Last updated December 2nd 2020
2. Applicable Law of Data Protection.
The applicable data protection law (hereinafter the “Applicable Data Protection Law”) consists of the applicable national and European legislation on the collection, use and disclosure of your personal data by us, including Regulation (EC) 2016/679 of the European Parliament and the Council, adopted on 27 April 2016 and put into effect on 25 May 2018 (hereafter referred to as the “Regulation”) and Greek Law 4624/2019.
3. Definition of Personal Data.
4. Data Controller – Joint Data Controllers.
The Company is responsible for the processing of your Personal Data and in that capacity undertakes to make every effort to ensure that the confidentiality of your Personal Data is respected and to ensure the unimpeded exercise of the rights granted to you by the Applicable Data Protection Law.
5. Special notice for the minors.
For minors under the age of 18 and partially disqualified persons, according to the applicable in their case jurisdiction, are prohibited from communicating to us through the Website, by telephone, or in any other way, their Personal Data without the prior consent of the person or persons who exercise the parental custody. We ask those persons not to submit information to us. In the event that users of the Website are under the age of eighteen (18) years and continue to disclose their Personal Data via the Website, it shall be deemed by us that such persons have obtained the prior consent of the person or persons who exercise the parental custody.
6. You disclose to us Personal Data in the following occasions:
- If you wish to create a personal account by registering on the Website: you will be asked to provide Us with specific Personal Data, including but not limited to your name and surname, your email address, your date of birth, and, in general, other information that can be used for your personal identification.
- When you use our Services: You may be asked for some of your personal information, such as your postal address, the details of the payment method when ordering from our online store and your e-mail address when you sign up for one of our competitions or newsletters.
- If you contact (in writing or orally) the Company’s Customer Service Department: We may store / register your correspondence, as well as any information requested and are deemed necessary for your best service and/or proof of our contractual relationship (e.g. if you place a product order by phone).
7. Information we collect automatically when you visit the Website or make use of the Services.
- Website: We may collect information from the Website and how you use it. When you visit the Website, the web browser sends data to our servers. With this information we can optimize our services by personalizing and improving your experience when you use the Website (via a computer, mobile phone, or other mobile device). This information may include the following:
- your IP address;
- the date and time of your visit to the Website;
- the referral URL (i.e. the website from which the user originated);
- the pages you have visited on our Website;
- information about your device and your web browser (type of web browser and version, operating system, etc.).
- Information about your location: When you visit the Website from your computer, mobile phone or mobile device, we can collect and process information about your actual location, based for example on the GPS signals emitted by the device. We may also use a variety of other technologies to determine your location, such as the sensor data of your device that, for example, can provide us with information about nearby Wi-Fi access points, or Nearby Field Contact (NFC) and/or GSM towers. Note that we'll let you know when we're going to use your location data, and usually you can allow or disable sending your location data through your device or web browser settings.
8. Information regarding the Personal Data collected by other websites – Advertising through third parties.
9. Use of your Personal Data.
We use your Personal Data for the following purposes outlined in brief:
- Managing the order you placed via the Website or by phone: We use information such as your name, address, and payment details in order us (or the Partner, as the case may be) to process and deliver your orders, as well as to inform you of the status of your order. We may also use the information to assess your creditworthiness and for that we may use third party services.
- Customer Service Department:If you contact (either by telephone or in writing) our Customer Service Department (or vice versa), we use your order information and our contact history to respond to your requests, manage your order, facilitate the exercise of your rights and in general in order to offer you the best possible service.
- Marketing/promotion:To send you e-mails with news and updates regarding our Website and Services, to provide you with and send you information that addresses your interests (such as banners and offers) by taking your prior consent to use your Personal Data for such purposes.
- Use of the Website:To update and adjust the content of the Website and the product offers, and to analyze the use of the Website.
- Other services offered by the Company:Also, we may use your Personal Data in order to give you information for products and services provided by third parties. It is possible that we use your Personal Data to facilitate your communication with other members or users of the Website.
- Other purposes:To the extent required by law, we will ask for your consent when we want to use your information for purposes other than those listed above.
Providing to Us your Personal Data is voluntary. Nevertheless, in certain occasions, if you do not grant to Us access to your Personal Data, you will not be able to access all or certain of our Services.
10. Disclosing your Personal Data.
We do not sell your Personal Data to third parties; neither have we granted licenses to them for using same for their own benefit. However, in the course of our business activities we may share certain of your Personal Data with:
- a limited number of our staff and employees in the marketing, sales, customer service and technical department, to the extent necessary to provide you with the Services,
- the Partner that will manage your order when you make use of the Nobacco Speedy service (see also article 4 above),
- or in any case as permitted or required by the Applicable Data Protection Law.
