PERSONAL DATA PROTECTION POLICY
Our goal is to make sure you feel secure on our website, so your privacy and the protection of your individual rights are important to us. That is why we would ask you to read carefully the following summary on how our website works. You can be sure that your data will be processed in a transparent and fair manner and that we will make every effort to handle your data with care and accountability.
Contact details of the Chief Trust and Data Protection officer
The Chief Trust and Data Protection officer for the purposes of the GDPR, other data protection legislation within the EU Member States and other data protection regulations is:
“Smart Trade Single Member Private Company” with the distinctive title “Smart Trade S.M.P.C.”, located in the Vardaris area of Thessaloniki, at 35 Langkada Street, P.C. 54629.
You may contact the Data Protection Officer at: firstname.lastname@example.org
Personal data processing framework
We collect and use your personal data to the extent necessary to provide you with a functional website, content and services. For example, if you sign up for our website, you sign in to an existing client account and you order products. Your personal data is collected and used only with your consent. An exception to this rule is the case in which prior consent cannot be given, due to certain conditions and when the data processing is permitted by law.
The security of your personal data is a high priority for us. For this reason, we take technical and organizational measures to protect your data stored by us in order to effectively prevent their loss and misuse by third parties. Our employees, who are in charge of processing personal data, are bound by confidentiality obligations and are required to comply with them. Your personal data is protected by ensuring that it is transmitted in an encrypted form; for example, we use SSL (Secure Sockets Layer) to communicate with your web browser. A padlock will be displayed by your browser so you can see when an SSL connection is being made. In order to ensure that your data is protected at all times, technical security measures are routinely reviewed and adapted to new technology standards, if required. These principles also apply to companies that we assign the processing and use of the data according to our guidelines.
The purposes of processing and the legal principles governing the way your personal data is processed
We collect, process and use your personal data for the following purposes:
• Conclusion and execution of contracts
• Provision of newsletters and promotions
• Marketing activities, such as prize draws
• Customer service and support
• Provision of broadcasting services so as to process orders for the goods and services we offer online.
We collect, process and use your personal data according to the following legal principles:
• Article 6 (1) (a) of the GDPR acts as a legal basis for the processing activities for which we receive your consent for a specific processing purpose.
• Article 6 (1) (b) of the GDPR states that the personal data may be processed for the execution of a contract, such as when purchasing a product. This element applies to any processing activity necessary to conduct pre-contractual activities, such as the investigation of products or services.
• Article 6 (1) (c) of the GDPR applies to cases where we are bound by a statutory obligation that requires the processing of personal data, such as compliance with tax obligations.
• Article 6 (1) (d) of the GDPR states that personal data may be processed in order to safeguard your own vital interests or those of any other natural person.
• Article 6 (1) (f) of the GDPR applies according to our legitimate interests, such as when we hire service providers for the purpose of executing orders (e.g. delivery services), when we conduct statistical surveys and analyses or when we record connection efforts.
Shelf life and deletion routine of personal data
We process and store your personal data only for as long as it is necessary to fulfill the purpose for which it is stored or as long as we are obliged to do so by law or regulation. Once the purpose ceases to exist or is fulfilled, your personal data will be deleted or restricted. If the data is limited, it will be deleted once the retention period imposed by law, statute or contract ceases to prevent this deletion, if there is no reason to believe that the deletion would jeopardize your legitimate interests, and provided that this deletion does not require a disproportionate effort due to the specific nature of the storage.
Collection of general data and information (logs)
In compliance with Article 6 (1) (f) of the GDPR, our website collects a set of data and general information on each access that is temporarily stored in a server's logs. The log is created as part of the automatic recording made by the electronic processing system. It is possible to collect the following data:
• The access to the website (date, time and frequency)
• The way you ended up on the website (report page, hyperlink, etc.)
• The volume of sent data
• The browser and the browser version you use
• The operating system you use
• The provider of the internet service you use
• The IP address your internet service provider assigns to your computer when you connect to the Internet.
The collection and storage of this data are necessary for the functionality of the website. In addition, we use the data to optimize our website and ensure the security of our information technology systems. For this reason, the data is stored for a maximum of one to thirty days as a technical precautionary measure.
We also use this data for the purpose of marketing, market research, and for organizing our services, so as to meet the demand by creating and analyzing pseudonymous user profiles. However, this is only the case if you have not exercised your right to deny or withdraw consent to the use of your data in this way (see notes on your right to oppose in “Your Rights” section). This processing includes the "Remember me" feature, which you can also disable from your browser.
