GENERAL DATA PROTECTION AND PRIVACY STATEMENT (GDPR)
The general partnership under the name «EMMANOUIL ANARGYROY AND CO», which owns the trademark BASEHIT, hereinafter referred to as «COMPANY», established in Galatsi Attica (28 Panos Street) with VAT number: 099821233 of the IG΄Tax Office of Athens, has the status of the Data Controller, in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter «GDPR»), the applicable national legislation, as well as the relevant decisions, directives and regulatory acts of the Personal Data Protection Authority, (hereinafter «PDPPA»), as it maintains electronic records and processes personal data, while determining the purpose and manner of their processing.
• «Personal data» means any information relating to a person («data subject»), whose identity is or can be determined, directly or indirectly, such as name, identification number, home address, email address, VAT number, social security number or attributes which identify the physiological, genetic, psychological, economic, cultural or social identity of that person, including an his/her image.
• The term «processing» means any operation or set of operations which is performed with or without the use of automated means on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, searching for information, use, disclosure by transmission, dissemination, distribution, any other form of providing information, alignment or combination, restriction, erasure or destruction of personal data, whether in electronic form (electronic file) or in hard copy form ( physical file).
• «Special categories of Data (Sensitive Data)», are data concerning and revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic and biometric data, the processing of which is carried out for the purpose of unambiguous identification of a person, data concerning health, as well as data concerning the sexual life of a person or his/her sexual orientation.
• «Health related data»: personal data which relate to the physical or mental health of a person, including the provision of health care services, and which disclose information about the health status of that person.
• «Controller»: the person or legal entity who, alone or jointly with others, determines the purposes and means of processing personal data, as in this case, the Company is considered.
• «Processor» is any person or legal entity who processes personal data on behalf of the Controller. «Processing of personal data» means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of providing information, alignment or combination, restriction, erasure or destruction.
• «Recipient»: the person or legal entity, public authority, agency or other body, to whom the personal data are disclosed, whether or not they are disclosed to third parties. However, public authorities which may receive personal data in the context of a specific investigation, in accordance with European Union or Member State Law, shall not be considered as recipients, the processing of such data by those public authorities shall be carried out in accordance with the applicable data protection rules depending on the purposes of the processing.
• «Third party»: any person or legal entity, public authority, agency or body, with the exception of the data subject, the controller, the processor, and persons, who, under the direct supervision of the controller or the processor, are authorized to process personal data.
• «Consent» of the data subject: any freely given, specific, explicit and with full cognition will of the data subject΄s by which the data subject signifies his or her agreement, by a statement or by a clear affirmative action, to the processing of personal data concerning him or her.
• «Profiling» is any form of automated processing consisting of the use of personal data to evaluate certain personal aspects of a person, in particular to analyze/predict aspects relating to the job performance, financial situation, health, personal preferences, interests, reliability, behavior, location or movements of a person.
• «Personal data breach» means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
The «COMPANY», in full compliance with the requirements of the legal framework of the General Data Protection Regulation (GDPR), as it applies each time, is committed to safeguard all personal data related to its activity and which will be processed, as well as to store them securely.
Under our commercial activity, we collect certain personal data about you to facilitate our relationship with you and to provide you with the best possible shopping experience. Through this Privacy Statement, we want to explain our practices and policies, regarding the collection, use and sharing of data, as well as the Cookies, which are being collected by or for you.
2. Data collection
We collect your personal data when you contact with us, through either the contact form or the order form, or your subscription to the Newsletter, or through your phone or email or any other way you send us your data.
3. Data we collect
Α) If you visit the BASEHIT website without registering or proceeding with your order as a visitor, data are collected from your navigation on the website, which, in order to always comply with the Data Processing Authority, are the minimum and are the following:
• Device data: device identity, operating systems, device operating version or other device identifiers.
• Login details: time, date, duration of visit, user΄s home location, ΙP Address (network protocol address) and other details about the connection protocol.
