PRIVACY POLICY AND GDPR COMPLIANCE

We treat your personal data with responsibility and we believe that it should be collected and processed only when absolutely necessary. Therefore, all of our company’s systems and the website www.achilleasaccessories.gr are designed with the appropriate operational and internal systems and comply to the applicable European legislation regarding data protection {General Data Protection Regulation EU 679/2016 (GDPR)}.

The present privacy policy has been adopted by the company “ACHILLEAS ATHAN. PSIFIS S.A.” with the distinctive title “Achilleas Accessories”, having its registered seat in Athens, Greece, at 15 Nikiou street (Tax Number 998641531/Tax Office FAE Athens), with General Commercial Registry Number 007159901000, phone number 210-3239970, which is the Controller of the Personal Data that you provide us with. Our company is competent to protect you whenever you provide us with your data when you use www.achilleasaccessories.gr  either as a simple user, as a consumer-buyer or as a member and to provide you with all the information you need, in accordance with Articles 12, 13 and 14 of the new GDPR, applicable from 25 May 2018 at a European level.

1. What is considered Personal Data?

Personal Data is any information that relates to you, or may be attributed to you. Such data is, for example, your name, surname, father’s name, address, postal code, city, country, county/region, telephone number, mobile phone number, as well as your email address, username, password, etc. Additionally, personal data also includes some technical data relating to you, such as your IP address or the websites from which you entered our site, etc.

2. Personal data collected by ACHILLEAS ACCESSORIES and purposes of processing

Collection and processing of data takes place for purposes directly related to the services you request from us and which we offer to you and/or for purposes for which you have granted your consent and always in accordance with applicable laws and regulations regarding personal data protection. We retain your personal data for as long as it is necessary for the provision of our products and services and for our compliance with our legal obligations.

In accordance with the applicable Regulation we do not obtain data of special categories, such as data about your health or the alleged commission of or conviction for criminal offences. In case we obtain any knowledge of such data, we will only process them if you provide us with your explicit consent or based on a legal obligation, and always in accordance with the Regulation.

Moreover, as stands with most websites, by browsing at www.achilleasaccessories.gr,  registering yourself as a Member of our Online Store, signing up for the Newsletter Service, submitting a purchase order to our Online Store, our website collects and processes personal data and information about you, either through cookies or directly from you.

More specifically, Achilleas Accessories collects and processes personal data and information about the following:

2.1 Browsing the website – Cookies

2.1.1. In order to browse our Website/Online Store you it is not necessary to sign up and consequently to directly provide us with your personal data or other information relating to you. However, while navigating the Achilleas Accessories website and transacting with us through our services, our Company collects personal information and other information about you through our own (First Party Cookies) or third parties’ with whom we partner Cookies (Third Party Cookies).

Cookies are small text files that are installed on your computer or on your device temporarily and are transmitted to our server when you visit the Achilleas Accessories website through your preferred browser. No Cookie file used on the Website collects any information or obtains knowledge of any document or file from your computer.

The data collected by cookies for the above purposes may include the type of browser you are using, the type of your computer, your operating system, online service providers, the sites you visit, and the links to third party websites which you may follow through our Website, the products and advertisements you see, the IP address of your computer, your User Name, User ID & Password, general demographic information about you, such as gender, age, place of residence and your other shopping habits and online behaviors.

Our Company uses Cookies for signing in to your Account without the need to open a new account every time you wish to make a purchase on our web store, for the storage of the products in your shopping cart, the identification of server problems etc.

Moreover, they are used by us for advertising and marketing purposes, statistical purposes, market research purposes, with the aim of improving our products and services, profiling, for measuring the effectiveness of the website, its adaptation to the wants and needs of the Users, as well as for measuring the effectiveness of the presentation and promotion of Achilleas Accessories in third party websites.

By browsing the Website and making purchases through our Online Store, you consent to the processing by Achilleas Accessories of information it collects from you by using Cookies. You can, however, edit your preferences through our Website settings regarding Cookies.

2.1.2 We are also using Google Analytics (GA) and Google Tag Manager, as well as Adaplo, Facebook, Adwords, Moosend, to track our users’ activity. We use this data in order to determine the number of people using our website, to obtain a better understanding of the way they come across and use our website and to track their actions in it.

