Privacy Policy

Introduction
This Privacy Policy is governed by the provisions of the General Data Protection Regulation (hereinafter “GDPR”) EU 679/2016, which has entered into force on 25-5-2018, as amended, in conjunction with the applicable national legislation, protects and generally uses your personal data when you visit, register as a member or use its website, as well as when you interact with it, electronically or in its physical store. The Business, in compliance with the above Regulation, the respective Directives and the applicable national legal framework, takes all appropriate technical and organizational measures to protect your personal data, the safeguarding and lawful processing of which is considered of fundamental importance to us. This Policy forms an integral part of the “Terms of Use and Transactions” of the online shop and is an integral part of them.
1. Definitions – Concepts
Below we briefly set out the basic concepts that you will find in this Policy, so that you can fully understand its content. 1) Personal Data: any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be established, directly or indirectly, primarily by reference to an identifier such as a full name, an identification number, a contact telephone number, a postal address, a postal address, location data, an online identifier or one or more factors specific to the physical, physiological, mental, physical or mental characteristics of the data subject. 2) Data subject: any identified or identifiable natural person whose personal data are processed. 3) Processing of personal data: any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, storage, structuring, retrieval, alteration or alignment, consultation, use, disclosure, dissemination or any other form of making available, alignment, combination, restriction, erasure and/or destruction of personal data. 4) Controller: a natural or legal person, public authority, agency or other body, which alone or jointly with others, determines the purposes and means of processing personal data, implements appropriate technical or organisational measures following all the basic principles introduced by the GDPR, reviews and updates these measures whenever necessary, exercises supervision over the processors to whom it has delegated the processing, ensuring the lawfulness of their actions. (5) Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. (6) Data subject’s consent: an indication of the data subject’s intention by a clear affirmative action, free, explicit, specific and fully informed, for the data relating to him or her to be processed.
2. Personal data that we collect
This is information that you enter electronically either during your registration as a user-member or during the process and completion of your purchases obligatory and for the execution of our contractual legal relationship, such as, but not limited to, your e-mail address (e- mail), your full name, the delivery address of the ordered product, your contact telephone number, your personal identification number and your tax office, in cases where an invoice is issued, but also information related to the operation of our online store and collected automatically. Finally, it is possible to collect data only for statistical purposes, which are however coded and do not allow your identification. As expressly stated in the section “Terms of Use and Transactions”, the use of our website by minors under the age of 18 is prohibited and we do not knowingly collect information about them. In the event that any collection of data about a minor is detected, this information will be deleted in a timely manner. In the event that personal data of a third person (name, postal address and contact telephone number) are provided, especially in the case of purchasing a gift for this person, the Business will protect the personal data of the third person in accordance with this Privacy Policy.
3. How we collect and use personal data
1) Create a user account: The Business processes the data provided in order to provide you with all the functions of the user-member of our website and to facilitate the process of purchasing products or searching for them. 2) Product orders. In the event of a failure to collect data from our online or physical store, it will not be possible to process and complete your order. It is possible that the data declared by you may be transferred to third parties (e.g. shipping companies / courier companies) for the supply or delivery of the ordered products, without the transmission of which it is not possible to complete the sales contract. Furthermore, we retain your data for a reasonable period of time (see in detail in section 7 “For how long your data is retained”), in order to fulfil all contractual obligations on our part, such as for example returns or product changes, in accordance with the provisions of the applicable legislation. 3) Newsletter. You have the possibility to withdraw your consent at any time by selecting the unsubscribe link from the newsletter download list, as shown at the bottom of the e-mail. 4) Contact: The Business uses your data in order to respond to queries submitted, product replacement requests, refund requests or complaints, in accordance with our contractual and statutory obligations and the legitimate interests of the Business in order to provide the best possible service and improved service delivery. 5) Participation in tenders: The Business processes your data in case you participate in competitions it conducts, so that it can notify you in case you are the winner to receive your prize. 6) Compliance with a legal obligation: The Business processes data in accordance with its legal obligations following requests, orders, orders, pleadings, warrants from supervisory, prosecutorial, judicial, tax or other competent authorities. In addition, your data are processed and used by the Business in order to enable it to inform you of any changes or information related to the services provided by the Business. Such messages will not contain advertising content and therefore do not require the prior consent of the data subject, provided that they are sent by e-mail or simple text message. The only cases where data are processed for a purpose other than that for which they have been collected, if deemed necessary, are the following.
