PRIVACY POLICY
This Personal Data Protection Policy has been developed in accordance with the provisions of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
This Personal Data Protection Policy informs you about what information (hereinafter personal data) we may collect from you, why it will be used, who that information will be shared with, and what security procedures we have implemented to protect your personal data.
Personal data means information that can identify a specific individual such as the name, address, phone number or email address, Tax Reg. No. your transactions with us, and credit card details, only when required.
The information collected, is checked and held by our company HEADBANGERS whose registered offices are at G. Septemvriou 144, 11251, Athens, GR
When you enter into a transaction via our website and e-shop, you enter into a contractual relationship with us. It is vital for us to collect your personal data in order to complete a booking via our website. You provide that data voluntarily and it is not collected at our initiative. Your personal data is collected with your express consent (so we are able to perform our contractual obligations to you) for specific, express and lawful purposes and does not undergo additional processing in a manner incompatible with those purposes (Article 5(1)(b) of Regulation (EU) No 2016/679). In that contractual relationship in which you are the data subject, our Company functions as the data controller for your personal data (Article 4 of Regulation (EU) No 2016/679.
A. PURPOSES OF PROCESSING AND RECIPIENTS OF DATA
1.Customer personal data which is provided is only used by HEADBANGERS exclusively to carry out and provided evidence of your orders and issue the relevant tax records/invoices. To better perform its obligations and optimise its services the company may collaborate with other data and record storage companies to hold and store such data, which are bound under contract to comply with the terms and conditions set out in Regulation (EU) No 2016/679 on personal data protection, and have already complied with that Regulation, and have no right to transmit the data to other persons, and are bound by a NDA. The recipient in this case is our company only and the said companies act as data processors, on our behalf in accordance with our instructions.
2. Τhe personal data may also be used to generate statistics, which means that they contain no personal data that could lead to individuals being identified. Only our company is the recipient in this case.
3. With your express consent advertising from HEADBANGERS and newsletters may be sent to your email address. Only our company is the recipient in this case.
4. Your personal data may also be sent to enterprises which collaborate with HEADBANGERS (data processors) for the sole purpose of sending advertising materials and personalised officers from HEADBANGERS, only if you have already consented to being sent advertising materials and newsletters. To that end, you can select the relevant option from “My profile”. The recipients in this case are our company and the data processors who are bound under contract to comply with the terms and conditions set out in Regulation (EU) No 2016/679 on personal data protection and have also signed NDAs with us.
5. Other third parties may also be recipients to the extent that that is necessary for the following purposes: (I) compliance with a government request, court judgment or applicable law and (II) to prevent illegal usage of websites and/or breaches of the website terms of use and our policies.
B. PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
Although in some cases we will ask you for personal data -when you want to create an account on anamae.grfor example or want to purchase products or services (and we will make it clear to you what we need at that point in time) you can visit pages on our website often without needing to provide any of your personal data.
We may collect your personal data in the following cases:
• When creating your account on our website so you can make purchases: During registration as an individual on anamae.gr you provide us with your name, surname, mobile phone number, email address, home address and country of residence. All that information is vital for us to facilitate you and enable you to make purchases. If you opt to register as a business, you will provide the company name, address, e-mail address for the company, the type of business, a contact phone number and liaison, and the company Tax Reg. No., information which is essential for invoices to be issued in the company’s name. All information is held and managed by us in accordance with this Personal Data Protection Policy. You can unsubscribe or delete your account at any time via your profile.
• When purchasing – ordering a product and/or a service: When completing your order, you provide us not just with the personal data mentioned above, if you have not registered (name, surname, mobile phone number, email address, home address and country of residence) but also your credit card details, if you opt to purchase with a credit card, including the card number, type, cardholder’s name, expiry date, billing address (for the invoice or receipt) and order delivery details. If you choose the “Design” option to create an item to suit your tastes and do not have an account with us as an individual, you provide your name, surname, mobile phone number, e-mail address, home address and country of residence. If you opt to register as a business, you will provide the company name, address, email address for the company, the type of business, a contact phone number and liaison, and the company Tax Reg. No., information which is essential for invoices to be issued in the company’s name. Information about the progress and completion of your order can be sent by SMS to your mobile phone if you so wish.
• When you register just to receive informational materials or marketing materials or update your preferences via the dashboard: You only provide us with your e-mail address to which the relevant informational/advertising materials from our company will be sent. You retain the right to unsubscribe from the newsletter at any time.
• When you contact our company via the contact form or via our Customer Service Department. When you contact us using the relevant contact form on the site, you will be asked to provide the minimum personal data needed (name, surname, country and e-mail address).
Using data collection tools when you visit our website: In addition to information you provide to us voluntarily, certain information is collected automatically when you visit our website, using data harvesting technologies which we use from time to time such as cookies. Every time your visit our website, the cookies collect information from your computer, including technical information such as the IP (internet protocol) address, your operating system, the browser type and version number, the referring site, and information about your purchase preferences, products you have viewed/searched for and your activity on our website. If you use a wireless network and have internet access via your mobile phone or other device, you should contact your provider to learn how they collect your personal information.
Email: [email protected]
C. DATA SUBJECT’S RIGHTS – DATA RETENTION PERIOD
1. Every customer can exercise the right to ask the Company (which operates as a Data Controller in our contractual relationship as stated above) to delete his/her personal data in accordance with the specific provisions of Article 17 of Regulation (EU) No 2016/679 and to unsubscribe from the relevant newsletter. Deletion cannot relate to essential information and personal data which are held for a specific period for the purpose of complying with tax and other laws.
2. Every customer may request access to data and specifically product purchases made by activating the relevant option under “My profile”. This right must be met by the data controller within 30 days.
3. Every customer is entitled to request that any inaccurate data relating to you be corrected (article 15 of Regulation (EU) No 2016/679. Given the purposes for which our company processes data in the context of our contractual relationship, you can demand that missing personal data be supplemented, by sending a request to that effect to our company, for example (Article 16 of Regulation (EU) No 2016/679).
4. Every customer can ask for his/her data to be transferred to another provider to the extent that that is possible and does not conflict with the company’s commercial secrets and business confidentiality policy.
5. Every customer may ask for his/her personal data processing to be limited in the time it takes to examine objections to processing.
6. Every customer’s personal data is only stored for the time your account on our website is active. Otherwise the data is stored for the period necessary for our company to be in full compliance with the obligations deriving from law and in particular tax and other commercial law obligations (Article 23 of Regulation (EU) No 2016/679). If you have any complaints, please contact our company’s Data Protection Officer referred to at the end of this document or submit a compliant to the Hellenic Data Protection Authority.