The sole proprietorship of Dimitrios Stratos, with the distinctive title "Dimitris Stratos Beauty", Tax Identification Number 154478692, who holds the distinctive mark "Dimitris Stratos DS Beauty" and the website "www.dimitrisstratosbeauty.com", based in Greece, Athens, 47 Spirou Patsi, hereinafter the Company, hereby determines and discloses the terms under which, acting as defined by law as “Data Controller", collects, stores, uses and generally processes personal data, which it collects when the visitor/user visits, registers or uses the Company's website.
use, disclose and protect the personal data of the visitor/user, the options
regarding the personal data, as well as how to communicate with the Company. This
Protection Policy is following the provisions of the General Regulation of
Personal Data Protection (GKPD 2016/679), any specific national and European
legislation for certain areas, the current Greek legislation for the protection
of personal data, as well as for data protection personal and private life in
the field of electronic communications and the decisions of the Hellenic Data
Protection Authority (HDPA).
THE COMPANY'S WEBSITE
The website www.dimitrisstratosbeauty.com is the website of the Company, where the online store (e-shop) for the presentation and sale of its products is located.
WHAT IS PERSONAL DATA
The term "personal data" refers to
information of persons, such as name, postal address, e-mail address, contact
telephone, etc., which identifies or may identify you, hereinafter referred to
as "Personal Data or Data”.
WHAT IS PROCESSING PERSONAL DATA?
Processing" means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
PERSONAL DATA BY THE VISITOR / USER?
If the visitor/user refuses to provide the information that is marked as mandatory on the Website, it may not be possible to provide its full services to the visitor/user. The provision of additional Data to the Company, in addition to those that are marked as mandatory, is optional and does not affect the main purposes of Data collection, as their provision by the visitor/user serves only to optimise the quality of the Company provided services to him.
WHICH PERSONAL DATA DOES THE COMPANY COLLECT?
The Company collects only the necessary Personal Data of the visitor/user, which are appropriate and clear for the intended purpose. This Data includes the following:
1. Data provided by him during his registration and the creation of a user account (account) on the website, through any suitable means and ways, such as via the internet or mobile device (mobile/tablet) and specific data such as e-mail address and password/login password and name, surname, postal address, telephone number.
2. Data and information provided by through transactions (purchases, orders, etc.) and communication (via the online store e-shop, e-mail or through any other means, like name and surname, telephone number, e-mail, data necessary for pricing).
3. Data concerning the way of payment and shipment of the products for the transactions are carried out.
4. Data provided when the subscription to the Company’s newsletter is made.
5. Data on the products and services of preferred choices, only so that the Company can to suggest products or services of interest and to improve the shopping experience. The visitor/user may optionally not provide this information to the Company.
6. Website traffic data.
When collecting the personal data of the visitor/user, the Company will inform about which data is necessary for specific services of the website.
The categories of cookies used or used by:
1. Necessary Cookies
They allow the proper operation of the e-shop on each visit of the visitor/user and store information, such as products in the shopping cart, electronic payments, wish-list, language selection and search information.
According to the current legislation, the visitor/user does not have the option of rejecting the installation of these cookies, as without them the provision of services by the Company would not be technically possible.
2. Cookies Analytics
They collect information about the visitor/user behaviour on each visit, how many pages are visited, which content may could be most important, the preferred products, to promote the appropriate products according to the preferences of the visitor/user.
3. Advertising Cookies
They provide ads related to the interests of the visitor/user. They are also used to send advertisements or offers that better meet his needs, thus reducing unwanted and meaningless advertising messages. They also help measure the effectiveness of the Company's advertising promotions.
HOW THE VISITOR / USER CAN CHECK THE COOKIES THROUGH THE BROWSER
The visitor/user of the website www.dimitrisstratosbeauty.com can change the settings in the browser (web browser) he uses concerning cookies and their acceptance.
