1. Personal Data.
In order to become our customer and use our e-shop, you may be asked to submit personal information such as:
· E-mail address;
· Phone number;
· Shipping address; and
· Credit card information.
You are not required to provide any personal data, but if you choose not to do so, we will not be able to provide our services.
2. Processing of Personal Data.
We may process personal data for the following legitimate reasons:
(a) the performance of a contract or the intention to award a contract, such as the execution of a work or the provision of services, in order to meet contractual obligations in that context;
(b) safeguard and protect your and/or our legitimate interests;
(c) compliance with obligations and duties imposed by law or administrative acts; or
(d) with your consent, provided under the specific conditions set forth in the applicable legal framework or on the basis of contractual relations or when contacting us.
3. Disclosure of Personal Information.
We may make available certain personal information, as required or permitted by law, to third parties, such as companies and individuals with whom we contract to perform business functions and services on our behalf, e.g. courier services, implementation services, host of web servers, data analysis, legal, accounting, marketing and other support services. In this case we remain responsible while processing your data. The processing shall be governed by contract that is binding and ensures that the third parties have committed themselves to confidentiality and adhere on all legal requirements, as well as that you can freely exercise your rights as a data subject.
It may be necessary − by law, legal process, litigation, requests and/or orders from judicial and administrative authorities within or outside your country of residence − for us to disclose your personal information. We may, also, disclose information about you, if we determine that for purposes of national security, law enforcement or other reasons of public importance, disclosure is necessary or appropriate.
We may disclose personal data, if we determine that disclosure is reasonably necessary to enforce our “Terms and Use” or protect our operations or other users. Additionally, in the event of reorganization, merger, or sale of our company, we may transfer any and all information we collect to the relevant third party.
4. Duration of Processing.
Depending the nature of processing, we may retain your personal data under the following criteria:
· If the process is required by applicable law, your data will be stored for the period prescribed in the relevant provisions;
· If the process takes place on a contractual basis, your data will be stored for the period necessary to ensure due performance of the contract and thereafter for the establishment, exercise and/or defense of legal claim arising from the contract or required by law;
· In case of marketing, your data will be retained until you exercise your right to opt out of receiving newsletters and information about new products and services from us. You can opt out any time by contacting us as described hereunder.
5. Your Rights.
Your rights as a data subject while processing your personal information are:
· to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and request information about the processing and the data;
· to obtain the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement;
· to obtain the erasure of personal data concerning you, when processed with your consent. In case of compliance with a legal obligation and/or the data are necessary in relation for the purposes for which they were collected (i.e. there is a contractual agreement in force between you and DIASTASIS SA) your right might be subject to limitation or unobtainable, as the case may be;
· to obtain restriction of processing if (a) the accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; (d) you have objected to processing while pending the verification whether the legitimate grounds of the controller override those of the data subject;
· to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you for the legitimate and contractual purposes described hereinabove. Where personal data are processed for purposes of direct marketing, which includes profiling to the extent that it is related to such direct marketing, you shall have the right to object at any time to processing of personal data concerning you;
· to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where (a) the processing is based on your consent or on a contract between you and us and (b) the processing is carried out by automated means. You, also, shall have the right to have the personal data transmitted directly from us to another controller, where technically feasible;
· to withdraw your consent, if processing is based only on your consent, by e-mail to firstname.lastname@example.org; and
· to file a complaint before the Hellenic Data Protection Authority T: +30 210 6475600, Fax: +30 210 6475628, e-mail: email@example.com
The security of your personal information is important to us. We implement the appropriate technical and organizational measures to ensure that your data is processed securely and is protected from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access. Taking into account that our services are web based and no method of transmission over the internet is absolutely secure, we cannot guarantee that the implemented technical and organizational security measures cannot be maliciously overridden and unauthorised third parties will not gain access to personal information for unlawful purposes.
For any issue regarding the processes of personal data and in order to exercise any of your rights, please contact us by e-mail firstname.lastname@example.org, tel.: (+30) 2109419400 or regular mail at DIASTASIS SA, 10 Kontoni Str., Moschato 183 46, Athens, Greece.