Effective date: 23 August 2025

This Policy explains the rules for processing personal data and the use of cookies on the maryjane.farm website (the “Service”). We care about users’ privacy and process data in accordance with the GDPR (Regulation (EU) 2016/679).

1. Data Controller

The controller of personal data is Maryjane.farm (the “Controller”).

2. Contact for data matters

For matters related to data processing, please contact: info [at] maryjane.farm

3. Scope of data processed

Depending on how you use the Service, we may process the following categories of data:

  • Newsletter data: email address, date/time of subscription (double opt‑in), information about opens/clicks to the extent necessary to send and improve mailings.
  • Comments data: name/pseudonym, email address, IP address, comment content, optional website URL; timestamps.
  • Correspondence data: email address, information contained in the message content and correspondence metadata.
  • Technical/log data: IP address, timestamps, request headers, device/browser identifiers, error records (server logs).
  • Cookies and similar technologies: first‑party and third‑party cookies, local storage, as described in Section 10.

4. Purposes and legal bases for processing

We process data for the following purposes:

  1. Running the newsletter – sending content, news and educational materials (GDPR Art. 6(1)(a) – consent). You may withdraw consent at any time.
  2. Publication and moderation of comments – enabling discussion under articles, preventing abuse and spam (GDPR Art. 6(1)(f) – the Controller’s legitimate interests in operating the Service and protecting it against abuse).
  3. Handling correspondence – responding to enquiries (GDPR Art. 6(1)(f)).
  4. Statistics, analytics, maintenance and security of the Service – e.g. measuring traffic, diagnosing technical issues, error logs (GDPR Art. 6(1)(f); where consent is required – GDPR Art. 6(1)(a)).
  5. Establishing, exercising or defending legal claims (GDPR Art. 6(1)(f)).

5. Data recipients and processors

Data may be disclosed to:

  • IT/hosting providers supporting the maintenance and development of the Service;
  • newsletter service providers;
  • anti‑spam/anti‑bot providers;
  • analytics and statistics providers;
  • law firms, advisors, auditors – where legally justified;
  • public authorities – to the extent required by law.

We conclude data processing agreements with processors.

6. Transfers outside the EEA

If data are transferred outside the European Economic Area (e.g. due to using providers located in the USA), we apply appropriate legal safeguards, including Standard Contractual Clauses (SCCs) or other instruments provided for under the GDPR. Information on the safeguards used is available upon request.

7. Data retention periods

  • Newsletter: until consent is withdrawn or the mailing list is discontinued; evidence of subscription (double opt‑in) – for the limitation period of potential claims.
  • Comments: for as long as they are published in the Service; technical data related to abuse prevention – for the period necessary to protect the Service (usually up to 12 months), unless a longer period follows from law or ongoing proceedings.
  • Correspondence: for the time necessary to respond and to demonstrate the course of communication (usually up to 24 months).
  • Logs and technical data: for the period necessary to ensure security and business continuity (usually up to 12 months).

8. Rights of data subjects

You have the right to: access your data, rectify them, erase them (“right to be forgotten”), restrict processing, data portability, object to processing based on legitimate interests, and withdraw consent (without affecting the lawfulness of processing carried out before withdrawal).

You also have the right to lodge a complaint with a competent supervisory authority for data protection in the country of your habitual residence, place of work or alleged infringement.

9. Voluntary provision of data

Providing data is voluntary, but necessary to use certain features (e.g. publishing a comment, receiving the newsletter). Failure to provide data may prevent use of a given feature.

10. Cookies and similar technologies

  1. The Service uses first‑party cookies to ensure its proper functioning (e.g. remembering preferences).
  2. The Service may use third‑party cookies for analytics/statistics and abuse prevention. For this purpose we request your consent via the cookie banner.
  3. You can manage cookies in your browser settings (including blocking or deleting them). Limiting cookies may affect certain features of the Service.

11. Newsletter

  1. Subscribing to the newsletter requires providing an email address and confirming the subscription (double opt‑in).
  2. Each email contains an unsubscribe link; you can resign at any time.
  3. As part of the newsletter, we may measure basic statistics (opens, clicks) to improve the content and quality of mailings.

12. Comments

  1. By publishing a comment, you consent to its public display together with your provided name/pseudonym. The email address is not published.
  2. Comments may be automatically verified (anti‑spam) and moderated. The Controller may remove or block comments that violate the Terms of Service.

13. Data security

We apply appropriate technical and organisational measures, including encrypted connections (SSL/TLS), access controls and data minimisation.

14. User‑submitted materials (photos/works)

  1. You may submit your own materials to the Service, in particular photos of plants or crops, graphics and descriptions (the “User Materials”). Data contained in the User Materials, including file metadata (e.g. EXIF: date taken, device model, GPS coordinates), may be processed for publication, moderation, presentation and to secure the Service.
  2. We recommend removing metadata (especially location information) before uploading files.
  3. If the User Materials contain images of individuals, you should have the appropriate permissions from those persons for dissemination in the Service. Publishing third‑party personal data without a legal basis is prohibited.
  4. User Materials may be subject to automated technical processing (e.g. compression, cropping, thumbnails, transcoding) and moderation. Detailed rules for publication and licensing are set out in the Terms of Service.

15. Changes to this Policy

This Policy may be amended; we will inform you by publishing a new version in the Service. The new version applies from the date of publication, unless stated otherwise.