Latest update: 17/06/2022
The protection of your privacy and the security of your Personal Data is important to us!
Please spend some time to read the present Privacy and Personal Data Protection Policy and to be informed on how the sole proprietorship «ΓΙΑΝΝΑΚΟΠΟΥΛΟΣ Π. ΝΙΚΟΛΑΟΣ» (‘GIANNAKOPOULOS P. NIKOLAOS’), headquarted in 10 Amfipoleos str., Kato Toumpa, Thessaloniki, P.C. 54454, Greece, with Tax Identification Number: 112777980, Tax Authority: 6th of Thessaloniki, e-mail: firstname.lastname@example.org , hotline service number: +30 231 550 7050 (hereinafter referred to as ‘the Company’, or ‘our Company’, ‘we’, ‘our’), acting as Data Controller, collects, organizes, stores, modifies, transmits, uses, and in general processes your Personal Data, when you visit, register or use our website of our Company (hereinafter: ‘the Website’), as well as when you transact in our physical store.
The Company shall take all appropriate technical and organizational measures designed to protect your Personal Data against any breach of its security, such as unauthorized or unlawful processing, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, and shall ensure the legitimate and lawful collection and processing of personal data.
In this effort, the Company fully complies with the applicable national, European and international legal framework regulating the protection of personal data, and in particular with the ‘General Data Protection Regulation’ (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) and the Law No. 4624/2019.
Purpose of the present Policy
We hereby wish to inform you on the way our Company collects, organizes, stores, transmits, uses, and in general processes your Personal Data, the categories of Personal Data collected, the principles for lawful processing of Personal Data, and the time period of its storage, aw well as the security measures taken for the protection of your Personal Data.
The present Policy applies to any processing of Personal Data, i.e. any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, deletion or destruction.
The present Policy is updated from time to time, whenever it is considered necessary, without prior notice, always in compliance with the applicable legal framework, the Personal Data Protection Authority guidelines, and the existing caselaw on Personal Data protection. We therefore recommend that you review the present Policy from time to time to keep yourself updated with any changes incurred.
What is Personal Data?
‘Personal data’ or data of personal character means any information relating to any specific natural person (‘Data Subject’) that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, e.g. name, ID number, postal address, email address, contact number, etc.
Health data is personal data specific to the physical or mental health of a natural person, including the receipt of medical services, which reveals information about the health of that natural person, and constitutes a special category of data.
Our Company shall not collect nor process your health data nor other special category data (‘sensitive data’), unless you disclose such data on your own initiative and with your explicit consent, for instance when you inform us on allergies to any specific components of our products.
Categories of Personal Data collected:
Our Company shall collect only the absolutely necessary Personal Data, which is adequate and suitable for the purposes of each processing.
The categories of Personal Data collected and in general processed are:
- Data collected upon the creation of a User’s Account on the Website: e-mail, login password, name, surname, sex, date of birth, postal address, contact number.
- Data collected during your transactions with us, either in our physical store or online, indicatively: your full name, postal address and/or invoice address, contact information including your e-mail and your phone number, your username in social media when you transact with us via such channels (e.g. Facebook, Instagram), as well as invoice details (name, TIN, Tax Authority, headquarter address for freelancers) in case an invoice is issued.
- Other data collected during your transactions with us, either in our physical store or online. For instance, we collect data from our conversation in the field ‘Contact form’, your comments and reviews on our products, any complaints submitted, details on your purchases, products added to or removed from your shopping cart, list of products you wish to purchase (wishlist), payment information etc.
- In addition to the aforementioned data provided, we may collect technical information that constitutes Personal Data, such as the Internet Protocol address of your device, e.g. computer, laptop, tablet, or smartphone. We also collect information related to our Website or other websites you have browsed before. Such technical information is used for the proper operation and performance of our Website and is not permanently stored in our infrastructure. For further details about the technologies used on our Website, please consult our Cookies Policy.
The provision of additional Personal Data to our Company, in addition to the necessary ones, is optional and does not have any impact on the main purposes of the data collection, but such provision serves as a way to optimize the quality of the services provided.
How is your Personal Data collected?
