The company with the name “…… ..” and the distinctive title “……”, hereinafter the “Company”, recognizes the importance of the security of personal data and electronic transactions.
The www . website . com is fully in line with the provisions of the Data Protection Regulation of the European Parliament and of the Council of 27 April 2016 (EU 2016/679 ) hereinafter referred to as the “Regulation” and undertakes to pay due diligence for the correct and secure processing of personal data. which collects and processes.
We understand that by giving us your personal information, you are entrusting us with this information. We have created this policy to give you full transparency about the data we collect from you, the purpose for which we collect it and the way we use it. We must ensure that you understand the rights you have regarding your personal data and its processing. The present policy of the Company, aims to inform you about the data collected for the service of the relationship between us and for your rights, for access, correction and deletion of this data.
1. What data do we collect:
We receive, collect, store and generally process the following for you:
- Personal data and information that you enter through the Website, including information that you provide when you create an account on the Website (namely: name, surname, telephone number, e-mail address and tax registration number in case we are asked to issue an invoice for a purchase),
- Information contained in or related to any kind of communication you have with us, either directly or through our website.
- Information such as the ones that are analyzed below under the title “Cookies”.
The personal data that you enter during your registration or your consent must be complete and true and must include the following: full name, address, telephone and valid e-mail address.
2. Conditions for obtaining consent
Our Company collects and processes the data based on your consent. Your consent is provided in the form of your written statement expressly excluding any other way. The request for consent is distinct, understandable, in an easily accessible form and uses clear and simple wording. You have the right to withdraw your consent just as easily as you did.
3. For what purpose do we collect the data
Our Company, following the principle of data minimization, limits the collection and processing only to personal data which are appropriate, relevant and necessary for the purpose for which they are processed.
Specifically, we collect, store and process your personal data, after your explicit and free consent in order to:
i . the execution of the distance purchase contract through an online store, or from the physical store,
ii . the performance of the service you requested us to provide,
iii . the compliance of our company with the current legislation, indicatively and not restrictively: the tax, labor and insurance legislation,
iv . the registration of an order, sending an order to the postal address you gave us, tracking the order until delivery,
v . the information about any problem that arises during the execution of the order immediately, and the answer to any question or request,
vi . your information about our news, events and offers to improve our services, only if you have given us your explicit consent,
vii . conducting tenders,
viii . internal research and statistical analysis to find out how our site is used and to understand how we can improve it,
ix . the most complete response to a complaint (s) regarding your order,
x . our compliance with the requirements of the law, regulatory authorities and compliance regulations (if applicable),
xi . verification of compliance with the terms and conditions governing the use of our website,
xii . the protection of our civil rights,
xiii . understanding of your interests, so that we can customize the content, offers and other actions we display on our site in such a way as to best suit your interests and preferences.
4. To whom do we communicate / disclose your personal data:
We communicate your personal data:
- to the courier service provider, the carrier, the agency of your choice and the post office in order to execute and send your order to the postal address you have stated to us.
- in any public authority, court, if we are obliged by the current legislation, as it applies each time.
- Our company can work with companies, which you can find on our website and pass on to them personal data of visitors-users to be processed and managed for optimal service, through advertising, promotion of new services and shipping newsletters to visitors-users. These companies as third parties (experts) are obliged to any legal, professional, or other binding obligation of confidentiality of personal data.
5. Links to other websites
Our website may contain links or advertisements, which refer to websites, third party websites or companies that do not belong to our business. These links are provided for the convenience of the user only and do not imply that our company endorses or accepts their content. Our Company does not bear any responsibility in case you post your personal data on a website other than that of our company. Our Company does not control these links and is not responsible for their data and the policy they follow regarding the protection of personal data. The connection to these websites is the sole responsibility of each user. The above third party providers of these websites and websites, have the full (civil and criminal) responsibility for the security, legality and validity of their content, excluding any liability of the Company, such as, for example, liability for copyright or any right of a third party. Consequently, users are required to contact the above third party providers directly for anything that arises from visiting or using their websites and webpages. The users of this website accept that the Company is not obliged, nor can it control the security and content of both the websites and websites, as well as the services of third parties to which it provides access. However, the Company reserves the right at any time to remove, modify or discontinue any third party service or connection to third party websites and websites, if in its sole discretion the law or these terms are threatened or violated. All actions you take on a website or website other than that of our company, are done at your sole risk.
6. Data storage period
We store and generally process your personal data for the duration of the contractual relationship between us. If our contractual relationship expires, we retain your personal data for as long as is still required until the time required by the current legislation to comply with, for example, tax laws, statute of limitations for any relevant claims.
As for personal data that we store for the sending of newsletters (newsletters) and offers, their retention is done for as long as we are legalized by your explicit consent.
Finally, in case of revocation of consent, we are obliged to permanently delete the personal data for which your consent was revoked.
8. Rights under the Regulation
According to the Personal Data Regulation (EU 679/2016) you have the following rights:
I. _ You have the right to know what personal data we hold and process, the purposes for which they are processed, the recipients or categories of recipients to whom they are disclosed and the period for which they will be stored (right of access).
