Last updated 06/12/2020
2. Who is the Data Controller?
Data Controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) is VERY GAVELLO, a company legally seated in Kanari Str., no 6, Athens, Greece. (tel.: +30 210 7244933, fax: +30 210 7244910 email: firstname.lastname@example.org)
3. What Personal data do we collect? What are the purposes and the legal bases for the processing?
Depending on how you interact with us and the purpose for which we use your data, we process the following categories of data:
• identity data such as your name, surname, telephone number, email address, country from which you interact with us;
• economic and transaction information (e.g. information on your purchases, orders, returns, etc.);
• correspondence data (e.g. your messages through our contact form)
When you register for an account, we ask you to provide your full name, e-mail and password. By creating an account, you will be able to have your own profile, add products to your “Wishlist”, shop faster, be up to date on an order's status, and keep track of the orders you have previously made. We process this data to identify you, to manage your registration and to grant you access to the above-mentioned functionalities. The legal basis for the processing is the performance of the contract. To put it simply, we need to process your personal data to enable your registration as a user on our Website, since we would otherwise be unable to manage your registration. You can cancel your registration by contacting us at email@example.com.
When you carry out a transaction, we ask you to provide billing details such as full name, e-mail, telephone and address (City, Postal code, Country, State/Province/Region) as well as payment details. All this information is necessary to manage payment of the products and to execute your orders, namely to deliver the products, to manage potential returns or to communicate with you in this regard. However, it should be clarified that we do not have access to credit or debit details (e.g. card numbers, expiry dates etc.) for reasons of maximum security. You need to re-enter your card information for every purchase you make. Only the financial institutions have access to this data, which is processed exclusively in the financial institution’s environment. The legal basis for the processing is the performance of the contract. The processing of some data related to your transactions (e.g. data storage for a longer period of time) may also be necessary for compliance with a legal obligation to which we are subject (e.g. tax law etc.)
When you fill in the online contact form (requested data: name, surname, e-mail address, subject, message), we process this data to fulfill your requests by answering your questions and providing information. In this case, the legal basis for the processing is the consent that you provide by clicking on the specific tick-box before submitting your message.
When you want to subscribe to our Newsletter, we need a valid e-mail address. We will send an automated email to the specified email address after the first registration step to be able to check whether you are the owner of the specified email address or whether the owner agrees to receive the Newsletter. We will add the e-mail address provided to our mailing list only after confirmation of the Newsletter registration via a link in the confirmation e-mail. We do not collect any further data beyond the email address. When you subscribe to our Newsletter, we will process your personal data to manage your subscription and for marketing purposes, namely to send information on our latest deals and products. The legal basis for the processing is your consent. Remember that you may unsubscribe from the Newsletter at any time through the instructions that we provide you within each email.
We also collect information automatically when you visit our Website and use our Services by using Cookies and similar technologies. For more information about cookies, see our Cookies Notice, available on the Website.
Moreover, we may process your data for marketing purposes based on the consent you give us for example when you allow marketing cookies. We may also show you ads on the Internet which you may see when visiting websites and apps, for example, on social media. The ads may be related to your preferences or purchase and browsing history.
Finally, with regard to our customers, we have a legitimate interest to send emails for marketing purposes and inform you about our products and offers similar to your previous purchases. However, you have the right to object to this processing activity since we always provide you with an unsubscribe option in each email you receive. Alternatively, you can contact us at firstname.lastname@example.org and exercise the above-mentioned right (see also paragraph 7 of this Policy “Data subjects’ rights”)
4. Who do we share your personal data with?
Your data shall not be disclosed to any third party, apart from specific third partners, who are required to have access to personal data for the purpose of providing their services (e.g. technical support etc.) and for the purposes of the performance of the order (courier service providers, payment service providers). All third parties are bound by non-disclosure agreements. Moreover, only authorized employees have access to your information of transaction and only when this is necessary, e.g. to handle your requests.
