Privacy Policy

This privacy policy explains how “Skivalakis” Sole Proprietorship (‘’Skivalakis” “we”, “us”, “our”) and the website/e-shop www.skivalakis.gr (“the Site”, “the e-shop”) we own and operate as part of our business use the personal data we collect from you when you visit our Site or when we provide services to you according to the General Data Protection Regulation (GDPR) and the relevant EU law.

SECTIONS:

1. GENERAL INFORMATION
2. WHAT IS PERSONAL DATA & WHAT CONSTITUTES DATA PROCESSING?
3. DATA CONTROLLER
4. MINORS’ DATA
5. TYPE OF PERSONAL DATA WE COLLECT & HOW WE COLLECT IT
6. LEGAL BASES FOR PROCESSING
7. PROFILING & AUTOMATED DECISION MAKING
8. WHOM WE SHARE YOUR DATA WITH
9. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?
10. DATA RETENTION PERIOD
11. TRANSFER OF INFORMATION TO THIRD COUNTRIES
12. COOKIE POLICY
13. YOUR DATA PROTECTION RIGHTS
14. HOW TO EXERCISE YOUR RIGHTS
15. HOW TO CONTACT US
16. CHANGES TO THIS NOTICE

– DATA SUBJECT ACCESS REQUEST FORM

1.GENERAL INFORMATION

Your privacy is very important to us and we are committed to protecting your personal data. We promise to keep your data safe and to give you ways to manage and review your privacy choices at any time.

Www.skivalakis.gr and all services provided to you through this Site/e-shop are only targeted to residents of Greece. You should not make use of any of the services of the Site/e-shop if you reside outside Greece.

To provide our services, we collect personal data about you. Data collection may take place on our Site, by phone, by e-mail, through social media websites (e.g. Facebook), through written correspondence and through other media we may use from time to time as technology develops.

This privacy notice is intended to provide you with detailed information on our use of your personal data.

‘’Skivalakis’’ operates social media accounts on both Facebook (‘’Σκυβαλάκης περί σκίασης και διακόσμησης’’) and Instagram (“Skivalakis_skiasi_diakosmisi”). We may interact with you through social media. However, we cannot control those social media platforms, the terms under which they provide services to you, and/or how you set your profiles on them. Please check the Terms & Conditions and Policies found on those WebPages and set your privacy settings so that you understand and are comfortable with how they operate and how your personal information on those platforms will be used.

By navigating and/or using our Site, you acknowledge you have read this Privacy Policy and agree to be bound by the terms hereof, the Terms of Use, the Cookie Policy and any other terms or policies we post on our Site. If at any time you do not agree to any of these policies, please do not use the Site nor provide us with any personal information.

2.WHAT IS PERSONAL DATA & WHAT CONSTITUTES DATA PROCESSING?

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Examples of personal data: a name and surname, a home address, an e-mail address, an identification card number, an Internet Protocol (IP) address.

Processing covers a wide range of operations performed on personal data, including by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

3.DATA CONTROLLER

For the purpose of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (“General Data Protection Regulation” or “GDPR”) or any subsequent amendment or replacement or supplementary legislation (together “Data Protection Law”), the data controller is ’’Skivalakis’’ which owns and operates the Site/e-shop.

Our business is located and has its registered office at 3-5 Chrysostomou street, Heraklion, Crete, Greece, P.C. 71306. The business’s tax identification number (TIN) is 046500571.

4.MINORS’ DATA

Persons using this Site to browse and make purchases must be 15 years or more. If you are under 18 years of age please read our Terms of Use carefully before using our Site.

We process personal data of a child only where the child is at least 15 years old and give their consent to the processing. Where the child is below the age of 15 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

We do not knowingly collect or otherwise process personal data from minors under 15 without parental consent. If we accidentally or unknowingly have done so, those data will be deleted as soon as it comes to our knowledge.

If you are under 15 years of age please do not navigate our Site nor make use of any of our services.

5.TYPE OF PERSONAL DATA WE COLLECT& HOW WE COLLECT IT

We collect information to deliver our products and services you request, to help improve your shopping experience, and to support our business functions.

