GENERAL
The protection of your personal data is very important to us. In that direction, we attach great importance on harmonizing our Company's practices with the legislation in force. This General Data Protection Policy (hereinafter referred to as the "Policy" or the “Data Protection Policy” or the “GDPR Policy”) concerns the conditions for collecting, storing, retaining, processing and using of your personal information by the website www.amourianosoptics.gr, which belongs to the Private (Personal) Enterprise under the name «AMOURGIANOS CHARALAMPOS TOU DIMITRIOU» (sic), which resides in Argiroupoli Attica,. (10 Kyprou Avenue P.O 16451) with VAT No 104382919 issued by the Tax Registry of Ilioupolis and Company Registration No 087464202000 at the Athens Chamber of Commerce and Companies, hereinafter referred to for abbreviation shake as “AMOURIANOS OPTICS” or “the Company” or "Our Company" or “the Enterprise” or “Our Enterprise” or “us” or “we” or “our”
DEFINITIONS
Website, the website (portal) www.amourianosoptics.gr
User/Visitor every website visitor.
Use the access, study, advice, storage, or other recording in memory or other magnetic or non-magnetic medium, installation, viewing in any way, mechanical or not, including printing, of the Data of the website.
The Beneficiary or Content Owner is the private (personal) enterprise under the name ««AMOURGIANOS CHARALAMPOS TOU DIMITRIOU»», as the creator of the Website and all the Elements contained in it, or as the lawful user of those of the Elements that are not its original intellectual creations. Any other affiliated company or any other company who acts as a proxy of the Enterprise in respect of the operation of the website is considered to act as a representative and the aforementioned rights of the Enterprise are not affected.
The basic definitions of the terms and names to be used in this document, as referred to in Article 4 of the General Regulation on Personal Data Protection 2016/679 / EU (EU GDPR), are the following:
Personal Data: Any information or data relating to an identified or identifiable natural person ("data subject"). As identifiable natural person is considered to be the natural person whose identity can be ascertained, directly or indirectly, in particular by reference to an identifying element such as its’ name, identity card and/or passport number, tax information, location data, summarized identity, or one or more factors specific to physical, physiological, genetic, physical, economic, cultural or social identity of that natural person.
Personal data of special categories (sensitive): Personal data which are by nature very sensitive in relation to fundamental human rights and freedoms are considered sensitive and therefore require special protection as the context of their processing could pose significant risks to the fundamental human rights and freedoms. This personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, as well as the processing of genetic data, biometric data used for undisputed identification of a persons’ health status or data relating to its’ sexual life or its’ sexual orientation.
It is clarified that all personal data of minors -under the age of 16 - are by definition considered as sensitive and treated as such.
Controller: a natural person or legal entity, a public authority, a service or other entity that alone by itself or acting jointly with others determine the purposes and the manner in which personal data are processed.
Processor: a natural person or legal entity, a public authority, a service or other entity processing personal data on behalf of the controller.
Processing: any action or set of actions carried out with or without the use of automated means of collecting personal data or clusters of personal data (sensitive and non-sensitive) such as collection, registration, organization, structure, storage, adaptation or alteration, retrieval, search of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, erasure or destruction.
Authority: The Personal Data Protection Authority (PDPA)
The Enterprise is designated as a controller and strictly complies with the Data Protection Principles set out in Article 5 of the General Data Protection Regulation.
The Enterprise is designated as a controller and strictly complies with the Data Protection Principles set out in Article 5 of the General Data Protection Regulation.
SPECIFICS
The purpose of the Company through the use of the website www.amourianosoptics.gr, is the retail sale of optical goods, spectacles, sunglasses and goggles, contact lenses and similar goods, corrective, protective or other related goods and accessories.
WHAT IS PERSONAL DATA?
The term "personal data" or “private data” or "data" as used in this Policy refers to information belonging to natural persons (as for example the full name, the e-mail address, etc.), hereinafter "Personal Data or Private Data or Data".
