PRIVACY POLICY
INTRODUCTION
E-shop www.sitholia.com (hereafter Website or Sitholia) belongs to the business with distinctive title “SITHOLIA” with registered offices in the Municipality of Polygyros Chalcidice Greece, Vatopedi, P.C. 63071, taxpayer identification number (TIN) & VAT number EL 121761420 (hereinafter referred to as “the Business”), Tel. No: 00306909148200, e-mail: info@sitholia.com.
The Business has taken the appropriate measures which ensure that processing of your personal data complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the applicable Greek Laws (Law 4624/2019). Especially, Sitholia adopts internal policies and implement measures which meet the principles of data protection by design and data protection by default.
CONTENT
This Privacy Policy describes the basic principles, guarantees, legal bases and purposes according to which the Company collects, stores and processes your Personal Data.
SCOPE
This Personal Data Protection Policy has been drawn up and adopted by the Company and applies to all processing of personal data of Visitors / Users / Customers in the context of the operation of the Website and for the purposes of providing its services.
This Privacy Policy is addressed to Users / Visitors / Customers of the website. Therefore, the words “you”, “you”, “your” and in general the use of the second person plural refer to the User / Visitor / Customer of sitholia.com as the case may be. The use of the term “user” may also refer to the Visitor or Customer. The use of the first person plural indicates actions of the Company as the administrator of the website.
The Privacy Policy applies to everyone who browses this website, creates an account, subscribes to the Website’s newsletters, uses Sitholia’s services, orders/procures our products, participates in the Company’s competitions and promotions, registers in reward programs, participate in Company surveys, interact with the Company on social media (comments and ratings on our pages), evaluate our products or services on third-party websites, etc. In the cases indicated above, the Company may collect and process your personal Data.
PROTECTION FRAMEWORK
Η συλλογή, επεξεργασία και προστασία των Προσωπικών σας Δεδομένων από την Επιχείρηση γίνεται σύμφωνα με τις επιταγές του Γενικού Κανονισμού για την Προστασία Δεδομένων (ΕΕ) 2016/679, όπως συμπληρώνεται από τις σχετικές διατάξεις της κείμενης εθνικής και ευρωπαϊκής νομοθεσίας, τον Ν. 4624/2019 και τις οδηγίες, αποφάσεις κατευθυντήριες γραμμές και γνωμοδοτήσεις της Αρχής Προστασίας Δεδομένων Προσωπικού Χαρακτήρα (Α.Π.Δ.Π.Χ.).
SOURCES OF PERSONAL DATA
The Company collects Personal Data about you, either directly from you or through partner companies. The collection is done through this website and/or in other ways (social media, contests, Cookies, analytics tools, etc.).
BINDING
The use of the Website and the Services assumes and also confirms your acceptance of the Privacy Policy, as applicable, with any amendments, additions and changes by the Company.
Each Visitor / User / Customer must be fully aware of the Privacy Policy, accept that it is applied to the processing of their personal data and undertake the responsibility to respect, follow and apply the Privacy Policy in the context of their activity / browsing / transaction with the Sitholia.
DEFINITIONS
For the purposes of this Privacy Policy, the following definitions apply:
“Controller” is the natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data.
“Processor” is the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.
“Personal Data” or “Personal Data” or “Data” is any information relating to an identified or identifiable natural person (“Data Subject” or “Subject”, here also User / Visitor / Customer); the identifiable natural person is that whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as a name, an identity number, location data, an online identifier or one or more factors specific to physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person in question.
“Special Category Personal Data” or “sensitive personal data” is any type of information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data that concern the health or data concerning a natural person’s sexual life or sexual orientation.
“Processing” is any act or series of acts carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
“Recipient” is the natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not.
“Third party” is any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor , are authorized to process personal data
“Restriction of processing” is the marking of stored personal data with the aim of limiting their processing in the future
“Consent” of the data subject is any indication of will, free, specific, express and in full knowledge, with which the data subject expresses that he agrees, with statement or with a clear positive action, that the personal data concerning him be the subject of processing.
