Privacy Policy
Privacy Policy
We are very happy for the interest you show in our business. Data protection is one of the highest priorities of the Gift Management with taste. The use of the Websites of Gifts with taste is possible without any indication of personal data. However, if a data subject wishes to use company-specific services through our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for it, we seek the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of the data subject must always comply with the General Data Protection Regulation (GDPR), as well as with the specific national data protection regulations applicable to Taste Gifts. Through this data protection statement, our company would like to inform the general public about the nature, extent and purpose of the personal data we collect, use and process. In addition, through this data protection statement, data subjects are informed of their rights.
As the controller, Gifted Gifts has taken numerous technical and organizational measures in order to ensure the most comprehensive protection of personal data processed through the website. However, when transmitting data over the Internet, security vulnerabilities may initially arise, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us using alternative means, e.g. via phone.
1. Definitions
The Privacy Policy data protection statement is based on the terms used by the European Legislature for the adoption of the General Data Protection Regulation (GDPR). Our privacy statement should be readable and comprehensible to the general public, as well as to our customers and business associates. To ensure this, we would first like to explain the terminology used.
In this data protection statement, we use, inter alia, the following terms:
a) Personal Data Personal data means any information concerning an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identity identifier or one or more identifiable factors. physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Data subject A data subject is any identified or identifiable natural person whose personal data are processed by the controller in question.
c) Processing Processing means any operation or series of operations performed with or without the use of automated means, on personal data or on personal data sets, such as collection, registration, organization, structure, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
d) Restriction of processing Restriction of processing is the labeling of stored personal data in order to limit their processing in the future.
e) Profile training Profiling means any form of automated processing of personal data consisting of the use of personal data for the evaluation of certain personal aspects of a natural person, in particular for the analysis or prediction of aspects of performance, financial status , the health, personal preferences, interests, credibility, behavior, position or movements of that natural person.
f) Aliasing Aliasing is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that they can not be attributed to an identifiable or identifiable natural.
g) Controller The controller is the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and manner of processing personal data; shall be determined by Union or Member State law, the controller or the specific criteria for his appointment may be laid down by Union law or the law of a Member State.
h) Executing the processing Performing the processing is the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller.
i) Recipient The recipient is the natural or legal person, public authority, service or other body to which the personal data are disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigation under Union or Member State law shall not be considered as recipients; such data shall be processed by those public authorities in accordance with applicable data protection rules depending on the purposes of the processing.
j) Third Party is any natural or legal person, public authority, service or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the executor are authorized to process personal data.
k) Consent The consent of the data subject means any indication of will, free, specific, explicit and fully aware, by which the data subject expresses that he agrees, with a statement or with a clear positive action, to process the personal data character concerning it.
2. Name and address of the Controller
Responsible for processing for the purposes of the General Data Protection Regulation (GDPR), other applicable in the EU Member States. data protection laws and data protection provisions are:
Gifts with taste
Κυψέλης 83
11361 Athens
Hellas
Telephone: 6934477003
Email: [email protected]
Website: doramegousto.gr
3. Cookies
Gift websites use cookies. Cookies are text files stored on a computer system through a web browser.
Many websites and servers use cookies. Many cookies contain the so-called cookie ID. The cookie ID is a unique cookie ID. It consists of a series of characters through which web pages and servers can be associated with a specific web browser in which the cookie is stored. This allows the websites and servers you have visited to distinguish the data subject’s browser from other browsers that contain other cookies. This browser can be identified and authenticated using the unique cookie ID.
Through the use of cookies, Gifted Gifts provides the users of the website with more user-friendly services, something that would not have been possible without the settings of the cookie.
By using the cookie, the information and offers on our website can be optimized keeping in mind the user. Cookies allow us, as mentioned above, to identify the users of our website. The purpose of the recognition is to make the website easier for users to use. The user of the website who uses cookies, does not need, for example, to enter the access details every time he enters the website, since they are retrieved from the website and, in this way, the cookie is stored on the user’s computer. The online store remembers the data that the customer entered in the digital shopping cart with the help of a cookie.
The data subject can, at any time, prevent the use of the cookie of our website through the relevant choice of the internet browser that uses it, as well as to permanently refuse the use of cookies. Additionally, the cookie already in use can be deleted at any time through a web browser or other program. This feature is available in all known web browsers. In the event that the data subject disables the selection of the cookie in the browser he uses, it may not be possible to fully use all the functions of our website.