WHAT PROCESSING OF PERSONAL DATA REFERS TO?
As Processing of Personal Data is considered any action or set of operations/actions carried out with or without the use of automated means for collecting data, either in an electronic form (soft copy) or in a hard copy, such as collection, registration, organization, classification, structure, storage, adaption, change, retrieval, search for information, use, transmission, dissemination, association, combination, restriction, deletion and destruction of Personal Data.
WHICH DATA DO WE COLLECT
A. We are lawfully processing your data for various reasons.
The main reason is that we need to process them in order to duly execute the sale & purchase contract you enter into with us when you place an order and when you make a purchase or receive any of our services or features.
However, there are other reasons that allow us to use them, such as, but not limited to, our interest in answering your questions or the consent you provide to us to send our newsletter to you.
Β. The Company collects all the necessary information from its contractors (either as a customer or as a supplier) for the preparation and performance of the service contract and/or for the communication between us following your explicit consent, in particular:
Identity data such as first and last name
Telephone (fixed land line/mobile),
E-mail address,
Home/work address you provide το us for shipping the products to you.
In special cases of prescription orders, the particulars included in it. It is noted, in fact, that in the context of providing some of our products (e.g. eyeglasses/contact lenses), in addition to the simple identification and contact data, we may also process your sensitive personal data, such as those resulting from the ophthalmologist's prescription or as these result from the measurements of some biometric/optometric data collected by our opticians in order to provide you with the services and products you desire.
C. When you visit and navigate on the Company's website, we ARE NOT collecting your Data, except from the ones automatically collected by the cookies you have authorized yourself by providing your consent to be used. Specifically, the only types of cookies used by our Site belong to the following categories:
i. Absolutely Required Cookies and
ii. Functionality Cookies and both are necessary for the proper operation of the site. The information they collect is anonymous and does not monitor the activity of browsing other sites. For more information, please refer to the Company's cookie privacy policy posted on the Company's website www.amourianosoptics.gr Furthermore, upon your explicit consent, and exclusively provided by you, information is collected through our website for the purpose of notifying and communicating our activities to you as detailed in our Privacy Policy posted on our website
Β. The Company collects all the necessary information from its contractors (either as a customer or as a supplier) for the preparation and performance of the service contract and/or for the communication between us following your explicit consent, in particular:
Identity data such as first and last name
Telephone (fixed land line/mobile),
E-mail address,
Home/work address you provide το us for shipping the products to you.
In special cases of prescription orders, the particulars included in it. It is noted, in fact, that in the context of providing some of our products (e.g. eyeglasses/contact lenses), in addition to the simple identification and contact data, we may also process your sensitive personal data, such as those resulting from the ophthalmologist's prescription or as these result from the measurements of some biometric/optometric data collected by our opticians in order to provide you with the services and products you desire.
C. When you visit and navigate on the Company's website, we ARE NOT collecting your Data, except from the ones automatically collected by the cookies you have authorized yourself by providing your consent to be used. Specifically, the only types of cookies used by our Site belong to the following categories:
i. Absolutely Required Cookies and
ii. Functionality Cookies and both are necessary for the proper operation of the site. The information they collect is anonymous and does not monitor the activity of browsing other sites. For more information, please refer to the Company's cookie privacy policy posted on the Company's website www.amourianosoptics.gr Furthermore, upon your explicit consent, and exclusively provided by you, information is collected through our website for the purpose of notifying and communicating our activities to you as detailed in our Privacy Policy posted on our website
WHY ARE WE ARE PROCESSING YOUR DATA FOR?
A. The personal data that you declare anywhere on the pages and services of the website of our online store, are intended exclusively for reasons related to your transactions with us, communication with you, the improvement of the services provided and ensuring the operation of the respective service for which you provide them as well as for statistical and improvement purposes of the provided services - information and may not be used by any third party (with the exception of where provided by the Law for the competent authorities only), without complying with the provisions of L. 2472/97 regarding the protection against Processing of Personal Data, as applicable.