4. Legal bases for data collection and processing
The Business, in compliance with the Principles of Processing of the GDPR EU 679/2016 and the national legal requirements, as currently in force, collects and uses personal data on the following legal bases: 1) Terms of performance of the contractual relationship: data processing by the Business in order to fulfill the contract for the sale of products from the online store. 2) The subject’s consent: for the registration and creation of an account in the online store, for communication for the purpose of customer service and/or for the option to receive newsletters from the Business. Any withdrawal of consent is valid for the future. 3) Compliance with legal obligations: compliance by the Business with all tax and other legal obligations during the execution of the contract for the sale of goods. 4) Legitimate interest of the Business: to adopt tools and/or means of customer service before and after the sale and to best manage customer issues based on their needs, as is reasonably expected from a modern and organized business. In addition, for the purposes of collecting and maintaining statistics and improving products and services, through the processing of purchase history, without identifying a specific data subject and without affecting the rights and freedoms of the data subjects. Furthermore, for the development of the business activity of the Business itself. In any case where the Business processes your data on the basis of its legitimate interest, you may request the cessation of processing for reasons relating to your personal situation and the Business, respectively assessing the necessity or otherwise of the cessation, may decide whether to do so.
5. Purpose of data processing
The Business collects and processes data for the following purposes: 1) the management of the sale of the products and in particular for the submission of the order by the customer, its registration, the invoicing of the products, their delivery, their withdrawal or return, the information on the progress of the order and its monitoring 2) the execution of the contractual relationship and compliance with its legal obligations 3) the technical excellence, security, statistical analysis and optimization of the commercial transactions 6) the creation of a user-customer account, with his/her consent for such account creation, in accordance with the legitimate interest of the Business for its security and the identification of the subject, where and when necessary.
6. Legal framework of commercial communication
It is defined by the GDPR 679/2016, by the consumer protection legislation (Law 2251/1994), as well as by the laws on the protection of personal data and privacy in the electronic communications sector (Law 2472/1997, Law 3471/2006, Law 3917/2011, Law 4070/2012), as amended from time to time. The purpose of processing data for direct commercial communication is the Business’s promotional activities, informing customers about the products for sale, the expression of interest in participating in competitions, if they have been legally acquired in the context of the sale of products and prior consent has been given for this purpose. It is expressly stated that, in accordance with the legislation in force to date, e-mail contact details lawfully acquired in the context of the sale of products or services or any other transaction may be used for the direct promotion of similar products or services of the supplier or for similar purposes, even if the recipient of the message has not given his prior consent, provided that he is given the opportunity to object in a clear and distinct manner, in an easy and free of charge It may be requested to cease communication with the Business at any time either by unsubscribing from e-mails or by contacting any of the Business’s means of communication.
7. For how long your data is kept
Personal data are kept for as long as you have an account in our online store or provide your consent for any of the above processing purposes and in any other case for the time necessary to fulfill the purposes set out in this Policy. The data remain in the database of the Business’s online store until the moment you request their deletion, except in the case where their retention is imposed under a legal obligation. The data are deleted immediately after the fulfilment of the purposes for which they are kept, while it is possible that some data, for example orders, are kept coded and in an unidentifiable manner and only for the purposes of statistical analysis by the Business. With regard to personal data related to product purchases, the Business retains such data in compliance with its legal and contractual obligations, such as for example for tax or commercial purposes. In this particular case, the data are kept for five (5) years. Your contact data for the purposes of commercial communication with you are kept for five (5) years or until the withdrawal of the consent given, at which point the Business undertakes to delete them and not to use them any longer.
