DATA PROTECTION POLICY

This describes our policy regarding the personal data we collect from visitors to our pages (hereinafter referred to as "users").

The controller of your personal data is THEOPIS DASKALOPOULOU, based in Nea Ionia, odos. El. Venizelou no.12, TIN 034199997 tax office of N. Ionia and e-mail info@dritsoulas-jewellery.gr.

In the day-to-day activities of our business and our website we process data relating to natural persons, including:
• Customers
• Visitors of our website
• Other stakeholders (employees, suppliers).

Our company complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation concerning the protection of personal data, electronic communications,etc. etc. and undertakes to ensure at all times the protection of your Data:
• The data are collected for specific, explicit and legitimate purposes and are not further processed in a way that is incompatible with those purposes.
• We collect the necessary personal data for any purpose and process them lawfully, fairly and in a transparent manner in relation to the data subjects.
• We make sure that they are, as far as possible, accurate and up-to-date and keep them only for the time necessary for the purposes for which they are processed.
• In any case, the criterion we use to determine the storage period is based on and takes due account of the need to comply with any relevant legalrequirement, as well as the principle of data minimization.
• We process the Data electronically and manually and take all appropriate measures to protect personal data, including protection from unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Collection, purpose, legal basis of processing and time of retention of your data

1. Data we collect automatically through our website
The website https://dritsoulas-jewellery.gr/ uses the SSL (Secure Sockets Layer) protocol which uses methods of encrypting the data exchanged between two devices (most commonly Computer), establishing a secure connection between them over the internet, which results in the protection of your personal data.

When you visit our website, our server collects the so-called log files of the server, namely:
• Date and time of entry to the website.
• The volume of data sent to bytes.
• The browser and operating system you used to access the site.
• Ip address when you enter the website. The IP address is personal data along with the date and time of your visit, although we cannot identify you with this data alone.

The legal basis for which we collect your IP address and keep it in special files (log files) is our legitimate interest in processing this data in order to ensure the security of networks, information and services from accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data (e.g. ddos attack control "denial" service"), as well as our legal obligation to provide a more secure environment for the processing of your personal data (GDPR Article 6(1)(f) and (c)). The data will not be transferred or used in any other way. However, we reserve the right to check server logs (serverlogs) if specific signs of unauthorized use are found.

2. Customer Data.
When you visit our business, we collect your personal data such as your full name, father's name, E-mail, postal address, gender, age, profession, address, and any other information related to the provision of our services to you.

The purpose of the processing of your data is to provide you with the requested services and the legal basis for the processing, the execution of the contract between us (Article 6 par. 1b' and 9 par. 2nd GDPR), as well as our compliance with legal obligations. The retention period of your data is the one required by law, possibly the longest, if legal claims arise.

It is clarified that we do not have a publicly accessible list of e-mail addresses of our subscribers/users. Therefore, any personal data (e.g. access names etc. (etc.) that appear anywhere on the pages and services of the Data Controller's website are intended solely to ensure the operation of the respective service and may not be used by any third party without complying with the provisions of the legislation on the protection from processing of personal data, as in force each time. The Data Controller acts in accordance with the applicable legislation and aims at the better implementation of good practice with regard tothe Internet. Your personal information is kept securely for as long as you are registered with a service of the Controller and is deleted after the termination in any way of your business relationship with the Data Controller.

3. Data we collect via email and contact form
In the context of contacting us via email and the Contact Form, we collect your name, email address and any other information you provide to us. This data is stored and used exclusively to respond to your request. The legal basis for the processing of your personal data is your consent (DPIA, Article 6(1a)). Your data will be deleted after the final processing of our communication. This will happen after the completion of the purpose and scope of our communication, provided that there are no legal requirements for the storage of such data.

4. Send newsletter
With your consent we will collect your E-mail in order tosend you a newsletter with our Company's newsand articles that you may find interesting. The legal basis for the processing is your consent (DPIA, Article 6(1a)) and you have the right to withdraw it at any time.

5. Supplier data
For the performance of the contract between us, we collect the data of our suppliers such as name, address, contact details, shipping details, financial data, which you provide to us yourself. The legal basis for the processing of your data is the performance of a contract and our compliance with legal obligations (GDPR Article 6 par. 1b and c), and we keep them for a period of up to twelve years from the last provision of services, or as required by tax and any other relevant legislation.

Who has access to your data. Data transfers.
Your data is accessible to our employees as well as to any other person authorized to process your data during their duties. In addition, we cooperate with third parties, natural or legal, professionals, independent consultants,etc. Etc. , which provide us with commercial, professional or technical services (e.g. website hosting, accounting services, transport services) for the purposes mentioned above, and support our business in whole or in part, in relation to our activities. Where applicable, such natural/legal persons will act as Joint or Independent Data Controllers; Processors or persons authorized to process personal data for the same purposes mentioned above, with the same security measures and in accordance with the applicable legal obligations.

