Privacy Policy
PERSONAL DATA PRIVACY
The protection of users’ personal data is important to us and we adhere to a Data Protection Policy that is in accordance with the terms arising from the European Regulation 679/2016 EU. (GDPR) and any other applicable legislation.
WHAT ARE THE PERSONAL DATA?
The term “personal data” refers to information of natural entities, such as postal address, e-mail address, telephone contact, etc., which recognize or may you, hereinafter referred to as “Personal Data or Data”.
WHAT IS PERSONAL DATA PROCESSING?
Any operation or series of operations performed with or without the use of automated means, on personal data or on personal data sets, such as the collection, registration, organization, structuring, storage, adaptation or modification, retrieval, recovery of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion, or destruction.
The provision of your Data may be necessary to achieve the purposes set out in this Privacy Policy or may be optional.
If you refuse to provide the information marked as mandatory on the Website, it will be impossible to achieve the primary purpose for which the specific Data are collected, and it may, for example, make it impossible for us to provide the services available on our Website.
The provision of additional Data, in addition to those that are marked as mandatory, is optional and does not affect the main purposes of Data collection, as their provision serves only to optimize the quality of the services we provide.
WHICH PERSONAL DATA DO WE COLLECT? HOW LONG DO WE KEEP THEM?
We take care to collect only the absolutely necessary Personal Data, which are appropriate and clear for the purpose intended. The Data include the following:
a. Creating a User Account
In order to provide you with the best service and to facilitate your future purchases, you can create a member account to become a member of our website. To create a member account, fill in the e-mail address and then fill in your requested personal information (Name, Surname, address, Postal Code, City, Region and telephone). An essential element is also the use of login information (password) which you must store and keep safe.
Once you have filled in the details to become a member, you will be sent an email to the address you previously stated, which confirms your registration on the Website.
During your first order, you are asked to fill in the required information in order to be able to complete the purchase and shipping of the product, so your information will be stored, and you will be able to order more easily the next time you wish to make a purchase through our online e-shop (regarding the data we request and maintain in case of order, see details below under b).
All this information is necessary, and convenient for the transaction and invoicing of your order. The data you fill in the special form remain stored in the systems of our Company for as long as your account remains active as, and if you choose to deactivate it, they are deleted. If you wish to send us a request concerning the user account you maintain, for purposes, it should be sent to our Company at , from the email you stated when you registered as a member.
In case the account remains “immobile” i.e 12 months have passed since your last login to it, we will ask you to update your details and renew your statement so that we can continue to keep your data. Before the expiration of 12 months, you will receive from us up to 3 emails to the e-mail address you have given us and in case you either explicitly tell us that you no longer want us to keep your information or do not reply to any of the 3 messages, your data will be completely deleted. You will be notified in writing by us by email of the complete deletion of your data.
In case you have also placed an order, some of your data may need to be kept for the necessary period as requested by the taxation rules and other obligations of the Controller based on the respective taxation /or rule or other legislation (see also item b below).
b. Data you provide to us when purchasing a product
When you purchase our products online, you have the option to subscribe to rusticogreco.com as a member by entering your email address or making the purchase as a simple visitor.
Upon completion of your order, we ask for your email address and telephone number in order to confirm the order. We also request the necessary data for the issuance of the document and the shipment of the goods, i.e. surname, address, postal code, city / region in order to execute the agreed with us contract upon the delivery of the goods. In the case of an invoice, it is necessary to collect additional data such as the company’s brand name the VAT number, the Tax Office branch, the profession and the object of the commercial activity.
Depending on the way you choose to make the payment, we receive the necessary evidence in order to execute your order such as your name and order number (in case of a bank deposit in one of the Banks with which we cooperate).
To make payments via your credit card, we inform you that the entire payment process takes place within the secure environment of Piraeus Bank that uses the SSL protocol, with 128bit encryption, for secure online commercial transactions with the redirection methodology.
In this way, your personal credit card information is encrypted so that it cannot be read or altered when transferred over the Internet.
Your details will be used to confirm payment of the order. We do not process or maintain your credit or debit card information.
When you wish us to send you the product you have purchased to the address you have indicated to us, the necessary data for delivery are given to the companies cooperating with our company for the execution of the set purpose.
