Hempstar s.r.o. (Klimentská 1746/52, Nové Město 110 00 Prague 1, Czech Republic hereinafter referred to as data controller) as a data administrator, the operator of the web store, is bound to accept the content of this legal notice. Hempstar s.r.o. is responsible for ensuring that all data management related to it's activity meets the requirements set out in this Code and the applicable legislation. A Hempstar s.r.o. data protection policies are continuously available at the following website:

Hempstar s.r.o. reserves the right to change this information at any time. Of course, you will notify your audience in due time of any changes. If you have any questions about this announcement, please write to us ( and our colleague will answer your question.

Hempstar s.r.o. committed to defending your personal information. Hempstar s.r.o. keeps personal information confidential and takes all security, technical and organizational measures that guarantee the security of your data. Hempstar s.r.o. describes the data management principles below.


The data management activity of Hempstar s.r.o. is based on a voluntary contribution. In some cases, however, the management, storage, and transmission of a particular set of data are made mandatory by law. We would like to point out that, if you provide personal information on behalf of another person, the data supplier is obliged to obtain the consent of the person concerned.



Registered users have the right to access specific content on the website.

The aim of the data management is to distinguish between users, to collect the address data needed for home delivery of ordered products and to analyze user habits to increase the quality of the service.

The legal basis for data handling is the volunteer's contribution.

Scope of managed data: password, username, name, e-mail address, phone number, shopping history (list of previously ordered products), date and time of entries.

The deadline for deletion is two years from the last login.



On the website registered users have the option for credit collection.

Registering as a user will perform a user registration under the "HEMPSTAR USER ACCOUNT" section of this brochure, their data will be included in the above database.

The username and password data provided during the registration under this chapter provide access to the credit collection option.

Hempstar s.r.o. Independent measurement and auditing of webanalitical data as an external service provider is assisted by Google Analytics servers. Google Analytics logs the page usage. For details on managing measurement data, go to for details.

Deadline for deletion: two years from the last entry by the user. Deleting and modifying the data: You can request deletion and modification of the data at or at



Hempstar s.r.o analyzes the data and habits of buyers / users, inquirers in order to communicate personally to their users. Hempstar s.r.o. tracks user activity (eg open, click) in posted newsletters.

The purpose of the data management is to send e-mail newsletters containing business advertisement to the interested parties, information on special sale actions, direct marketing content.
The legal basis for the data handling is the voluntary contribution of the user. The scope of the managed data: identification number, date, time, e-mail address, name, consent for direct marketing request, and the system stores the analytical data regarding the sending, unsubscribing, delivery and opening of messages (eg, event date and time, computer IP address, cause of unavailability).

Duration of data handling: until the user's consent is withdrawn, but no longer than 24 months from the user's last newsletter.
You can ask for the withdrawal of the consent for the transmission of direct marketing messages and the deletion or modification of your personal data at the following addresses:

by clicking on the link for unsubscribe in the footer of the newsletters,
by e-mail at, as well
by post to: Klimentská 1746/52, Nové Město 110 00 Prague 1, Czech Republic

Data processor: Hempstar s.r.o.

Klimentská 1746/52, Nové Město 110 00 Prague 1, Czech Republic



For a tailor-made service, the service provider provides a small data packet, places a cookie and reads it later. If your browser returns a previously saved cookie, the cookie operator can link the user's current visit with the past, but only for their own content.

The purpose of data management is to identify, distinguish between users, identify users' current session, store data, prevent data loss, identify users, track web analytics, and track user data. Legal Basis for Data Management: Contribution of the Contributor. The scope of the data being processed: identification number, date, time, and previously visited pages.

Duration of data handling:

until the session is completed
three weeks
two weeks
33 months

Cookies with a valid validity period (permanent) are stored on your computer until they are deleted, but at the latest until their expiration date. The above-mentioned external providers (Google) can also handle cookies to achieve their goals. Google as an external service provider can also handle cookies to accomplish its goals.

For information about Google cookie management, visit

Cookies can be deleted from your computer or disabled in your browser. To manage cookies, you can usually use the Privacy / History / Custom Settings menu in cookies, cookies, cookies or tracing in the Tools / Preferences menu of browsers.


If you would like to contact our company, you can use the contact form provided at the "Contact" section of the website or on the e-mail address. Using the information provided in the contact forms, the system generates an email that will be forwarded to the database described in the "Customer Support Database" section of this brochure.  All emails that you have sent to us will be deleted with the sender's name, email address, date, time, and other personal data as stated in the message, no later than five years after the date of disclosure.