In summary, we only ask for as much information as we need so that you can enjoy a unique shopping experience: consistent delivery of the products you ordered, secure payment of your order, and personalized service based on your needs and preferences.
.
B. We collect your Data solely for the purposes of:
For the promotion of the products and services provided by the Enterprise,
For establishing communication between us, after your express consent (e.g. via newsletter, contests, etc.)
To duly execute the sale & purchase contract between us
To manage the payment/disbursement of the products you purchase, regardless of the payment process used.
To activate the mechanisms needed to prevent and detect unauthorized uses of the Platform (for example, during the purchase and returns process) as well as possible fraud committed against you and/or against us. If we believe that the transaction may be fraudulent or detect abnormal behavior that indicates an attempt to fraudulently use our features, products or services, this processing may lead to consequences such as blocking the transaction or deleting your user account.
To manage possible post-purchase exchanges or returns and to manage product availability information requests, product reservations through the Platform, subject to the availability of such options from time to time.
For invoicing purposes and to make available to you receipts and invoices of purchases you have made through the Platform
To contact you about updates or informational notices related to features, products or services contracted for, including sending quality surveys.
To be able to determine the degree of customer satisfaction regarding the service provided.
To ensure that you will be able to use other available features or services, such as purchasing, downloading, managing and using the Gift Card or Gift Voucher.
To provide you with access to and use of the Wi-Fi we make available to our customers in our physical stores. And in general, for the Company's compliance with the obligations imposed by the current legislation.
C. We only process the personal data that is strictly necessary to manage or resolve your request or application. If you contact us by phone, the call may be recorded for the purposes of proof of transactions, to ensure the quality of the services provided, and to enable us to respond to your request.
B. We collect your Data solely for the purposes of:
For the promotion of the products and services provided by the Enterprise,
For establishing communication between us, after your express consent (e.g. via newsletter, contests, etc.)
To duly execute the sale & purchase contract between us
To manage the payment/disbursement of the products you purchase, regardless of the payment process used.
To activate the mechanisms needed to prevent and detect unauthorized uses of the Platform (for example, during the purchase and returns process) as well as possible fraud committed against you and/or against us. If we believe that the transaction may be fraudulent or detect abnormal behavior that indicates an attempt to fraudulently use our features, products or services, this processing may lead to consequences such as blocking the transaction or deleting your user account.
To manage possible post-purchase exchanges or returns and to manage product availability information requests, product reservations through the Platform, subject to the availability of such options from time to time.
For invoicing purposes and to make available to you receipts and invoices of purchases you have made through the Platform
To contact you about updates or informational notices related to features, products or services contracted for, including sending quality surveys.
To be able to determine the degree of customer satisfaction regarding the service provided.
To ensure that you will be able to use other available features or services, such as purchasing, downloading, managing and using the Gift Card or Gift Voucher.
To provide you with access to and use of the Wi-Fi we make available to our customers in our physical stores. And in general, for the Company's compliance with the obligations imposed by the current legislation.
C. We only process the personal data that is strictly necessary to manage or resolve your request or application. If you contact us by phone, the call may be recorded for the purposes of proof of transactions, to ensure the quality of the services provided, and to enable us to respond to your request.
DO WE USE THE DATA FOR OTHER PURPOSES i.e PROMOTING GOODS AND / OR SERVICES?
The Company does not use the Data for purposes other than those mentioned in paragraph 6 above, which relate to the proper provision of our services, in view of high-quality standards and the compliance of our company with the applicable legislation.
The Company may use the Affiliates and Customer Information on its website for publicity/promotional or other purposes related to the Company's professional visibility and publicity.
WHO ARE THE DATA RECIPIENTS
TThe recipients of the Data are:
the Company and its strictly necessary staff committed and bound to confidentiality.
