PRIVACY POLICY
INTRODUCTION
The sole proprietorship of Dimitrios
Stratos, with the distinctive title "Dimitris Stratos Beauty", Tax
Identification Number 154478692, who holds the distinctive mark "Dimitris
Stratos DS Beauty" and the website "www.dimitrisstratosbeauty.com",
based in Greece, Athens, 47 Spirou Patsi, hereinafter the Company, hereby
determines and discloses the terms under which, acting as defined by law as
“Data Controller", collects, stores, uses and generally processes personal
data, which it collects when the visitor/user visits, registers or uses the
Company's website.
This Privacy Policy also describes how to
use, disclose and protect the personal data of the visitor/user, the options
regarding the personal data, as well as how to communicate with the Company. This
Protection Policy is following the provisions of the General Regulation of
Personal Data Protection (GKPD 2016/679), any specific national and European
legislation for certain areas, the current Greek legislation for the protection
of personal data, as well as for data protection personal and private life in
the field of electronic communications and the decisions of the Hellenic Data
Protection Authority (HDPA).
THE COMPANY'S
WEBSITE
The website www.dimitrisstratosbeauty.com is
the website of the Company, where the online store (e-shop) for the
presentation and sale of its products is located.
WHAT IS
PERSONAL DATA
The term "personal data" refers to
information of persons, such as name, postal address, e-mail address, contact
telephone, etc., which identifies or may identify you, hereinafter referred to
as "Personal Data or Data”.
WHAT IS PROCESSING PERSONAL DATA?
Processing" means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
PERSONAL DATA BY THE VISITOR / USER?
The provision of the Data to the Company may
be necessary to achieve the purposes set out in this Privacy Policy or be
optional.
If the visitor/user refuses to provide the
information that is marked as mandatory on the Website, it may not be possible
to provide its full services to the visitor/user. The provision of additional
Data to the Company, in addition to those that are marked as mandatory, is
optional and does not affect the main purposes of Data collection, as their
provision by the visitor/user serves only to optimise the quality of the
Company provided services to him.
WHICH PERSONAL DATA DOES THE COMPANY
COLLECT?
The Company collects only the necessary
Personal Data of the visitor/user, which are appropriate and clear for the
intended purpose. This Data includes the following:
1. Data provided by him during his
registration and the creation of a user account (account) on the website,
through any suitable means and ways, such as via the internet or mobile device
(mobile/tablet) and specific data such as e-mail address and password/login
password and name, surname, postal address, telephone number.
2. Data and information provided by through
transactions (purchases, orders, etc.) and communication (via the online store
e-shop, e-mail or through any other means, like name and surname, telephone
number, e-mail, data necessary for pricing).
3. Data concerning the way of payment and
shipment of the products for the transactions are carried out.
4. Data provided when the subscription to
the Company’s newsletter is
made.
5. Data on the products and services of
preferred choices, only so that the Company can to suggest products or services
of interest and to improve the shopping experience. The visitor/user may optionally
not provide this information to the Company.
6. Website traffic data.
When collecting the personal data of the
visitor/user, the Company will inform about which data is necessary for
specific services of the website.
USE OF COOKIES ON THE BROWSER
When accessing the website
www.dimitrisstratosbeauty.com the Company uses cookies. Cookies are small files
(text files), which are sent and stored on the computer of the visitor/user,
allowing the Company's website to function technically smooth, to collect
multiple options of the visitor/user, to recognise the frequent visitors/users,
to facilitate their access to it, and to collect data to improve the content of
the website. Cookies do not cause harm to users' computers, nor to the files
stored on them. The Company uses cookies to provide information and to process
orders, but also to present any advertising and/or educational content related
to the interests and needs of the visitor/user. The Company clarifies that
cookies are necessary in order for the website of www.dimitrisstratosbeauty.com
to function properly and smoothly. In any case, the visitor/user when visiting
the company's website can choose which of the cookies are allowed or not.
Details about the cookies used by the Company here.
The categories of cookies used or used by:
1. Necessary Cookies
They allow the proper operation of the
e-shop on each visit of the visitor/user and store information, such as
products in the shopping cart, electronic payments, wish-list, language
selection and search information.
According to the current legislation, the
visitor/user does not have the option of rejecting the installation of these
cookies, as without them the provision of services by the Company would not be
technically possible.
2. Cookies Analytics
They collect information about the
visitor/user behaviour on each visit, how many pages are visited, which content
may could be most important, the preferred products, to promote the appropriate
products according to the preferences of the visitor/user.
3. Advertising Cookies
They provide ads related to the interests of the visitor/user. They are also used to send advertisements or offers that better meet his needs, thus reducing unwanted and meaningless advertising messages. They also help measure the effectiveness of the Company's advertising promotions.
HOW THE VISITOR / USER CAN CHECK THE
COOKIES THROUGH THE BROWSER
The visitor/user of the website
www.dimitrisstratosbeauty.com can change the settings in the browser (web
browser) he uses concerning cookies and their acceptance.