II . You have the right to request at any time, and our Company to perform without undue delay, the correction of inaccurate personal data and the completion of incomplete data (right of correction).
III . You have the right to object to the processing of your data and we will immediately stop processing it unless there are other legitimate reasons that prevail (right of objection).
IV . You have the right to request, and our company to execute without undue delay, the restriction of the processing of your data (right of restriction).
V. _ You have the right to request, and our company to execute without undue delay, the deletion of your data from our database if their processing is not necessary to serve the purposes for which they were collected or you have revoked your consent to the collection and data processing (right of forgetting).
VI . You have the right to ask us to receive in readable form the data you have provided yourself or to ask us to pass it on to another processor (portability right).
VII . You have the right to revoke at any time, without charge, the consent you have given us to process your personal data. This applies to cases where the processing of personal data is done by consent and not on the basis of our contractual relationship or personal data that the company must maintain under current legislation for purposes of control and compliance for example with tax or other provisions (eg order execution , invoicing).
VIII . You have the right to file a complaint to the Supervisory Authority under the name Personal Data Protection Authority electronically at the following address www.dpa.gr.
For all the above rights and their exercise, contact our headquarters, 55 Ostrovou Street, 11363, Athens or e-mail …… ……………… or tel. …………………………… .. Within a reasonable period of one (1) month from the receipt of your request, our Company will respond in writing to your request.
9. Update of personal data
In order to be able to keep your personal data up to date, we advise you to inform us in a timely manner of any changes or incorrect entries of your information. To review and / or process personal data, or to find out how long our business intends to retain personal data or other questions regarding access to personal data, or if you would like to request that we provide you with information on whether we hold or process any of your personal information on behalf of third parties, please contact the relevant department at ……………
All information related to your personal information is secure and confidential. Security is achieved by the following methods:
A. User Identification
a) The codes used to identify you as a user are two: the Password (e-mail or username) and the Personal Security Code (password), which each time they are registered provide complete security access to your personal information . It is possible to change the personal secret security code, as often as you wish. The user is solely responsible for maintaining the confidentiality of this code and its concealment by third parties. In case of loss or leakage, we must notify you immediately, otherwise we are not responsible for the use of the secret code by an unauthorized person. Secret passwords are stored in our database using an encryption algorithm, making it impossible for even administrators to retrieve it, thus protecting the system even in the event of a malicious attack.
To ensure the confidentiality of the transfer of personal data, we use ………… SSL-2048bit encryption protocol. Encryption is essentially a way of encrypting information until it reaches its intended recipient, who will be able to decrypt it using the appropriate key (this is done automatically by the ssl protocol). Encryption and use of ssl is mandatory on all pages, whether they contain sensitive data or not.
Β. Controlled Access – Security Systems
Access to our systems (servers) is controlled by a firewall, which allows the use of specific services by customers / users, while prohibiting access to systems and databases with confidential data and information of our business. All servers have an Antivirus service that scans for possible malware that could cause data leaks. For server management, access is only allowed through a VPN service to which only our technical team has access, thus preventing any access from a public network, even if the administrators’ access data is leaked for any reason. The filesystem of the servers is encrypted, so that even if someone has physical access to a server with our data, they can not decrypt the data.
C. Back Up
We keep daily backup copies of all data to prevent any hardware failure in a safe place. Copies are automatically deleted from our systems with a maximum lifespan of one month. Copies are stored in the same datacenter but in a separate storage unit, having exactly the same access and protection principles as the original data. Backups are encrypted so that even if they are leaked, they cannot be recovered.
Δ. Data Leakage
If we notice any case of data leakage, either due to a malicious attack on our systems, or by mistake of a user, our actions are as follows:
a) Temporarily shut down the application, until we ensure that any security gap is closed.
b) Immediate notification of users and / or customers about the violation, its size and in case the error has come from a member, the possible way of dealing with it.
c) Immediate notification of any authority is responsible depending on the type of leak (eg in case of malicious attack the cybercrime department of the Greek police is notified).
Cookies can be either “persistent” cookies or “periodic” cookies. A persistent cookie will be stored by a web browser and will remain valid until the specified expiration date, unless deleted by the user before the expiration date. A cookie magazine, on the other hand, will expire at the end of the user’s period when the web browser is closed. We use both, periodic and persistent cookies on our website.
The information generated regarding our website is used to generate reports about our website and the traffic of our website. This way we can continuously improve our website and constantly adapt it to your needs.
Users can control and / or delete cookies as they wish (for details see aboutcookies.org). Blocking or deleting all cookies will have a negative effect on the stability of many websites. If users choose to close our cookies, they will not be able to use all the features of our website.
This policy may be renewed from time to time, e.g. due to amendments to the relevant legislation. We encourage users to periodically check this page for the latest information on privacy practices.
Questions & communication
If you have any questions about this policy or if you wish to exercise any of your rights as described herein, please contact us at firstname.lastname@example.org or at the following address:
Address: ………………………………………… …….
Tel: ……………………………………….. …………………..