Cookies, web analytics and social media
Provision of information about our products and services, about special offers and other messages, such as newsletters
We use your data to send information you request about our products, services and other special offers to the email address you provide us. This will only be done with your prior consent or if permitted by law. Consent for this provision is regulated by Article 6 (1) (a) and Article 7 of the GDPR.
1. Sign up for newsletters, promotions and surveys on our website
You can sign up for newsletters, promotions and free surveys on our website. When you sign up for newsletters, promotions and surveys, the data of the data entry form will be sent to us, which is at least your email address or your mobile phone number.
2. Providing information about the sale of products and services
In case you buy products or services from our website, we can send you information about other similar products and services to the e-mail address you declare even without your consent.
Our wish is to find reading the e-mails that we send you pleasant, so we are trying to include only the information you may find interesting. Therefore, we calculate and store the percentage of exposures and clicks you make to your user profile. This information includes information about if and when you open our e-mails, which content you choose to read and when, and whether and why the e-mails we send to you may not be received by you. In addition, we use these data for statistical purposes.
Of course, you can also unsubscribe to stop receiving such e-mails, that is, to withdraw your consent for the future. For this action there is a corresponding unsubscribe link in each e-mail and newsletter. You will then be prompted to confirm the cancellation of your registration on our provider's website. You may also contact us to withdraw your consent at any time by e-mail: email@example.com.
There is no ability to unsubscribe from certain informational messages necessary for the execution of contracts and the operation of our website, including service-related emails (e.g., registration confirmations, customer service information) or information relating to purchases (e.g., order confirmations, contract documents, payment processing). You will receive these notifications in the contact information you provide.
Processing of personal data when communicating, registering and submitting guest orders
On our website we give you the opportunity to sign up by providing personal information. This data is entered into a data entry form, sent to and stored by us. Registration is made for the prosecution of a contract or pre-contractual activities and it is therefore based on Article 6 (1) (b) of the GDPR.
For signing and executing contracts, we request contact information depending on the specific case, such as name, delivery address, billing address, e-mail address and information about the payment method you choose. We also use your data to maintain our customer data, where only data that is relevant is stored. To avoid typing errors and to ensure that the products you order are actually delivered to you, we check that your address is complete and correct when you enter it.
3. Guest orders
You have the option of submitting orders as a guest. If you choose this type of order, you do not have to sign up before submitting your order. Note that you will need to re-enter your data when submitting any future orders.
We collect, process and use the data you provide to us for guest orders for the purpose of performing the contract in accordance with Article 6 (1) (b) of the GDPR. We store the information you provide to us for the length of time that we process and execute your order. Then your data is deleted. The data we are required to store in accordance with legal obligations, statutes or contractual data retention requirements will be limited instead of deleted so as to prevent their use for other purposes.
In accordance with Article 6 (1) (c) and (f) of the GDPR, we use and store your personal data and the technical information if necessary to prevent or investigate misuse or other illegal behavior within our website (e.g. in order to maintain data security in case of attacks on our information technology systems). In addition, we may do so by order of public authorities or courts, as we are obliged to act in this way by law and also in order to safeguard our rights and interests and to have the possibility of legal defense.
Transmission of personal data to third parties
When transferring your personal data, we ensure that the security level is always as high as possible, and so your data is only passed on to service providers and partner companies carefully selected in advance and bound by contractual obligations. We also transmit your data only to entities established within the European Economic Area and are therefore subject to strict EU data protection law or are bound by an equivalent security standard. The transfer of data to countries outside the European Economic Area does not happen or is not currently foreseen.
1. Transmission to partners in accordance with Article 6 (1) (b) of the GDPR
As for the services and products we offer on our website, we work with several companies for certain product groups. If you order products or services of these associates, we will forward the personal data you provide upon your registration and, if other purchases are made, the additional personal data specified in the "My Account" section for the conclusion and execution of the contracts (especially your e-mail address, delivery and invoicing address). Your contractor will be identified on the relevant product pages, the Buy Terms and Conditions and the Legal Notice. Please note that your own contractor is responsible for the security measures of the data it receives and that the additional or different Privacy Policies of the counterparty may apply to those product pages.
