The Company respects Privacy, the confidentiality of communications and ensures the protection of personal data, faithfully observing the applicable national and EU legal framework, including the EU General Data Protection Regulation 2016/679 (hereinafter "GDPR ») and the Greek Law 4624/2019, adapting the functions of its website www.e-charatsidis.gr, the software it uses and the way of providing its services through its online store to the relevant legislative framework.

This Privacy and Personal Data Protection Policy applies to everyone who visits and browses the e-charatsidis online store, uses the services provided, such as the Newsletter and the contact form, registers as a member, transacts in any way, makes purchases or interacts with the Company with comments and ratings on Company social media accounts and channels. It also serves the following purposes:

It sets the principles that guide the Company in the processing of personal data,
It aims to inform visitors and users of ilmarte with transparency and completeness
for the data it collects
the legal bases for the processing of personal data
the rights of data subjects and how to exercise them
The processing of personal data is carried out in accordance with the provisions of the General Regulation on the Protection of Personal Data (GDPR 2016/679), any more specific national and European legislation for certain sectors, the currently applicable Greek legislation for the protection of personal data, as well as for the protection personal data and privacy in the field of electronic communications (Law 3471/2006, as applicable) and the decisions of the Personal Data Protection Authority (PDPA).

Principles of Personal Data Processing

The Company respects the following fundamental principles for the processing of personal data, as provided for in the GDPR:

1. Processes personal data in a lawful, legitimate and transparent manner ("legality, objectivity, transparency").

2. Processes personal data only for specified, explicit and lawful purposes ("purpose limitation").

3. It only processes personal data that is appropriate, relevant and limited to what is necessary for the purpose of processing ("data minimization").

4. Ensures that the personal data it processes is always accurate and up-to-date ("accuracy").

5. Keeps the personal data only for the period of time required for the purposes of its processing ("storage period limitation").

6. Processes personal data in a way that guarantees their appropriate security, such as their protection from unauthorized or illegal processing and accidental loss, destruction or damage, taking appropriate technical and organizational measures ("integrity and confidentiality").

 

Processing Manager

The Company with the name "e-charatsidis" with headquarters in the Municipality of Thessaloniki, email This email address is being protected from spambots. You need JavaScript enabled to view it., tel.2310 727 070, is the Data Controller for all personal data processing that it carries out exclusively for the purposes and means which the Company itself determines.

Personal data collected and method of collection

The Company collects Personal Data concerning you, either directly from you, or through partner companies and automated methods, such as in the following cases:

The voluntary registration by visitors-users of ilmarte of their personal data such as e.g. during their registration as members or in the contact form "Contact us" gives the Company the right to process these data in order to satisfy the requests and offer the services requested by the visitors / users.

If you wish to subscribe to the recipient list of the Company's newsletters (Newsletter), you indicate your email, which we will use to send promotional material until you withdraw your consent to its sending, which can be done easily and at any time.

You can also register as a member enjoying an optimal service experience through your convenience to make purchases by filling in the relevant registration form customer information: email (required), username, display name, password and password confirmation (required), billing information: First Name, Surname, Address, 2nd Address, Postal Code, City, Country, Prefecture/Region, Telephone, Invoicing Information: Choice of Receipt or Invoice, Name, Profession, Tax Identification Number, D.O.Y, Person in Charge of Order Reception, Company/Branch Address .

When your order is submitted electronically, it is necessary to fill in your identity information, such as your name and contact information, such as the postal address for shipping the products, email and contact phone number.

In order to complete the order, it is necessary to process the purchase data such as the type, description of the purchased products, shopping cart, value, transaction code/name, place of delivery, time of purchase, purchase and order history, any comments or complaints you may have .

To calculate the size, if you wish to make use of our consulting service, you will need the dimensions in centimeters (cm) of chest, waist, hip circumference, height, name, email, corresponding number and optionally the mobile phone.

Consumer Behavior Data while browsing e-charatsidis such as your shopping cart, Wishlist, Likes, comments and interaction on Social Media, gift redemption, purchase frequency, manner, time of purchase.

Financial data that you declare in online transactions at ilmarte, such as payment, credit and refund information, bank account (IBAN), transaction amount, refunds, debit or credit card information, invoicing information (VAT, D.O.Y, profession). The registration of the card details, their confirmation, the binding of the amount and the final charge, are made in a secure environment (SSL) of the Bank..., without being stored by ilmarte.

Also, personal data that you share during your visit to social media, the pages of https://www.e-charatsidis.gr/ on Facebook and Instagram, such as username, comments, messages and information, when you follow these accounts , when you communicate with us and when you use the services that the above websites offer to get in touch with us, submit requests, evaluations.

