PRIVACY POLICY
This privacy statement informs you about how we treat your personal data as a customer, potential customer, visitor or use of the Website and provides information about your privacy rights and how you are protected by law. We are responsible for the collection, management and processing of your personal data.
Definitions
Personal data is information that can be related to a person. The data are considered personal if the person concerned can be identified, directly or indirectly. Relevant examples are the person’s name, ID number, date of birth, location data and contact details. Data from which identification information has been removed (anonymous data) is not included.
Sensitive personal data or specific categories of data are data such as: religious, ideological, political views or practices, information on health, gender or biometrics, race and ethnic origin, administrative or criminal records or sanctions.
Profile formation: is any form of automated processing of personal data in which personal data is used to evaluate specific personal characteristics associated with a person.
A data subject is a natural person with whom personal data is linked.
Data processing / processing is any activity, act or series of operations carried out on personal data or sets thereof, regardless of the process and means (automated or not) applied, such as collection, registration, organization, structure, storage, adaptation or alteration, retrieval, retrieval of information, use, revision, transmission disclosure, dissemination or any other form of distribution,
or correlation or combination, interconnection, exclusion, deletion, archiving, viewing and destruction of personal data.
A data file is any structured set of personal data that is accessible in such a way that it is possible to identify that person from the data.
Disclosure means the ability to make personal data accessible.
Responsible for processing is the natural or legal person who decides on the purpose and means of processing personal data.
The processor is the natural or legal person who processes personal data on behalf of the data controller.
1.2. For any clarification regarding this privacy statement, including any request for exercise of your legal rights, please contact us at the following contact details.
Our full details are:
General partnership with the name “PAPADAKI BROS OE”, e-mail address: [email protected] Postal address: Gravias, no. 29, post code 54645 Thessaloniki, Greece.
2. Changes to the privacy statement and your obligation to notify us of changes
This version was updated on 23.04.2021. This statement supersedes all previous disclosures we may have made in the past regarding our information practices. We reserve the right to change this statement and to make any changes to the information previously collected, in accordance with the law. If there are significant changes to this statement or our information practices change in the future, we will notify you by posting the changes on our website. It is important that the personal data we hold about you is accurate and valid. We hereby ask you to us
you inform in case your personal data changes during your relationship with us.
3. Categories of information we collect
We reserve the right to collect, process, store and transfer various types of personal data about you, which we have grouped as follows:
· Identity data: includes first name, last name, username or similar identifier.
· Contact details: include billing address, delivery address, email address and landline and / or mobile phone numbers.
· Financial data: includes bank account and payment card details.
· Transaction data: includes details about payments to and from you and other items of products and services you purchased from us.
Technical data: includes Internet Protocol (IP) address, login details, browser type and version, time zone and location, additional browser types and versions, operating system and platform, and other technology on the devices used to access it the site.
· Profile data: includes your username and password, purchases or orders made by you, your interests, preferences, comments and responses to inquiries.
· Usage data: includes information about how you use our website, our products and services.
· Marketing and communication data: includes your preferences regarding the receipt of promotional materials from us and third parties and your preferences for your communication with us.
4. How we collect your information
We collect personal data about you every time you use our services (whether the services are provided directly by us or by other companies acting on our behalf), when you visit one of our physical stores, when you use our websites or when you order by phone.
5. Why we process your information
We will only process your personal data when the law allows it. In general, we will only use your personal data:
In case we have to execute the contract that we are preparing to conclude or have already concluded with you.
Where necessary for our legitimate interests (or the interests of a third party) and your interests and fundamental rights do not prevail over those interests.
In case we have to comply with a legal or regulatory obligation.
When you have given us your explicit consent to do so.
In general, we do not rely on your consent as the legal basis for the processing of your personal data except in cases where we send you promotional updates or when we process specific categories of personal data. You may withdraw your consent to send promotional updates at any time by contacting us using the contact details listed in paragraph 1 above.
6. Purposes for which we will use your personal data
We describe below in the Table all the ways in which we intend to use your personal data and on what legal bases we base our actions. We also describe depending on the situation what our legal interests are.
We reserve the right to process your personal data for more than one legal reason depending on the specific purpose for which we use your data. You can contact us in case you need clarifications for the specific legal reason on which we rely in order to process your personal data when in the following table we describe more than one reason.
