1. In general
The company considers the issue of the protection of users' personal data of the utmost importance and sets as a key priority the absolute protection of users' data and the latter's unrestricted access to them. The policy followed by the company regarding the personal data provided by users in the context of their navigation and interaction with the online store, aims to create a safe environment for the purpose of making safe online purchases.
The personal data protection policy in this case has been adopted by the sole proprietorship under the name of Askaridou Kallirroi, based in Thessaloniki, Evzonon 19 54640 and legally represented with VAT number 040544218, DOU 6th of Thessaloniki, email address firstname.lastname@example.org , telephone contact number 2310889203 and is applied every time someone navigates the online store either as a simple visitor or as a user-buyer or as a member. Anyone who visits the online store or makes use of its services will be referred to herein for the sake of brevity as "subject of personal data" or "subject".
By browsing, carrying out any transaction and using any service of the online store, the user declares that he is 18 years of age or older and that he accepts and consents to this personal data protection policy.
For any question, clarification on this policy and on the processing of his personal data, the user can contact the online store at any time either by sending his question/request via email to info@scarpediem. Gr pointing out that it is a matter of personal data or by sending a letter to the address of the company's headquarters.
2. Data Controller (DPO)
The person in charge of processing personal data (DPO) is the owner of scarpediem.gr, Askaridou Kallirroi, Evzonon 19 54640 Thessaloniki with VAT number 040544218, DOU 6th of Thessaloniki, email address email@example.com , contact phone number 2310889203. As the controller, he ensures the observance of the privacy and confidentiality of users' personal data as well as the unhindered exercise by users of their rights. The controller ensures that the management, processing and protection of the personal data of the users of the online store is governed by the relevant provisions of the current Greek and European legislation as well as by the relevant decisions and opinions of the Personal Data Protection Authority (PDPA) and in particular, it is under the conditions of laws 2472/1997 "Protection of the individual from the processing of personal data", 3471/2006 "Protection of personal data and privacy in electronic communications", 3917/2011 as they have been amended and are in force today and of Regulation (EU) 2016/679 of the European Parliament and of the Council - General Data Protection Regulation (GDPR), passed on 27 April 2016 https://eur-lex.europa.eu/legal-content/EL/TXT/?uri =CELEX%3A32016R0679 , which replaces Directive EC 95/46 (N 2472/1997) and came into force on May 25, 2018 (hereinafter the "Regulation") . The Regulation harmonises privacy laws across Europe with uniform and common transparency rules.
3. Personal data, definition
According to no. 4 sec. 1 of the Regulation as "personal data" means any information concerning an identified or identifiable natural person "data subject". An identifiable natural person is one whose identity can be ascertained directly or indirectly in particular by reference to an identifier, such as, for example, name, ID number, date of birth, gender, residential address, email address, telephone number, device IP address, password, by reference to location data, to an online identifier or by reference to one or more factors that characterize the physical, psychological, genetic, social, economic or cultural identity of that natural person.
4. Personal data collected by scarpediem.gr and purpose of processing
By simply navigating the user on scarpediem.gr, registering as a member in the online store, ordering and purchasing a product, filling out and submitting a contact form or calling the user to the online store, they can simply collect the user's personal data either directly by the user who grants them or through cookies. In the event that the user provides the online store with his own will and consent his personal data belonging to a special category (e.g. data related to his state of health), the company undertakes to process it with care and as provided by the relevant legislation.
In particular, during the simple navigation of the visitor to the online store, the visitor is not required to enter any personal data. During this visit they may collect and process browsing data, such as the visitor's ip address through the cookies that are installed on the visitor/user's computer, if he chooses and consents to it, in order to improve his experience and his convenience according to his purchasing preferences while browsing the online store.
If the user wishes to create an account and register as a member of the online store, the company may collect e-mail address (email), password (password), full name, address, phone number, in order to make it easier for the user to complete his purchases in the online store. The above personal data is encrypted. The user has the possibility to change his personal password as often as he wishes. The user is the only one who knows their password. The user is solely responsible for maintaining the confidentiality of the password from third parties.
The information in question is necessary to complete the user's registration and is collected during the registration stage for the purpose of identifying and verifying the identity of the registered user (data subject), who then as a member can navigate and interact with the online store.
