This Privacy Policy provides users of this website (the “Website”) with the fullest information on the processing of their personal information through according to the General Data Protection Regulation (GDPR) and the Personal Data Protection Code.
Pursuant to statutory requirements, this Privacy Policy also indicates:
- The nature of the personal information processed
- The purposes and means of the processing of personal information
- The identity and contact details of the Data Controller(s)
- Any third parties involved in the processing activities
- The retention period of personal information
- The security measures adopted to protect personal information
- The privacy rights of users.
This Privacy Policy applies to the Website only and does not concern any website or platform to which the Site may be linked to.
Users with fewer than 16 (sixteen) years old are not allowed to consent to the processing of Personal information without parental authorization.
Data Processor and Controller(s)
Under the GDPR, the controller is the subject that, alone or jointly with others, determines the purposes and means of the processing of personal information.
The controllers for the data processing related to the activities of the Site are:
- KATSIKATINOS.COM , with registered offices in Athens, 4 Doriza str. 11525, Greece.
Contact: info@katsikatinos.com / T: +30 22830 23466
The Controller(s)
With respect to personal information of registered users and non-registered users who have opted to receive newsletters and marketing communications, WWW.KATSIKATINOS.COM acts as the sole Controller and processor of these activities.
Personal Information and Purpose of Data Collection
“Personal information” means any information relating to users and which identifies them personally, either alone or in combination with other information.
Personal information is collected automatically by the ‘Website’ or received via multiple sources: online forms, chat, e-mail, apps, devices, social media and other means.
The Website processes personal information in various shapes for the following purposes:
Browsing Data
The Website collects non-sensitive browsing data by automatic means in order to enable and improve user navigation (e.g., IP address, date/time of the visit and its length, any referring URL, the pages visited on the Website, the device used and other information).
The processing of such information allows users to access the Website and enjoy its features and services. Furthermore, browsing data may be used to verify that the Website is functioning properly.
From time to time, browsing data are processed anonymously for statistical purposes.
Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of the users if associated with other information.
The browsing data described above are stored only temporarily in compliance with the applicable law.
Orders
At checkout, the Website asks users to provide personal information for the essential purpose of fulfilling their purchase orders and comply with contractual obligations (e.g., name and surname, e-mail address, delivery address, etc.).
Such personal information is also essential for the Customer Service to assist customers on enquiries and for any related necessity, before or after the sale (for instance, with respect to the order delivery status or on product returns).
Personal information related to orders will be stored as long as required to comply with contractual obligations and with the applicable tax and financial reporting obligations.
The Website may also verify the payment instruments used by customers to purchase on the Website (e.g. credit or debit card, etc.) for the main purpose of preventing fraudulent activities or pursuant to the applicable anti-money-laundering laws. As full reliance for payment verification is given to third party payment processors, the Controllers do not process or store any financial information belonging to customers.
Failure to provide the personal information required at checkout will prevent users from completing an order on the Website.
Based on its legitimate interest to improve its relationship with customers, the Website will send to the latter email, communications with product suggestions, discounts, feedback requests or other updates. Customers are always free to unsubscribe from such email communications (by clicking on the “unsubscribe link” at the bottom of each email).
Website Subscription
When users opt to register a personal account on the Website, they are asked to submit personal information (e.g., date of birth, gender, etc.). The Website clearly indicates which personal information is mandatory (or not) to set up an account.
Users must submit personal information that is true and accurate at the moment of registration and are invited to maintain their personal information up-to-date (if any modification occurs) by logging into the personal account to make all relevant changes.
Users who choose to enable or log in to their Website account via social media, should be aware that when they connect their Website account to a social media account, the Website collects certain personal information the User has already provided to that social media (for example, the email address and public profile on Facebook).
The Controllers do not oversee or control such social media services or the user’s profiles on these services, and do not establish privacy settings or rules for how personal information on those services will be used. Users are highly encouraged to read all policies and information regarding the applicable social media services to learn more about how they process personal information.
Newsletter and Marketing Communications
On the Website, users can opt to receive newsletters and commercial communications.
The Website always collects the explicit, free and unambiguous consent of users prior to submitting newsletters and marketing communications to these users or, more in general, before undertaking electronic marketing initiatives dedicated to them.
In such cases, users may be invited to submit personal information in addition to their e-mail address (e.g., gender, country of residence, etc.) for the purpose of having newsletter and marketing communications tailored to the user profile.
Users can always easily withdraw their consent from receiving newsletters and commercial communications in the following ways:
- Through their account settings
- By clicking on the ‘unsubscribe’ link in any of such email
- By contacting our Customer service.