THIRD PART COOKIES
HOW THE COMPANY USES THE VISITOR/USER'S PERSONAL DATA
The Company uses the Personal Data of the visitor/user in the following cases:
- To complete the orders of products and services in fulfilment of its contractual obligation, to process the order of products, to provide customer service, to comply with legal obligations, to ask for legal requirements. Also, it retains the Data for a reasonable period to fulfil any of its other contractual obligations, which derive from the applicable legislation.
- To create an account to provide account functions and to facilitate the purchase of products.
- To facilitate communication in response to requests or questions, in requests for the return of products and return of their price or submitted complaints.
- To send a newsletter via e-mail, or through telephone and/or through social media information about new products, promotions, etc., if the visitor/user gives the consent, which consent can the visitor/user to recall free whenever.
- To receive notifications or consent for placing cookies on the device of visitor/user, e.g. list of recently visited products or for suggestions based on the purchase history etc.
- For the protection of the account the visitor/user in case of internet fraud or other illegal activities, such as for the maintenance, information and protection of the account of the visitor/user, as well as for the identification and resolving of any problems and the protection of the Company's website.
- To process the electronic payment of each order and to prevent fraudulent transactions by third parties.
- For the compliance of the Company with any contractual obligations to the visitor/user or in accordance with the legislation in force at the time or for compliance with any court decisions.
LEGAL BASIS OF PROCESSING PERSONAL DATA
1. The service of the contractual relationship (electronic sales contract) of the Company with the visitor/user
2. The consent of the visitor/user, where required, e.g. to receive electronic updates (newsletter) etc.
3. The obligations of the Company deriving by the law, e.g. tax legislation, legislation for electronic commerce etc.
ACCEPTANCES OF THE PERSONAL/DATA'S PERSONAL DATA
Access to the Data of the visitor/user has
only the necessary staff of the Company, which is contractually bound to
maintain confidentiality and any cooperating companies or third-party service
providers, who process the Personal Data as Data Controller on behalf of the Company and according to its instructions and orders.
PERFORMING THE PROCESSING
Third-party service providers that process personal data on behalf of the Company, indicatively and not restrictively: for the processing of credit cards and payments, transfers and deliveries, hosting, management and maintenance of the website, email distribution, research and analysis, promotion management operations, as well as the management of certain services and items, accounting and legal services. When the Company uses third-party service providers, it enters into agreements with those that oblige them to implement appropriate technical, technological and organisational measures for the protection of personal data.
THE COMPANY'S POLICY WITH THIRD PARTIES PROCESSING PERSONAL DATA
The Company provides only the information needed to perform its specific services.
The Personal Data may be used exclusively for the purposes specified in the Company contract with the third parties.
If the Company stops using their services, any of the personal data they legally possess will be deleted or become anonymous.
To improve the visitor/user experience as a customer on the Company's e-shop, the Company uses the following companies, which will process the Personal Data as part of their contracts with the Company: Instagram, Facebook, Google. The Company also cooperates with a courier company of its choice for the sending and delivery of online orders.
The Processors of personal data on behalf of the Company have agreed and contractually undertaken with it to maintain confidentiality, not to process personal data for purposes other than the conventional ones, and without the permission of the Company, to take appropriate technical, technological and organisational measures and in general comply with the legal framework for the protection of personal data and in particular Regulation 979/2016/EU (GDPR). The Company cooperates with them to ensure, protect and respect the privacy of the visitor/user at all times.
TRANSFER OF PERSONAL DATA
The personal data collected by the Company
(or processed) within its website, will be stored within the European Union.
However, some of the recipients of the personal data with whom the Company
shares the personal data of the visitor/user may be located in countries other
than the one where the initial collection of your personal data took place.
When the Company carries any personal data to recipients in other countries, is
accordance with applicable law.
TIME OF PRESERVATION OF PERSONAL DATA
The statement of consent of the user/visitor for sending a newsletter is kept for as long as the Company sends it and in any case not more than six (6) months from the statement of the visitor/user to stop sending it.