For other terms of the Privacy Policy consult the Terms of Use .
PROCESSING OFFICER
For any processing of personal data carried out by the Company and/or its partners, in the context of the operation of the Website, exclusively for the purposes and in the manner determined by the Company, the Processing Officer is the Company “SITHOLIA” with VAT number 121761420, e-mail: info@sitholia.com.
PERSONAL DATA COLLECTED BY THE COMPANY
- In order to order / procure Sitholia products, you will be asked to provide personal data such as: name, surname, full address (street number, area, city, region, country, zip code), e-mail, telephone and notes order. We collect this information electronically through the relevant billing information registration form.
- To create an individual account on the Website, we will process the username and e-mail you enter in the relevant form. You can edit your account after it is created and add your personal information.
- Your personal data (profile name, comments, highlights and other information about you and shared by you) we collect and process when you visit Sitholia accounts, pages, channels and social media profiles, such as Facebook, Instagram, YouTube, Google Maps, etc., when you follow these accounts, when you subscribe, when you contact us and when you use the options that the above sites offer to contact us, make requests , questions, reviews and to obtain our products and services.
- In order to send you a relevant newsletter, we process your e-mail.
- In order to register for our Company’s contests, you will be asked for your personal details and contact information, which our Company may obtain from your account on social networking sites where the relevant contest is “running” or from another source if the contest does not “run” on social media.
- When you communicate with the Company in any way (e-mail, phone, contact forms, social media, etc.), we collect and process the data you declare/register. To use the Website’s contact form you will need to enter your first name, last name, e-mail, telephone (optional) and your message.
- In the event of your withdrawal from a contract with the Company, we collect and process the withdrawal statements.
- We retain the orders you place on the Site so that you can access them at any time.
- Identification files – “Cookies”: The Company processes information collected through Cookies, as well as related technologies. Cookies are installed by our website and third parties. For more information on the concept – collection and use of Cookies by sitholia.com, read the Cookies Policy
- Through appropriate technology (Pixel, log files, Google Analytics, etc.) the Company collects and processes your IP and similar technical information. For more information read the Cookies Policy .
- During your phone orders your conversation with Sitholia is recorded and kept by the Company.
PERSONAL DATA OF SPECIAL CATEGORIES
The Company does not collect or request access in any way to special categories of personal data (sensitive). Sitholia users must not post / send data of special categories, concerning themselves or third parties. The Company reserves the right to remove any information posted / sent by the user that discloses special category data. The Company is not liable towards the user / third party or the Authorities for any damage to the Data Subject from any processing of special categories of data, due to an act or omission of the user in violation of this prohibition.
DATA OF MINORS
The use of the sitholia.com services requires the full legal capacity of the user as well as being over the age of eighteen. Use of the Website by minors is prohibited. The Company does not process minor data and will immediately delete a minor’s account and data if it becomes aware or becomes aware that any minor is using the Website. The Company is not liable under any circumstances to anyone and for any damage resulting from any use of the Website by a minor. The full and exclusive responsibility rests with the parent / guardian / guardian / exerciser of parental care and anyone else who has responsibility for the custody of the person of the minor as well as the minor himself in the cases provided for by law.
PRINCIPLES OF PROCESSING
Our Company collects, stores and processes your personal data in a legal and transparent manner for specified, explicit and lawful purposes and does not subject it to further processing in a manner incompatible with these purposes.
The Company makes the necessary efforts so that the personal data it maintains and processes is always accurate and up-to-date as well as appropriate and relevant and that the collection and processing is limited to the absolutely necessary data for the purposes of the processing, but also to what is necessary for the purposes these measure.
Personal data are kept in a form that allows the identification of the data subjects only for the time required for the purposes of data processing or to serve other legitimate purposes.
Personal data is processed in a way that guarantees its appropriate security, including its protection against unauthorized or illegal processing and accidental loss, leakage, interception, destruction or deterioration, using appropriate technical or organizational measures.