8. Rights of the data subject
1) Right of rectification: the data subject has the right to request the rectification or amendment of inaccurate personal data, as well as the completion of incomplete data, by means of a supplementary declaration. 2) Right to information: the data subject has the right to be informed of the purpose of the processing of his/her data, the categories of data and to whom they are transmitted. 3) Right of access: the data subject has a right of access, under certain conditions, to the data held by the controller in respect of him or her, and in particular may be informed of the type of personal data held, how they are used, the third parties to whom they are disclosed, the period for which they are stored and your rights in relation to them. However, it may be possible to justifiably refuse to provide information to the data subject, for example where the data have been recorded because they could not be erased due to legal or regulatory obligations to retain them or where they serve exclusively data protection or control purposes and providing information would require a disproportionate effort and the necessary technical and organisational measures make it impossible to process them for other purposes. 4) Right to erasure/right to be forgotten: the data subject has the right to request the erasure of his or her personal data and the controller must do so without undue delay where the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, where the data subject withdraws his or her consent and there is no other legal basis for the processing, where they must be erased by law. Exceptionally, their erasure may be refused indicatively and not restrictively in cases of compliance with a legal obligation requiring processing for the establishment, exercise or maintenance of legal claims. 5) Right to object: the data subject has the right to object to the processing of personal data concerning him or her, including profiling and direct marketing, unless there are compelling legitimate grounds for processing which override the rights of the data subject to establish or support legal claims of the Business. 6) Right to restriction of processing: the data subject has the right to request the restriction of the processing of his/her data when the accuracy of the data is contested, when the data is no longer useful for the purposes of the processing, when the processing is unlawful and finally when the objections of Art.21 par. 1 GDPR and pending verification of the validity of the legitimate grounds for processing. 7) Right of portability: the data subject has the right to obtain the personal data concerning him or her and to request their transfer to another controller.
9. Procedures for exercising rights
In order to exercise the above rights, you may submit a free of charge request to the Data Controller, using the details shown in the following paragraph of this Policy (see in detail “Data Controller and Contact”), under the title “Exercise of rights” and the Business will ensure the fastest possible response. The response to each Request shall be free of charge and shall be provided within one (1) month of receipt, and in any case any additional extension requested by the Business for any reason whatsoever shall not exceed two (2) months. Furthermore, the Business may reject Requests which are unfounded, abusive, contrary to good faith and generally illegal, notwithstanding the requirements of the law. If your Request on the same subject is manifestly unfounded or excessive, in particular because of its repetitive nature, the Business may impose a reasonable fee, seeking any administrative costs incurred in providing information or performing a requested action. In order to respect the confidentiality of your information, before submitting any Request, you will be asked by the Business to verify your identity with the relevant documents. In case of authorization of a third party, which will act for you and on your behalf, it is necessary to show the corresponding Authorization to such party, with the authenticity of the signature certified by a competent authority. You also have the right, in case of violation by the Business of the applicable national law and regulatory framework on the protection of personal data, to appeal to the competent Supervisory Authority and in particular to file a complaint with the Personal Data Protection Authority (PPA), located in Athens, at 1-3 Kifissias Street, P.O. Box 11523, tel. 210 6475600.
10. Applicable law
The law applicable to disputes arising from this Policy is Greek law, in conjunction with the GDPR EU 679/2016, as amended, as well as with the applicable national and European legislation and regulatory frameworks.
