Mediterraneo, as the Responsible for Processing of Personal Data, in the context of the General Data Protection Regulation (EU) 2016/679 which comes into force from 25.05.2018 (GDPR), the national legislation and the relevant directives of the Personal Data Protection Authority (GDPR), as applicable, is committed to protecting the personal data of visitors, service users, employees, workers, partners, and other natural persons, which are processed by authorized persons of the company, for reasons arising from the relevant transactions relationships, the legal obligations, or the respective legal interest of the company.
Mediterraneo, respecting the privacy of the above natural persons and being vigilant to ensure the confidentiality and security of their personal data, hereby provides you with the following information on the processing of the personal data of visitors/users of its website (the type of personal data collected by Mediterraneo, the way it is processed, the means of protection) and your rights as a subject of the processing of this data.
This information policy is addressed to all natural persons who carry out any transaction with Mediterraneo through its website, such as indicatively to visitors to its website, to customers who make online purchases through the online store (e-shop) and to registered through the website members of Mediterraneo.
In the daily exercise of the company’s activity, the processing of personal data is sometimes imposed by a corresponding legal obligation or deemed necessary for reasons of legitimate interest and to improve Mediterraneo’s business practice and service quality. The processing of personal data consists of the collection, registration, organization, structure, storage, alteration, retrieval, information search, use, transmission, limitation or deletion of personal data that have come or will come to Mediterraneo’s knowledge, either in the context of your business relations with it or in the context of information received by the company from a third natural or legal person or public sector body in the exercise of a legal right of this or the company itself.
Mediterraneo recognizes that during the exercise of its activities, it is possible to have at its disposal personal data of natural persons. In addition, in compliance with the current legislative framework, it has taken all the necessary actions, applying the appropriate technical and organizational measures for the legal observance, processing and safe keeping of the personal data file, committing to ensure and protect in every way the processing of your personal data from loss or leakage, alteration, transmission or in any other way unfair processing thereof.
In order to be transparent about the way your personal data is collected, used and stored, Mediterraneo encourages visitors of its website, and anyone interested, to read this Information on the Processing of Personal Data, in order to obtain the following information:
1) WHICH PERSONAL DATA WE PROCESS AND HOW WE USE THEM
Meditteraneo informs you, as website visitors/users, that through its website www.mediterrano.gr, and of its online store may collect information about you, if only you provide it and personal data, which is necessary for the initiation, maintenance and execution of your business relations with Mediterraneo, existing or future, depending on the product or service provided and the applicable procedures and policies of the company. More specifically, Mediterraneo collects and processes the following personal data as a minimum:
- your electronic address (email), when you register it, in order to register for the newsletter service and to receive relevant updates and promotional actions of the company, concerning for instance events, and to be informed about the news of Mediterraneo and other related activities,
- your electronic address (email), first name, last name, telephone, address details and your credit or debit card or Paypal account details, when you register and provide them, for the purpose of purchasing products or services available for sale by Mediterraneo through its eshop .
- Finally, we receive your IP address, as and when you browse our website, as well as how you use our website.
The collection and processing of your above personal data by Mediterraneo is necessary for the initiation, execution and maintenance of business relations between us. Any objection by you to the provision or processing of your personal data may lead to the impossibility of starting or maintaining/continuing your existing business relationship with the company.
2) PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA (“SENSITIVE PERSONAL DATA”)
Mediterraneo does not generally process your sensitive personal data (special category data), such as data related to your racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your membership in a trade union, genetic or biometric data for the purpose of identifying you as the subject of the processing, as well as health data or data concerning your sex life or sexual orientation, since the above data are not necessary for the fulfillment of the above purposes, applying the principle of minimization, necessity and proportionality, as provided by the GDPR.
3) DATA CONCERNING MINORS
For the purposes of the present, persons who have not reached the age of 18 are considered minors year of their age.