All employees with an indefinite or fixed-term working relationship, as well as all subcontractors, assistants, employees who work on behalf of the Company are bound by this Policy.
Our website includes hyperlinks to, and information from, third party sites. We cannot control and are not responsible for the protection policies and practices of third parties. We may disclose your personal information to trusted third party service providers as necessary for them to perform services on our behalf. Examples of data sharing include cookies, your IP address, your email address, and your name. Your email address and name are used only in trusted services that we use to create newsletters. We disclose only the minimum necessary information, and third parties are not allowed to use your information for any other purpose, as stated in our Privacy Policy. Every third party we use also complies with the GDRP set of regulations. The site may provide links that redirect the user to third-party sites. The Company does not control these third-party websites and is not responsible for the content posted on them or any further links that appear on them. The Company is not responsible for the privacy practices of third parties or for the content of third-party websites.
the Company and its strictly necessary staff committed and bound to confidentiality.
All employees with an indefinite or fixed-term working relationship, as well as all subcontractors, assistants, employees who work on behalf of the Company are bound by this Policy.
Our website includes hyperlinks to, and information from, third party sites. We cannot control and are not responsible for the protection policies and practices of third parties. We may disclose your personal information to trusted third party service providers as necessary for them to perform services on our behalf. Examples of data sharing include cookies, your IP address, your email address, and your name. Your email address and name are used only in trusted services that we use to create newsletters. We disclose only the minimum necessary information, and third parties are not allowed to use your information for any other purpose, as stated in our Privacy Policy. Every third party we use also complies with the GDRP set of regulations. The site may provide links that redirect the user to third-party sites. The Company does not control these third-party websites and is not responsible for the content posted on them or any further links that appear on them. The Company is not responsible for the privacy practices of third parties or for the content of third-party websites.
HOW DO WE SECURE THAT YOUR DATA ARE RESPECTED
The Data Processors have agreed and contracted with the Company:
• to be bound by confidentiality/non-disclosure agreements,
• not to disclose any data to third parties without the prior provided permission by the Company,
• to take all appropriate security measures
• to comply with the legal framework for the protection of personal data, and in particular the EU GDPR Regulation.
The Company takes all appropriate technical and organizational security measures to ensure that processed personal data are accurate and, where necessary, accordingly updated. The Company takes all necessary measures to ensure that inaccurate or incomplete data will be erased or accordingly corrected. Personal data processed are appropriate, proportionate and relevant to the needs of the service rendered to the customer, meet the contractual obligations undertaken by each contract party and are collected only for defined, explicit and legitimate purposes, as above mentioned as well as in the relevant contracts. The personal data process is conducted by the Company in a manner that ensures their confidentiality and follows rules and other procedures to protect them against unauthorized access, misuse, alteration, forbidden dissemination, disclosure, loss or accidental / unlawful destruction and any other form of unfair processing. The Company applies technical and organizational security policies, routines, and procedures to protect the personal data it collects from potential security breach, loss, misuse, alteration, or destruction. Internal audits on the processing of personal data are routinely conducted by the Company to review the effectiveness of the applicable data protection measures. Specially authorized individuals have access to data processing systems through which personal data is processed or used only in accordance with the Company's instructions. Data processing systems cannot be used by unauthorized persons. Persons authorized to use data processing systems have specific and targeted access only to the data for which they have been authorized. Personal data may not, during the processing or use or after, be recorded, read, copied, modified, or shifted by unauthorized persons of the Company. Access to personal data is limited only to those who have authority in the course of their duties appointed to them by the Company, provided they need to be aware of them. People who have access to the data are required to keep the data confidential.
• to be bound by confidentiality/non-disclosure agreements,
• not to disclose any data to third parties without the prior provided permission by the Company,
• to take all appropriate security measures
• to comply with the legal framework for the protection of personal data, and in particular the EU GDPR Regulation.
