PERSONAL DATA PRIVACY POLICY
INTRODUCTION
This Personal Data Privacy Policy constitutes an integral part of the Terms and Conditions of operation of the Site, which you may access by clicking [here].
The Controller of your data, which you notify us and we process , pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation), is the company for trade and commerce under the name “MENELAOS SAKELLARIS , ROCOCO – STATUS QUO S.A.", with registered seat at 25/27, Paradision Str.- Galatsi , Attica 111 47, Greece , legally represented by its President Mr. Menelaos Sakellaris.
ROCOCO may collect personal information about you from various sources, in accordance with applicable law.
Indicatively, we may collect personal information about you when you provide them in one of our stores, when you register on the Site or make online purchases for our products.
We value and respect your privacy to the greatest extent possible and necessary for the proper operation of the Site and the proper use of this Site by you.
We assure you that any personal information that you give to us is kept strictly confidential.
KEY DEFINITIONS
The key definitions of the terms used in the current document follow, as they are laid down in Article 4 of the General Data Protection Regulation (GDPR), so that the data subject will become familiar with the Regulation’s terminology.
Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, especially by reference to an identifier, such as a name, identity card number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Special Categories of Personal Data: Personal data which, essentially, are especially sensitive with respect to fundamental rights and freedoms, require special protection, since the scope of their processing may create important dangers which will affect such fundamental rights and freedoms. Such data include personal data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the undisputed identification of a person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
Controller: A natural or legal person, a public authority, agency or other body which, alone or jointly with others, determines the purposes and the manner of personal data processing.
Processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Processing: every act or series of acts realized with or without the use of automatized means on personal data or on aggregates of personal data, such as the collection, registration, organization, structure, storage, adaptation or modification, recovery, search of information, use, disclosure by forwarding, dissemination or any other form of disposal, correlation or combination, limitation, erasure, or destruction.
Authority: The Authority of Personal Data Protection.
WHAT TYPE OF PERSONAL DATA WE COLLECT ABOUT YOU
We do not collect personal data, unless you wish to provide it to us.
For example, if you decide to register on the Site or participate in an on-line survey, you may be asked to provide certain information, such as your contact information (e.g., name, email address, mailing address, telephone number), age and birth date, gender, user name and password, any concerns you may have in relation to the use of our products, as well as information about the brands and products you use.
In case of online purchases , we will additionally require your billing address, shipping address, as well as payment details.
If you do not wish us to collect any personal data about you, please do not provide us with any such information.
HOW WE COLLECT YOUR PERSONAL DATA
We collect information about you in the following cases, inter alia:
(a) when you register on the Site;
(b) when you contact us in order to request information or submit questions for our products and services;
(c) when you purchase products or services from us (if available);
(d) in the context of marketing and/or market research activities, if the statutory conditions are met;
(e) from other Companies or our business partners, who lawfully transfer your personal data to us.
If you provide personal data on behalf of a third person, you must ensure that the said third person has previously been informed of this Personal Data Privacy Policy.
In order to keep your information up-to-date, we kindly request that you inform us of any changes in the data we process about you.
HOW WE USE YOUR PERSONAL DATA
The data we collect about you is used in order:
(a) to create and manage your online account;
(b) to carry out your orders for the purchase of our products and services, including invoicing and payment of the order, dispatch of the order and handling of any returns;
(c) to answer your requests;
(d) to inform you with respect to ROCOCO products and services, about our news or offers or other matters that may be of interest to you, if the statutory conditions are met;
(e) to contact you for any issue that relates to your order or use of the Site;
(f) to conduct market research, if we have your consent.
(g) to create your personalized profile via statistical processes in order to offer you personalized proposals and offers in relation to our products and services, if we have your consent;
(h) To comply with our legal obligations and exercise our legal rights.
In case we use your information for any other purpose, we will inform you accordingly upon its collection.
WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA
Depending on the purpose for which we use your date, the legal basis of the processing may be:
(a)the performance of a contract, e.g., in order to offer you the product or the service you requested (such as the creation of an online account, the carrying out of your order (art. 6,1b GDPR);
(b) compliance with our legal obligations, when processing is required by the law (art. 6, 1c GDPR) ;
(c) your consent, e.g., for promotional activities, market research and creation of profile (art. 6, 1a GDPR);
(d) legitimate interest, e.g., in order to better understand your needs and expectations, improve our products and services and ensure that the Site remains safe (art. 6, 1f GDPR).
WHO ARE THE RECIPIENTS OF YOUR DATA
ROCOCO does not sell nor transmit or otherwise disclose any of your personal data to third parties without your consent, save for the exceptions below.
ROCOCO may share your personal data with:
(a) service providers rendering services on its behalf and under its instructions (e.g. payment processing, shipping, customer service);
(b) ROCOCO connected companies, in the context of their activities and according to the provisions of the law on international data transfers, if applicable;
(c) its business partners, for the purposes set out in this Personal Data Privacy Policy;
(d) any public Authority or Court, if so required by the law or by Court order.
BUSINESS TRANSFER
We might sell or purchase stores, subsidiaries or business units in the context of the development of our business. In the framework of these transactions, customers' and Site users' information is one of the transferred business assets, however such information remains subject to the commitments made in any pre-existing Personal Data Privacy Policy (unless you consent otherwise).
Also, in the event that ROCOCO or all of its assets are sold, customers' and Site users' information will be one of the transferred assets.
Following such sale or transfer, you may contact the entity to which your personal data will be transferred for any questions in relation to their processing.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Your personal data is processed preferably within the European Economic Area (EEA). If data processing takes place in countries outside the EEA, we will ensure that your personal data will be processed under appropriate safety standards.