4. Collection of general data and information
Website
of Gifts tastefully collects data and general information when the data subject or automated system enters the website. This data and general information is stored in the server logs. The data that is likely to be collected is (1) the type and versions of the web browser, (2) the operating system used by the access system, (3) the website from which the system accesses our website ( the so-called referrer system, (4) the sub-websites, (5) the day and time of access to the website, (6) the internet address protocol (IP address), (7) the internet service provider of the access system and (8) similar data and information that may be used in the event of an attack on our information system.
By using this data and information of a general nature, Taste Gifts does not draw any conclusions about the data subject. Instead, this information serves (1) the proper performance of our website content, (2) optimizes our website content and advertising, (3) ensures the long-term viability of our information systems and web technology, and (4) the provision to law enforcement authorities of the necessary information for criminal prosecution in the event of a cyber-attack. As a result, Gifts tastefully analyzes statistical data and information that have been collected anonymously in order to increase the level of protection and security of our business data, as well as ensuring the optimal level of protection of personal data that we process. Anonymous data from the server logs are stored separately from all personal data provided by the data subject.
5. Register on our website
The data subject has the ability to register on the webmaster’s website by entering personal data. Which personal data is transferred to the controller is determined by the relevant registration form used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, for the same purposes. The controller may request the transfer to one or more processors (eg parcel service) which also uses personal data for internal purposes attributed to the controller.
By registering on the webmaster’s website, the IP address – as assigned by the Internet Service Provider (ISP) and used by the data subject – the date and time of the registration is also stored. The storage of this data takes place in the context that is the only way to prevent misuse of our services and, if necessary, to investigate the crimes committed. To this extent, the storage of this data is necessary to secure the controller. These data are not disclosed to third parties, subject to the existence of a statutory obligation to provide the data or if their transfer serves the purpose of criminal prosecution.
The registration of the data subject, with the voluntary recording of personal data, is intended to facilitate the controller in offering to the data subject content or services provided only to registered users due to their nature. Registered persons are free to change the personal data they entered during registration at any time or to delete it completely from the records of the controller.
The data controller must provide, at all times, information to each data subject upon request for the type of personal data held about the data subject. In addition, the data controller must correct or delete personal data at the request or suggestion of the data subject, to the extent that there is no legal obligation to comply with them. In this respect, all the employees of the controller are at the disposal of the data subject as communication contacts.
6. Normal deletion and exclusion of personal data
The data protection officer must process and store the personal data of the data subject only for the period of time necessary to achieve the purpose of the storage or for as long as this is permitted by the European legislature or by another
legislators or regulations to which the controller is subject.
If the purpose of the storage is not achieved or if the storage period provided by the European legislator or other competent legislator expires, the personal data will be excluded from processing or deleted in accordance with all legal requirements.
7. Rights of the data subject
(a) Right of confirmation Every data subject has the right conferred by the European legislature to receive confirmation from the controller as to whether or not the personal data concerning him or her are being processed. If the data subject wishes to exercise the right of confirmation, he or she may, at any time, contact any employee of the controller.
b) Right of access Every data subject has the right conferred by the European legislature on free information, at any time, by the controller of the personal data stored and relating to him / her, as well as to receive a copy of this information . In addition, European Directives and Regulations give the data subject the right to access the following information:
the purposes of the processing,
the relevant categories of personal data,
the recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients in third countries or international organizations,
where possible, the period for which personal data will be stored or, where this is not possible, the criteria for determining that period,
the existence of a right of request to the controller for the correction or deletion of personal data or a restriction on the processing of personal data concerning the data subject or a right of objection to such processing;
the right to lodge a complaint with a supervisory authority,
when personal data are not collected by the data subject, any available information on their origin,
the existence of automated decision-making, including profiling, provided for in Article 22 (1) and (4) and, at least in such cases, important information on the rationale data subject.
In addition, the data subject has the right to receive information on whether personal data is transferred to a third country or international organization. In the event of this happening, the data subject has the right to be informed of the appropriate safeguards taken during the transfer. If a data subject wishes to benefit from the right of access, he or she may, at any time, contact an controller.
c) Right of rectification Every data subject has the right conferred by the European legislature to require the controller to rectify inaccurate personal data concerning him / her without undue delay. For the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including through the provision of a supplementary declaration. If the data subject wishes to make use of the right of correction, he or she may, at any time, contact an official of the controller.
d) Right of deletion (“right to be forgotten”) Every data subject has the right conferred by the European legislature on requesting the controller to delete personal data concerning him or her without undue delay and the controller is obliged to delete data without undue delay, if one of the following reasons applies, as processing is not necessary:
Personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
The data subject shall withdraw the consent on which the processing is based in accordance with Article 6 (1) (a) of the General Data Protection Regulation or Article 9 (2) (a) of the General Data Protection Regulation and, if it does not exist. other legal basis for processing.