We may collect the following categories of personal information. Not all categories may be collected about every individual:

• Personal identifiers, such as name, address, and age.
• Device and online identifiers and related information, such as telephone number and e-mail address.
• Internet, application, and network activity, such as cookie IDs and browser visits.
• Financial information, such as bank account number.
• Purchase and browsing history information, such as products you have viewed, listed, bought, and returned.
• Location information, such as place of residence.
• Audio information, such as phone order recordings.
• Individual preferences and characteristics, such as inferences related to shopping patterns and behaviors.

How Do We Collect Information?

We collect information from you in a variety of ways. It may be:

1. Personal information provided directly by you:

You actively share information with us online. For example, you share information when you make an online purchase, or other transaction, with us; Create an account on our website and use the Wishlist; Conduct a transaction or request a service where we collect information; Request customer service or contact us; Post a review or comment on one of our social media pages, or post a rating, review or other user-generated content on our Site;

When you engage in these activities, you may share different types of personal information with us, such as your name, e-mail address, physical or postal address, phone number, age, and payment information.

1. Personal Information we receive indirectly:

            We may also receive information about you in other ways through technology. This information helps our Site services work correctly and supports customer marketing and analytics efforts – our work to understand our customers’ needs, improve our services,  and provide information about our products and services that may be of interest to you. Here are some examples:

            – Device Information: We collect technical information when you visit our Site. This may include information such as Internet Protocol (IP) address, the type of device you use to access our Site, your device operating system and browser type, the address of referring websites, the path you take through our websites, and other information about your session on our website.

            – Browsing Information: We use our own and third-party technologies such as cookies, to collect information about the use of our websites such as: products you viewed or searched for, page response times, download errors, frequency and length of visits to certain pages, page interaction information (such as scrolling and clicks). We use these tools to provide an integrated and more personalized shopping experience to you. For example: cookies allow us to provide you relevant information as you use or return to our Site and allow us to know if certain pages or products were visited.

            -Data collected by social networks:  We offer you the option to use social networks to improve our commercial relationship. If you use social networks to communicate and interact with us (including Facebook Messenger, Facebook Connect, and the Facebook and Instagram “share” buttons) it is likely that this will involve a data exchange between our Site and the social network. (For example, if you are connected to Facebook on your computer and you visit a page of our Site, Facebook is likely to collect this information. Likewise, if you click on the “Facebook” button on our Site, Facebook will collect this information). We recommend that you consult the personal data management policies of the various social networks you use to know the personal data that may be transmitted and what it will be used for.

III.  Information about other people:

If you provide us with information about any third party, for example a gift recipient or your employees, you must ensure that they understand how their information will be used, and that they have given their permission for it to be disclosed and used by us.

6.LEGAL BASES FOR PROCESSING

Your privacy is protected by law. Under the GDPR, we are allowed to use your personal data only if we have a lawful reason (legal base). We must have one or more of the following lawful reasons:

• To perform a contract or to take steps at your request prior to entering into a contract, or
• Where we are required to do so to comply with our legal obligations (e.g. to keep records), or
• Where it is in our legitimate interests or those of a third party, or
• Where you have consented

A “legitimate interest” is where there is a business, commercial, or other reason to use your information but it should not unfairly go against what is right and best for you. Examples of legitimate interests given in the GDPR include fraud prevention, direct marketing and sharing data within a corporate group.

The normal basis for our processing of personal data is that it is necessary for our legitimate interests. Amongst other things, www.skivalakis.gr processes personal data to perform contracts (i.e. fulfill customer orders) and provide all e-shop services available.

More specifically, we collect and record personal data to carry out the following processing:

Electronic marketing (by email, SMS & phone):

EU Directive 2002/58/EC of the European Parliament and Council of 12 July 2002 permits electronic marketing (e-mail, sms, phone) to existing customers for similar products and services without consent as long as the customer is given an easy means to opt-out on each occasion, e.g. by clicking an “unsubscribe” link. Otherwise, your consent is required before retailers can market to you by electronic means.

We seek your consent at various points (e.g. when creating a new account online or when you would like to sign up to our newsletters by email).

