Facebook: kapa26artroom  Instagram: @kapa26_artwork Email [email protected]

Privacy Policy

Privacy Policy

The company under the name Giannas Sotirios (hereinafter referred to as the company) which runs this online store (www.kapa26artwork.com) (hereinafter referred to as the website), is an official business based in Thessaloniki, 26 Karypi Street, 54624, TIN 023997652, Tax Office D. The company in its physical store deals in art objects, organizes art exhibitions and uses the present online store for the presentation and selling of its products/services.


GDPR Regulations

The European Community adopted in 2016, the No 2016/679 Regulation of the European Parliament and Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

This Regulation is binding in its entirety and directly applicable in Greece as well as in every member of the European Union and entered into force on 25th May 2018. All companies and natural persons must take the appropriate measures to harmonize with the Regulation. On August 2019, L.N0.4624/2019 was also voted regarding enforcement measures of the GDPR Regulation as well as other similar provisions.  The company running the present website - www.kapa26artwork.com - with respect to the fundamental right for the protection of personal data, clearly defines the terms and conditions for a secure and legal processing of these data and takes any measures to ensure your highest possible protection.

Please be advised to read this document carefully so as to fully understand all the information provided regarding the processing of your personal data in our website  for the purposes and the legal base for data processing, the recipients of the data as well as your rights.



For the purposes of this Policy:

·         ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


·         ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

·         ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;


·         ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


·         ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;


·         ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

·         ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed



The company is the Controller for the data processing of the users, the online shop’s customers, the suppliers, the employees and the collaborators.



Your IP address, information about your device, information on your interaction with the website as well as information on other websites you might visit (eg. URL addresses of the pages you have visited, the time you have spent in a page, the number of clicks and the type of the platform).


·         When you subscribe in our website and/or our newsletter: name, e-mail address

·         When you contact us: name, e-mail address, mobile phone, address

·         When you purchase products from our online store: name, address, TIN, bank account or credit card number

·         When you withdraw or cancel a purchase according to the Terms of Use: name, shipping address, TIN, bank account number

The company cannot be held accountable for the precision and the correctness of the personal data you send us.



·         To give you access to our online store services

·         To enable your purchases from our online store

·         For the fulfillment of our contractual obligations as well the exercise of our rights according to the Terms of Use

·         For the exercise of your contractual rights according to the Terms of Use

·         To contact you when you wish to or when it is necessary to do so in order to assist you

·         To inform you on our news

·         To optimize your browsing in the website

·         To keep our website secure



·         consent

·         performance of a contract

·         a legitimate interest

·         a vital interest

·         a legal requirement

·         a public interest



·         Microsoft company, to enable communication with you via e-mail

·         Geniki Taxidromiki for the shipment of our products and the cash on delivery payment.

·         Piraeus Bank for the deposit into a bank account as well as the payment by credit/debit/prepaid card

·         Tetras software company so as to constantly improve the design and security of our website

·         Analysis/Advertizing services providers  and search engines to optimize your browsing experience

·         Other natural persons, companies or organizations, public bodies, when forced to by law



 Your personal date is stored on Tetras software company's servers in Greece and therefore are fully protected by the European Legislation.

We assure you that we take every possible technical and organizational measures for the safe storage of your personal data.



The time period is different according to the use:

·         For data we collect in general, we you visit our website, please read our Cookie Policy (link)

·         For the Newsletter, until you choose yourself to unsubscribe

·         As long as purchasing from our company is concerned, up to 5 years after completion of the purchase

·         All the above, without prejudice to any legal obligation  resulting from the Greek Law and the European Union Legislation.




According to European and National Law regarding the protection of personal data, we use all reasonable procedures to prevent an unauthorized access and breach of your personal data. We use proper security procedures, technical and natural restrictions for the access and use of your personal data in our browser, as presented below:

·         SSL technology. This website uses the SSL technology (SecureSocketsLayer) for the safety of information, personal data and transactions. The SSL protocol is used nowadays internationally through the internet in order to provide users with the certification for the websites they visit as well as the encryption of information among users and various servers. The SSL technology is based on a key-code that demands the encryption from the shipping software of all the information sent among a customer and a server as well as their decryption  by the receiving software, ensuring a secure transmission of information. The security check between the data and the server is conducted with the help of this unique key-code, protecting in this way in full the transmission of information and the interaction among the users of the internet. Browsers such as GoogleChrome, Internet Explorer, Mozilla Firefox, Opera, Safari, support this protocol and its use is recommended for access in websites the user wishes to navigate in. There is also a mechanism that verifies automatically whether the data has been altered during transmission, providing extra security.

·         Passwords. The username/email and the password allow  you to have access in a website with complete protection for your personal data every time you insert them. You can change the password as often as you wish. The only one who has access to your personal information is you and you are the only one responsible for their safekeeping. In case you have forgotten your password or it has been disclosed to others, you should contact us immediately, otherwise our online shop holds no responsibility for the use of this password by another non-authorized person. For safety reasons, it is recommended that you change your password at regular intervals as well as to avoid easily traceable codes.

·         Firewall. Access to the company’s software is controlled by a firewall, which allows the use of specific services by the customers/users, denying at the same time the access to databases with confidential material and company's information.


As the internet is open to anyone, no guarantees can be provided that malicious users will not breach the applied technical and organizational measures, gaining in this way access to personal data.


Only authorized personnel has access to personal data during working hours. Personal data protection of both users and visitors of our website and the respect for an individual’s privacy in the web is considered to be a self-evident commitment for us.

All the employees and collaborators of the Company on personal data processing are notified of the present privacy policy and our motto for a secure and legal personal data processing and are committed to it.





You can exercise the following rights provided that they do not breach the contractual obligations of our online shop as well as our compliance with National and European Law.

·         Request that a copy of your data be stored on our server

·         Request  that a specific item of  personal information be corrected in case it is false or has changed

·         Request that your personal data be erased

·         Request that we stop processing your personal data or restrict their processing

·         Request that your personal data be transferred into another company or carrier

·         Withdraw your consent, if provided to us (eg. when subscribed in our newsletter)



You can contact us via e-mail: [email protected]

Or in writing to the address: 26, Karypi Street, 54624, Thessaloniki, Greece

Or in person, 26, Karypi Street, 54624, Thessaloniki, Greece


We will contact you within 30 days upon receipt of your request. If you consider that your personal data protection has been violated in any way, you can contact DPA.

You can file a complaint in the following ways:

·         Electronically via e-mail to: [email protected]

·         In their website: www.dpa.gr

·         By post in the DPA headquarters: 1-3, Kifisias Ave, 11523, Athens

·         In person in the DPA headquarters (1st floor) 9.00-13.00

·         By fax: +02106475628






The company reserves the right to modify the present Privacy Policy at any time. The revised edition will always be listed in our website (kapa26artwork.com). It is recommended that you frequently check the Privacy Policy in order to ensure that you comply with the modifications.


The use of this document is subject to the company’s property rights and it is forbidden to third parties to reproduce it or display it through the internet or to use it in any way, either as a whole or part of it.