POLICY / STATEMENT OF PROTECTION OF PERSONAL DATA



This declaration/policy (hereinafter for brevity "Policy" or "Declaration") describes in detail the information that constitutes personal data of Users and which is collected and processed by the Company in the context of any possible interaction with it and during their visit on the Website, as well as the actions and measures taken by the Company to comply with the personal data protection legislation, in particular Regulation (EU) 2016/679 (hereinafter for the sake of brevity "General Regulation" or "Regulation" or "GDPR") and Law 4624/2019 and any relevant applicable provision, decision, opinion, etc. of the Personal Data Authority (hereinafter for the sake of brevity "Authority" or "APDPH").



DEFINITIONS



Company (or We): The company named “SPARTA GOODS MON IKE”.


User (or Visitor or You): Any person who visits our Website and any person who obtains a member account to use the services offered.


Website (or Website): The "eoliacosmetics.gr" website, which, like the entire content, belongs to the Company in full and exclusive ownership.



INTRODUCTION



I. Responsible for processing is the company "SPARTA GOODS MON IKE"


Headquarters: 29 D. Solomou, Postal Code 14451, Metamorfosi Attica


Tel./Fax.: 210-8212800 / E-mail: info@eoliacosmetics.gr


II. Our Company firmly believes in the protection of personal data, protects them when and to the extent that it processes them and applies all the principles governing data processing by law. Specifically:


All data is processed lawfully and legitimately in a transparent manner.

The data is collected for specified, explicit and legitimate purposes and is not further processed in a manner incompatible with these purposes.

The data is appropriate, relevant and limited to what is necessary for the purposes for which it is processed.

The data is accurate and when necessary updated.

The data is kept in a form that allows the identification of the data subjects only for the time required for the purposes of the processing.

The data is processed in a way that guarantees its appropriate security.

III. Read this Statement carefully, in order to be informed about your personal data that the Company collects and how it uses and protects it, as well as about the relevant options and possibilities you have and the rights you can exercise by law.


IV. We review the Policy regularly to ensure that it is always up-to-date and accurate and to adapt to the requirements of relevant legislation. Please check the Policy regularly so that your information is up to date.


V. The Company does not provide services to minors, nor does it collect their personal data.



METHODS OF COLLECTION OF PERSONAL DATA


I. The Company collects your personal data, directly from you, in particular:


by your visit to the Website,

by registering on the Website (opening a user/member account),

when you complete and send us a contact form,

when you communicate with the Company by e-mail, telephone or mail,

by registering on the list of recipients of the Company's newsletters,

when you purchase the Company's products.

II. In addition, if the Visitor is already a customer or supplier or employee/partner of the Company, the Company has collected his personal data, directly from him, when opening a tab, with the first communication or order or purchase, during the application of him for work or by recruiting him respectively, or through third parties (e.g. by recommendation from another customer or supplier or employee, etc.).


III. During its transactions with customers/suppliers, the Company may also collect personal data from publicly accessible sources (e.g. G.E.MH or other business registers, reports, directories).


IN PARTICULAR THE DATA INVOLVING PROCESSING


 


I. The personal data of the Visitors/Users collected and processed by the Company are in particular the following:


Account creation / User registration - During account creation / User registration as a member, the Company collects:

full name,

contact details (full postal address, email address, telephone number),

Ordering / Shopping - During online ordering through the shopping cart available on our Website, the Company collects in addition to the above:

shipping / delivery details (full postal address),

invoicing information (A.F.M. / D.O.Y.)

[ Note: For purchases made through our Website we do not collect data related to the payment of the products, such as e.g. the bank account number, the credit or debit card number, your relevant security codes, etc.. If the User chooses "pay by card" the necessary payment card details must be entered on the secure website of the cooperating bank /payment gateway to which it will be automatically redirected to complete the payment (redirect).]


Service Improvement and Measurements - When you visit us online, as well as through the electronic messages we may exchange, if you consent to the use of the respective trackers (cookies), the Company may collect information:

about how the User uses the services, such as for example the type of content viewed or the frequency and duration of their activities;

regarding the devices or websites through which the User accesses the Website services, depending on the rights granted.

Connection to the Website / Operation of the Website - When the Visitor connects to the Website, login information is collected, such as:

the name of the mobile operator or Internet service provider (ISP);

the language and time zone of the browser,

the geographic location of the access device, but also its type (Google Chrome, Safari, etc.)

the IP address of the electronic device through which you access the Website;

while the absolutely necessary technical cookies are installed for the connection of the User to the Website.


