1. LEGAL FRAMEWORK
On May 25 th 2018, the General Data Protection Regulation (“GDPR”) came into force, pursuant to which the framework for the protection of personal data for businesses has been drastically changed. In Greece, Law 4624/2019 is now applied, which complements the provisions of the Regulation and repeals the previous Law 2472/1997, with the exception of specific provisions. The Regulation, but also the national law, aims to ensure that personal data are collected and processed in a secure and transparent manner, under strict rules and time constraints, ensuring the rights subject and protecting it against the rapid technological developments, which created new challenges and led to a significant increase in the scale of personal data collection and exchange.
FLAX strictly follows all the principles included in the Regulation and Law 4624/2019, taking all necessary measures and prioritising the security of personal data and data subjects in the course of every order and in the course of any possible processing of these in general. Our priority and strategic goal is to ensure the maximum protection of the personal data of our customers as well as the substantial and real strengthening of their rights. In the processing of personal data we set the principles of legality, objectivity and transparency as bases. Personal data are collected for specified, explicit and lawful purposes without being further processed in any manner that is incompatible with that purpose. We consider that it is our duty to inform you about the categories of data collected, how they are collected, the period during which they are preserved and your rights regarding the collection and processing of your personal data.
We review our compliance with this privacy statement on a regular basis. If we make any changes to this statement, we will post the revised statement on this website.
2. CATEGORIES OF DATA COLLECTED
Your personal data (e.g. your first and last names, sex, date of birth, identity card number, tax identification number or other identification number).
Your communication data (e.g. telephone number, post address, e-mail address and fax number, address of residence).
Credit or debit or other billing information (e.g. cardholder name, card number, billing address, expiration date), if, of course, you choose to pay by card as a method of payment.
3. HOW ARE YOUR PERSONAL DATA BEING COLLECTED
Your personal data are collected when you make a statement or purchase of products, when you request information or support for a product, when you participate in promotions, contests or free offers, when you create a user account (with username and password), when you participate in a research or in reviews, as well as when submitting questions, comments or reviews.
4. TIME PERIOD DURING WHICH YOUR PERSONAL DATA ARE BEING PRESERVED
The personal data collected in the Website Platform are used and stored for as long as it is necessary for your service and the period of personal data storage is limited to the time that is necessary for achieving its purpose. We maintain your personal data for as long as the purposes for which they were collected are present and in any case for a period not exceeding five (5) years from the last time you contacted us (e.g. purchase, call center communication, participation in a contest). Thereafter, they are being erased from our files and system, in compliance with our company’s policy and provided that they are no longer required to be maintained in order to fulfil the purposes, or to cover business, tax or accounting requirements imposed to us or to defend our rights before any competent Court or any other Authority.
5. PURPOSE OF COLLECTING AND PROCESSING YOUR PERSONAL DATA
Your personal data are being collected and processed:
To choose your products
To process the purchases requested by you
To deliver your orders
To provide technical service and support
For the operation of our sites on the Web
For the fulfilment of your requests to provide information
To communicate with you
6. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES
Your personal data are not being transmitted to third parties, but only to those with whom we cooperate and they are authorized bodies directly involved in order to fulfil the purpose, namely the facilitation of the sale and the delivery of the products that you have ordered. The authorization is made in writing and confidentiality and secrecy are guaranteed, as well as that they will be solely used for specific purposes in compliance with the Regulation and the law, but always under the condition that these data are fully and strictly secured, so that any illegal processing is excluded. Your data are protected from unauthorized or illegal processing and accidental loss, destruction or damage, by using appropriate technical or organizational measures. Upon completion of the processing services at the discretion of the controller, the authorized body shall return or delete all personal data and destroy existing copies.
7. WARRANTIES UNDERTAKEN FOR THE PROTECTION OF YOUR DATA
In order to protect your personal data, we take adequate natural, technical and organizational measures for their protection. We update and control the security technology that we use on an ongoing basis. We adopt individual procedures for personal data preservation and secure deletion / destruction of these. We delete and destroy your data as soon as the purpose of collecting and processing is fulfilled, while the transmission to third parties, as aforementioned, is carried out for strictly limited reasons, in a safe way. We restrict access to your personal data solely to those employees who need to have knowledge of these data in order to provide you with the services you desire. Unauthorized persons have no access to your personal data at all.
8. DATA CONTROLLER AND PERSONAL DATA RESPONSIBLE
FLAX Ltd, 142 ARGYRIADI STR.,
AGIOS DIMITRIOS, ATHENS,
tel. +30 210 97 66 596,
9. LINKS TO OTHER WEBSITES
This data protection declaration applies only to data provided through the websiten www.flax.gr, which, however, contains links to other websites. In this case, we recommend that you review the data protection declarations of the respective website.
10.CUSTOMER RIGHTS IN RELATION TO PERSONAL DATA PROTECTION
The personal data are collected for specified, explicit and lawful purposes without being further processed in any manner that is incompatible with these purposes. In any case, you reserve the following rights:
Right to access your personal data. You have the right to request access to your personal data, which we process, as well as full information about the data collected. Our company takes the appropriate measures to provide you with all information and notification regarding the processing of your personal data in a concise, transparent and easily accessible form within reasonable time and without delay. You have the right at any time to receive confirmation as to whether or not your data are being processed. Such information will further include the purposes of the processing, the identity and the contact details of the controller, as well as the time during which the data will be stored.
Right to rectification of your personal date, namely the right to correct potential inaccurate data. FLAX takes reasonable measures in order to ensure that the personal data that we process are accurate, complete and up-to-date, urging you to update your personal data if and when necessary. In any case, you have the right to
demand from the controller, without undue delay, to correct inaccurate personal data concerning you, but also to complete incomplete data following an additional declaration.
Right to object to the processing of your personal data when there is a legitimate interest, including your right to object to any automate processing of your data.
Right to withdraw consent and restrict the processing of your personal data, in cases where we process your personal data based on your consent, in case that you challenge the accuracy of the data, in case that you object to their processing or in case that there is another reason provided in the Greek or European legislation in relation to Personal Data Protection, or if the data are no longer necessary.
Right to cause erasure of your personal data without undue delay upon your request.
Right to receive your personal data, which you have provided to us upon your consent, so that you can use them anywhere else.
Right to be informed about violations.
Right to file a complaint with the competent Greek independent authority, which is the Data Protection Authority in case of an illegal processing of your data (http://www.dpa.gr/).
! All actions of processing are placed under the accountability obligation of the
controller, who must be able to prove that his/her obligations have been complied with.
The processing of personal data is under no circumstances allowed for purposes other
than those for which they have been collected.
11. PROCESSING OF PERSONAL DATA OF MINORS
As provided for in the legislation currently in force, the processing of personal data of a minor during the provision of services in the information society directly to the minor is lawful, provided that the minor has reached the age of 15 and provides his/her consent. If the minor is under the age of 15, the processing is legal only after the consent of his/her custodian.
12. HOW TO COMMUNICATE WITH US
For information or questions about the protection of Personal Data, you may contact the email address firstname.lastname@example.org.
13. TRANSMISSION OF PERSONAL DATA OUTSIDE THE E.U.
The personal data that we collect from you may or may not be transmitted and processed outside the European Union.