You can opt-out of marketing at any time as follows:

• When creating an account, tick/click in the relevant box relating to marketing
• For email, by clicking on the “unsubscribe” link provided in each email, or by filling the Contact Form.
• For text messages (sms), by following the instructions on the sms or by filling the Contact Form.
• By speaking with a customer services employee

7.PROFILING & AUTOMATED DECISION MAKING

“Automated decision-making” is the process of making a decision by automated means without any human involvement. These decisions can be based on factual data, as well as on digitally created profiles or inferred data.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, such as that natural person’s personality, behaviour, interests and habits to make predictions or decisions about them.

At “Skivalakis” we do not process your personal data to make any automated decisions.

8.WHOM WE SHARE YOUR DATA WITH

We share your data with third parties/ businesses/ sub-contractors to deliver our products and services to you, to help improve your shopping experience, to provide you with a secure Site, to support our business functions and to comply with our legal obligations. We may also share it with public authorities where necessary.

The recipients of the data (may) include:

• courier companies and transport agencies,
• business accountancy services,
• financing institutions,
• commercial partners, including marketing firms

• implementation of maintenance, technical development and security of our Site, internal applications and information system,
• technical and statistical data analysis,
• tax authorities,
• police authorities in the context of court orders.

We may also share your data in the future if there is a transfer or merger of the business or part of it, or we acquire or merge with another organisation. If such a transaction takes place, we may share your data with other parties but we will only do this if they agree to keep your data private and safe.

9.WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?

As a data “controller” under the EU General Data Protection Regulation (GDPR), we take all measures to preserve the security and confidentiality of data, and in particular to prevent data from being distorted, damaged or unauthorised third parties having access to data.

Our Site operates under an SSL certificate to secure online transactions and keep customer information private and secure. An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser. SSL keeps internet connections secure and prevents criminals from reading or modifying information transferred between two systems. When you see a padlock icon next to the URL in the address bar, that means SSL protects the website you are visiting.

We implement a robust security system to ensure security of data collected and to detect data breaches. We ensure that personal data can be accessed only by authorised personnel for legally authorised purposes;

When using sub-contractors, we ensure their compliance with data protection laws.

As regards bank data, credit cards & debit cards, and PayPal payments, data processing is under the corresponding organisations’ privacy policy.

Please do not disclose your Member Account username and password to third parties. Your Member Account is personal and non-transferable.

10.DATA RETENTION PERIOD

We retain personal data for as long as necessary to fulfill the purpose for which it was provided or collected, which includes complying with any contract, legal, accounting, or reporting requirements. We may also retain personal data where reasonably necessary to comply with our legal obligations (including for income tax, audit purposes and/or law enforcement requests), to meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our Terms of Use or any other agreement with you, or fulfill your requests described under the “YOUR DATA PROTECTION RIGHTS” section of this document.     

For example we may keep a record of a relationship with a customer once that relationship ends. We may keep some information so that we can confirm that the relationship existed – and that it has ended – as well as some of its details (e.g. we keep some personal data about a previous customer so that we can deal with any complaints the customer might make about the services we provided, if a customer delete their Member Account, we may need to continue holding some of this information for legal or operational reasons for a further time).

We review our retention of personal data at regular intervals. Personal data that is not in use and cannot be deleted is stored offline to reduce its availability and the risk of misuse or mistake.

11.TRANSFER OF INFORMATION TO THIRD COUNTRIES

We do not transfer the personal data that we collect from you to third countries or destinations outside the European Economic Area (“EEA”).

12.COOKIE POLICY

A cookie is a small text file that a website stores on your computer or mobile device when you visit the site. The term “cookie” refers to several technologies that make it possible to perform online browsing tracking or behavioural analysis of website users. The purpose is to enable the site to remember your preferences (such as user name, language, etc.) for a certain period of time. That way, you do not have to re-enter them when browsing around the site during the same visit.

WHY WE USE COOKIES:

“Skivalakis”, like other retailers uses cookies to facilitate browsing and allow certain features, e.g. online shopping baskets and personal recommendations based on what you have viewed. Cookies allow us and the third party to understand which parts of the site are visited and whether particular content is of interest.

The technology may also provide other information, e.g. about the time, location and operating system of your devices, the type of browser or search engine you use. This approach does not save any data on your device. Cookies may occasionally be used to collect statistics about users’ browsing experience on our Site.