Hempstar s.r.o. and its computing systems and other data retention sites are located at its headquarters and at its data processors.  The IT tools used for the handling of personal data are selected and operated by the managed data:

(available) to those entitled to it;
credibility and authentication (credibility of data management);
its integrity can be verified (data integrity);
unauthorized access (confidentiality of data).

Hempstar s.r.o. the data are protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as unavailability due to accidental destruction, damage and alteration of the technique used.

Hempstar s.r.o. povides an adequate technical solution to protect the data files that are electronically managed in its various registers, that stored data can not be directly linked and assigned to the data subject unless permitted by law.

Hempstar s.r.o.  protects the security of data management, providing a level of protection that meets the risks associated with data management.

Hempstar s.r.o retains its data handling,

secrecy: it protects the information so that it can only access the person who is entitled to it;
integrity: it protects the accuracy and completeness of the information and processing method;
vailability: Ensure that when the eligible user needs it, can have access to the information.

Hempstar s.r.o and its partners are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intruders, and denial-of-service attacks. The operator provides security through server-level and application-level security procedures.

We inform the users that electronic mails, protocols (email, web, ftp, etc.) transmitted over the Internet are vulnerable to network threats that lead to dishonest activity, controversy or disclosure or modification of information. To protect such threats, the data controller will take all the precautionary measures he or she may have to take. Observes the systems so that it can record any security dangers and provide evidence of any security incident. System monitoring also allows checking the effectiveness of the precautions used.



Name: Hempstar s.r.o.

Head office: Klimentská 1746/52, Nové Město 110 00 Prague 1-, Czech Republic

Business Registration Number: IC 060 61 397

Tax number: CZ06061397




You may request  the correction or blocking of your personal data, except for mandatory data handling, as described in the data entry or at the above mentioned contact details of the data controller.


At the request of the person concerned: Hempstar s.r.o. as a data processor, provides information about the data processed by the processor or the processor he manages, the source of the data, the purpose, legal basis, duration of the data processing, the name and address of the data processor, data management, data on the circumstances of the data protection incident and the measures taken to remedy it , and data transmission its legal basis and the addressee. The data controller shall provide the information in writing in the shortest possible time, but not later than 25 days, in a comprehensible form, at the request of the person concerned. This information is free of charge if the request for information has not yet been filed with the data controller for the same data field during the current year. In other cases, Hempstar s.r.o. sets a cost of reimbursement.


A Hempstar s.r.o. corrects personal data if it does not comply with the reality and has the personal information that is true.


Hempstar s.r.o. will disclose personal information if it is unlawful, the person concerned requests, the data is incomplete or incorrect - and this status can not be legally remedied - provided that the deletion is not excluded by law, the purpose of data management has ceased or the data storage law has expired, it is ordered by the court or by the National Data Protection and Information Authority.


For the deletion, locking and rectification of personal data, the data controller has 25 days. If the data controller fails to comply with the correction, blocking or cancellation concerned, he or she communicates, within 25 days, in writing or with the consent of the person concerned, the reasons for the rejection.

A Hempstar s.r.o. correction, blocking, signing and deletion, and informing those who previously forwarded the data for data processing. It fails to be notified if it does not prejudice the legitimate interests of the data concerned for the purposes of data management.


The person concerned may object to the handling of his or her personal data if the processing or transmission of personal data is only necessary to comply with the legal obligation of the data processor or to enforce the legitimate interests of the data processor, data subject or third party, unless data management is prescribed by law;
Use or transfer of personal data is done for direct business acquisition, polling or scientific research.

In other cases specified by law.

he protest shall be examined within the shortest time, but not more than 15 days after the submission of the protest, it shall decide on its validity and shall inform the applicant in writing thereof. If the data controller establishes the validity of his / her protests, data management, including further data collection and data transfer, will terminate and lock the data, and inform the protest and the measures taken on the basis of those who have previously transferred the personal data involved in the protest, and who are obliged to take action to enforce the right to protest. If the user disagrees with the decision of the data processor, he or she may appeal to the court within 30 days of the communication. Hempstar s.r.o. will not  delete the relevant data if the data processing is ordered by law.


Hempstar s.r.o. reimburses any damage caused to others by unlawful handling of the data concerned or breach of the requirements of data security. In the event of violation of the personality right of the person concerned, the injured party may ask for compensation. The data controller is also responsible for the damage caused by the data processor to the data subject. The data controller is exempted from liability if the damage is caused by an unavoidable cause outside the scope of data management. The Data Handler does not compensate for the damage and can not be claimed for damages insofar as damages caused by the injured party or the infringement of personality rights have come from the deliberate or grossly negligent conduct of the person concerned.


In case of breach of his or her rights, the user can turn to the court. The court in charge of the data controller's domicile may be the district court of Prague, or the person concerned may choose the court of jurisdiction in his place of residence.



Black Friday