With respect to personal information of non-registered users who have opted to receive newsletters and marketing communications, WWW.KATSIKATINOS.COM acts as the sole Controller and processor of these activities.
Profiling
Under the explicit user’s consent, newsletter and marketing communications may be tailored to the user “profile”, based on the personal information the Website collects or receives about the concerned user.
With respect to the customers of the Website it is in the Website‘s legitimate interest to process personal information to offer more interesting products, to improve the Website and to personalize the products offered on the Website.
The main purpose of profiling is to propose products, services and initiatives more responsive to the tastes, shopping habits and interests of users and customers.
Personal information may be also used for remarketing, retargeting or profiling purposes, including via third parties (e.g., social networks, etc.).
Neither the Website nor the Controllers will ever carry out any profiling activities relating to children.
Sharing and Transferring of Personal Information
The Controllers may transfer personal information of customers to primary third-party suppliers, acting as “data processors” (the “Processors”), for the purpose of performing business operations in order to fulfill their contractual obligations.
The Controllers will make their best effort to ensure that all Processors will apply their industry best practice to protect personal information and that they will not use personal information for any other purposes than those agreed with the Controllers.
For instance, the Controllers may share personal information with the following categories of Processors:
- Couriers and postal operators
- Fulfilment centers and warehouses
- Advertising, digital, marketing and social media agencies
- IT service providers
- Customer care service providers
- Payment service providers
- Persons, companies or professional firms that provide assistance and advice to the Holders in accounting, administrative, legal, tax and financial matters;
- Subjects, bodies or authorities to whom it is mandatory to communicate personal data for purposes of compliance, abuse or fraud, or by order of the Authorities.
In such cases, sharing personal information with the Processors is necessary for the Controllers to fulfill their contractual obligations and, also, to improve the Website’s products and services.
Users can request an updated list of the Processors involved in the processing of personal information relevant to the Website’s activities by writing an email to info@katsikatinos.com. The Controllers must always reserve the right to disclose personal information about users as required by law (for instance, in response to law enforcement requests), and where needed to protect the rights of the Controllers or their affiliates or third parties.
Moreover, personal information may be disclosed to other companies within the same corporate group of each of the Controllers, or to third parties in the event of a corporate restructuring process, in full compliance with the applicable law.
In any other cases, the sharing of personal information will be conditional upon the preliminary and explicit consent of the user, unless processing is allowed under an alternative legal basis.
The Controllers will not transfer any personal information outside the European Economic Area (EEA), unless the user has explicitly authorized such transfer or the transfer of personal information outside the EEA is allowed by the GDPR on another legal basis.
Retention of Personal Information
The Controllers will store personal information for as long as it is needed to provide users and customers with the required services or to meet legal or tax obligations or for the minimum period prescribed by the law.
In order to determine the appropriate retention period for personal information stored by the Website under user consent, the Controllers will take into account multiple factors to ensure that personal information is not stored for longer than the necessary or appropriate period. Such criteria will also include:
- The purpose for which the Site holds personal information;
- Legal, tax and regulatory obligations in relation to that personal information
- The type of ongoing relationship with the concerned user or customer (how often the user logs into their Website account, whether users continue to receive marketing communications, how regularly they browse or buy on the Website, etc.
- Any specific user request in relation to the deletion of personal information
- Legitimate business interests.
The Website will promptly delete personal information that is no longer needed or retained according to the law.
Users’ Rights
Users are entitled to receive confirmation as to whether the Controllers hold any personal information about them.
If this is the case, under the GDPR, users also hold the rights to:
- Be informed about the collection and use of their personal information
- Access their personal information at no cost;
- Have inaccurate personal information rectified, or completed (when it is incomplete)
- Have personal information erased (“the right to be forgotten”)
- Under specific conditions, obtain the restriction or suppression of their personal information
- Obtain and reuse their personal information for their own purpose across different services when processing is based on a contract or on consent, and the processing is carried out by automatic means (“the right to data portability”)
- Under specific conditions, to object to the processing of their personal information
- Object at any time to the use of personal information for “profiling” or “automated decision-making” purposes.
- The right to submit complaints related to the collection and processing of personal information to the competent supervisory authority
- The right to withdraw consent to the processing of personal information at any time.
Users can contact the Website for any enquiry and to exercise their privacy rights at the following email address: info@katsikatinos.com
Changes to Privacy Policy
Any future changes to this Privacy Policy will be posted on the Website and, where appropriate, notified to users by email. Users are encouraged to read this Privacy Policy frequently to check for any updates or changes.