Privacy Policy

The protection of your personal data is important to us!

Με την παρούσα πολιτική της η εταιρία «ΚΑΡΑΜΦΥΛΛΙΔΗΣ ΣΤΥΛΙΑΝΟΣ ΚΩΝΣΤΑΝΤΙΝΟΣ» (εφεξής η «Εταιρία» ή «εμείς» ή «μας»), η οποία εδρεύει στην ΚΑΒΑΛΑ, ΓΑΛΛΙΚΗΣ ΔΗΜΟΚΡΑΤΙΑΣ 11 , καθορίζει και γνωστοποιεί τους όρους με τους οποίους, λειτουργώντας όπως ο νόμος ορίζει ως «Υπεύθυνος Επεξεργασίας», συλλέγει, αποθηκεύει, χρησιμοποιεί και εν γένει επεξεργάζεται τα προσωπικά δεδομένα σας, τα οποία αυτή συλλέγει όταν επισκέπτεστε, εγγράφεστε ή χρησιμοποιείτε τους δικτυακούς τόπους της Εταιρίας (εφεξής οι «Δικτυακοί Τόποι») και τις κινητές εφαρμογές της (εφεξής οι «Εφαρμογές») καθώς και όταν συναλλάσσεστε με τα φυσικά της καταστήματα.

This Privacy Policy also describes how we use, share and protect your personal data, the choices you have regarding your personal data, and how you can contact us. This Privacy Policy complies with the terms under European Regulation 679/2016 and any other relevant applicable legislation.

If you have any questions regarding this Privacy Policy, as well as any issue related to the processing of your Data and the exercise of your rights, you can contact us by email at info@discoverhalkidiki.com

1. A few words about the Company's Websites The site discoverhalkidiki.com is the Company's website, where the Company's online shop for the presentation and sale of products and services of the Company is located.

Επιπρόσθετα, μέσω των δικτυακών τόπων και των εφαρμογών της «ΚΑΡΑΜΦΥΛΛΙΔΗΣ ΣΤΥΛΙΑΝΟΣ ΚΩΝΣΤΑΝΤΙΝΟΣ» μπορείτε να αποκτήσετε πρόσβαση σε εύρος υπηρεσιών που σας παρέχει η Εταιρία, όπως:

The complete tourist and commercial guide (discoverhalkidiki.com).

2. What is Personal Data?

The term "personal data" refers to information of natural persons, such as name, postal address, e-mail address, contact telephone number, etc., which identifies or can identify you, hereinafter referred to as "Personal Data or Data"

3. What is the Processing of Personal Data?

Any operation or set of operations performed, with or without the use of automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, association or combination, restriction, erasure or destruction.

4. Is the provision of your Personal Data mandatory?

The provision of the Data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or may be optional.

The mandatory or optional nature of the provision of Data is indicated by an asterisk (*) next to Personal Data of a mandatory nature.

If you refuse to provide the data marked as mandatory on the Sites, it will be impossible to achieve the main purpose for which the Data is collected and may, for example, make it impossible for the Company to fulfil the sales contract or provide the other services available on the Sites.

The provision of additional Data to the Company, in addition to those marked as mandatory, is optional and does not entail any consequences in relation to the main purposes of Data collection, since their provision serves exclusively to optimise the quality of the services provided by us.

5. What Personal Data do we collect from you?

We take care to collect only the strictly necessary Personal Data that is appropriate and clear for the purpose for which it is intended. This Data includes the following:

a. Data that you provide to us when you register and create a user account on the Company's Sites or applications, via the internet or your mobile phone, or through your personal contact with our stores or our vendors, and specifically data such as your email address (e-mail)* and password/login password (as required) and name, surname, postal address, telephone number (as optional):

b. Data and information that you provide us through the transactions between us (purchases, orders, etc.) and communication between us (through our physical stores, our online store, our sellers, telephone, e-mail or through any other way/medium).

τηλεφώνου, ηλεκτρονικού ταχυδρομείου ή μέσω οποιουδήποτε άλλου τρόπου/ μέσου).

c. Data relating to the method of payment for the transactions you make with us.

d. Data that you provide to us when you subscribe to our newsletter.

e. Data about the products and services that you preferably choose usually, in order to recommend products or services of your interest and to further improve your shopping experience with us. Of course, you always have the option not to share such data with us.

f. Traffic data of our website.

g. Information collected from the use of cookies in your browser. Learn more about how we use cookies here.

h. To provide the best possible website experience, we collect technical information about your internet connection and browser, as well as the country and phone code where your computer is located, the web pages that appear during your visit, the ads you click on and any search terms you used.

i. Your social media username, if you interact with us through these channels to help us respond to your comments or questions

j. Educational information, such as education, skills, language skills, work experience (only if you are responding to a job advertisement).