LEGAL BASIS OF PROCESSING
- The Company processes your personal data upon your consent, when it asks you to state whether you consent to the processing (e.g. subscription to the newsletter, call recording).
- The Company processes personal data also when the processing is necessary to take measures at the request of the data subject before entering into a contract (e.g. communication during the pre-contractual stage to provide clarifications / answers to users’ questions about the products ).
- When you order products from our online store, we process the data necessary for the execution of the contract between us (invoicing, cross-payment, transmission of data to courier companies for the delivery of products).
- We may process your personal data if the processing is necessary to comply with a legal obligation of the Company (e.g. tax obligations, investigations by Public Authorities).
- We process personal data also when the processing is necessary for the purposes of the legal interests pursued by the Company, respecting the conditions of the law (e.g. Cookies for the smooth operation of Sitholia, statistical analyzes of sales data).
PURPOSES OF PROCESSING PERSONAL DATA
We collect and process your personal data:
• The Company processes the personal data you enter when creating an account on the Website, to register you as a member of the Website, to confirm your identity as a member and to provide you with the Services. The information you have entered into your account will be displayed at checkout, so you don’t have to enter it every time you order products.
• The information you enter when ordering Products will be retained to create your account on the Website, if you choose to do so when completing your order.
• In the context of the execution of your contract with the Company (purchase of products), we process the information you provide to us compulsorily for the cross-checking of your payments (we do not process the credit/debit card details you enter in a secure electronic environment of a partner banking institution or service payment management), issuing the legal documents, sending the products to your place, informing you about the delivery time and availability of the products and in general the processing of your order. The Company processes and transmits your data to the cooperating courier companies in order to enable the delivery of the ordered products.
• The Company will process your contact details (e-mail, phone number) in order to inform you about the progress of your order.
• Your personal data that you enter for ordering products may be shared with the tax authorities when this is necessary for the fulfillment of our tax obligations or in the event of an audit by the competent authorities.
• According to the provisions of the current legislation, our Company may send you newsletters following your transaction with our online store, and you are given the possibility to object to the sending, in an easy way and free of charge.
• As long as you subscribe to the list of recipients of the Company’s newsletters, we process your personal data (e-mail) that you provide to us in order to send you e-mails about our products and services, Company news, Company events, offers, discounts and contests (newsletters).
• In case you unsubscribe from the newsletter recipient list, we process your e-mail, only to store it in a separate list (unsubscribe list), in order to ensure the Company’s compliance with your wish not to receive newsletters.
• The Company files the contracts with the Customers, within the legal institutional framework. Customers who maintain an account are allowed online access to their order history at any time through their account.
• The Company files the contracts with the Customers, within the legal institutional framework. Customers who maintain an account are allowed online access to their order history at any time through their account.
• Your personal data that we collect via e-mail, telephone, social media, contact forms, we process to respond to requests, questions and complaints you submit and to offer you support for our products and services.
• We collect and process your personal data to respond to requests, questions, evaluations you submit during your visit to accounts (profiles), channels and pages (pages) of Sitholia on social media sites, such as Facebook, Instagram, YouTube, Google Maps, etc., as well as to analyze the appeal of these pages to the consumer public. Personal data of social media users who interact with Sitholia in a social networking environment, we may also process in the context of promoting our pages / accounts. The processing of the data you share on these pages (social media) is also subject to the relevant privacy policy of each social networking site.
• In the event of your withdrawal from a contract with the Company, we will process your details for the refund of your money and the receipt of the products you return to us.
• For acts of “direct promotion”, which include any communication by the Company for the purposes of promoting products and services within the framework of the law. In this case, the recipient of the communication is informed about it and his consent is obtained where necessary.
• The Company may, in compliance with the relevant provisions of the law, use the user’s personal data for market research and marketing purposes, as well as to serve the internal purposes of the Company’s management and to improve the services provided.
• The Company may send to the user’s e-mail, important information about the operation of the website, its features, upgrades, improvements, modifications of its functions, necessary parameters / settings and changes to the Terms of Use and the Privacy Policy / Website cookies, etc.