11. Third party recipients of personal data
Access to your data is granted to the strictly necessary personnel of the Business, who are contractually bound to respect the confidentiality and privacy of the information. For the proper operation of the e-shop and for the fulfilment of its contractual obligations, the Business cooperates with third party companies, which only have access to your data that is absolutely necessary for the general provision of services to you. During the transfer and disposal of your personal data, the Business takes all necessary steps to maintain the highest possible level of security and commits the third parties involved to comply with the appropriate organisational and technical measures for the protection of your personal data. Indicatively and not restrictively, such cooperating companies are the company that supports and technically hosts the online store, the transport/postal company and the payment service providers. In this regard, it is noted that during the payment process the Business does not record or store payment information. You provide the information directly and exclusively to the respective payment provider and are therefore bound by the respective Privacy Policy held by the payment provider. The Business bears no responsibility for the collection and processing of your data when you enter the websites of third parties, partners or not of the Business, and therefore you are invited to consult the respective Data Protection Policy of the website you are visiting.
12. Security data
The Business is committed to taking all necessary organizational and technical measures to ensure the security and protection of your personal data from any form of unwanted or illegal processing, using all technologically advanced methods. The personal data submitted by you are managed exclusively by specially authorised personnel of the Business who are under its control and supervision. The website for your secure online transactions uses TLS 1.2 encryption with 128/256-bit encryption protocol (Secure Sockets Layer – SSL). Encryption is a way of encoding information until it reaches the intended recipient, who will be able to decode it using the appropriate key. Our online store is protected by an SSL certificate, which guarantees secure data exchange, thus preventing malicious users from stealing your personal data. In addition, to identify you as an account user, your username and password are required on the one hand and on the other hand. By entering the data, access is granted to the respective user account, a process which is fully secure through encryption during the transfer of data on the Internet and on the Business’s servers. You must not disclose the login details of your account and safeguard against unauthorised access to it by third parties, as you are solely responsible for maintaining its secrecy. In any case, the security of your data in the environment of the Business’s online shop is subject to reasons beyond the Business’s sphere of influence and control, as well as reasons due to technical or other network weaknesses beyond the Business’s control or due to fortuitous events or reasons of force majeure.
13. Use of Cookies and similar technologies
The Business’s website uses Cookies in order to be more efficient in its operation, to provide improved browsing services and to ensure the accurate and correct display of its content, in compliance with the GDPR and the e-Privacy Directive, as incorporated into the Greek legal order. Please note that the browsing data collected and processed through Cookies are exclusively related to your shopping habits. Cookies are small text files that request permission to be installed by the browser on your computer. Once installed, they help analyse web traffic and allow web applications to adapt their functions to your needs by collecting and storing information about your preferences. By accepting the Cookies when you enter the Business’s website, you expressly declare that you have read and understood the specific terms and conditions of their installation, operation and purpose and provide your consent to the use of each of them. You have the option not to accept the installation of Cookies, in which case only the Cookies that are technically and functionally absolutely necessary for the smooth operation of the online store will be installed. In addition, you are given the opportunity to edit at any time the categories of Cookies that you wish to accept or not. 1) Absolutely Necessary Cookies. These Cookies do not recognise any personal identification data but only ensure the smooth operation of the website and therefore the user/visitor’s consent is not required for their installation. 2) Functionality Cookies: allow the website to remember your choices in order to provide even more improved and personalized functions. They cannot track your browsing history on other websites. 3) Statistical Cookies: used for statistical purposes and to optimize the performance of a website, they measure its traffic and do not collect information identifying the visitor’s identity. 4) Marketing cookies: they collect information about your actions on our website. The information collected relates to the number of visitors to the website, the number of pages viewed in order to improve the services provided by the Business and advertisements related to your preferences.
14. Amendments to this Policy
The Business reserves the right to amend this Policy at any time, updating it in compliance with any legislative amendments, regulatory frameworks, revisions of practices or technical requirements. In the event of material changes in the way the Business processes your data, you will be notified accordingly. Please review this Policy periodically to be aware of the ways in which your personal data is protected. In any case, if you continue to use this website of the Business and the services offered, you are deemed to accept unconditionally any modifications made to it in accordance with the above. In the event of any disagreement with this “Privacy Policy”, you are requested to refrain from using the Business’s website.