Privacy Policy

Information policy for the processing of personal data of website visitors

Introduction

With the present Privacy Policy – Information Policy for the Processing of Personal Character Data of Website Visitors (hereinafter “Policy”, “Privacy Policy”), our Company under the name KALIDIS KYRIAKOS DAMIANOS with the distinctive title “CAPRIC” (CAPRIC) “us”, “us”, “Responsible”), respecting the privacy of users and visitors of this site (hereinafter “visitors”, “you”, “you”) and vigilant to ensure the security of their personal data , provides the necessary information and information for the processing of personal data and their rights, as subjects of the processing of this data. In order to be transparent in the way of collection, use, processing and storage of personal data, the Company encourages visitors to its website and anyone interested to read this Policy, to receive the following information:

Legislative framework

The processing of your personal data is governed by the relevant provisions of the current national legislation for the protection of personal data (Law 2472/1997, Law 4624/2019, Law 3471/2006, as applicable, etc. .), the Directives and Regulations of the European Union (in particular the General Regulation on Data Protection (EU) 2016/679 – GDPR, hereinafter referred to as “GPA”), as well as the relevant decisions, directives and regulations of the Data Protection Authority Personal (hereinafter referred to as “APDPX”) and is subject to the legal formalities and restrictions that define.

Definitions

Subject” of personal data: The visitor of the website, the customer / consumer of the online store, who orders and buys a product, the registered user and any other natural person, comes in contact with our website.

«Δεδομένα προσωπικού χαρακτήρα»: Κάθε πληροφορία που μπορεί να ταυτοποιήσει άμεσα ή έμμεσα ένα φυσικό πρόσωπο (το «Υποκείμενο»), όπως το ονοματεπώνυμο, η ταχυδρομική διεύθυνση, τα στοιχεία επικοινωνίας του (τηλέφωνο, κινητό), η ηλεκτρονική διεύθυνσή του (e-mail), κ.ά.

“Edit”: Any operation or series of operations performed with or without the use of automated means in personal data or in personal data sets, such as collection, registration, organization, structure, storage, adaptation or modification, retrieval , the search for information, the use, the disclosure by transmission, the dissemination or any other form of distribution, the correlation or combination, the restriction, the deletion or the destruction of the personal data that have come or will come to the knowledge of the Company, either directly from you through the website, or in the context of your business relationship with it.

“Processor”: The Company with the name “KAILIDIS KYRIAKOS DAMIANOS” and with the distinctive title “CAPRICCIO”, based in Platanias, Chania, PC 73014, with TIN. 077280984, Δ.Ο.Υ. Chania, which determines the purposes and manner of processing personal data.

“Executor of Processing”:The natural or legal person, public authority, service or other entity that processes personal data on behalf of the controller.

“Recipient”: The natural or legal person, public authority, service or other body to which personal data is disclosed, whether it is a third party or not.

“Third party” means any natural or legal person, public authority, service or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or processor , are authorized to process personal data.

“Consent” of the data subject: any indication of will, free, specific, explicit and fully aware, by which the data subject expresses that he agrees, with a statement or a clear positive action, to process the personal data concerning him. “Data Protection Officer” (DPO), “DPO”: The Personal Data Protection Officer, designated by the Company, as the Processing Officer, who has the position and duties defined by the current legal framework for personal data protection.

Personal data collected & processed & legally processed (legal basis & purpose of processing)

We collect data and information, which you disclose to us, when you enter and / or navigate the Company’s website, when you use our services (purchases, contact us, etc.) or when you submit a complaint, question or request, in order to contact you. In addition, information may be collected from third parties (natural or legal persons), such as e.g. technology companies, social networking platforms.

In particular, we collect and process on a case-by-case basis the following personal data of yours in the following cases:

Login to the siteDATA: IP address, date and time of access, geographic time zone, terminal operating system and version, browser and version, terminal device and / or user name. PURPOSE: Providing personalized services to you, proper connection creation, security and system stability. LEGAL BASIS: a) legal interest, in the context of making our website available to the general public and providing services to it

User registration – DATA: name, surname, e-mail. PURPOSE: Create an account and register as a member on our site. LEGAL BASIS: a) the conditions governing your registration (contract) b) legal interest, in the context of optimal service and provision of privileges to our members

Order and purchase of products – DATA: name, surname, e-mail, billing and ordering details, receipt or invoicing details, contact telephone. PURPOSE: Concluding a contract, managing / processing an order, invoicing, compliance with tax obligations, customer service. LEGAL BASIS: a) the contract between us b) our legal obligations