During your communication with the customer service department, you provide us with your personal information such as identity, communication, or transaction data, which we use as the case may be, exclusively and only to serve your request.

Technical data such as for example the source channel, Internet Protocol (IP) address, time zone and location, input data, browser type and version, operating system and platform and other technology on the devices you use to connect to ilmarte.

This website may use Cookies, as well as related technologies. For more information on the concept - collection and use of Cookies from https://www.e-charatsidis.gr/ you can refer to read the Cookies Policy..

 

Data of minors

The Company, based on its statutory purposes, does not provide products directly to minors, therefore it does not knowingly process the personal data of minors.

However, parents and guardians of minors are advised to contact the Company immediately if they find any unauthorized disclosure of data by minors for whom they are responsible, in order to exercise the rights granted to them accordingly.

 

Purposes of Processing

The Company, within the framework of its statutory activities, may collect and process personal data for the following purposes:

1. To receive, evaluate, complete your orders and ship the products to you

2. To process your payments

3. To communicate with you about issues related to electronic transactions through e-charatsidis

4. In order to respond to all kinds of requests (replacement, returns, right of withdrawal, etc.) to provide support and service for its products after the sale

5. The Company processes personal data necessary for the use of the services, such as your registration as a Member

6. In order to meet legal obligations arising from legislation, such as tax, accounting.

7. In order to ensure the proper operation and security of its website.

8. In order to legally conclude contracts, to investigate the possibility of concluding contracts pre-contractually and to meet the legal obligations arising from them.

9. For promotional purposes, research purposes, marketing aimed at communication and optimization of its products and services, respecting the legal conditions.

10. To manage our customer base by creating a database

11. To optimize your shopping experience and your service within our online store

12. To send you a Newsletter regarding our Company's news, products, offers and promotions.

 

Legal Basis

For the legal processing of your data, we rely on the following bases, in accordance with the GDPR:

The legal interest of the Company

  • for the security of your account and your identification, where required, as well as the security of data, networks and the prevention of fraud and unauthorized access to them
    to optimize services to its customers through its online store

  • for the purpose of direct commercial communication, respecting the conditions of the law, by providing the possibility of deletion (unsubscribe) at any time
    Your consent

to register as a member


  • for your communication with the Company by completing the relevant form

  • The performance of a contract regarding

the investigation of the possibility of concluding contracts pre-contractually


  • the creation and management of your Account

  • the sale of the products regarding the receipt of the order, its acceptance, processing, payment, coke transfer


Compliance with its legal obligation

  • to comply with tax and accounting provisions

  • to confirm the order by sending an email to a fixed medium

  • to satisfy the right of withdrawal, in accordance with the law

 

Data Protection and Security

The Company takes the appropriate technical and organizational measures to prevent unauthorized access, to ensure the integrity and availability of the data, such as the necessary digital data security measures, the appropriate antivirus, firewall and the SSL certificate.

 

Rights of Personal Data Subjects

The Company provides full and transparent information to the Data Subjects regarding the provisions of the General Data Protection Regulation no. EU (2016/679) rights and ensures that they can exercise them freely.

In particular, the Data Subject is entitled to:

• To be informed by the Company and to request access to his personal data, requesting to receive a copy of his personal data.

• To request the correction of inaccurate personal data, as well as the completion of incomplete personal data.

• To request the deletion of his personal data under the conditions defined in the above Regulation. It may request that personal data be deleted, provided that its retention is not based on any legal basis or legitimate interest, in the event that the personal data is no longer necessary in relation to the purposes of the processing or revokes the consent on which the processing is based , objects to the processing, or the personal data has been unlawfully processed.

• To request restriction of the processing of his personal data under the conditions defined in the above Regulation, when he disputes the accuracy of the personal data or considers the processing illegal or to support legal claims or expresses objections to the processing.

• To request the transmission of his personal data to the Subject himself and/or to third parties, in a structured, widely used, machine-readable format, in the event that the processing is automated and based on consent or contract.

•Right not to be subject to a decision made solely on the basis of automated processing, including profiling, which produces legal effects concerning him or significantly affects him in a similar way (right to human intervention).

• To withdraw his consent at any time, for the processing of his personal data, where this was required. In this case the Company reserves the right to interrupt any service to the Data Subject. The withdrawal of consent does not affect the lawfulness of any processing carried out prior to the withdrawal of the Subject's consent.

To exercise all the above rights, you can contact the Company free of charge by sending an email to the email address: This email address is being protected from spambots. You need JavaScript enabled to view it.. or by phone at 2310 727 070

In the event that any of the above rights are exercised, the Company will immediately ensure the satisfaction of your request within a reasonable period and at the latest within thirty (30) days from the identification of the submitted request, informing you in writing of the progress of its satisfaction and any legal reasons for rejecting it, such as in the case that they are manifestly unfounded or excessive, especially due to their repetitive nature, in accordance with what is specifically provided for in the GDPR.

