Privacy Policy

Who we are and what we represent

Our website address is: https://roshem.net

Our consulting and client services offerings, case studies and impact data can be found at: https://roshemimpact.com

The Roshem Network platform is led by a team of mission-driven leaders committed to realizing positive impact for people, planet and profit through cannabis and hemp trading. Together, we are committed to developing the global regenerative economy, including through organic and regenerative agriculture, circular product and textile development, sustainable packaging, and technological solutions for impact, in a way that creates benefit for all stakeholders.

Roshem Impact Ltd. is a private limited liability company based in Rucici, the Republic of Serbia.

What personal data we collect and why we collect it

  • Our visitors’ IP addresses and their browser user agent strings – only for the purposes of login authentication, security, spam prevention, analytics and assessments of our web traffic, marketing and communications efforts. We do not share user location data or browser history with any third-parties for commercial purposes such as third-party market research or location-based advertising. Such data or history may be accessible to, or managed by, third-party applications exclusively for the maintenance of website functionality and for research on the efficiency of our marketing campaigns and the extent of our web presence and online traffic.
  • Our members are asked to provide their authentic first and last names, and choose usernames reflective of their actual names. We ask for information about their businesses, their professional profile and history, and their interest in the cannabis industry, alongside their geographical location and contact information. This information is shared with our administration team and our network of approved and vetted members. We do not provide access to member information to third-parties such as advertisers and researchers without member consent. Third-parties with access to member information are limited to payment processors and providers of technical services and support related specifically to the functionality of the platform and website. If any specific research studies are conducted by our team members in collaboration with an educational or research institution, we request direct member consent and engagement ahead of time.

Consent

By clicking “accept” upon reading this Privacy Policy, you are providing consent to the collection of your personal data as outlined in this Policy. Please make sure to read through this Policy in detail prior to visiting the members’ section of our website. You have the right to withdraw your consent at any time. You can send notice of withdrawal of consent by electronic mail to media@roshem.com Your withdrawal of consent shall not affect the lawfulness of prior processing based on consent before its withdrawal.This consent provision is written with the intention of maintaining compliance with the General Data Protection Regulation (GDPR) European Union directive of 25 May 2018.

Note that the above Consent provisions are published on Roshem Network only

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.We do not collect such location data, however, our intention is to ensure that our members are aware of a range of considerations related to their personal data and privacy.

Contact forms

The information collected from visitors and members through contact forms is shared within our team only, as related to Roshem.net, Roshem Impact and the particular inquiry itself. We do not share contact form inquiries, or other inquiries, with Roshem Network members other than the member who submitted the form, and we do not share such inquiries with any third parties.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks.

If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Member posts are moderated and require approval prior to publication. Members receive details regarding which third-party websites they may not publish links to. The general rule in place is that as a private social network, we do not accept posts that link to other social networks.

Analytics

At this time, we utilize Google Search Console and CrazyEgg for analytics purposes. Both of these services relate only to public-facing information on our website, and traffic to https://roshem.net and https://roshemimpact.com as related to the website people see when they are not logged-in. We do not utilize these tools to manage or measure the behavior of logged-in members.

Visitor comments may be checked through an automated spam detection service.

Who we share your data with

Our team members at Roshem Impact, Roshem Network and Roshem Ventures. You can find out more about who we are by visiting https://roshem.com and https://roshemimpact.com We publish the names of all of our leadership staff, and our entire team, on these websites and no other individuals are involved with managing member data on this platform. Should we consider engaging the services of a third-party for website maintenance or development in the future, we will request the permission of our existing members and publish data regarding the company we collaborate with and the particular development team involved. In the case that we undertake any research projects, we actively consult with our members and request for their consent and active participation in such research. Furthermore, we transparently communicate with our members regarding all factors related to their data privacy. We conduct our work in such a way so that the members of our platform know exactly who they are interacting with and who has access to their data. We do not make user data available to any third-parties in any circumstances other than those described above.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website https://roshem.net, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time, however, they cannot change their username. Website administrators can also see and edit that information.

What rights you have over your data

Roshem strongly believes that you have the right to control the use of your personal information, and that your privacy must be respected.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

We strictly limit the collection and processing of your personal data, and to the best of our abilities we will work only with other organizations who do the same. We will not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us, as set out below.

We do not sell, rent or lease personal data.

We will vigorously challenge any attempts by government agencies or private sector organizations to gain access to any information that you give us.

Right to portability

You have the right to receive the personal data concerning him or her, which you have provided to Roshem in a structured, commonly used and machine-readable format and you have the right to transmit that data to another membership platform, technology service provider, consulting provider, or any other third-party without hindrance from Roshem, in accordance with Article 20 of the GDPR.

Right to erasure

You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes in compliance with the General Data Protection Regulation (GDPR) of the European Union.

In further detail, you have the right to obtain from Roshem the erasure of personal data concerning you without undue delay and Roshem shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw the consent on which the processing is based, and where there is no other legal ground for the processing;
  • you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
  • the personal data has been unlawfully processed;
  • the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which Roshem is subject;
  • the personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR

Where Roshem has made the personal data public and is obliged to erase the personal data, Roshem, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform third-party controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by European Union or Member State law to which Roshemis subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Roshem ; for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims.

