DATA PROTECTION AND PRIVACY POLICY
Changeshop acknowledges that the protection of Personal Data is a fundamental right.
In this context and in compliance with the applicable legal provisions at national and European level, our business has adopted the following Data Protection and Privacy Policy in order to safeguard, defend and protect your rights related to the personal data we may collect from you through our website http://www.changeshop.gr.
1. Collected data
Our business collects only such information which is utterly necessary and proper for its intended purpose, as analytically set forth below.
Recording data
When you visit our website, our servers automatically record typical data provided by your browser. These data may include your IP address, type and edition of your browser, the pages you prefer visiting, time and date of your visit, the time spent at each website and other details.
Device data
Data may also be collected from the device you are using in order to access our website. These data may include the type of your device, its operating system, unique device identifiers, settings and geographical location thereof. The data we collect depend on the settings of your device and software. We recommend that you check on the settings of your computer, device of software and find out which pieces of information are available to us.
Personal data
When referring to your personal data, we actually mean:
- full name
- email address
- social network accounts
- contact number
- postal address
2. Legal basis on data processing
Our business is committed to process the personal data we collect in full compliance with the applicable legislation, in a fair and transparent manner.
You are reminded that we collect and process the personal data you have chosen to disclose, based upon one or more of the following legal bases:
- if such data are necessary for concluding a contract where our business is the one contracting party and you are its counterparty (see our e-shop purchase agreement) of if required at the pre-contract phase, e.g. when we provide a service you request from us or in case you are interested in a job opening of our business;
- for the purposes of research and development, marketing, improvement and promotion of our services and protection of our legal rights and interests, provided that none of your rights is impaired;
- when you have provided your consent for a specific purpose, e.g. when you consent to receiving our newsletter;
- in case we have to process your data in order to comply with our obligations under the law.
In all cases you have provided our business with your consent for us collecting and processing your personal data for specific purposes, you are entitled to revoke your consent at any time, without, however, such revocation affecting any processing already performed.
Our business shall keep your personal data for such period of time strictly required for performing the above referenced processing purposes. Specifically, your personal data provided through your registration to our newsletter shall be kept for as long as you remain a changeshop subscriber (i.e. until you decide to deregister).
All information provided under any of the above referenced legal bases shall be kept for the time period that is necessary for processing thereof, without prejudice to further maintaining such information as long as it is required in the event that our business has to comply with any legal obligation or to protect your/a third natural person’s vital interests.
In any case and regardless of the time we may keep your collected personal data, our business undertakes to use its best endeavors to protect your personal data with proper and commercially available means, in order to avoid any possible loss and interception, as well as to prevent any non-authorized access, disclosure, reproduction, use or alteration thereof.
Thus, we would like to advise you that no method of digital transmission or storage of data can ensure absolute security and therefore, changeshop, despite our best efforts, cannot guarantee absolute security of your data.
3. Collection and use of information
Our business may collect, keep, use and further communicate any information to the extent strictly required for the following purposes:
- to allow you to customize your visiting experience in our website
- to authorize your access to and use of our website, its associated applications and social network accounts
- to contact you
- for internal filing and administration purposes
- for research & development, elaboration of business plans and development of our business, including the smooth operation and improvement of our website, its associated applications and social network accounts
- for conducting competitions, award prizes or other gifts and benefits
- for advertisement and promotion purposes, including the sending of advertising material with regard to our services or third parties’ services
- to comply with any applicable legal obligations
- to resolve any dispute or disagreement that may arise
- to enter into e-shop purchase agreements
- for the payment of the products, you have chosen from our e-shop
- to suggest your products, you may be interested in, based on the choices already made
- to accept and review job applications.
