PERSONAL DATA PROTECTION POLICY

With this Statement of Personal Data Protection (hereinafter "Statement") the company "PETRICHOR OE”,which has its head offices in the city of Patras, 9 AgiouAndreou str., Greece, and legally represented, (hereinafter "the Company"), lays the foundations on which it collects, uses, communicates or otherwise processes data within the operation of this website, in accordance with the provisions of European Regulation 2016/679 and Greek Legislation.

1. Controller

The company under the name "PETRICHOR OE", which has its head offices in Patras (9 AgiouAndreou), and is legally represented.

Tel: +30 210 220 8434

Contact persons:

  1. Mrs. Niki Desinioti
  2. Mrs. Smaragdo Petri

Electronic address: [email protected]

2. Personal data concept

Any information relating to an identified or identifiable natural person (‘data subject’).An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. Process of personal data concept

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Data we collect

The Company collects from the users of the website those data that are absolutely necessary and indispensable for the service of the purpose for which they were given and are used exclusively for the purposes for which they have been collected. The data is limited to what the user has provided explicitly, with his consent and for a specific purpose. We note that filling in the fields on the website is equivalent to the consent of the user to our company for the processing of the data which he gives in these fields.

The Company, and without prejudice to the case of cookies, (see in detail for this the terms of use of the website and the cookies policy, (here) collects the following personal data of the user:

  1. Identity Data: Name, surname, username, user code, or other similar ID, which you provide to us when submitting your order or during your registration, by opening an Account
  2. Contact Information: Mobile or landline telephone number, e-mail address, home or business address (country, city, street, street number, postal code) and other possible contact information, which you provide to us at the submission of the order, the opening of an Account or in the context of receiving commercial communication from our Company, or in the context of your participation in various actions of our Company (e.g. tenders, etc.).
  3. Financial data: Bank account, transaction value, credit, refunds, debit or credit card details, billing address, etc., which you provide to us either when registering for the services of the website or when ordering products for payment with electronic means, or in case of refund, which we infer from your purchases, etc. The registration of the card details, their confirmation, the commitment of the amount and the final charge, are done, after redirecting from our page, in a secure internet environment of the collaborating with our company "National Bank of Greece". The website in no case knows, nor handles and nor stores your card details.
  4. Transaction - Purchase Data: Type of purchase products, transaction value, place of delivery, time of purchase, purchase history, complaints, payment method, information required in case of product change or account re-credit such as bank account, beneficiary name, IBAN, banking institution etc., which we collect in connection with your purchase and / or from your Account.
  5. Consumer Behavior Data: Consumer preferences when browsing the Online Store, ie the items you see, your shopping cart, your interaction on Social Media (eg which products do you Like), the redemption of gifts, the frequency of purchase, manner, time of purchase, type of purchase, etc., based on your purchasing products, comments or any answers to any inquiries we may be making.
  6. Technical data: Indicatively, the source channel, the Internet Protocol (IP) address, time zone and location, input data, browser type and version, operating system and platform, and other technology on the devices you use to access our Website etc.
  7. Account Login Data: Username and password.
  8. Profile Data: Data on your interests and consumer preferences, your participation in competitions or events and your general interaction as a customer of the company.
  9. Demographic Data: Age, gender, place of residence, which are collected directly by the subject on a case by case basis or inferred from the transactions of the subjects in our Online Store, etc.
  10. Data via Cookies: Browser, IP address, products that you have placed in the cart and have not completed the purchase, the country of origin of your order, the products that you look in the Online Store, your origin from other websites.
  11. Marketing data: They include your preferences regarding the receipt of promotional material from us and third parties and your preferences for your communication with us, if we have your relevant consent, your opinion about products you bought from us.

In the event that the Company deems it necessary for the User to provide additional data, either for the present services or for any others that it will provide in the future, the present protection policy will be modified accordingly.

For more details about the information we collect through cookies, please refer to our relevant policy.

5. How we use data

The processing of User Data is carried out by the Company's staff, through computer systems and electronic devices. Exceptionally, the processing may be done by third parties, who, having contractually concluded with the Company for the maintenance of confidentiality and the protection of User Data, process them on behalf of the Company only, and exclusively for the purposes for which they have been provided for.

6. Purpose of processing

The User provides to the Company his data, which are processed for the following purposes:

  1. Receiving your orders, processing them, and shipment of the products to you.
  2. The communication with you for issues related to the sale of our products to you.
  3. The management, assessment and processing of your payments, including the security of our financial transaction.
  4. Your service by opening an account with us.
  5. The creation, storage and maintenance of a database with our clientele and its analysis.
  6. The commercial communication with you via Newsletter, SMS, or other multimedia (VIBER) that concerns news of our Company, products, offers and promotions.
  7. The analysis of your behavior and the understanding of your preferences.
  8. The understanding and analysis of the results of our advertisements and promotions.
  9. The processing of your requests, such as for example withdrawal, product replacement, etc.,
  10. The satisfaction of your rights, regarding your personal data.
  11. The security of transactions.
  12. Business analysis and improvements, such as for the marketing of our products and their optimization, for the optimization of your experience and your service by us in our Online Store, as well as for the adaptation of your experiences in our Online Store.
  13. Market research, statistical analysis, the development of marketing strategies and the management of marketing campaigns and to inform you or our partners about possible opportunities to participate in the marketing or product promotion initiatives of the company.
  14. For other purposes for which we will notify you, or they will be determined as the case may be, at the point where the information about you is first collected.