At the end of this retention period, the personal data will be completely deleted or made anonymous so that they can be used in an unrecognisable manner for statistical analysis and business planning.
PERSONAL DATA SECURITY
The Company has taken all necessary, updated and appropriate technical, technological and organisational measures for the security and protection of personal data to ensure their protection from any accidental or improper processing.
The website www.dimitrisstratosbeauty.com uses Secure Sockets Layer (SSL) with 256-bit encryption. This technology allows secure communication between the user and the Company's e-shop.
Payments via bank cards (credit card, debit card and prepaid card) are made with the Viva Wallet ePos system. The bank card number and CVV are NOT stored in the system database. This data is received by the user encrypted (SSL-256bit) and sent to the bank's servers in real-time and with the same encryption. Even after the transaction is completed, only the bank has access to the credit card number and CVV. The bank has undertaken the process of clearing of the transactions, ensuring your absolute security.
For the identification of the visitor/user as an account user, the used data are two: the Username and the Password, which only the visitor/user knows and is solely responsible for maintaining their confidentiality. Each time the visitor/user enters those access to the account will be given. This process is achieved securely through encryption during the transfer to the Internet and the Company's servers.
THE RIGHTS OF THE VISITOR / USER AS A SUBJECT OF PERSONAL DATA
The right to be informed / Transparency: the right to know who is processing the data, what categories of data they are using and why. The organisations processing the data must give clear information in plain language (Articles 12, 13 and 14 of the GDPR).
The right of access: the right to request access to the personal data that an organisation has (Article 15 of the GDPR).
The right to rectification: the right to have the data rectified, if the data is inaccurate and/or incomplete (Articles 16 & 19 of the GDPR).
The right to erasure (‘right to be forgotten’): the right to have the personal data erased under specific conditions, such as where the data is no longer necessary, if the consent has been withdrawn, the data has been unlawfully processed etc. (Articles 17 & 19 of the GDPR).
The right to restriction of processing: the right to obtain restriction of processing where the accuracy of the personal data is contested, the processing is unlawful, the controller no longer needs the personal data for the purposes of the processing, objected to automated processing (Articles 18 and 19 of the GDPR).
The right to data portability: the right to have the data transmitted to another data controller (Article 20 of the GDPR).
The right to object: the right to object to the processing of the personal data by an organisation, provided that this is not contrary to the public interest (Article 21 of the GDPR).
The right to human intervention: the right to object where a decision is based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you (for more details see Article 22 of the GDPR).
Right of Complaint: the right to submit a complaint to the Hellenic Data Protection Authority, 1-3 Kifissias Av., 115 23, Athens, Greece, tel. 0030 210 6475 600, e-mail: [email protected], if it considers that the processing of its personal data violates the applicable national and regulatory framework law for the protection of personal data.
HOW CAN THE VISITOR / USER EXERCISE HIS RIGHTS
In order the visitor/user to exercise any of his rights, a relevant can be send to the e-mail [email protected] or by phone (+30) 210 8329 495, which undertakes to examine it and reply to within (1) one month of receiving the request. If more time is required to process the request, the Company will inform within this month.
For the correction of personal data for the user account given by the visitor/user, any correction can be he can log in to it and make any correction/change, without the need for this purpose to send a request to the Company.
If the visitor/user wishes to revoke the consent that has been given to receive the Company newsletter, it can be done through the link "unsubscribe from this list" located at bottom of each newsletter.
APPLICABLE LAW WHEN PROCESSING PERSONAL DATA
Applicable Law is the Greek Law, as formulated according to the General Regulation for the Protection of Personal Data 2016/679 / EU, law 4624/2019 and in general the current national and European legislative and regulatory framework for the protection of personal data. Any disputes are subject to the exclusive jurisdiction of the Courts of Athens, Greece.