Before the third party receives the Personal Data, we must: (1) complete the privacy check to evaluate the privacy practices and risks associated with these third parties (2) obtain contractual guarantees from these third parties that they will process Personal Data in accordance with our instructions and in accordance with this Policy and applicable law; that they will immediately notify our company of any Privacy or Security incidents, failure to comply with the standards set out in this Policy and existing legislation, that they will cooperate to remedy any such incident, that they will help us to respond to the rights of individuals set out below and that they will allow the Controller to control their processing regarding compliance with the these requirements.

Finally, the data may be further transmitted to public authorities and institutions, as well as to our legal assistants (legal and insurance companies), for legitimate purposes.

In addition to the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.

Our business does not transfer Personal Data outside the EU, and if necessary (for example, in order to use Cloud services) this will be done under the terms and conditions set out in Articles 44 et seq. of the GDPR, such as with your consent, the application of standard contractual clauses approved by the European Commission or in countries considered safe by the European Commission.

Use of cookies

For the proper functioning of the website and your better navigation, as well as for the better provision of our services, we use cookies.Cookies are text-files with information that the WebServer of the Data Controller stores on your computer when you visit this website.In this way, the website remembers your actions and your preferences for a period of time in order to have a p. e. personalization of online advertisements, traffic analysis or other statistical analysis, and provision of the services you have requested.

In this way you do not need to enter these preferences every time you visit the website or browse its pages. Only the Data Controller and its specially authorized partners have access to any information regarding cookies.

You may control and/or delete cookies according to your wishes. Details can be found on the website: aboutcookies.org. If you choose to disable cookies on the website https://dritsoulas-jewellery.gr/ the functionality of some pages may be lost or reduced.

Here's what Cookies we use:

More information on the use and management of cookies on the websitecan be found on the following websites:

About cookiess and theirmanagement(s):
http://www.aboutcookies.org/default.aspx
http://www.whatarecookies.com/
About Google'spolicy:
https://www.google.com/about/company/user-consent-policy.html
https://www.google.com/policies/technologies/cookies/
http://www.google.com/intl/el/policies/privacy/partners/

Data Security and Integrity

Processor applies reasonable technical and organizational security policies and procedures in order to protect personal data and information from loss, misuse, alteration or destruction.

In addition, we strive to ensure that access to your personal data is limited to those who need to be aware of it. Individuals who have access to the data are obliged to maintain the confidentiality of this data.

Please keep in mind that the transmission of information over the Internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of the data transmitted to our website. After receiving your information we will apply strict security procedures and functions to try to prevent unauthorized access.

We make every reasonable effort to keep the personal data we collect from you only for the period for which we need such data for the purpose for which it was collected or until their deletion is requested (if this happens earlier), unless we continue to keep them in accordance with the provisions of the applicable legislation.

Links to other websites

Our website may contain links to other websites, governed by other privacy statements the content of which may differ from this Privacy Statement. Please review the privacy policy of each website you visit before submitting any personal data to it. Although we try to provide links only to websites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices existed by other websites.

Data of minors

Where we need to process data of minors (e.g. data of underage patients), i.e. according to the GDPR, of those who are not 15years old, the processing is carriedout only with the written and explicitly expressed consent of the persons with parental responsibility over the minor. In any case, we make reasonable efforts to verify that consent is given or approved by the person who actually has parental responsibility for the child; that is, by authentication and any other available information.

Rights of Subjects

You may contact us by post or email at the addresses referred to in paragraph (1) above to exercise your rights under Articles 15 et seq. of the GDPR.

You may, for example, request an up-to-date list of persons who have access to your data, obtain confirmation of whether or not we are processing personal data relating to you, check its content, source, correctness and location (also in relation to any third country), request a copy, request its correction and restrict their processing; even delete them, if applicable. Similarly, you can always report comments and submit complaints to the Hellenic Data Protection Authority, Leof. Kifissias 1-3, GR 115 23, Athens, Call Center: + 30-210 6475600 or at the http://www.dpa.gr/

Changes to this Policy

The Data Controller submits this Policy to frequent review and may amend or revise it periodically at our sole discretion. When we make any changes, we will record the date of modification or revision inthe n Policy. The updated Policy will apply to you and your information from that date. We encourage you to periodically review this Policy in order to consider whether there are any changes in the way we handle your personal data. This Statement was last updated in October 2021.

Contact us

If you have any questions, comments or complaints about our handling or protection of your personal data, or if you wish to modify your personal data or to practice any of your rights as a data subject, please contact us at info@dritsoulas-jewellery.gr address.