The company with the name “KIOSIDIS I.K.E./KIOSIDIS PRIVATE COMPANY P.C.” with the distinctive title “JOHNY” located at 16 km Thessaloniki-Serron, P.C. 57200, with A.F.M 999672173 and G.E.M.I. number 038844805000, contact address [email protected], telephone service line of the online shop: 23940 73536 – 537, as the controller, collects, stores, uses and generally processes your personal data when you visit, register or use the Company’s website.
This Privacy Policy describes how we use, share and protect your personal data, the choices you have regarding your personal data, and how you can contact us. If you have any questions regarding this Privacy Policy, as well as any issue related to the processing of your Data and the exercise of your rights, you may contact the Company’s Data Protection Officer (DPO) at “KIOSIDIS I.K.E./KIOSIDIS PRIVATE COMPANY P.C.”, 16 km Thessaloniki-Serres, P.C. 57200, with P.O.B. 999672173 and G.E.M.I. number 038844805000, or e-mail address [email protected]
1. Definition
The term “personal data” refers to information of natural persons, such as name, postal address, e-mail address, contact telephone number, etc., which identifies or can identify you, hereinafter referred to as “Personal Data”.
2. Processing of Personal Data
Processing of personal data includes an operation or set of operations performed, with or without the use of automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Mandatory provision of personal data
The provision of your personal data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or may be optional. The mandatory or optional nature of the Data provision is indicated by an asterisk (*) next to the personal data of mandatory nature.
If you do not consent to the provision of the data marked as mandatory on the company’s website, then the purpose of collecting this data cannot be completed and the process of drawing up the sales contract may not be completed. The provision of additional personal data to the Company, beyond those marked as mandatory, is optional and does not entail any consequences in relation to the main purposes of data collection.
4. What Personal Data we collect
We take care to collect only the absolutely necessary Data, which is appropriate and clear for the intended purpose. These Data include the
follows:
- Data during the creation of the customer’s account in the company’s online store. The e-mail address and the login password must be filled in here. Optionally fill in your first name, surname, date of birth, postal address, telephone number.
- Data from transactions with our company through our online store or telephone order
- Traffic data of our website or other websites you have visited before us
- Information collected from the use of cookies in your browser.
- Copies of documents you provide to prove your age or identity when required by law (such as a copy of a police certificate)
- Payment information
- Your feedback and reviews of our company’s products
- Recording of telephone communication with an employee of our company, for the purpose of ensuring proof of transactions and improving the quality of our services.
- MINOR USERS: We comply with the law and do not allow children to register as users in the online store or deal with the company when they are under 16 years old. We will ask for the parent’s consent.
5. How we use your Data
5.1. By collecting the customer’s personal data, we can make various offers for our products that may be of interest to you. The legal framework for the protection of personal data allows us to collect this data in order to understand the needs of our customers and to ensure a quality level of service. If the customer does not wish to share their personal data, or refuses certain contact rights, the company may be able to assist you, for example when the customer requests information on when a product is available again or more information on its features.
We inform you that the processing of your Data is carried out either by the Company’s specially authorized personnel, or through computer systems and electronic devices by the Company and exceptionally by third parties, who, having been contractually bound to confidentiality and protection of your Data, carry out tasks necessary to achieve the purposes strictly related to the use of our website and the sale of its products.
5. 2. Product orders: the Company processes your personal data in order to complete the sales contract, to process the order and delivery of the products, to issue and send you electronically your tax documents to the e-mail address you have indicated in its online store, to provide customer service, to comply with legal obligations, to oppose, raise or exercise legal claims. If we do not collect your Data when completing the order from our online store, we will not be able to process your order and comply with our legal obligations. It may be necessary to transfer your Data to third parties for the delivery of the product you have chosen, as well as the implementation of the electronic invoicing process by our Company, in accordance with the provisions of applicable law. In addition, we may retain your Data for a reasonable period of time in order to fulfil our contractual obligations, such as product returns, as required by relevant legislation.
5.3. Create a Customer Account: The Company processes your Data in order to provide you with account functions and to facilitate the purchase of products from the online store.
5.4. Contact: The Company uses your personal data in order to be able to respond and reply to your requests or queries, refund requests or complaints. The company can keep a record of requests from the customer so that it can develop the quality of its transactions. When shipping the products to the address indicated by the customer, the company will share your personal data with a third party service provider, such as a courier or a technician who visits your home. Without sharing your personal data, we would not be able to meet your request.
