PRIVACY POLICY

INTRODUCTION

The sole proprietorship of Dimitrios Stratos, with the distinctive title "Dimitris Stratos Beauty", Tax Identification Number 154478692, who holds the distinctive mark "Dimitris Stratos DS Beauty" and the website "www.dimitrisstratosbeauty.com", based in Greece, Athens, 47 Spirou Patsi, hereinafter the Company, hereby determines and discloses the terms under which, acting as defined by law as “Data Controller", collects, stores, uses and generally processes personal data, which it collects when the visitor/user visits, registers or uses the Company's website.

This Privacy Policy also describes how to use, disclose and protect the personal data of the visitor/user, the options regarding the personal data, as well as how to communicate with the Company. This Protection Policy is following the provisions of the General Regulation of Personal Data Protection (GKPD 2016/679), any specific national and European legislation for certain areas, the current Greek legislation for the protection of personal data, as well as for data protection personal and private life in the field of electronic communications and the decisions of the Hellenic Data Protection Authority (HDPA).

THE COMPANY'S WEBSITE

The website www.dimitrisstratosbeauty.com is the website of the Company, where the online store (e-shop) for the presentation and sale of its products is located.

 

WHAT IS PERSONAL DATA

The term "personal data" refers to information of persons, such as name, postal address, e-mail address, contact telephone, etc., which identifies or may identify you, hereinafter referred to as "Personal Data or Data”.

WHAT IS PROCESSING PERSONAL DATA?

Processing" means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

PERSONAL DATA BY THE VISITOR / USER?

The provision of the Data to the Company may be necessary to achieve the purposes set out in this Privacy Policy or be optional.

If the visitor/user refuses to provide the information that is marked as mandatory on the Website, it may not be possible to provide its full services to the visitor/user. The provision of additional Data to the Company, in addition to those that are marked as mandatory, is optional and does not affect the main purposes of Data collection, as their provision by the visitor/user serves only to optimise the quality of the Company provided services to him.

 

WHICH PERSONAL DATA DOES THE COMPANY COLLECT?

The Company collects only the necessary Personal Data of the visitor/user, which are appropriate and clear for the intended purpose. This Data includes the following:

1. Data provided by him during his registration and the creation of a user account (account) on the website, through any suitable means and ways, such as via the internet or mobile device (mobile/tablet) and specific data such as e-mail address and password/login password and name, surname, postal address, telephone number.

2. Data and information provided by through transactions (purchases, orders, etc.) and communication (via the online store e-shop, e-mail or through any other means, like name and surname, telephone number, e-mail, data necessary for pricing).

3. Data concerning the way of payment and shipment of the products for the transactions are carried out.

4. Data provided when the subscription to the Company’s newsletter is made.

5. Data on the products and services of preferred choices, only so that the Company can to suggest products or services of interest and to improve the shopping experience. The visitor/user may optionally not provide this information to the Company.

6. Website traffic data.

When collecting the personal data of the visitor/user, the Company will inform about which data is necessary for specific services of the website.

 

USE OF COOKIES ON THE BROWSER

When accessing the website www.dimitrisstratosbeauty.com the Company uses cookies. Cookies are small files (text files), which are sent and stored on the computer of the visitor/user, allowing the Company's website to function technically smooth, to collect multiple options of the visitor/user, to recognise the frequent visitors/users, to facilitate their access to it, and to collect data to improve the content of the website. Cookies do not cause harm to users' computers, nor to the files stored on them. The Company uses cookies to provide information and to process orders, but also to present any advertising and/or educational content related to the interests and needs of the visitor/user. The Company clarifies that cookies are necessary in order for the website of www.dimitrisstratosbeauty.com to function properly and smoothly. In any case, the visitor/user when visiting the company's website can choose which of the cookies are allowed or not. Details about the cookies used by the Company here.

 

The categories of cookies used or used by:

1. Necessary Cookies

They allow the proper operation of the e-shop on each visit of the visitor/user and store information, such as products in the shopping cart, electronic payments, wish-list, language selection and search information.

According to the current legislation, the visitor/user does not have the option of rejecting the installation of these cookies, as without them the provision of services by the Company would not be technically possible.

2. Cookies Analytics

They collect information about the visitor/user behaviour on each visit, how many pages are visited, which content may could be most important, the preferred products, to promote the appropriate products according to the preferences of the visitor/user.

3. Advertising Cookies

They provide ads related to the interests of the visitor/user. They are also used to send advertisements or offers that better meet his needs, thus reducing unwanted and meaningless advertising messages. They also help measure the effectiveness of the Company's advertising promotions.


HOW THE VISITOR / USER CAN CHECK THE COOKIES THROUGH THE BROWSER

The visitor/user of the website www.dimitrisstratosbeauty.com can change the settings in the browser (web browser) he uses concerning cookies and their acceptance.