Β) In case you choose to create a User Account on our website www.basehit.gr, we collect your personal data on a secure server. You will be asked to fill in your full name, email, billing information, shipping address and password to enable you to complete your order. BASEHIT does not have access and does not know your password, since it is stored in our system in encrypted form. We store your billing and shipping address, so that you do not have to fill in this information on your next purchases.
C) Finally, by choosing to place an order for our products, you will have to enter additional personal information in order to complete your transaction. The mandatory data for each online transaction are your full name, landline phone, mobile phone, address (street, city, postal code), shipping address of the order and the tax document you wish to receive (receipt, invoice). In case of an invoice, additional data required for issuing an invoice are collected, such as VAT number, tax office, profession etc.
3.1 Data for the personalization of our services
Ιn our efforts to make your shopping experience and service as good as possible while you are browsing www.basehit.gr website, we collect personal data about your orders or your use of our services. We use this data to personalize the Web Services and to recommend products (suggested) that may interest you. We may also use this data to further optimize your overall browsing experience on the www.basehit.gr website, which is carried out in the following ways, for example:
- Collecting data from the products placed in your basket: If you have placed products in your shopping card and have not proceeded with the checkout process, we may send you an abandoned cart email letting you know that the products are still available. Also, as discussed below (Article 3.4), it is possible that, based on your previous visits and/or purchases from our online store, we may send you product selections that best suit your needs.
- Collecting and storing data regarding your shopping history and behavior on the www.basehit.gr website, social media, email data, as well as offline «Services» in CRM, in a data management platform (Article 4 below) to optimize your shopping experience with the COMPANY. In addition, it is possible that we may store data received from other parties (including social media) on our data management platform. Our purpose is to analyze the data we collect to target a specific audience, to match your data with customers who have similar profiles, to connect devices you use, to show you targeted ads and offers, and to customize your online experience or send products to you than you purchase offline.
3.2 Your data is safe at: www.basehit.gr
We appreciate your trust in our online store www.basehit.gr. We are committed to protect your personal data and for this reason we take all the necessary measures to secure it. We have implemented reasonable security measure, including Secure Socket Layer (SSL) encryption technology and other tools to protect all of your personal information that we may collect through our website’s «Services». We use a variety of measures to ensure your personal information is protected from unauthorized access, improper use or disclosure, unauthorized modification, or alteration, unlawful destruction or accidental loss. However, the Internet is an open system, and the «Company» cannot guarantee that personal data you submit will not be intercepted by others. All COMPANY employees and partners involved in the processing of personal data are bound by contractual obligations of confidentiality of such personal data. Also, in the process of executing payments by credit/debit/prepaid card, its data are protected by the method of encryption and entered directly into secure banking systems. These data remain encrypted and are not disclosed to any third party.
3.3 Optimization of Marketing and Web Services.
The data and the feedback, we collect about your use of our website www.basehit.gr «Services», help us to develop our services, improve them and tailor them to your needs.
3.4 What we need your data for
We collect and further process your personal data only for the purposes mentioned in the above articles.
We will inform you and, if necessary, ask for your consent to any changes in the use of your personal data.
As already mentioned, we may use your data for decisions based on automated decision- making, including your profile. For example, we may use your previous purchase data and/or browsing data to recommend products that match your previous purchases. By obtaining your consent, we are able to use automated decision making, both in advertising and on our Web Services.
Furthermore, through the collection and processing of your personal data, we are able to inform you about new products, offers and other promotions by sending you a newsletter or by some other means (e.g. Viber message, SMS). If you no longer wish to receive this newsletter, you can unsubscribe by using the relevant unsubscribe button (Unsubscribe) in the newsletter or send an email to email@example.com requesting to be removed from the list of this contact.
3.5 Disclosure of personal data to third parties
We will not assign, disclose, or lease your personal information to any third party/entity in a manner other than as described in this Privacy Statement or as required by law. The COMPANY transfers personal data to third parties, as set out below, to whom it entrusts the processing of personal data on its behalf.