2. Transmission to service providers-collaborators in accordance with Article 6 (1) (b) and (f) of the GDPR
In order to operate and optimize our website and to perform the contracts, we employ various service providers that operate on our behalf to provide central technology information services, host our website, process payments and send the products, install equipment or deliver newsletters. We pass the information necessary for the respective purposes to these service partners (e.g. business name, address).
Some of these companies act on our behalf for the processing and execution of orders and are therefore allowed to use the data provided solely according to our instructions. In this case, we are legally responsible for ensuring that these companies, which we entrust with the provision of services, take appropriate data protection measures. That is why we agree on specific data protection measures with these companies and we monitor these measures on a regular basis.
If the goods to be shipped are bulky or heavy, your order will be shipped via a simple transport company. This service provider will receive information from us, such as the e-mail address or phone you provide to us with your order.
Unlike external processing requirements, we are transmitting data to third parties for the performance of the contract, who are then responsible for the use of such data in the following cases:
As far as the shipment of the goods is concerned, the data are transmitted to the logistics companies or to the postal service provider specified in the order.
With regard to the payment of the goods ordered, the data is transmitted to the person processing the payment or to a financial bank specified in the order. If a credit card is used as a payment method, a security audit based on the transaction will be performed with the help of the processor of the payment KARDLINK S.A. to prevent credit card fraud.
As for the payment, we do not collect or store information about your payment, such as credit card numbers or account details. This information is sent exclusively and directly to the processor of the payment.
3. Transmission to other third parties in accordance with Article 6 (1) (c) and (f) of the GDPR
Lastly, we may send your data to third parties or government agencies under applicable data protection law, if we are legally obliged to do so (e.g. on the order of a public authority or court) or if we have a right to do so (e.g. because it is necessary to investigate a criminal activity or to claim and exercise our rights and interests).
Of course you have rights regarding the collection of your data, for which we will gladly inform you subsequently. If you wish to exercise any of the following rights without charge, all you have to do is send us an e-mail at firstname.lastname@example.org or call us at 2310-528000.
For your own safety, we reserve our right to receive further information necessary to confirm your identity when responding to an existing request. If the identification is not possible, we also reserve our right to refuse to respond to your request.
1. Right to information
You have the right to request information from us about your personal data stored by us.
2. Right to rectification
You have the right to request the prompt correction and/or completion of your personal data stored by us.
3. Right to restriction of processing
You have the right to request the limitation of the processing of your personal data, if you dispute the accuracy of your data stored in us, if the processing is illegal and if the data is no longer necessary to us, but you do not wish to delete them and request them for the foundation, exercise or support of legal rights, or in case that you have disclosed your objection to processing.
4. Right to erasure
You have the right to request the deletion of your personal data stored by us, unless their preservation is necessary for the freedom of expression, the freedom of information, the observance of a legal obligation, the ground of public interest, the establishment of legal claims or the defense against them or the exercise of legitimate rights.
5. Right to information
If you have exercised your right to correct, delete or restrict processing, we will inform all recipients of your personal data that the data in question has been corrected, deleted or is subject to processing restrictions, unless it is impossible to be done or this information requires a disproportionate effort.
6. Right to data portability
You have the right to receive a copy of the data you have provided to us, which will be sent to you or to a third party, in a structured, commonly used and machine readable format. In case you request the direct sending of data to another data controller, this will only be done if it is technically feasible.
7. Right to object
If your personal data is processed by legitimate interests pursuant to Article 6 (1) (f) of the GDPR, you have the right to object to processing at any time in accordance with Article 21 of the GDPR.
8. Right to withdraw consent
You have the right to withdraw your consent to the collection of the data at any time, which will be valid for the future. Data collected, until the revocation becomes legally valid, is not affected by it. We hope you understand that processing your recall may take some time for technical reasons and that you may still receive messages from us in the meantime.
9. Right to submit a complaint to a regulatory authority
If the processing of your personal data violates the data protection legislation or if your data protection rights have been violated in any other way, you may file a complaint with the Data Protection regulatory Authority.
The fastest, easiest and most convenient way to exercise your right to correct and delete is to log in to your client account and edit or delete the data stored in the account directly. Please note that once the data is deleted, you will no longer have access to our partner services through our website. You may also not be able to receive the services again. For this reason, please back up your data before exercising your right to erasure. The data we are required to store in accordance with legal obligations, statutes or contractual data retention requirements will be limited rather than deleted so as to prevent their use for other purposes.
Data protection regarding documents and application procedures
We collect and process personal data relating to applicants for the purpose of executing application procedures.