Preamble
In the Company "SPANOUDAKI GEORGIA - manufacture and trading of jewelry", which also belongs the online store https://georgiaspanoudaki.com, hereinafter referred to as "THE COMPANY", we are committed to protecting and respecting your privacy. The observance of the Privacy Policy ("policy") of Personal Data ("PD") determines the basis on which PDs are collected for you.
The policy has been developed based on the protection of PDs and taking appropriate organizational, technical and legal measures. PDs are provided to us by you, with your free consent directly, with the sole purpose of supplying, invoicing and shipping the items you have ordered. The policy is intended to help you understand why we collect your personal data and how we use them. Please take time to read it carefully.
Information and PD that we collect on you
We collect information and PD from you, which you provide with your free consent directly, through the online store of the Company https://georgiaspanoudaki.com, either in person with a physical presence in our store or by phone.
According to the Greek legislation in order to provide the best service for you and process your orders we are obliged as a company to process data, including the following, which could contain PD or be considered PD:
1. To create a member account
PDs are collected when you create an account on the online store website https://georgiaspanoudaki.com. When creating an account you may be asked for more details, however they will be the minimum required for the conclusion and execution of the contract, for this reason they will have the mandatory field marking.
2. To send your orders
In order to send your orders either as a registered member or as a regular visitor, we need at least the following: name, home and/or work address, e-mail address, telephone numbers (landline or mobile).
In case you wish to issue an invoice for your purchases, you will be asked for additional information based on Greek legislation.
3. For our communication with you and for your best service
We may need to contact you, via email or telephone, for clarification and management reasons, such as the progress of your shipments, the management of your complaints and more generally for your best service.
In addition we inform you that:
· When you visit our website, your device browser provides us with information such as your current IP address, browser type, access time and pages of our website that you visit, which are collected and used in order to compile statistical data. This information can be used to help us improve our website, the services we offer and to design new services for you.
· We may use cookies and similar technologies to help provide the data of our website and to offer you a personalized user experience in accordance with your needs and requirements. In this case you have the option to not accept the suggested cookies.
Purposes of processing
We process PD for the following purposes:
· Processing of orders
· Change of unwanted items
· Replacement/repair of defective items
· Promotional and informational actions for our products only with your explicit consent
Legal basis of the processing
The laws, regulations and guidelines governing the processing of PD in the case of the online store are as follows:
· Directive 2000/31/EC, Presidential Decree 131/2003 (On electronic commerce)
· Law 2251/1994 (On consumer protection for distance selling)
· ΕΕ Regulation EU/679/2016 (GDPR)
· Law 4624/2019 (Implementing measures of Regulation EU/679/2016)
· Law 4537/2018 (Payment services and other provisions)
Based on the above legislation, we inform you that the legal basis for the processing of PD is your free consent.
PD Security
THE COMPANY is committed to take all measures possible in order to protect your PD. For this reason we use a variety of security technologies and procedures for the protection of PD from unauthorized access and use. Please take into account, however, that no physical or electronic security system is completely safe. We cannot guarantee the complete security of our databases, nor can we guarantee that the information you provide to us via the Internet may not be intercepted. However, we are committed to continuing to review and improve our security policies and implement additional technical and organizational security measures, when such new technologies become available.
The transmission of information via the Internet is not completely secure and may include the transmission of data to countries outside the European Union. This is due to the use of cloud solutions for web hosting, email hosting or exclusive software solutions which have been delivered to us via the Cloud. However, in any case we do not allow third parties to use your PD for their own purposes. While we will take all possible measures to protect your personal data, we cannot guarantee the security of your personal data which are transmitted to us. Consequently, any transfer of PD is at your own risk. Once PD are obtained, we take the necessary security measures in order to avoid unauthorized access.
Retention Period of PD:
· The period of time which PD is retained at THE COMPANY is specified by the provisions of Greek tax legislation.
· PD that are necessary for the conclusion or execution of the contract between us (order contract) are kept throughout the duration of the contract and 5 years after its expiration or more if requested by the competent financial authority or required by provisions of the applicable legal framework. In case of claims, these data are kept until an irrevocable court decision is issued.
· When you create an account, we keep your PD until you ask us to delete or modify them.
Transfer of PD:
We ensure that your PD is processed legally, which is restricted within THE COMPANY, while ensuring their confidentiality. We are committed to non-transfer your PD to third parties other than those required by law or you have already given your consent or specifics PD requested by courier services, postal services or delivery services in order to secure and timely delivery of your orders.
However, we may disclose your information to business associates, who act as processors on our behalf, to the extent that the aforementioned processing purposes are served and provided that, under our contractual commitments, confidentiality is maintained to protect PD, the service of the legal interests of our company and with the right to control them.
Your rights:
a) To know what personal data we hold and process, their origin, the purposes of their processing, as well as the time of keeping them (“right to access”).
b) To request the correction and /or completion of your personal data so that it is complete and accurate (“right to correct”). You must provide any necessary documentation from which the need for correction or completion arises.
c) To request a restriction on the processing of your data (“right to restrict”).
d) To refuse and / or object to any further processing of your personal data that we hold (“right to object”).
e) To request that we transfer your personal data that we hold to any other processor of your choice (“right to transfer data”).
f) Submit a complaint to the Hellenic Data Protection Authority (www.dpa.gr), if you consider that your rights are violated in any way (“right to complain to the Authority”).
g) Request the deletion of your personal data from the files we keep (“right to be forgotten”).
In connection with the exercise of your above rights, the following are noted:
· THE COMPANY has in any case the right to refuse the satisfaction of your requests for restriction of the processing or deletion of your personal data or your opposition to the processing, if the processing or keeping of the data is necessary for the establishment, exercise or support of legal rights of our company or the fulfillment of our obligations.
· The exercise of the right to transfer data does not imply the deletion of your data from our files, which is under the terms of the immediately preceding paragraph and the conditions of the Regulation.
· The exercise of the above rights is valid for the future and does not concern data processing already performed.
Statement
By using the services of the online store https://georgiaspanoudaki.com and providing your consent, you responsibly declare that you are over 16 years old. If you are under 16 years old, you may use our website only with the consent and under the supervision of your parents or guardians, without obligation to submit personal data.
Data Controller
Data Controller is the COMPANY "SPANOUDAKI GEORGIA - manufacture and trading of jewelry ", as it is legally represented.
For the exercise of your above rights in accordance with European and Greek legislation and the restrictions defined in them, you can contact electronically at the e-mail https://georgiaspanoudaki.com or in writing at the address of THE COMPANY (57 Chrysanthou Episkopou Street, Chania, PC 73100).
Policy changes
We reserve the right to change this policy by applying newer provisions of European and Greek legislation and at our discretion. If we make any changes, we will record these changes here so that you can have immediate access.