The safety and protection of personal data are priority for the company, which undertakes the obligation to handle them with responsibility. This Policy is an integral part of the General Terms and Conditions of the website www.e-cartabianca.gr and is integral thereto. The company may from time to time amend this Policy, in whole or in part, at its sole discretion and post this amendment on its website. Any modification hereof shall take effect as soon as the amended Policy is posted on the website. In any case, provided that the customer continues using the company's website and services after the modifications, it will be considered that he accepts these modifications unconditionally.
In different case, the user should interrupt the use of company's website and online store. This website may include links to other websites, which are found under the responsibility of third institutions (natural or legal persons) and are not governed by the present Policy. For this reason, you should always carefully review the privacy policies of each site you use. Additional websites may be added in the future; for the terms of the protection and management of personal data that apply to them the Company shall under no circumstances be held responsible.
1. DEFINITION OF PERSONAL DATA
"Personal Data": any information through which a natural person is identified or can be identified ("data subject"). "Controller": a natural or legal person, public authority, agency or other body which, alone or in conjunction with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for his nomination may be provided by Union or Member State law. "Processor": a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the "Controller", "Recipient": a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. "Subject of Personal Data": natural persons, for which the controller collects and processes personal data (in the present Policy of Data, subjects of data are the customers of the controller and the users of its website/online shop).
2. COLLECTED PERSONAL DATA & MAINTENANCE
During the user's visit to the Company's website and online store and in order to:
a) create an account for purchasing,
b) subscribe to the newsletter service of the website,
c) ensure communication with users through the contact form and chat facility provided by the website, it is possible that the Data Subject may be asked to enter personal data (such as name, surname, telephone, email address, product shipping address, etc.)
No personal data are required for the user to simply browse the online store.
i) If the user wishes to contact the Company through a contact form, he will be asked for: name, email address, telephone number and his/her message. These data shall be retained for four months after the request is completed.
ii) Provided that the user chooses to receive the Company's newsletter he/she will be asked for his/her email address to confirm his/her registration. These data shall be maintained until the user recalls his/her consent.
iii) Provided that the user chooses to register with the online store, he/she will be asked for: name, surname, email address, username and password. These data shall be maintained until the user requests their deletion.
iv) Provided that the user completes his/her order and in order to be delivered (in addition to the ones mentioned above in part iii), he/she will be asked for: landline and mobile phone number, delivery address, postal code, city and country. In the case of an invoice issue, the following shall be collected: VAT and the address of the registered office of natural persons - individual enterprises. These data shall be maintained for as long as it is necessary for the delivery of the products and for the Company's compliance with the applicable legislation (tax documents, etc.).
v) Provided that the customer so wishes, he/she may upload a photograph in order that it can be printed and displayed on the product to be received. This data will be deleted eighteen months after the order has been delivered. In this case he will be required, at the order placing, to certify that he/she has obtained the consent of the people depicted in the photograph (or their guardians in the case of people under 15 years of age).
3. PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING
The personal data collected from the Company's online store are intended exclusively for reasons relating to the Company's transactions with its customers, communication with them, improvement of the services provided and ensuring the operation of the respective service, as well as for statistical purposes and may not be used by any third party.
The legal basis of the processing is the implementation of the contract with the registered users (customers or potential customers), the legal interest of the company in promoting its products and the subject's consent in the cases where a single visitor (non-registered user) wishes to receive the company's newsletter.
4. DATA RECEIVERS AND TRANSMISSION PURPOSE
The Company shall transmit to its agents and/or subcontractors, inside and outside the EU, the absolutely necessary personal data of users of its website/clients in order to support, promote and execute the business relationship, but always under conditions that fully ensure that the personal data of the Data Subjects do not undergo any unlawful processing, that is to say other of the purpose of transmission, according to above.
These recipients shall be third party affiliates providing technical services such as hosting and technical support services of the company's website, bulk mailing companies, companies providing services for the internal organization of the company (affiliated product development companies available to online shop, shipping companies etc). The above-mentioned categories of recipients shall be contractors or subcontractors of the Company (processors or sub-processors) and as such shall not process any of the above for the purposes of transmission.
The Company shall not make available for sale or otherwise transmit or disclose the personal information of visitors/users of its website to third parties, apart from the above-mentioned, without the consent of the visitor/user, with the exception of the application of relevant legal requirements and only competent authorities. The personal data held may be disclosed to the competent judicial, police and other administrative Authorities, upon their lawful request and in accordance with any applicable laws. In addition, in case of a statutory order, service order or formal preliminary examination, the Company shall have the right to make available the relevant information without delay.
5. TRANSFER AND STORAGE OF PERSONAL DATA
The transfer of users'/customers' personal data shall take place via email and the data shall be transferred encrypted. The data shall be stored on our servers located at our headquarters in Kalochori Thessaloniki. The company shall not store and control the credit card data entered by users when making online purchases as the data are imported directly into a secure bank platform.
6. DATA SUBJECT RIGHTS
You have the right to request an overview of your personal data processed by us or on our behalf. You have the right to correct, delete or limit the processing (where applicable) of your personal data. You can exercise this right by contacting us at firstname.lastname@example.org and placing a request.
Please be aware that requests that do not meet the requirements set by applicable legislation or Company's guidelines may be re-drafted or rejected and that certain personal data may be excluded from such requests for access, correction and deletion, in accordance with applicable data protection laws and other laws and regulations. You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format and in some cases we will, at your request, forward your data to another controller if this is technically feasible.
Overall, the Company ensures that:
a. There are procedures that allow the data subjects to exercise their rights easily so that all necessary action is taken immediately.
b. It will respond to a request made by the Data Subject without undue delay and in any case no later than thirty (30) calendar days. In case a Data Subject cannot exercise his/her right, there must be a specific, sufficient and complete justification for this.
c. Except for exceptional circumstances, all actions involving data subject rights issues will be inexpensive to the subjects.
7. APPLICABLE LAW
For any dispute arising out of the use of this website, the Greek courts shall be exclusively competent.
For any questions regarding this Policy, users may contact the Company at email@example.com.
This Policy will be updated and renewed periodically in accordance with applicable national and European legislation.