PERSONAL DATA PROTECTION POLICY
Introduction
The company “MANTA SOFIA” (Sofia Manta Creations) attributes special importance to the safety and protection of its visitors/customers.
It is remarked that personal data is defined by the General Data Protection Regulation (2016/679/EU-GDPR) as any information with which a natural person (subject of data) can be identified, directly or indirectly. Such data may include, but is not limited to: the first name, the surname, the age, the home or residence address, the email address, the Tax Identification Number, the identifying information of equipment or terminal devices, the web search history, etc. Information concerning legal persons and groups of people or statistics information from which the attribution to a designated or determinable natural person is not possible, does not appertain to this category and is exempted from the field of the relative legislation.
The present Personal Data Protection Policy is absolutely compatible with the European Regulation concerning the protection of the natural person against the processing of personal data (EU/2016/679) and Greek legislation (law 4624/2019) and it aims to inform you about the information collected during your visit and processing of your transactions on our website. It is clarified that our company can modify the present policy from time to time without prior notice.
Moreover, it is important for us to update and check the accuracy of the data, which means that the visitors-customers are obliged to inform us about any change or modification. By browsing through the website and the use of its services, the visitors-customers identify that they have read, comprehended and, without any reservation, ACCEPTED the present Personal Data Protection Policy which constitutes part of the terms of use of our website.
-
Personal data we process during your visit to our website and the use of our services.
During your visit to our website you are not obliged to provide us with any personal information unless you wish to communicate with us, show your interest in purchasing products, register on our website and perhaps create an account.
As a company we process only the necessary personal data which is needed for fulfilling the aims of our transactions.
Depending on each transaction you may be asked to give the following data:
- Identity data:name, surname, country, city/town, residence address.
- Contact data:telephone number, email address.
- Payment data: data concerning debit or credit cards. It is clarified that our company has no access to its customers ’payment data as the transactions are carried out in the secure environment of Alpha Bank which is the associate bank.
Our company informs its visitors/customers that their processed personal data remain highly confidential and is not likely to be used for any other reason than the one it was originally given.
-
Cookies
Cookies are small text files that are stored in your browser during your surfing the Internet. Their aim is to notify the website being visited about the visitor’s previous activity on this website.
We use two categories of cookies:
Session cookies (temporary cookies)-They remain on your device until you leave our website.
Persistent cookies (permanent cookies)-They remain on your device for a longer period of time or until you delete them. The duration of their presence on your device depends on the life span of the specific cookie and on the settings of your browser,
The following types of text files can be found on our website:
Name: cookies.js
Aim: It defines whether the visitor has accepted the cookie consent box. This ensures that the cookie consent box will not appear again unless it is necessary.
Duration: Session.
Name: firebase:host:#.firebaseio.com
Aim: Necessary for the website’s online chat function.
Duration: Constant.
Name: wc_cart_created
Aim: Wocommerce- Necessary for the website’s online cart function.
Duration: Session.
Name :wc_cart_hash_#
Aim: Wocommerce- Necessary for the website’s online cart function so that it can remember the chosen products- This, also, allows the website to promote relevant products to the visitor, according to their cart’s content.
Duration: Session.
Name: wc _fragments_#
Aim: Wocommerce- It stores the visitor’s connection data so that they do not need to connect again in case their browser shuts down.
Duration: Session.
Name: wocommerce_items_in_cart
Aim: Wocommerce- Necessary for the website’s curt function so that it can remember the number of products in the cart.
Duration: Session.
Name: firebase: previous_ websocket_ failure
Aim: Used to detect errors on the website concerning online chat.
Duration: Constant
Name: mailchimp_ landing_ site
Aim: Used to record the page through which the user entered the website. Its functionality is given by Mailchimp.
Duration: 27 days.
Name: wp-wpml_current_language
Aim: Used to store the language in which the website is projected.
Duration: 1 day.
Name: yith_wcwl_Session_#
Aim: Used to store the visitor’s wishlist.
Duration: 29 days.
Name: _ga
Aim: Used to identify different users.
Duration: 2 years.
Name: -gid
Aim: Used to identify different users.
Duration: 24 hours.
Name: _gat
Aim: Used to restrict applications.
Duration: 1 minute.
Name: AMP_TOKEN
Aim: Contains a unique identifier that can be used so as a Client ID from the AMP Client ID can be retrieved.
Duration: from 30 seconds to 1 year.
Name: _gac_<property-id>
Aim: Contains information relevant to campaigns.
Duration: 90 days.
-
Collection of personal data through the website.
Your personal data is collected by us as follows:
- Either through our social media sites (Facebook, Instagram, Pinterest, Youtube), when there is expression of interest in the purchase of our products and/ or through simple contact with our stores.
- Either through your registration in the Newsletter service or through your participation in our company’s competitions.
- Either through online orders,
- Or, finally, with the enjoyment of your rights deriving from the present policy, the website’s terms of use or the law.