Your Personal Data is collected in the following ways:
Α. Directly from the Data Subject:
You, as Data Subjects, may provide your Personal Data when transacting with our Company, either in our physical store or online, in the following indicative cases:
1. when filling in the electronic ‘Contact Form’ or when sending us an e-mail or when you interact with us on social media (e.g. Facebook, Instagram), in order to find out about our products and services. Your Personal Data provided in such cases is processed upon your request before the conclusion of the sales contract, and with your consent, for the sole purpose of informing you about the products and services of our Company.
When your consent is required for the collection of your Personal Data, such as for the receipt of newsletter on a regular basis, it will be explicitly requested from you and you may withdraw your consent at any time, by requesting your removal from the recipients’ list (‘unsubscribe’).
2. for the performance of the sales contract and the fulfillment of our mutual contractual obligations, e.g. for the delivery of your order, for your information on the pick-up of your order from our physical store).
3. for the compliance of our Company with the legal requirements, e.g. issuing the relevant invoice, necessary accounting operations, compliance with tax obligations.
Β. Automatically, through the browser or the mobile device you use to access our Website.
Is the disclose of your Personal Data compulsory?
The Company shall not process your Personal Data without your consent. Nevertheless, the Company reserves the right, in exceptional cases, to process your personal information, to the extent permitted or required by law, and/or by court orders or prosecution orders.
Furthermore, the provision of your Personal Data to our Company may be required for the performance of the sales contract, for our legitimate interests, and in general for the fulfillment of the purposes set out n the present Policy.
In case you refuse to provide the information set forth as mandatory on our Website, it will impossible to achieve the main purpose of the collection of this Personal Data, and, for instance, we may not be able to execute the sales contract or to provide the services available on our Website (e.g. provision of information, submission of a request).
It is explicitly stated that Our Company reserves the right to inform you about the progress of your order, either by sending text messages (SMS, Viber, Whatsapp) from our mobile phone, or via e-mail, particularly in compliance with the applicable legal framework for the operation of commercial stores and the in-person pick-up of orders from the store.
Which are the principles relating to the processing of Personal Data on behalf of our Company?
Your Personal Data is processed by our Company lawfully, fairly and in a transparent manner in relation to you as Data Subjects, for the specified, explicit and legitimate purposes set out in the present Policy, and is not further processed in a manner that is incompatible with those purposes.
The Personal Data processed by our Company is adequate, relevant and limited to what is necessary in relation to the purposes for each processing. Furthermore, it is accurate and, where necessary, kept up to date. Personal Data shall be stored for no longer than is necessary for the processing purposes and may be kept for longer periods insofar as it will be processed solely for archiving purposes or statistical purposes, and with all the adequate technical and organizational measures taken, such as anonymization.
Your Personal Data is protected with sufficient technical and organizational security measures, in a way that ensures the required security and protection against any unauthorized or unlawful processing, accidental loss or destruction, and is not transmitted to countries not securing an adequate level of protection.
Purposes and Lawfulness of Processing of Personal Data
With aims to providing you the best possible experience during your shopping either in our physical store or online, it is necessary for us to collect your Personal Data. The collection and processing of Personal Data is always in compliance with the applicable legal requirements regarding the protection of Personal Data. Should you choose not to disclose your Personal Dara or deny some communication rights, we may not be able to provide some of the services requested.
We may collect and process your Personal Data, for the following purposes indicatively:
- To perform the sales contract and fulfill of our mutual contractual obligations, e.g. so that we can process the order and deliver the products, provide customer services to our customers, execute your request for return or replacement of products. In this context, we may collect and process your full name, postal address and/or invoice address, contact information (e-mail and phone number), your username in social media, invoice details, products purchased, purchase history. The disclose of such Personal Data is necessary for the performance of the sales contract, the execution of the order, the delivery of products and the provision of services. For this reason, your consent is not required for this processing.
In case you request the delivery of products to a third person, you assume entirely the responsibility to inform and ensure the consent of the person you indicated as the recipient, as well as you bear any liability for their claims regarding the disclosure of their Personal Data to our Company, exclusively for the purpose of delivering products to them.
In the context of the performance of the sales contract, we may be required to transmit your Personal Data to third parties for the supply or delivery of the products you have ordered, i.e. for the conclusion of our sales contract, for example to the courier company. Likewise, we may process your Personal Data, in order to comply with our contractual obligations, to refute or to raise and exercise our legal claims, deriving from our contractual relationship.