Also, when the processing of personal data is based on consent in accordance with art. 6 par. 1 st a) GDPR, in relation to the offer of information society services directly to a child, the consent provided by the minor and consequently the processing is lawful, if the minor is at least 16 years old. In the case where the minor is under the age of 16, this processing is lawful only if and to the extent that said consent is given or approved by the person who has parental care of the minor (see art. 8 GDPR).
4) LEGALITY OF PROCESSING
Regarding the legal basis of the processing of your personal data, Mediterraneo processes legal personal data, which are deemed necessary for specific purposes and in particular:
- In the event that you do not maintain a certain transactional relationship with Mediterraneo, it is necessary to give us your consent if you wish to subscribe to Mediterraneo’s newsletter service and receive updates on the company’s actions and promotions. The specific form of your consent will be provided by you freely and clearly and under the main condition that you have actively chosen to receive corresponding emails – newsletters.
- In the event that email contact details, which were obtained legally, in the context of the sale of products or services or other transaction, Mediterraneo reserves the right, in the exercise of its legitimate interest, to use them for the direct promotion of similar products or services or to serve similar purposes, even if the recipient of the corresponding electronic message has not provided his consent in advance.
- Regarding the purchase of products or services through the Mediterraneo online store (eshop), the legal basis for the processing of your personal data is the product or service sales contract/business relationship between us.
- We collect your personal data that you provide us based on one or more of the following legal bases:
- when their processing is necessary for the service, support and monitoring of your business relations with Mediterraneo and the proper execution of the contracts between you,
- as required for Mediterraneo’s compliance with legal obligations arising from law;
- as necessary to pursue the legitimate interests of Mediterraneo (or third parties), including our interests in providing innovative, personalized, secure and profitable services to Mediterraneo users and partners;
- when the processing of your personal data is necessary for the fulfillment of a duty of Mediterraneo carried out in the public interest, within the framework of the applicable legislative and regulatory framework,
- in accordance with the prior express consent you have provided to us, as long as the processing is not based on one of the legal processing bases mentioned below.
5) WITHDRAWAL OF CONSENT
Your granted consent, where required, you have the right to revoke it at any time, with a simple statement of revocation, which will be addressed to Mediterraneo in writing physically or electronically, to Mediterraneo’s email address, without prejudice to the legality of the processing based on it up to its revocation. You also have the right to be informed about the stage of implementation of your request. Especially regarding the sending of the newsletter, in any case, you are given the right to unsubscribe from every newsletter you receive from Mediterraneo.
6) DATA RETENTION TIME
How long we retain your data will depend on the purposes for which we process it, as explained below:
- To manage your registration as a user of the online store
We will process your data for as long as you remain a registered user (i.e. until you decide to unsubscribe).
- Development, fulfillment and performance of the purchase or service contract
We will process your data for as long as necessary to administer the purchase of the products or services you have acquired, including any returns, complaints or claims relating to the purchase of that particular product or the specific service.
Sometimes, we will only process your data for as long as you decide, such as in the case of payment data that you have asked us to store for future purchases (where this feature is available).
- Customer service
We will process your data for as long as necessary to fulfill your request.
We will process your data until you delete or cancel your subscription to the Newsletter. Likewise, we will show you personalized ads until you change the settings of your device, browser and/or cookies to revoke your permission to do so.
If you participate in promotions, we will retain your data for a period of 6 months from the end of the activity.
- Usability and quality analysis
We will process your data occasionally during an action or a specific quality survey or until we anonymize your browsing data.
Regardless of how we process your data during the period of time that it is absolutely necessary to achieve the respective purpose, we will then keep it properly stored and protected for the period during which liability may arise from its processing, in accordance with the current legislation. Once the limitation period for any claim has expired, we will proceed to delete the personal data.
7) WHO ARE THE RECIPIENTS OF PERSONAL DATA
Mediterraneo, respecting the privacy of its website visitors/users, does not share/transmit their personal data to third parties. The employees of Mediterraneo’s business and functional units have access to your personal data, in the context of the proper execution and fulfillment of their contractual, legal and regulatory obligations and under a regime of absolute secrecy and confidentiality.
