The General Regulation for the Protection of Personal Data – EU Regulation 2016/679, Law 2472/1997 on personal data and Law 2251/1994 on the protection of consumer rights apply in the European Union from 25 May 2018.

Our company with the name Stefanos Koukouvaos and with the distinctive title “Karat Mykonos” based in 14 Mitropoleos, Mykonos, 84600 Greece, tel. 22890 77 949 email / contact, uses and generally processes your personal data when you visit, register or use the Company Website and its mobile applications as well as when trading with its physical stores. For any questions regarding this Privacy Policy, but also any issues related to the processing of your Data and the exercise of your rights, you can contact the Company at 22890 77 949 at 14 Mitropoleos, Mykonos, 84600 Greece or at Email is the website of the Company, where the online store of exhibition and sale of products of the Company is located.

What is personal data: any information by which a natural person (“Data Subject”) is identifiable or can be identified, such as name, postal address, e-mail address, contact telephone, etc., which identify or may identify your identity.

“Controller” means a natural or legal person, public authority, service or other entity which, alone or in conjunction with others, determines the purposes and manner of processing personal data.

“Executor” means a natural or legal person, public authority, department or other entity that processes personal data on behalf of a controller.

“Personal Data Subject”: the natural persons for whom the controller collects and processes personal data (in this Data Policy, Data Subjects are the users of the above website, whether they are identified or not, for the use of the service.

“Recipient” means the natural or legal person, public authority, service or other body to which personal data are disclosed, whether third party or not. You may choose to provide us with personal information in a variety of ways, such as when you participate in an offer or promotion, or when you make a purchase on our site or in our stores or through one of our mobile applications.


The types of personal information you provide to us may include:

Contact details (such as first name, last name)

Age and date of birth Username and password, nickname / screen name

Payment information (such as your card number, expiration date and security code).

Shopping history

Product preferences Information provided to us through social networking applications or one of our mobile applications when you visit our social media pages or use one of our mobile applications (such as your name, profile picture, likes, the location, friends list, and other information described on the social media page or our apps, or your geographical location when using one of our mobile apps).


Obligation or not of the processing of your personal data

The processing of your Personal Data by the Company may be necessary and therefore mandatory to achieve the purposes set out in this Privacy Policy or optional. If you refuse to provide the personal data marked as mandatory on the Website, it will be impossible to achieve the main purpose of the collection of this Data, and may, for example, make it impossible for the Company to fulfill the contract of sale or provide other services. which are available on the Website. The provision of additional Data to the Company, in addition to those that are marked as mandatory, is optional and does not have consequences for the main purposes of data collection, but their provision serves to optimize the quality of services provided.


What Data do we collect?

We take care to collect only your absolutely necessary Data, which are appropriate and clear for the intended purpose. This Data includes the following: Data when creating a user account on the Websites or Apps. – Required: e-mail address *, password (login password) * Optional: name, surname, sheet, date of birth, postal address, telephone number. Contact details (such as first name, last name, VAT number, Tax Office, occupation, postal address, email address, billing address, shipping address, mobile phone or other).


Classification of the following as mandatory

This includes using your Data to maintain, update and protect your account. We also monitor browsing activity with us to quickly identify and resolve any issues and protect the integrity of our website. All of the above are part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect possible false logins from unexpected locations.


Processing payments and preventing fraudulent transactions

We do this based on our legitimate business interests. This also helps protect our customers from fraud.


For our compliance with our obligations arising from the law

To comply with our contractual or legal obligations.


What is the legal basis for the processing of your Data by the Company?

A) The data protection legislation defines various reasons why a Company may collect and process your personal data, including: the terms of our contractual relationship

B) Your consent, where required. For example when you choose to receive a newsletter. When collecting your personal data, we will always inform you what data is necessary in relation to a particular service.

C) The obligations of the Company deriving from the law (eg tax legislation, e-commerce legislation, etc.)


Who are the recipients of your Data – How is your Data communicated?

Access to your Personal Data has the absolutely necessary staff of the Company, which is committed to maintaining confidentiality and our partner companies or third party service providers, who process your Personal Data as Executors of the Processing on our behalf and in accordance with the orders. us. Access to your personal data is not possible to third parties, except in exceptional cases explicitly provided by the current legislation that requires the processing of personal data, eg for the issuance of legal documents and the fulfillment of tax filing obligations, while personally Your information may be processed by our partners for the execution of the processing purpose without your prior consent, as the latter undertake to have taken all necessary organizational and technical means for the protection of data and always on the condition that the above-mentioned persons accept and comply with the terms of the relevant legislation on personal data protection, have informed and committed them their officials as to the confidentiality of such data. Third parties to whom your personal information is transmitted are not entitled to use it for other purposes. We do not offer or sell your personal data. have informed and bound their employees as to the confidentiality of such data. Third parties to whom your personal information is transmitted are not entitled to use it for other purposes. We do not offer or sell your personal data. have informed and bound their employees as to the confidentiality of such data. Third parties to whom your personal information is transmitted are not entitled to use it for other purposes. We do not offer or sell your personal data.


