Privacy Policy
Privacy and Personal Data Protection Policy
1.Introduction
The personal data and privacy of visitors to our website https://www.nikolaidis.eu, is very important to us and we are committed to protecting it. This Policy is intended to inform you about the information we collect and process when you use our online store and make purchases through it. The collection of this data makes us responsible for the processing and based on the legislation governing Personal Data and specifically the General European Regulation 679/2016 and the National Law number 4624/2019, we provide you information about who we are, why we collect your personal data, how we use it and what your rights are as a personal data subject.
2.Lawful processing of personal data
The “Company”, (for full details of which see Terms of Use section), complying with the provisions of the European Regulation for the Protection of Personal Data (EU 2016/679) and the relevant Greek legislation, manages the Personal Data disclosed to it with the utmost care. In order to ensure the confidentiality and security of Personal Data, the “Company” has taken the necessary organizational and technical measures, establishing internal security policies, using appropriate electronic means, informing and training its staff properly. The “Company” is committed to lawful processing of Personal Data, as it collects and processes them exclusively for specified, explicit and legitimate purposes and only to the extent necessary for the implementation of these purposes. The data it keeps, it ensures that it is accurate and updated, seeking for this purpose the assistance of the data subjects, i.e. the natural persons to whom the data relate, and it keeps the data for as long as necessary for the implementation of the specific purposes.
3.Data collected
The personal data that you declare in the online store are kept exclusively and only for reasons relating to transactions with you, communication, improvement of the services provided and may not be used by third parties or granted to third parties (except where provided by law to the competent authorities only). The online store operates in accordance with the current Greek and EU legislation and keeps your personal data safely for as long as you are registered to a service of the online store, which are deleted after the termination in any way of the transactional relationship . The “Company” collects and processes Personal Data, i.e. information relating to a natural person who is identified or can be identified from such information, regardless of whether the identification can be carried out directly or indirectly. Processing of such data means any operation carried out in relation to such data, whether or not by automated means. Personal Data includes, for example, information such as name, home address, e-mail address or telephone number. For the specific purposes of processing Personal Data, namely for information on products, services, promotions, offers, events and competitions, via email, newsletter, sms, telephone and other electronic means, as well as for research and statistical purposes, the “Company” collects and processes the following information:
- Name and surname
- Sex and date of birth
- Contact details (home address, postal code, contact telephone number, e-mail address)
- Other personal data (VAT number, etc.), etc., in case of issuing an invoice.
- Information contained in any communication between you and us by e-mail or via the website including communication content and metadata.
If you choose not to provide us with any of your personal information, this may affect some of the transactions between us.
In addition, during the use of the “Company’s” online store, further data is automatically collected for technical reasons, such as:
- the IP (Internet Protocol) address of the access computer
- geographical location
- website from which you are visiting us (recommendation)
- our websites you visit
- date, time, duration and frequency of visits to our website
- browser type and version and browser settings
- operating system
- username and other information from your profile, in case of account creation.
This technical information may, in certain cases, constitute personal data. As a general rule, we use technical information, however, only to the extent necessary for technical reasons, for the operation and protection of our online shop against cyber-attacks and malicious use, as well as in pseudonymous or anonymous form for statistical purposes.
4.Purposes of Processing
When you use the online shop, when you order or when you attempt to place an order but do not complete it, we collect, process and use the personal data and information you provide to us within the framework of the applicable legislation on the protection of personal data. The information we request from you in order to enable us to provide you with the services you require is marked as mandatory fields. Other information is optional. For the conclusion and execution of contracts for the sale of products to you, through our electronic and physical distribution network, we request, as appropriate, contact information such as name, telephone number, address for delivery and invoicing, as well as information on the payment method you have chosen, information that may be forwarded to partner companies (e.g. logistics, distribution, etc.). In addition, we make use of your data in our customer database that we maintain so that only the relevant data is stored there. In order to avoid typing errors and to ensure that the items you have ordered have actually been received by you, we check that the address you have entered is written in a complete and accurate manner. During the payment process, we do not record or store payment information during that transaction, such as credit card numbers or other banking and other information. You provide this information directly and exclusively to the relevant payment service provider. The processing of your personal data is mainly for the smooth performance of your contractual relations with us or third parties (partner companies). The “Company” also stores and uses personal data and technical information to the extent necessary to prevent and counteract any malicious use or other illegal behaviour on our website, e.g. to maintain data security in case of cyber-attacks against our IT systems. Finally, we store and use your data to the extent that we are legally obliged to do so, for example in view of an official directive or a judicial or other decision of the authorities, as well as to safeguard our rights and claims, and for cases of defence of the “Company” before the Courts, regular or arbitration or before a mediation body.