In the event of an order and for its execution and completion, the company may collect name, product shipping address, order registration address, contact phone number, email address, payment details e.g. bank account number and depositor details in case of payment by deposit to a bank account, type of document (receipt or invoice). In the event that the user wishes to issue an invoice for the purchase he made, he must necessarily enter the name of the company, profession-activity, address (headquarters), telephone, VAT number and DOU. These details are necessary for the correct execution of the order. During the execution of the sales contract between the parties, the company may send to the electronic address (email) registered by the user the notification of receipt of the order, the details of the order and its execution by the transport company with which it cooperates. Also, both the online store and the transport company can use the phone or the above email address to inform the user in the event of a problem related to the execution of the order.
The personal data in question are collected and processed exclusively for the completion of the purchase of the product, i.e. to ensure the individual stages that make up the product sales contract, the secure payment of the product, the shipment of the product to the correct address, the issuance of a document with the correct details of the buyer and the management of any return of the product and exercise of the buyer's right of withdrawal. The collection and processing of the above data is necessary for the execution of the user's order (making a product purchase) and is based on the provision of article 6 par. 1 item. b GDPR as it is necessary for the fulfillment of the obligations arising from the drawn up sales contract between the parties in the manner chosen by the user.
In the event that the user wishes to contact the online store in order to be informed and to request clarifications regarding the order and purchase he made or for any other information either by telephone or by completing and submitting the relevant contact form posted on the website, he may collect personal data, such as name, telephone, e-mail address (email) and order code for the purpose of optimal communication and service of the user with the online store and the easier and more efficient management of the user's requests and questions. In the case of submitting a contact form, the data submitted through it are not stored in the online store's database, but are only kept for as long as is necessary for the online store to answer the user's question.
Regarding the personal data collected during the creation of a member account, this data is kept by the company for as long as the user is a member. With regard to personal data, which are collected when ordering and purchasing a product, these are kept for the period of time required within the framework of the company's legal and contractual obligations, i.e. as provided by tax, commercial and other legislation and by the law of sale as well as for as long as the company retains the right to exercise its legal claims, i.e. until the statute of limitations for the company's legal claims before any competent court and any competent authority expires. In any case, the above data is kept for a maximum period of five years. After this period of time, the data controller undertakes to completely and definitively delete the user's personal data from the online store's database.
In any case, the personal data declared by the user are kept exclusively and only for reasons related to transactions with him, communication, improvement of the services provided and may not be used by third parties or granted to third parties (with the exception of when this is ordered by the law or by the competent judicial or prosecutorial authorities).
The controller undertakes not to use the users' e-mail address to send spam.
In the event that the data controller decides to further process the users' data beyond the aforementioned, they will be asked for their consent for the said processing of their data for specific purposes. By using the website and providing the user's personal data voluntarily for the respective functions (acceptance of cookies when entering and navigating the website, entering personal data during user registration as a member, entering personal data during the completion stage of the order, so that they can be used by the company both when issuing a legal document and arranging the shipment and in case of exercising the right of withdrawal on behalf of the user) the user's consent to this policy is presumed. The user's consent to the processing of his personal data is free, explicit and fully informed. The user has the right to withdraw his consent at any time (constant right to opt out). Withdrawal of consent does not affect the lawfulness of processing that was based on consent prior to its withdrawal.
5. Cookies Policy - what are Cookies
During the navigation of the user in the online store, the company can collect user data through the identification files (cookies) it has, which can be used for statistical purposes and for the proper functioning of its services, that is, in order to become scarpediem. gr more functional and friendly to its users. In addition, in case the user has created a member account, cookies are used to connect the user to his account, to remember the products stored in the user's cart.
The files in question (cookies) are small text files, short texts of software code, which are encrypted. They are sent to be stored by the company's server, they are temporarily installed in the browser of the user's computer or electronic device when he visits the website and if he gives his consent, they transmit data of the browser used by the user to his server scarpediem.gr Depending on their duration, they are divided into temporary cookies, which disappear and are deleted when the user closes their browser, and cookies, which remain stored on the user's electronic device until their predetermined validity period has expired.
The data collected by cookies for the above purposes are processed and stored exclusively in the form of anonymous statistical data not directly linked to the user's identity. Through cookies, identification data of the user's terminal equipment and internet protocol address, navigation data within the website, information on product preference, data on completed transactions can be collected. In addition, the IP address of the user's PC accessing the online store may be collected.
