The General Regulation for the Protection of Personal Data – EU Regulation 2016/679, Law 2472/1997 on personal data and Law 2251/1994 on the protection of consumer rights apply in the European Union from 25 May 2018.
www.karatmykonos.com is the website of the Company, where the online store of exhibition and sale of products of the Company is located.
What is personal data: any information by which a natural person (“Data Subject”) is identifiable or can be identified, such as name, postal address, e-mail address, contact telephone, etc., which identify or may identify your identity.
“Controller” means a natural or legal person, public authority, service or other entity which, alone or in conjunction with others, determines the purposes and manner of processing personal data.
“Executor” means a natural or legal person, public authority, department or other entity that processes personal data on behalf of a controller.
“Personal Data Subject”: the natural persons for whom the controller collects and processes personal data (in this Data Policy, Data Subjects are the users of the above website, whether they are identified or not, for the use of the service.
“Recipient” means the natural or legal person, public authority, service or other body to which personal data are disclosed, whether third party or not. You may choose to provide us with personal information in a variety of ways, such as when you participate in an offer or promotion, or when you make a purchase on our site or in our stores or through one of our mobile applications.
The types of personal information you provide to us may include:
Contact details (such as first name, last name)
Age and date of birth Username and password, nickname / screen name
Payment information (such as your card number, expiration date and security code).
Product preferences Information provided to us through social networking applications or one of our mobile applications when you visit our social media pages or use one of our mobile applications (such as your name, profile picture, likes, the location, friends list, and other information described on the social media page or our apps, or your geographical location when using one of our mobile apps).
Obligation or not of the processing of your personal data
What Data do we collect?
We take care to collect only your absolutely necessary Data, which are appropriate and clear for the intended purpose. This Data includes the following: Data when creating a user account on the Websites or Apps. – Required: e-mail address *, password (login password) * Optional: name, surname, sheet, date of birth, postal address, telephone number. Contact details (such as first name, last name, VAT number, Tax Office, occupation, postal address, email address, billing address, shipping address, mobile phone or other).
Classification of the following as mandatory
This includes using your Data to maintain, update and protect your account. We also monitor browsing activity with us to quickly identify and resolve any issues and protect the integrity of our website. All of the above are part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect possible false logins from unexpected locations.
Processing payments and preventing fraudulent transactions
We do this based on our legitimate business interests. This also helps protect our customers from fraud.
For our compliance with our obligations arising from the law
To comply with our contractual or legal obligations.
What is the legal basis for the processing of your Data by the Company?
A) The data protection legislation defines various reasons why a Company may collect and process your personal data, including: the terms of our contractual relationship
B) Your consent, where required. For example when you choose to receive a newsletter. When collecting your personal data, we will always inform you what data is necessary in relation to a particular service.
C) The obligations of the Company deriving from the law (eg tax legislation, e-commerce legislation, etc.)
Who are the recipients of your Data – How is your Data communicated?
Access to your Personal Data has the absolutely necessary staff of the Company, which is committed to maintaining confidentiality and our partner companies or third party service providers, who process your Personal Data as Executors of the Processing on our behalf and in accordance with the orders. us. Access to your personal data is not possible to third parties, except in exceptional cases explicitly provided by the current legislation that requires the processing of personal data, eg for the issuance of legal documents and the fulfillment of tax filing obligations, while personally Your information may be processed by our partners for the execution of the processing purpose without your prior consent, as the latter undertake to have taken all necessary organizational and technical means for the protection of data and always on the condition that the above-mentioned persons accept and comply with the terms of the relevant legislation on personal data protection, have informed and committed them their officials as to the confidentiality of such data. Third parties to whom your personal information is transmitted are not entitled to use it for other purposes. We do not offer or sell your personal data. have informed and bound their employees as to the confidentiality of such data. Third parties to whom your personal information is transmitted are not entitled to use it for other purposes. We do not offer or sell your personal data. have informed and bound their employees as to the confidentiality of such data. Third parties to whom your personal information is transmitted are not entitled to use it for other purposes. We do not offer or sell your personal data.