For your registration as a new customer (s) Identity
(b) Contact Concluding a contract with you
To process and deliver your order, including:
(a) Management of payments, fees and charges
(b) Collection and recovery of funds owed to us (a) Identity
(b) Contact
(c) Financially
(d) Transaction
(e) Marketing and Communications (a) Concluding a contract with you
(b) Necessary for our legal interests (to recover debts to us)
To manage our relationship with you, including:
(a) Notifications of changes to the terms and conditions or the privacy statement
(b) Ask you to critique or participate in an (a) Identity survey
(b) Contact
(c) Profile
(d) Marketing and Communications (a) Signing a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legal interests (for updating our records and examining the way customers use our products / services)
To give you the opportunity to participate in a draw, contest or to complete an Identity Questionnaire (s)
(b) Contact
(c) Profile
(d) Use
(e) Marketing and Communications (a) Concluding a contract with you
(b) Necessary for our legitimate interests (to examine how customers use our products / services, to develop them and to expand our activities)
To manage and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data retention) (a) Identity
(b) Contact
(c) Technical (a) Necessary for our legitimate interests (for the management of our business, the provision of management services and information technology, network security, fraud prevention and in the context of business reorganization)
(b) Necessary to comply with a legal obligation.
To deliver relevant site content and ads to you and to evaluate and understand the effectiveness of the ads we display (a) Identity
(b) Contact
(c) Profile
(d) Use
(e) Marketing and Communications
(f) Technical (b) Necessary for our legitimate interests (to examine how customers use our products / services, to develop products and services)
Based on the consent regarding direct promotions and in order to develop our activities and update our promotion strategy.
To use data analysis tools to improve the website, products / services, our customer relationships and their experiences (a) Technical
(b) Use Necessary for our legitimate interests (to classify customers into categories for our products and services, to keep our site up to date and relevant, to grow our businesses and to update our promotional strategy)
To make suggestions to you about goods or services you may be interested in (a) Identity
(b) Contact
(c) Technically
(d) Use
(e) Profile Based on your explicit consent. In this case, PAPADAKI BROS OE reserves the right to apply automated procedures in order to analyze your behavior and preferences, in order to identify and suggest services and goods that may be of interest to you.
7. Change of purpose
We will use your personal data only for the purposes for which we collect it, unless we reasonably believe that we will need to use it for another purpose and that reason is compatible with the original purpose. If you would like to receive explanations as to whether the editing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you to explain the legal basis that allows us to do so.
8. Third party connections
Our site may include links to third party sites, discrete embedded web pages (microsite), add-ons and applications. By selecting or activating these links you grant the right to third parties to collect or share data about you. We do not control the websites of third parties and we are not responsible for their own privacy statements, while in case of additional services provided to you by third parties through the booking process, you should know that PAPADAKI BROS OE. may be the executor of the processing on behalf of these third parties. Therefore, whenever you use these links or microsite or when you leave our site, we suggest that you read the privacy statement of these third parties.
9. Data Cookies, web beacons and other similar technologies
Our website uses “cookie” and “web beacon” technologies. We use cookies and web beacons to be able to distinguish you from other visitors, to record your IP address and the way you use our website and to identify the website from which you connected to our website. A cookie is a small data file that is placed on your computer’s hard drive when you visit a website A session cookie expires as soon as you complete your session ( when you close your browser). A “permanent cookie” stores information on the hard disk so that when you complete the session and return to the same site at a later time, the cookie information is still available. A web beacon is a small piece of code that represents a clear graphic image and is used in conjunction with a cookie.
When you visit our website, we reserve the right to use both a session cookie and a permanent cookie. This cookie placed by PAPADAKI BROS OE Its website may contain information (such as a unique user ID) that is used to record your use of our website and in some cases to record your email address.
Your email address is only stored in this cookie. The web beacon allows us to record specific types of information about actions taken when visiting a website, such as a visitor’s cookie number, time, date, duration and number of page views, a description of the page on which the web beacon and the details of the product or service purchased by the user are placed.
This information is used to fulfill our obligations as defined by contracts with our business partners, but also to help us provide you with better services, improving the design of our website, as well as our products, services and promotions. . In no other way do we record information about how you use other sites. Non-personal data or anonymized / pseudonymized information obtained through cookies and web beacons may be shared or received by our service providers.
