Anassa Protection Policy

SECURITY AND PERSONAL DATA PROTECTION POLICY

ANASSA HELLENIC ORGANICS PC (hereinafter referred to as the “Company”) attaches great importance to the lawful processing, security and protection of your personal data, in whatever capacity you communicate or cooperate with us, such as prospective or active customers, consumers, website visitors, employees, suppliers, individuals, business customers, or affiliated third parties.

This Privacy Policy explains the way the Company collects and processes your personal data, in compliance with the General Data Protection Regulation (GDPR – Regulation 2016/679), the relevant national law n.4624/2019, other applicable national laws and the decisions of the Hellenic Data Protection Authority (HDPA).

Please read carefully the terms of the Company’s Security and Personal Data Protection Policy. By using our website and providing your consent when required by law, you expressly accept the practices described herein. The terms of this Policy constitute the contractual relationship between us hereinafter and are by default incorporated into the terms of use of each of our services.

1. What is personal data

Personal data is any information on paper or electronic medium, which can lead, either directly or in combination with other pieces of information, to the unique identification of a natural person.

2. Legal grounds for processing

• Consent
• We may process personal data without consent, for the purposes of the legitimate interests pursued by the Company.
• Performance of contractual obligation towards the data subject.

3. Which personal data we collect

For example, we collect, process and protect your personal data, in accordance with the law, when you contact us and/or purchase goods or services from us directly and/or by phone and/or online, when you call us to request information or in order to receive services, such as informational, e-governance and/or mobile marketing services and during any other activity of the Company.

Special categories of data
In principle, we don’t collect special categories of data, namely data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and we don’t process genetic or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation, unless you have provided us your explicit consent in this regard or if this required to establish, exercise or defend against legal claims.

4. Lawful processing of personal data

The Company will use your information for the following lawful purposes:

• In order to allow you to create an account with our online store.
• To manage your calls and provide information regarding your requests, purchases and orders.
• In order to respond to enquiries and requests regarding our goods/ services, to provide information and updates, respond to your suggestions and comments on improving our website.
• In order to inform you about the results of surveys and competitions you may have participated in.
• In order to analyse website traffic and improve your user-experience.
• In order to provide you information about goods, services, special offers and promotions.
• For internal purposes, such as internal management processes, fraud prevention, administrative processes, pricing, invoicing, accounting, billing and internal controls.
• In order to send you newsletters and/or serve targeted ads.
• Calls may be recorded for quality/ staff training purposes.

You have the right to change your preferences at any time and/or withdraw your consent by sending an email at Privacy@anassaorganics.com or by clicking the unsubscribe button at the bottom of emails sent to you by the Company.

5. Principles regarding the collection and processing of personal data

The Company and its trained personnel apply the following GDPR Processing Principles:

1) Lawfulness, fairness and transparency. According to this principle, personal data are being processed lawfully and fairly, in a transparent manner.

2) Purpose limitation. According to this principle, personal data are being collected and processed for specific, clearly identified and lawful purposes.

3) Data minimization. According to this principle, the personal data must adequate, necessary and sufficient to properly fulfil the Company’s stated purposes.

4) Accuracy. According to this principle, personal data held by the Company must be accurate and up-to-date. Inaccurate data shall be corrected or deleted.

5) Confidentiality and Integrity. According to this principle, processing is conducted in a way which protects personal data from unlawful processing, loss, destruction or alteration.

6) Storage time limitation. According to this principle, the Company holds personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

7) Accountability of the controller. According to this principle, the controller (Company) is responsible for complying with the Regulation and bears the burden of proof before judicial and supervisory authorities.

6. Ways of collecting personal data

• When you create an online account with us.
• When you contact the Company by completing an online contact form, via our call centre (calls may be recorded), by email or in any other way and for any reason, such as to submit comments, enquire about our services etc.
• When you provide personal information for invoicing purposes.
• When you purchase our products and you provide us your address and contact details for the delivery of your order.
• When you purchase goods/ services from us and the Company needs to verify your age in order to confirm whether you are legally allowed to have a contractual relationship with us, without your parents’/guardians’ consent or signature.
• When you subscribe to mailing lists, in order to receive newsletters and other marketing materials, by mail or electronically, or when you participate in questionnaires and surveys.
• Through cookies, when you are browsing our website (Please read our Cookie Policy)
• When we receive documents, requests, orders etc. containing personal data.