5.5. Protect your account from fraud and other illegal activities: This includes using your Data to maintain, update and protect your account. We also monitor your browsing activity with us to identify and quickly resolve any problems and protect the integrity of our website. All of the above is part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect possible false logins from unexpected locations.
5.6. Recordings of telephone calls: when you call the company’s call centre in order to inquire about existing orders and/or to proceed
in new product orders, our Company records the calls in order to ensure proof of transactions. In this context, you receive from us
notification via a recorded alert that your call will be recorded before the call starts. Through the recording, our Company can
prove what was agreed with you verbally, in case of dispute. If you do not wish to have your voice recorded, you can always choose to
contact us in writing, using the available contact form. You can get a copy of your recorded conversations at any time by sending a copy to
by sending a message to the following e-mail address [email protected].
5.7. Processing of payments in order to prevent fraudulent transactions: processing for this purpose ensures the business interests of the company and its customers by protecting them from electronic fraud (phising)
5.8. To comply with our obligations under the law: To comply with our contractual or legal obligations to share data with law enforcement. For example, following a court order to share data with judicial authorities. To send you communications required by law or necessary to inform you of changes to the services we provide to you. For example, updates to these privacy notices, product recall notices and legally required information about your orders. These service messages will not include advertising content and will not require prior consent when sent by email or text message (SMS). If we do not use your personal data for these purposes, we cannot comply with our legal obligations.
6. Purpose of processing personal data
The purpose of collecting your personal data is related to the company’s products and in particular to:
- The way of managing the sale of products, e.g. communication and information about the availability of products and the progress of your order, the issuing and sending of your tax documents in electronic form (e-invoicing), the execution of your order, the dispatch of products, the management of your debts to the company, the realization of returns and the provision of guarantees
- compliance with the obligations imposed by the applicable legislation e.g. tax legislation, e-commerce directive
- control, improve and adapt to your preferences and choices regarding our company’s products
- the sending, by electronic or traditional means, of administrative, technological, organisational and/or commercial information about the Company’s products and/or services.
- customer satisfaction survey, product promotion, sending informative messages about the company’s products and offers
- Ensuring proof of transactions when recording our telephone calls, in case you contact our call centre representatives. The legislation on personal data protection provides for cases when the company may collect and process personal data of the customer, such as the terms of the sales contract.
7. Recipients of personal data. Share
7.1. Access to the customer’s personal data is available to the company’s staff, who are bound by confidentiality and to our affiliated companies or third party service providers, who process your Data as Processors on our behalf and in accordance with our instructions. The Company shares your Data with:
a) service providers that process personal data on behalf of the Company, for example (indicatively) for credit card and payment processing, the electronic issuance and sending of your tax documents (e-invoicing), transfers and deliveries, hosting, management and maintenance of our data, email distribution, research and analysis.
When we use third-party service providers, we enter into agreements that require them to implement appropriate technical and organisational measures to protect your personal data.
(b) Other third parties, to the extent necessary for the following purposes: (i) compliance with a governmental request, court order or applicable law, (ii) prevent unlawful uses of our online store website or violations of our Terms of Use and policies, (iii) protecting the company from third party claims; and (iv) contributing to the prevention or investigation of fraud (e.g. counterfeiting)
c) To other third parties when you yourself have given your consent.
In the above cases under a-c we only provide the information necessary for the purpose of performing the specific services of the third parties, and the purpose of the use is
of your personal data by them, is set out in a contract between the third party and the company, whereby they undertake to maintain confidentiality, not to send
customer data without the company’s permission, take protection and security measures and generally comply with the General EU Regulation 979/2016 (GDPR).
We work closely with them to ensure that your privacy is respected and protected at all times and in the event that our relationship or provision is interrupted.
of their services, for whatever reason, then your data will be deleted or made anonymous.
7.2. International Data Transfer
The personal data we collect (or process) in the context of our online store will be stored in Greece. However, some of the recipients of the Data with whom the Company shares your Personal Data may be located in countries other than the country in which the original collection of your Personal Data took place. The laws in those countries may not provide the same level of data protection as the country that originally provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, including the United States, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.
We take steps to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries is adequately protected in accordance with data protection rules. These include signing the Contractual Clauses, certifying that the recipient has adopted the European binding rules or complies with the EU-US and Swiss-US Privacy Shield.