10.1 Service Providers.
10.2 Social media networks
10.2.1 Our Website allows you to sign-in (additional plug-ins) with your existing account in various social media (e.g. Facebook, Twitter, Google+, etc.). If you choose to interact with a social media (for example when creating/linking your account on the Website), then your activity on the Website will also be available to the social media you have chosen to use (e.g. Facebook, Twitter, etc.).
10.2.2 If you are logged in to a social media network when you visit our Website, then the social media agent can add this information to your profile. If you are using a plug-in, then this information will be transferred to the corresponding social media. If you do not want to make such a transfer, please log-out from the relevant social media before connecting to the Website.
10.2.3 In particular, we offer you the ability to create a website account using the account you already have in the social media network of your choice (such as Facebook). This will save you time creating an account on the Website because your login will be transferred and will be automatically imported to the Website from your social media account. Please note that when you use this social connection feature, we receive some social media information such as your name, age, location, preferences, profession, and other elements of your public profile, and maybe we may also have access to your photos or your friends' lists in the relevant social media. This information is not requested by us but is provided by the social media tool, making use of the capability of the aforementioned social connection. When you use this feature, our Company will only enter the information required to create your account with us; any other supplementary information we will receive from the social media will be rejected. Once your account is activated, you will be able to add any information you want to share with us.
10.2.4 Please read the privacy policies of the relevant social media networks to get detailed information on the collection and transfer of your personal data, your rights and how you can achieve satisfactory privacy protection settings.
10.3 Disclosure according to the law. We may disclose your Personal Data as permitted or required by law. For example, we may be obliged to reveal and disclose your Personal Data following the implementation of a court decision, a prosecutor’s order or according to the decision of a person or administrative body with jurisdiction of the law to compel the disclosure of such information. In case that we reasonably believe that your Personal Data could be useful for the investigation of improper or illegal activity, we may disclose such information to the competent state authorities or other investigating agencies.
11. Right to access, to object, to erasure and to data portability.
11.1 With respect to your Personal Data, you retain, amongst others, the rights to access, to object and to erasure ("right to be forgotten") as specifically defined in articles 13-22 of the Regulation. In this context, you may have access at any time to your Personal Data that we maintain in databases in order to modify, correct or update this data, even to object - at any time and for any reason – to the processing of Personal Data relating to you, as well as to revoke your consent with regard to such processing or to request their permanent deletion from the Company's records. To do this, please follow the steps described each time in the message you receive via the relevant means of communication (such as e-mail or sms messages).
11.2 If you wish to withdraw your consent from all our newsletters as well as your consent to use your Personal Data for the purposes of marketing, promotion of products and/or services, then you can use the unsubscribe link included in the messages you have received. Alternatively, you can contact our Customer Service Department by e-mail at firstname.lastname@example.org or by phone at 210-7622020. Please note that it may be required to verify your identity before we process your request.
11.3 Further, you may -at any time- request that we permanently delete all your personal information maintained in our records, by contacting our Customer Service Department via e-mail at email@example.com or by telephone at 210-7622020. We will respond within thirty (30) working days of receipt of your request. If we do not respond or our response is not considered by you to be satisfactory, you have the right to appeal to the Data Protection Authority and request an examination of our response/omission of our action.
Following a deletion request by you:
(a) We will cease to use or make available your Personal Data (other than where required by law).
(b) We will delete your Personal Data from our databases with the exception of information that is contained in e-mails, correspondence and other documents that we may retain as evidence of the terms of the legal relationship between us and you or as otherwise provided by the applicable law.
(c) Taking into account the technology available and the cost of implementation, we will take reasonable technical and organizational measures to inform any data processors processing your Personal Data on our behalf, as specifically mentioned above, that you have requested from them (the data processors) deletion of any links to such data or copies or reproductions of such Personal Data.
Please note that it may be required to verify your identity before we process your request.
12. Summary of your rights according to the provisions of the Applicable Data Protection Law.
We respect the privacy of individuals whom we process the information, and strive to ensure that personal information is processed in accordance with the legal requirements of the Applicable Data Protection Law.
Consequently, we are committed to ensuring that personal data shall be:
(a) Processed fairly and lawfully; In particular, we will be transparent with individuals about how their personal data is processed.
(b) Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; If we decide to further process personal data in this way, then the express consent of the individual subjects of that data will be sought.
(c) Adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; We will only collect and process ‘appropriate information’, to the extent that it is needed to fulfill operational and administrative requirements or to comply with any legal obligation.