- For the processing of your payments, during the execution of our contract, and for the prevention of fraudulent transactions. Our Website has a SSL Certificate for encrypting the data exchanged between the customer and our e-shop. Data of your debit/ credit cards is not stored on our systems during the transaction, since such data is only available to the affiliate bank used for the online payment transactions.
- For your access to our Website and the use of the services of our e-shop, as well as for the provision of the service ‘User’s Account’.
- For the facilitation of the conclusion of the sales contract, e.g. reply to requests/ queries submitted through the electronic ‘Contact From’ or via e-mail or social media (Facebook, Instagram), information about the availability and features of the products you wish to purchase. Your Personal Data provided in such cases is processed upon your request before the conclusion of the sales contract, and with your consent, for the sole purpose of informing you about the products and services of our Company.
- To reply to your complaints/ reports/ reviews, in the best way, as well as for research purposes. We may also preserve a record with your reviews/ complaints, for the optimization of our services and our best response to any future communication. This processing is based on our legitimate interests to provide the best possible customer service and to be able to develop and improve our systems and services for the products we provide, based on the personal experience of those transacting with our Company.
- For the receipt of ‘Newsletter’ on regular basis, with your explicit consent on the collection of your Personal Data. By subscribing to our ‘Newsletter’, you can be informed on offers and suggestions most relevant to your interests. In this case, you reserve the right to withdraw your consent at any time, by requesting your removal from the recipient list (‘unsubscribe’).
- For the compliance of our Company with our contractual or legal obligations, for reasonable time, in accordance with the applicable legislation, e.g. issuing the relevant invoice, necessary accounting operations, compliance with tax obligations. In this context, we may exchange data by law enforcement or in compliance with court decisions or prosecution orders, e.g. exchange of data with judicial or tax authorities.
- To communicate with you, when required by law or when necessary to inform you of changes in the services provided, e.g. updates relevant to privacy notices, product recalls and legally required information about your orders.
Our Company fully comprehends the importance of protecting minors’ Personal Data, particularly in an online environment. Our Company’ policy is to refrain from collecting and processing in general Personal Data relating to any person known to be under the age of 15, without the written consent of their legal guardians/ representatives. In case of Personal Data relating to minors that have completed the 15th year of age, the processing is lawful, upon the minor’s consent.
How long is your Personal Data retained?
With regard to your Personal Data related to orders and purchases of products, we retain such data for five (5) years after their completion, time period required for us to comply with our contractual or legal obligations, such as tax and commercial legislation.
Your statement of consent for receiving our ‘Newsletter’ is kept for as long as the Company sends you a ‘Newsletter’ and no more than six months after the termination of that service, following the withdrawal of your consent (‘unsubscribe’).
By the end of this retention period, your data will be completely deleted, or may be preserved in anonymous form, so that it can be used in an unrecognizable way for statistical analysis and business planning.
Who collects your Personal Data? Transmission to third parties
The processing of your Personal Data is conducted by the sole proprietor or by specifically authorized personnel, with respect to privacy and with all the adequate measures for the protection of Personal Data.
Your Personal data may be transmitted to affiliates or to third parties, for the provision of services, the evaluation and improvement of the website functionality, for marketing purposes and technical support. Such third parties shall have contractually committed to us that they will use the Personal Data transmitted to them only for the aforementioned purposes, and that they shall not transmit/ further disclose the personal information to third parties, unless required by law.
The Company shall not market your Personal Data by selling / renting it, providing, transferring, publishing or disclosing it to third parties or otherwise using it for purposes other than those for which it was originally collected or in ways that its privacy may be endangered.
Security of Personal Data
The security and protection of your Personal Data is our first priority.
Recognizing the importance of your Personal Data security, we implement all the adequate technical and organizational measures, designed for the secure preservation and protection of your Personal Data against any breach of its security, such as any unauthorized or unlawful processing, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to.
In the unlikely event of security breach or loss of your Personal Data, we shall inform you without undue delay and, where feasible, not later than 72 hours after having become aware of the event.
Cases of automated collection of Personal Data
In some cases, our Company and its service providers use technologies to automatically collect certain categories of Personal Data, when the user visits our e-shop, as well as through the e-mails that may be exchanged with the Company. The collection of such data allows the Company to personalize the customer’s online experience, to improve the performance, usability and effectiveness of the Company’s online presence, and to evaluate the effectiveness of its marketing services. Such technologies are:
1. IP Addresses: The IP address is a number that is attributed to the computer of each customer each time they access the Internet. It enables computers and servers to be recognized and to communicate with each other. The IP addresses of the visitors may be recorded for reasons of safety of the Information Technology, and system diagnostics. Such data may be also used in bulk form, for the analysis of our Website tendencies and output.
