Privacy Policy

1. General information

  1. The applicable law for the protection of personal data is the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR) of the European Parliament and Council (adopted on 27 April 2016 and applicable from 25 May 2018) and Law 4624/2019 “on the protection of natural persons with regard to the processing of personal data”, as applicable, as well as the instructions of the Hellenic Data Protection Authority (HDPA).
  2. Personal data is defined by the GDPR as any information by which a natural person (“data subject”) can be directly or indirectly identified. Such data include, but are not limited to, first name, last name, home address, email address, tax identification number, equipment or terminal device identifiers, internet search history, etc. Information concerning legal persons and groups of persons or statistics, from which it is not possible to refer to an identified or identifiable natural person, does not fall within this category and is excluded from the scope of the relevant legislation.
  3. The following information on the protection of the user’s/customer’s personal data concerns the way in which our company processes his/her personal information when he/she contacts us or uses any of the services of our website and online store (e-shop). This policy is fully compatible with the General Regulation on the protection of natural persons with regard to the processing of personal data (EU/2016/679) and the Greek legislation (Law 4624/2019).
  4. It is clarified that our business may modify this policy at any time and without notice. To this end, the user/customer is required to carefully read this policy before navigating this website and entering any personal data.
  5. By navigating and using the services of the website and the online store, the user/customer accepts the content of this policy.

2. Data Controller

The company “PLAINI S. EVANGELIA”, having its registered office at Ag. Georgiou 12, Chalandri 152 34, as legally represented under its current or any legal form, attaches particular importance to the protection of personal data of users/customers as a Data Controller. For any question, query or request, the user/customer may contact our company as follows: Tel: +30 210 8105402, e-mail:  info@valiaplaini.gr

3. Purpose of data collection

  1. During his/her visit to our website, the user/customer is not obliged to provide us with his/her personal information, unless he/she wishes to:
  2. contact us,
  3. express interest in purchasing products,
  4. proceed to transactions and payments;
  5. create an account on our online store,
  6. subscribe to our newsletter.
  7. We also collect data to analyse the usability, quality and marketing of our services in order to improve our products and individual services.
  8. We collect data for purposes related to the detection of online fraud and the security of online communications.
  9. Some of the collected data are necessary for the purpose of pricing the products sold in accordance with the applicable tax legislation.
  10. As a business we process only those personal data that are necessary for the fulfilment of the purposes of transactions. Our company guarantees that the personal data it processes remain highly confidential and cannot be used for any purpose other than that for which they were provided.

4. What kind of data we collect and on what legal basis

  1. In the “shopping cart” section we collect the following: (a) in the “personal information” form: name, surname, e-mail address, telephone number; (b) in the “billing address” form: name, address, city, postal code, country, region. The above data are necessary for the conclusion and performance of the sales contract in accordance with Article 6 (1) (b) of the GDPR. Additionally, the above information is necessary for the issuance of a retail receipt in accordance with Article 6 (1) (c) of the GDPR. For the purpose of issuing an invoice, the TIN and Tax Office fields must also be filled in.
  2. In communication form section we collect the following: name and/or surname, e-mail address. Contact information is collected in order to be able to respond either to your requests in accordance with Art. 6 (1) (c) GDPR or to provide you with information on our products or transactions in accordance with Art. 6 (1) (b) GDPR.
  3. In the Newsletter pop-up form and the corresponding footer form we collect the e-mail address. The user’s/customer’s e-mail is collected only if he/she enters it in the relevant field, thus giving us his/her consent, in accordance with article 6 (1) (a) of the GDPR. It is clarified that the user/customer may unsubscribe and stop receiving messages at any time and at no cost, informing our company by any appropriate means of communication or clicking the “unsubscribe” option in the forwarded message.
  4. In the “Create account” form we collect the following: name, surname, e-mail address, telephone number.. The legal basis for the processing is first of all the consent of the user/customer to register and create an account, in accordance with Article 6 (1) (a) of the GDPR, as well as the legitimate interest of our business, in accordance with Article 6 (1) (f) of the GDPR, for the security of the account and the identification of the user, where and when this is required.
  5. We may also automatically receive certain information contained in the log files, such as the IP address, geographical location data, date and time of visit to the website, etc. for which we believe that we have a legitimate interest, in accordance with Article 6 (1) (f) of the GDPR, to protect the security of networks, information and services from accidental events or illegal or malicious actions (e.g. online fraud) related to the availability, authenticity, integrity and confidentiality of data, and at the same time to provide, on our part a more secure environment for the processing of the user’s/ customer’s personal data in accordance with Article 6 (1) (c) of the GDPR.
  6. We also use cookies either to measure the statistics of our online store or to improve user navigation and experience or for further marketing of our products. More details about Cookies, by type, duration, purpose and provider, are available in the relevant policy or cookie banner. Placing a tracker on a terminal device requires the user’s consent in principle, regardless of whether personal data are ultimately processed through it. The trackers exempted from obtaining consent are those considered technically necessary for establishing connection to the website or providing the internet service requested by the user himself/herself. According to the Hellenic Data Protection Authority, no consent is required for (a) the identification and/or preservation of content entered by the subscriber or user during a session on a website throughout the duration of that connection, such as the “shopping cart”; (b) the connection of the subscriber or user to services that require authentication; (c) the security of the user; (d) the performance of the load balancing technique on a connection to an internet website; (e) the preservation of the user’s choices regarding the presentation of the website, e.g. language selection, storage of search history. In contrast, trackers installed for the purpose of online advertising or third-party trackers, such as Google Analytics for the purpose of statistical analysis (web analytics), are allowed only after obtaining the user’s informed consent.
  7. It is clarified that our business does not in any way have access to credit or debit card data of the user/customer. Online transactions are conducted in a secure environment of a contracted bank.