Finally,
1.if it is necessary to arrange more specific arrangements of the order as well as to complete the ordering process, we may send automated or personalized emails to the email address and / or mobile phone that you have notified us or to contact you by phone that you have notified us and
2.if it is necessary for the collection of the products by the buyer or a third authorized by the buyer party in case of payment at the physical store and its collection from it, you will provide the employee who delivers the products with some (i.e., ID or passport number and issuing authority) for reasons of security of transactions, which will be deleted after the delivery of the product.
We process the above information for the execution of the contract between us.
Also, the processing is necessary for the compliance with our legal obligation, as well as for the purposes of our legal interests, i.e., the better and more efficient implementation of the process of receiving and executing your order.
As part of our effort to ensure that the processing of your data is transparent and that the data we maintain is up to date, 12 months after your last purchase if you have made it as a visitor or since your last login to your account (see above a), we will contact you by email so that you tell us that you wish us to keep your data with us or that you wish to update them if something has changed. You will receive a total of three communication notices from us, 15 days and 7 days before the expiration of the 12 months as well as on the day of its expiration if we do not already have your answer. If you reply that you do not wish us to retain the data you have already provided to us in order to execute your order explicitly or implicitly (i.e., if you do not reply to our messages at all), we will delete your data completely and notify you of the deletion by e-mail.
However, our Company may need to retain some of your data for exercising its rights under the contract, if the case is brought to court and / or for the fulfillment of obligations in compliance with taxation law or other rules as those applicable to the sale. The data kept for the above cases and / or in compliance with the above obligations, will be deleted completely on a case-by-case basis when there is no longer a reason to keep them (e.g., statute of limitations, termination of court proceedings, expiration of legal or contractual deadlines etc.).
c. Data you provide to us when you subscribe to our newsletter
To subscribe to our newsletter in order to receive our news and offers, we collect your email address. We keep your data for as long as you wish to receive information from us, enabling you to opt-out on every message. Your data is processed by the provider of the newsletter sending platform, who is committed to the security of your data processing by applying all appropriate organizational and technical measures.
Respecting the protection of your data and conforming to the need for your data to be updated, every 12 months we will ask you to renew your consent in order that we continue sending the newsletters. If you state to us that you do not wish us to continue sending them explicitly or implicitly (unless you respond positively to the three emails, we will send you 15, 7 days before and on the day of the expiration date), you are to be notified by email that we stop sending the newsletter and that we will completely delete your data.
d. Data you provide when you submit a query / request to us
When you submit a query / request through the contact form of our website, we ask for your telephone number and e-mail address. We use this information in order to answer your query / request, as well as to provide you with any information about our products. Your data are not disclosed to third parties except to the authorized personnel of our company and are kept for the necessary period of time to satisfy your request unless the nature of the request necessitates further communication. As for the processing, all necessary technical and organizational security measures have been taken.
RECIPIENTS OF YOUR DATA
Only the absolutely necessary staff of our Company has Access to your Data, which is committed to maintaining confidentiality as well as our partner companies or third-party service providers, who process your Data as Controllers on our behalf and in accordance with our instructions and orders.
Controllers: Third party service providers that process personal data on our behalf, for example (indicatively mentioned) for hosting, managing and maintaining our website, email distribution, research, delivery companies as well as accounting and legal services. When we use third party service providers, we enter into agreements that oblige them to implement appropriate technical and organizational measures to protect your personal data.
Other third parties, to the extent they are required for the following purposes: compliance at the request of a body of the Hellenic State, court decision or applicable law, the prevention of illegal use of our Internet Websites and Apps or violations of the Terms of Use of our Websites and Apps and our policies, our protection against third party claims, and our contribution to preventing or investigating fraud cases.
The policy we implement with third parties Controllers of your Data are in accordance with the above:
We provide only the information needed to perform their specific services.
Your Data may be used solely for the purposes set forth in our agreement with them.
If we stop using their services, any of the data they hold will be deleted or made anonymous.
The Executors on our behalf have agreed and contractually committed with the Company to maintain confidentiality, not to process your data for other purposes and without our permission, to take appropriate technical and organizational security measures and generally to comply with the legal framework on the protection of personal data and in particular Regulation 979/2016 / EU (GDPR). We as a company work with them to ensure that your privacy is respected and protected at all times.