6. How do we use your Personal Data? (Cookies Policy)

Where applicable, we use your Data:

- To complete orders for products and services: The Company processes your Data in order to fulfil its contractual relationship, to process the order for products and/or services, to provide customer service, to comply with legal obligations, to oppose, raise or exercise legal claims. If we do not collect your Data when you complete the order (through our physical stores, face-to-face or telephone service from our sales staff or through our online store, we will not be able to process your order and comply with our legal obligations. Please note that it may be necessary to transfer your Data to third parties in order to deliver the product or service you have ordered (For information on how we make personal data available to third parties, see conditions 9, 10, 11 and 12 below).

(For information on how we make personal data available to third parties, see conditions 9, 10, 11 and 12 below).

In addition, we may retain your Data for a reasonable period of time in order to fulfil our contractual obligations, for example product returns, as required by relevant legislation.

- To create a User Account: The Company processes your Data in order to provide you with account functions and to facilitate the purchase of products and/or services.

- For Contact: The Company uses your Data to respond to your requests/queries, refund requests and/or any complaints. The information you share with us enables us to manage your requests and respond to you in the best possible way. We may also keep a record of your queries/requests to us so that we can better respond to any future communication. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests to provide you with the best possible service and to be able to improve our services based on your personal experience.

- To send newsletter / offers: With your consent, we will use your Personal Data, preferences and transaction details to inform you via email, internet, telephone and/or social media about relevant products and services, including personalised/personalised offers etc. Of course you have the possibility to withdraw this consent at any time.

- Depending on your browsing, you may receive, having previously given your consent, notifications of our offers, news, your wish list and your shopping cart. Of course you have the possibility to withdraw this consent at any time.

- To participate in a loyalty program: The Company may process your Data for the purposes of your participation in a loyalty program, i.e. both the processing of your membership application and the accumulation and redemption of points and the enjoyment of customer benefits in general, as detailed in the terms of participation of the loyalty program. This enables us to offer you personalised offers that are of interest to you. Of course, you can choose whether to take advantage of them.

- To Develop and Improve the products and services we provide to you. This is done in our legitimate business interests.

- Because we want to offer you offers and proposals that are more relevant to your interests and needs.

- To ensure that you are always shown the most interesting content on our Sites or in our applications, we will use the Data you have provided to us by giving us your consent to receive application notifications or - for our Sites - your consent to place cookies on your device. For example, we may display a list of products you have recently looked at or offer you recommendations based on your shopping history and any other Data you have shared with us.

For example, we may display a list of products you have recently looked at or offer you recommendations based on your shopping history and any other Data you have shared with us.

- To send you survey and evaluation requests so that we can improve our services. These messages will not include promotional content and will not require prior consent when sent by email or text message (SMS). We have a legitimate interest in doing so as this helps our products or services to be more relevant to you. Of course, you are free to opt-out of receiving these requests from us at any time by updating your preferences on your online account

- To protect your account from fraud and other illegal activities: This includes using your Data to maintain, update and protect your account. We also monitor your browsing activity with us to identify and quickly resolve any problems and to protect the integrity of our website. All of the above is part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect possible false logins from unexpected sites.

- To process payments and prevent fraudulent transactions: We do this based on our legitimate business interests and it also helps protect our customers from fraud.

- To comply with our contractual obligations to you, or pursuant to statutory provisions or to enforce court orders.

- To send you communications required by law or necessary to inform you of changes to the services we provide to you. For example, updates to these privacy notices, product recall notices and legally required information about your orders. These service messages will not include promotional content and will not require prior consent when sent by email or text message (SMS). If we do not use your personal data for these purposes, we cannot comply with our legal obligations.

Finally, we inform you that the processing of your Data is carried out either by the Company's specially authorized personnel, or through computer systems and electronic devices by the Company and exceptionally by third parties, who, having been contractually bound to confidentiality and protection of your Data, carry out tasks necessary to achieve the purposes strictly related to the use of our Sites, its services and the sale of products through our Sites. You will find information on this below in terms 9 and 10 "Who are the recipients of your Data? How your Data is shared".

7. What is the lawful basis for the processing of your Data by the Company?

- data protection legislation which sets out various reasons why a company may collect and process your personal data, including the terms of our contractual relationship

- your consent, where required. For example, when you choose to receive newsletters. When collecting your personal data, we will always inform you which data is necessary in relation to a particular service.