This data is collected anonymously to be used for marketing and services optimization purposes. Cookies do not have access to any of your documents and/or files stored on your device.

Our Site mostly uses “first-party cookies”. These are cookies set and controlled by us, not by any external organisation. However, to view some of our pages, you will have to accept cookies from external organisations.  

Third-Party Cookies:  Some of our pages display content from external providers, e.g. Facebook and Instagram. If you visit those providers’ web pages through our Site (e.g. by clicking on the Facebook icon or on a hyperlink), they may install their own cookies to your device. To view this third-party content, you first have to accept their specific terms and conditions. This includes their cookie policies, which we have no control over. However, if you do not view this content, no third-party cookies are installed on your device.

Third-party providers on www.skivalakis.gr:

            – Meta Business Suite (replaced Instagram and Facebook Analytics Tools);

            – Google Analytics;

            – Mailchimp

            – WordPress (Wordfence).

Every time you visit our Site, you will be prompted to accept or refuse cookies or configure cookie settings.  Furthermore, at any time, you can express and modify your wishes in terms of cookies, by the means described below.

-Remove cookies from your device:

You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited. Be aware though that you may also lose some saved information (e.g. saved login details, site preferences).

– Manage browser-specific cookie settings:

To manage cookies and your preferences, each browser is configured in a different way. For more detailed control over cookies, check the privacy and cookie settings in your preferred browser. It is described in your browser’s help menu, which will explain to you how to modify your cookies preferences.

– Block cookies:

You can set most modern browsers to prevent any cookies being placed on your device, but you may then have to manually adjust some preferences every time you visit a site/page. And some services and functionalities may not work properly at all (e.g. profile logging-in).

– Configure your smartphone operating system:

You can control the use of cookies on your smartphone in the operating system rules.

For more information about cookies and how we use them please visit our detailed Cookie Policy.

To find out more about how to configure cookies, visit:

https://www.allaboutcookies.org/

13.YOUR DATA PROTECTION RIGHTS

The General Data Protection Regulation (GDPR) gives individuals control over their personal data.

Your rights under the GDPR:

• Right to be informed:

The right to information allows individuals (data subjects) to know what personal data is collected about them, why, who is collecting data, how long it will be kept, how they can file a complaint, and with whom will they share the data.

Through this Privacy Policy we (the data controller) are obligated to provide information about: controller’s information and contact details, purpose of data processing, legal bases for processing, third party details, data retention period, rights granted to the data subject under the data protection law, the right to file a complaint and so on.

• Right of access:

You have a right to submit subject access requests and attain information from us about whether and how your personal information is being processed. We are then obligated to provide a copy of personal data we have about you and additional information including:  the purpose of the processing, the categories of personal data we are processing, whom the data is shared with (if so), how long will we keep the data (data retention period), information about your GDPR rights, the existence of automated decision-making, including profiling (if any), the source of collected data (if the data is not collected from you).

• Right to rectification

The right to rectification allows you to ask us to update any inaccurate or incomplete data we have on you. If we confirm that the data is inaccurate, the legal deadline to respond to a request is one month. Upon the request, we should take steps to ensure that the data is indeed inaccurate and rectify it.

• Right to erasure

The right to erasure is also known as the right to be forgotten. This right allows you to ask for your personal data to be deleted if:

– the personal data is no longer necessary,

– an individual withdraws consent,

– the personal data have been unlawfully processed,

– you object to the processing and we (the data controller) have no reason to continue processing,

– data erasure is necessary for compliance with a legal obligation (EU law or national law).

However, there are situations where we can decline the request. For instance, this can be for reasons in the public interest or compliance with legal obligations.

• Right to restrict processing

You can request that we limit the way we use your personal data. This means we are not obligated to delete the data, however, we have to refrain from processing it.

However, the requested restriction can only be applied in certain situations:

– if the data is inaccurate (during the verification process),

– if the processing is unlawful but you do not want the data to be erased and request restriction (which is different from the right to be erased),

– we no longer need data, but you want the data to be preserved so a legal claim can be exercised,

– we are taking measures to verify the data erasure request.