7. Data subjects’ rights

The Company protects and safeguards the following rights regarding the use of Personal Data, in accordance with the Regulation 2016/679.

• Right to be informed
You have the right to know which personal data we are processing and for which purpose.

• Right of access
You have the right to access your personal data for free.

• Right to rectification
You have the right to ask the rectification of inaccurate and incomplete personal data.

• Right to erasure
You have the right to have personal data erased, unless the processing is required by law.

• Right to restrict processing
You have the right to request the restriction of the processing of your personal data if there are concerns regarding their accuracy and in accordance with the Regulation.

• Right to data portability
You have the right to request the transfer of your personal data to another controller.

• Right to object
You have the right to object to the processing of your personal data, under the conditions set by the Regulation.

• Rights related to automated decision-making including profiling
You have the right to object to decisions made about you, if these decisions are based solely on automated means, including profiling, with legal or similarly significant effects.

In order to exercise your rights, you can contact us at Privacy@anassaorganics.com

The Company will respond to your request within thirty (30) days of receipt of the request.

Minimization, storage and deletion of your data
The Company will always ask you for the minimum personal data required by law when you connect to our online platforms and services, when you purchase our goods and services, when you communicate with other users on online forums/ social media, or when you take part in competitions and promotions.

Our Company retains your personal data only for as long as required by the contractual terms of each service, in accordance with the applicable law and the processing purposes. After that, the data will be anonymised or destroyed.

You can always reach out to us if you have any questions about which data we collect and process and request their rectification or deletion, unless their retention is necessary for tax, evidential or judicial purposes or the prosecution of unlawful acts.

8. Cookie Policy

This website uses cookies, in accordance with the European Directive E-Privacy 2009/136/CE (which is to be replaced by the ePrivacy Regulation) and the relevant national laws.

“Cookies” are text files with small pieces of data stored by a website on the user’s device (computer/ phone). The purpose is to make the website operational and allow it to remember your preferences for a certain period of time.

What kinds of “cookies” we use:
• Strictly necessary cookies (please see below)

• Functional “cookies” (please see the table below)

COOKIE NAME DURATION PURPOSE
woocommerce_cart_hash session Helps WooCommerce determine when cart contents/data changes.
woocommerce_items_in_cart session Helps WooCommerce determine when cart contents/data changes.
wp_woocommerce_session_ 2 days Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.
woocommerce_recently_viewed session Powers the Recent Viewed Products widget.
store_notice[notice id] session Allows customers to dismiss the Store Notice.

Session cookies are deleted at the end of the browser session. No personal information is stored within these cookies.

• Google Analytics Cookies
• Advertising cookies

This website complies with the following principles:

1. The use of cookies is not allowed, unless the Company has obtained the data subject’s informed consent.

2. When you visit our website, you will be prompted to accept or refuse cookies. The Company will store your preferences, so you won’t be asked again.

3. Cookie consent is never assumed, through pre-selected fields. Data subjects are always requested to confirm they agree with the use of cookies, with the exception of cookies that are strictly necessary.

4. Cookie consent can be provided and withdrawn in the same, easy way.

5. Cookie consent is not necessary for strictly necessary cookies. Cookies exempt from consent requirements: cookie related to online order forms, security cookies, flash player, load balancing cookies, social media plug-ins for registered users only.

6. Consent is necessary for:
– Functional cookies, which are used to improve user-experience. Rejection of functional cookies might have a negative impact on the website’s overall user experience.
– Advertising cookies (Consent will be provided either to the Company or to a third party which collaborates with the Company.)

7. The Company will not transfer personal data to social media and search engines, without the user’s consent. While browsing our website, you can consent to the processing of your personal data by social media or search engines. In this case, the Company has no involvement, influence or control and the aforementioned third parties are exclusively responsible for any processing of personal data which may occur within or outside the EEA (27 EU member states, Iceland, Liechtenstein, Norway).

If you don’t agree with the processing of personal data by third parties such as Google, Facebook, Twitter etc. while you browse the website of the Company, you can object to such processing, according to the Policy published on the website of said third party.

8. You can always change your browser settings and choose to disable all cookies. Otherwise, you will be prompted to accept or reject each cookie separately. In this case, your user experience might be affected.

The Cookie Policy of the Company can be found here.

If you have any questions or complaints in relation to this Cookie Policy, you may contact us at Privacy@anassaorganics.com or call us at +30 210 6923111.

9. Transmission of your data to third parties

As a rule, our Company does not transfer your personal data to third parties unless we act as intermediaries and to the extent required in order to deliver your orders.

