time, during the collection of the individual data, by placing an asterisk symbol (*) next to the mandatory information. If you refuse to communicate some of your data marked as mandatory, this will make it impossible to pursue the main purpose of the specific collection: such a refusal may, for example, make it impossible to fulfill your request. The provision of additional data other than those marked as essential, is optional and does not imply any consequences in relation to the pursuit of the primary purpose of the data collection.
METHOD AND PLACE OF PROCESSING
We perform the necessary processing in accordance with EU Regulation 2016/679.
The processing of personal data is mainly carried out by electronic means by the Joint Controllers and other entities (personal data processors appointed on behalf of the Joint Controllers) who are appropriately selected for reliability and competence, and who carry out the operations necessary for the pursuit of the purposes closely related with the use of a website and its services.
Data is processed at the registered and operational offices of the Joint Controllers, at any other location where the parties involved in the processing are located, as well as on host servers under the responsibility of bandwidth and domain providers.
We adhere to the principle that personal data should be stored for a period no longer than is necessary to achieve the relevant purposes.
In accordance with EU Regulation 2016/679, the data is processed for the time necessary to perform the service requested by the User or in general to achieve the purposes for which it was collected.
The User’s personal data acquired by the Joint Controllers may be communicated to professionals, collaborators, legal persons and third parties who carry out services of a technical and organizational nature for Adastra. These parties will process the data as controllers, and data processors, as the case may be, in full compliance with the regulations in force as indicated above, and they will be provided only with the information necessary to carry out the relative functions. The User’s personal data will not be disclosed in any way.
- Other companies of Adastra Group: In some cases, we may share your personal data with other companies who are members of the Adastra Group, including Adastra (US) Corporation, Alvin Sherman Library, Research, and IT Center at NSU 5th Floor | 3100 Ray Ferrero Jr. Blvd, Fort Lauderdale, FL 33314.
- Third Party Providers: In some cases, we may share your personal data with organizations (and their subcontractors) that provide us with technology solutions and/or support, such as organizations that are engaged in maintaining our IT systems. This may also include organizations that provide systems that connect to our IT systems.
- Public authorities : We may share your information with public authorities to comply with legal requests (including without limitation to meet national security or law enforcement requirements applicable to the Joint Controllers) or where necessary, whether domestically or abroad.
The complete and updated list of Data Processors is available upon written request to email: [email protected]
The personal data collected is processed at the facilities of the Joint Data Controllers based in the EU/EEA, Canada and in the Kingdom of Thailand. The Joint Controllers ensure the implementation of tools that guarantee an adequate level of data protection in accordance with articles 44 and follow the GDPR.
LINKS TO OTHER SITES
This information is provided only for the Adastra website and not for other websites that may be consulted by the User through links.
The site allows for interactions with social networks through the social network links, special links on the site that represent the icons of social networks and allow users who are browsing our website to interact directly with social platforms via a single “click
RIGHTS OF THE DATA SUBJECT
At any time, in accordance with Articles 15 et seq. of EU Reg. 2016/679, you may exercise the right to:
- access the data processed, obtain information on certain aspects of the processing and receive a copy of the same (art. 15 GDPR, right of access).
- check the correctness of your data and request it be updated or rectified (art. 16 GDPR, right of rectification).
- obtain the cancellation or removal of your personal data (art. 17 GDPR, right to cancellation).
- limit the processing of your data, when certain conditions are met (art. 18 GDPR, right to the limitation of the processing).
- receive your data in a structured format in common use, and readable by automatic device and, if technically possible, to obtain its transfer without hindrance to another holder (art. 20 GDPR, right to portability).
- oppose the processing of your data when it takes place on a legal basis other than consent (art. 21 GDPR, right of opposition). When personal data is processed in the public interest, in the exercise of public powers vested in the Joint Data Controllers, or to pursue a legitimate interest of the Joint Data Controllers, you have the right to oppose the processing for reasons related to your particular situation.
To exercise these rights, you can send a request to: [email protected]. You can also lodge a complaint with the competent personal data protection supervisory authority.
PROFILING AND AUTOMATED DECISION MAKING
We do not make automated decisions solely on the basis of automated processing, including profiling, that gives rise to legal consequences for you or significantly affects you.
UPDATES AND CHANGES
This document has been updated and applies from April 2023.