YOUR RIGHTS AS A DATA SUBJECT
Right of access by the data subject (Article 15 GDPR)
You have the right to know if your data are being processed, how and for what purpose.
You have the right to request from us, at any time, copies of your personal data. There are some exceptions, which means that you may not always receive all the information we process.
More specifically, natural persons (data subjects) have the right to receive:
• confirmation of the processing of their data; and
• a copy of this data (ref. Articles 12, 15 GDPR). The request can be submitted either in writing or orally.
You may only be asked to pay a reasonable fee if your request is manifestly unfounded or excessive (especially when repeated) or if the number of copies we are asked to provide is big.
Right to rectification (Article 16 GDPR)
You have the right to demand the rectification of inaccurate data as the completion of incomplete data concerns you.
Right to restriction of processing (Article 18 GDPR)
You have the right to request a restriction on the processing of your personal data when one of the following occurs:
• the accuracy of the personal data is disputed by the data subject for a period of time which allows the controller to verify the accuracy of the personal data.
• the processing is unlawful and the data subject objects to the deletion of personal data and requests that their use be restricted.
• the controller no longer needs personal data for processing purposes, but such data are required by the data subject to establish, exercise or support legal claims.
• the data subject has objections to the processing in accordance with Article 21 (1), pending verification as to whether the lawful reasons of the controller supersede the reasons of the data subject.
When processing has been restricted in accordance with paragraph 1, such personal data, other than storage, are processed only with the consent of the data subject or for the founding, exercise or support of legal claims or for the protection of rights of a natural or legal entity or for reasons of public interest of the Union or of a member state.
The data subject who has secured the processing restriction in accordance with paragraph 1 shall be informed by the controller before the processing restriction is lifted.
Right to erasure (Article 17 GDPR)
When you no longer wish to have your personal data processed and retained, you have the right to request its erasure, provided that the data are not retained for a specific lawful and declared purpose.
Right to data portability (Article 20 GDPR)
You have the right to receive or request the transfer of your data, in machine-readable form to another controller, if you so wish.
You have the right to object and withdraw your consent to the processing of your Data (Articles 7 and 21 of the GDPR)
You may object to the processing of your Data and we will stop the processing of your Data unless there are other compelling and legitimate grounds prevailing over your right. If you have given your consent to the collection, processing and use of your personal data, you may withdraw your consent at any time with future effect.
In case we on our legitimate interest: In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons to your personal situation. We must then do so if we do not believe that we have a lawful reason to continue to process your Personal Data.
Right to lodge a Complaint (Article 77 GDPR)
You have the right to lodge a complaint to the Personal Data Protection Authority (postal address 1-3 Kifissias Av., P.C. 115 23, Athens, tel.210. 6475600, e-mail address contact@dpa.gr ), if you consider that the processing of your Personal Data violates the applicable national and regulatory framework law for the protection of personal data.
HOW CAN YOU EXERCISE YOUR RIGHTS?
To exercise your rights, you can submit a request to us at the email address or contact us at the phone number (+34) 665622137 and we will look into it and answer you as soon as possible.
We respond to your Requests free of charge without delay, and in any case within (1) one month from the time we receive your request. In the event that during this period of (1) one month, we are unable to respond due to the complexity of the request or for any other reason, we will let you know within the month if we need extra time to respond to your request.
If you wish to correct your Data in your user account, you can log in to it and make any correction / change without the need to submit a Request.
If you wish to withdraw your consent to send a newsletter (newsletter) you can do so by selecting the link “To delete from the” newsletter mailing list “click here” located at the bottom of each newsletter.
APPLICABLE LAW WHEN PROCESSING YOUR DATA
Applicable Law is the Greek Law, as formulated according to the General Regulation for the Protection of Personal Data 2016/679 /EU, law 4624/2019 and in general the current national and European legislative and regulatory framework for the protection of personal data.
MODIFICATION OF THE PRIVACY POLICY
This Privacy Policy is updated whenever necessary. Any changes to this Privacy Policy will take effect as soon as the updated Privacy Policy is posted on this website. We encourage you to read this Policy at regular intervals to know how your Data is protected.