Subsequently, Mediterraneo may transfer/disclose to third legal entities (domestic and foreign, but generally within the EU), to whom it has partially or fully delegated the execution of the processing of your personal data (Processors), for specific purposes, such as for example the provision of bulk email services, in the context of the best possible service for you. Mediterraneo legally ensures the processing of your personal data by partners – third-party companies with contractual clauses limiting the purpose of the processing and providing sufficient guarantees for the application of the appropriate technical and organizational measures, in accordance with the corresponding provisions of the GDPR, with the aim of ensuring the correct and secure processing of your personal data.
8) INTERNATIONAL TRANSFER OF PERSONAL DATA
Mediterraneo does not directly transmit your personal data to third (non-EU) countries or international organizations, unless the transmission is required by the applicable regulatory or legislative framework, or you have been informed about it and have expressly consented in advance to this transmission (in as many cases as this is required).
9) YOUR RIGHTS
In any case, you have control over the processing of your personal data. In particular, in accordance with the provisions of the GDPR, as a subject of personal data processing, you retain the following rights:
- Right to transparent information, announcement and arrangements for the exercise of your rights (art. 12, 13, 14 GDPR), concerning your right to be informed about how your personal data is used (as detailed in this Update).
- Right of access to the personal data concerning you and as long as it is being processed by Mediterraneo, as Processor, its purposes, the categories of the data and the recipients or categories of recipients thereof (art. 15 GDPR). Note that Mediterraneo will provide a copy of the personal data upon your request but reserves the right to charge a reasonable cost for any additional copies.
- Right to correct inaccurate data as well as complete incomplete data (art. 16 GDPR).
- Right to delete your personal data (“right to be forgotten”), subject to the obligations and legal rights of Mediterraneo for their retention based on the applicable legislative and regulatory provisions (art. 17 GDPR).
- Right to limit the processing of your personal data if, either the accuracy of the same is disputed, or the processing is illegal, or the purpose of the processing has been eliminated and provided that there is no legal reason for their retention (art. 18 GDPR).
- Right to portability of your personal data to another data controller, provided that the processing is based on your consent and is carried out by automated means. The satisfaction of this right is subject to the legal rights and obligations of Mediterraneo to retain the data and fulfill its duty in the public interest (art. 20 GDPR).
- Right to object for reasons related to your particular situation in the event that your personal data is processed for the fulfillment of a task performed in the public interest or in the exercise of public authority delegated to Mediterraneo or for the purposes of the legitimate interests pursued the company or a third party.
- Right to withdraw your already given consent (art. 7 GDPR), which concerns the possibility to withdraw your consent at any time, for processing based on consent. The lawfulness of the processing of your data is not affected by the withdrawal of consent until the point at which you requested the withdrawal.
10) HOW TO EXERCISE YOUR RIGHTS AND SUBMIT A COMPLAINT
Any request regarding your personal data and the exercise of your rights must be addressed in writing to Mediterraneo (at the address 83 Akadimias Street, Rethymnon, 74100 Crete) or sent to the email address [email protected].
Mediterraneo reserves the right, after studying your relevant request, to proceed within a reasonable period of time of thirty (30) days or more, in case of justified delay, to its satisfaction and provided that it is legal and valid. Before we provide you with personal data, we may ask you for proof of your identity through a relevant legal document and sufficient information about your transactions with us in order to trace your personal data.
Mediterraneo’s refusal or unjustified delay in satisfying your requests in the exercise of your rights entitles you to appeal to the Personal Data Protection Authority as the substantive supervisory authority for the application of GDPR.
In any case, you reserve the right to file a complaint with the competent supervisory authority, if you consider that the processing of your personal data is in violation of the applicable legislation. For more information you can visit the website www.dpa.gr.
If you decide to unsubscribe from a certain service or communication, we will make every effort to delete your data as soon as possible, although it may take some time and/or information before we can process your request. Mediterraneo reserves its right to retain your personal data in cases where there is a legal obligation or exercise of claims or fulfillment of its contractual obligations.