Such third parties may be banks and/or other financial bodies, suppliers, advertising and marketing companies, if you have explicitly consented to receiving updates from the Company on any offers. Third parties may also be telecommunication companies, TV stations, cloud providers, professional associations, audiovisual content providers, shipping companies, airlines, travel agencies, booking systems and other global distribution systems.

Our Company chooses trusted providers and strives to put in place contractual restrictions on third parties that receive your personal data, in order to ensure that they use them in accordance with this Policy and the applicable European and international data protection laws. However, we cannot guarantee that third parties will not use or disclose this data without your permission. Please read carefully the privacy policies of third parties/suppliers, before buying their products or services through our website.

In order to process your data, we may need to transfer your information to other countries, mainly within the European Economic Area (EEA) but also outside the EEA in exceptional cases, relying on EU adequacy decisions, corporate binding rules, standard contractual obligations and approved codes of conduct.

10. Security of personal data

We take the appropriate technical and organizational measures to ensure that your personal information is transferred, stored and processed, in accordance with appropriate security standards and procedures, the terms of this Policy and applicable data protection laws.

Our personnel have been trained to recognise the importance of protecting privacy rights and protect personal information. To this end, we have appropriate security policies in place and we use appropriate technical and operational tools, such as anonymisation, pseudonymisation, data encryption, firewalls, access levels, authorised employees, staff training programs, periodic audits, compliance with international standards and business continuity. We also have a Data Protection Officer (please see paragraph 14 of this Policy).

Any affiliate of ours who may have access to personal information, uses it solely for the purposes outlined above. We share the information you give us exclusively in the ways described in this Policy and with your consent, which you may freely withdraw by contacting us.

11. Targeted Marketing

We may use your personal data and other pieces of information we have collected, with the human intervention of our marketing department, in order to display ads which are relevant to your preferences. The ads will be displayed either on our website or the website of a third-party.

However, we do not use automated tools to track and evaluate your consumer profile and your preferences in order to serve ads or send you personalised offers. In addition, we do not share your personal information with third parties who want to display advertisements to you, unless you have provided your explicit consent.

If you would like us to stop sending you newsletters and offers, please contact us at Privacy@anassaorganics.com

12. Links to third-party websites
Our website may contain links that lead to third-party websites, such as shipping or payment service providers. These parties are independent and their websites are operated and maintained independently by them. The Company has no responsibility for the content, actions or policies of these websites. Please read carefully the respective data protection policies of the different websites you visit, as they may differ significantly from ours.

13. Unsolicited commercial communication

The Company does not allow the transmission of bulk or spam commercial emails. In addition, we do not allow the sending of messages to and from our customers that use or contain invalid or fake headers, invalid or inaccurate domain names, techniques that conceal the origin of each message, false or misleading information or which otherwise violate the terms of use of our website.

We do not allow the collection of emails or general information of our customers through our website or our services, in any way. We do not allow or authorize any attempt to use our services in a way that could harm, render unavailable, overburden any part of our services or which could prevent anyone wishing to use our Services from doing so.

If we identify any unauthorized or inappropriate use of our services or website, we may, without notice and at our sole discretion, take appropriate measures and block messages from a particular domain, a specific email server or IP address. We have the ability to delete immediately any account that makes use of our services, if we believe that this account transmits or is associated with the transmission of messages, in violation of this Policy.

14. Contact for questions or comments.

If you have any questions or comments about this Policy or if you believe that we have not followed the principles outlined above, please email us at Privacy@anassaorganics.com or send us a letter at the following address: Alexandroupoleos 6, Metamorfosi, 14451.

The contact details of the Data Protection Officer of our Company are:
Chrysoula Sotiriou, email address: csotiriou@anassaorganics.com, phone number (+30)2106923111.

If you have questions on this Privacy Policy and/or the way our Company complies with this Privacy Policy and the company has not provided an adequate response or has not responded to your request within 30 days, you may contact the Hellenic Data Protection Authority (HDPA): contact@dpa.gr, Kifisias Avenue 1-3, 11523 Athens, contact number (+30) 210 6475600.

15. Enforcement period of the Security and Protection of Personal Date Policy

This Policy was published by the Company on 20 /01 /2021 and is subject to periodic improvement and revision.

Any changes to this Policy will apply to the information we hold, as well as to the information we collect, after publishing the revised edition. Using our website following the revision of our Policy implies that you accept any changes that have been made.