Although GA records data such as your geographic location, your device, your browser and your operating system, none of this information identifies you or makes you personally known to us. GA also records your computer’s IP address, which could be used for your identification, but Google does not grant us access to this information.

2.2. Registering as a Member – Creating an Account

During the registration process, Achilleas Accessories collects the personal data that you voluntarily provide upon your registration as a Member of our Online Store, and particularly your name, surname, e-mail and password. The above personal data is used by our Company in order to create a Member Account for you, through which you can see your transaction history, while you simultaneously give your consent by granting this data to the Company to retain the password, in order to allow you access to your Account every time you log in with your password. If you are under 16 years old, you MUST have your parents’ consent before you sign up to www.achilleasaccessories.gr .

At the same time, there is a collaboration with the Mailchimp platform in order to send "procedural" emails (to create a new account, place a new order, modify an order, change the password to the individual account, etc.).

2.3. Subscription to the newsletter service

We will not send you any Newsletter for any advertising or product promoting purposes, unless you choose to subscribe to our Newsletter service. If you subscribe to this service, Achilleas Accessories will collect your email address and send you informational material about the online or physical store products, product offers, gift coupons and points, product advertisements, commercial collaborations etc.

If you decide to subscribe to our newsletter list, the email address you will provide us with will be forwarded to Moosend, which provides us with marketing services. If you are not a member of our online store, the email address you submit will not be stored in a database on our website or on any computer system of ours. Your email will remain on Moosend’s database for as long as we continue to use its services or until you explicitly ask for it to be removed from the relevant list.

In case you do not wish to receive Achilleas Accessories’ Newsletters and promotional material in general, you can request your removal from the recipient list at any moment, either by following the relevant link at the end of every email you receive from us, or by sending the request to the email address info@achilleasaccessories.gr. From the emails sent via the Newsletter service, our Company records the rates of opening the messages you receive from us, as well as the number of clicks and the content of the emails through cookies, when you click.

If you are under 16 years old, you MUST have your parents' consent before signing up for our email newsletter service.

2.4. Purchase of Products from the Achilleas Accessories Online Store

At our Online Store we offer the possibility to make purchases either as a guest or as a registered member through an individual account. To complete each online order, process it and execute it, it is necessary to provide, collect and process some necessary personal information. This data is used by our Company to execute the purchase of productes and deliver them to the address you provide us, as well as for the payment of your order. Specifically, whether you are a Member or not, your e-mail, name, surname, address, region, county, postal code, country and telephone are collected to complete your purchases.

We will send you the proof of receipt and execution of your order from the carrier, or we will use both your e-mail as well as your phone to send you a message, in case we encounter a problem with the execution of your order or in order for the employee of the transport company who will deliver the products to you to contact you, and for any other communication or notice to you, according to the terms of the Terms of Use (wrong price, delay shipment, etc.).

2.5. Payment by credit card

If you choose to use a credit card for the payment of the product(s) you purchase from Achilleas Accessories, you will be transferred to a safe banking transaction environment. There, for the purpose of payment, you will have to provide us with the card type and card number, expiration date and CCV, by filling all the relevant blanks on the secure order form. Card transactions are protected by the most effective online protection systems (RSA Encryption), which guarantee a safe transaction environment to the majority of the world’s largest businesses. Our Company does not obtain or retain any personal data regarding payment details, except for the success or failure of the transaction for the obvious purposes of servicing and executing the order.

2.6. Signing up through Facebook, Google+

You can sign up to our online store or place an order through your Facebook or Google+ account. In this case, Achilleas Accessories will ask you to grant us an authorization to have access to the information you have provided to Facebook or Google+ and declared you want to be public. By choosing to grant this authorization, you consent to Achilleas Accessories having access to your Facebook or Google+ Account details, in order to create a profile for you, for the purposes of targeted product advertisement based on your profile and for statistical purposes.

2.7. Purchase of products in physical stores - points of sale retained by the company.

The Company maintains physical stores at various points of sale in Greece. In these stores, and only if our customers wish to, data such as name, surname, phone number and e-mail that they provide at the time of the purchase to our partners may be collected for the purpose of registering them as Members in the Company's online store or sending newsletters.