5. Recipients of data – Transfers

  1. In order to be able to provide our services, we inform the user/customer that certain information may be accessed, under strict conditions, such as encryption, contractual confidentiality clauses, etc., by our partners:
  2. commercial or logistics and software/cloud computing companies;
  3. financial providers;
  4. companies for the shipment and delivery of the products,
  5. advertising service providers;
  6. accounting companies or offices.
  7. We require all of the above recipients to implement rigorous organizational and technical measures to ensure the optimal level of security.
  8. Our company does not transfer the personal data of the user/customer’s to third countries, i.e. outside the EU. Regarding Cookies, see the relevant policy.

6. Data retention time

  1. In the event that the user/customer has entered into a contract with our company, his/her personal data will be kept for the duration thereof. After completion of the contract, i.e. after full payment of the product price, our company keeps the personal data provided for the purchase of the products for at least two years, with the exception of certain data that should be retained for tax purposes for longer than the above period.
  2. If legal proceedings are in progress with our company or any other affiliated company, which involves the user/customer directly or indirectly, or an administrative audit is pending, before the expiry of this two-year period, the said data retention time will be extended until an irrevocable court decision or an administrative act is issued.
  3. If the user/customer has subscribed to the Newsletter or has created an account, the data they have provided to receive the newsletters or create an account respectively, are kept for the duration of their subscription. By unsubscribing from the above service in any appropriate way (e.g. by sending an e-mail), the data provided to us are immediately deleted.
  4. To customise Cookies, the user/customer can consult the relevant policy or cookie banner.
  5. In the event that a shorter or longer retention time is provided for by law, the above retention time will be shortened or extended accordingly. For this reason, the company undertakes to examine the relevant legislation at regular intervals and to revise this policy accordingly.

7. User/Customer Rights

Under the General Data Protection Regulation the user/customer has the following rights:

  1. Right of access: To know if and to what extent their personal data are processed in any form, and in particular the purposes of the processing, the categories of data we process, the recipients of their data, the period for which we keep their data as well as the existence of automated decision-making (Article 15 of the GDPR).
  2. Right to rectification: To request that their data be rectified and/or completed so that it is complete and accurate (Article 16 of the GDPR).
  3. Right to restrict processing: To request the restriction of the data processing under Article 18 of the GDPR. It is noted, however, that our company has in any case the right to refuse their request for restriction of their data processing if such data processing or retention is necessary for the establishment, exercise or support of our legal rights or the fulfilment of our obligations.
  4. Right to object: To object to any further processing of their personal data that we keep (Article 21 of the GDPR), unless we prove that there are compelling and legitimate reasons for the processing of their data or their retention is necessary for the exercise of our legal claims.
  5. Right to erasure (right to be forgotten): To request the deletion of his/her personal data under Article 17 of the GDPR. It is noted that our company has in any case the right to refuse their request for deletion of their personal data, if their data processing or retention is necessary for the establishment, exercise or support of our legal rights or the fulfilment of our obligations.
  6. Right to portability: To request the transfer of their data from our business to any other controller (Article 20 of the GDPR). It is noted that the right to portability does not imply the deletion of his/her personal data.
  7. Right to lodge a complaint: To lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr), if he/she considers that his/her rights are infringed in any way.
  8. In order to exercise their rights, the user/customer may contact the “Controller” in writing or by electronic means. The company, in full respect of their rights, will make every effort to respond to the request within thirty (30) days from submission. The said deadline may be extended by an additional sixty (60) days, if this is deemed necessary taking into account the complexity of the request and the number of requests. Our company will in any case inform the user/customer of any extension of the response deadline within thirty (30) days from the submission of the request. The exercise of his rights does not imply any costs. However, in the event that their requests are manifestly unfounded, excessive or repetitive, we have the right to either charge them a reasonable fee, informing them accordingly, or refuse to respond to their request(s).

8. Data security

  1. Our business has strict security procedures in place to protect the user/customer’s personal information from damage, destruction or disclosure and to avoid unauthorized access to it.
  2. When data is to be transmitted on to other recipients, we require similar measures to be taken to fully protect user/customer information.

9. Links

The website contains links to third party pages (Links). The provision of links does not imply the approval of their content. The company is not responsible for the availability or content of these websites or for any damage as a result of the use of their content. These links mainly concern the navigation of our corporate pages on social media (Facebook, Instagram, etc.). The links are provided solely for the user’s convenience. In any case, the user navigates these websites at his own risk. Before entering any personal data, it is always recommended to read the terms of use and privacy policy of each individual platform.

καλάθι (0)

Καλάθι