Promotions (sending newsletters / newsletter) – DATA: e-mail. PURPOSE: Sending newsletters about the offers, our products, our services, privileges. LEGAL BASIS: a) your consent b) where applicable, our legal interest, in the context of promoting actions and new products and services, to existing customers for the same advertising purposes

Communication via e-mail – DATA: e-mail, name, surname (if applicable), content of the message. PURPOSE: Communicate, manage / settle or resolve your request, query or complaint. LEGAL BASIS: a) the contract between us, b) our legal obligation, based on consumer law, c) legal interest, in the context of your service

We must inform you that the personal data that you provide to us for the purpose of purchasing products from our online store or providing services, is necessary for us, in the context of fulfilling legal and contractual obligations arising from the said conclusion of the application / contract for the sale of products, for the pricing of products, for the fulfillment of our legal obligations, arising from the current legislation, in the context of electronic transactions and, finally, for our compliance with the existing provisions on consumer protection. As a result, the non-provision of your data during the ordering and execution process, makes it impossible to conclude the sales contract between us.

Processing of personal data of special categories

Our Company does not process or collect, through its website, your “sensitive” personal data (data of special categories), such as data related to your racial or ethnic origin, your religious or philosophical beliefs, health data or data concerning your sex life or your sexual orientation, as the above data is not necessary for us and the above processing purposes.

The visitor of the website must abstain from providing, placing, taking into account, etc. personal data of specific categories, which concern him and / or third parties. In the event of such data being found, the data shall be deleted immediately in a secure and non-recoverable manner. The Company is not responsible for any provision and / or processing, which is due to operations and / or their omissions, in violation of the above obligation.

Data concerning minors

For the purposes of this Policy, minors are those who have not completed the eighteenth (18th) year of age. Our Company does not process, through its website, personal data of minors. Our online store is not addressed to individuals who have not completed the eighteenth (18th) year of age. So, our Company does not process personal data from minors. We reserve the right, in case we find that a minor has disposed, provided, etc. his data to us, without the consent of his legal representative, to delete such data. If you notice that a minor has provided his / her data to us without the consent of his / her legal representative, please contact us.

However, we point out that, when the processing of personal data is based on consent in accordance with no. 6 par. 1 st. a) GPA, in relation to the provision of information society services directly to a child, the consent provided by the minor and therefore the processing is legal, if the minor is at least fifteen (15) years old. Στην περίπτωση κατά την οποία ο ανήλικος είναι ηλικίας κάτω των δεκαπέντε (15) ετών, η επεξεργασία αυτή είναι σύννομη, μόνο εάν και στο βαθμό που η εν λόγω συγκατάθεση παρέχεται ή εγκρίνεται από τον νόμιμο αντιπρόσωπο του ανηλίκου (άρ. 8 ΓΚΠΔ συνδυαστικά με άρ. 21 ν. 4624/2019). If you are a parent or guardian and it has come to your notice that your minor child has provided his / her personal data to our Company, please contact us immediately. From our side, if we realize that personal data that we process belongs to a minor, without the consent of the parent or guardian, the Company takes the appropriate measures to immediately delete this data and to avoid similar incidents in the future.

Recipients of personal data

Our Company preserves the confidentiality of your personal data and, as a rule, does not transmit it to any third party (natural or legal), except when and in all cases required and / or permitted by law. The data we collect from you in the context of our relationship (eg receipt, execution and delivery of an order, offer of any assistance in the search and execution of your orders, answer of any questions you have, etc.) are processed by:

the authorized and properly trained competent staff of our Company, which is bound by confidentiality and confidentiality clauses,
as the case may be, associates of our Company, to whom the Company, according to art. 28 GPK, assigns the execution of specific tasks on its behalf (performers of processing) and with which it has ensured the processing in accordance with GKPD for the protection of your data, by signing contracts and committing to adequate measures, in accordance with the relevant provisions of GPD (art. 28, 32 GKPD), such as, indicatively but not restrictively, cooperating transport companies for the sending of your orders, third parties – technical companies in the context of site management and service provision, our application support, promotional service companies ( eg sending newsletters),
public bodies and authorities, such as public services and bodies, independent authorities (eg Consumer Ombudsman), regulators, police, competent authorities, prosecutors, other administrative services, etc., when required to do so by applicable law frame.