2.8. Employee data

Our Company collects personal information from potential employees, including personal contact information, professional qualifications and past professional experience, in order to make recruitment decisions. Upon recruitment, we collect information about our employees in the context of our contractual relationship and for purposes related to it, such as for evaluating their performance, for payroll or for tax purposes. This employee data is collected and stored in a corporate database in accordance with our standardized business practices. We may also process similar information about freelancers, consultants and other third parties who provide products or services to our company.

3. Legal basis for processing your data

As already described, we never process your data, unless the processing is necessary, and based either 1) on the performance of a sales contract between our company and you as a customer, or 2) on our legitimate interests in maintaining our relationship with you as our customers, or 3) on your consent, regarding mainly advertisement purposes about our Company's activity and products.

Particularly, our Company will not, under any circumstances, collect more personal information than necessary for the purpose for which it collects it, nor will it disclose your data to any third parties, unless this is absolutely necessary for the fulfillment of a service, the provision of which you have requested and is related to the sale contract between us (e.g. product delivery) or unless the processing by a third party is necessary for the purposes of our legitimate interests (e.g. performing credit control) or if you have previously given your consent, and/or when the law requires it (e.g. for execution of a court decision, public prosecutor’s order, etc.).

Also, our Company does not sell, lease or transfer your personal data to third parties, except when obligated to do so by law, and does not collect or process personal data of underage children, unless it has the express consent of their parents.

4. Retention period

We do not retain your data for a period longer than necessary to fulfill the purposes for which they have been collected or in any case as required by the applicable legislation.

The information you provide us with may be archived or stored periodically, in accordance with our security procedures and will only be retained for as long as it is necessary for the purpose for which it was collected, unless the law requires us to maintain it for longer (e.g. regarding tax documents pertaining to the sale of products to you, such as invoices/receipts), or to delete them sooner or unless you exercise your right to delete or restrict your data (when permitted).

For example, we will retain the CVs we receive, without eventually hiring the person concerned for a period of twelve (12) months. Finally, according to Directive 1/2011 of the Hellenic Data Protection Authority, records of security cameras that are legally installed in our offices or stores should be kept for a specified period of time in accordance with the purpose for which processed. Unless otherwise required by law or if it is necessary in cases where an infringement occurs, these records are destroyed every 15 working days.

5. Recipients of your data

We do not sell, lease or exchange your personal data, nor will we do so at any time in the future. We may disclose (share, send, or otherwise disclose) the personal data we collect for you under the terms of the present to third parties, but always under conditions that ensure that there is no unlawful processing, that is, outside the purpose of the disclosure.

Furthermore, your data may be transmitted to countries within the European Economic Area, where all security requirements are met. As a rule, we do not transmit data outside the EU or the EEA, and if necessary (for example, to Google), the disclosure will only be made in accordance with international security requirements and with the maximum protection of your data.

The data in our records may be communicated to the competent judicial, police and other administrative authorities upon their legal request and in accordance with the applicable laws.

In any case, Achilleas Accessories’ employees who have access to your personal data and information are specific and properly trained, while unauthorized access to your data is prohibited.

In particular, we may transfer your data mainly at the following cases:

• To Google, as outlined above, especially for the use of the Google Analytics and Tag Manager services.

• To Mailchimp, as outlined above, especially for the Newsletter service.

Both of these entities are based in the USA and are in agreement with the transnational agreement known as EU-US Privacy Shield.

• To advertising companies and advertising services providers in general: Achilleas Accessories does not disclose personal data without your consent. However, Achilleras Accessories may share with third-party advertising agencies statistical information with regard to the products purchased, demographic data, data regarding the technical characteristics of the portable devices used to access our Online Store etc., which cannot in any case identify you.

• To third parties who provide Achilleas Accessories with Online Store maintenance technical services, such as developers, data analysts, vendors and data security providers, strictly for the purpose of providing their services to us.

• To service providers that host our customer database, perform its technical support and management.

• To data security providers.

• To courier companies, to deliver your orders.