11) TECHNICAL AND ORGANIZATIONAL MEASURES
Mediterraneo, with a view to the security and protection of your personal data, takes appropriate measures to take adequate and necessary technical and organizational measures to safeguard both technological and physical security in accordance with art. 32 GDPR (indicative: encryption and regular testing, limited access, special codes for authorized persons to access its databases, etc.) and adheres to the principles of processing according to the letter of the GDPR, i.e. the principle of legality, objectivity and transparency, the principle of purpose limitation, the principle of data minimization, the principle of accuracy, the principle of limitation of the storage period and the principle of integrity and confidentiality (art. 5 GDPR).
With care to safeguard your privacy, we apply the best practices to safeguard your personal data, through the implementation of the necessary technical and organizational measures defined by the GDPR. Data is secured against loss of availability, integrity and confidentiality of information.
Finally, Mediterraneo implements the secure communication protocol SSL (Secure Sockets Layer) with strong encryption, through which the privacy and inviolability of transactions and personal data of users is ensured.
Mediterraneo informs you that it is in continuous harmonization and compliance with the terms of the General Regulation (EU) 2016/679 for the protection of natural persons against the processing of personal data and for the free movement of data and constantly makes every effort to compliance with it.
12) MEDITERRANEO’S SPECIAL STATEMENTS
- It declares that it is not responsible for any damage (direct, indirect, positive, collateral) that may be caused to the visitor of the website or its use. The visitor is solely responsible for protecting his system from viruses and malware in general.
- It declares that it does not make decisions or carry out profiling, based on automated processing of your data.
- We inform you that Mediterraneo uses “cookies” on its website in order to improve your online experience. For details about cookies, you can consult the corresponding Cookies Policy, for which you press here.
- The user/visitor of the website, by reading this, becomes aware of the above processing which is in accordance with Regulation 2016/679 and its reasons, exclusively for the purposes mentioned above and for purposes compatible with them.
- Links to other websites: Our website may contain links to foreign websites. We are not responsible for the privacy practices or content of other websites. Consequently, we recommend that you carefully read the privacy statements posted on the website of the respective foreign website.
13) USEFUL CONTACT DETAILS:
- Details of Processor:
Address: 83 Akadimias, Rethymnon, 74100 Crete
Phone: +30 28310 21440
Email: info @ mediterraneo . gr
- Details of the Personal Data Protection Authority (competent national Supervisory Authority):
Offices: Kifisias Avenue 1 – 3, 115 23, Athens
Telephone Center: +30 2106475600
Fax : +30 2106475628
POLICY NOTICE REGARDING COOKIES
1) INTRODUCTORY REMARKS
2) DEFINITION OF COOKIES
Cookies are small information files, which are placed by the browser of the visitor/user of the website (browser) on the computer or mobile device. The function of cookies is to allow a web server to transfer data to a computer or mobile device for record keeping or other purposes. The information stored on the computer of the user/visitor of the website may contain information such as the pages visited by the respective user, the time point of the visit, as well as a certain random and unique identification number of the user. Cookies help a website offer a more user-friendly and unified browsing experience.
3) WHAT TYPES OF COOKIES WE USE
In detail, four (4) cookies (_ ga , _ gat , _ gid , & collect ) related to Google cookies are included Analytics , a web analysis service of Google , Inc. (” Google “) and which register a unique ID (control of how any pseudonymization or anonymization within Google is handled Tags Manager – GTM ) for statistical purposes, regarding the way the website is used by the user and the user’s behavior as well as user identification through multiple devices. The lifetime of the above cookies is two (2) years for _ ga cookie, one (1) day for _ gat & _ gid cookies and session time (session time) for collect cookies.
In addition, we use marketing cookies, i.e. cookies that are used to provide content that is more relevant to you and your interests. These cookies may be used to send targeted advertising, limit ad impressions or measure the effectiveness of a certain advertising campaign. They may also be used to remember the websites you have visited so that we can determine which online marketing channels are most effective and allow us to reward external websites and partners who referred you to us.
4) HOW TO CONTROL COOKIES
5) YOUR RIGHTS