Privacy Policy

The Company is the data controller of the personal data (e.g., information that identifies a specific person, such as full name or email address) that we collect from and about you through the Company’s website, which is processed in accordance with the terms of this Privacy Policy.
This Privacy Policy, as well as our Cookie Policy, applies to all users, including those who use the Company’s website without registering and those who have registered.
As stated in our Terms of Use, our Company’s website is intended for a general audience, it is not directed at children, and it does not knowingly collect personal data from children under the age of 16.

a. Registration data / transactions via our online store, i.e., the information you submit to register on the Company’s website, for example, to create an account, post comments, subscribe to a newsletter, or participate in a contest. Registration information may include, for example, your first and last name, email address, country, postal code, contact phone numbers, etc. Details of transactions made through our online store. Additionally, we may collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you have made, products added to your cart, coupon redemptions, websites you visit, and how and when you contact us.

b. Public data and posts consist of public comments, feedback, product reviews, or content that you post on the Company’s website and your personal data accompanying such posts or content, which may include your nickname, username, comments, likes, status, profile information, and photo. In the case of feedback, your entire or part of your comment will be published along with your first name and country. Public information and posts are always public, meaning they are available to everyone and may appear in search engine results on external search engines.

c. Activity data. When you access the Company’s website, we may collect certain information regarding those visits. For example, to enable your connection to the Company’s Services, our servers receive and record information about your computer, device, and browser, possibly including your IP address, country code, and telephone code where your computer is located, browser type, and other software or hardware information. If you access the Company’s website from a mobile or other device, we may collect a unique device identifier assigned to that device, geolocation data, or other transaction details for that device. Cookies and other performance and error tracking technologies. For more information, please refer to our Cookie Policy.

d. Information from other sources. We may supplement the information we collect with information from other sources, such as publicly available information about your online and offline activities from social media services and commercially available sources.

 

We do not collect:

a. Financial information from any payment service provider: In some cases, we may use an unrelated payment service to enable you to purchase a product or make payments (“Payment Service”). If you choose to purchase a product or make a payment through a Payment Service, you will be directed to the Payment Service’s website. Any information you provide to a Payment Service will be subject to the Payment Service’s privacy policy and not this Privacy Policy. We have no control over and are not responsible for any use by the Payment Service of the information collected through any Payment Service.

b. Sensitive information: We ask that you do not send or disclose sensitive personal data (such as social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or membership in trade unions) on or through the Company’s website or otherwise.

c. Linked services

Finally, the Company’s website may also link to websites, including social networking sites, operated by non-affiliated companies, and may feature advertisements or offer content, functionality, games, newsletters, contests, or applications developed and maintained by non-affiliated companies. The Company is not responsible for the privacy practices of non-affiliated companies, and once you leave the Company’s website or click on an advertisement, you should review the applicable Privacy Policy of the other service.

We use the personal data we collect from and about you for the following purposes:

1. To provide you with the Company’s Services and Features,
2. To measure, analyze, and improve the said Services and Features of the Company,
3. To enhance your experience through the Company’s website by providing content that you may find relevant and interesting,
4. To provide you with customer service and respond to your inquiries,
5. To protect the rights of the Company and others. For example, there may be instances where the Company may use your personal data, including instances where the Company believes in good faith that such processing is necessary for: (i) protecting, enforcing, or defending the legal rights, safety, or property of the Company or its employees, agents, licensors, and suppliers (including enforcing our agreements and terms of use), (ii) protecting the safety, privacy, and security of users of the Company’s website or the public, (iv) protecting the Company, as well as other involved third parties, such as the Company’s suppliers, from fraud or for risk management purposes,
6. For compliance with applicable laws or legal processes and/or to respond to requests from competent authorities,
7. To complete a corporate transaction, such as a proposed or actual reorganization, the entry of a new partner, the sale, assignment, transfer, or other disposition of all or part of the business’s operations, assets, or stock (including any bankruptcy or similar proceedings),
8. To send you, with your prior consent, commercial communications tailored to your interests and needs via the communication methods mentioned above.