Some Cookies are put in place by advertising and marketing related partners and service providers as you can see in our Cookies Policy. For service efficiency purposes, some of these providers are located outside the European Union. We inform you that this data is transferred with adequate safeguards and is always kept safe.
5. Data Retention
The time for which we retain your personal data depends on the purposes for which we process it as explained above. When you create an account, we retain your data for as long as your account is active. We delete your data by the deletion of your account. We will process your data for the time necessary to manage your purchases, including potential returns or claims related to the purchase of the product in question. Some information may be saved infor tax purposes for the time period defined by applicable tax laws. When you contact us through the online contact form, we process your data for as long as it is necessary to fulfill your request. When you subscribe to our Newsletter, we retain your e-mail address until you unsubscribe. With regard to personalized ads, we will show you ads until you change the settings and withdraw your consent to the said processing. In any case, we retain data for as long as it is necessary to fulfill our obligations according to tax law.
6. Security Measures
Our servers are located in the European Union (EU). We process your data at all times in a confidential way, maintaining the mandatory duty to secrecy regarding the said data under the provisions set out in the applicable laws. We have adopted measures of a technical and organizational nature required to guarantee the security of your data and prevent them from being altered, lost, processed, or accessed illegally, depending on the state of the technology, the nature of the stored data, and the risks to which they are exposed. The security of the Website is accomplished in the following ways:
Customer Identification: The codes used to identify you are two: Log in Code (e-mail or username) and your Personal Security Password, which grant you a secure access each time you use it. You are the only person who has access to your data through the codes mentioned above and you are solely responsible for maintaining them secret and hide them from third parties (natural persons or legal entities). In case of loss or disclosure of your codes, you must immediately notify us, otherwise VERY GAVELLO's online store is not responsible for the use of the secret code by a non-authorized person. For security reasons, we recommend that you avoid using same or easily detectable codes (e.g. date of birth).
Ensuring Privacy of your Personal Data transmission: To ensure the confidentiality of transferred data, we use the encryption protocol. Automatic Log Off: If there is no activity for 30 minutes, you are automatically logged of the online store. Firewall: Access to VERY GAVELLO’s system is controlled by a firewall, which allows the use of specific services by the customers / users, while at the same time forbids access to data systems and databases with confidential data and company information. Encryption: There is a 256-bit SSL encryption anywhere you enter personal data (password, addresses, phone numbers, credit cards, etc.). Encryption is a way of encoding the information until it reaches its intended recipient, who will be able to decode it using the appropriate key. When ordering and since the user / customer is logged in the online store with his username and password, all communication between your computer and our system is encrypted using an EV 256-bit key. This means that each time you send information to the system, your browser first encrypts it using an EV 256-bit key and then sends it to the system.
7. Data subjects’ rights
We want to ensure that you can exercise your rights enshrined under the applicable laws. To this end, for as long we retain your data you may exercise your rights free of charge by sending us an email message at our email address (email@example.com) at any time.
In particular, you have the following rights:
• to request access to the personal data that we hold;
• to request rectification of inaccurate or incomplete data;
• to request erasure of your personal data to the extent that they are no longer necessary for the purpose for which we need to keep processing them, as we have explained above, or when we are no longer legally permitted to process them;
• to request that we limit the processing of your personal data, which entails that in certain cases you can request us to temporally suspend the processing of the data or that we keep them longer than necessary;
• if you have given us your consent to process your data, you also have the right to withdraw such consent at any time. In the event that you withdraw your consent, this will not affect the legality of the processing carried out previously.
• When we process your data based on your consent of for the purposes of a contract, you can also request portability of your personal data.
• When the processing of your data is based on our legitimate interest, you are entitled to object to the processing.
Finally, we inform you that you have the right to lodge a complaint regarding the processing of your personal data by us before the Hellenic Data Protection Authority (DPA, https://www.dpa.gr).
In case you need any clarification about the processing of your Personal Data, please do not hesitate to contact us at firstname.lastname@example.org.