• The personal data that we collect and process in connection with your relationship with us as a customer and through your use of our website
• Where we obtain the data from
• What we do with the data
• How we store the data
• Who we transfer/disclose the data to
• How we deal with your data protection rights
• How we comply with data protection rules
All personal information is collected and processed in accordance with data protection laws in force in Greece and the European Union.
B. What personal data we collect
Personal data means any information relating to you which enables us to identify you, such as your name, contact details, payment details and information about your access to our website.
We may collect personal data from you when you use our website and when you contact us.
More specifically, we may collect the following categories of information:
• Name, home address, email address, telephone number, details of credit/debit cards or other payment instruments;
• Additional information that includes your name, nationality, date of birth;
• Information about product purchases;
• Information about your use of our website;
• Communications that you exchange with us or direct to us through letters, emails, calls and social media.
C. Where, why and for how long we use your personal data
Your personal data may be used for the following purposes:
• Providing products and services that you request: We use the information that you give us in order to provide you with the products and services that you request.
• Verifying/Screening credit cards or other payment instruments: We use your payment details for accounting, billing and audit purposes, as well as for detecting and/or preventing any instances of fraud.
• Communication with the Customer Services department: We use your data in order to manage our relationship with you as a customer, improve our services and enhance your experience.
• Marketing: From time to time we may contact you electronically to inform you about our offers.
However, you may choose to opt in or opt out of receiving such kinds of communication, by stating this directly to us by telephone, email or any other appropriate means.
We process your personal data only when we have a legal ground to do so. The legal ground will depend on the reasons why we have collected and need to use your personal data.
In most cases, we must process your personal data in order to be able to enter into a contract with you for the sale of a product.
In addition, we may process your personal data for the following reasons:
- To comply with some legal obligation (e.g. auditing of financial services at our store);
- Because you have consented to our use of your personal data (e.g. for marketing purposes, outreach to customers).
Only individuals over 18 years old can provide their consent. In the case of persons under 18 years old, the consent of their parents or legal guardians is required.
We will not retain your data longer than required for the purpose for which it is being processed. In order to determine the appropriate data retention period, we take into consideration the volume, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve these purposes through other means.
In addition, we take into account the length of time that we may be required to retain personal data in fulfillment of our legal obligations (e.g. in respect of checks by tax authorities) or in order to protect our legal rights in the event of a claim being brought.
When we no longer need your personal data, we securely delete or destroy it, issuing a relevant proof of destruction certificate. Moreover, we consider if and how we can minimize over time the personal data that we use, as well as whether we can anonymize it, so that it can no longer be associated with you. In such a case, we may use the data without further notice.
D. Security of your personal data
We follow strict security procedures in the storage and disclosure of your personal data, as well as to protect it against accidental loss, destruction or damage.
E. International data transfers
Through its representatives and subsidiaries, our company engages in activities in multiple jurisdictions, some of which are not in the European Economic Area (EEA). While countries outside the EEA do not always have strong data protection legislation, we require all service providers to process your data in a secure manner and in accordance with the relevant data protection laws of Greece and the European Union. To legitimize data transfers outside the EEA, we utilize the standard means provided by EU legislation.
F. Shared use of your personal data
Your personal data may be shared with our subsidiary companies.
• Government authorities, law enforcement bodies, and regulators for compliance with legal requirements;
• Banks, credit and debit card companies which facilitate your payments to us, and anti-fraud screening, which may require information about your method of payment in order to ensure the security of your transaction and payment;
• Lawyers, accountants and other professional advisers, law courts and law enforcement bodies in all the countries in which we operate, in order to exercise our legal rights which arise from our relationship with you as a customer and the sales contract that we have concluded.
G. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy. If you have any questions about the policy or how we handle your personal data, please contact the DPO at email@example.com You also have the right to file a complaint at any time with a supervisory authority.
H. Your data protection rights
Under certain conditions and in accordance with law, you have the right:
▪ To be informed about whether we hold your personal data and, if we do, what data this is and why we hold/use it.
▪ To request access to your personal data (commonly referred to as a "data subject access request"). This enables you to obtain a copy of the personal data we hold about you and check whether we are processing it in a lawful manner.
▪ To request correction of the personal data that we hold about you. This allows you to correct any incomplete or inaccurate information that we have about you.
▪ To request erasure of your personal data. This enables you to ask us to delete or remove personal data where we have no reason to continue processing it. You also have the right to ask us to erase or remove your personal data in the event that you have exercised the right to object to its processing (see below).
▪ To object to the processing of your personal data, when we are citing a legitimate interest (or the interest of a third party), by invoking an overriding legal right that you have. You also have the right of objection when we process your personal data for direct marketing purposes.
▪ To objectto automated decision-making, such as profiling, which must not be the subject of automated decision-making based on your personal data or profile.
▪ To request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example, if you want us to ascertain its accuracy or the reason why it is being processed.
▪ To request the portability of your personal data to you or to another place (commonly referred to as the right to "data portability") in an electronic and structured form. This enables you to take your data from us in an electronically useable format and transfer it to another place in an electronically useable format.
▪ To withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Upon receiving notification that you have withdrawn your consent, we will cease processing your data for the purpose or purposes you originally agreed to, unless we have another legal ground for doing so and in order to safeguard any right we may have which cannot be safeguarded by other means.
If you wish to exercise any of these rights, you must send an email to the DPO at firstname.lastname@example.org, or contact our DPO by mail at the address “AP & Generalis Law Firm”, Christou Lada 1 Str., 10561 Athens, Greece.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee in the event that your access request is clearly unfounded or excessive and will require special procedures on our part to satisfy it. Alternatively, in such circumstances, we may refuse to comply with your request.
We may need to ask you for specific details in order to be able to verify your identity and ensure your right of access to your data (or the exercise of any of your other rights). This is another important security measure to ensure that personal data is not disclosed to any person who has no right to receive it.