• To credit institutions for accessing our platform and completing your order directly from these credit institutions, as we have already described.

• To our company’s successors: If Achilleas Accessories undergoes a business change such as merger, joint venture, acquisition by another company, or sale of all or part of its assets, it may transfer all user information and data, including personal information, to the successor organization. If significant changes are made to Achilleas Accessories’ privacy practices as a result of such a business transition, the Company will inform you before transferring your personal data.

6. Your rights

We provide you with the ability to exercise all of your rights under the GDPR in relation to your personal data that we hold and process, such as the right of access and correction, to withdraw consent at any time, to object to data processing, to request data deletion, to restrict the extent of data processing, to prevent direct marketing and to request the transmission of personal data in a common digital format (e.g., pdf) to yourselves or to another organization. You also have the right to submit a complaint to the competent authority.

Indicatively, at your request, we will:

• grant you access to copies of your personal data within a reasonable time

• correct personal information when inaccurate

• withdraw your prior consent to the processing of personal information, etc.

If you wish to exercise any of your rights with respect to any personal data you hold, you may contact our company in writing at info@achilleasaccessories.gr .You shall get free access to your data, but depending on the volume of data our company retains for you, we may ask you to cover some of our costs.

7. Security of your data

We are committed to protecting your personal data. We consistently apply appropriate technical and organizational measures to ensure a level of security that is appropriate to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to your personal data that is collected, stored or subjected to any other kind of processing.

Our Company has implemented security procedures and measures in physical and electronic records in order to protect the personal information we keep. We regularly review security measures and try to protect your personal data as if it were ours. However, we are not responsible for any third party actions or security measures in relation to information that third parties may collect or process through their websites, services or otherwise. We will destroy or erase your personal data when we no longer need it for the provision of our conventional services or as otherwise required by law.

More specifically:

General Controls: Regular and systematic controls are implemented on workstations, such as automatic computer locking, regular software and hardware updates, configuration, physical security, etc. to minimize the possibility of gaining unauthorized access and exploiting crucial data which is stored in our records. Our company’s equipment is connected to an Uninterruptible Power Supply (UPS) so that operation is not interrupted in the event of system failure, while in the event of a prolonged power failure, we safely shut down our servers.

File Storage in Physical Format: Our Company may keep files which contain your personal data in physical, hardcopy form (such as contracts, invoices, etc.). We keep these records in areas protected by security locks and access is granted only to those employees or partners required for the purposes described in their employment contract. In order to destroy physical files, we use a document shredder to exclude the possibility of anyone accessing them without being authorized by us.

Electronic Data Storage: Some of your personal data will be stored in our website's database. We have applied classified access to files that contain personal data on our network, which is protected by VPN (Virtual Private Network). Based on this classified access, special codes are required which are provided only to those employees or partners who are required to access these files. Our network is additionally protected by antivirus and firewall protection, which separates the local network and prevents unauthorized access. Finally, we ensure the security of your data by backing up our system files.

File transfer: All web traffic (file transfer) between this site and your browser is encrypted and transferred via a 128-bit SSL protocol. Encryption is essentially a way of encoding the information until it reaches its intended recipient, which will be able to decode it using the appropriate key.

Card Details: In addition, we do not store the details of your cards you use online. Your card details are not visible to Achilleas Accessories because as already mentioned you are automatically transferred to a secure banking environment to complete your order. You should also take all possible measures to prevent third parties from gaining access to your account, for example by not disclosing your password.

Email: The data sent to us via email is protected through the SMTP (Simple Mail Transfer Protocol). Our SMTP servers are protected by a TLS security protocol (sometimes known as SSL), meaning that email content is encrypted using 256-bit SHA-2 encryption before being sent over the Internet. The content of the email is decrypted by our local computers and devices. E-mail content is decrypted by local computers and devices.

8. Contact us

In case you wish any clarification or information regarding the terms of this Policy, or if you have any dispute, reservation or question, you may contact our Company at the telephone number 210-3239970 or send an e-mail to info@achilleasaccessories.gr .

9. Changes to Privacy Policy

This privacy policy may change from time to time according to legislation or industry developments, without prior notice. For this reason we invite you to check this webpage regularly.