- the Company's obligations arising from the law (e.g. tax legislation, e-commerce legislation, etc.)

- the legitimate interest of our Company. In certain cases, we collect your Data in a manner that is reasonably expected as part of the operation of our business and that does not substantially affect your rights, freedom or interests.

8. Who are the recipients of your Data?

Access to your Data is available to the Company's absolutely necessary personnel, who are bound by confidentiality obligations, and our partner companies or third party service providers, who process your Data as Processors on our behalf and in accordance with our instructions.

9. How is your Data shared?

Disclosure of Data by our Company

The Company shares your Data with:

- Third party service providers that process personal data on behalf of the Company, for example (but not limited to) for credit card and payment processing, transfers and deliveries, hosting, management and maintenance of our data, email distribution, research and analysis, management of promotions, as well as management of certain services and data. When we use third-party service providers, we enter into agreements that require them to implement appropriate technical and organizational measures to protect your personal data.

- Other third parties, to the extent required for the following purposes: (i) to comply with a request by an authority of the Greek State, a court order or applicable law; (ii) to prevent illegal uses of our Sites and Applications or violations of the Terms of Use of our Sites and Applications and our policies; (iii) to protect ourselves from third party claims; and (iv) to help prevent or investigate cases of fraud (e.g. counterfeiting).

- other third parties to whom you yourself have given your consent.

Disclosure of Data by you

- When you use your social media information on our Sites or Apps, you may create a public profile that includes information such as your username, profile picture and city. You may also share content with your friends or the general public, including information about your interaction with the Company. We encourage you to use the tools we provide to manage sharing on Company's social media to control the information you make available through Company's social media elements.

10. What is our policy with third party Processors processing your Data in accordance with the above:

- We only provide the information they need to perform their specific services.

- They may only use your Data for the precise purposes we specify in our contract with them.

- We work closely with them to ensure that your privacy is respected and protected at all times.

- If we stop using their services, any of the data they hold will be deleted or made anonymous.

To improve your customer experience on our Sites and Apps, we use the following companies who will process your Personal Data as part of their contracts with us:

- Facebook - Google - Instagram - Twitter - Hotjar

If you wish to receive more information about the disclosure of your Data to third parties, please contact us by email at info@discoverhalkidiki.com

11. How do we ensure that Processors respect your Data?

The Processors processing on our behalf have agreed and contractually bound themselves to the Company:

- maintain confidentiality,

- not to send your Data to third parties without the Company's permission,

- take appropriate security measures,

- comply with the legal framework for the protection of personal data and in particular Regulation 979/2016/EU (also known as GDPR).

12. Data transfer

The personal data we collect (or process) in the context of our Sites and Applications will be stored within the European Union. However, some of the recipients of the Data with whom the Company shares your Personal Data may be located in countries other than the country in which the original collection of your Personal Data took place. The laws in those countries may not provide the same level of data protection as the country that originally provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, including the United States, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.

We take steps to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries enjoys adequate protection under data protection rules. These include signing the Contractual Clauses, certifying that the recipient has adopted the European Binding Rules or complying with the EU-US and Switzerland-US Privacy Shield.

13. For how long do we keep your Data?

We retain your Personal Data for as long as necessary to fulfil the purposes set out in this Privacy Policy (unless a longer retention period is required by applicable law). Generally this means that we will retain your Personal Data for as long as you have an account with our Company. With respect to your Personal Data related to product purchases, we retain this data for a longer period in order to comply with our legal obligations (such as tax and trade law and for warranty purposes where applicable). At the end of this retention period, your data will be deleted completely or anonymised, for example by aggregation with other data, so that it can be used in an unidentifiable way for statistical analysis and business planning.

Some examples of customer data retention periods:

- Orders

From the completion of an order, we retain the personal data you provide for five years, so that we can comply with our legal and contractual obligations.

- Guarantees

If your order included a guarantee, the relevant Personal Data will be kept until the end of the guarantee period.

- Ενημερωτικό δελτίο

Your declaration of consent for sending a newsletter is kept for as long as you receive a newsletter from the Company and in any case not more than six months after its discontinuation.

14. Is your Data safe?

We are committed to safeguarding your Personal Data.

Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to ensure the security and protection of your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum security. The discoverhalkidiki.com website uses the TLS 1.2 protocol, for secure online commercial transactions. This encrypts all the Data you provide, including your credit card number, name and address, so that it cannot be decrypted or altered during transmission over the Internet.