Certain countries outside the EEA (Third Countries) have been officially characterized by the European Union as countries rendering an adequate data protection level. Consequently, data transfers to these countries does not require any special license or approval.
In countries for which no such decision has been taken, we will either request your consent for the transfer or we will forward the data based on the standard contractual clauses approved by the European Commission which impose respective data protection obligations directly on the recipient or, otherwise, we will provide appropriate guarantees for the transfer , in accordance with the General Data Protection Regulation, unless we are allowed by law to otherwise effect such transfer.
CHILDREN
If you are over 15 years of age, you may browse our Site. However, you may not provide personal information to us , save with the consent of your legal guardian.
This Site is not designed for children and we do not knowingly collect personal data from children under 15 years of age.
INFORMATION WE COLLECT BY AUTOMATED MEANS
When you visit the Site, we collect specific information by automated means, using technologies such as cookies, web beacons and log files.
HOW LONG WE STORE YOUR DATA
We store your data for as long as is necessary for the purpose for which it is processed and for the period during which claims may be raised under the law or until any such claims have been finally and irrevocably settled.
Where processing is based on consent, the data is stored until the consent is revoked.
SECURITY
Your personal data is protected by technical and organizational methods that comply with Greek and European legal and regulatory requirements, which ensure data safety and confidentiality. In particular, ROCOCO uses data protection technologies, such as encryption systems, systems for ID verification and fraud detection, for the protection of your online account and the payment transactions, as well as for the monitoring and analysis of security incidents in real time.
ROCOCO will receive written commitments from its service providers and business partners in relation to the application of appropriate organizational and technical measures that ensure personal data safety, in accordance with personal data protection laws.
Access to the customer's account information is limited to those required to access it for the performance of their duties.
Access in our systems is permitted only with the use of an user ID and a password which allows for the proper identification and authentication of our users for accessing personal data in the context of the performance of their duties. Confidentiality and access to the database and our systems is regularly reviewed and updated for the further protection of your personal data. If you have any questions regarding the security level provided via the Site, please send us an e-mail at dpo@rococo.gr .
LINKS
The Site may provide links to other websites solely for the convenience and information of our visitors.
These websites are not under our control and have their own policies regarding personal data privacy which we advise you to review in case you visit any such website.
Please be aware that we have no responsibility for the content or the privacy policy of such other sites or for the use thereof.
KEY PRINCIPLES THAT CONCERN PERSONAL DATA PROCESSING
The Company, as Controller, strictly abides by the principles of data protection which are defined in Article 5 of the General Data Protection Regulation (GDPR).
1. Lawfulness, Objectivity and Transparency
The Company processes personal data lawfully, objectively, and transparently as far as the data subjects are concerned.
2. Purpose Restriction
Private data are collected only for special, explicit, and lawful purposes and they are not processed for any other purpose.
3. Data minimization
The Company maintains accurate personal data of data subjects and ensures that their maintenance is limited to what is necessary in relation to data processing purposes. At the same time, it applies suitable technical means in order to achieve the above objectives.
4. Precision
The personal data maintained by the Company are accurate and updated. Measures are taken to ensure that personal data which are inaccurate with respect to the purpose for which they are processed are erased or corrected within a reasonable time.
5. Storage Time Limitation
Personal data are maintained for a time period not greater than necessary for the purpose for which the Company processes them.
6. Integrity and Confidentiality
Taking into account the technological level and other available safety measures, the cost of application, as well as the probability and gravity of dangers concerning the personal data, the Company uses suitable technical or organizational means for personal data processing, in a way that guarantees the proper safety of the personal data and their protection from accidental destruction, loss, damage, and unauthorized or illegal processing.
7. Accountability
The Company is responsible to prove and can prove its compliance with the General Data Protection Regulation to the competent Authority of Personal Data Protection.
YOUR RIGHTS
Our Company bears our responsibility and is, at any time, able to prove its compliance, on an ongoing basis, with the above principles, as they are specified in this Policy.
Furthermore, ROCOCO checks, re-examines and updates at regular intervals and, in any case, whenever necessary, the present Policy, taking into account the current legal and regulatory framework.
You are entitled to request access to your personal data, to request the rectification/erasure of your personal data and the restriction of its processing, the right to object to the processing and/or exercise your right to data portability ecc. , in accordance with the specific and detailed provisions of the General Data Protection Regulation (GDPR, Articles 12-22).
If the data processing is based on your consent, you are free to revoke it, at any time, with effect for the future (Article 7 GDPR).
You may exercise your above rights by contacting ROCOCO at the contact details referred to in the relevant section below.
CONTACT US
You may contact us at any time and for any reason at the following address:
MENELAOS SAKELLARIS
ROCOCO – STATUS QUO S.A
25/27, Paradision Str.
Galatsi , Attica 111 47
Greece
Tel. : +30 210 2224480
e-mail: dpo@rococo.gr .
CASE OF BREACH
In the event that our Company is informed of a possible or actual breach of personal data, it must immediately conduct an internal audit and take appropriate action to restore it within a reasonable time, in accordance with the Privacy Security Policy.
As long as there is a risk for the rights and freedoms of the data subjects, the Company is obliged to notify the incident to the Authority immediately and, in any case, within 72 hours at most.
In case you are not satisfied with our use of your data or from our answer to the exercise of your above rights, you are entitled to file a complaint to the supervising authority:
Personal Data Protection Authority
1-3 , Kifissias str.
Athens, 115 23
Greece
Tel. +30 2106475628
e-mail : contact@dpa.gr