4. Transmitting personal data to third parties
For achieving the above objectives, our business may transmit your personal data to:
- third parties, if required so for providing their services, including, among others, IT services, banking, data storage & hosting, advertising, analysis, error recording, marketing & advertising, professional consulting and services related to management of payment systems or other accounting services
- our employees, partners or/and agencies contractually associated with our business
- sponsors of competitions to be conducted by our business
- judicial, regulatory or prosecution authorities, as provided for by law, with regard to current or future legal proceedings or for the purpose of justifying, exercising or defending our business’s legal rights
- third parties, including agents or subcontractors who support our business for providing information and services to you
- third parties entitled to collect and process data.
In any case, both the Processor or, in case of a subcontractor, any third party which processes personal data for performing specific processing activities on the Data Controller’s behalf, has the same obligations regarding data protection, as such obligations are stipulated herein, in full compliance with the European or Greek law, in order to provide sufficient assurances that all the appropriate technical and organizing measures have been taken so that data processing meets the GDPR (General Data Protection Regulation) requirements.
5. International transfers of personal data
The personal data we collect are stored and subjected to processing in Greece or abroad, depending on the place that we, our partners, our subsidiaries or our suppliers maintain their facilities.
By providing your personal data, you consent to have them disclosed to the aforementioned third parties overseas.
In light of the above, our business is committed to ensure that any transfer of personal data from EEA (European Economic Area) countries to non-EEA countries shall be protected by means of appropriate safeguards, such as by standardized data protection clauses approved by the European Commission or by binding corporate rules or by other legally acceptable means.
When we transfer personal data from a non-EEA country to another country, you acknowledge that third parties of other jurisdictions may not be subject to the same legislative, data protecting framework.
6. Your rights
In your capacity as “data subject”, you have the following rights:
- Right to transparent information, communication and modalities for the exercise of your rights (article 12, 13, 14, GDPR), i.e. your right to be informed on how your personal data are used (as analytically described in this Privacy Policy);
- Right for access (article 15, GDPR) to the personal data we have collected from you;
- Right to rectification (article 16, GDPR) of inaccurate personal data concerning you;
- Right to erasure (“right to be forgotten”) (article 17, GDPR) of your Subscriber-User account and any personal data concerning you;
- Right to restriction of processing your personal data (article 18, GDPR);
- Right to object (article 21, GDPR) to processing of your personal data or, in the event that your personal data are processed for direct marketing purposes, your right may be exercised in compliance with applicable legislation;
- Right to recall your consent (article 7, GDPR), i.e. your right to recall at any time your consent for your data processing. Legitimacy of your data processing shall not be affected by your consent recall up to the time you applied for such recall;
- Right to data portability;
- Right to file a complaint to the competent supervisory body, i.e. the Data Protection Authority (1-3 Kifisias Avenue, Athens, GR 11523, +30 210 6475600, This email address is being protected from spambots. You need JavaScript enabled to view it. )
Please bear in mind that the aforementioned rights may be limited by law and that we are obliged to satisfy such rights possibly only under specific conditions.
7. Transfer of business
In the event that our business or our business’s assets are transferred or if, for any reason, our business ceases its operations, any personal data kept by us under this Privacy Policy shall be included in the business’s assets to be transferred. In such case, you provide your consent that if our business or our business’s assets are transferred to a third party or parties, such third parties may keep on using your personal data under the provisions of this Privacy Policy.
8. Limitations
Our website may be connected with external websites or social networks, which are not administered by our business.
Therefore, our business bears no responsibility for the content or the Data Protection and Privacy Policies applied by third parties’ websites which our business’s website may be associated with.
9. Changes in the Privacy Policy
We may change this Privacy Policy at our discretion. Any future changes to our Privacy Policy shall be announced in this website. Therefore, you should regularly check on the Private Policy section for any possible changes.
If, however, our business proceeds to significant changes in this Privacy Policy, amending for example, the legal basis whereupon we process your personal data, then our business shall contact you in order for you to resubmit your consent to the amended privacy policy.
Data Controller
Changeshop
This email address is being protected from spambots. You need JavaScript enabled to view it.