International transfers of personal data

Our Company does not primarily transmit your personal data to third parties (outside the EU or EEA) countries or international organizations, which do not ensure an adequate level of protection (based on the Competence Decision, etc.). Any transmission follows and complies with the relevant provisions of the applicable legal framework, in particular nos. 44 ep. GKPD

Retention time of personal data

The retention of your personal data takes place for the specific purposes mentioned above and lasts for a reasonable period of time, in order to fulfill the respective purpose (limitation of processing).

Your personal data is maintained by our Company, as the case may be in printed and / or electronic form, throughout your contractual relationship with the Company and the individual contractual commitments of the latter, depending on its nature, taking into account of the legal obligations of the Company and any legal claims that may be raised by it, in order, accordingly, to justify the time of retention of personal data.

In addition, as the case may be, the data received and processed during the pre-contractual stage are retained for a period of five (5) years, subject to applicable law, for an extension of this time.

However, the Company applies as a maximum period of retention of personal data the twenty (20) years, with the possibility of extension of the above time, in case of a claim or pending litigation or indication of control by public (tax, etc.) authorities. .

In all cases where the processing of personal data is based on the consent provided, the data is retained by the Company for as long as provided by law, depending on the purpose and type of processing, including the legal obligation of the Company to maintain.

Technical and organizational measures

The Company takes all appropriate technical and organizational measures to safeguard technological and physical security, in accordance with applicable law (art. 32 GKPD). Indicatively, the Company applies encryption techniques and security of electronic transactions where possible (user interaction with the site and product markets), techniques of control and management of technical and logical errors, Policy and corresponding procedures of classified access to infrastructure and data Safe remote access procedure, regular updates of service and e-security infrastructure, implementation of periodic inspections and classification of potential threats, installation of applications and infrastructure to prevent malicious actions of all kinds, comprehensive business security plan , installation of closed-circuit video surveillance (only in the facilities of physical installation of infrastructure, where this is provided by law) and infrastructure of physical security. Our Company continuously assesses, evaluates and upgrades the desired level of information security, taking additional measures on a case-by-case basis, to address new threats and associated risks, but also in the context of the planned and in accordance with the will of the Management to adopt new factors further. risk reduction.

In general, the Company demonstrates, as far as possible, due diligence in ensuring the integrity, confidentiality and availability of personal data. Thus, it remains on standby in order to validly and timely deal with possible breach of personal data. To this end, it adopts, updates and implements appropriate internal Policies and Procedures, in accordance with good practices and international standards.

In addition, our Company maintains an up-to-date record of processing activities, with the information required by art. 30 GKPD, has appointed a Data Protection Officer (DPO), based on no. 37 ep. GPD, trains and sensitizes its staff in matters of security and protection of personal data.

Collection of cookies

Cookies are used for the proper operation of this website. For more information about cookies, you can refer to the Cookies Policy of our Company, posted on our website.

More specific information about the social media of the company COMPANY

Our Company ensures its presence on social media (Facebook), Facebook, Twitter, Instagram, Linked In, Youtube. With this paragraph and in combination with the whole of our Policy, the Company provides the users with the necessary information for the processing of their personal data, through social media.

Thus, through social media, our Company often gives you the opportunity to submit comments, send messages, be informed about our news, etc. In all the above cases, for the processing of your personal data, jointly the Responsible Processors are both our Company and the respective responsible person of the respective social media platform (Facebook, Instagram, etc.), within the meaning of no. 26 ΓΚΠΔ.

So, it is not always possible to have full knowledge of the type of data that the operators of each platform process, but we still make every effort, take care of the configuration of our pages on social media and act according to the possibilities we have from operators, in order to ensure the processing of your personal data, in accordance with the applicable legal framework.

If you would like to receive more information regarding the processing of your personal data from the operators of the social media platforms and to be further informed, you can refer, as the case may be:

Facebook: www.facebook.com/privacy/explanation
Instagram: help.instagram.com/519522125107875
Twitter: twitter.com/en/privacy
LinkedIn: www.linkedin.com/legal/privacy-policy
YouTube: www.youtube.com/yt/about/policies/
When you interact with us through social media, the purposes of processing your personal data is in particular your service (where this possibility exists, eg contacting us by sending a message or posting a comment).

In the cases in which you contact us in the above ways, the legal basis of processing is the legal interest of our Company, in the context of your service and resolution of requests, issues or concerns that you submit to us (art. 6 par. 1 par. F. ΓΚΠΔ).

Our Company ensures its presence on social media (Facebook), Facebook, Twitter, Instagram, Linked In, Youtube. With this paragraph and in combination with the whole of our Policy, the Company provides the users with the necessary information for the processing of their personal data, through social media.