We may use anonymized data or data that no longer personally identifies you, even indirectly (e.g., statistics), for any purpose or share it with third parties.

The following is an explanatory table:

 

Purpose of Processing	Legal Basis	Voluntary or Necessary Provision of Personal Data
Section 3.1 / Provision of Company Services	Contract Performance	Provision is necessary. Failure to provide would make it impossible for us to provide our Company’s services
Section 3.2 / Measurement, analysis, and improvement of Company Services	Contract Performance	Provision is necessary. Failure to provide would result in problematic services
Section 3.3 / Improvement of user experience	Contract Performance	Provision is necessary. Failure to provide would result in problematic services
Section 3.4 / Customer service	Contract Performance	Provision is necessary. Failure to provide would make it impossible for us to provide our Company’s services
Section 3.5 / Protection of Company and third-party interests	Contract Performance	Provision is necessary. Failure to provide would make it impossible for us to provide our Company’s services
Section 3.6 / Compliance with legal obligation	Legal Obligation	Provision is necessary. Failure to provide would make it impossible for us to provide our Company’s services
Section 3.7 / Corporate transaction	Legitimate Interest	Provision is not mandatory. You can exercise your right to object to the processing, but the Company may continue to process your data if there are compelling legitimate grounds that override your interests or for legal defense purposes
Section 3.8 / General marketing	Consent	Provision is voluntary. You can exercise your right to withdraw your consent at any time without consequences, except that you will stop receiving commercial communications
Section 3.9 / Targeted marketing	Consent	Provision is voluntary. You can exercise your right to withdraw your consent at any time without consequences, except that you will stop receiving commercial communications

Your personal data is processed both electronically and manually and is protected with appropriate security measures, taking into account the latest technology, the cost of implementation, and the nature, scope, context, and purpose of the processing, as well as the varying likelihood and severity of risks concerning the rights and freedoms of individuals. Specifically, the Company uses appropriate administrative, technical, personnel, and physical measures aimed at protecting the personal data in its possession from loss, theft, and unauthorized use, disclosure, or alteration.

The Company may share your personal data for the purposes mentioned in Section 3 above with the following categories of recipients, located either within the European Union or outside the European Union, in accordance with and within the limits of the provisions of the section below:

1. Third-party service providers who are tasked with processing activities and, when required by applicable laws, are duly appointed as processors (e.g., cloud service providers, service providers who operate or support the Company’s website, and therefore, for example and without limitation, companies providing IT services, experts, consultants, and lawyers).
2. Affiliated companies in their capacity as data controllers or data processors.
3. Competent authorities for the purposes of compliance with applicable laws.

Data may be transferred to countries both within and outside the European Economic Area (EEA). The European Commission has recognized that certain non-EEA countries provide an adequate level of data protection according to EEA standards. The full list of such countries is available at the address: http://ec.europa.eu/justice/data-protection. For transfers from the EEA to countries not considered safe by the European Commission, we have implemented appropriate and adequate safeguards aimed at protecting your personal data and ensuring that the transfer of your personal data complies with applicable data protection laws, such as the standard contractual clauses approved by the European Commission pursuant to Articles 45 & 46 of Regulation (EU) 2016/679 on data protection (the “General Data Protection Regulation“).

You have the right, at any time, to:

1. Receive confirmation as to whether your personal data exists and be informed of its content and origin, verify its accuracy, and request its correction, update, or modification.
2. Request the deletion, anonymization, or restriction of the processing of your personal data that has been processed in violation of applicable law.
3. Object to the processing, in all cases, of your personal data for legitimate reasons.

You can send your request to the address listed in Section 11 below. In your request, please include your email address, name, address, and phone number, and clearly specify the information you wish to access, change, update, remove, or delete.

