PERSONAL DATA PROTECTION POLICY
Valid From: 25 May 2018
This policy on Personal Data processing/protection (hereinafter “Policy”) informs about the collection, storage, processing and use of your Personal Data. The collection, use, and disclosure of your information is based on your consent and the provisions of General Data Protection Rule 679/2016 (hereinafter “GDPR”). Moreover it explains how we shield your information and data, ensuring reliability and confidentiality.
Our company “MARIANNA STAVROPOULOU” is committed and holds as its highest priority the protection of your Personal Data. We fully comprehend the importance of your Personal Data and we make every effort to carefully store and process the information you share with us.
This Policy describes all Personal Data, that our company collects for you, how we use and protect them, as well as all options you have about the way we use them. The Data Controller of Personal Data of the users / visitors of our website is our Company.
We acknowledge that protection of Personal Data is a constant responsibility and therefore we will update and amend this Policy from time to time. You are kindly requested to visit our website https: // www.mstavropoulou.com/ from time to time to make sure you are aware and satisfied with any amendments. In case of doubt regarding the terms of this Policy, you may contact us by e-mail at firstname.lastname@example.org.
What is Personal Data?
“Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What is Personal Data Processing?
“Personal Data Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data we collect
4.1. Full Name. We collect names (name, surname) for the proper execution of all orders either from our branch network or from our website www.mstavropoulou.com
4.2. Postal address. We collect postal address of our customers for purposes of delivery and completion of relative orders.
4.3. E-mail Address. We collect e-mail address of our customers for confirmation of relative orders and for purposes of promotion of our products.
4.4. Other Contact Information. We collect other contact information, such as our customer’s or our customers’ contact officers telephone number, in order to provide our services better and faster.
4.5. Billing Details. We collect the details of our customers that are necessary for the pricing of our services, such as Vat Number, Tax Office etc.
How do we collect your Personal Data?
We collect your Personal Data:
when you expres your interest in our services
when you make purchases from our e-shop or from our stores
when we provide our services
when you visit our website or when you subscribe to our newsletter.
We do not make your Personal Data available to anyone and we only share them with third parties that facilitate our services to you.
How do we process your Personal Data?
We only process your Personal Data as following:
6.1. For the proper execution of your order.
6.2. For the pricing of your order.
6.3. For promotion purposes such as participation in competitions or emails that we send from time to time only to those who have been subscribed to our newsletter.
In our Newsletter List we may add also those who give us their email address during our communication and express their wish to receive our newsletters / latest updates. Provided that you have given us your consent, you may receive advertising messages from us always with relevant content with the purpose of our website and according to your interests. In case you no longer wish to receive relevant promotional messages, you can either follow the deletion link contained in each email we send you or alternatively contact us at email@example.com .
Legal Basis of processing your Personal Data by our Company
7.1. The processing of your Personal Data for the sale of our products and services is essential for the overall management of your order by our company and its partners. This process includes the detection of online fraud and fraud related to modern payment instruments, the prevention and management of non-payment incidents and the maintenance of our rights in relation to our commercial activity.
7.2. The processing of your Personal Data for marketing and / or promotional / profiling purposes is based solely on your consent.
7.3. In some cases the processing of your Personal Data is essential for the purposes of our legitimate interests or for the purposes of our compliance with national and / or European laws.
How long do we keep your Personal Data?
8.1. For the purpose of proper execution of your order, we will keep your Personal Data for a reasonable period of time from the completion of the order and for the fullest satisfaction of your requests in relation to the order.
8.2. For marketing / promotional purposes, we will maintain your Personal Data throughout our contractual relationship, unless you expressly state in the meantime that you no longer wish to receive updates for these purposes.
Guarantees for protection of your Personal Data
When you provide us with your Personal Data, we take all necessary steps to ensure that they are maintained secure. In order to protect your Personal Data, we take physical, technical and organizational protection measures. We update and control our security technology on a constant basis. We strictly limit access to your Personal Data only to our employees and network stores, who need to know this Data in order to provide our services to you. In addition we instruct our employees about the importance of confidentiality and of maintaining privacy and security of your Personal Data.
When and how do we share your Personal Data?
In the context of our services, we may use third-party providers who provide services on our behalf. Thus, we may need to share your Personal Data with them only after we have informed you and we have received your explicit consent for this purpose. In any case, we only share with them only your Personal Data that is necessary for them to provide the services we ask for and we demand from them to protect your Personal Data and not to use it for other purposes.
You have the following Rights:
11.1 Right of Transparent information, communication and modalities for the exercise of your Rights(§12 GDPR), i.e. the right to be informed about the way your Personal Data is used by our Company (as stipulated in detail in this Policy).
11.2. Right of information and access to your Personal Data (§13,14 GDPR). This right is dependent on whether your Personal Data has been collected by you or not.
11.3. Right of access (§15 GDPR) to your Personal Data we have collected.
11.4. Right of rectification (§16 GDPR) of your Personal Data we have collected.
11.5. Right of erasure (‘right to be forgotten’) (§17 GDPR) of your Personal Data we have collected.
11.6. Right of restriction of processing your Personal Data we have collected (§18 GDPR).
11.7. Right to be notified regarding rectification or erasure of your Personal Data or restriction of processing of them (§19 GDPR).
11.8. Right of data portability (§20 GDPR), i.e. your right to receive your Personal Data and transmit them to another Data Controller.
11.9. Right to object (§21 GDPR) to the processing of your Personal Data by us.
11.10. Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. (§22 GDPR).
11.11. Right to withdraw your consent to us to process your Personal Data at any time (§7 GDPR). The lawfulness of processing your Personal Data is not affected by the withdrawal of your consent until the time you requested it.
11.12. Right to lodge a complaint with the Greek Personal Data Protection Authority (mailing address: 1-3 Kifissias Ave., Postal Code 115 23, Athens, Tel.: 210 6475600, email: firstname.lastname@example.org), if you believe that processing of your Personal Data by us is in violation of the applicable National and European legal and regulatory framework on Personal Data protection.
Transfers of Personal Data to third countries or international organisations
The Personal Data we collect from you is not transmitted or processed outside the European Union. If this happens, you will be informed accordingly by updating this Policy.
How can you contact us?
We will reply to your Requests without any charge and delay, and in any case within (1) one month after we receive your request. However, if your request is complex or there are a large number of your requests, we will notify you within one month if we need to take another two (2) months extension, within which we will reply.
If your Requests are manifestly unfounded or exaggerated, in particular if they are repetitive, we may choose to charge you a reasonable fee in order to cover the administrative costs incurred in providing information or taking the action requested or refuse to take any further action with a Request.
Applicable law to the processing of your Data by us
The applicable law is Greek law as shaped by the General Data Protection Regulation (Regulation (EU) 2016/679), and the applicable national and European legislative and regulatory framework on Personal Data protection.
The Courts of Athens have jurisdiction over disputes arising in connection with your Personal Data.
Amendments and Updates
This Policy was last updated on 24/05/2018. We update this Policy whenever necessary. In case of major changes in the Policy or in the way we use your Personal Data, we will post an updated version of this Policy on our website and inform you by any appropriate means. We encourage you to refer regularly to this Policy to find out how your Data are protected.