The data subject objects to the processing in accordance with Article 21 (1) of the General Data Protection Regulation and there are no compelling and legal reasons for the processing or the data subject objects to the processing in accordance with Article 21 (2) of the Data Protection Regulation. of the Data Protection Regulation.
Personal data was processed illegally.
Personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which the controller is subject.
Personal data has been collected in connection with the provision of information society services referred to in Article 8 (1) of the General Data Protection Regulation.
If one of the above cases applies and the data subject expresses the desire to delete the personal data maintained by the Gifted Taste, he or she may, at any time, contact an official in charge of the processing. Every employee of Gifted Taste must ensure immediate compliance with the deletion request. Where the controller has disclosed personal data and is required to delete personal data in accordance with Article 17 (1), the controller shall take reasonable steps, including technical measures, taking into account available technology and implementation costs. to inform the controllers processing the personal data that the data subject has requested that any data link or copies or reproductions of such personal data be deleted from those controllers necessary. A Gifted Employee will ensure that appropriate action is taken on a case-by-case basis.
e) Right to restrict processing Each data subject has the right conferred by the European legislature on securing the restriction of processing by the controller when one of the following applies:
The accuracy of the personal data is disputed by the data subject, for a period of time which allows the controller to verify the accuracy of the personal data.
The processing is illegal and the data subject opposes the deletion of personal data and seeks, instead, to restrict their use.
The controller no longer needs the personal data for the purposes of the processing, but this data is required by the data subject to establish, exercise or support legal claims.
The data subject has objected to the processing pursuant to Article 21 (1) of the General Data Protection Regulation, pending verification as to whether the controller’s legitimate reasoning overrides the data subject’s reasoning.
If one of the above cases applies and the data subject expresses the desire to limit the processing of personal data maintained by the Gifted by taste, he or she may, at any time, contact an employee of the controller. Every employee of Gifted Taste must ensure immediate compliance with the request to limit processing.
f) Right to data portability Every data subject has the right conferred by the European legislature on receiving personal data concerning him / her, which he / she has provided to a processor, in a structured, commonly used and machine-readable format. He or she also has the right to transfer such data to another controller without objection from the controller to whom the personal data was provided, as the processing is based on the consent given in accordance with Article 6 (1) (a). ) or Article 9 (2) (a) of the General Data Protection Regulation or in a contract in accordance with Article 6 (1) (a) of the General Data Protection Regulation and the processing is carried out by automated means, to the extent that the processing is not necessary for the performance of work in the public interest or the exercise of public authority conferred on the controller. In addition, when exercising the right to data portability in accordance with Article 20 (1) of the General Data Protection Regulation, the data subject has the right to request the transfer of such personal data directly from one controller to another, when this is technically possible and does not adversely affect the rights and freedoms of others. In order to exercise the right to data portability, the data subject may at any time contact an employee of Taste Gifts.
g) Right to object Every data subject has the right
attributed by the European legislator to oppose, at any time and for reasons related to his particular situation, the processing of personal data concerning him, based on Article 6 (1) (e) or (f) of the General Data Protection Regulation. The same applies to the compilation of profiles under these provisions. Gifted should no longer process personal data in the event of opposition, unless it can prove compelling and legitimate reasons for processing that outweigh the data subject’s interests, rights and freedoms, or establishment, exercise or support of legal claims. If Gift tastefully processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data relating to him or her and related to such marketing. The same applies in the case of profiling to the extent related to this direct marketing. If the data subject objects to the processing of data by Taste Gifts for immediate marketing, Taste Gifts may no longer process personal data for those purposes. In addition, the data subject, for reasons related to his / her own special case, has the right to object to the processing by Dora with taste of personal data concerning him / her for the purposes of scientific or historical research or statistical purposes according to Article 89 (1) of the General Data Protection Regulation, unless the processing is necessary for the performance of a duty to serve public interest purposes. In order to exercise the right of objection, the data subject may at any time come into contact with employees of Gifts with taste. In addition, the data subject is free in the context of the use of information society services and without prejudice to Directive 2002/58 / EC to exercise his right to object by means of automated means using technical specifications.