While browsing the website, he will be asked to give consent for the storage of cookies and the processing of data received through them. In any case, the browser can be configure in such a way that it is informed about the use of cookies and sets the privacy protection it wishes, choosing between maximum protection (e.g. "never accept cookies") and minimum protection (e.g. "always accept cookies"), as well as an intermediate level of protection. These privacy settings will be presented clearly and comprehensibly. It is clarified that any total rejection of cookies may result in the use of certain subpages of the website may not be possible or much more difficult.

 

THIRD PART COOKIES

The visitor/user by using the website www.dimitrisstratosbeauty.com of the Company through another website or a communication platform (social media) or social networking of third parties, e.g. Instagram, Facebook, Google etc, the information that the visitor/user will provide or receive are subject to the third-party cookie policy, for which the visitor/user must be informed before consenting to go to the Company's website.

 

HOW THE COMPANY USES THE VISITOR/USER'S PERSONAL DATA

The Company uses the Personal Data of the visitor/user in the following cases:

- To complete the orders of products and services in fulfilment of its contractual obligation, to process the order of products, to provide customer service, to comply with legal obligations, to ask for legal requirements. Also, it retains the Data for a reasonable period to fulfil any of its other contractual obligations, which derive from the applicable legislation.

- To create an account to provide account functions and to facilitate the purchase of products.

- To facilitate communication in response to requests or questions, in requests for the return of products and return of their price or submitted complaints.

- To send a newsletter via e-mail, or through telephone and/or through social media information about new products, promotions, etc., if the visitor/user gives the consent, which consent can the visitor/user to recall free whenever.

- To receive notifications or consent for placing cookies on the device of visitor/user, e.g. list of recently visited products or for suggestions based on the purchase history etc.

- For the protection of the account the visitor/user in case of internet fraud or other illegal activities, such as for the maintenance, information and protection of the account of the visitor/user, as well as for the identification and resolving of any problems and the protection of the Company's website.

- To process the electronic payment of each order and to prevent fraudulent transactions by third parties.

- For the compliance of the Company with any contractual obligations to the visitor/user or in accordance with the legislation in force at the time or for compliance with any court decisions.

 

LEGAL BASIS OF PROCESSING PERSONAL DATA

1. The service of the contractual relationship (electronic sales contract) of the Company with the visitor/user

2. The consent of the visitor/user, where required, e.g. to receive electronic updates (newsletter) etc.

3. The obligations of the Company deriving by the law, e.g. tax legislation, legislation for electronic commerce etc.

 

ACCEPTANCES OF THE PERSONAL/DATA'S PERSONAL DATA

Access to the Data of the visitor/user has only the necessary staff of the Company, which is contractually bound to maintain confidentiality and any cooperating companies or third-party service providers, who process the Personal Data as Data Controller on behalf of the Company and according to its instructions and orders.

PERFORMING THE PROCESSING

Third-party service providers that process personal data on behalf of the Company, indicatively and not restrictively: for the processing of credit cards and payments, transfers and deliveries, hosting, management and maintenance of the website, email distribution, research and analysis, promotion management operations, as well as the management of certain services and items, accounting and legal services. When the Company uses third-party service providers, it enters into agreements with those that oblige them to implement appropriate technical, technological and organisational measures for the protection of personal data.

Any other third parties, when required for compliance, at the request of the Greek State, court decision or applicable law, the prevention of illegal uses of the Company's websites and applications or violations of the Terms of Use of the websites and applications (apps) of the Company and its policies, its protection against third party claims, and its contribution to the prevention or investigation of cases of fraud.

 

THE COMPANY'S POLICY WITH THIRD PARTIES PROCESSING PERSONAL DATA

The Company provides only the information needed to perform its specific services.

The Personal Data may be used exclusively for the purposes specified in the Company contract with the third parties.

If the Company stops using their services, any of the personal data they legally possess will be deleted or become anonymous.

To improve the visitor/user experience as a customer on the Company's e-shop, the Company uses the following companies, which will process the Personal Data as part of their contracts with the Company: Instagram, Facebook, Google. The Company also cooperates with a courier company of its choice for the sending and delivery of online  orders.

The Processors of personal data on behalf of the Company have agreed and contractually undertaken with it to maintain confidentiality, not to process personal data for purposes other than the conventional ones, and without the permission of the Company, to take appropriate technical, technological and organisational measures and in general comply with the legal framework for the protection of personal data and in particular Regulation 979/2016/EU (GDPR). The Company cooperates with them to ensure, protect and respect the privacy of the visitor/user at all times.

 

TRANSFER OF PERSONAL DATA

The personal data collected by the Company (or processed) within its website, will be stored within the European Union. However, some of the recipients of the personal data with whom the Company shares the personal data of the visitor/user may be located in countries other than the one where the initial collection of your personal data took place. When the Company carries any personal data to recipients in other countries, is committed to protect them, as described in this Privacy Policy and in accordance with applicable law.