How do we ensure that Editors respect your Data?
The Executors on our behalf have agreed and contractually contracted with the Company:
- to maintain confidentiality,
- not to send your Data to third parties without the permission of the Company,
- take appropriate security measures,
- comply with the legal framework for the protection of personal data and in particular Regulation 979/2016 / EU (otherwise GDPR).
International Data Transfer
Retention time of Personal Data
We are committed to safeguarding your Personal Data, as we have taken all appropriate organizational and technical measures to secure and protect your Data from any form of accidental or improper processing. We use the most modern and advanced methods, to ensure maximum safety.
The website www.karatmykonos.com uses the SSL COMODO protocol, for secure online commercial transactions. This encrypts all the Personal Data you provide, including your credit card number, name and address, so that it cannot be decrypted or changed while on the Internet.
Additionally, the information used to identify you as an account user is twofold: the Password and the Personal Security Code (Password). Each time you enter your details, you are given access to your personal account. This process is achieved securely through encryption during their transfer to the Internet and the Company’s servers. By the same token, you are allowed to change your Personal Security Password as often as you wish. After entering the desired code, the new code is encrypted and stored in the Company’s systems. For that reason, you are the only one who knows your password and you are solely responsible for maintaining the confidentiality of the password by third parties.
These measures shall be reviewed and amended as necessary.
Rights of Personal Data subjects
You have the right to access your personal data.
This means that you have the right to be informed by us if we process your Data. If we process your Personal Data, you may request to be informed of the purpose of the processing, the type of Data we hold, to whom we give it, how long we store it, if automated decisions are made, but also of your other rights, such as correction, deletion of data, restriction of processing and submission of a complaint to the Personal Data Protection Authority.
You have the right to correct inaccurate personal data.
If you find that your Data is incorrect, you can ask us to correct it (eg name correction or change of address notification).
You have the right to delete / forget .
You can ask us to delete your personal data if it is no longer necessary for the above mentioned processing purposes or you wish to revoke your consent in case this is the only legal basis.
You have the right to portability of your Personal Data.
You can ask us to receive in readable form the Data you have provided or ask us to pass it on to another processor.
You have the right to restrict processing.
You can ask us to restrict the processing of your Data for as long as your processing objections are pending.
You have the right to object and withdraw your consent to the processing of your Data.
You may object to the processing of your Data and we will stop the processing of your Data unless there are other compelling and legitimate reasons prevailing over your right. If you have given your consent to the collection, processing and use of your personal data, you may revoke your consent at any time with future validity.
Exercise of personal data subject rights
To exercise your rights you can submit a request to us at Stefanos Koukouvaos, at the postal address of the Company 14 Mitropoleos, Mykonos, 84600 Greece or at its email address, email@example.com entitled “Exercise of Right” and we will take care to examine it and answer you as soon as possible.
When do we respond to your requests?
We respond to your requests free of charge without delay, and in any case within (1) one month from the time we receive your request. However, if your Request is complex or there is a large number of your Requests we will inform you within the month if we need to receive an extension of another (2) two months within which we will respond to you.
If your Requests are manifestly unfounded or excessive, in particular due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action, or refusing to follow up on the Request. .
What is the applicable law when we process your Data?
Applicable Law is the Greek Law, as formulated in accordance with the General Regulation for the Protection of Personal Data 2016/679 / EU, and in general the current national and European legislative and regulatory framework for the protection of personal data.
The competent courts for any emerging disputes related to your Personal Data are the Courts of Athens.
You have the right to submit a complaint to the Personal Data Protection Authority (postal address 1-3 Kifissias, PC 115 23, Athens, tel. 210. 6475600, e-mail address firstname.lastname@example.org ), if you consider that the processing of your Personal Data violates the applicable national and regulatory framework law for the protection of personal data.