In the event that you are not satisfied with the Company's response to your request, as well as for any of your complaints regarding this Policy or regarding personal data protection issues, you can address the Independent Personal Data Protection Authority, by submitting a complaint, to the following details : www.dpa.gr, postal address: 1-3 Kifisias St., P.O. 115 23, Athens, tel.: +30 210 6475600, fax: +30 2106475628, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it...

Transmission of personal data

The Company may cooperate with selected, based on quality criteria, advertising companies, suppliers and service providers, who process personal data on its behalf following orders given to them by the same and ensuring compliance with the obligation of confidentiality and protection of personal data, acting as Processors (such as the Company that hosts and manages the e-shop, courier companies). In this case, only the personal data that is absolutely necessary and exclusively for the processing purposes mentioned in this Policy are transmitted.

If the Processors are established outside the E.U. and E.O.C., or data processing is to take place outside the E.U. then the transmission of personal data takes place provided that an adequate level of protection of personal data is ensured, such as in the cases: i) where an adequacy decision has been issued by the European Commission or ii) under the provision of appropriate guarantees and the condition that there are enforceable rights and effective remedies for the data subjects or iii) the existence of approved corporate binding rules, as well as in any other case provided for in the GDPR.

 

Data Retention Period

Personal data are kept for a specific and limited period of time, depending on the purpose of the processing, after which they are securely deleted, unless a different retention period is provided by the applicable legislation.

-The data concerning the purchase of products are kept until the completion of the purchase. The Company may keep the data anonymous, without the possibility of identifying you for historical, research purposes.

- The data collected through the contact form "Contact us", on the website https://www.e-charatsidis.gr. as well as through any other means of communication with the Company, are kept for a maximum period of 3 months from the completion of the communication.

- The data through the accounts of https://www.e-charatsidis.gr. on social media, such as Facebook and Instagram, are kept for as long as you remain connected in any way to those accounts and in accordance with the respective terms included in the data protection policy of those media.

- Cookies files are kept for a period of time determined according to their nature, origin and the purpose for which they are used. For more information please refer to the Cookies Policy.

- Also, personal data is kept for the period of time determined by the current Legislation such as tax, accounting, privacy of communications and the corresponding provisions of the law for the maximum period of their retention.

- As long as there are legal claims/demands of a civil nature, the Company may keep the personal data until the completion of the legal time of limitation of the claims.

Disclaimer for Third Party Websites

The Company's website provides links (links, hyperlinks) to third party websites, the content of which is not controlled by the Company. The websites have terms of use as well as terms for the protection of personal data, which visitors and users are asked to read. Users' browsing of them is done solely at their own risk. The Company does not assume responsibility for any damage that may be caused by the use of links or hyperlinks to third party websites.

 

Applicable Law-Dispute Resolution

The parties mutually agree to make an effort to amicably resolve any dispute arising from this Policy in a spirit of mutual respect, by subjecting them to out-of-court procedures, such as Mediation.

In the event that an amicable settlement is not possible, any dispute or claim regarding this website will be governed by Greek law, while the Courts of Drama are designated as competent.

 

Updates to the Personal Data Protection Policy

The Company may, whenever deemed necessary at its discretion, modify this Policy, such as for reasons of compliance with legislative amendments, or optimization of its services. For this reason, you are invited to check this page every time you visit the Company's website. Any changes will be posted on this website with an indication of the date of modification.

 

Appendix-Definitions

For the purposes of this Policy, the following definitions are set out as they are in the GDPR:

"Personal data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, ID number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

"Special categories of personal data": personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person , data relating to health or data relating to a natural person's sex life or sexual orientation.

"Processing": any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

"Anonymization": the processing of personal data in such a way that the data can no longer be attributed to a specific data subject.

"Pseudonymisation": the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that cannot be attributed to an identified or identifiable natural person.

"Controller": the natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data; when the purposes and manner of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or the law of a Member State.

"Processor": the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.

"Consent" of the data subject: any indication of will, free, specific, explicit and fully informed, by which the data subject manifests that he agrees, by statement or by a clear positive action, to be the subject of processing of the personal data that they concern it.

"Personal Data Breach": the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.

Also as "Existing Legislation": The provisions of the currently existing Greek, Union or other Legislation to which the Company is subject and defines issues of personal data protection, such as in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons against the processing of personal data and for the free circulation of such data (General Data Protection Regulation, GDPR), the legislation on the privacy of communications, etc.

 

Revision: December 2020