While browsing the website, he will be asked
to give consent for the storage of cookies and the processing of data received
through them. In any case, the browser can be configure in such a way that it
is informed about the use of cookies and sets the privacy protection it wishes,
choosing between maximum protection (e.g. "never accept cookies") and
minimum protection (e.g. "always accept cookies"), as well as an
intermediate level of protection. These privacy settings will be presented
clearly and comprehensibly. It is clarified that any total rejection of cookies
may result in the use of certain subpages of the website may not be possible or
much more difficult.
THIRD PART COOKIES
The visitor/user by using the website
www.dimitrisstratosbeauty.com of the Company through another website or a
communication platform (social media) or social networking of third parties, e.g. Instagram, Facebook, Google etc, the information that the visitor/user will provide or receive are
subject to the third-party cookie policy, for which the visitor/user must be
informed before consenting to go to the Company's website.
HOW THE COMPANY USES THE VISITOR/USER'S
PERSONAL DATA
The Company uses the Personal Data of the
visitor/user in the following cases:
- To complete the orders of products and
services in fulfilment of its contractual obligation, to process the order of
products, to provide customer service, to comply with legal obligations, to ask
for legal requirements. Also, it retains the Data for a reasonable period to
fulfil any of its other contractual obligations, which derive from the
applicable legislation.
- To create an account to provide account
functions and to facilitate the purchase of products.
- To facilitate communication in response to
requests or questions, in requests for the return of products and return of
their price or submitted complaints.
- To send a newsletter via e-mail, or
through telephone and/or through social media information about new products,
promotions, etc., if the visitor/user gives the consent, which consent can the
visitor/user to recall free whenever.
- To receive notifications or consent for
placing cookies on the device of visitor/user, e.g. list of recently visited
products or for suggestions based on the purchase history etc.
- For the protection of the account the
visitor/user in case of internet fraud or other illegal activities, such as for
the maintenance, information and protection of the account of the visitor/user,
as well as for the identification and resolving of any problems and the
protection of the Company's website.
- To process the electronic payment of each
order and to prevent fraudulent transactions by third parties.
- For the compliance of the Company with any
contractual obligations to the visitor/user or in accordance with the
legislation in force at the time or for compliance with any court decisions.
LEGAL BASIS OF PROCESSING PERSONAL DATA
1. The service of the contractual
relationship (electronic sales contract) of the Company with the visitor/user
2. The consent of the visitor/user, where
required, e.g. to receive electronic updates (newsletter) etc.
3. The obligations of the Company deriving
by the law, e.g. tax legislation, legislation for electronic commerce etc.
ACCEPTANCES OF THE PERSONAL/DATA'S
PERSONAL DATA
Access to the Data of the visitor/user has
only the necessary staff of the Company, which is contractually bound to
maintain confidentiality and any cooperating companies or third-party service
providers, who process the Personal Data as Data Controller on behalf of the Company and according to its instructions and orders.
PERFORMING THE PROCESSING
Third-party service providers that process
personal data on behalf of the Company, indicatively and not restrictively: for
the processing of credit cards and payments, transfers and deliveries, hosting,
management and maintenance of the website, email distribution, research and
analysis, promotion management operations, as well as the management of certain
services and items, accounting and legal services. When the Company uses
third-party service providers, it enters into agreements with those that oblige
them to implement appropriate technical, technological and organisational
measures for the protection of personal data.
Any other third parties, when required for
compliance, at the request of the Greek State, court decision or applicable
law, the prevention of illegal uses of the Company's websites and applications
or violations of the Terms of Use of the websites and applications (apps) of
the Company and its policies, its protection against third party claims, and
its contribution to the prevention or investigation of cases of fraud.
THE COMPANY'S POLICY WITH THIRD PARTIES
PROCESSING PERSONAL
DATA
The Company provides only the information
needed to perform its specific services.
The Personal Data may be used exclusively
for the purposes specified in the Company contract with the third parties.
If the Company stops using their services,
any of the personal data they legally possess will be deleted or become
anonymous.
To improve the visitor/user experience as a
customer on the Company's e-shop, the Company uses the following companies,
which will process the Personal Data as part of their contracts with the
Company: Instagram, Facebook, Google. The Company also cooperates with a
courier company of its choice for the sending and delivery of online orders.
The Processors of personal data on behalf of the Company
have agreed and contractually undertaken with it to maintain confidentiality,
not to process personal data for purposes other than the conventional ones, and
without the permission of the Company, to take appropriate technical,
technological and organisational measures and in general comply with the legal
framework for the protection of personal data and in particular Regulation
979/2016/EU (GDPR). The Company cooperates with them to ensure, protect and
respect the privacy of the visitor/user at all times.
TRANSFER OF PERSONAL DATA
The personal data collected by the Company
(or processed) within its website, will be stored within the European Union.
However, some of the recipients of the personal data with whom the Company
shares the personal data of the visitor/user may be located in countries other
than the one where the initial collection of your personal data took place.