(d) Accurate and, where necessary, kept up to date or corrected (following your request);
(e) Kept in a form which permits identification of data subjects and for no longer than is necessary for the purposes for which the data were collected or for which they are further processed;
(f) Processed in accordance with the rights of data subjects as established by the Applicable Data Protection Law (right of information regarding the processing of personal details, right of access to the Personal Data, right to object to the use/processing of Personal Data (including profiling), right to temporary judicial protection, right to data portability).
(g) Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data due to the Company’s activities;
(h) Personal data shall not be transferred from us to a country outside the European Union unless an adequate level of protection for the rights and freedoms of data subjects has been established in relation to the processing of the data exported;
(i)According to the Regulation, as the subject of your Personal Data you reserve the right to data portability and in particular the right to receive your Personal Data and which you have provided to us as the data controller, in a structured, commonly used and readable format, and the right to forward this data to a new data controller without hindrance from us, as described in detail in Article 20 of the Regulation. In such a case, we are not responsible for the processing of the data by the new data controller to whom your Personal Data will be sent, nor for the quality of the data to be transferred, beyond what we are required under the Regulation. As the data controller we will need to verify your identity before proceeding with the above. The right to data portability - if exercised - does not negate the other rights provided by the Regulation and the Applicable Data Protection Law.
The website of the Hellenic Data Protection Authority provides information and assistance with regard to your rights under the Regulation and related legislation (www.dpa.gr).
Briefly summarised, your principal rights are:
- The right to find out what information is held about you on computer and in paper records.
- The right to access and be informed of the purposes of data processing, the recipient or the categories of recipients.
- The right to be informed as to any changes in the processing for the time period lapsing since our last notification to you.
- The right to be advised of the methodology involved in the automated data processing.
- The right to be informed as to the security measures enforced by the Data Controller for the protection of the personal data, and
- The right to be informed of notifications of the Personal Data to third parties.
- The right to take steps to prevent your Personal Data being processed if the processing is likely to cause you to suffer substantial damage or substantial distress where this is unjustified.
- The right to require that your personal data is not used to market to you products and services.
- The right to prevent decisions being taken about you which are based solely on automatic processing (profiling).
- The right to amend or destroy inaccurate Personal Data about you, or Personal Data which you no longer wish to be processed.
- The right to restrict the processing of your Personal Data, as well as the right to data portability thereof (when the processing involves identifiable Personal Data and is based on consent and performance of the contract).
- The right to object at any time to the processing of data relating to you, as well as the right to withdraw at any time your consent regarding the processing of same and to request the permanent deletion of you Personal Data from the Company's databases.
- Τhe right to lodge a complaint with a supervisory authority.
- The right to claim compensation where you have suffered damage and distress as a result of breaches of the Regulation.
13. Duration and country of storage of your Personal Data.
We retain your information for a limited period of two (2) years, starting from the time of your last contact with us, unless we have a legal obligation to keep the information for a shorter/longer period, or if it is required in some or to fulfill our business relationship or for purely administrative purposes of the Company.
Unless otherwise stated in the Policy, your information is stored and processed in countries within the European Union.
14. Dispute Resolution.
If, at any time, you have questions or concerns regarding this Policy at hand, or you believe that we have violated this Policy, please sent Us an email at firstname.lastname@example.org or contact our Customer Service Department at (+30) 210-7622020, and we will attempt to resolve any problem or concern you may have.
15.2 Types of cookies we use.
Below we present a brief overview of the types of cookies we use and the functions they perform:
15.2.1 COOKIES STRICTLY NECESSARY
They are technically necessary for the operation of the Website and therefore you cannot reject them. They help you navigate through the Website and use basic features.
15.2.2 SESSION COOKIES
Session cookies are temporarily stored on your computer or device during browsing session and are deleted with the shutdown of the browser session.
15.2.3 ANALYTICS COOKIES
They are used directly by the Website administrator to collect comprehensive information about the activities of users navigating on the Website; they are anonymized and collected for statistical purposes only. They help us understand how you navigate on the Website and your purchasing behavior so that we can improve the Website and make the purchase process easier and more enjoyable for you.
15.2.4 ADVERTISING COOKIES
These type of cookies aim to create a user profile, store your preferences regarding our products. These cookies allow us to share your preferences with our advertisers. They are used to measure the effectiveness of an advertising campaign as well as to send you promotional messages according to your preferences while browsing the Website, e.g. if you visit the Google website, the ad you see will be more relevant to your preferences.
15.3 How to disable cookies.
With respect to non-strictly necessary cookies, you have the following options:
- Change your browser settings to delete or prevent cookies from being stored on your computer or on your mobile device without your explicit consent. The help section in your browser will provide you with information on how to manage your cookie settings.
- Change the cookie settings relative to the Website by following the "Cookies" link at the bottom of the Website.
16. Tracking information.