D. GIRTZALIS AND CO. E.E., 25^her March 66, Petroupoli, Attica

The primary objective of this policy is to provide general guidance on the protection of Personal Data (collection, use, disclosure, monitoring, etc.) of the company, D. GIRTZALIS KE SIA E.E., 25 March 66, Petroupoli, Attiki, tel. …………, https://mindthehair.com/, email: …………….

1. PURPOSE OF THIS POLICY

This policy explains how the company D. GIRTZALIS KE SIA E.E., 25th March 66, Petroupoli, Attiki (hereinafter the company) may collect information about its customers and use it to satisfy customer and regulatory requirements requirements.

It also describes some of the security measures the company takes to protect data privacy and provides certain guarantees about things the company will not do.

2. LEGAL AND REGULATORY FRAMEWORK

The management and protection of the personal data of the visitor/user of the Company's services is subject to the conditions of this section as well as the relevant provisions of the Greek law (Law 2472/1997) on the protection of the individual from the protection of personal data as it has supplemented by the decisions of the President of the Personal Data Protection Committee, Presidential Decrees 207/1998 and 79/2000 and Article 8 of Law 2819/2000), the new Greek Law 4624/2019 and the new European General Data Protection Regulation data (GDPR: 2016/679 of the European Parliament and of the Council of 27 April 2016, http://eur-lex.europa.eu/legal-content/EL/TXT/HTML/?uri=CELEX:32016R0679&from=EN).

The present terms are formulated taking into account both the rapid development of technology and in particular the Internet and the existing – although not fully developed – network of legal regulations regarding these issues.

In this context, any possible relevant regulation will be the subject of this section.

In any case, the Company reserves the right to change the terms of protection of personal data by informing visitors/users within the existing or potential legal framework.

If a visitor/user does not agree with the personal data protection conditions provided for in this section, he/she must not use the Company's services.

3. COMMITMENT

The Company considers the protection of customer privacy and data to be of the utmost importance and is committed to providing all customers with personalized services that meet their requirements and in a way that ensures their privacy.

4. COLLECTION AND PROCESSING OF PERSONAL INFORMATION

The company manages and processes your personal data in full compliance with the relevant articles of the GDPR (5, 6, 7, 8, 9, 10, 11, etc.).

Specifically for Article 5 (Principles governing the processing of personal data) the company takes appropriate measures to ensure that personal data:

a) are lawfully and legitimately processed in a transparent manner in relation to the data subject ("lawfulness, objectivity and transparency"),

b) are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes is not considered incompatible with the original purposes in accordance with Article 89(1) ("purpose limitation"),

c) are appropriate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimization"),

d) are accurate and, when necessary, updated. All reasonable steps are taken to immediately delete or correct personal data that is inaccurate, in relation to the purposes of the processing ("accuracy"),

e) are kept in a form that allows the identification of the data subjects only for the period necessary for the purposes of the processing of the personal data; the personal data may be stored for longer periods, as long as the personal data will be processed only for archiving purposes in the public interest, for the purposes of scientific or historical research or for statistical purposes, in accordance with article 89 paragraph 1 and as long as the appropriate technical and organizational measures required by this regulation are applied to ensure the rights and freedoms of the subject of data ("restriction of storage period"),

f) are processed in a way that guarantees the appropriate security of personal data, including their protection against unauthorized or illegal processing and accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and confidentiality" ).

Some of the personal information that the Company holds about you may be sensitive personal data within the meaning of the Data Protection Act and other relevant laws.

The Company may collect personal information about you from various sources, including:

(a) by you when you agree to take a service from our company and in this case it may include your personal and/or business contact details and your consent;

(b) by you when you contact our company with a request for information, and

(c) from publicly available sources.

5. TYPES OF PERSONAL DATA WE COLLECT

When you interact with the company, we will ask you for or receive data with your consent, such as:

• Your name,
• Your email address,
• Your phone number,
• Your social media profile,
• your gender,
• your age,
• Information about the products and services you have purchased;
• Your use and activities on the company pages and
• Other information related to your online behavior.

We also collect personal data through cookies (see details at the link www………………………….), such as indicatively:

• Your IP address,
• Your cookie ID,
• Your browser,
• Your location,
• The web pages you visit on our websites,
• The ads you see or click on.