The Company takes all appropriate technical and organizational security measures to ensure that processed personal data are accurate and, where necessary, accordingly updated. The Company takes all necessary measures to ensure that inaccurate or incomplete data will be erased or accordingly corrected. Personal data processed are appropriate, proportionate and relevant to the needs of the service rendered to the customer, meet the contractual obligations undertaken by each contract party and are collected only for defined, explicit and legitimate purposes, as above mentioned as well as in the relevant contracts. The personal data process is conducted by the Company in a manner that ensures their confidentiality and follows rules and other procedures to protect them against unauthorized access, misuse, alteration, forbidden dissemination, disclosure, loss or accidental / unlawful destruction and any other form of unfair processing. The Company applies technical and organizational security policies, routines, and procedures to protect the personal data it collects from potential security breach, loss, misuse, alteration, or destruction. Internal audits on the processing of personal data are routinely conducted by the Company to review the effectiveness of the applicable data protection measures. Specially authorized individuals have access to data processing systems through which personal data is processed or used only in accordance with the Company's instructions. Data processing systems cannot be used by unauthorized persons. Persons authorized to use data processing systems have specific and targeted access only to the data for which they have been authorized. Personal data may not, during the processing or use or after, be recorded, read, copied, modified, or shifted by unauthorized persons of the Company. Access to personal data is limited only to those who have authority in the course of their duties appointed to them by the Company, provided they need to be aware of them. People who have access to the data are required to keep the data confidential.
FOR HOW LONG DATA WILL BE STORED?
We will retain and process your personal data only for as long as is necessary to fulfill contractual and consumer obligations.
As a rule, all personal data are deleted/destroyed by the termination of our contractual relationship.
The duration of the retention of the Data is also determined by the retention obligation imposed by the applicable legislation governing the Company's contractual and tax obligations.
Exceptionally, it is possible to extrapolate the length of retention of the Data for purposes of proofing before the Courts in regards of the compliance of contractual obligations by the Company or in case it is required by a rule of law or due to compliance with instructions from Public or Independent Authorities.
ARE YOUR DATA SECURE?
The Company is committed in safeguarding your Personal Data.
We have received appropriate organizational and technical measures for the security and protection of Data from any form of accidental or fraudulent processing. Security measures shall be reviewed and amended whenever necessary to meet the conditions and standards set forth in the applicable legislation.
Indicatively, and not restrictively, the following rules describe how, and in which space the data are safekept. The data stored in hard-copy files are kept to a point where unauthorized persons have no access. The same applies to files that are kept electronically, but for some reason they have been printed-out.
Important points are:
• Envelopes and scanned data are kept in a locked cabinet.
• Employees are confident that printouts are not left unattended where unauthorized people could access them, such as for example in or near the printer.
• Printed-out data that are not in use are usually destroyed. In the event that the data are stored electronically (soft copies), they are protected against unauthorized access, accidental destruction and spyware.
Specifically:
Data are protected by strong passwords that are frequently changed and are not disclosed to employees who are not authorized. If the data are stored on portable media (such as aCD-ROM, an usb stick etc.), they are stored securely when not in use. All servers and computers containing data are protected by approved software and firewall. Your Data may only be processed by specifically authorized persons, employees, and partners solely for the purposes stated above. The Company carries out regular audits and routine inspections to verify that the data are secure and that the present Policy is implemented.
• Envelopes and scanned data are kept in a locked cabinet.
• Employees are confident that printouts are not left unattended where unauthorized people could access them, such as for example in or near the printer.
• Printed-out data that are not in use are usually destroyed. In the event that the data are stored electronically (soft copies), they are protected against unauthorized access, accidental destruction and spyware.