TIME OF PRESERVATION OF PERSONAL DATA

The Company maintains the personal data for the necessary time to fulfil the purposes defined in this Privacy Policy, but also the observance of its legal obligations (e.g. tax obligations, etc.). Data that the Company process within the framework of the sales contract, will be kept for five (5) years so that it can comply with its legal and contractual obligations.

The statement of consent of the user/visitor for sending a newsletter is kept for as long as the Company sends it and in any case not more than six (6) months from the statement of the visitor/user to stop sending it.

At the end of this retention period, the personal data will be completely deleted or made anonymous so that they can be used in an unrecognisable manner for statistical analysis and business planning.

 

PERSONAL DATA SECURITY

The Company has taken all necessary, updated and appropriate technical, technological and organisational measures for the security and protection of personal data to ensure their protection from any accidental or improper processing.

The website www.dimitrisstratosbeauty.com uses Secure Sockets Layer (SSL) with 256-bit encryption. This technology allows secure communication between the user and the Company's e-shop.

Payments via bank cards (credit card, debit card and prepaid card) are made with the Viva Wallet ePos system. The bank card number and CVV are NOT stored in the system database. This data is received by the user encrypted (SSL-256bit) and sent to the bank's servers in real-time and with the same encryption. Even after the transaction is completed, only the bank has access to the credit card number and CVV. The bank has undertaken the process of clearing of the transactions, ensuring your absolute security.

For the identification of the visitor/user as an account user, the used data are two: the Username and the Password, which only the visitor/user knows and is solely responsible for maintaining their confidentiality. Each time the visitor/user enters those access to the account will be given. This process is achieved securely through encryption during the transfer to the Internet and the Company's servers.

 

THE RIGHTS OF THE VISITOR / USER AS A SUBJECT OF PERSONAL DATA

The right to be informed / Transparency: the right to know who is processing the data, what categories of data they are using and why. The organisations processing the data must give clear information in plain language (Articles 12, 13 and 14 of the GDPR).

The right of access: the right to request access to the personal data that an organisation has (Article 15 of the GDPR).

The right to rectification: the right to have the data rectified, if the data is inaccurate and/or incomplete (Articles 16 & 19 of the GDPR).

The right to erasure (right to be forgotten): the right to have the personal data erased under specific conditions, such as where the data is no longer necessary, if the consent has been withdrawn, the data has been unlawfully processed etc. (Articles 17 & 19 of the GDPR).

The right to restriction of processing: the right to obtain restriction of processing where the accuracy of the personal data is contested, the processing is unlawful, the controller no longer needs the personal data for the purposes of the processing, objected to automated processing (Articles 18 and 19 of the GDPR).

The right to data portability: the right to have the data transmitted to another data controller (Article 20 of the GDPR).

The right to object: the right to object to the processing of the personal data by an organisation, provided that this is not contrary to the public interest (Article 21 of the GDPR).

The right to human intervention: the right to object where a decision is based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you (for more details see Article 22 of the GDPR).

Right of Complaint: the right to submit a complaint to the Hellenic Data Protection Authority, 1-3 Kifissias Av., 115 23, Athens, Greece, tel. 0030 210 6475 600, e-mail: contact@dpa.gr, if it considers that the processing of its personal data violates the applicable national and regulatory framework law for the protection of personal data.

 

HOW CAN THE VISITOR / USER EXERCISE HIS RIGHTS

In order the visitor/user to exercise any of his rights, a relevant can be send to the e-mail info@dimitrisstratosbeauty.com or by phone (+30) 210 8329 495, which undertakes to examine it and reply to within (1) one month of receiving the request. If more time is required to process the request, the Company will inform within this month.

For the correction of personal data for the user account given by the visitor/user, any correction can be he can log in to it and make any correction/change, without the need for this purpose to send a request to the Company.

If the visitor/user wishes to revoke the consent that has been given to receive the Company newsletter, it can be done through the link "unsubscribe from this list" located at bottom of each newsletter.



APPLICABLE LAW WHEN PROCESSING PERSONAL DATA

Applicable Law is the Greek Law, as formulated according to the General Regulation for the Protection of Personal Data 2016/679 / EU, law 4624/2019 and in general the current national and European legislative and regulatory framework for the protection of personal data. Any disputes are subject to the exclusive jurisdiction of the Courts of Athens, Greece.

 

 

MODIFICATION OF THE COMPANY'S PRIVACY POLICY

This Privacy Policy is updated by the Company whenever necessary. Any changes to this Privacy Policy will take effect as soon as the updated Privacy Policy is posted on this website. In any such case, the visitor/user should, at regular intervals, study this Policy, so that the visitor/user is fully aware of how the personal data is protected and which are the rights.