Thus, through social media, our Company often gives you the opportunity to submit comments, send messages, be informed about our news, etc. In all the above cases, for the processing of your personal data, jointly the Responsible Processors are both our Company and the respective responsible person of the respective social media platform (Facebook, Instagram, etc.), within the meaning of no. 26 ΓΚΠΔ.

So, it is not always possible to have full knowledge of the type of data that the operators of each platform process, but we still make every effort, take care of the configuration of our pages on social media and act according to the possibilities we have from operators, in order to ensure the processing of your personal data, in accordance with the applicable legal framework.

If you would like to receive more information regarding the processing of your personal data from the operators of the social media platforms and to be further informed, you can refer, as the case may be:

Facebook: www.facebook.com/privacy/explanation
Instagram: help.instagram.com/519522125107875
Twitter: twitter.com/en/privacy
LinkedIn: www.linkedin.com/legal/privacy-policy
YouTube: www.youtube.com/yt/about/policies/
When you interact with us through social media, the purposes of processing your personal data is in particular your service (where this possibility exists, eg contacting us by sending a message or posting a comment).

Your rights under the GCC.
As data subjects, you retain all your rights, as provided in the current legal framework for the protection of personal data, ie:

1. The right to transparent information and information for the exercise of your rights (nos. 12, 13, 14 GKPD), before and during the processing, ie the right to be informed about the processing of their personal data (as detailed in this Policy).
2. Right of access (art. 15 GKPD) to your personal data processed by the Company, as a Processor, ie the ability to know and receive a copy of the data concerning you.
3. The right to correct inaccurate data and to fill in incomplete data (art. 16 GKPD), ie the right to correct your data and information, maintained by our Company.
4. Right to delete personal data / “right to be forgotten” (art. 17 GKPD). This right is subject to conditions and without prejudice to the obligations and any legal claims of the Company for the retention of data, based on the provisions of applicable law. The request for the deletion of some or all personal data may be satisfied under specific circumstances and without prejudice to legal reasons for maintaining and continuing the processing by the Company and provided that the interests of the Company are not affected.
5. The right to restrict the processing of personal data if, as a result, its accuracy is disputed, the processing is illegal, or the purpose of the processing disappears, provided that there is no legal reason for the processing, but the data can not be deleted (art. 18 GKPD).
6. The right to privacy of personal data, ie you have the right to request the receipt of personal data, in a structured, commonly used and machine-readable format, as well as to be transferred, under legal terms and conditions, to another controller, as long as this should not adversely affect the rights and freedoms of others, in accordance with the provisions of the legislation (art. 20 GKP).
7. Right to object to the processing of personal data, subject to legal obligations of the Company or when the processing is carried out in the context of fulfilling a superior legal interest of the Company, such as opposition to profiling or direct marketing (art. 21 GPD).
8. Right to revoke the already given consent, which concerns the possibility to revoke the consent at any time, for the processing, which is based on the consent (art. 7 par. 3 GKPD). It is noted, in this case, the legality of the processing of personal data is not affected by the withdrawal of consent, until the point in time it was revoked.
9. You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you have your habitual residence or place of work or the place of the alleged infringement, if you consider that the processing of your personal data concerns you. violates the GKPD (art. 77 GKPD). Competent Supervisory Authority, in Greece, is the Personal Data Protection Authority (1-3 Kifissias Ave., Athens, 115 23, +30 210 6475600, contact@dpa.gr).

How to exercise your rights

Any request regarding your personal data and the exercise of your rights, in accordance with the provisions of the applicable legal framework for the protection of personal data, please be addressed in writing to the e-mail address. You can also send it to our postal address or submit the request yourself, to the address of our Company.

More specific statements of the company

1. The Company declares that it is not responsible for any damage (direct, indirect, positive, negative) that may be caused to the visitor on the occasion of the website or its use. The visitor is solely responsible for protecting his system from viruses and other malicious software.
2. The Company does not make decisions or profiles based on automated processing of your data.
3. This Policy may be amended at any time. The user will be informed of all important changes, while each time the updated version will be posted on the website. For this reason, the visitor must be informed and regularly refer to this policy.
4. The Company in no other use of the personal data of the visitor will proceed for purposes other than those mentioned in this Policy, without prior notice and, where required, his consent.
5. The user of the website, reading this Policy, is aware of the above processing which is in accordance with the applicable legislation for the protection of personal data, exclusively for the purposes mentioned above and for purposes compatible with them.


Last modified: August 2021