[ The IP address is a number assigned to your electronic device every time you access the internet and for information security and system diagnostics purposes, this data is collected when you visit the Website.

Cookies are small information files that are stored on your computer's browser. Websites can only access cookies stored on your computer. Any website that you have accepted to store cookies in your browser can only access its own cookies and not cookies from other websites. The use of cookies by the Company is done legally, on the basis of the Policy for the use of Cookies. You can also find out about the relevant European guidelines at:


https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies+and+similar+technologies ]


II. If the Visitor is already an employee/partner of the Company, the Company has in particular collected identification information (name, surname, identification number, A.F.M., A.M.K.A.), contact information (full postal address, e-mail address, telephone numbers), date and place of birth, bank account details, marital status details, as well as information related to educational qualifications, professional qualifications, previous experience, recommendations, professional certifications, etc.


III. If the Visitor is already a customer or supplier of the Company, the Company has collected in particular information related to his name, contact details (mail address, e-mail address, telephone numbers), A.F.M. and other billing and payment information, status and/or job title.

PURPOSE OF PROCESSING PERSONAL DATA


 


I. The Company processes your above personal data for the purpose of:


Your identification as a natural person to create an account / register as a user/member of the Website's online services (legal basis is art. 6 par. 1f GDPR), because the processing is necessary for the purposes of our Company's legitimate interests .

The ability to submit orders and make purchases, their secure completion and the ability to inform you (legal basis is art. 6 par. 1b΄ GDPR), because the processing is necessary for the execution of the relevant contract between us.

The improvement of the services of the Website, the measurement of its traffic, with the correlation by the Company of the information it collects from the various devices of the User, as this contributes to the consistency of the services provided, the possibility of personalizing your online experience, the improvement of performance, usability and effectiveness of the Website and the evaluation of the connection to the Website / operation of the Website (legal basis art. 6 par. 1a' GDPR), because you have consented to the processing (use of the corresponding optional cookies, etc. ).

Making the connection to the Website, performing its basic functions and its correct and efficient operation (installation of technically necessary cookies / collection of information related to IP addresses) [legal basis art. 6 para. 1f GDPR], because the processing is necessary for the purposes of our legitimate interests.

Sending our updates, promotional messages, offers, catalogs, etc. to the registered recipients of our newsletters [legal basis art. 6 para. 1a΄ GDPR], because you have consented to the processing.

II. For those Visitors who are already our customers or suppliers, the purpose of the processing is:


the fulfillment of our obligations as a supplier or their customer (submission of official written offers, issuance of sales documents, invoicing, shipment and delivery of products and billing/payment thereof respectively), in the context of the relevant transactions (legal basis art. 6 par. 1b΄ GDPR), because the processing is necessary for the performance of a contract between us, or

the Company's compliance with its legal obligations (e.g. keeping tax records, issuing/paying invoices, receiving/shipping and delivering products as the case may be, etc.) [legal basis art. 6 para. 1c΄ GDPR], because the processing is necessary to comply with our legal obligation, in accordance with the applicable legislation and the requirements of the financial and other competent services (DOU, GIS - taxis, etc.), or

the submission or handling of complaints (legal basis art. 6 par. 1f GDPR), because the processing is necessary for the purposes of the Company's legitimate interests.

III. For those Visitors who are our employees/partners, the processing of their personal data by the Company is done for:


the fulfillment of our obligations as an employer/partner (payment of salaries/remunerations, etc.), in the context of the respective relationships (legal basis art. 6 par. 1b΄ GDPR), because the processing is necessary for the execution of the relevant contracts , the

the Company's compliance with its legal obligations (e.g. keeping tax records, reporting to competent authorities, etc.) [legal basis art. 6 para. 1c΄ GDPR], because the processing is necessary to comply with our legal obligation.

IV. The Company does not process special categories of personal data, except to the extent necessary (e.g. when an employee is absent due to illness, in which case the corresponding medical certificates are made available to us, etc.).


We process this data for reasons of our Company's compliance with its obligations under the law, especially labor and social security law (legal basis art. 9 par. 2b' GDPR) and to submit them to the respective competent authorities (e.g. . notice of sick leave).


