PRIVACY POLICY OF PERSONAL DATA
Introduction
https://lostsession.gr/ is the “website” and “online store” for Internet product exhibition and sale, managed and maintained by the sole proprietorship under the name “GEORGE GELADAKIS – MEANDYOU COMMUNICATION DESIGN” (hereinafter “Company”), situated in Athens, Greece (8 Tsami Karatasou str., 11742, VAT No 109821670).
This Privacy Policy governs all access, navigation and use of the website and our online store https://lostsession.gr/.
The below-mentioned policy in combination with the relevant provisions of Greek, EU and international law regarding protection of individuals from the processing of personal data, as well as the Decisions of the Personal Data Protection Authority will govern the management and protection of visitors’ personal data in our website and online store. Any possible future change of the above regulatory framework will automatically be the subjected to the this.
This Personal Data Protection Policy along with the provisions in Terms of Use of the Website and Cookies Policy, Payment, Shipping and Returns Policy of the company’s https://lostsession.gr/ website all constitute a unified legal text.
Our Company, retains the right to modify, from time to time, its Terms and Policies, including the Privacy Policy, either as a whole or partially, at its sole discretion. Any modification herein will be effective upon posting on this website and as long as the visitor continues to use it, he will be automatically considered to have accepted all modifications unconditionally.
If for any reason visitors do not agree with the terms of this Policy, as it applies each time following modifications, they must stop using the website and our online store.
The Company considers that the privacy of the visitor and the security and protection of his personal data are very important. For this reason, we take all appropriate measures in order to protect them and to make sure that collecting and processing them is always carried out in accordance with the obligations set by the applicable legal framework.
Personal Data Controller
Responsible for processing personal Data (DPO) is the sole proprietorship under the name “GEORGE GELADAKIS – MEANDYOU COMMUNICATION DESIGN” (hereinafter “Company”), situated in Athens, Greece (45-47 Voulis str., 10557, VAT No 109821670), tel: (+30) 211 40 45 580 and email: info@meandyou.gr.
Which kind of Personal Data we collect and process?
The Company will not ask you for any personal information for purposes of visitor’s browsing in our website and our online store. However, while the visitor browses or uses the services offered by our website, the Company collects and processes browsing data through cookies that relate exclusively to the visitor’s purchasing habits, which are described in the Cookies Policy and we recommend that you read them.
The categories of personal data that the Company collects and processes during the visitor’s visit at the Website and Online Store are the following:
- a) Personal Data, which according to Law and Terms of Use and conditions related to the sales policy are deemed necessary in order to complete, execute and ship your order. Among these, indicatively, are Name and Surname, email address, Contact Phone (mobile and/or landline), Product Shipping Address (street, city, postal code), Billing Address of the order and the Type of Document you want us to issue (Receipt or Invoice). If you request the issuance of an Invoice, you will be asked for details of your Company (such as the Name of the Company, the Tax number, the Tax Authority, Purpose of Company, Address of its headquarters and Contact Numbers (landline and mobile).
- b) We collect your Email address when you subscribe to our Newsletters service, in order to send you newsletters about the Company, its products and services, any offers, etc. The above information that you communicate to our Company as well as your e-mail address will also remain in our database for another ten (10) years until you explicitly request to be removed from the list. You can do this by using the unsubscribe links contained in any email newsletters we send you.
- c) We collect your E-mail Address and Personal Access Code (Password), when you register as Member on our website and open an Account, so that you can complete your purchases from our online store.
- d) In case you provide us with personal data of third parties (such as First Name, Surname, Address, Telephone) (e.g. cases where you declare a different shipping or billing address or gift purchase for a Third Party), our business will protect the Third Party’s Personal Data in accordance with this Privacy Policy.
Each visitor/user guarantees the accuracy and authenticity of the personal data concerning him and which he submits willingly on the website of our company as well as his right to submit such data.
- e) To complete any sale, apart from cash on delivery and cash deposit at company’s bank account, the visitor has the option to pay the price either by debiting a Visa / Mastercard card or via the Woo Payments service. The card details are entered directly on the website of Piraeus Bank and to use the Woo Payments service, the visitor is transferred to the website of the service and our company does not keep any information of the user/visitor’s card (credit/debit card number, CCV2, expiry date, etc.) in the database.
The transfer of Personal data between the https://lostsession.gr/ website and your browser is done with 256-bit SSL encryption and is delivered via HTTPS. Your data is stored on our servers located in a secure location.
Why do we collect Personal Data?
The personal data you declare during your visit to the pages and services of the https://lostsession.gr/ website are collected and processed exclusively for the following legal purposes of processing:
– for the completion and execution of the purchase contract regarding products offered by our company through the website https://lostsession.gr/. In order to make your purchase, you will be asked for the necessary Personal Data that will ensure the execution of the contract, such as payment, fraud control for the use of electronic means of payment, billing, shipment of the product,
– to send company’s newsletters, for commercial communication about our products and promotional reasons,
– for the communication between us, and the management of your requests through the Customer Service Department,
– to improve the services provided,
– for the purposes of statistical research and analysis with data in aggregate form in order to understand how users interact and use our company’s website, improving our products and services.