In addition, the information used to identify you as an account user is two: the Username and the Personal Secret Security Code (Password). Each time you enter your details, you are granted access to your personal account. This process is achieved securely through encryption during their transfer to the Internet and the Company's servers. Following the same standards, you are given the opportunity to change your Personal Secret Security Code (Password) as often as you wish. After entering the desired password, the new password is encrypted and stored in the Company's systems. For this reason, the only person who knows your password is you yourself and you are solely responsible for maintaining the secrecy of the password from third parties.

These measures shall be reviewed and amended when and where necessary.

15. What are your rights?

You have the right to access your Personal Data.

This means that you have the right to be informed by us if we process your Data. If we process your Data, you can request to be informed about the purpose of the processing, the type of your Data we hold, who we give it to, how long we store it, whether automated decision-making is carried out, and your other rights, such as rectification, erasure, restriction of processing and lodging a complaint with the Data Protection Authority.

You have the right to correct inaccurate personal data.

If you find that there is an error in your Data, you can submit a request to us to correct it (e.g. correcting your name or updating a change of address).

You have the right to erasure/right to be forgotten.

You can ask us to delete your data if it is no longer necessary for the processing purposes mentioned above or if you wish to withdraw your consent.

You have the right to portability of your Data.

You may request to receive the Data you have provided in a readable form or ask us to transfer it to another controller.

You may request to receive the Data you have provided in a readable form or ask us to transfer it to another controller.

You may request that we restrict the processing of your Data for as long as your objections to the processing are pending.

You have the right to object and withdraw consent to the processing of your Data.

You may object to the processing of your Data and we will stop processing the Data, unless there are other compelling and legitimate reasons that override your right. If you have consented to the collection, processing and use of your Personal Data, you may withdraw your consent at any time with future effect:

- Choosing not to receive Marketing Communications

You can opt out of receiving marketing communications by changing your email and sms subscriptions by clicking the unsubscribe link or by following the instructions included in the message.

- Alternatively, you can contact us using the contact details provided in clause 17 below.

In case we rely on the our legitimate interest: In cases where we process your personal data on the basis of our legitimate interest, you can ask us to stop for reasons related to your personal situation. We must then do so if we do not believe we have a legitimate compelling reason to continue to process your Personal Data.


16. How can you exercise your rights?

To exercise your rights you can submit a request to us at the following email address info@discoverhalkidiki.com entitled "Exercise of Rights" and we will look into it and get back to you as soon as possible.

Exception:

  • if you wish to correct your Data in your user account, you can log in to it and make any correction/change without having to submit a Request.
  • if you wish to withdraw your consent for sending a newsletter you can do so by selecting the link "To unsubscribe from the "newsletter mailing list" click here" located at the bottom of each newsletter.
  • if you do not wish to receive web push notifications from the Company you can disable the option from your browser setting.

Identity check

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorized a third party to make a request on your behalf, we will ask them to demonstrate that they have your permission to act for this purpose.


17. When do we respond to your Requests?

We will respond to your Requests free of charge without delay, and in any case within (1) one (1) month of receiving your request. However, if your Request is complex or there are a large number of Requests, we will let you know within the month if we need to obtain an extension of another (2) two months within which to respond to you.


18. What is the applicable law when we process your Data?

The applicable law is Greek law, as formulated in accordance with the General Data Protection Regulation 2016/679/EU, and in general the applicable national and European legislative and regulatory framework for the protection of personal data.

Any dispute arising from or relating to the protection of your Personal Data shall be subject to mediation in accordance with the Mediation Regulation of the European Organisation for Mediation and Arbitration (EMCDDA). In the event that the dispute or part thereof is not resolved through mediation, the dispute or the unresolved part thereof shall be resolved exclusively, finally and irrevocably by an arbitral tribunal, appointed and conducting the arbitration in accordance with the ECHR Arbitration Rules.


19. Where can you go if we violate the applicable law on the protection of your Personal Data?

You have the right to lodge a complaint with the Data Protection Authority if you believe that the processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data.

Personal Data Protection Authority, Postal address: 1-3 Kifissias Street, P.C. 115 23, Athens, tel. 210. 6475600, e-mail address - contact@dpa.gr


20. How will you be notified of any changes to this Policy?

We update this Privacy Policy whenever necessary. If there are significant changes to our Privacy Policy or the way we use your Personal Data, we will post an update to this Privacy Policy on our website before the changes take effect and will notify you by any appropriate means. We encourage you to periodically read this Policy to know how your Data is protected. This Privacy Policy was last modified on 21/04/2022.