h) Automated individual decision-making, including profiling Every data subject has the right conferred by the European legislature not to be subject to a decision taken solely on the basis of an automated procedure, including profiling, which produces legal effects concerning him / her. affects him / her in a similar way, as this decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is not permitted by Union law or the law Member State to which the controller is subject and which also provides for appropriate measures to protect the rights, freedoms and legitimate interests; or (3) is not based on the express consent of the data subject. If decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is based on the express consent of the data subject, Gift must take appropriate action to safeguard the rights, freedoms and legitimate interests of the data subject, at least the right to secure human intervention on the part of the controller, to express an opinion and to challenge the decision. If the data subject wishes to exercise the rights relating to automated decision making, he or she has the opportunity to contact an employee of Gifted Taste.
i) Right to revoke consent Every data subject has the right conferred by the European legislature on revocation at any time of his consent to the processing of personal data concerning him / her. If the data subject wishes to exercise the right to withdraw the consent, he or she has the opportunity to contact an employee of Gifted Taste.
8. Data protection provisions regarding the application and use of Facebook
On this website, the webmaster has incorporated Facebook business data. Facebook is a social network.
A social network is an online social gathering place, an online community, that typically allows users to interact with each other and interact in a digital environment. A social network can serve as a platform for the exchange of views and experiences or allow the online community to provide personal or business information. Facebook allows
to social network users to create personal profiles, upload photos and network through friend requests.
The company that manages Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person resides outside the United States or Canada, the processor is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
By logging in to individual pages of this site which is managed by the webmaster and which has a Facebook component (Facebook plug-in) integrated, the web browser in the data subject’s information system is automatically called to download the view of his component Facebook through the Facebook add-on. A summary of all Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/. During this technical process, Facebook identifies which subpage of our website the data subject visited.
If the data subject is logged in to Facebook at the same time, Facebook detects every time the data subject enters our website – and throughout its stay on it – which specific subpage of our website the subject visited data. This information is collected through the Facebook component and linked to the data subject’s corresponding Facebook account. If the data subject clicks on one of the Facebook elements that have been integrated in our website, e.g. the “Like” button, or if it submits a comment, then Facebook matches this information to the data subject’s personal Facebook account and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit of the data subject to our website, whenever the data subject is connected to Facebook during his visit to our website. This is regardless of whether the data subject selects the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, then he or she can prevent it by logging out of his / her Facebook account before visiting our website.
The Facebook Data Protection Guidelines, available at https://facebook.com/about/privacy/, provide information on the collection, processing and use of personal data by Facebook. In addition, they explain what options Facebook provides to protect the privacy of the data subject. Configuration options are also available that allow you to stop transmitting data to Facebook. These applications can use the data subject to terminate the transmission of data to Facebook.
9. Data protection devices related to the application and use of Instagram
The webmaster has embedded Instagram elements in this website. Instagram can be described as an audiovisual platform, which allows users to share photos and videos, but also to share such data on other social networks.
The company that manages the services provided by Instagram is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.
Each time you log in to the individual pages of this web site managed by the webmaster and have an Instagram component (the “Insta” button) embedded, the web browser in the data subject’s information system automatically displays the Instagram component. During this technical process, Instagram recognizes the specific sub-pages of our website that the data subject visited.
If the data subject is instantly connected to Instagram, Instagram recognizes with each entry to our website by the data subject – and throughout his or her stay on our website – which specific sub-page of our website he or she visited . This information is collected through the Instagram component and correlated with the relevant information from the data subject’s Instagram account. If the data subject clicks on one of the Instagram buttons embedded in our website, then Instagram matches this information to the data subject’s personal Instagram account and stores personal data.
Instagram receives information via the Instagram item about the subject’s visit
of the data on our website provided that the data subject is connected to Instagram the moment it enters our website. This occurs regardless of whether he clicks the Instagram icon or not. If the data subject does not want to share information on Instagram, then he or she can prevent it by logging out of their Instagram account before entering our website.
Further information and the data protection provisions applied by Instagram at the link https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
10. Data protection devices related to the application and use of Jetpack for WordPress
In this website the data subject has integrated Jetpack. Jetpack is a WordPress add-on that provides additional features to your WordPress-based webmaster. Jetpack allows the webmaster, among other things, to have an overview of the webmasters. By displaying the relevant posts or by sharing content on the website, it is possible to increase the number of visitors. In addition, Jetpack has built-in security features, so websites that use Jetpack are better protected against violent attacks. Jetpack also optimizes and speeds up image uploading to the webpage.
The Jetpack add-on management company for WordPress is Aut O’Mattic A8C Ireland Ltd., Business Center, No.1 Lower Mayor Street, International Financial Services Center, Dublin 1, Ireland.