Cookies are not used under any circumstances to record the user's personal data and do not take noice of any file or document from the navigation device used. This file does not cause damage to the user's electronic system and does not affect its functionality in any way.
6. IP Address
The IP address (Internet Protocol address) of the user's navigation device may be stored through cookies for technical reasons, for security reasons of the scarpediem.gr systems as well as for the collection of anonymous data for the purpose of statistical processing.
As an exception, it may be disclosed, if requested - following the procedure prescribed by law - by the competent state authorities and if it is registered and available.
7. Transmission and disclosure of personal data to third parties
The personal data of the users remain in the knowledge of the controller. This data may be transmitted to third-party external partners of the online store in the context of the smooth execution of the transactional relationship and the observance of the assumed obligations of the company towards the users in the context of the operation of the online store and under conditions that fully ensure that the personal data of user there are no illegal processing, i.e. other than the purpose of transmission and. These persons comply with the applicable legislation for the protection of personal data and are subject to strict contractual obligations of secrecy and confidentiality.
For the above purposes, the data controller reserves the right to transfer the personal data of the users to third parties, who facilitate or promote the provision of the services of the online store to the users, and in particular:
- to the cooperating courier company, in order to send and deliver the products to the declared shipping address.
- to third-party external partners for the provision of technical support and for the resolution of technical issues, for the provision of hosting services, e.g. developers, data analysts, data security service providers of the subjects, strictly for the processing of their assigned services to the online store.
- to service providers for hosting the user database, technical support and management.
- to credit institutions to complete the user's order through them.
- to providers of electronic means of payment by card for the execution and completion of the payment of the user's orders.
- to providers extracting website traffic statistics such as Google Analytics.
In the event that one of the above persons-carriers is based in countries outside the European Union, the disclosure of personal data is carried out with the guarantees defined by law. The company, with contractual clauses, through the commitment of the countries in question to observe and comply with the European institutional framework or through the observance of the agreement between the EU-US (EU-US Privacy Shield), ensures that the personal data of the user that transferred to these countries are adequately protected.
The above categories of recipients of the user's personal data are processors and process the data on behalf of the company in accordance with the Regulation and therefore as such do not process the user's data beyond the above purposes (Article 4, 28 of the Regulation) .
The company does not in any case have the personal data of the users for sale.
The controller undertakes not to transfer or in any way communicate the personal data of the users other than the above to any third party, third country or international organization, information collection centers or other third party service providers without the permission and consent of data subject, unless this is required by law or by the competent judicial or prosecutorial authorities.
The data controller may disclose and announce users' personal data for reasons of public interest or in the exercise of public authority, provided that the latter has been assigned to him or when this action is required due to compliance with the relevant provisions of the law, by a court decision or where requested/ordered/ordered by any other governmental, prosecutorial, administrative or regulatory authority, in compliance with European and domestic law.
The website of the online store uses google analytics according to the specifics defined above.
No ads from other providers are displayed in the online store.
The company must, under current legislation, report to the Personal Data Protection Authority any illegal breach of the website's database or any third party's database and all relevant persons and authorities within 72 hours of the breach.
8. Payment by bank transfer
In the event that the user chooses to complete the transaction and pay for the order through a bank transaction with a card, he is automatically transferred to the environment of the bank (or other corresponding provider) which manages his payment according to the terms and conditions applicable to them.
9. Personal data processing guarantees
The data controller makes every effort to ensure that users' personal data is kept in accordance with domestic legislation and the Regulation, fully respecting the principles governing their processing (Article 5 of the Regulation). In this context the controller ensures that the data:
- are lawfully and legitimately processed in a transparent manner in relation to the data subject ("lawfulness, objectivity and transparency")
- are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with these purposes.
- are appropriate, relevant and limited to what is necessary in relation to the purposes of the processing "data minimization". The data is collected exclusively for the purposes of this or if compliance with any legal obligation is required.
- they are accurate and when necessary they are updated
- they are kept in a form that allows the identification of the data subjects only for the time required for the purposes of the processing
- processed securely by securing them against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and confidentiality").
- subject to processing in accordance with the rights of the subject of personal data as provided for in nos. 13-21 of the Regulation.