6. INTELLECTUAL AND INDUSTRIAL PROPERTY RIGHTS

Apart from the expressly stated exceptions (copyrights of third parties, partners and entities), all the content of the Company, including images, graphics, photos, plans, texts, the services provided and generally all the files of this website (site), are intellectual property , registered trademarks and service marks of the Company and are protected according to the relevant provisions of Greek law, European law and international conventions.

Consequently, none of them may be sold, copied, modified, reproduced, republished or 'downloaded', transmitted or distributed in any way, in whole or in part.

7. USE OF INFORMATION

The information you provide to the company or the company holds will be used by the company to:

(a) Verifying your identity when you ask questions;

(b) To contact you about improving the management of the services and products provided by the company in the past, now or in the future;

(c) To carry out marketing analysis and the creation of statistical information;

(d) Preventing and detecting fraud or loss, and

(e) To contact you, by any means (including mail, email, telephone, etc.) about other services and products offered by the company.

8. CREDIT CONTROL

The company, in some cases, may do certain credit checks with the relevant agencies when you apply to get a service or product. If this is the case then it will be expressly stated in the terms and conditions of business between you and the company.

9. DISCLOSURE OF INFORMATION

Under no circumstances does our company sell your personal information to third parties (Article 11 of Law 2472/1997) and in accordance with the new European General Data Protection Regulation (GDPR: 2016/679 of the European Parliament and of the Council of 27 April 2016.

In no case does it sell or rent your personal data to third parties.

These data are used by our company to continuously improve your service.

The company may disclose information only if legally required to do so for legal or regulatory purposes, in the context of legal proceedings or potential legal proceedings.

10. PROTECTION OF INFORMATION

The company maintains strict security measures and controls to protect your personal information.

This includes, in accordance with the GDPR (Articles 5, 28, 30, 32, 33, 34, 40, 55 – 58, etc.) a set of administrative measures, security policies, procedures and practices to verify your identity when you call us , encrypting data on our websites and files, creating appropriate data backups, etc., in order to ensure compliance with all applicable legal requirements.

We have taken measures to ensure that your personal data stored on our behalf by third parties (name of the company in which the data is stored-server and a link referring to its personal data protection policy) are stored in accordance with European Legislation. and we ensure that the same security standards are met.

We share your personal data with your consent or as required by law, to complete a transaction or provide a product you have requested or authorized. We share data to perform a contract with suppliers or carriers working on our behalf, where required by law or to respond to legal process, to protect life, to keep our products safe, and to protect rights or property of our company.

11. access to INTERNET

If you contact the company over the Internet, if you give us consent, then we will occasionally use e-mail to contact you about our services and products.

You should be aware that communications over the Internet, such as e-mails, etc., are not secure unless they are encrypted.

The company is not responsible for any unauthorized access or loss of your personal information that is beyond the control of the company.

We may use 'cookies' to track the user's movement of our company's website.

You can change your browser settings to prevent cookies from being accepted.

However, rejecting cookies may affect your ability to use any of the products and/or services on our company website.

12. MONITORING OF COMMUNICATIONS

All of the Company's communications with you (including telephone conversations, etc.) may be monitored and recorded by the Company for security, quality assurance, and legal, regulatory and educational purposes, in which case you will be notified upon initiation of the communication .

13. WHAT ARE YOUR RIGHTS?

According to Law 2472/97, and the new European General Data Protection Regulation (GDPR: 2016/679 of the European Parliament and of the Council of 27 April 2016, as applicable, you have the right to information, access, erasure, portability, rectification and objection (Articles 15 – 22 of GDPR). In other words, you have the right to receive, upon request, free information about the stored personal data concerning you. Furthermore, you have the right to present, upon request, objections to the processing of data concerning you, with effect for the future. In addition, you have, in accordance with the legal provisions, the right to correct and delete said data.

