PRIVACY POLICY
(and update on the processing of personal data)
The company with the brand name “Resaikos” and with the distinctive title “Resaikos” based in Athens, 65 Andrea Papandreou Street (hereinafter “the Company” or “we” or “our”) has the status of Data Controller.
Protecting your fundamental right to the processing of your personal data is a top priority for us. The Company processes your personal data in compliance with the General Data Protection Regulation [GDPR or GDPR(*)] and any other applicable national and European legislation.
Purpose of this policy
The purpose of this policy is to inform you about:
→ the collection, storage, use, disclosure and generally processing of your personal data when you visit, register or use the Company’s website, as well as when you transact with its physical stores,
→ the processing purposes, as well as the processing method of your personal data,
→ the retention period of your personal data,
→ the measures we take to protect your personal data, and
→ the rights you have as subjects of personal data and the procedures for exercising these rights.
Definitions
The following meaning has been assigned to the following terms, within the meaning of this policy and in accordance with the GDPR:
→ “personal data”: any information concerning an identified or identifiable (**) natural person (hereinafter “personal data” or “personal data” or “data”. Personal data is information that identifies or can identify your information, such as name, postal address, email address, contact telephone number, tax registration number, etc.
→ “processing”: any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
→ “controller”: the natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data, in this case the Company.
→ “processor”: the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, in this case on behalf of the Company.
→ “recipient”: the natural or legal person, public authority, agency or other body, to which the personal data is disclosed, whether it is a third party or not.
→ “consent”: any indication of will, free, specific, explicit and fully acknowledged, by which you, as the data subject, express that you agree, by statement or by a clear positive action, for the personal data concerning you to be the subject of processing .
→ “personal data breach”: the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.
→ “website”: the website (site) princessa.store is the website of the Company, where the online store for the presentation and sale of the Company’s products and services is located (hereinafter “website” or “online store” or “website”) .
→ “social networks”: the pages maintained by the Company in the social networks (Facebook, Instagram, twitter, linkedin, etc.) in which you can become a member if you wish.
Data processing principles
We ensure the lawful processing of your personal data. In particular, we process your personal data according to the principles:
→ of legality, objectivity and transparency,
→ the restriction of the purpose of processing,
→ data minimization,
→ the accuracy of the data,
→ limiting the data storage period, and
→ the integrity and confidentiality of the data, We ensure at all times the effective protection of your personal data by taking all the required and appropriate technical and organizational measures.
Protection of minors
Our website is intended for adults. Minor users can access our services only with the consent of their parents or guardians and are not required to submit their personal information. In case of submission of such data by minors, the administrators of the website delete the relevant information. In case of submission of false personal information during membership registration, the Company bears no responsibility.
What data we collect and process and how
The personal data processed by our Company are appropriate, relevant and limited to the extent necessary for the specific purposes for which they are processed. We collect and process the following personal data:
Personal data directly from you
We collect and process the following data that you freely choose to provide to the Company:
If you register as a user and create an account in our online store resaikos.gr, entering the required information in the respective fields, in order to submit a request for an offer, to process a transaction (order, purchase of products) and to be able to contact you.
To submit a quote request or to carry out a transaction (orders, purchases) the following data is necessary: name, surname, postal address, e-mail address, landline and mobile phone number and, if you request the issuance of an invoice, status/profession, TAX ID and D.O.Y.
The provision of your mandatory personal data is a legal or contractual obligation or requirement for the conclusion of the sales contract or the provision of other services at your request, such as providing an offer for the purchase of the products selected by you.
Therefore, if you wish to purchase products from our Company, you are obliged to provide these data and any refusal by you to provide the necessary personal data makes it impossible to enter into and/or execute the sales contract.
The following personal data are kept in written form and/or by electronic and magnetic means:
→ if you register as a customer of the Company’s products and services in our physical store,
→ if you contact us by e-mail,
→ if you explicitly state that you wish to receive newsletters from us, we collect and process the data regarding your preferred way of being informed (via e-mail, sms on your mobile phone, message on social networks, messenger applications, etc. etc.)
→ if you register as a member of the social networking groups maintained by our Company in the social networking networks (Facebook, Instagram, etc.), and communicate with us through these networks, we may also store your username in these networks,
→ if you contact us via messenger applications for computers and mobile devices (skype, viber, whatsapp, facebook messenger), we may also store the username in these applications,
→ if you send your CV or expression of interest for employment or cooperation with our Company, we will keep your CV for a reasonable period of time.