10. User (data subject) rights
The registration of the user's personal data in the online store is not mandatory, but is subject to his discretion. However, in the case of non-registration, it will not be possible to fulfill the contractual commitments within the transactional relations of the parties and the execution of the relevant requests of the user by the company. The company provides the possibility for the user (data subject) to access his personal data, to update, remove and limit the processing of his data. He can also refuse the processing of his data or transfer his data from scarpediem.gr to another processor. In particular, the user with regard to his personal data, which he has registered and in accordance with articles 13 to 21 of the Regulation and other legislation, has the right to:
- Information about his data held in electronic form and in paper files and the processing to which he submits it, such as what data he processes, for what purpose, for how long he keeps it using clear and simple wording.
- Access to its data (no. 15). In particular, he has the right to request access to his personal data. With the access request, he can be informed as to whether the personal data concerning him are being processed and, if this is the case, he is entitled to information about the purposes of the processing, the relevant categories of data, the third-party recipients, to whom they may have been communicated or are about to be share his data, the storage period of his data, the possibility of exercising user rights in accordance with the Regulation, the possibility of submitting a complaint to a supervisory authority. He is entitled to be informed of possible changes in the way his data is processed since his last update and of the security measures imposed on the data controller as well as of the methodology applied to the process of automatic processing of personal data, including profiling, if this is carried out. He has the right to take measures to stop the processing of his personal data, if the processing is likely to cause him significant damage or moral harm.
- Correction of inaccurate and incomplete personal data concerning him (no. 16)
- Erasure-Right to be forgotten) (no. 17) and indeed without undue delay in the event that the data are no longer necessary for the purposes for which they were collected or there is no other legal basis nor compelling legitimate grounds for processing. The user has the right to destroy his data, which are incorrect or whose processing he no longer wishes.
- Restriction of data processing (no. 18). In the event that the accuracy of the data is disputed by the user for a period of time that allows the controller to verify the accuracy of the user's data, the user may object to the processing of his data and request the restriction of their use due to illegal processing. In the event of a request for correction, deletion or restriction of the processing of the data, the controller informs the user of the correction, deletion of the data, cessation of its use or restriction of the processing carried out at the request of the user in accordance with paras. 16,17,18 of the Regulation. At the same time, it announces the above action to each recipient to whom the data was disclosed, e.g. to another data controller, unless this proves to be impossible or involves a disproportionate effort.
- Right to data portability (No. 20 of the Regulation). The user has the right to receive from the controller the personal data concerning him without objection from the latter and which he has provided in a structured, commonly used and machine-readable format as well as the right to transmit them to another controller in accordance with the way and the specifics defined in article 20 of the Regulation. This right applies subject to the fulfillment of a duty in the public interest or in the exercise of public authority assigned to the controller.
- Objection (No. 21 of Regulation) The user has the right to object at any time and for reasons related to his particular situation to the processing of data concerning him when it is based on article 6 par. 1 item e' or the GDPR in accordance with the specific defined in no. 21 of the Regulation. The controller complies with the request unless there are compelling legitimate reasons for the processing, which override the interests, rights and freedoms of the user or to support legal claims.
- Right to human intervention in decision-making by automated process. The user has the right to ask the data controller not to be subjected, if applicable, to a decision-making process based solely on automated processing, including profiling, which produces legal effects concerning him or significantly affects him in a similar way. In order for the user to exercise any of the aforementioned rights or in case he has questions about this policy, he can contact the controller in writing at the address Evzonon 19, 54640 Thessaloniki or at the email address firstname.lastname@example.org describing his request for a specific action, such as correction, temporary non-use, non-transmission or deletion. The data controller is obliged to respond in writing to the request within a period of one month from its receipt with a documented response, which satisfies the user's request or sufficiently justifies its non-satisfaction. In the event that the data controller has reasonable doubts about the identity of the natural person submitting the request, it may request the provision of additional information necessary to confirm the identity of the data subject. In the event that the data controller does not respond in a timely manner or the user does not agree with his actions, he has the right to file a complaint with the Personal Data Protection Authority in writing (Kifisias 1-3, PO Box 11523 Athens) or electronically ( www.dpa.gr ).
This policy may be amended or revised. The user is obliged, regardless of the previous notification regarding the modification by the company, to periodically check back for any changes in its content.
Last updated 11/04/2022