How do we ensure that Editors respect your Data?

The Executors on our behalf have agreed and contractually contracted with the Company:

  • to maintain confidentiality,
  • not to send your Data to third parties without the permission of the Company,
  • take appropriate security measures,
  • comply with the legal framework for the protection of personal data and in particular Regulation 979/2016 / EU (otherwise GDPR).


International Data Transfer

The personal data we collect (or process) under the Website will be stored in Greece. However, some of the recipients of the Data with whom the Company shares your Personal Data may be located in countries other than the one where your Personal Data was originally collected. Legislation in those countries may not provide the same level of data protection as the country that originally provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, including the US, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.


Retention time of Personal Data

We retain your Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy (unless a longer retention period is required by applicable law). Generally this means that we will keep your personal data for as long as you have an account with our Company. Regarding your Personal Data related to product purchases, we retain this data for a longer period of time in order to comply with our legal obligations (such as tax and commercial law and for warranty purposes). At the end of this retention period, your data will be completely or anonymously deleted, for example by aggregation with other data,


Security measures

We are committed to safeguarding your Personal Data, as we have taken all appropriate organizational and technical measures to secure and protect your Data from any form of accidental or improper processing. We use the most modern and advanced methods, to ensure maximum safety.

The website uses the SSL COMODO protocol, for secure online commercial transactions. This encrypts all the Personal Data you provide, including your credit card number, name and address, so that it cannot be decrypted or changed while on the Internet.

Additionally, the information used to identify you as an account user is twofold:  the Password and the Personal Security Code (Password).  Each time you enter your details, you are given access to your personal account. This process is achieved securely through encryption during their transfer to the Internet and the Company’s servers. By the same token, you are allowed to change your Personal Security Password as often as you wish. After entering the desired code, the new code is encrypted and stored in the Company’s systems. For that reason, you are the only one who knows your password and you are solely responsible for maintaining the confidentiality of the password by third parties.

These measures shall be reviewed and amended as necessary.


Rights of Personal Data subjects

You have  the right to access  your personal data.

This means that you have the right to be informed by us if we process your Data. If we process your Personal Data, you may request to be informed of the purpose of the processing, the type of Data we hold, to whom we give it, how long we store it, if automated decisions are made, but also of your other rights, such as correction, deletion of data, restriction of processing and submission of a complaint to the Personal Data Protection Authority.

You have  the right to correct  inaccurate personal data.

If you find that your Data is incorrect, you can ask us to correct it (eg name correction or change of address notification).

You have  the right to delete / forget .

You can ask us to delete your personal data if it is no longer necessary for the above mentioned processing purposes or you wish to revoke your consent in case this is the only legal basis.

You have  the right to portability  of your Personal Data.

You can ask us to receive in readable form the Data you have provided or ask us to pass it on to another processor.

You have the right to  restrict processing.

You can ask us to restrict the processing of your Data for as long as your processing objections are pending.

You have  the right to object  and  withdraw your consent  to the processing of your Data.

You may object to the processing of your Data and we will stop the processing of your Data unless there are other compelling and legitimate reasons prevailing over your right. If you have given your consent to the collection, processing and use of your personal data, you may revoke your consent at any time with future validity.


Exercise of personal data subject rights

To exercise your rights you can submit a request to us at Stefanos Koukouvaos, at the postal address of the Company 14 Mitropoleos, Mykonos, 84600 Greece or at its email address, entitled “Exercise of Right” and we will take care to examine it and answer you as soon as possible.


Identity check

To protect the confidentiality of your information, we will ask you to verify your identity before making any request under this Privacy Policy. If you have authorized a third party to submit a request on your behalf, we will ask them to prove that they have your permission to act for this purpose.


When do we respond to your requests?

We respond to your requests free of charge without delay, and in any case within (1) one month from the time we receive your request. However, if your Request is complex or there is a large number of your Requests we will inform you within the month if we need to receive an extension of another (2) two months within which we will respond to you.

If your Requests are manifestly unfounded or excessive, in particular due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action, or refusing to follow up on the Request. .


What is the applicable law when we process your Data?

Applicable Law is the Greek Law, as formulated in accordance with the General Regulation for the Protection of Personal Data 2016/679 / EU, and in general the current national and European legislative and regulatory framework for the protection of personal data.

The competent courts for any emerging disputes related to your Personal Data are the Courts of Athens.

You have the right to submit a complaint to the Personal Data Protection Authority (postal address 1-3 Kifissias, PC 115 23, Athens, tel. 210. 6475600, e-mail address ), if you consider that the processing of your Personal Data violates the applicable national and regulatory framework law for the protection of personal data.


Modifications to the Privacy Policy – Personal Data

We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will post this update on our website before the changes take effect and we will notify you in any appropriate way.

If you have any questions that have not been covered regarding our Privacy Policy, please contact us by Email at: or Letter to Stefanos Koukouvaos at 14 Mitropoleos, Mykonos, 84600 Greece.

Back to Top