1. Home
  2. Privacy Policy - Security of Personal Data

Privacy Policy – Security of Personal Data

PRIVACY POLICY-SECURITY OF PERSONAL DATA

Maleas Estate follows the European and national legislation regarding the protection of personal data primarily aiming at your total security upon using our website. We provide special, explicit, full and comprehensible information about the kind, the aim and time period of the collection and processing of your personal data by our business as well as the rights you have as data subjects and how you can make use of them. During your visit and even before completing any purchase you will be explicitly and specifically informed about the existence of our privacy policy which you will be called to accept. By browsing and using our website you recognize that you have read, fully understood and unreservedly accepted the privacy policy of the specific website. We bear no responsibility if you continue using our website and the services it provides even though you disagree with any of the terms.  

LEGISLATIVE FRAMEWORK- ESSENTIAL TERMS

At European level the protection of personal data is governed by the Regulation(EE)2016/679 of the European Parliament and the Council (GDPR) of the 27 April 2016, on the protection of the natural persons against the process of personal data and the free circulation of this data. In Greece, the law 4624/2019 is valid. Our e shop strictly applies the legislation about the protection of personal data. Essential terms that you should be aware of: “personal data”: every piece of information that regards an identified or identifiable natural person(“data subject”). The identifiable natural person is the one whose identity can be verified directly or indirectly especially through a report in identifying information of identity such as name, ID number, position data, online identifiers, or one or more factors specific to the physical, normal, genetic, psychological, financial, cultural, or social identity of the specific natural person. “processing”: every action or series of actions that is made with or without the use of automated means, in personal data or sets of personal data such as the collection, the registration, the organization, the structure, the storage, the adaptation or the modification, the retrieval, the search for information, the use, the disclosure by transmission, the dissemination or any other form of introduction, the correlation, the restriction, the deletion or the destruction. “controller”: the natural or legal person, public authority, public department or other body which alone or with others in common determine the aims and the way that personal data is processed. The aims and the way of this process are determined by the European Union or the Member State legislation, the controller or the special criteria for hos/her appointment can be provided by the European Union or the Member State legislation. “data subject”: the natural person the data refers to and whose identity is known or can be verified, that is, it can be defined directly or indirectly especially by their ID number or by one or more specific data elements that characterize their existence such as natural, biological, mental, financial, cultural, political or social terms. Each user of the current website is called data subject after having fully consented to our website. Our business and the authorized personnel of our business are the controllers of personal data provided in the current website. Sometimes we may need to share your personal data with a third party who provides a service(e.g. transport company, external contractors). This specific transmission is strictly made for fulfilling our contract obligations especially the completion of the purchases you make, the satisfaction of any wish or need you may have, the solution of problems and the communication with you within our contractual relationship. “recipient”: the natural or legal person, public authority or another body where the personal data is notified whether it is a third-party or not. “consent of the data subject”: every indication of wish, free, specific, explicit, having full awareness with which the data subject shows that he/she agrees, either with a statement or with an explicit positive act, to allow his/her personal data be processed.

THE KIND OF PERSONAL DATA WE COLLECT AND PROCESS

The collection and processing of your personal data by us depends on the purpose you use our e shop for. If you are visiting our site to get informed about our business and our products, which means just for informative purposes without your placing an order, we only collect your personal data and the browser sends you to our server. This data is necessary for technical reasons and its collection has as a target to display our website to the browser of your device and ensure its consistency and safety. This data includes: date, time and duration of visit to our website, the content of the website the visitor accessed, URL through which the visitor was led to the website, IP address and the domain from which there was access to the website, the browser which was used and also technical information relevant to the visit (method http, http version, http status code, length of the data transferred). In case you proceed to any purchase from our e shop then you will be asked to give some personal data in order to go on with the dispatch of your order. For example, you will be asked to enter some data such as your full name, shipping address or even billing address, contact phone, email, pricing elements and in case payment is by debit or credit card, the number of the card, the expiration date of the card and the security code, being fully aware since you explicitly give your consent to the collection, use, processing and storage of it, choosing the indication “accept” in the relevant text that will appear during the specific completion. In case of orders, since you express your interest in purchasing our products, all your personal data(full name, address, telephone number, email, pricing elements) is collected and processed during your purchase and it is likely that we maintain them for a two-year period form the day of the purchase. In cases that payment is by bank cards, this data is not stored in our business means and no collection, process and storage of them is carried out on our behalf. This data is recorded in a secure environment of the cooperating credit institution which has undertaken the routing of the cards. WE DO NOT COLLECT: a) any debit or credit cards data and data you give to the proverbs of payment services which you type while you are placing your order. This data is used and processed by the proverb of payment services and our business bears no responsibility for the protection policy of personal data they follow (e.g. credit institutions). b) sensitive personal data  

THE REASONS WE COLLECT AND PROCESS YOUR PERSONAL DATA

The personal data you provide to our e shop is collected for specific, explicit and legal purposes and is not submitted to further process in an incompatible way since it is proper, relevant and restricted to the necessary purposes for which it is submitted to be processed(“minimization of data”). The purposes of the collection of data are exclusively relevant, only with the fulfillment of our contractual obligations to you and especially the satisfaction of your requests, such as the successful integration completion of your order(shipping of the products, purchase-completion, payment, pricing). We use your personal data to fully correspond to our contractual obligations, to complete successfully all the related operations, to contact you in the context of a good performance of our services and settlement of any complaints or clarifications, administration of our clients, and if needed, the support of legal claims for tax use(reasons for pricing and proof of services)and for control purposes of the procedures of our company from public services and authorities when we are asked after legal presumption. Our business does not process your personal data for no other reason than the above explicit, legal, proper and relevant purposes.  