Data processing restrictions

You have the right to obtain from Roshem restriction of data processing where one of the following applies:

  • You are contesting the accuracy of the personal data stored about you as part of your Roshem Network membership, and you are requesting restriction for a period enabling the Roshem to verify the accuracy of your personal data;
  • the processing is unlawful and your are opposing the erasure of your personal data and requesting the restriction of its use instead;
  • Roshem no longer needs your personal data for the purposes of the platform, but you require the data for the establishment, exercise or defence of legal claims;
  • you object to data processing pursuant to Article 21(1) of the GDPR pending the verification of whether the legitimate grounds of Roshem override the grounds that you claim.

Where processing has been restricted according to this article, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

If you have obtained restriction of data processing pursuant to paragraph 1 of this Article, you shall be informed by Roshem before the restriction of processing is lifted.

Right to rectification

You have the right to obtain from Roshem Impact, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Your contact information

The contact information you provide us with as part of your application is accessible to our team members, while your username, contact phone number and email address may be accessible to other members of the platform in accordance with your profile settings. We do not share your full legal name, address, or confidential personal identifying information with any unauthorized third parties. Examples of authorized third parties include payment processors and technology providers directly engaged with maintaining and ensuring the functionality of the platform. Members of the platform control their profile settings and the specific information shared about them with other members.

How we protect your data

Personal data shall be subject to additional safeguards to ensure this data is processed securely. For example, we work hard to ensure data is encrypted when in transit and storage, and access to this data will be strictly limited to a minimum number of individuals and subject to confidentiality commitments.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to any of our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. When possible, encryption is used, both in transit and storage. Access controls within the company limit who may access information.

Notification of personal data breach

In the case of a personal data breach, Roshem will, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55 of the GDPR, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, Roshem shall communicate the personal data breach to you and other affected members without undue delay. Such information will be provided to you in clear and plain language and will describe the nature of the personal data breach and contain at least the information and measures referred to in points (b), (c) and (d) of Article 33(3) of the GDPR.

Direct communication of a data breach to you or other members shall not be required if any of the following conditions are met:

  • Roshem has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
  • Roshem has taken subsequent measures which ensure that the high risk your rights and freedoms, or those of any other members, are longer likely to materialize;
  • it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby you and other members are informed in an equally effective manner.

Who do we share personal data with?

We maintain direct control over as many processes as we can. As necessary in connection with the above purposes, your personal data may be transferred to the Board of Directors or our authorized third-party service providers and partners. We conscientiously select and review authorized third parties when possible and review their privacy and security policies. These authorized third parties may be engaged in, among other things, the processing of payments and technology support. Limited members of Roshem staff or the staff working for these third parties may also access and otherwise process your personal data in connection with their job responsibilities or contractual obligations.

Some of these personnel and authorized third parties (for example payment processors) may transfer data outside Israel, Serbia or the European Union (“EU”). We take appropriate steps to ensure that data remains within jurisdictions with adequate protections for personal data and ensure that recipients of personal data from us are bound to duties of confidentiality, where relevant or appropriate. Where this is not possible, we rely on data minimization, the selection of trusted companies with privacy policies and auditable processes which we have reviewed and seek to ensure that there are adequate safeguards in place for protecting transferred data, for example Standard Contractual Clauses. For more information on the safeguards for transfer in a particular operation please contact us. We may also be required to disclose or otherwise process your personal data in the context of a regulatory audit to which we may be subject from time to time.

Communications

Emails received through media@roshem.com are reviewed by two staff members, sent onwards when necessary to other staff members, and deleted as quickly as possible. Similarly, emails sent to our other general addresses, i.e. selena@roshem.com, sharon@roshem.com are reviewed and deleted as quickly as possible. We do not disclose the names of senders to others outside of Roshem Impact Ltd., i.e. third parties, without your permission.

We use email service providers in the United States of America and Ireland. As a result our emails are susceptible to lawful access in the United States of America and Ireland. Our current service provider is Google.

We administer a mailing service for notifications by email based on interest in topics that you have explicitly indicated to us. Outgoing messages are processed by our mail service and internet providers.

Information we receive by post is collected by two staff members, reviewed, and sent onwards when necessary to other staff members. These items are destroyed as soon as possible. We use our best efforts to prevent disclosure of the names of senders to third parties, consistent with our legal obligations and we endeavour to keep files secure. If the content of messages is shared with third parties, we de-identify the messages as much as possible.

Website privacy details

We design and administer our web services to limit the amount of data collected. We endeavour to protect users and their data when we process data collected.

We limit collection by minimizing the number of ways we track you. We honour do not track requests. We do not use third parties to track you. We may point from our website to other internet services that use cookies and other forms of tracking. This is particularly the case with multi-media services, and with the links that we post on our Twitter and Facebook accounts.

It is helpful to Roshem Impact Ltd. to know how our websites are used.

To undertake analysis of how our site is used, we use tools and applications to obtain the following data:

  • To know how many visitors per day visit this website
  • To know which items on our site are being downloaded (e.g. PDFs, images, long-form, reports, short items)
  • To identify items not found, i.e. 404s so that we can fix them
  • To identify the types of operating systems being used and browsers so we can design our site accordingly
  • To identify the time of day when our site is most used in case we want to do syncs and repairs (that result in our site being down temporarily)

How to contact us

Please read the Policy carefully. To update your preferences, review or update your information, submit a request, raise any issues regarding the processing of your personal data or raise any questions, comments, or concerns about the Policy, you may contact us at media@roshem.com, or by mail at Roshem Impact, 422 Richards Street, Suite 170, Vancouver, British Columbia, Canada, V6B 2Z4