2. Cookies: By the term ‘cookies’, we refer to small text files that are stored either on the computer or on any electronic device used. The purpose of cookies is to notify the website that the user visits of their previous activity. For more information, please consult our Cookies Policy .
Which are your rights against the processing of your Personal Data?
Regarding the processing of your Personal Data on our behalf, we reserve the following rights:
1. You have the right to be informed at any time about your Personal Data that we have collected and process, the purposes of such processing, whether we transfer it to third parties and to whom, and other relevant information.
2. You also have the right to request access to your Personal Data retained, by receiving receive a free copy of it upon request. For any further copies requested, you may be charged a reasonable fee based on administrative costs.
3. You also reserve the right to request the updating, completion, and / or rectification of any incomplete or inaccurate Personal Data, as well as the restriction of its processing, and the erasure from the Company’s systems (‘right to be forgotten’), if the Personal Data is no longer necessary in relation to the purposes for which it was collected, or if it has been unlawfully processed, and as long as there are no other compelling legitimate grounds for the continuation of the processing (e.g. for compliance with a legal obligation which requires the processing, for statistical purposes, for the establishment, exercise or defence of legal claims).
4. You have the right to request the portability of your Personal Data to the person you shall indicated, in case the processing is based on your consent or for the performance of the contract, and the processing is carried out by automated means.
5. You have the right to request the object to the processing of your Personal Data, and we shall refrain from any further processing and we will erase your Personal Data, unless there are compelling legitimate grounds for the continuation of the processing, which override your interests, rights and freedoms, or unless the continuation of the processing is necessary for the establishment, exercise or defense of our legal claims.
6. Finally, you have the right to withdraw your consent, in case the lawful processing is based on your consent, e.g. in case of subscribing to our ‘Newsletter’.
For anything related to your Personal Data, and/or for the exercise of your rights, as stipulated above, you may contact our Company, either by phone at our contact number +30 231 550 7050, or via e-mail at email@example.com, or by submitting a relevant written request at our physical store (address: 10 Amfipoleos str., P.C. 54454, Kato Toumpa, Thessaloniki, Greece).
For the protection of the confidentiality of your information, we shall request you to validate your identity, before we evaluate any request submitted in accordance with the present Policy. To this end, any request with respect to the exercise of your aforementioned rights shall be accompanied with the adequate identification documents and all the required information shall be provided (e.g. the specific Data to be rectified or updated). If you have authorized a third person to submit a request on your behalf, your authorization to the intended actions shall be proven accordingly.
Our Company is committed to ensure that your queries and requests are addressed to promptly and in any case within one month of their receipt. This period may be extended by two (2) more months, if necessary, taking into account the complexity of the request and the number of requests. You will be informed of such extension and of the reasons for the delay.
If you submit your request by electronic means, the response will be provided also by electronic means, unless you request otherwise (e.g. written letter). If your requests are profoundly unfounded or excessive, in particular due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs for the provision of information or for the performance of the requested action, or refuse to further process the request.
The applicable law is the Greek law, as established in accordance with the ‘General Data Protection Regulation’ (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) and the Law No. 4624/2019, and in general with the applicable national, European and international legal framework on the protection of Personal Data.
The competent courts for any dispute arising related to your Personal Data are the Courts of Thessaloniki.
Right to resort to the Hellenic Personal Data Protection Authority
In case the Company delays beyond the reasonable time to respond to your request, or you believe that your rights regarding the processing of your Personal Data are being violated, you are entitled to file a complaint before the competent supervising authority, the Hellenic Personal Data Protection Authority, at the postal address: 1-3 Kifisias str. P.C. 115 23, Athens, Greece, or via e-mail at: firstname.lastname@example.org , or by phone at: +30 210 6475600.
Questions and comments
If you have any further questions, or any comments and concerns about the present Privacy and Personal Data Protection Policy and the management and protection of your Personal Data, please contact us by phone at: +30 231 550 7050 ή via e-mail at: email@example.com .