Privacy Policy
Privacy Policy
The company under the name Giannas Sotirios
(hereinafter referred to as the company) which runs this online store
(www.kapa26artwork.com) (hereinafter referred to as the website), is an
official business based in Thessaloniki, 26 Karypi Street, 54624, TIN
023997652, Tax Office D. The company in its physical store deals in art objects,
organizes art exhibitions and uses the present online store for the
presentation and selling of its products/services.
GDPR Regulations
The European Community adopted
in 2016, the No 2016/679 Regulation of the European Parliament and Council, on the protection of natural persons with regard to
the processing of personal data and on the free movement of such data, and
repealing Directive 95/46/EC (General Data Protection Regulation)
This Regulation is
binding in its entirety and directly applicable in Greece as well as in every member of the
European Union and entered into force on 25th May 2018. All
companies and natural persons must take the appropriate measures to harmonize
with the Regulation. On August 2019, L.N0.4624/2019 was also voted regarding enforcement
measures of the GDPR Regulation as well as other similar provisions. The company running the present website - www.kapa26artwork.com - with respect to the fundamental
right for the protection of personal data, clearly defines the terms and
conditions for a secure and legal processing of these data and takes any
measures to ensure your highest possible protection.
Please be advised to read this
document carefully so as to fully understand all the information provided regarding
the processing of your personal data in our website for the purposes and the legal base for data processing,
the recipients of the data as well as your rights.
GDPR DEFINITIONS
For the purposes
of this Policy:
·
‘personal data’ means any information relating to an
identified or identifiable natural person (‘data subject’); an identifiable
natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification
number, location data, an online identifier or to one or more factors
specific to the physical, physiological, genetic, mental, economic, cultural
or social identity of that natural person; |
·
‘processing’ means any operation or set of
operations which is performed on personal data or on sets of personal data,
whether or not by automated means, such as collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available,
alignment or combination, restriction, erasure or destruction; |
|
·
‘controller’ means the natural or legal person,
public authority, agency or other body which, alone or jointly with others,
determines the purposes and means of the processing of personal data; where
the purposes and means of such processing are determined by Union or Member
State law, the controller or the specific criteria for its nomination may be
provided for by Union or Member State law; |
·
‘processor’ means a natural or legal person, public
authority, agency or other body which processes personal data on behalf of
the controller; |
·
‘recipient’ means a natural or legal person, public
authority, agency or another body, to which the personal data are disclosed,
whether a third party or not. However, public authorities which may receive
personal data in the framework of a particular inquiry in accordance with
Union or Member State law shall not be regarded as recipients; the
processing of those data by those public authorities shall be in compliance
with the applicable data protection rules according to the purposes of the
processing; |
·
‘third party’ means a natural or legal person,
public authority, agency or body other than the data subject, controller,
processor and persons who, under the direct authority of the controller or
processor, are authorized to process personal data; |
·
‘personal data breach’ means a breach of security
leading to the accidental or unlawful destruction, loss, alteration, unauthorized
disclosure of, or access to, personal data transmitted, stored or otherwise
processed
YOUR PERSONAL
DATA CONTROLLER
The company is the Controller
for the data processing of the users, the online shop’s customers, the
suppliers, the employees and the collaborators.
WHICH DATA WE PROCESS
Your IP address, information
about your device, information on your interaction with the website as well as
information on other websites you might visit (eg. URL addresses of the pages
you have visited, the time you have spent in a page, the number of clicks and
the type of the platform).
Moreover,
·
When you subscribe in our website and/or our
newsletter: name, e-mail address
·
When you contact us: name, e-mail address, mobile
phone, address
·
When you purchase products from our online store: name,
address, TIN, bank account or credit card number
·
When you withdraw or cancel a purchase according to
the Terms of Use: name, shipping address, TIN, bank account number
The
company cannot be held accountable for the precision and the correctness of the
personal data you send us.
DATA PROCESSING PURPOSES
·
To give you access to our online store services
·
To enable your purchases from our online store
·
For the fulfillment of our contractual obligations as
well the exercise of our rights according to the Terms of Use
·
For the exercise of your contractual rights according
to the Terms of Use
·
To contact you when you wish to or when it is
necessary to do so in order to assist you
·
To inform you on our news
·
To optimize your browsing in the website
·
To keep our website secure
LEGAL BASE FOR DATA PROCESSING
·
consent
·
performance of a contract
·
a legitimate interest
·
a vital interest
·
a legal requirement
·
a public interest
WHO WE SHARE YOUR PERSONAL
DATA WITH
·
Microsoft company, to enable communication with you
via e-mail
·
Geniki Taxidromiki for the shipment of our products
and the cash on delivery payment.