The data is only transferred to our partner companies that provide services for the purpose of sending promotional material and personalized offers. Also, this data is transmitted to our partner companies for the purpose of evaluating the quality-of-service provision, as well as our products and services. Furthermore, for the purposes of implementing the sales contract, data is transmitted to partner companies to which the execution of part of the contract has been assigned, such as transport companies or pick-up points selected by you. Moreover, access to the data is given to independent service providers who have constructed our website, as well as to those who provide technical support and/or hosting for the operation of our website.
We always seek to ensure that all such third party/independent service providers do not use your personal data for any purpose other than to provide the services to which they are contractually bound. In addition, we draw up contracts with these independent partners, which require them to comply with the standards of personal data protection required by law and to use the data only for the purposes for which it was provided to them.
Finally, we reserve the right to disclose your personal information to third parties, if we are required to disclose or share your personal data to comply with any legal or regulatory obligation.
4. Data management platform
As mentioned above, we use a data management platform that allows us to store your data and combine it with data obtained by third parties. The sources from which we collect data change regularly. If you would like to know which sources we currently use, you can contact us by emailing us at: firstname.lastname@example.org.
Where appropriate, we may share your information with other companies that help promote COMPANY΄s products and services in order to provide you with improved services. In any case, we will only, these companies with the information needed to perform their services and will not permit the use of this information for other purposes.
5. Cookies policy
Please read this Cookies Policy carefully to understand in more detail the Cookies we use, their purpose and other information that may be of interest to you.
5.1 What are Cookies
Cookies are small text files that are installed on your computer or electronic device through the browser you use, when you visit: www.basehit.gr. Cookies help us to collect information necessary to measure the effectiveness of our website, to improve and update its content, to adapt it to the demand and needs of its users, as well as to measure the effectiveness of the COMPANY΄s presentation and promotion on third party websites. By associating the identification numbers in the Cookies with other information about you, for example when logging in to the website, we know that the information in the Cookies relates to you.
The information that Cookies collect may include the type of Browser you use, the type of computer, its operating system, the internet service providers, and other such information. In addition, the website΄s information system automatically collects information about the sites you visit and about links to third-party websites that you may select through our website.
The following categories of Cookies are used on www.basehit.gr:
Α) Momentary Cookies that are stored on your computer or electronic device during your visit to our website and deleted when you leave it.
Β) Stored Cookies that remain on your computer or electronic device for a longer period of time until they are deleted by you. Examples are Cookies thar are necessary for us to provide Services to you, Cookies that remember products stored in your shopping cart and which remain in memory for approximately 7 days, or Cookies that record your behavior within the website, such as your choices, your demographics, the products you visit, and other data that contribute to the creation of an anonymous user profile.
C) Third Party Cookies, such as Google Analytics, which may set the Cookies we use. In case you access third party websites or connect to social networking sites (Instagram, Τik-Τok, Facebook, YouTube) through our website, you should be aware that these third-party websites or sites may install cookies as soon as you click on the relevant link. These Cookies are outside our control and are governed by the Cookies Policy of each third party that installs them individually. We recommend that you read the policies of their websites each time to see exactly how you should manage them.
D) Necessary Cookies that are stored on your computer or electronic device during your visit to the website and are used for the smooth operation of the website. Their acceptance ensures the best online experience of the user during his/her browsing and therefore their universal acceptance is recommended.
More information about Cookies, how to manage and delete them can be found at https://www.cookiebot.com/en/ or https://www.aboutcookies.org/.
6. For how long we keep your data
It is our policy to keep your data only for as long as necessary for the purpose for which it was collected, in accordance with the principles of data minimization and storage period limitation. For all the reasons above, your data will be retained for at least five (5) years after our last transaction. In addition, we align the retention of your data with possible variations resulting from the exercise of your privacy rights.