-
Aim of Data Processing.
The above processing of personal data is always done with respect to the principles of the Regulation (EU) 2016/679 and law 4624/2019.
The processing of your personal data serves the purpose of the conclusion of the contract with our company and your best browsing through our website according to your personal preferences.
-
Legal base of data processing.
Aim of performance of a contract and communication for the needs of process of the current or imminent transaction. | Article 6 paragraph 1(b) GDPR
( “Performance of a contract”) |
Aim of online communication for further promotion of commercial-marketing products. | Article 11 paragraph 1, law 347/2006
( “Consent”) |
-
Transfer of data.
Our company does not transfer your personal data to third countries out of the EU.
In order to be able to give you our services, we inform you that only the associate banks for the e-shop’s function, associate accountants and information security technicians have access to your data.
Each one of the above mentioned parties are contracted with us in writing and is bound by the abidance of our instructions and the relevant restrictions.
-
Duration of retention of your personal data.
In case you concluded a contract with our company (even if the product was returned or replaced) , your personal data will be abided throughout the duration of the contract. After the conclusion of the contract, that is after the utter payment of the cost of the products, our company is able, in principle, to retain your personal data given for the purchase of the product for two years, given the limitation period for the buyer’s rights (see CC554).
If, until the two-year’s expiry, judicial actions with our company or any other associate company are in progress and concerns you directly or indirectly, the aforementioned time period of retention of your data will be extended until the final judicial decision.
If you have registered in the Newsletter service, the data you have given for the reception of the newsletter, that is your name and your email address , is retained throughout the duration of your registration. Upon unsubscribing from the above service, the data you have given is deleted immediately.
In case the law stipulates a lower or higher time period of retention of your data, the aforementioned time period will be reduced or increased accordingly.
-
Data Controller.
Our company with the business name “Manta Sofia” and the trade name “Sofia Manta Creations”, established in Nafplio, the data controller of the personal data for the function of the present website. Our shop is located in 4 Plapouta Street (Postal Code:21100).
For any questions arisen referring to the present Personal Data Protection Policy, or, if you think there are ambiguities in this policy, you can directly contact our company (see Terms of Use, “Contact us”).
-
Your rights.
According to the General Data Protection Regulation, you have the following rights:
- Right to access: It enables you to know if and to what extent your personal data is subject to any kind of processing and especially the aims of this processing, the categories of the data we process, the receptors of your data, as well as the existence of automated decision-making (article15, GDPR).
- Right to rectification: It enables you to request the rectification of your personal data, including the right to have incomplete data completed, so that your data is complete and accurate (aticle16, GDPR).
- Right to restriction: It enables you to request the restriction of the processing of your personal data under the conditions of article 18 of GDPR. However, it is pointed out that our company has the right to reject your request for restriction of processing of your personal data if the processing or retention of the data is necessary for the entitlement, exercise, or support of our legal right, or the fulfillment of our obligations.
- Right to object: It enables you to object to any further processing of your personal data we retain (article21, GDPR), unless we prove that there are imperative and legal reasons for the processing of your data or its retention is necessary for our exercising of legal claims.
- Right to erasure (“right to be forgotten”): It enables you to request the erasure of your personal data from the files we retain under the conditions of Article 17, GDPR. However, it is pointed out that our company has the right to reject your request for erasure of your personal data if the processing or retention of the data is necessary for the entitlement, exercise, or support of our legal rights, or the fulfillment of our obligations.
- Right to portability: It enables you to request the portability of your data from our company to any other data controller (article20, GDPR). It is pointed out that the right to portability does not entail the erasure of your personal data.
- Right to complain: It enables you to lodge a complaint to the Personal Data Protection Authority (dpa.gr) if you consider that your rights are infringed in any way.
To exercise your rights you can address the controller in writing or via electronic means to the “data processor”. The company, fully respecting your rights, will make any possible effort to answer your request within thirty (30) days. This time-limit can be extended for sixty (60) extra days, if necessary, taking into consideration the complexity of your request and the number of requests. Our company will, in any case, inform you about a possible extension to the time-limit for answering within thirty (30) days. Exercising your rights does not involve any money. In case, however, the visitors’/customers’ requests are manifestly unfounded, exaggerating or repeating, we have the right to either charge a reasonable fee to the visitor/customer after informing them accordingly, or refuse to respond to their request(s).
-
Data security
The data we collect under the function of our company, is only the necessary for the purpose of communication with you and especially for the proper functioning of our transactions.
The data is absolutely confidential and is retained only for the aforementioned purposes. Only our staff or any of the processors of our associates (e.g. a collaborating bank which supports pay-center services for e-shop receipts, external accounting offices) have access to the data and they are committed to maintain confidentiality.
Furthermore, we have adequate security systems and we take all the necessary and appropriate organizational and technical measures to avoid a possible violation of personal data security (leakage, disclosure, access from non-entitled people) from our systems.