Flash Cookies
We may also use Flash cookies or other similar technologies. A Flash cookie is a small data file placed on a computer using Adobe Flash technology that may have already been installed on your computer or downloaded by you to your computer. We use these technologies to personalize and enrich your experience on our site, to facilitate processes, to personalize and save your settings.
Flash cookies can help our website visitors to set, for example, their preferences regarding the upload size of a video file. They help us improve our websites by figuring out which points are of most interest to customers. We do not use Flash cookies for promotions or behavioral ads.
Flash cookies are different from browser cookies and the cookie management tools provided by your browser do not remove Flash cookies. If you turn off Flash cookies or other similar technologies, you may not have access to specific features and services that make your experience on the site more efficient and enjoyable.
You have the ability to disable cookies at any time through the browser options, but if you do, we will not be able to record your purchases or allow you to make a purchase from our site. In addition, we will not be able to identify you as a registered user so that you can access your account information.
10. Privacy of Minors
We do not knowingly collect any information from any person under the age of 15. Our website, products and services are for people aged at least 15 years or older. If you are under 15 years of age, do not use or provide any information on this website or any or all of its features, sign up for the site, do not make any purchases through the site and do not give us any personal information about us, including your name, address, phone number or email address. If we find that we have collected personal data from a child under the age of 15, we will delete this information, unless consent or authorization has been given by the child’s guardian. If you think we may have information from or about a child under 15, please contact us.
11. Who else can access your information
For your convenience, we reserve the right to share your personal data with service providers who provide support services to us, such as indications of the delivery of our products or who generally assist us in promoting our products and services. Service providers are third parties providing services on our behalf. They undertake through a contract not to use your information in any other way than to help us provide you with the products and services provided by the company PAPADAKI BROS OE.
In particular, in order to facilitate the regulation of your purchases, we often need to share your personal data with third parties. We reserve the right to disclose your personal data to a third party to whom we reserve the right to choose to sell, transfer or merge parts of our business or assets. Alternatively, we reserve the right to acquire or merge with other companies. In the event of a change in our business, the new owners have the right to use your personal data in the same way as set forth in this privacy statement.
In particular, our Company cooperates and may disclose your data:
(a) With a third company which, as the executor of the processing by order and on behalf of our Company, hosts and manages our e-shop.
(b) With third party courier companies which, as you perform the processing by order and on behalf of our Company, manage and process the shipments of your orders and also collect the money on our behalf in case you pay by cash on delivery. They also pick up and deliver to you products that you return due to withdrawal or return.
(c) With third party Email marketing companies which act in our name and on our behalf to send you the newsletter.
(d) With advertising and marketing companies
(e) With data analysis companies
(f) Research companies
(h) Financial Institutions for the collection of the purchase price and Organizations for detection and prevention of fraud.
(i) Information systems supply and support companies,
We also reserve the right to disclose your personal data to a third party when you ask us to do so or when we deem it required by law.
12. Countries that have access to your information
Our servers, which store and protect your information, are located within the European Economic Area (EEA). Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection for them, ensuring that one of the following protection measures is implemented:
We will only transfer your personal data to countries that the European Commission considers to provide an adequate level of protection for personal data. For more information, see European Commission: Adequacy of personal data protection in non-EU countries.
Where we use specific service providers, we reserve the right to use specific contracts approved by the European Union, which provide personal data with the same protection as in Europe. For more information, see European Commission: Model contracts for the transfer of personal data to third countries.
Where we use providers based in the United States, we reserve the right to transmit data to them if they participate in the Protection Shield which requires them to provide similar protection for personal data shared between Europe and the United States. For more information, see European Commission: EU-US Protection Shield.
Contact us for any clarification on the specific mechanism used by us when transmitting your personal data outside the European Economic Area.
13. Data Security
We have put in place appropriate protection measures (including encryption, anonymization and / or pseudonymization procedures where necessary) to prevent the unintentional loss, alteration, disclosure and use or access of your personal data in an unauthorized manner. In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who need to be aware of it in order to perform their professional duties. Your personal data will be processed exclusively in accordance with our instructions and we are committed to complying with the relevant terms of confidentiality.
We have put in place procedures to deal with any suspected breach of personal data and we will notify you and any competent authority of any breach when required by law to do so.
