Effective Date: December 07, 2018
We wrote this privacy policy to inform you about your personal data we collect, how we collect them, how and why we use them, the duration of data storage and your rights about your data. We collect and process your personal data on the basis of the General Data Protection Regulation GDPR 2016/679, which is in immediate effect since May 25th 2018 in all members – States of the European Union. Please read carefully the following text before you use our website and our online services.
General Information
▪ Personal data is any information related to an identified or identifiable individual (“Subject of the data”).
▪ The web host of this website is responsible for collecting and processing your personal data (“Controller”). The web host is:
Konstantinos Kotsalis
Agiou Vasileiou 11, Thessaloniki, Kalamaria, Postal code 55133
Email: [email protected]
Telephone: 001 9175085015
▪ On our web server a Security Sockets Layer (SSL) certificate is installed, which ensures a secure connection and a safe data transfer between the user’s browser and the website’s server. The SSL certificate encrypts the data, which are transferred and prevents the interception of your data from hackers. You can confirm it by looking the first part of our website’s address above, which is changed from the standard http to https.
▪ A child who is under the age or 16 years old (article 8 paragraph 1 GDPR) should not use our website or our online services without parent’s consent or the consent of the person who has the child’s parental custody.
When you visit our website
▪ When you visit our website without using any of our online services, information is sent automatically from your device (laptop, tablet, etc.) to the server of our website. The following information is collected and stored on a log file:
-
Date and time of access
-
IP address (Internet Protocol Address) of the requesting device
-
Browser type/version used
-
Operating system used
-
Website from which access is made (referrer URL)
-
Name of your access provider
-
Name and URL of the file
-
Amount of data sent in bytes
▪ We are using this information for the following purposes:
-
To ensure a smooth connection
-
To provide you a comfortable use of the website
-
To continuously improve our website’s function
-
To evaluate our system’s security
-
To detect and prevent of attacks on our website
▪ The legal basis of data processing is the article 6 paragraph 1 section f GDPR. Our legitimate interest follows the above mentioned purposes..
▪ Duration of data storage: Your data are temporally stored on a log file. They will be deleted automatically, when you exit the website.
▪ Recipients and third parties: We do not allow the disclosure of your data to third parties.
Contact form
▪ You can request from us any further information you need about our services. In this case, we collect the personal data you provide us voluntarily. Specifically, we collect and process the following data:
-
First and last name
-
Telephone number
-
Email address
▪ The purpose of the data processing is the direct response to your request.
▪ The legal basis of data processing is the article 6 paragraph 1 section a (consent) GDPR.
▪ You can withdraw your consent at any time. The process of your data which was based on your consent is lawful for the time period before the withdrawal of your consent. You can request the deletion of your data via email (see the paragraph 9).
▪ Duration of data storage: We store your data for as long as it is necessary for our communication and for 24 months after our last contact. Of course we can delete it earlier if you request it.
▪ Recipients and third parties: We do not allow the disclosure of your data to third parties.
e–payment
▪ There are two parts for the payment procedure. Firstly, you need to go the website’s section “e–payment”. In this section, you have to provide us with the following personal data:
-
First and last name
-
Email address
▪ Why we need this information: Because we can identify you as our client.
▪ The legal basis of data processing is the article 6 paragraph 1 section a (consent) GDPR.
▪ You can withdraw your consent at any time. The processing of your data which was based on your consent is lawful for the time period before the withdrawal of your consent. You can request the deletion of your data via email (see the paragraph 9).
▪ Duration of data storage: We store your data for as long as we are obliged to by tax reasons. We can delete it earlier if you request it unless we are obliged to retain your data due to tax reasons.
▪ Recipients and third parties: We do not allow the disclosure of your data to third parties.
Payment with Viva Payments or Paypal
▪ It is your choice. Your transaction is safe in any case.
-
Viva Payments
▪ It is a licensed e money institution for money transactions inside European Union’s area.
▪ After you have entered (e – payment) the above mentioned information, there is a link that redirects you to Viva Payments’ website.