7. Legal basis for data processing

  1. The performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  2. User consent. Especially for the sending of e-mails concerning the promotion of information and advertising material, the User may at any time revoke his consent, either by contacting the Company at the information provided above, or by the option at the end of each e-mail message sent by the Company with the indication "UNSUBSCRIBE".
  3. Legitimate business interest, over which the interests you have for the protection of information do not prevail.
  4. Legal obligations of the company deriving from legal provisions (eg tax law obligations)

8. Recipients of User Data

The Company does not sell, share, rent or otherwise transfer, disclose or grants the personal data of the user to third parties, unless this is provided by a specific agreement with the user and with his explicit consent, or if required by the law.

However, the Company may use and disclose the personal data of the User, if this is necessary to defend the legal rights of the Company, including indicatively for the establishment, exercise or support of legal claims, for the defense against legal claims, whether pending before judicial authorities or not, whether it is a judicial or extrajudicial procedure.

Access to the User Data is permitted only to the absolutely necessary staff of the Company, which is committed to maintaining confidentiality and the companies that cooperate with us, which process the User Data as Co-Controllers or as Processors on our behalf and in accordance with our orders.

Indicatively, recipients of your Data are:

  1. The staff of the Company
  2. The collaborating with the Company users of our systems.
  3. The credit institutions cooperating with the Company, through which the repayment of the sale of products is made.
  4. Internet service providers for sending emails, sms, viber and so on.
  5. The cooperating courier companies

User Data will not be used for any other purpose without its prior information and consent.

9. Ensuring the protection of personal data by the Processors

Each person who performs on behalf of the Company the processing of the User's personal data has agreed and committed contractually with the Company:

  1. to maintain absolute confidentiality
  2. not to transmit User Data to any third party, if this is not provided by contract or if there is no explicit permission of the Company
  3. take appropriate security measures
  4. to fully comply with the legal framework for the protection of personal data and in particular Regulation 679/2016 / EU (otherwise GDPR).

In the performance of their duties, the Processors may employ other persons (subcontractors). In this case, the sub-processor will have the same obligations and rights as the Processors, as analyzed in this Policy and always within the framework of his assigned responsibilities, and will bear full responsibility with the Processor.

10. International transfers of personal data

The Company at this stage does not send data outside the EU for the management of purchases made through the website.

It may, however, in the future forward and process users' personal data worldwide in places where processing activities take place. Today the systems (servers) where the personal data of the users are stored are in Greece. If in the future the company deems it appropriate to cooperate with service providers outside the EU, this protection policy will be updated accordingly.

In any case, the Company guarantees that any transfer of personal data from the Company to third countries (including the United States) will take place only to countries that have legislation on personal data protection that provides an adequate level of protection as interpreted in accordance with European legislation on the protection of personal data.

Specifically for the purpose of email communication, the providers of these online services may have access to the personal data required to fulfill their obligations and are not allowed to disclose or use this information for any other purpose. These providers are bound by written confidentiality and confidentiality clauses and have adequate guarantees for the security of Customers' personal data.

To the extent that international transfer of personal data takes place, the Company will seek and receive assurances that any information it may transmit is adequately secured in accordance with the Privacy Statement and the requirements of applicable personal data legislation.

11. User Rights

Users have the following rights in relation to the use of their personal data by the Company:

Right of access: The User can submit a question to the Company whether or not his personal data is processed, as well as the type of processing performed. He may also have access to his personal data held by the Company.

Right torectification: The User can check his personal data, update it or request correction if it is incorrect or their completion if it is incomplete.

Right toerasure ("right to be forgotten"): The User has the right to request from the Company the deletion of any of his personal data, which are not necessary to the Company for the purposes for which they are collected, or in case he has revoked the consent or in case of illegal use of the data or for any other legal reason explicitly provided by the Law of the European Union or the Greek Legislation.

Right to withdraw the consent: The User can at any time withdraw his consent to the Company. This revocation does not affect the lawfulness of the processing of data, which took place on the basis of the consent for the period prior to the revocation nor the processing based on other legal grounds.

Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead 
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
  4. the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability: The User shall have the right to receive the personal data concerning him, which he has provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company.

Right to object: The User shall have the right to object, on grounds relating to his particular situation, at any time to processing of personal data concerning him.

12. How to exercise User rights

In order to exercise the above rights, the User can contact the Company at any time, by any suitable means (see contact details above).

13. Storageperiod of personal data

The Company stores the User Data only for the period of time required for the fulfillment of the purpose for which they have been provided to us and in compliance with the applicable legal provisions.

The provision of consent for sending informative and advertising material is kept for as long as the relevant messages are sent by the Company, unless the user chooses to stop sending them.

14. Security of personal data

The Company declares that it takes all necessary organizational and technical measures for the protection of User Data, with the sole purpose of security and protection against any form of accidental or improper processing.

These measures shall be reviewed and amended as necessary.

15. Applicable law - Competent Courts

This policy is governed by Greek law and is interpreted in accordance with the laws of the state of Greece. For any dispute arising from the access or use of the Company's website, it is defined and agreed that the Courts of the city of Patras are locally competent.

This policy has been written in Greek and translated into English. For any difference that arises in the interpretation between Greek and English text, the Greek will prevail.

16. Complaint about the way personal data are treated

The User has the right to file a complaint regarding the way the Company processes its personal data in:

Hellenic Data Protection Authority 

Postal Address: 1-3 Kifissias Ave., 115 23 Athens, Greece

Tel: +30 210 6475600

Fax: +30 210 6475628

E-mail address: [email protected]

Language

Website created with by Elegento