Automatic data
In addition to the personal data that is necessary for carrying out transactions and communication between us, during each visit to our website, certain non-personal information is automatically collected for technical reasons about your use of our website, of which you cannot be identified (automatic data/information), such as:
→ information about the web page from which you visited our website or web pages you previously browsed or web pages displayed during your visit, the advertisements you click on, or search terms,
→ our website traffic data: the date and time you accessed our website and the sections of the website you visited or the products you viewed,
→ products and services that you prefer to choose, in order to improve the shopping experience,
→ information collected from the use of cookies in your browser.
As a general rule, we process automatic data only to the extent that this is necessary for technical reasons for the operation and protection of our website against attacks and abuse, as well as in pseudonymous or anonymous form for statistical purposes and to improve the experience of browsing our website and our level of customer service.
Third parties
We may collect and store some of your information from third parties, such as information about the delivery of products or your address from courier companies.
Image data
As long as you visit our physical stores, your image may be recorded on a video surveillance system (CCTV).
Other data
We process information related to comments, product reviews and complaints of our customers. For what purposes we collect and process your data We collect and process your personal data for the following purposes:
→ the execution and management of the contractual relationship between us (sale of products and/or provision of services),
→ the facilitation of communication between us for the best service to you. For example, we may contact you by phone or email or by other means to request clarification on your quote request or order, or to inform you of product availability, the progress, shipping and delivery of your order, the managing your debts, returning products, refunding money, providing guarantees, to answer your questions, complaints and requests, etc.
→ the Company’s compliance with the obligations imposed by the applicable European and national legislation (e.g. tax legislation, e-commerce legislation) or by a court decision,
→ the safeguarding of our legal interests, such as for the security of premises and persons in our physical stores, the prevention of fraud, the assurance of network security, the out-of-court and judicial assertion of our legal claims, → the management of user registration and the creation of a user account, in order to provide you with account functions and to facilitate the purchase of products and/or services,
→ checking, improving and adapting to your preferences and choices regarding our products and/or services,
→ protecting your account from fraud and other illegal actions,
→ ensuring safe browsing and safe transactions in our online store,
→ the processing of payments and the prevention of fraudulent transactions,
→ if you have given us your prior consent, for advertising and informational purposes (marketing), such as sending newsletters about offers, promotions and other commercial communications about our products and services, or to conduct our customer satisfaction survey, or web push notifications.
→ the evaluation of applications and resumes for the purpose of recruitment to our Company.
Lawful bases for processing your personal data
The processing of your personal data by the Company is based on one or more of the following legal bases:
(a) Performance of contract: processing is necessary for the purposes of entering into and performing the contract of sale or provision of services between us.
(b) Fulfillment of a legal obligation: the processing is necessary to comply with a legal obligation of the Company, as derived from the applicable legislation, European and national, governing our operation (such as tax legislation, e-commerce legislation, consumer protection legislation , etc.)
(c) Safeguarding your vital interest as data subjects.
(d) Fulfillment of the Company’s legitimate interests: such as the protection of persons, facilities and goods within our physical stores, as long as these obviously override your rights, and the processing is absolutely necessary for the fulfillment of these interests. In this context, we use closed circuit television (CCTV) and security cameras in physical stores.
* In certain cases, we collect your Data in a way that is reasonably expected as part of the operation of our business and that does not materially affect your rights, freedom or interests.
(e) Establishment, exercise or support of legal claims of the Company, judicially and extrajudicially.
(f) Consent: When the processing of the data is not based on any of the above legal bases or when consent is required by law, the processing will take place if your written, express and free consent has been previously granted (for example for sending newsletters”). You can withdraw your consent at any time with future effect.
Recipients of your personal data
The processing of personal data is carried out either by the specially authorized staff of the Company, or through IT systems and electronic devices by the Company and exceptionally by third parties.
The Company shares and communicates to third parties only the personal data absolutely necessary each time for the provision of the specific services by them. Specifically, we share the necessary data with:
Third party service providers/affiliated companies or professionals/suppliers who process personal data on behalf of the Company, and act as processors.