14. Retention Time of your personal data
We will retain your personal information for as long as you continue to interact with us (eg you maintain an Account, you are registered to receive commercial communication from us, you make a purchase from our online store, you contact our customer service points, you take part in some competition etc.) At the same time, we keep your personal data for purposes of legal interest which consists of our legal coverage in case of any dispute regarding the sales contract, the observance of your Account, our commercial policy or any other transaction between us, for the period during which could result in liability from the processing, in accordance with the applicable legislation. Your Company may keep your Financial Data within the framework of its legal obligation to comply with its tax obligations. We retain your other data until you request us to delete it, or what we retain and process as part of your consent, until you remove it, or until you object to our processing based on our legitimate interest. In some cases, you have the right to ask us to delete your data: see the deletion request section below for more information. In some cases, we reserve the right to anonymize your personal data (so that they may not be associated with your person) for research or statistical purposes and in this case, we reserve the right to use this information indefinitely without further ado. notice.
15. Your rights
You have the right to:
1. Access to your personal data (“underlying data access request”). This enables you to obtain a copy of the personal data we hold about you and to confirm that we are processing it in accordance with the law.
2.Correction of the personal data we hold about you. This enables you to correct incomplete or inaccurate data we hold about you, although we reserve the right to ask you to validate the accuracy of the new data you provide to us.
3. Deleting your personal data. This allows you to ask us to delete or remove personal data when there is no reasonable reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data in cases where you have successfully exercised your right to object to the processing (see below), when we may have processed the information incorrectly or when we need to delete your personal data so that to comply with local regulations. However, as you know, we may not always be able to comply with your request for deletion for specific legal reasons and we will notify you, if necessary, of your request.
4. Opposing the processing of your personal data when we rely on our legitimate interest (or the legitimate interest of a third party) and in this case you have reason to wish to oppose the processing thereof, as you believe it affects your fundamental rights and freedoms. You also have the right to object when we process your personal data for immediate promotions.
5. Restrict the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following cases: (a) if you wish to confirm the accuracy of the data delete them from us, (c) when you wish to keep your data even if we do not request it, if it is necessary for you to validate, exercise or defend legal claims, or (d) you have objected to our use of your data but must confirm if we have compelling legal reasons to do so.
6. Transfer of your personal data to you or a third party. We will provide you, or any third party you indicate, your personal data in a structured common form of engineering legibility. This right only applies to automated information for which you have given your consent to use it in cases where we have used the information to enter into a contract with you.
7. Withdraw your consent at any time in the event that our processing of your personal data is based on your consent. However, this is not something that can affect the legal processing that took place before you withdrew your consent. If you withdraw your consent, we may not be able to provide specific products or services to you. We will notify you in such a case upon withdrawal of your consent.
If you wish to exercise any of the rights described above, please contact us.
16. What we may need from you
We reserve the right to request specific information from you in order to verify your identity and to safeguard your right to access your personal data (or to exercise any of your other rights). This is a protection measure that ensures that personal data is not disclosed to any person who is not entitled to receive it. We also reserve the right to contact you for more information about your request, in order to reduce the response time.
17.Deadline for replying to requests
We try to respond to all legitimate requests within a month. We may need more than a month to respond to your request. if your request is particularly complex or you have submitted a number of requests. In this case, we will notify you in order to inform you about it. Usually and depending on the circumstances you will not have to pay any fee or fee to access your personal data (or to exercise any other right of yours). However, we reserve the right to charge a reasonable fee if your application is manifestly unfounded, repetitive or abusive. In any case, we reserve the right to refuse to comply with your request in these cases.
18. Applicable law
We process your Data in accordance with the General Regulation for the Protection of Personal Data 2016/679 / EU (GDPR), and in general the current national and European legal and regulatory framework for the protection of personal data.
19. Competent authority
You have the right to complain at any time to your country’s supervisory authority about data protection issues. In Greece, this authority is the Hellenic Authority for the Protection of Personal Data and you can find relevant details through the following link: www.dpa.gr. However, we would appreciate if we were given the opportunity to address your concerns before you approach the Data Protection Authority, so please contact us first, using the contact details listed above.
If you wish to contact us for any issue related to the processing of your Data and the exercise of your rights, you can contact the company, “In charge of the Data Protection Officer” of the Company or at the email address: [email protected]