Specifically:
Data are protected by strong passwords that are frequently changed and are not disclosed to employees who are not authorized. If the data are stored on portable media (such as aCD-ROM, an usb stick etc.), they are stored securely when not in use. All servers and computers containing data are protected by approved software and firewall. Your Data may only be processed by specifically authorized persons, employees, and partners solely for the purposes stated above. The Company carries out regular audits and routine inspections to verify that the data are secure and that the present Policy is implemented.
WHAT ARE YOUR RIGHTS?
You have the right to access your personal data.
This means that you have the right to be informed by us whether we process your Data. If we process your Data, you can ask to be informed about the purpose of the processing, the kind of Data we process, who we give it, for how long we store it, whether we use automated collecting tools, but also about your other rights, such as correcting, deleting data, limiting the extend of processing and submitting a complaint to the Data Protection Authority.
You have the right to correct inaccurate personal data.
If you find that there is an error in your Data, you can apply for us to correct it (for example, a name correction or an update of an address change).
You have the right to delete / the right to oblivion.
You may ask us to delete your data if it is no longer necessary for the processing purposes.
You have the right to transfer your Data.
You may ask us to receive the Data you have provided in a readable form or ask us to forward it to another controller.
You have the right to restrict your processing.
You may ask us to restrict the processing of your Data for as long as your filed objection on procession is pending.
You have a right to object to the process of your Data.
You may oppose the process of your Data or withdraw your consent and we will cease processing your Data, unless of course there are other compelling and legitimate reasons that prevail over your right.
HOW CAN YOU PERFORM YOUR RIGHTS?
In order for you to exercise your rights you can send us a written request, describing the right you wish to exercise, via e-mail to the address [email protected] under the title/subject "Exercise of the right of access/rectification/deletion/restriction/opposition", describing your request, We will review it and revert as soon as possible.
WHEN DO WE REPLY TO YOUR REQUESTS?
We will respond to your requests free of charge, without any delay, and in any case within (1) one month from the date of receipt of your request. However, if your request is complicated or there are a large number of requests (clustered requests) by you, we will inform you within one (1) month whether we will be needing an additional two (2) month extension, within which we will respond to you.
If your claims are manifestly unfounded or excessive due in particular to their recurrence, the Company may impose a reasonable fee, taking into account the administrative costs of providing the information or executing the requested action or refusing to follow up the request.
HOW TO FOLLOW UP THE DEVELOPMENT OF YOUR REQUESTS
For more information, you can directly contact us via e-mail address [email protected] using the title: "Request Progress".
DO WE USE AUTOMATIC DECISION-MAKING TOOLS / INCLUDING CREATING A PROFILE WHEN YOUR DATA PROCESSING?
NO, we do not make decisions, nor do we create a profile based on our automated data processing.
WHAT IS THE LAW APPLICABLE FOR THE PROCESSING OF YOUR DATA BY THE COMPANY?
We process your Data in accordance and compliance with the General Personal Data Protection Regulation 2016/679 / EU and in general the current national and European legal and regulatory framework for the protection of personal data.
TO WHOM SHOULD YOU SUBMIT ANY COMPLAINTS IN CASE OF INFRINGEMENT OF THE APPLICABLE LAW FOR PROTECTION OF PERSONAL DATA?
You have the right to lodge a complaint addressed to the Personal Data Protection Authority (1-3 Kifisias Avenue, Athens/ www.dpa.gr) if you believe that processing of your Personal Data violates the current national and regulatory framework for the protection of private data.
HOW WILL YOU BE INFORMED FOR ANY MODIFICATION OF THIS POLICY?
We will update this Policy whenever deemed necessary to comply with the applicable national and European laws and regulations on the protection of personal data. If there are any significant changes to the Policy or the way we use your Personal Data, we will post in a prominent place on our website.
We encourage you to review this policy regularly in order to monitor how your Data are protected from time to time.
The Company is the controller of the process of the private data of natural persons or individual businesses it receives.
If you wish to contact any matter relating to the processing of your Data and the exercise of your rights, you may contact the Company’s Data Controller, by using the e-mail address [email protected]