Examples include: providers of IT services (management and maintenance of information systems) and technology, management and maintenance of our data, website hosting, advertising/promotion (marketing), research and analysis, sending emails and sms, customer service services, banking companies ( for credit card and payment processing), postal service providers, couriers and transport, tax or legal advisors.
The aforementioned processors on our behalf process the data in accordance with our instructions, have all the responsibilities provided for by law and provide sufficient assurances for the implementation of appropriate technical and organizational measures, in such a way that the processing meets the requirements of law and to ensure the protection of your rights. In particular, the processors on our behalf have agreed and contractually committed to the Company: to use the data only for
specific purposes specified in their contract with us, to ensure the confidentiality of the data, not to share or transmit data without the permission of the Company, to comply with the legal framework for the protection of personal data and, in the event of an interruption between us contractual relationship, to immediately delete the data they hold or make it anonymous.
Other third parties, to the extent required for the following purposes: (a) if required by public authorities and judicial, prosecutorial and police authorities in the event of claims being made or criminal acts being committed, or if required by applicable legislation, (b) for the prevent illegal uses of our website or violations of our Website Terms of Use and our policies, (c) for our own protection against third-party claims, and (d) to assist in the prevention or investigation of fraud (e.g. . Cyber Crime).
Transmission of personal data
The personal data we collect and process are stored in Greece and possibly in other countries within the European Economic Area (EEA), as long as they are established within the EEA. our suppliers or service providers. In the event that it is necessary to transfer your data to other countries outside the EEA, we will ensure that your personal data will be protected in the same way as it would be within the EEA.
Period of retention of your personal data
Your personal data is processed and retained only for the period of time required to fulfill the purpose for which it is collected and processed, unless a longer data retention period is required by applicable law.
Indicative:
We keep your personal data for as long as you maintain a user account in our online store. If you cancel/delete your account, without having made any purchase, the personal data relating to your registration on our website will be deleted within a reasonable time and in any case within three (3) months from the cancellation of your account .
Your personal data related to product purchases is kept for five (5) years from your last purchase. They may also be retained for a longer period of time if required to comply with legal obligations imposed by law, such as tax law, commercial law, etc. In case of legal claims, the data will be kept until the issuance of an irrevocable court decision.
Personal data that we process with your consent (e.g. for informational, advertising, product promotion purposes) is retained until your consent is withdrawn. Your declaration of consent is kept for as long as newsletters are sent and up to six (6) months from the cessation of sending newsletters.
After the necessary storage time, your personal data will be completely deleted or anonymized, i.e. aggregated with other data so that they can be used in a non-identifiable way for statistical analysis and business planning.
The data collected with the use of cookies are kept only during the user’s access (user session).
Resumes/recruitment applications to the Company are retained for six (6) months from the filling of the position/or the sending of the resume, unless you grant your consent to their retention for a longer period in order to be informed of any new jobs.
Image data from the operation of CCTV and cameras in our physical stores is destroyed in fifteen (15) working days, as long as the capture of stored images or real-time capture does not result in the occurrence of an event.
Protection of your personal data
The Company implements the most advanced security systems and procedures and takes all appropriate organizational and technical measures for maximum security and protection of your personal data from any form of accidental or unlawful processing. At regular intervals we test, assess and evaluate the effectiveness of all the technical and organizational measures we apply and adapt them as necessary to the prevailing standards of technology.
Website certification – encryption
The website/e-shop resaikos.gr uses the Security Layer Transport (TLS) 1.2 encryption protocol to ensure secure online commercial transactions (key exchange: ECDHE_RSA with P-256, cipher: ES_256_GCM). Through this standard, your personal data is kept secure through encryption, while ensuring that no third party can monitor or hack or change messages when servers and clients communicate.
Restrict access to data
The Company takes all the necessary security measures so that access to your personal data is not allowed within the Company except to competent and appropriately authorized persons in the context of their duties and only for the purposes of processing. In this context, anyone who has access to your personal data is committed to respecting the confidentiality of your data.
Security in case of data transfer
As detailed above in the “Data Recipients” section, the Company always ensures the protection of your data in case of sharing, transfer or transmission of your data.
Your rights
As a data subject you have the following rights:
Right to information: Right to full, transparent, easily accessible and understandable information about the processing of your personal data.