8. Retention time of personal data by the company
Your personal data will be kept by the company for as long as necessary to fulfil the purposes set out in this Privacy Policy, unless applicable law requires a longer retention period. We will keep your personal data for as long as you have an account with our Company.
8.1. With regard to your Personal Data related to product purchases, we retain this data for a longer period of time in order to comply with our legal obligations (such as tax and trade legislation and for warranty purposes). At the end of this retention period, your data will be completely or anonymously deleted, for example by aggregation with other data, so that it can be used in an unidentifiable way for statistical analysis and business planning.
8.2. If your order included a guarantee, the relevant personal data will be kept until the end of the guarantee period.
8.3. Our Company retains the recorded conversations relating to the proof of a commercial transaction or the preliminary part thereof within the contractual relationship with you for a period of 6 months. Exceptionally, our Company may retain the recorded calls for a longer period of time in the context of establishing, exercising or supporting its legal claims.
9. Personal data security
Our company is committed to safeguarding personal data, and has taken appropriate measures to ensure their security and protection from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum security. The johny.gr website uses the ………….. protocol for secure online commercial transactions. In this way, all the Data you provide, including your credit card number, name and address, are encrypted so that they cannot be decrypted or altered during transmission over the Internet.
In addition, the information used to identify you as an account user is two: the Username and the Personal Secret Security Code (Password). Each time you enter your details, you are given access to your personal account. This process is achieved safely through encryption during their transfer to the internet and the Company’s servers. In the same way, you are given the opportunity to change your Personal Security Password as often as you wish. After entering the desired code, the new code is encoded and stored in the Company’s systems. For this reason, the only person who knows your password is you, and you are solely responsible for maintaining the secrecy of the password from third parties.
10. Rights of the customer
10.1.
A. Update: The customer has the right to access his/her personal data, which means that he/she is entitled to be informed by the company whether it is processing his/her Data. The customer can be informed about the purpose of the processing, the type of your data we keep, to whom we give them, how long we store them, whether automated decision making takes place, but also about your other rights, such as rectification, erasure of data, restriction of processing and filing a complaint to the Personal Data Protection Authority.
Β. Correction: if the customer finds that there are errors or inaccuracies in his/her personal data, he/she can submit to the company a request for correction (e.g. correction of name
or updating a change of address).
Γ. Right to erasure; right to be forgotten: The customer has the right to request the company to delete his/her personal data if it is not necessary for the above mentioned processing purposes or if he/she wishes to withdraw your consent in cases where this is the only legitimate basis.
Δ. Right of portability: the customer may request the company to receive in a readable form the Data he has provided or ask us to transfer them to another controller.
Ε. Right to restriction of processing: the customer may request the restriction of the processing of his/her personal data, for as long as the examination of the
your objections to the processing.
St. Right to object and withdraw consent: you may object to the processing of your Data and we will stop processing your Data, unless there are other compelling and legitimate reasons that override your right. If you have given your consent to the collection, processing and use of your personal data, you can withdraw your consent at any time with future effect.
10.2. Exercise of customer rights
In order to exercise your rights, you may submit a request to the Data Protection Officer at the postal address of the Company “KIOSIDIS I.K.E./KIOSIDIS PRIVATE COMPANY P.C.” with the distinctive title “JOHNY” with headquarters at 16 km Thessaloniki-Serres, P.O. Box 57200, or at the e-mail address [email protected] with the subject “Exercise of the right concerning Personal Data” Furthermore, in order to protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make based on this Privacy Policy. If you have authorized a third party to make a request on your behalf, we will ask them to demonstrate that they have your permission to act on your behalf for this purpose.
11. Applicable Law
The applicable law is Greek law, as formulated in accordance with the General Data Protection Regulation 2016/679/EU, and in general the applicable national and European legislative and regulatory framework for the protection of personal data. The competent courts for any disputes arising in relation to your Data are the Courts of Thessaloniki.
12. Personal data breach. Recourse to the competent authorities
You have the right to lodge a complaint with the Personal Data Protection Authority (postal address 1-3 Kifissia Street, P.K. 115 23, Athens, tel. 210. 6475600, e-mail address (e-mail) [email protected]), if you believe that the processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data.
13. Contact
If you have any questions that are not covered, or comments and concerns you may have about our Privacy Policy please contact our Data Protection Officer who will be happy to assist you:
- Email to: [email protected] or
- Letter to the Data Protection Officer at 16th km Thessaloniki-Serres, P.O. Box 57200