On 25 May 2018 the European Parliament and Council Regulation (EC) 2016/679 (hereafter "the Regulation") on the protection of individuals with regard to the processing of personal data and on the free movement of persons these data and the repeal of Directive 95/46 / EC.
Www.koudounistra.gr fully complies with the provisions of the Regulation and undertakes to pay due diligence for the correct, rational and safe processing of the personal data it collects and processes. We understand that by giving us your personal data we trust you in this information. We have created this policy to fully access the data we collect from you, the purposes for which we collect them and the way we use them. We also need to ensure that you understand the rights you have regarding your personal data and the processing of your personal data.
1. What data we collect:
We collect, receive, store and generally process the following:
• Personal data and information you enter through the site, including information you provide when creating an account on the site (specifically: name, surname, telephone number, e-mail address and tax number if we are required to issue an invoice for a purchase)
• information contained or related to any kind of communication with you, either directly or through our site.
• Information such as the ones described below, entitled "Cookies".
The personal data you enter upon your registration or your consent must be complete and true and include necessarily the following: full name and full name, address, telephone and valid e-mail address.
Special Category Data
Our business does not collect or require the disclosure of sensitive personal data (Article 9 special article data of the Regulation).
2. Prerequisites for obtaining consent
Our business collects and processes your data based on your consent. Your consent is provided in the form of a written statement by explicitly excluding any other way. The request for consent is distinct, comprehensible, in an easily accessible form and uses a clear and simple wording. You have the right to withdraw your consent as easily as you did.
3. For what purpose do we collect the data
Our business, following the principle of data minimization, limits the collection and processing only to personal data that is appropriate, relevant and necessary for the purpose for which it is processed.
In particular, we collect, store and process your personal data after your explicit and free consent to:
i. the execution of the contract of distance selling through an online store, or from the physical store,
ii. the execution of the service you have requested to provide,
iii. the compliance of our business with the applicable legislation, indicatively and not restrictively: tax, labor and insurance legislation,
iv. order entry, order sending to the postal address you gave us, order tracking until delivery,
v. informing you of any problem that arises when executing the order directly, and responding to any query or request,
vi. to inform you about our news, events and offers and to improve our services only if you have given us your explicit consent,
vii. conducting competitions,
viii. internal research and statistical analysis to see how our site is used and understand how we can improve it,
ix. the best response to a complaint about your order,
x. our compliance with the requirements of law, regulatory and compliance regulations (if applicable),
xi. verification of compliance with the terms and conditions governing the use of our site,
xii. the protection of our civil rights,
xiii. understand your interests so that we can customize the content, promotions and other actions we show on our site in a way that best fits your interests and preferences.
4. To whom do we communicate / disclose your personal data
We communicate your personal information:
1. to the courier and postal service provider for the execution and sending of your order to the postal address you have given us.
2. to any public authority, Court, if we are bound by applicable law, as is the case at any time.
5. Links to other sites
All the actions you make on a site or website other than ours are made at your sole responsibility.
6. Data storage time
We store and generally process your personal data for the duration of your contractual relationship with us.
If our contractual relationship expires, we retain your personal data for as long as necessary until the time required by applicable law for the purpose of our compliance with, for example, tax laws, statutes of limitation of any related claims.
With regard to personal data that we store to send newsletters, promotions, we keep them for as long as we are legally authorized by your explicit consent.
In general, in case of withdrawal of consent, we are obliged to permanently delete the personal data for which your consent was withdrawn.
8. Rights under the Regulation
Under the Personal Data Regulation (EU 679/2016)) (hereafter the "Regulation") you have the following rights:
I. You have the right to know which personal data we keep and process, the purposes of processing them, the recipients or the categories of recipients to whom they are disclosed and the period for which they will be stored (Article 15 of the Regulation, right of access).
II. You have the right to request at any time and our business to perform unprofessional personal data and fill in incomplete personal data (Article 16 of the Regulation, right of rectification) without undue delay.
III. You have the right to refuse and / or oppose any further processing of limitation of the use of your data in case of doubt of its accuracy (Article 21 of the Regulation, right of objection).
IV. You have the right to request, and our business to execute, without undue delay, the limitation of your data processing (Article 18 of the Regulation, Restriction Right).
V. You have the right to request and our business to perform without undue delay deleting your data from our database if processing is not necessary to serve the purposes for which it was collected or you have withdrawn your consent for the collection and processing of data (Article 17 of the Regulation, right of obsolescence).