When the Company carries any personal data to recipients in other countries, is
committed to protect them, as described in this Privacy Policy and in
accordance with applicable law.
TIME OF PRESERVATION OF PERSONAL DATA
The Company maintains the personal data for
the necessary time to fulfil the purposes defined in this Privacy Policy, but
also the observance of its legal obligations (e.g. tax obligations, etc.). Data
that the Company process within the framework of the sales contract, will be
kept for five (5) years so that it can comply with its legal and contractual
obligations.
The statement of consent of the user/visitor
for sending a newsletter is kept for as long as the Company sends it and in any
case not more than six (6) months from the statement of the visitor/user to
stop sending it.
At the end of this retention period, the
personal data will be completely deleted or made anonymous so that they can be
used in an unrecognisable manner for statistical analysis and business
planning.
PERSONAL DATA SECURITY
The Company has taken all necessary, updated
and appropriate technical, technological and organisational measures for the
security and protection of personal data to ensure their protection from any
accidental or improper processing.
The website www.dimitrisstratosbeauty.com
uses Secure Sockets Layer (SSL) with 256-bit encryption. This technology allows
secure communication between the user and the Company's e-shop.
Payments via bank cards (credit card, debit
card and prepaid card) are made with the Viva Wallet ePos system. The bank card
number and CVV are NOT stored in the system database. This data is received by
the user encrypted (SSL-256bit) and sent to the bank's servers in real-time and
with the same encryption. Even after the transaction is completed, only the
bank has access to the credit card number and CVV. The bank has undertaken the
process of clearing of the transactions, ensuring your absolute security.
For the identification of the visitor/user
as an account user, the used data are two: the Username and the Password, which
only the visitor/user knows and is solely responsible for maintaining their
confidentiality. Each time the visitor/user enters those access to the account
will be given. This process is achieved securely through encryption during the
transfer to the Internet and the Company's servers.
THE RIGHTS OF THE VISITOR / USER AS A
SUBJECT OF PERSONAL DATA
The right to be informed / Transparency: the right to know who is processing the data, what categories of data
they are using and why. The organisations processing the data must give clear
information in plain language (Articles 12, 13 and 14 of the GDPR).
The right of access: the right to request access to the personal data that an
organisation has (Article 15 of the GDPR).
The right to rectification: the right to have the data rectified, if the data is inaccurate
and/or incomplete (Articles 16 & 19 of the GDPR).
The right to erasure (‘right to be forgotten’): the right to have the personal data erased under specific
conditions, such as where the data is no longer necessary, if the consent has
been withdrawn, the data has been unlawfully processed etc. (Articles 17 &
19 of the GDPR).
The right to restriction of processing: the right to obtain restriction of processing where the accuracy of
the personal data is contested, the processing is unlawful, the controller no
longer needs the personal data for the purposes of the processing, objected to
automated processing (Articles 18 and 19 of the GDPR).
The right to data portability: the right to have the data transmitted to another data controller
(Article 20 of the GDPR).
The right to object: the right to object to the processing of the personal data by an
organisation, provided that this is not contrary to the public interest
(Article 21 of the GDPR).
The right to human intervention: the right to object where a decision is based solely on automated
processing, including profiling, which produces legal effects concerning you or
significantly affects you (for more details see Article 22 of the GDPR).
Right of Complaint: the right to submit a complaint to the Hellenic Data Protection
Authority, 1-3 Kifissias Av., 115 23, Athens, Greece, tel. 0030 210 6475 600, e-mail:
contact@dpa.gr, if it considers that the processing of its personal data
violates the applicable national and regulatory framework law for the
protection of personal data.
HOW CAN THE VISITOR / USER EXERCISE HIS
RIGHTS
In order the visitor/user to exercise any of
his rights, a relevant can be send to the e-mail info@dimitrisstratosbeauty.com or by phone (+30) 210 8329 495, which undertakes to examine it and
reply to within (1) one month of receiving the request. If more time is
required to process the request, the Company will inform within this month.
For the correction of personal data for the
user account given by the visitor/user, any correction can be he can log in to
it and make any correction/change, without the need for this purpose to send a
request to the Company.
If the visitor/user wishes to revoke the
consent that has been given to receive the Company newsletter, it can be done
through the link "unsubscribe from this list" located at bottom of
each newsletter.
APPLICABLE LAW WHEN PROCESSING PERSONAL
DATA
Applicable Law is the Greek Law, as
formulated according to the General Regulation for the Protection of Personal
Data 2016/679 / EU, law 4624/2019 and in general the current national and
European legislative and regulatory framework for the protection of personal
data. Any disputes are subject to the exclusive jurisdiction of the Courts of Athens,
Greece.
MODIFICATION OF THE COMPANY'S PRIVACY
POLICY
This Privacy Policy is updated by the Company whenever
necessary. Any changes to this Privacy Policy will take effect as soon as the
updated Privacy Policy is posted on this website. In any such case, the
visitor/user should, at regular intervals, study this Policy, so that the
visitor/user is fully aware of how the personal data is protected and which are
the rights.