In summary, personal data are collected in particular to serve the following purposes:
- The better and more user-friendly management of the website and the “Company”.
- The personalized configuration of the website for you.
- The provision of services and the activation of your use of the services available on our website.
- The purchase and sale of goods through our online store.
- The shipment of the goods you purchase through our website.
- Sending transactions, invoices and payment reminders to you, and collecting payments from you.
- The sending of non-promotional communications.
- Sending email notifications about your requests.
- Sending you promotional or newsletter emails if you have requested it (you can let us know at any time if you no longer wish to receive the newsletter).
- Sending promotional communications relating to our business or the businesses of third party professionals that we think may be of interest to you, via notifications or, if you have agreed to this, via ‘byemail’ or similar technology (you can let us know at any time if you no longer wish to receive promotional communications).
- Providing statistical data about our users to third parties (who will not be able to identify any user from this information).
- The management of requests and complaints made by you or relating to our website.
- Maintaining the security of the site and preventing against any fraud.
- Confirming users’ compliance with the terms and conditions of providing our website (including monitoring personal messages exchanged through our online messaging service).
- Any other lawful use.
5.What is the lawful basis for processing your data
The processing of your data is carried out on a case-by-case basis and depending on the purpose of the processing. In particular, it is carried out in accordance with:
– The fulfilment of the terms of performance of contractual obligations
– Your unconditional consent, where this is required
– The applicable legal and regulatory framework
– The legitimate interests of our business
– Other legitimate legal and regulatory requirements, including the legal and regulatory framework and the legal interests of our company.
6.Who are the recipients of your data
Recipients of your data may be:
- Designated personnel or executives of the “Company”, within the scope of their responsibilities and based on commonly accepted confidentiality rules.
- Service companies, who will process your personal data strictly on our behalf. These service providers are bound by contracts and confidentiality terms. When transferring data, the “Company” takes all necessary measures to ensure the highest possible level of security. The Company declares that it has signed contracts with these companies in advance, which include conditions relating to the security measures taken by them and the monitoring of these measures by the Company.
- The competent supervisory and administrative independent authorities, as well as the judicial and legal authorities.
- The authorised personnel of any third party partner companies (logistics, warehousing, transport, distribution, etc.) within the scope of their responsibilities.
We may disclose your personal information to any of our business , affiliates or members of our group of companies (this means our subsidiaries, our portfolio company and its subsidiaries, etc.) as required for the purposes stated in this policy and to the extent required by law.
7.Information Security
The processing of personal data by the “Company” is carried out in a manner that ensures its confidentiality. In particular, it shall be carried out exclusively by the Company’s personnel appointed for this purpose, while all appropriate organisational and technical measures shall be taken to ensure the security of the data and to protect them from accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access and any other form of unlawful processing. In particular, our employees who process personal data are committed to respecting confidentiality. To protect your personal data, the data is transmitted in encrypted form and stored on secure (password and firewall protected) servers. It goes without saying, however, that the transmission of information on the internet is inherently unsafe and we cannot guarantee the absolute security of the data transmitted through it, which you accept having read our Privacy Policy and using our online store. It goes without saying that your contribution to the security of your data is crucial, as you are responsible for keeping confidential the password and username you use to log in to our website (we will not ask you for your password except when you log in to our website) and your debit/credit card details (which you disclose directly to the relevant banking institutions ).
8.What is the retention period for your personal data?
Your personal data is kept for as long as necessary to achieve the purpose for which we have collected it, as well as for as long as required by applicable law. It is our policy that personal data that we process for any purpose should not be kept for longer than is necessary for that purpose. All your personal data is subject to this Privacy Policy and in the event that your consent is withdrawn, the lawfulness of the processing for the period prior to that is not affected.