VI. You have the right to receive, without charge, in a structured, commonly used and machine-readable format, the data you provide yourself (Article 20 of the Regulation, Mobile Rights).
VII. You have the right to revoke at any time, without charge, the consent you have given us to process your personal data. This applies to cases where the processing of personal data is subject to consent and not to our contractual relationship or personal data that an enterprise owes under applicable law to maintain for purposes of control and compliance, for example, in tax or other provisions (e.g., execution of an order , invoicing).
VIII. You have the right to submit a complaint to the Supervisory Authority under the name of the Personal Data Protection Authority electronically at the following address www.dpa.gr.
For all of your above mentioned rights and exercise, please contact our headquarters Mesogeion 100 Maroussi 15125 or e-mail email@example.com, tel. 210 682 3338. Our company will respond in writing to your request within 20 days of submission of the request. If we judge that we need more time to respond, we will inform you in writing.
9. Updating your personal data
In order to keep personal data up-to-date, we advise you to inform us in advance of any changes or incorrect entries of your information. To review and / or process personal data, or to know how long your business intends to keep personal data or other questions about accessing your personal data, or if you want to make a request to provide us with information on whether we maintain or process any personal information on behalf of third parties, please contact the relevant department at firstname.lastname@example.org.
PERSONAL DATA SECURITY POLICY
All information that relates to your personal information is safe and confidential. Safety is achieved by the following methods:
A. User Recognition
a) The codes used to identify you as a user are two: the E-mail or username and the Personal Security Password, which each time they are entered give access with absolute security to your personal information . It is possible to change your personal secret code as often as you wish. The user is solely responsible for maintaining secrecy and hiding it from third parties. In case of loss or leakage, we must immediately notify you, otherwise we are not responsible for the use of the password by an unauthorized person. Secure security codes are stored in our database using a one-way hash algorithm, making it even impossible for administrators to recover it, and this way the system is protected even in the event of a malicious attack.
To ensure the confidentiality of the transfer of personal data, we use the SSL-256bit encryption protocol. Encryption is essentially a way to encode the information until it reaches its intended recipient, which will be able to decode it using the appropriate key (this is automatically done by the ssl protocol). Encryption and ssl usage is mandatory on all pages, whether they contain sensitive data or not.
B. Controlled Access - Security Systems
a) Access to our servers is controlled by a firewall, which allows the use of specific services by customers / users, while at the same time prohibiting access to confidential data systems and databases of the company. All servers have an Antivirus service that checks for potential malware that could cause data leakage. For server management, access is only allowed through a VPN service that only our technical team has access to, preventing any access from a public network, even if the administrator access information leaks for any reason. The filesystem of the server is encrypted, so even if one gets a physical access to a server with our data, it can not decrypt the data.
C. Back Up
We back up every day backups of all data to prevent any hardware failure at a safe point. Copies are automatically deleted from our systems with a maximum lifespan of one month. Copies are stored in the same datacenter but in a separate storage unit, having exactly the same access and protection principles as the original data. Backups are encrypted so that even if they are leaking, they can not be recovered.
D. Data leakage
If we experience any data leakage either from malicious attack on our systems or from a user's fault, our moves are as follows:
a) Temporary shutdown of the application until we ensure that any security gap is closed.
b) Immediate notification of users and / or customers of the violation, its size - and if the error has come from a member, the possible way of dealing with it.
c) Immediate notification of any authority is responsible depending on the type of leakage (eg in the case of a malicious attack the Greek police's online crime department is notified).
Cookies may be either "permanent" cookies or "periodic" cookies: a permanent cookie will be stored by a web browser and will remain in effect until its specified expiration date unless deleted by the user before the expiration date. A cookie magazine, on the other hand, will expire at the end of the user's period when the web browser is closed. We use both, periodic and permanent cookies on our site.
The information generated in relation to our website is used to generate reports about our website and about the traffic of our site. In this way we can constantly improve our website and adapt it constantly to their needs.
Users can check and / or delete cookies as they wish - for details (see aboutcookies.org). Blocking or deleting all cookies will have a negative effect on the stability of many websites. If users choose to close our cookies, they will not be able to use all the features of our site.
This policy can be renewed from time to time, e.g. due to changes in the relevant legislation. We encourage users to periodically check this page for the latest information on privacy practices.
9. Questions and communication:
If you have any questions about this policy or if you wish to exercise any of your rights as outlined here, please contact us at email@example.com or at the following address
Address: 100 Messogion Street, Maroussi, Attica, PC 15125
Tel .: 210 682 3338