▪ In Viva Payments’ website, you have to give your credit card’s details. You do not need to have or create an account. We do not have access to this information so we are not responsible for it. Viva Payments is responsible for the process and the protection of your data. You can read Viva Payments’ privacy policy by visiting its website.
-
Paypal
▪ Paypal is an American company which offers an online payment system worldwide. It makes transactions and money transfers easier. Paypal’s headquarters are located in San Jose, California, U.S. Paypal Europe’s headquarters are located in Luxemburg (22-24 Boulevard, 2449 Luxemburg).
▪ After you have entered the above mentioned information (e-payment), there is a link that redirects you to Paypal’s website.
▪ In Paypal’s website, you have to give your credit card’s details. You do not need to have or create a Paypal account. We do not have access to this information so we are not responsible for it . Paypal is responsible for the process and the protection of your data. You can read Paypal’s privacy policy by visiting its website.
Recipients outside from European Union
▪ Only in the case of Google Analytics (U.S.A) (see our cookies policy), your data is transferred to third countries or international Organizations, but after your IP anonymization, you cannot be identified. In any other case and under any circumstance, we do not transfer your data to third countries or international organizations.
Data Subject’s Rights
▪ You have the following rights:
-
Right to withdraw your consent: When the processing of your data is based on your consent, you can withdraw it at any time and without any cost (article 7 paragraph 3 GDPR).
-
Right to access your personal data: You have the right to obtain confirmation (from the controller) as to whether or not your data are processed. You also have the right to get information about: the processing purposes, the categories of data concerned, recipients or categories of recipients to whom the data are disclosed, the duration of data storage, the existence of rights to rectify or to erase personal data, or to restrict personal data processing, the existence of the right to lodge a complaint with the supervisory authority, the existence of any automated processing data (article 15 GDPR).
-
Right to rectification: You have the right to ask from the controller to rectify without delay your inaccurate personal data. You have also the right to have incomplete personal data completed including by means of providing a supplementary statement (article 16 GDPR).
-
Right to erasure (right to be forgotten): You have the right to have your personal data erased. The controller should erase it in the following cases: when the data are no longer necessary regarding the purposes for which they were collected or otherwise processed, when you withdraw your consent on which the processing is based and there is no other legal ground for the processing, when you object the processing and there are no overriding legitimate grounds for the processing, when your data have been unlawfully processed, your data have to be erased for compliance with a legal obligation Union or Member State Law to which the controller is subject, when your data have been collected concerning the offer of information society services to children pursuant to Article 8 of the GDPR (article 17 GDPR).
-
Right to restriction of processing: You can request the controller to restrict processing in the following cases: when the accuracy of the personal data is contested, when the processing is unlawful and the data subject requests that the use of the personal data be restricted instead of erased, when the data must be kept for the exercise or defence of legal claims, when you have objected to processing pursuant the Article 21 paragraph 1 pending the verification whether the legitimate grounds of the controller override those of the data subject (article 18 GDPR).
-
Right to data portability: You have the right to receive you personal data which you have provided to the controller and you have the right to transmit those data to another controller without a hindrance from the previous controller. This right applies in situations where your data are processed by automated means on the basis of consent or where your data processing is necessary for the performance of a contract and is carried out by automated means. You can request the controller to have your data transmitted directly to another controller if this is technically feasible.
-
Right to object: You have the right to object to us processing your data where the legal basis for the processing is the controller’s performance of a task carried out in the public interest (articl6 paragraph 1 section e GDPR), or where the processing is based on the controller’s legitimate interests (articl6 paragraph 1 section f GDPR). You can also ask us to stop using your data, when we use them to send you marketing emails. We will send marketing emails, only if you agree to it
How to exercise your rights
▪ You can contact us by email at [email protected]
Right to lodge a complaint
▪ The supervisory authority in Greece is Hellenic Data Protection Authority (www.dpa.gr.)
▪ If you are of the opinion that the way we process your data violates data protection regulations, you can complain to a supervisory authority in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (article 77 GDPR).