If the Company ever needs to process other data that is a special category, e.g. health data, racial origin, trade union action etc., this will be done either because it is required by law or to protect the data subject against an emergency situation (legal basis art. 9 para. 2c' GDPR), or because we have received your express consent in advance (legal basis Art. 9 para. 2a GDPR).


V. When the Company processes personal data as above for the purposes of pursuing its legitimate interests, it does not process such data if the interests of the subject prevail over its own. Also, the Company uses methods and technologies that are necessary and proportionate, as analyzed below, which it applies in the least intrusive way and with appropriate means so that there is a balance between its interests as a business and the fundamental rights and freedoms of the subjects .


VI. In cases where the Company processes data based on the consent of their subjects, these persons can at any time revoke / withdraw this consent. Then, the Company will immediately stop the processing, without affecting the legality of the processing based on their consent until the withdrawal.


RETENTION PERIOD OF PERSONAL DATA


I. As a rule, the Company keeps the personal data for a maximum of one (1) year, unless it is required to keep them longer (e.g. until the statute of limitations expires, for tax record reasons based on the relevant applicable law, or to support legal claims of or against the Company).


When the Company processes personal data based on consent, the processing lasts only as long as the consent is valid, that is, until it is revoked.


II. The Company keeps your personal data only for as long as is necessary for the purposes for which it processes it and, while it keeps it, applies appropriate technical and organizational measures to protect rights and ensures its security and confidentiality with specific actions, which are analyzed below.


SECURITY AND MEASURES TO PROTECT PERSONAL DATA


 


I. Your personal data is not used for purposes other than those mentioned herein. The Company collects as above only personal data that is absolutely necessary for the respective processing purposes. If and where additional information is required, or if in the future we need to process your personal data for a purpose other than that for which we collected it, you will be informed of that purpose and of any other relevant information, if that other purpose is incompatible with the initial.


II. The Company does not take into account your personal data for the purpose of profiling nor for automated decision-making.


III. The Company accurately maintains and updates/updates the database to ensure their security and protect them from any unauthorized or illegal access, processing, accidental loss, destruction or damage.


IV. The Company deletes the data securely when it is no longer necessary for the purposes of its processing.


V. The Company recognizes the importance of the security of personal data as well as electronic transactions and its related obligations and takes all the necessary and appropriate technical and organizational measures, using the most modern and advanced methods, right from the design and definition ("by design & by default"), in order to ensure the maximum possible security of the User's data and to protect the integrity, security and availability of the data.


All information related to the User's personal data is secure and confidential and their access is limited to authorized persons only.


Security is achieved by the following, in particular, methods:


Recognition

Two fields are used to identify the User [the Login ID (e-mail or username) and the Personal Secret Security Code (password)], which every time they are entered provide access to their account with absolute security.

The User is the only one who has access to his information through the above secret code and is solely responsible for maintaining its secrecy and concealing it from third parties. In the event of its loss or leakage, it should immediately notify the Company, which is not responsible for any use by an unauthorized person.

The Company recommends, for security reasons, that the User changes his password at regular intervals and avoids the use of easily traceable codes (e.g. date of birth or telephone number). It is also recommended to use, in addition to letters and numbers, symbols (eg $^*#@!_) when creating the password.

Securing the Privacy of the Transfer of Your Personal Data

To ensure the confidentiality of the data transfer, the SSL encryption protocol with an RSA key of 2048 bits (e 65537) is used.

In addition, all the backup systems we use have additional encryption (AES-256) before transmission to an approved cloud provider via an SSL connection as an additional data security measure. The backup providers we currently use to store data are: Company infrastructure.

Controlled Access

The Website is hosted and installed in Data Center infrastructures that have ISO 27001 security specifications and meet the requirements of the General Regulation and the relevant applicable data protection legislation.

Access to the Company's systems (servers) is controlled by a firewall, which allows the use of specific services by users while prohibiting, at the same time, access to systems and databases with confidential Company data and information. The web hosting provider we use today is: Company

Encryption

Using special software, the Company's electronic system first decrypts the information it receives before processing it. The Company's systems send information following the same encryption process.

Anywhere on the Website you enter personal data (password, email, addresses, telephone numbers, credit card number, etc.) there is SSL encryption with an RSA 2048 bits key (e 65537).