• The data collected by the Company through call recording are processed for transaction security and the correct execution of your orders.
• Personal data may be processed to assert our Company’s claims from contracts with customers or due to a violation of the Terms of Use and/or the law.
• The Company processes information collected using appropriate technology (Cookies, log files, pixels, analytics, etc.), for the purposes described in the Cookies Policy.
• The Company cooperates with technical support companies, courier companies, statistical analysis companies, suppliers and providers of marketing services, hosting, etc., who process your personal data on our behalf. We transmit to our above partners only your personal data that is necessary for the provision of the service we have agreed upon and exclusively for the purposes of processing referred to in this Privacy Policy.
DATA SUBJECT RIGHTS
The Company provides data subjects with the rights provided for by law and facilitates their exercise. At the same time, we provide subjects with full information about their rights. In particular, data subjects have the following rights:
1. Right to be informed about the processing of their personal data.
2. Right of access to their personal data and related to the processing and their rights, information.
3. Right to request the correction of their inaccurate personal data as well as the completion of incomplete personal data.
4. Right to request deletion of their personal data.
5. Right to request the restriction of the processing of their personal data.
6. Right to receive their personal data and/or request that said data be transmitted to another data controller (right to portability).
7. Right to express their opposition to the processing of their personal data
8. Right not to be subject to a decision made solely on the basis of automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar way ( right to human intervention).
To exercise your rights, you can send a letter (registered) to the Company “SITHOLIA”, based in the Municipality of Polygyros, Chalkidiki, Vatopedi Chalkidiki, Postal Code: 63071 or e-mail to: info@sitholia.com.
The Company will respond in writing (e-mail or postal letter) within one (1) month from the receipt of the request and the identification of the applicant for the actions taken upon receipt of the request. This deadline may be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. The Company informs the data subject of the said extension within one month of receiving the request, as well as of the reasons for the delay.
These rights are exercised at no cost to you. If the data subject’s requests are manifestly unfounded or excessive, in particular due to their repeated nature, the Company may either: a) impose the payment of a reasonable fee, taking into account the administrative costs of providing the information or communication or execution of the requested action, or b) refuse to act on the request.
In addition, in the event of exercising one or more of the aforementioned rights to rectification, erasure and restriction of the processing of your personal data, the relevant requests will also be forwarded to any third party recipient to whom the personal data may have been transmitted for the purposes of processing, except if this proves impracticable or if it involves a disproportionate effort.
In case you consider that your personal data has been affected in any way, you can contact our Company at e-mail: info@sitholia.com or at tel. (+30) 6909148200. Our Company is by your side at all times, ready to help you resolve the issue in a fast, fair and efficient manner. Alternatively, if your issue is not resolved by the Company, you can contact the Personal Data Protection Authority to which you can also submit a relevant complaint: www.dpa.gr, L. Kifisias 1-3, P.O. 115 23, Athens, tel.: +30 210 6475600, e-mail: contact@dpa.gr.
SUBJECT CONSENT
We will provide you with all the necessary information you need to indicate your prior consent to the processing of your personal data by the Business, for one or more specific purposes. You can withdraw your consent at any time, easily and free of charge, without affecting the legality of the processing that was based on your consent, before its withdrawal. In cases where you are not provided with the option of automatically withdrawing your consent, contact our Company in any way and we will provide you with all the necessary information for the desired withdrawal.
In case of withdrawal of your consent to receive the newsletter (opt-out), we keep your e-mail in a separate list (unsubscribe list) to ensure the Company’s compliance with your wish.
Before declaring your consent, please read this Privacy Policy carefully and make sure you agree with its content.
The declaration of acceptance of this Privacy Policy, by filling in the relevant box on the Sitholia websites or in another similar way, is considered as a free declaration of your consent to the collection, processing and further transmission of your personal data for purposes related to use of our Website and the services provided by it, which are analyzed in this Privacy Policy.