Right of access: Right to receive from the Company confirmation as to whether or not the personal data concerning you is being processed, and if this is the case, the right to access the data and information of the processing.
Right to rectification: Right to demand from the Company without undue delay the correction of any inaccurate personal data and the completion, among other things, through a supplementary statement of any incomplete personal data concerning you (e.g. change of address). In any case, as long as you maintain a user account, you can log in to it and make any correction/change without the need to submit a request.
Right to erasure: Right to require the Company to proceed without undue delay to the erasure of personal data concerning you, provided that the specific conditions provided for by the GDPR are met (Article 17 GDPR).
Right to object: Right to object, at any time, to the processing of personal data concerning you for reasons related to your particular situation. In this case, the Company will no longer process the personal data, unless it demonstrates that there are compelling legal reasons for the processing of such data, which override your interests, rights and personal freedoms or for the establishment, exercising or supporting legal claims of the Company.
Right to data portability: If the processing is carried out by automated means, the right to receive the personal data concerning you, and which you have provided to the Company, in a structured, commonly used and machine-readable format, as well as the right to transmit , if this is technically possible, the data in question to another controller without objection from the Company.
Withdrawal of your consent: In the event that the processing of your personal data is based on your prior consent, you may at any time withdraw your consent with future effect (i.e. the withdrawal of consent acts only for the future and does not affect the legality of processing based on your consent during the period until its withdrawal). As long as you maintain an account on our website, you can withdraw your consent to no longer receive communications from us for advertising, informational and promotional purposes (newsletters), by sending an email to resaikos@resaikos .gr.
Right to complain: If you consider that your personal data has been processed in a way that violates the GDPR and the principles provided for herein, you have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr).
Exercising your rights
In the context of exercising the above rights, the Company undertakes the obligation to satisfy these rights as soon as possible and in any case within one (1) month from the receipt of your relevant written request. This deadline can be extended by two (2) more months, if necessary, due to the complexity or number of applications. In this case, you will receive information from us about the extension in question within one month of receiving the request, as well as the reasons for the delay.
If the request is made by electronic means, the information shall be provided, if possible, by electronic means.
If we do not act on your request, we will inform you, without delay and no later than one month after receiving the request, of the reasons why we did not act and of the possibility of filing a complaint with a supervisory authority and taking legal action.
If you make a request, we will ask you to verify your identity. If you authorize a third party to make a request on your behalf, we will require written authorization from you to do so.
Cookies
Our website may use cookies to:
→ the optimal functionality of the website
→ improving the experience of the visitor/user while browsing it, → the measurement of website traffic
→ improving the overall quality of the Company’s products and services, for statistical and promotional reasons (marketing)
Delete cookies
You can delete cookies stored on your computer, for example:
→ in Internet Explorer (version 11), you must delete the cookie files (instructions on how to do this are available at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie= ie-11).
→ in Firefox (version 36), you can delete cookies by selecting “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, selecting “Show Cookies” and then selecting “Remove All Cookies”
→ in Chrome (version 41), you can delete cookies by selecting the menu “Customise and control” then “Settings”, “Show advanced settings” and “Clear browsing data” and then selecting “Cookies and other site and plug-in data” before selecting “Clear browsing data”.
Deleting all cookies will have a negative impact on the use of the website and you will not be able to use all its functions.
Automated Decision Making/Profiling
We do not perform automated decision-making or profiling.
Links
The resaikos.gr website contains links to other websites. This privacy policy only applies to data collected from our website/website and we are not responsible for the privacy practices of those websites.
Policy Update
This policy was last modified on November 2, 2020. From time to time this policy will be modified and updated when and as required by applicable national and European legislation, without prior notification to users.
We therefore recommend that you check this page regularly for any revisions to this policy.
Η χρήση του δικτυακού τόπου/ηλεκτρονικού καταστήματoς μας δηλώνει την ανεπιφύλακτη αποδοχή των όρων της παρούσας πολιτικής απορρήτου.
Contact
For any issue regarding the processing of your personal data and the exercise of your rights, you can contact us at 210 681 1455 and at the email address: [email protected]
(*) European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 “on the protection of natural persons against the processing of personal data and on the free movement of such data and the repeal of Directive 95/ 46/EC”.
(**) An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as a name, an ID number, location data, an online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person in question.