Once the data is restricted we are not allowed to process it unless we have your consent, or we need it for legal claims or to protect the rights of other individuals.

• Right to data portability

This right allows you to obtain your own personal data that you have previously provided to us in a structured, commonly used, and machine-readable format. You can also request for your data to be transferred directly to another organization.

However, it can only be applied to the data that you have provided to us by consent or contract and if the processing is carried out by automated means (- no papers).

• Right to object to processing

The right to object allows you to object to the processing of personal data at any time, in certain situations and it will depend on the purpose of processing and the lawful base for processing.

You can stop the processing of your personal data for direct marketing purposes. You can also object to the processing of data on the grounds of legitimate interest, or the tasks in the public interest.

• Rights in relation to automated decision making and profiling

This right concerns the processing of personal data that is done without human involvement. This includes different types of profiling, which may include evaluating certain personal aspects relating to an individual that analyses or predicts aspects of behaviour like performance at work, economic situation, health, personal preferences, interests, reliability, behavior, or location.

You have the right not to be subject to automated decision-making if it is producing a legal effect that significantly affects them. However, it will not apply if the processing is necessary for the performance of a contract, if it is authorized by the law, or if the processing is based on explicit consent.

• Withdrawal of consent

Where we are processing your data based on your consent you have the right to withdraw your consent to the processing of your personal data, at any time, by contacting us as set out at the end of this Privacy Policy or by other means we provide (e.g. by clicking “unsubscribe” at the bottom of en e-mail).

Withdrawal of consent does not affect any personal information given prior to the notice of withdrawal.

14.HOW TO EXERCISE YOUR RIGHTS

You can exercise your rights in the following ways:

By filling the ‘’DATA SUBJECT ACCESS REQUEST FORM’’ provided at the bottom pages of this Privacy Policy and sending it to us either by post or by e-mail. If you opt for sending us an e-mail, please do not forget to write “DATA SUBJECT REQUEST – GDPR” in the subject line of your e-mail. You can also make a request verbally, by phone. In that case we document your request. Phone calls may be recoded to provide proof of evidence of our communication. However, we recommend you submit your request in writing if possible because this gives you a record of your request.

After reception we have to respond to your request within one month. If you have made a number of requests or your request is complex, we may need extra time to consider your request and we can take up to an extra two months to respond. We should let you know within one month that we need more time and why.

Exercise of your rights is free of charge. However, we can charge a reasonable fee to cover our administrative costs if we think your request is manifestly unfounded or excessive. We can also charge a fee if you ask for more than 2 copies of your information following a request. In case we charge a fee, the one-month time limit does not begin until we have received the fee.

Note that you might also have to pay for:

– postal or courier expenditure,

– charges for a landline or mobile phone call (as described in the contract between you and your telecommunications service provider),

– costs for your trips to our physical store.

We will contact you to acknowledge receipt of your request. We may require proof of identity before fulfilling your request.

If you try to exercise your rights and we do not reply or you do not think our response is satisfactory, you can complain to the data protection supervisory authority:

Hellenic Data Protection Authority

Kifissias 1-3, PC 115 23, Athens, Greece

Telephone: +30-210 6475600

Ε-mail: [email protected]

Details on how to file a complaint can be found here:

https://www.dpa.gr/en/individuals/complaint-to-the-hellenic-dpa .

Last, you can also seek to enforce your rights through the courts.

15.HOW TO CONTACT US

If you have any questions or need further details on this Privacy Policy and your rights under the GDPR, do not hesitate to contact us.

Our contact details:

‘’Skivalakis’’ Retail,

for the attention of Michael Skivalakis,

3-5 Chrysostomou street,

71306, Heraklion, Crete, Greece,

Tel.: +30 2810 241124,

e-mail: [email protected]

Alternatively, you can use the Contact Form on our website.       

Note that any communications between you and us, will be either in Greek or in English.

16.CHANGES TO THIS NOTICE

We reserve the right to introduce additions to or omissions from this Policy, update the terms and/or make changes from time to time without notifying you. By continuing to use and access the Site you agree to be bound by any amendment made by us. It is your responsibility to check from time to time to verify such variations.

Latest update: 24-6-2022