In order to use the Website, it is necessary to provide the data we request. Your refusal to provide the personal data requested from you makes it impossible, as the case may be, to create an account on the Website, order products, register on the newsletter recipient list, communicate with the Company and in general your use of the Services and serving the processing purposes described above.
ACCESS TO DATA
The Company may allow access to your data, to authorized persons, for (i) the maintenance / repair of information systems and equipment (PC, servers, hardware) that support the operation of the Website, as well as (ii) for the further development and maintenance of the Website (development).
As part of the operation of Sitholia, your personal data may be shared by the Company with partner companies, suppliers and service providers (e.g. promotion, courier, hosting services). For this purpose, appropriate Processors are selected who provide sufficient assurances for the implementation of appropriate technical and organizational measures, in such a way that the processing meets the requirements of the law and ensures the protection of your rights.
Indicative companies in this category are: i) Piraeus Bank, ii) VIVA PAYMENT SERVICES S.A., iii) PayPal, iv) Google Inc. (Analytics), v) Facebook Inc. (Analytics), vi) Mailchimp, vii) CACTUS.
Piraeus Bank Privacy Policy: https://www.piraeusbank.gr/el/idiwtes/politiki-aporitou.
VIVA Privacy Policy: https://www.vivawallet.com/gr_el/privacy-policy.
PayPal Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full#1.
Google Privacy Policy: https://www.google.com/intl/en/policies/privacy/.
Facebook Privacy Policy: https://www.facebook.com/about/privacy.
Mailchimp Privacy Policy: https://mailchimp.com/legal/privacy/.
Cactus Privacy Policy: https://www.cactusweb.gr/%CF%80%CE%BF%CE%BB%CE%B9%CF%84%CE%B9%CE%BA%CE%AE-%CE% B1%CF%80%CE%BF%CF%81%CF%81%CE%AE%CF%84%CE%BF%CF%85/.
TRANSFER OF PERSONAL DATA
If the processors are established outside the European Union, or the data processing is to take place outside the EU. then your personal data will only be transferred: i) to a country for which there is an adequacy decision by the European Commission or ii) if the controller or processor has provided appropriate safeguards and provided that there are enforceable rights and effective remedies means for the data subjects or iii) in any other case provided by law.
DATA STORAGE PLACE
The personal data you enter on the Website as well as the e-mails we receive with your messages from the Website contact form, are kept in a data center within the European Union. We also store your personal data in the Company’s computer systems.
Information collected by the Company through Sitholia is also stored in the Google Data Center (Google Analytics), the Facebook Data Center and, as the case may be, in the Data Centers of other cooperating Processors.
Personal data is generally kept in electronic form. We may also keep documents that include personal data in a physical file when this is necessary (tax data, original declarations of withdrawal, etc.).
RETENTION PERIOD
All personal data is kept for a predetermined and limited period, depending on the purpose of processing, at the end of which the said personal data is deleted from our databases. Specifically, if there is no other legal reason for retention:
- We retain your personal data that we collect through any non-public communication with the Company for a period of six months from the completion of our communication (the Company’s response to your message).
- If you create an account on Sitholia, we retain your data for as long as you remain a member of our Site and use your account. For the same period we keep your account information such as your previous orders. As long as your account remains inactive and there is no other legal requirement for the processing of your personal data, legal reason or obligation to observe it, it will be deleted two years after your last action on the Website. You can ask the Business to retain your data indefinitely so that it is not deleted in case of inactivity.
- In the event that your account is deleted by the Company due to inactivity or due to a violation of the Terms of Use, this policy or the law, your personal data will be kept for one month from the deletion of the account (provided there is no other legal reason or obligation to retain them ) and you will be notified accordingly to ask the Company to grant you a copy if you wish, then they will be permanently deleted. If you request the deletion of your account, your data will be deleted immediately.
- When you enter into a sales contract with Sitholia we keep your personal data for as long as the tax legislation provides (e.g. time for keeping legal documents).
