GDPR

Privacy Policy

1. SCOPE OF PRIVACY POLICY

The administrator of the Company is also the person responsible for processing the personal data of the user-visitors, such as for example the first name, last name or e-mail address. The above information is collected from users/visitors, through the Company’s options and services, which are processed in accordance with the terms of this Privacy Policy.

The aforementioned Privacy Policy, as well as the Company Policy regarding “Cookies”, apply to all users-visitors of the website, including those who use the services listed in the online store (e-shop), without have registered or subscribed to any service of the e-shop, as well as those who have registered.

In addition, it is expressly stated that the services of the Company’s e-shop are addressed to the general public, however they are not addressed to children and do not knowingly collect personal data from children under 16 years of age, unless there is the express consent of their parents or guardians.

2. PERSONAL DATA COLLECTED BY THE COMPANY

In accordance with all that is expressly defined in article 6, paragraph 1, paragraph (a) and (b) of the General Data Protection Regulation (GDPR), the Company collects data, during the visit of user-visitors to its website, when registering in the its contact form, when registering to receive our newsletter and finally, when ordering products with or without opening a customer account. The above personal data collected are the minimum required to complete the aforementioned actions.

In addition, the Company may use “cookies” in order to collect and store information regarding the use of the Company’s Services by user-visitors. “Cookies” are small text files, which are stored on the hard drive of each user-visitor without being able to access documents or files from the user’s computer. They are used to facilitate access when using specific services and pages of the website.

The Company does NOT under any circumstances collect financial information from a payment service provider: in some cases, an unrelated payment service may be used by the Company in order to enable users-visitors of its page to purchase a product or to make payments through the Payment Services.

In case of purchase or payment through a Payment Service, redirection to a Payment Service website is provided. It goes without saying that any information users/visitors provide to a Payment Service will be subject to the Payment Service’s privacy policy and not this Privacy Policy. We have no control over and are not responsible for any use by the Payment Service of information collected through any Payment Service.

The Company’s standing policy is to recommend to users-visitors of its website to avoid any sending and disclosure of sensitive personal data (such as social security numbers, information about racial or ethnic origin, political opinions, religion or other beliefs, the health, criminal background or your membership in trade unions) on or through the Company Services.

In addition, it is pointed out that all of your personal data collected through the company’s electronic form is subject to the full and unconditional consent and consent of the visitors/users, which is provided by sending their personal data to the Company. The right of immediate revocation on the part of the user-visitors of the consent of the provided data is preserved at any time, while not only the possibility of easy access to this data is provided, but also the possibility of applying for the immediate deletion of the user data and of the users themselves.

The Company expressly undertakes: a) that all the data of users who visit its website are protected and managed in accordance with the terms and rules of Greek legislation, b) that it strictly follows all the rules established by the relevant legislation frame. In the context of the current legislation, the data stored by the Company’s website may be disclosed to third parties, the competent authorities, prosecutors or other administrative services only in accordance with the rules and provisions provided for in the respective regulatory framework.

The use of the Company’s website presupposes and confirms that the user-visitor has fully understood what is mentioned above, as well as that he fully agrees with these terms.

3. HOW THEIR PERSONAL DATA IS USED USERS-VISITORS OF THE WEBSITE

The Company uses the personal data it collects from the users-visitors of its website in order to: a) provide Services and Operations of the Company, b) optimize the user experience through Company Services), c) for compliance purposes with applicable laws or legal procedures, d) sending (via email, SMS, phone, chat and social media), with the prior consent of users, offers, etc.

4. POSSIBILITY OF TRANSFERRING PERSONAL DATA TO THIRD PARTIES

The transfer of your data to third parties is generally prohibited.

Exceptionally, the data is processed by Processors at the behest of the Company and contractually bound in accordance with Article 28 GDPR, such as, for example, Electronic Crime Prosecution, Consumer Protection services, and electronic fraud prevention services, for malicious use, social media if you choose to link your account on them with our website. If the transmission of users’ personal data is required in an individual case, the Company undertakes to inform about it in order to obtain the users’ consent. The personal data of user-visitors are NOT transferred to recipients outside the European Union.

5. RIGHTS OF USERS REGARDING PERSONAL DATA AND CONSUMER PROTECTION (L.2251/94)

Visitors have the right to receive confirmation as to whether their personal data exists and to verify its accuracy. To also request, by sending an e-mail or after contacting the Data Controller by telephone, the correction, updating or modification, deletion, anonymization or restriction of the processing of their personal data that were processed in violation of applicable law.

In addition, the right to request the cessation of processing by the Company of the personal data of user-visitors is given and the Company, for its part, will proceed with the immediate cessation of processing thereof.

Users-visitors have the right to request the limitation of the processing by the Company of personal data and the Company will proceed with the immediate limitation of their processing.

Finally, there is the right to transfer the users’ personal data to another body/organization (right of portability) and the Company will proceed with the immediate transfer of this data. However, in some cases due to documented obligations of the Company, the specific request may not be accepted. In the event that it is proven that there was a leak of personal data by the Company resulting in the users suffering material or non-material damage, there is the right to complain to the competent supervisory authority (Personal Data Protection Authority).

As far as the part of the transactions is concerned, the Company expressly undertakes to faithfully apply what is defined in Law 2251/1994 on Consumer Protection and especially what is clearly stated in Article 3 and 8 of the aforementioned Law.

6. RETENTION PERIODS OF THE PERSONAL DATA OF USERS

The Company expressly undertakes that the personal data of its user-visitors will be kept exclusively and only for the period necessary to fulfill the purposes for which they were collected as described in this Privacy Policy. In any event, the following retention periods will apply with respect to the processing of personal data for the purposes listed below:

  • Regarding the contact form, the data will be deleted within 3 months after the final processing of our communication. This will happen if it can be inferred from the circumstances that the communication has been completed, provided that there are no legal claims to store such data
  • Regarding orders, when an order is placed, personal data will be kept for five years, due to mandatory compliance with the Company’s legal and contractual obligations.
  • Finally, the declaration of consent for sending a newsletter (newsletter) is kept for as long as the newsletter is sent to the users by the Company and in any case no more than six months from the cessation of its sending. Of course, the right of the user-visitors to terminate the sending of the newsletter is preserved, either by using the corresponding deletion link at the end of the newsletter, or by sending an e-mail to www.Holigreen.gr, in which case the data will be deleted.

7. CHANGES AND UPDATES TO THE PRIVACY POLICY

The Company may modify or update this Privacy Policy for any reason (including, but not limited to, changes in applicable law and interpretations, rulings, opinions and orders regarding said applicable law.

Any changes to this Privacy Policy will be communicated in advance by posting the revised Privacy Policy on the Company Services. In the event that the Company makes substantial changes to this Privacy Policy, which change the nature of the processing or extend its rights regarding the use of personal data already collected from users/visitors, the latter will be notified immediately and in addition the relevant option will also be provided with the future use of said personal data, as may be required by applicable law.