This Privacy Policy aims your detailed information on how we collect and process your personal data when using our website, including any data you may provide us through this website or due to its interaction with other websites.

This Privacy Policy should be considered along with any other relevant Privacy Notice or any other Notice about fair processing we provide when collecting and processing your personal data in special cases.

We encourage you to review our Privacy Policy, so that you will be aware of which of your personal data we use and if, how and why we use this personal data.

We aim to inform you in advance of which personal data we collect, the way we use it, the recipients of your data and the rights you are entitled to exercise under applicable data protection laws. For the purposes of data protection legislation regarding the protection of personal data, we inform you that regarding the information we collect during your online shopping through our website or during your roaming on our website, our Company is considered to be the Data Controller of your personal data. We encourage you to read carefully our Privacy Policy and the additional Cookie Policy posted on our website.

Definitions

Some of the terms included in this Privacy Policy are legal terms defined by the regulatory framework. Therefore:

Processing: means any operation or set of operations which is performed on personal data, whether or not by automated means. This indicatively includes collection, storage and organization of the personal data.

Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Consent: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Data Controller: means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data;

For more information about the definitions please see article 4 of the GDPR (https://eurlex.europa.eu/legal-content/EL/TXT/HTML/?uri=CELEX:32016R0679&from=EL)

The collection and processing of your personal data by our Website is governed by the following principles, as further specified by the GDPR:

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimization
• Data accuracy
• Storage limitation
• Integrity and Confidentiality

We do everything possible to implement the above principles at all stages of interaction with you through this website.

We collect and process your personal data solely for the purposes of fulfilling our obligations which arise out of your purchases through our online store.

When you register for an account in our website and only if you wish us to contact you via our special contact form, we collect personal information such as name, surname, address, telephone numbers, email addresses, region and job title. Any of the data you provide optionally are provided at your discretion in order to facilitate us improving the services we provide you. Furthermore, in case you wish to register in our newsletter, we collect your e-mail, and if you wish to sign in our website by creating a user account, we collect indispensably your e-mail address, and if you wish to create an account, we collect your name, e-mail, telephone number and your user’s password. Furthermore, we may ask you to let us track your current location and to provide us with your telephone number and your company’s name, in case you run a company. If you voluntarily express your interest in working with our company by sending us your CV to our e-mail address, we will collect the personal data you provide to us, as well as those that are referenced on job search websites and you have previously approved. We may contact potential prospective partners, using publicly available information, information from professional social media platforms (such as LinkedIn), recommendations or referrals.

We also automatically collect information about how you use our services, such as the type of webpages you see, or you visit, or the frequency and duration of your activities. In addition, servers, logs, and other technologies automatically collect certain information to help us manage, protect and improve our services. We share personal information with third parties only as described in this policy or if required by applicable law.

We use cookies that help us to create a profile for our users and to facilitate your experience on our website. Some of these data will be aggregated or statistic, which means that we will not be able to track them individually. You may remove or reject browser cookies through settings in your browser or device. However, rejecting or removing cookies may affect the availability and functionality of our services. Please find more information about our cookies in our Cookie Policy.

Device information: We may also collect information about your device anytime you visit a website. If you are a registered account holder in our website, we may collect information from or about the computers, phones or other devices from where you connect to our services. We may correlate the information we collect from your different devices, so that we can provide you specialized services depending on the device you use. For instance, we collect:

• Features, such as operating system and hardware release
• Browser type and IP address
• Log files: we collect log information when you use our website. This information includes:

i) The means you used to visit our website
ii) details of the device you used, such as web browser type and language
iii) access times
iv) pages displayed
v)  Cookie-related id or other technologies that can uniquely identify your device or browser
vi) pages you visited before or after browsing our website.

The table below, as defined by law, details what personal data we process, the scope of processing and the legal basis for processing.

By navigating to our website or by subscribing to our newsletter, you declare that you accept and consent to the Terms of this Policy, as well as you give us your explicit consent to the collection and processing of your personal information, in accordance with the terms of this Policy.

We will keep your personal information as long as you are logged into our website, specifically for as long as necessary to provide our services or you wish to receive our newsletters. We may continue to maintain your personal data even after your unsubscribe from our newsletter, respecting the principle of proportionality and only on the basis of the “absolute necessity of knowledge” to comply with legal or regulatory requirements, resolve disputes, or prevent fraud or any other criminal offence.

International Data Transfers

Personal information published by users or linked applications on the website or submitted for publication on the website or linked applications may be made available via the Internet worldwide. The website cannot prevent the use or misuse of such information by other persons. In any case, the transfer to third countries will be made in accordance with the provisions of Regulation (EU) 2016/679 and any applicable Greek law and only in full compliance, as defined by law.

Protection of minors

Visitors / users of the website who are minors are not allowed to access the services of the website. If, however, minor users visit our website on their own and this cannot be controlled due to the nature of the services provided, the website is not responsible.

Your rights as per the data the website collects

We inform you that you have the right of:

·         Access to your data

·         Correction of your data in case of any inconsistency,

·         Erasure of your data in specific circumstances,

·         Limitation of the processing of your personal data in specific circumstances,

·         Objection to the processing of your personal data

·         Complaint to the Data Protection Authority in the event of an unfortunate violation of your data.

Our Company will review and respond to your requests within one month of receipt, and this deadline may be extended by a further 2 months if further time is required.

Please note that you can contact us, regarding any matter about the security of your data in our website via e-mail at info@esha.gr.

How to exercise your rights

You may exercise any of the rights described above by contacting our webmaster, by email at: info@esha.gr or by phone at 210-5518700.

You can submit a request, that we will satisfy as soon as possible, without any cost. However, and only in certain cases, we may charge a certain amount, and we will notify you of the possibility of such charges upon receipt of your request for access and we will await the confirmation of your desire to proceed with the satisfaction of your request.

In the case of questions related to the collection and processing of Personal Data by our website, you may contact our marketing department by sending an email at info@esha.gr or by phone at 210-5518700.

Security measures

We have taken all the appropriate security measures to prevent accidental loss of personal information or unauthorized use or access.

Those partners who process your personal data for the legitimate purposes explained above are subject to a confidentiality obligation.

In addition, we have procedures to deal with any data breaches.

Specifically, our website:

·         Takes every organizational and technological precaution to prevent the loss, misuse or alteration of users’ personal information.

·         Stores all personal information provided by users on secure servers (password protected and firewall).

The user acknowledges that sending information over the Internet presents inherent security concerns and therefore our website cannot guarantee the security of the data being trafficked through it.

The user is responsible for keeping the password he uses to enter the website or linked applications confidential. You will not be asked to tell us your password (except when the user connects to the website or linked apps).

Our website cannot guarantee the security of your information or your personal data we receive via e-mail. As a result, we urge you not to send us sensitive personal data via e-mail.

Personal Data Protection Authority

We hope that we can resolve any question or concern you may have about the use of your information. If you are unhappy with the way our website processes your personal data, you have the right to contact the competent supervisor.

The competent supervisory authority is the Greek Personal Data Protection Authority, which is located at 1-3, Kifissias Avenue, Athens, Zipcode. 11523, tel. +30 2106475600 and e-mail address: contact@dpa.gr.

The user should check this page regularly to make sure he is in compliance with any changes to the terms of this Policy.

Our website informs users about any change to this Privacy Policy with relevant pop-up windows.