It is noted that the visitor/user is not obliged to provide the above information – his personal data. Without providing the above-mentioned information considered as necessary for those purposes, he will not be able to register. He will, however, be able to browse the website, without the possibility of interactivity, that is, he will have the rights and capabilities of the ordinary visitor, described in the TERMS OF USE, but not those of the registered user. Also, without completing the user’s personal information in the Online Store, it will be impossible to complete the order.
The company does not carry out automated decision-making, nor profiling, based on automated processing of user data.
The company does not in any way collect or gain access through its website to special categories of (“sensitive”) personal data. The visitor has the obligation to refrain from providing such data, concerning himself or third parties. Otherwise, the data will be deleted as soon as it comes to the company’s attention. The company bears no responsibility towards visitors or third parties for any provision and/or processing of such data, due to their actions or omissions in violation of the above obligation.
With whom do we share your personal data?
Your Personal Data is processed by our Company that bears the responsibility as Personal Data Controller. For organizational and operational requirements related to the products and services the company provides, the Company may transmit your personal information to its agents and/or subcontractors for purposes of supporting, promoting and executing your business relationship with it, but always under conditions that fully ensure that your personal information does not undergo any illegal processing, i.e. other than the purpose of transmission is in accordance with the above mentioned.
The Company reserves the right to transmit your Personal Data for in above-mentioned purposes:
– to the Courier companies that are in cooperation with the company, as mentioned in the conditions regarding Shipping Methods, in order to ensure the shipment of the products you have selected from our Online Store,
– to credit card providers to process the payment on their behalf,
– to third parties, natural or legal entities, who may provide promotion and marketing services of both the Company and its products or services on behalf of the Company,
– to our third-party partners who provide technical services, such as indicative hosting and technical support services for the website and our online store as well as monitoring all business accounting in order to comply with tax.
The Company will not make available for sale or transmit or disclose your personal data to third parties, other than those mentioned above, without your consent, except in the cases expressly provided by law. Specifically, the data kept in the file may be communicated to the Competent Judicial, Police and other Administrative Authorities upon their legal request and in accordance with the applicable legislative provisions.
For how long do we retain your personal data?
The Company processes your personal data throughout the validity period of the respective contract and after its termination or expiration for a period of at least ten (10) years. At the end of this period, your data will either be completely deleted or can only be used anonymously, in a non-identifiable way, e.g. for statistical analysis. Regarding the electronic address you have registered in order to receive the Company’s newsletter, it is noted that it is kept for as long as the Newsletter is sent to you and in any case no longer than a period of one month from the interruption of its sending.
The security of your personal data
The Company implements all technical and organizational measures needed, in order to securely process personal data and to prevent accidental loss or destruction and unauthorized and/or illegal access, use, modification or disclosure thereof. In any case, the way the internet works and the fact that it is free to anyone, does not allow to provide guarantees that unauthorized third parties will never gain the possibility to violate the applied technical and organizational measures, by gaining access and possibly by ending up using personal data for unauthorized and/or illegal purposes.
What rights do you preserve as a data subject regarding your personal data?
The company informs visitors/users that the necessary procedures required to enable the exercise of their rights based on EU Regulation 2016/679 are in place, as follows:
Right of access and information: Upon the relevant request of the visitor/user, he will be provided with information about the categories of personal data kept by the company, the purposes of processing, the reasons that make their processing legitimate, the data retention period, the person who executes the processing.
Right to correct and update personal data: The company provides visitors/users with the opportunity to correct/update their personal data by communicating their request to the company’s official means of communication mentioned at the beginning of this.
Right to delete personal data: The company further provides visitors with the possibility to request at any time to delete personal data and information that were originally provided in order to connect to the services of the website and/or to request deletion of those categories of data that are collected automatically with technical methods, unless the company is to retain said data for a specific period of time based on company’s obligation to comply with legal obligations and formalities to which it may be subject.
Right to portability: The visitor/user can receive or request the transfer of his data, in a machine-readable form, from the company to another data controller, if he so wishes.
Right to withdraw consent: At any time, the visitor/user can withdraw his consent to the processing of personal data in the future. The legality of data processing remains unaffected by this action until the point of withdrawal of consent.
Right to restrict and display objections to the processing of the data: The visitor/user can exercise the above rights for the future, if the visitor considers that his data is inaccurate or subject to unauthorized processing or if despite the expiration of the reason that allows processing, the visitor objects to their deletion, to support his legal claim.
For you to exercise any of the above rights, any request you may have should be addressed to the Company in writing either by sending relevant electronic mail (email) to the address info@meandyou.gr or by telephone to (+30) 211 40 45 580 daily from 9 am to 5 pm (except for holidays).
The visitor/user can contact the competent Supervisory Authority for information and filling complaint for any issue related to the above and if he considers that his rights are infringed in any way:
Personal Data Protection Authority
Postal Address: Kifisias 1-3, P.O. 115 23, Athens
Call Center: +30-210 6475600, Fax: +30-210 6475628
Email: contact@dpa.gr
For the Authority’s competence and for guidelines on how to submit a complaint, you can visit its website (https://www.dpa.gr/en/individuals/complaint-to-the-hellenic-dpa ), where detailed information is available.