MORE DETAIL:

You can exercise, as the case may be, the following rights:

• the right of access, to find out which of your data we are processing, for what purpose and the recipients thereof (GDPR Article 15 'Right of access of the data subject'),
• the right of rectification, to correct any omissions or inaccuracies of your data (GDPR Article 16 'Right to rectification')
• the right to erasure (right to be forgotten), to delete your personal data from our records, however, if their processing is no longer necessary (GDPR Article 17 'Right to erasure ("right to be forgotten")')
• the right to restriction of processing, in case of questioning the accuracy of your data (GDPR Article 18 'Right to restriction of processing')
• the right to information of any correction or deletion of personal data or restriction of data processing carried out in accordance with Article 16, Article 17 paragraph 1 and Article 18 (GDPR Article 19 'Notification obligation regarding the correction or deletion of personal data or restriction of processing')
• the right of portability, to receive your data in a structured and commonly used format (GDPR Article 20 'Right to data portability')
• the right to object, in particular if you do not wish your data to be used for the purposes of direct marketing of our products and services, including objecting to profiling (GDPR Article 21 'Right to object' and GDPR Article 22 'Automated individual decision-making, including profiling ').

To exercise your rights, please send a request to: (…e-mail…).

The company undertakes to provide you, as far as technically possible, with automated means for the exercise of your rights and to proceed with the satisfaction of your requests in principle free of charge, unless unless your requests are repeated frequently and due to volume they incur administrative costs for us, which you will incur.

The company will make every effort to respond to any of your related requests within thirty (30) days of receipt. However, in the event that, due to the complexity of your request or the volume of information, it is not possible to satisfy your request within thirty days, the company will inform you within the above period in writing of the reasons for the delay and will make every effort to the satisfaction of your request as soon as possible and in any case within two additional months.

In any case, you have the right to submit a complaint to the Personal Data Protection Authority, which can also accept the submission of relevant complaints either in written form in its protocol (Kifisias 1-3, P.O. 115 23, Athens) or electronically (www.dpa.gr ).

In case you have given your consent to receive the newsletter, you can withdraw it at any time, you can send your request to the address: (…e-mail…) as well as with every newsletter you receive.

14. SOCIAL PLUGINS – BUTTONS

Our company uses on our website Social Plugins (hereinafter “buttons”) of social networks, such as Facebook, Youtube, Instagram, Twitter and Pinterest.

When you visit our website, these buttons are normally disabled, that is, they do not send data to social networks without your active participation. To use these buttons, you must activate them by clicking with the mouse. After activation, a direct connection is created with the server of the respective social network.

If you are a member of a social network and do not want the data collected when you visit our website to be associated with your data stored in the social network, you must log out of the respective social network before activating the buttons.

We have no control over the amount of data social networks process through their buttons. Information about the purpose and volume of data collection, the individual processing and use of data by the social networks, as well as your rights and set-up options regarding data protection can be found in the social networks' data protection statements [specifically you can read the cookie and data protection policy for Facebook: https://el-gr.facebook.com/policies/cookies/ and https://www.facebook.com/policy.php, for Youtube: https://www.youtube.com/intl/en-GB/yt/about/policies/#community-guidelines, for Instagram: https://help.instagram.com/1896641480634370 and https://help.instagram.com/519522125107875?helpref=page_content, for Twitter: https://twitter.com/en/privacy and https://help.twitter.com/en/rules-and-policies/twitter-cookies and for Pinterest https://policy.pinterest.com/el/privacy-policy and https://policy.pinterest.com/el/cookies).

15. GOVERNING LAW AND OTHER TERMS

Last update and modification of this protection policy: 18.12.2020

The above terms and conditions of use of the Company, as well as any modification, change or alteration thereof, are governed and supplemented by Greek law, European Union law and the relevant international treaties.

Any provision of the above terms that becomes contrary to the law, automatically ceases to be valid and is removed from this, without in any way affecting the validity of the other terms.

This constitutes the overall agreement between the Company and the visitor / user of its pages and services and binds only them.

No modification of these terms shall be considered and shall not form a part of this agreement unless made in writing and incorporated herein.

 

16. POLICY COOKIES

Details on the company's cookie policy can be found at the following link:

<company cookies policy link>.

17. CONTACT

If you have any questions about the above policy or the company's cookie policy or to exercise your rights, please contact us.

Data Processing Officer: D. GIRTZALIS KE SIA E.E., 25 March 66, Petroupoli, Attiki, tel. ………….., https://mindthehair.com/, email: ………..….