Specific cases of differentiation:
6.1 Correspondence and enquiries
When you ask a question or contact us by email or through our contact form, we keep your information for 24 months after your query has been resolved.
6.2 User registration information
We retain the information you used to subscribe to our newsletter, until you unsubscribe, or we decide to cancel our newsletter services, whichever comes first.
In any other case, we may keep your information for longer than necessary considering the following:
• The purposes and use of your information, both now and in the future (such as whether it is necessary for us to continue to store this information to continue to fulfil our obligations under an agreement with you or to contact you in the future).
• Whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant legislation or regulations).
• If we have a legal basis to continue to process your information (such as your consent).
7. Where your data is processed
Your data is processed within the European Union. Please be informed that appropriate safeguards are in place to protect your data.
8. Online Advertising
Our COMPANY may participate in interest-based advertising. As described above, we may automatically collect data about how you browse websites, use apps and shop, in order to improve your experience as a customer, improve your service and provide you with contacts and promotions from us or others. The goal of interest-based advertising is that the COMPANY or its advertising partners΄ are able to collect and use your data for these purposes.
To successfully opt out, you must have cookies enabled in your browser. Please note that if you choose to opt out, you may continue to see ads on our sites and receive communications from us, but these ads and communications will not be based on how you browse and shop. As described above, you can also prevent the automatic collection of certain data by turning off cookies in your browser.
If you wish to unsubscribe from our database, you can send a request to email@example.com. The controller is obliged to delete personal data without undue delay.
9. Your personal data protection rights
At any point in the retention or processing of your data, you retain the following rights, while you may also make the following requests:
• Right of access – You have the right to access the personal data we hold about you.
• Right to rectification – You have the right to correct inaccurate or incomplete data we hold about you.
• Right to erasure – You can request that the data we hold about you be erased from our records, and we are obliged to comply with your request in certain circumstances.
• Right to restrict processing – You have the right to request that we restrict the processing of your personal data, and we are obliged to comply with this request when certain conditions apply.
• Right to data portability – You have the right to request that the data we hold about you is transferred to another organization.
• Right to object – You have the right to object to the processing of personal data concerning you, under certain conditions.
• Right to withdraw consent – Where the legal basis for processing your data is “Consent”, you have the right to withdraw your consent at any time.
All your requests concerning the above rights can be submitted via the dedicated request form or via the administration pages of your personal account.
The procedure for processing any request concerning the above rights is as follows: We will evaluate the request and respond to you regarding its progress (request approval, partial request approval, request rejection) as soon as possible and in any case within one (1) month of its submission. In case our company rejects your request regarding the aforementioned Data Protection Rights, we will provide you with the reasons for the rejection. In addition, you have the right to submit a complaint directly to the regulatory authority and our Company΄s Data Protection Officer.
We reserve the right to refuse requests that are unreasonably repetitive, require disproportionate technical effort or have disproportionate technical consequences, risk the privacy of others, or are impossible to implement.
If you want to know more or want to exercise your rights, please contact us at: firstname.lastname@example.org.
10. Changes to our declaration
Our Privacy Statement may change from time to time. We endeavor to continually review and update this Statement in order to comply with any applicable legal and regulatory requirements, while providing optimal protection of your Personal Data. Any changes to the Privacy Statement will be posted on this website.
11. Minors providing personal data
Persons under the age of 18 may provide personal data to the «COMPANY» only if they have written consent from one of their parents or legal guardians, who has read this privacy statement.
12. Contact us
This website belongs to «EMM. ANARGYROY & CO.», which is responsible for the processing of your personal data and acts as the controller. If you have any questions, comments or want to know more about how we process your personal data or if you wish to access, correct, or remove your personal data, please contact us at: email@example.com.
You can also write to us at: EMM. ANARGYROY & CO, 28 Panos Street, Galatsi, P.O Box 11146, Athens, Greece or call us at: +302107104447.