Jetpack places cookies in the data subject’s information system. The definition of cookies is given above. With each visit to each web page managed by the webmaster and incorporated into the Jetpack component, the data subject web browser automatically submits data for analysis by Automattic via the Jetpack component . During this technical process, Automattic receives data that is used to create an overview of website visits. Data collection through the Jetpack component is not used to identify the data subject without their prior express consent. Quantcast is also aware of the data. Quantcast uses the data for the same purposes as Automattic.
The data subject can, as mentioned above, block the application of cookies through our website, at any time, making the corresponding adjustment of the web browser he uses and, thus, permanently refuse the application of cookies. This browser customization will prevent Automattic / Quantcast from applying cookies to the data subject’s information system. In addition, cookies already used by Automattic / Quantcast can be deleted at any time through a browser or other software.
In addition, the data subject has the ability to object to the collection of data collected through the Jetpack cookie and related to the use of this website, as well as their processing by Automattic / Quantcast, as well as the possibility of prohibiting any such. To do this, the data subject must select “opt-out” at the link https://www.quantcast.com/opt-out/, which places an opt-out cookie. The opt-out cookie is placed in the information system used by the data subject. If the data subject deletes the cookies, then he / she will have to set an opt-out cookie again through the same link.
However, with the setting of the opt-out cookie, there is a possibility that the data subject may not be able to fully use the webmaster of the webmaster.
The applicable Automattic data protection devices at the link https://automattic.com/privacy/. The applicable Quantcast data protection devices at https://www.quantcast.com/privacy/.
11. Legal basis for processing
Article 6 (1) (a) of the General Data Protection Regulation is the legal basis for the processing procedure for which we obtain consent for a specific purpose. If the processing of personal data is necessary for the execution of an agreement to which the data subject is a party, such as e.g. in the event that processing is necessary for the supply of goods or for the provision of a service, the processing is based on Article 6 (1) (b) of the General Data Protection Regulation. The same
This applies to the processing work required to take pre-contractual measures, for example in the case of queries about our products or services. If our company has a certain obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Article 6 paragraph 1 indent cc of the General Data Protection Regulation. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or other natural person. This happens, for example, when a visitor is injured in our company and their name, age, insurance data or other vital information is disclosed to a doctor, hospital or other third party. In this case, the processing is based on Article 6 (1) (d) of the General Data Processing Regulation. Finally, processing procedures may be based on Article 6 (1) indent f of the General Data Protection Regulation. This legal basis is used for processing operations that are not covered by any of the above cases, if the processing is necessary to serve the legitimate interests of our company or a third party, unless these interests are preceded by the interest or fundamental rights and freedoms of the data subject enforcing the protection of personal data. Such processing is permitted as expressly stated by the European legislature. Such a legal interest is considered to exist when the data subject is the client of the controller (Paragraph 47, sentence 2 of the Preamble to the General Data Protection Regulation).
12. The legal interests pursued by the controller or a third party
Where the processing of personal data is based on Article 6 (1) indent of the General Data Protection Regulation, it is in our legitimate interest to pursue our business for the benefit of all our employees and shareholders.
13. Period of retention of personal data
The criteria used to determine the retention period of personal data is the legal storage period. After this period, the corresponding data are deleted, to the extent that they are no longer necessary for the execution or conclusion of the contract.
14. Provision of personal data as a legal or contractual requirement – Prerequisite for the conclusion of the contract – Obligation of the data subject to provide personal data – Possible consequences of the inability to provide such data
We make it clear that the provision of personal data is required in part by law (eg by tax provisions) or may arise from contractual provisions (eg provision of information to the counterparty). Sometimes it may be necessary for the data subject to provide us with personal data for the purpose of concluding a contract, which we will then process. The data subject is obliged, for example, to provide us with personal data when concluding contracts with our company. Failure to provide this personal data may result in the impossibility of concluding the contract with the data subject. Prior to the provision of personal data by the data subject, the subject should contact an employee. The employee will inform the subject if the provision of personal data is a legal or contractual obligation or is necessary for the conclusion of the contract, if there is an obligation to provide the data, as well as for the consequences of non-provision of personal data.
15. Automated decision making process
As a responsible company, we do not use automated decision-making or profiling processes.
This Privacy Policy has been generated by the Privacy Policy Generator of the German Association for Data Protection that was developed in cooperation with Privacy Lawyers from WILDE BEUGER SOLMECKE, Cologne.