Confidentiality of Transactions

Privacy is a matter of course for Us. All information transmitted by the User is confidential and the Company has taken all necessary measures to ensure that it remains secure and is used only to the extent necessary to fulfill the contract and provide the services.


VI. The User, in order to ensure the security of his data, should himself not proceed with any disclosure of these, nor the details of access to them, to third parties.

RECEIVERS OF PERSONAL DATA - PROCESSING OF PERSONAL DATA BY THIRD PARTIES


 


I. As a rule, we do not share or transmit your personal data to third parties and only disclose them to authorized staff/internal partners of the Company.


II. Users' data are stored on servers in Greece and are not transmitted abroad. However, the Company may store your personal data in the cloud. This means that your personal data may be processed by a cloud service provider on behalf of the Company and your personal data may be stored in different locations around the world. The Company uses organizational and technical measures to protect personal data and to impose similar, and in no way less restrictive, requirements / obligations.


III. We may share Users' personal data with service providers, external partners and third parties, in accordance with applicable law. For example:


to competent authorities (e.g. tax authorities), if required by law,

to accountants/lawyers), to pursue our legitimate interests or to comply with our contractual obligations to you or to support our legal claims;

to transport companies, for the shipment and delivery of the products to you in execution of the contract between us,

to banks / financial institutions, to manage your payments,

to the company that has undertaken to provide us with technical support services for the Company's computing/computer system, only if this is required for the provision of these services,

to our partners who have undertaken the management of the Website, only if this is required for the provision of these services.

IV. The Company discloses personal data only in compliance with this Statement and applicable legislation.


Where the Company relies on a third party to process personal data on its behalf (the processor), it selects a cooperating party that provides an adequate level and security measures and takes the necessary actions to ensure its compliance with them, and binds that third party party with corresponding data processing agreements.


The agreements with these third parties include limited purposes for which your personal data may be disclosed and processed and require them to take measures to adequately protect your personal data.


The processors in this case cannot further process your personal data, unless we have expressly instructed them to do so, nor pass your personal data on to third parties.


V. While browsing the Company Website, you may encounter links to other websites for convenience and informational purposes. These websites operate independently of the Company and have their own notices, terms and conditions statements, and privacy policies. We recommend that you read them to understand how your personal data is processed in relation to these sites, as we are not responsible for their content either because they are owned or operated by another company, or for the use or the privacy practices of those sites (see also our Website Terms of Use).


USER RIGHTS – POSSIBILITY OF COMPLAINT


 


I. The User has the possibility to:


information and access to his personal data collected and processed by the Company (i.e. receiving information and copies thereof),

restriction of processing on a case-by-case basis (e.g. when he disputes the accuracy of his data or while awaiting a response to any objections he may have regarding the legality of the processing purposes, etc.),

modification or correction or completion of any inaccurate or incomplete personal data processed by the Company,

deletion of his personal data on a case-by-case basis (e.g. if these are no longer necessary for the relevant purpose of processing or if they were processed in another way or when the User's consent has been revoked and the Company has no other legal basis for processing or if the User has objected to the processing and there are no compelling and legal reasons for the processing by the Company or if it is processing them illegally,

withdrawing his consent to the processing of personal data,

objection to the processing of User data that the Company processes for direct marketing purposes or for the pursuit of its legitimate interests,

portability of his data to another person or to the User himself, when his data has been collected directly from him and the Company processes it based on his consent or for the purpose of concluding or executing a contract and the processing is automated.

II. After studying the relevant request and identifying the User, the Company will proceed within a period of one (1) month to satisfy it, provided that the request is legal and valid.


III. For the submission of the relevant requests, which are submitted free of charge, as well as for any question or for the provision of information related to the processing and protection of personal data by the Company, you can address it by post (Address: D. Solomou 29, Postal Code 14451, Metamorphosis Attica), by sending an email to the email address info@eoliacosmetics.gr or with a signed fax to the number 210-8212800.


IV. In case of non-compliance by the Company within the period of one (1) month as stated above, as well as in the event that you consider that the protection of your personal data is affected, you can file a complaint with the Personal Data Protection Authority (Kifisias Ave. 1-3, PO Box 115 23, Athens/ tel.: +30 210 6475600 / fax: + 30 210 6475628 / e-mail: contact@dpa.gr).


For the Authority's competence and how to submit a complaint, you can also visit its website (www.dpa.gr - My rights - Submit a complaint), where detailed information is available.