- Your opt-out statements will be archived and kept for as long as the retention of contract data is allowed, according to tax legislation, in order to check whether you are abusively exercising your relevant right against our Company.
- The e-mail you have indicated for your registration in the Company’s newsletter list is kept until you unsubscribe, then we keep your e-mail, in a separate list (unsubscribe list) until the account is deleted or submitting a special request for its complete deletion.
- We retain access to the personal data you share when you interact with Sitholia accounts / pages / profiles on social media platforms, for as long as you are connected in any way to those accounts / pages / profiles / channels or for as long as evidence of your activity remains (your posts on a Sitholia page, comments on Sitholia posts, etc.) on the respective social media platform.
- The information collected through Cookies, Cookies files and other technical information (e.g. IP, browser type, etc.) are kept for a period of time determined according to their nature, origin and the purpose they serve . More in the Cookies Policy .
- We retain the data we collect in the context of competitions until the completion of the Competition for which it was collected and the delivery of the prize to the winner.
- Audio files via telephone conversation recording are kept for 3 months after the completion of your conversation with the Company.
The time that your Personal Data can be kept by the Company is additionally determined by the relevant obligations of our Company provided for in the current Legislation (tax etc.) and the provisions of the law for the maximum period of their retention.
In the event of a legal dispute between you and the Company, the personal data is kept in any case until the irrevocable end of the pending litigation, then, for the execution of the decisions. As long as there are legal claims / demands of a civil nature of the Company from a contract or the law, the Company may keep your personal data until the completion of the statutory statute of limitations for all its claims against you, then, for reasons of proposal to netting.
PRIVACY AND DATA SECURITY – RESPONSIBILITY
The Company’s primary concern is to provide high-quality services with respect for the rights, fundamental freedoms, privacy, as well as privacy of communication of Sitholia users, which is why we take all appropriate and necessary measures within the framework of the law, adopting modern technological procedures, advanced technical equipment and software, right from the design of our systems and by definition.
The Company takes care to ensure authorized access to your data. Therefore, only the competent employees of the Company and the collaborating “Processors” process your personal data.
The Company adopts the most modern encryption and malware protection methods and ensures the protection of your data from unauthorized access and processing. The Website uses an SSL certificate.
The Company considers that the Visitor / User / Customer who registers personal data on the Website is the person to whom this data relates. The Company cannot, nor is it obliged to, verify the identity of the person registering the data, therefore it bears no responsibility for the registration, and the Visitor / User / Customer who makes the registration is responsible for any false, unauthorized and/or illegal registration both towards the Business and towards the data subject. Read more in the Terms of Use .
The Company is not responsible for risks that threaten the security / protection of your personal data in the electronic environment of the Website, which are outside the sphere of its control and influence, as well as for risks due to the act or omission of a third party, due to force majeure or lucky events.
In the event that users are referred to third-party websites through special links (links, hyperlinks, banners, frames) on sitholia.com, the Company is not responsible for the protection of user data on these websites. The responsibility for the content, information, security of visitors and protection of their personal data and the quality of the services provided are fully borne by the owners, managers and beneficiaries of these websites, which the User visits at his own risk.
APPLICABLE LAW
In disputes arising in relation to this Policy and any processing of personal data in the context of the operation of the Website, the applicable law is the law of the Greek state as supplemented by the relevant provisions of the existing national and European legislation and the instructions, guidelines, decisions and opinions of the Personal Data Protection Authority (A.P.D.P.X.).
For all actions or legal proceedings arising from or related to this Privacy Policy, its validity, application, fulfillment or violation or its content, the Greek Courts are competent, whose jurisdiction you irrevocably acknowledge.
Notwithstanding the above, the Company reserves the right to exercise its legal rights before the courts of the place of violation of the Privacy Policy.
CHANGES TO THE PRIVACY POLICY
The Company may at any time update or modify the Privacy Policy, in order to respond to any changes in the operation of this Website, the services it offers and the provisions of the law. Amendments will be posted on this website.
Last Policy Update: 14/05/2021.