TIME PERIOD FOR THE COLLECTION AND USE OF YOUR PERSONAL DATA

The time period for using, processing and storage of your personal data is limited. It only lies in the fulfillment of the above purposes of processing, depending on the reason you are using our e shop for. In order to cope with our contractual obligations but also with any additional obligations which may come up during our contractual relationship, (e.g. assert claims, inspection by the authorities etc) we have the discretionary power to maintain your personal data for at least a two-year period from the time it was collected, that is since the completion of your order from our e shop. We take the appropriate measures not only for the safety of your data during the retention period but also for its destruction after the retention period ends. We delete all the personal data the moment it is not required any more for the specific, legal and explicit purposes it had been collected for or even when you request its deletion by us.  

WHO RECEIVES AND PROCESSES YOUR PERSONAL DATA

In our business access to your data is allowed to specific employees. Access is graded according to their post and duties and Is restricted to data necessary for the purposes of the specific process they have undertaken. There is a chance your daa to be forwarded to external contractors when it is necessary for the purposes of the specific process. In such cases, the external contractor will act either as the head of the process, defining the means and the purposes of the process, or as the one who performs the process on our account. The current policy is applied in both cases. So, apart from our business, the data necessary for the processing purposes are forwarded to the following categories of recipients:
  • To third parties that provide services to us such as credit institutions, trustees and legal advisors and providers of other services.
  • To national and international regulatory, tax or other authorities, public organizations or courts when it is demanded according to law or regulation or after their instruction.
  • To our customers or associates when it is required for communication, relationship management and execution of transactions which have been required.
 

CONFIDENTIALITY AND SAFETY OF YOUR PERSONAL DATA

Your personal data are submitted to process in a way that guarantees confidentiality. It is never used for any other reasons than those you have been informed about and we never provide any information to third parties, either individuals or companies. The only exception is when your personal data is necessary to be transferred to public services, bodies, law enforcement authorities and courts and in any other case our company is legally obliged to transfer it. Your personal data is submitted to process in a way that guarantees the appropriate safety of your personally identifiable information, including its protection from unauthorized or illegal processing, accidental loss, destruction or damage with the use of technical and organizational measures(“integrity and confidentiality”). However, our business cannot be held responsible neither for any defacement of our website by third parties nor for any other incidence of force majeure which cannot be predicted.  

PARTICIPATION IN SOCIAL MEDIA AND OTHER THIRD PARTY WEBSITES

Our business has accounts on other social media(e.g. Google+, Facebook, Instagram, You Tube, Linkedin etc) and it is possible to appear in third parties’ websites. Our business checks the legality of the specific websites before making any contact with them. No personal data is transferred or revealed without your explicit authorization. For the use, collection and processing of your personal data by these websites, our company has no responsibility since each website is solely responsible for the privacy policy of your personal data. You can be informed about the privacy policy of each website by looking over it since it is solely responsible for the management of the personal data it collects.  

DATA SUBJECTS’ RIGHTS

If you wish to exercise any of your rights regarding your personal data our business keeps, collects and in general processes or if you need any clarifications for the current policy, please contact us in the email address of our business: maleasestate@gmail.com The rights concerning your personal data are the following: ACCESS OR INFORMATION RIGHT: “I wish to be informed about my data maintenance”. RIGHT TO RECTIFICATION: “I wish to rectify my embroidered personal data”. RIGHT TO DELETION-RIGHT TO BE FORGOTTEN: “I wish my personal data to be deleted from your files”, withdrawing your consent any time you wish. RIGHT TO OBJECT: “I don’t wish my personal data to be used for no other reason apart from the one I have given my consent to”. RIGHT TO RESTRICTION OF PROCESSING: “I wish my personal data to be processed only for one specific purpose”. RIGHT TO DATA PORTABILITY: “Ι wish my personal data to be transferred to another controller”. RIGHT OF TERMINATION TO HDPA(HELLENIC DATA PROTECTION AUTHORITY) (mailing address: 1-3 Kifisias str., PC 11523 Athens, telephone number 2106475600,email address contact@dpa.gr ).  

HOW TO EXERCISE YOUR RIGHTS

You can contact us in writing to our email address: maleasestate@gmail.com for any request, inquiry or complaint about your personal data. We will reply to your request in detail within 30 days from receiving it. In any case, if you feel there has been a violation in the protection of your personal data in any way, you have the right to submit your complaint in writing to the Hellenic Data Protection Authority (mailing address: 1-3 Kifisias str., PC 11523 Athens, telephone number 2106475600,email address contact@dpa.gr ).