In General
The Company acts as data controller responsible for personal data it collects and processes when navigating and using the website, creating an account and placing an order. The collection and processing of personal data is done in accordance with the Company’s Privacy Policy. During the navigation of the user on the website, the Company does not collect personal data from the visitors. However, it may collect certain information using cookies, in accordance with the Cookies Policy.
Categories of Personal Data
To create a user account, the Company collects and processes information such as: name, address and email address. To complete an order from the online store, the Company collects and processes information such as: name, shipping address of the order, and email address. It may also collect information regarding the selected payment method. In case of payment using a credit or debit card, the card details are not stored in the company’s storage media during the transaction, but are registered directly in a secure environment of the cooperating banking institution.
Sensitive personal data
The Company does not collect sensitive personal data of users/customers.
Data Sources
The data is collected from the customers and users of the website themselves, through the creation of an account, when placing an order or sending a message through the contact form. Also, data provided by the customers themselves is collected when they communicate with the Company via e-mail, telephone or through the Company’s social media pages. In addition, data is collected using cookies.
Purpose of data collection and processing
The information collected and processed by the company is necessary to maintain a user account, complete orders and send/deliver to the customer the products they have ordered, and communicate with the customer regarding their order, in execution of the sales contract with the Company (legal basis for contract execution). Also, the Company maintains data that are necessary for the fulfillment of legal and tax obligations, the claim of fees or in case of litigation (legal basis for the fulfillment of legal obligations). The Company may use the data it collects for advertising purposes, following the express and explicit consent of the data subject (opt-in). For any other use of your personal data, the user will be informed at the time of its collection.
Data retention time
The Company keeps the data for as long as is necessary to fulfill the purposes for which they were collected. The data collected to create a user account is kept for as long as the account is active. The data collected for the execution of the contract and the fulfillment of the company’s tax obligations are kept for a period of twenty years. This time may be extended if required or permitted by law, or if the extension is necessary for the Company to meet its tax or legal obligations or in the event of legal or extrajudicial litigation.
Data transmission to third parties
The Company undertakes not to disclose, sell, share, announce, or otherwise make known, the Personal Data, except for the cases described in this Privacy Policy. The Company may transmit data to service providers and partner companies, which have been carefully selected and bound by contract in advance, for the purpose of operating the online store and executing orders. Personal data is transmitted to the company that provides hosting services for the website (web-hosting).
Personal data is transmitted to courier companies that undertake the shipment of orders. Also, personal data is transmitted to consultants (e.g. lawyers, accountants), financial institutions, professional service providers, such as marketing, advertising, e-mail, website optimization and hosting services, payment control services, the Cyber Crime Unit, the Protection of Consumer and e-fraud prevention services, for cases of malicious use. The above categories of recipients of personal data are processors on our behalf and therefore as such do not process any data beyond the above purposes of transmission.
Technical and organizational security measures
The Company takes all appropriate technical and organizational measures for the protection of personal data and the security of transactions (Application firewall, server firewall, SSL encryption). In addition, only authorized employees of the Company have access to the personal data of users/customers, and access by unauthorized persons to your personal data is prohibited. Please note that no security system or data transmission system over the Internet is completely secure. For this reason, users/customers are encouraged to avoid sending sensitive personal data through the website/online store. In the event of a violation, the user/customer as well as the competent supervisory authority are immediately informed.
Rights of a personal data subject
The user/customer has the right to Access their Personal Data, the right to Rectification, the right to Limit Processing, the right to Erasure, the right to Data Portability and the right to Object to Processing, by submitting a request in writing to the address … In addition, the costumer has the right to complain to the Personal Data Protection Authority, in writing (Kifisias 1-3 , PO Box 115 23, Athens) or electronically (www.dpa.gr).