Please note that even after you cancel your account, or request the deletion of your personal data, copies of certain information from your account may remain visible in some circumstances, such as when retaining such copies is necessary for compliance with legal obligations or for legal defense purposes. Due to the nature of caching technology, your account may not be immediately inaccessible to others. We may also retain backup information related to your account on our servers for some time after your cancellation or request for deletion, for purposes of compliance with applicable law.

We also give you the option to withdraw your consent regarding the receipt of electronic communications from us. If you no longer wish to receive marketing-related emails from us, you can opt out of receiving such emails by following the unsubscribe instructions in our communications or simply by changing your preferences in your user profile settings if you are a registered user or through the consent management tool available on our website if you are not a registered user. You can also send a request to the address listed in Section 11 of this Privacy Policy.

In all of the above cases, we may contact you to request further information necessary to properly process your request. Additionally, the additional rights described in Section 9 below apply from May 25, 2018.

Since May 25, 2018, the General Data Protection Regulation (GDPR) has come into effect, and the following provisions apply:

A. Retention periods applicable to your personal data

We will retain your data only for the period necessary to fulfill the purposes for which the data was collected as described in this Privacy Policy. In any case, the following retention periods apply with respect to the processing of your personal data for the purposes mentioned below:

• Data collected for the purposes mentioned in Section 3, points 1 to 7 of this Privacy Policy, will be retained during the provision of the Company’s Service and for the duration of the limitation period according to the applicable law after the Service has ended.
• Data collected for the purposes of Section 3, point 8, will be retained in a form that allows identification of data subjects only for the period necessary for the purposes of processing personal data. Personal data may be stored for longer periods if it is processed solely for archival purposes in the public interest, for scientific or historical research, or for statistical purposes, in accordance with Article 89, paragraph 1 of the General Data Protection Regulation, and provided that appropriate technical and organizational measures required by this Regulation are implemented to safeguard the rights and freedoms of the data subject (“storage limitation”).
• Data collected for the purposes of Section 3, point 9, will be retained in a form that allows identification of data subjects only for the period necessary for the purposes of processing personal data. Personal data may be stored for longer periods if it is processed solely for archival purposes in the public interest, for scientific or historical research, or for statistical purposes, in accordance with Article 89, paragraph 1 of the General Data Protection Regulation, and provided that appropriate technical and organizational measures required by this Regulation are implemented to safeguard the rights and freedoms of the data subject (“storage limitation”).

At the end of the retention period, your personal data will be deleted.

B. Additional rights

In addition to the rights mentioned in Section 8 of this Privacy Policy, and following the implementation of the General Data Protection Regulation, you will also have the right, at any time, to:

1. Request that the Company restrict the processing of your personal data in cases where:
   • You contest the accuracy of the personal data until we take the necessary steps to correct or verify its accuracy,
   • The processing is unlawful, but you do not want us to delete your personal data,
   • We no longer need your personal data for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims, or
   • You have objected to the processing for legitimate interests, pending verification of whether the Company has compelling legitimate grounds to continue processing.
2. Object to the processing of your personal data.
3. Request the deletion of your personal data without undue delay.
4. Receive an electronic copy of your personal data if you wish to transfer the personal data you have provided to us, either to yourself or to another provider (“data portability”) when the personal data is processed by automated means, and the processing is either (i) based on your consent or (ii) necessary for the performance of the Company’s Service.
5. Submit a complaint to the competent data protection supervisory authority.

The Company may amend or update this Privacy Policy for any reason (including, but not limited to, changes in applicable law and its interpretations, rulings, opinions, and orders related to such applicable law).

If you have any questions regarding data protection laws or believe that your rights may have been violated, you can contact the Hellenic Data Protection Authority at 1 Kifissias Avenue, Athens, Postal Code 11523, phone number +30 2106475600, or via the website www.dpa.gr.

If you have any questions regarding this privacy policy, please contact our company’s Data Protection Officer, Ms. Tatiana Tsardaka, by phone at +30 2271022666 or via email at [email protected].