·
Piraeus Bank for the deposit into a bank account as
well as the payment by credit/debit/prepaid card
·
Tetras software company so as to constantly improve
the design and security of our website
·
Analysis/Advertizing services providers and search engines to optimize your browsing
experience
·
Other natural persons, companies or organizations,
public bodies, when forced to by law
WHERE PERSONAL DATE IS STORED
Your personal date is stored on Tetras
software company's servers in Greece and therefore are fully protected by the
European Legislation.
We
assure you that we take every possible technical and organizational measures
for the safe storage of your personal data.
DATA STORAGE PERIOD
The
time period is different according to the use:
·
For data we collect in general, we you visit our
website, please read our Cookie Policy (link)
·
For the Newsletter, until you choose yourself to
unsubscribe
·
As long as purchasing from our company is concerned,
up to 5 years after completion of the purchase
·
All the above, without prejudice to any legal
obligation resulting from the Greek Law
and the European Union Legislation.
PROCEDURES TO PROTECT YOUR
PERSONAL DATA
According
to European and National Law regarding the protection of personal data, we use all
reasonable procedures to prevent an unauthorized access and breach of your
personal data. We use proper security procedures, technical and natural
restrictions for the access and use of your personal data in our browser, as
presented below:
·
SSL technology. This website uses the SSL technology
(SecureSocketsLayer) for the safety of information, personal data and
transactions. The SSL protocol is used nowadays internationally through the
internet in order to provide users with the certification for the websites they
visit as well as the encryption of information among users and various servers.
The SSL technology is based on a key-code that demands the encryption from the
shipping software of all the information sent among a customer and a server as
well as their decryption by the receiving
software, ensuring a secure transmission of information. The security check
between the data and the server is conducted with the help of this unique
key-code, protecting in this way in full the transmission of information and
the interaction among the users of the internet. Browsers such as GoogleChrome,
Internet Explorer, Mozilla Firefox, Opera, Safari, support this protocol and
its use is recommended for access in websites the user wishes to navigate in.
There is also a mechanism that verifies automatically whether the data has been
altered during transmission, providing extra security.
·
Passwords. The username/email and the password allow you to have access in a website with complete
protection for your personal data every time you insert them. You can change
the password as often as you wish. The only one who has access to your personal
information is you and you are the only one responsible for their safekeeping.
In case you have forgotten your password or it has been disclosed to others,
you should contact us immediately, otherwise our online shop holds no
responsibility for the use of this password by another non-authorized person. For
safety reasons, it is recommended that you change your password at regular
intervals as well as to avoid easily traceable codes.
·
Firewall. Access to the company’s software is
controlled by a firewall, which allows the use of specific services by the
customers/users, denying at the same time the access to databases with
confidential material and company's information.
As the internet is open to
anyone, no guarantees can be provided that malicious users will not breach the
applied technical and organizational measures, gaining in this way access to
personal data.
Only authorized personnel has
access to personal data during working hours. Personal data protection of both
users and visitors of our website and the respect for an individual’s privacy
in the web is considered to be a self-evident commitment for us.
All the employees and
collaborators of the Company on personal data processing are notified of the
present privacy policy and our motto for a secure and legal personal data
processing and are committed to it.
YOUR RIGHTS
You can exercise the following
rights provided that they do not breach the contractual obligations of our
online shop as well as our compliance with National and European Law.
·
Request that a copy of your data be stored on our
server
·
Request that a
specific item of personal information be
corrected in case it is false or has changed
·
Request that your personal data be erased
·
Request that we stop processing your personal data or
restrict their processing
·
Request that your personal data be transferred into
another company or carrier
·
Withdraw your consent, if provided to us (eg. when
subscribed in our newsletter)
HOW TO EXERCISE YOUR RIGHTS
You can contact us via e-mail:
[email protected]
Or in writing to the address:
26, Karypi Street, 54624, Thessaloniki, Greece
Or in person, 26, Karypi
Street, 54624, Thessaloniki, Greece
We will contact you within 30
days upon receipt of your request. If you consider that your personal data
protection has been violated in any way, you can contact DPA.
You can file a complaint in
the following ways:
·
Electronically via e-mail to: [email protected]
·
In their website: www.dpa.gr
·
By post in the DPA headquarters: 1-3, Kifisias Ave,
11523, Athens
·
In person in the DPA headquarters (1st
floor) 9.00-13.00
·
By fax: +02106475628
REVISION OF
PRIVACY POLICY
The company reserves the right
to modify the present Privacy Policy at any time. The revised edition will
always be listed in our website (kapa26artwork.com). It is recommended that you
frequently check the Privacy Policy in order to ensure that you comply with the
modifications.
The use of this document is subject to the company’s property rights and it is forbidden to third parties to reproduce it or display it through the internet or to use it in any way, either as a whole or part of it.