9.Transmission to third parties
The “Company” shall not in any way transfer the personal data of its members or interconnect its records for financial or other consideration with any third private companies, natural or legal persons, public authorities or agencies or other organizations.
10.About Your Rights
One of the basic principles of the GDPR is to protect the rights of individuals with regard to the processing of their personal data. In the above context, you have a number of rights in relation to your personal data processed by “Company” In particular:
- Right to object: this right allows you to object to the processing of your personal data, in particular when the processing is carried out for purposes of legitimate interest of the “Company”. Where the processing is for the purposes of serving its legitimate interests, the Company will comply with your objection, and will cease the processing in question unless the Company can demonstrate compelling and legitimate grounds for the processing which override your interests, rights and freedoms or the processing in question is for the establishment, exercise or support of legal claims of the Company.
- Right to withdraw consent: in cases where your personal data is processed on the basis of your prior consent, you have the right to withdraw your consent at any time and the “Company” will cease the specific activity for which you have previously consented, unless there is an alternative legal basis justifying the continued processing of your data for this purpose, in which case we will inform you.
- Rights of access, rectification and erasure: You may at any time request to be informed about your personal data that the “Company” holds about you, and request the modification, correction, updating or deletion of this information. We may ask you for additional information in order to process your request, however, if we provide you with access to the information we hold about you, this will be provided at no cost to you, unless your request is “manifestly unfounded or abusive”. Where we have a legal right to refuse your request, in the event of such a refusal, we will inform you of the specific reasons for that refusal.
- Right to restrict processing: In certain cases, you have the right to “block” or remove further use of your personal data. In practice, this means that we may store your data but will not be able to process it further, unless such processing is done with your consent, or such processing is necessary either for the establishment, exercise or defence of the legitimate claims of the “Company”, or for the protection of the rights of another person, or for reasons of public interest. We maintain lists of individuals who have requested that we “opt out” of further use of their personal data to ensure that the restriction is respected in the future.
- Right to portability: You have the right to transfer your personal data to other controllers. In practice, this means that you have the ability to transfer the information we hold about you to any third party. To serve this right, we will provide you with your data in a structured, commonly used and machine-readable format so that you can transfer your data to another controller. Alternatively, we may also send the data directly on your behalf. The right to portability applies to (a) data that we process automatically (i.e. without human intervention), (b) personal data provided by you (c) personal data that we process on the basis of your consent or the processing is necessary for the performance of a contract.
Name of the company: | ΝΙΚΟΛΑΪΔΗΣ Γ. ΙΩΑΝΝΗΣ |
G.E.M.H. number: | 076748227000 |
TAX number .: | 065133759 |
Company Headquarters: | ΗΡΑΚΛΕΙΟ ΚΡΗΤΗΣ |
Legal representative: | ΝΙΚΟΛΑΪΔΗΣ Γ. ΙΩΑΝΝΗΣ |
Tel./e-mail: | 2810 326292 / info@nikolaidis.eu |
- Right to complain to the competent authorities: You have the right to lodge a complaint with the competent supervisory authority, which for Greece is the Data Protection Authority.
You can contact the Data Protection Authority in the following ways:
Postal address: Personal Data Protection Authority, Offices: Kifissias 1-3, P.O. Box 115 23, Athens, Greece.
Call Centre: +30-210 6475600
Fax: +30-210 6475628
E-mail: contact@dpa.gr
11.Information about the Company
Do you have any questions? Contact us
If you have any questions about this Notice, please contact us by email at e-mail: dataprivacy@nikolaidis.eu
Definitions
“General Data Protection Regulation (“GDPR”)” – a European Union regulation that aims to harmonise European legislation on the protection of personal data. It has been in force since 25 May 2018, and any reference to it should be interpreted to include national implementing legislation.
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that person.
“Processing” means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, search, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive personal data”: means personal data containing information about racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, physical and mental health, genetic and biometric data, data concerning sexual life or sexual orientation, and information about criminal convictions and offences. Due to the nature of sensitive personal data, the law is much stricter on how such data should be processed. The Company only processes sensitive personal data in accordance with the law.
“Personal data breach”means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed.
“Restriction of processing”: the marking of stored personal data with a view to restricting their processing in the future.
“Partners”: natural persons with whom the Company may have any professional or contractual relationship or cooperation.
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law.