Last updated: 15/04/2022
Welcome to our website https://www.marygaitani.com (hereinafter the “Website”). This Website belongs to the company “Mary Gaitani Sole Member Private Company” (hereinafter “Company” or “we”) with registered office at Apollonos 12, 10557, Athens.
We are dedicated to protecting your privacy and safeguarding your personal data. In this context, the Company is the Data Controller of your personal data as collected through the Website. We aim to ensure the protection of your personal data and for this reason, we are providing you with the following information regarding the type of personal data we collect about you, the means and purposes for which we collect them, the third parties with whom we share these data, as well as the rights you have, in compliance with Greek Law 4624/2019 and the General Data Protection Regulation (EU) 2016/679, also known as the GDPR.
Personal Data we collect
Depending on which Website features you use, we collect from you and further process the following personal data:
- When you sign up for an account
- e-mail address
- When you place an order
- Identification information, such as: first name, last name
- Contact details, such as: e-mail address, mobile and/or landline phone number
- Billing and shipping details, such as: billing address, shipping address
- Information on your orders and/or returns
- Products added to the wishlist
- When you fill in the contact form
- Identification information, such as: name, surname
- E-mail address
- Details on your question, query or request
- When you sign up for our newsletter
- E-mail address
We also collect and further process information, which is necessary for the proper functioning of the Website, including your IP address, as well as information on your device and browsing, as collected through internet trackers, such as cookies. For more information regarding the use of such technologies, please read our Cookies Policy.
Depending on which Website features you use, we will process your personal data for the following purposes:
- When you sign up for an account
When you register to our Website, we will process your personal data in order to identify you as a registered user and to verify any of your payments. When you create an account, you can use your account details to log in from any location and on any device. Legal basis for this processing is the performance of the contract with you.
- When you place an order
When you place an order through our e-shop, we will process your data in order to provide the products that you have ordered or requested, to process and ship orders, to provide customer service and to send commercial/promotional communication. Legal basis for the processing of your personal data is the performance of each agreement with you. For marketing purposes and promotional actions, we consider that we have a legitimate interest in promoting our business. We also process your personal data in order to manage our tax issues. For the accounting management we have to comply with regulatory obligations imposed by tax law.
- c) When you fill in our contact form
If you fill in and submit our contact form, we will process the information you provide us with, in order to respond to you and handle any message, request, information or query that you have communicated to us. It is in our legitimate interests to handle such a communication and properly respond to you.
- d) When you sign up for our newsletter
If you sign up for our newsletter, we will collect and further process your email address in order to send you our news. We will process such data based on your consent, as provided via the relevant subscription form. You may withdraw your consent for receiving such communications by us, by using the “Unsubscribe” link that you will find in each of our newsletters or by directly contacting us. In case you withdraw your consent, this will not affect the lawfulness of the processing carried out previously.
Apart from our authorized personnel, your data may be disclosed to our website operators, online forms providers, payment service providers, transportation companies and relevant suppliers, who provide us with services related to the purposes described above and which are bound to comply with all necessary technical and organizational measures for the protection of your personal data.
Please read our Cookies Policy for any third parties having access to your information collected through internet trackers such as cookies.
As a rule, we do not transfer your personal data to recipients established in countries outside the European Union / European Economic Area, unless the transfer is necessary for the performance of our contract with you. In any other case and where such transfers take place, our Company implements appropriate data processing agreements or terms with the recipients to ensure that the transfers of personal data are in compliance with GDPR requirements and are based on relevant adequacy decisions by the European Commission or are subject to appropriate safeguards.
Retention Period of Personal Data
Your personal data is retained for as long as this is required for the fulfillment of each processing purpose. For example, your contact form data will be kept until the communication’s request is fulfilled and your newsletter subscription data until you unsubscribe. Upon expiration of these terms, your personal data will be deleted, unless otherwise required under the applicable legal and regulatory framework or for the establishment, exercise or defense of legal claims.
We have implemented all appropriate organizational and technical measures, pursuant to the applicable legal framework and standards, in order to safeguard that processing of data is legitimate, appropriate and secured against any non-authorized or illegal access, deletion, amendment or any other use of the data.
In any case, we would like to inform you that, in accordance with the applicable legislation, you have and can exercise the following rights:
- the right, i.e. the right to be informed about whether your personal data is being processed and receive further information concerning the processing undertaken,
- the right to rectification of any inaccurate personal data or the completion thereof,
as well as and provided that the legal requirements are met,
- the right to erasure (“right to be forgotten”),
- the right to restriction of the processing,
- the right to data portability, including having your data directly transferred to another controller or receiving them in a structured, commonly used and machine-readable format (e.g. USB),
- the right to object in particular to processing operations based on our legitimate interest, such as the sending of a commercial/promotional communication
- the right to withdraw at any time the consent you have given us, without such withdrawal affecting the lawfulness of personal data processing having already taken place before its withdrawal.
You may exercise any of the above rights by submitting a request to us. You can expect a response to such a request within one (1) month following reception thereof and in any case, within two (2) additional months, if this is required due to the complexity of your request or the total number of requests received.
In case of exercising the rights to rectification, erasure and restriction of processing of your data, these requests will be forwarded to the third party recipients to whom this data may have been disclosed by us, in the scope of pursuance of the aforementioned processing purposes.
You may address any questions or requests regarding the protection of your personal data handled by the Company using the following e-mail address: firstname.lastname@example.org
Right to lodge a complaint
In case you deem that we have not sufficiently satisfied your request and the protection of your personal data is affected somehow, you may lodge a complaint through a special web portal with the Hellenic Data Protection Authority (Athens, 1-3 Kifissias Avenue, PC 115 23 | tel: +30 210 6475600). Detailed instructions for submitting a complaint are provided on the Authority’s website.