PRIVACY POLICY

PRIVACY

Respecting your personal data is one of our top priorities and for this reason we take reasonable steps to comply with applicable legislation in relation to the protection of your personal data. The following is full information regarding the collection and processing of your personal data.

Who is the Controller of the website:

Responsible for the processing of your personal data is the owner of this website, Evita Eleftheroudaki, with the following contact details:

-email address: evitelus@gmail.com

What data is collected and processed and for what purpose:

We process the following categories of your personal data which are suitable for fulfilling the purposes. Particularly:

a) Identification data (e.g. first name, last name)
b) Contact data (e.g. telephone number, email address, postal address)
c) Activity data (e.g. profession/activity)
d) Transaction data (payment method, type, place, time of product or service provided)
e) Data collected through Cookies (e.g. IP). For detailed information see the Cookies Policy of our website.

Under no circumstances do we collect or gain access in any way to special categories of "sensitive" personal data or data relating to criminal convictions and offences. The user of the website is obliged not to provide this type of data, related to his person or a third party. If, despite this, a user provides special categories of data, these will be deleted immediately and we bear no responsibility towards users or third parties for any provision and/or processing of sensitive data, due to actions or omissions of users, contrary to the above obligation.

We collect the above data for the following purposes:

– To communicate with you and respond to any questions or requests you may have
– To send a newsletter in order to inform you about various news with the content of our website and our services.
– To protect the account you have created on our website from illegal activities
– To communicate with you in case required by law and to notify you of any changes e.g. of the cookies or privacy policy

What is the legal basis for processing your data:

Your data is collected only when there is a legal basis for processing it and in particular for the following cases:
a) In the event that you have given your consent to receive a newsletter regarding the subject matter and services/products of our website. In this case you have the right to withdraw your consent at any time.
b) In the case expressly provided for by any legislative provision, in which an obligation to use or maintain your data is defined.
c) In the legitimate interest for the improvement and functionality of our website for the benefit of its users.

Η συγκατάθεση που παρέχεται υπό ανωτέρω α) μπορεί να ανακληθεί οποτεδήποτε με σχετική δήλωση στην ηλεκτρονική διεύθυνση του Υπευθύνου Επεξεργασίας evitelus@gmail.com Η άρση της συγκατάθεσης ισχύει για το μέλλον και οποιαδήποτε επεξεργασία δεδομένων έχει πραγματοποιηθεί μέχρι την ανάκλησή της θεωρείται νόμιμη και έγκυρη.

Data collection when you visit the website:

When you visit the website for information only, i.e. no personal account is opened for any orders or none of your personal data is given (e.g. contact form), then the only data we collect is that which your browser transfers to the server us, the so-called server log files, namely:

Date and time at the time of entering the website.
The amount of data sent in bytes.
The browser you used when you entered the website.
The operating system you used when you entered the website.
Your IP Address (Internet Protocol address), when you enter the website.

The processing of data is carried out in accordance with article 6 par. 1 para. f of the General Regulation on the Protection of Personal Data (GDPR) based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or used in any other way. However, we reserve the right to review server log files if specific indications of illegal use are found.

How long we keep your data:

We keep your data for as long as necessary in order to fulfill the purposes defined above and for as long as you maintain an account on our website, unless an extension of this time is required due to our legal obligation or for the exercise of legal claims.

Your declaration of consent for sending a newsletter is kept for as long as we send you a newsletter and in any case no more than six (6) months from the cessation of its sending.

In case you proceed to order a product or service, we keep the data for five (5) years in order to comply with the relevant legislation, e.g. tax.

When we delete your data:

Your data is kept by the Company only for as long as it is necessary to fulfill the purpose for which you have communicated it to us, unless an extension of this time is required due to legal claims or our legal obligations.
Your declaration of consent for the sending of a newsletter is kept for as long as the newsletter is sent to you by the Company and in any case no longer than six months from the cessation of its sending.
User account data is kept for as long as the user account is active, unless a new processing purpose has arisen for some of it.

What are my rights in relation to the processing of my personal data and how can I exercise them:

Here is a brief update on your rights regarding the processing of personal data.

1. Right of Access: You can request to know the data we have and are being processed by us for the above purposes as well as to provide you with information about what data we have, why we use it, to whom (if any) we disclose it, if it is transmitted abroad, how they are protected, how long they are kept, what your rights are, how you can file a complaint, how your data is collected.

2. Right to correction: You can request the correction of your inaccurate personal data.

3. Right to deletion: You can request the deletion of your data if they are no longer needed for the purposes for which they were collected.

4. Right to restriction of processing: You can request the restriction of the processing of your data for as long as the examination of your objections to the processing is pending.

5. Right to portability: You can request to receive the data you have provided to us in a readable format and at your request to pass it on to another Processor.

6. Right to Object: You can request at any time that we stop processing your data or withdraw your consent, where this has been requested and provided by you, and we will stop processing your data (except where other compelling and legitimate reasons which prevail over the right). The withdrawal of consent is valid for the future and does not affect the legality of the processing carried out until its withdrawal.

How you can exercise your rights:

You can exercise your above rights by sending a relevant request to the e-mail address evitelus@gmail.com. In such a case, we may ask you for some information to confirm your identity. You can also submit a complaint to the Personal Data Protection Authority regarding the exercise of your rights (www.dpa.gr). According to the Authority's website, complainants must first submit their complaint to the Controller.

You are not required to pay a certain amount of money to exercise your above rights, unless, as provided by law, your request is unfounded or excessive, in which case we may proceed to charge a reasonable fee, which will be notified to you in advance the completion of the examination of your request.

We will respond to your above requests within one (1) month of receiving them, asking for any further clarifications and in the case of something complex or time-consuming, we will inform you if we need more time than one (1) month. We have the ability to reject requests that are abusive, in bad faith or illegal, within the provisions of the law.

Recipients of the data and relations of the Company with third parties:

The Data Controller has access to your Data. Your data may be disclosed to partner companies for technical support & software maintenance, payment service providers, newsletter management software providers.

In any case, any partner who may have access to your personal data is contractually bound to us to take appropriate measures to protect the confidentiality and security of personal data.

In the event that we receive a request from an Administrative Authority, Prosecutor, Court or other Public Authority, we may need to transmit the data in the context of fulfilling a duty performed in the public interest to said Authorities (with or without prior information from you) based on the respective laws. If your prior information is provided for by law, then you have the right to object to the processing in question as provided above.

Transfer to Third Countries:

Your personal data is kept within the European Economic Area. If we are going to transfer your personal data to a third country, i.e. to a country outside the EEA or to an international organization, you will be informed before their transfer, in accordance with the provisions of article 13 paragraph 1 f GDPR.

How is my data secured:

The Processor takes all the necessary technical and organizational security measures to protect and ensure the privacy of your personal data (firewalls, etc.) from unlawful processing.

In any case, the security of those in the environment of this website is subject to reasons beyond the sphere of influence of its administrator, as well as reasons due to a technical or other weakness of the network that is not controlled by the administrator or reasons of force majeure or fortuitous events.

Through our website you may gain access to third party websites. In this case, we have no involvement in any collection and processing of your data carried out by the providers of third-party websites you enter. Therefore, for your most complete information regarding the processing of your data by the third-party providers, you should be informed of the corresponding privacy policy on each website you visit.

This policy is an integral part of the terms of use of the website and may be changed depending on the applicable legislative provisions.

Applicable law is Greek law, as formulated under GDPR 679/2016/EU and in general Greek and European law governing the protection of personal data.