INFORMATION POLICY ON THE PROCESSING OF PERSONAL DATA BY THE WEBSITE
INTRODUCTION
The website www.ladja.gr (hereinafter the “Website”) is developed and operated by the company “LADJA L.P.” under the trade name “Ladja” (hereinafter referred to as the “Company” or, “we”, “us”, “our”) and hosts the online store for the display and sale of ladja.gr products.
Our Company values the privacy of all individuals and is committed to safeguarding the confidentiality and security of personal data processed while you browse or use the services available on the Website.
In this context, we implement appropriate measures, including, but not limited to, timely and accurate communication to users and visitors of the Website (regardless of gender or number hereinafter referred to as “Users”, “Visitors”, “you”, or “your”) and provide necessary information on the processing of their personal data. To achieve this, we have adopted and implemented this Privacy Policy (hereinafter referred to as “Policy”), to provide you with all necessary information about your data collected and processed by us, where applicable.
This Policy, together with the relevant legal and regulatory framework governing personal data protection, including but not limited to the General Data Protection Regulation (EU) 2016/679 (GDPR), the EU Directives and Regulations, the decisions, guidelines, directives, recommendations and regulatory acts of the Data Protection Authority (DPA) and European supervisory authorities and bodies, Greek Law No. 4624/2019 and Greek Law No. 3471/2006, as amended (hereinafter “Legislation”), applies to all Users’ interactions with the Website irrespective of the type or duration of the interaction.
DATA CONTROLLER AND CONCEPT OF PROCESSING
The Data Controller responsible for processing your personal datais the Limited Partnership “LADJA L.P.” under the trade name “Ladja” incorporated and registered in Greece, with its headquarters at Halandri, Attica, at 21 Aristotelous Street, with TIN 802090348, General Commercial Registration number 169739701000 and e-mail address [email protected] (hereinafter referred to as “Data Controller”, “Ladja”, “we”, “us”).
Processing refers to any action involving collection, registration, organization, structuring, storage, alteration, retrieval, information search, use, transmission, restriction or deletion of data that has been or will be brought to the attention of the Controller as defined by the Legislation.
With complete transparency in how we collect, use, and store your data, we encourage you to read this Policy carefully and understand the following information.
THE DATA WE COLLECT, BY WHICH MEANS, AND FOR WHAT PURPOSE
The processing of your personal data is considered and carried out in accordance with the fundamental principles of law (Art.5 GDPR). Hence, we make efforts to ensure lawful, objective, and transparent processing of only relevant and necessary data, and for specified and explicit purposes. We are committed to maintaining up-to-date data, ensuring accurate recording, and secure storage for the necessary duration, in accordance with the purpose of the processing. This is carried out in compliance with a method that guarantees the data is consistently updated and securely stored for the required period.
The personal data we collect and process is limited to what is strictly necessary for the operation of the Website, the services offered through it, and generally for fulfilling the purposes of processing and as required to comply with legal or regulatory requirements, resolve disputes, prevent fraud and abuse and fulfill our legal obligations arising from tax law, consumer protection law, the legal framework of distance selling, etc.
The collection and processing of your data includes the following, depending on the activity to which it relates:
| CATEGORIES/TYPE OF PERSONAL DATA | PURPOSE OF PROCESSING | LEGAL BASIS FOR PROCESSING | |
| 1. Execution of orders via the e-shop | |||
| Your name and surname for natural persons and (for sole proprietorships) your name, TIN, tax office and activity, your full address (street, number, postal code, city) for invoicing and/or delivery, your landline and mobile telephone number, your e-mail address. | The execution and servicing of the orders you submit, after-sales support, communication with you in the context of the management and completion of your order, the issue of legal tax documents, our compliance with our legal obligations | a. This processing is based on the performance of a contract of sale of the goods you purchase from us and the fulfilment of our contractual obligations in this context or the taking of pre-contractual measures at the request of the User (Article 6 (1) (b) GDPR), b. The processing is necessary for our Company to comply with legal obligations (Article 6 (1) (c) GDPR) | |
| 2. Create a member account / User registration | |||
| Your first name, last name, and e-mail address to create a membership account | The creation and management of an account, including the identification of the User and the relevant information related to the management of the account (e.g., confirmation of registration, password reminder), as well as updates on the progress of orders, and the management of products for which the User expresses interest (e.g., adding products to the wishlist), but no order is submitted (either product out of stock or products that the User does not want to buy directly). | a. This processing is based on the performance of a contract of sale of the goods you purchase from us and the fulfilment of our contractual obligations in this context or the taking of pre-contractual measures at the request of the User (Article 6 (1) (b) GDPR), b. The processing is necessary for our Company to comply with legal obligations (Article 6 (1) (c) GDPR) | |
| 3. Subscribe to the newsletter, updates and offers | |||
| Your e-mail address (e-mail) | Your subscription to the newsletter service, the sending of updates and/or offers and/or promotions, and the management of this subscription | The processing is based on your explicit consent to the processing of your personal data for the specific purpose (Article 6 (1) (a) GDPR) | |
| 4. Contact by email or contact form | |||
| Your first name, last name, e-mail address, and any other information you provide us with in the relevant “subject” and “message” fields (free text) | Facilitating User service, communicating with us, submitting queries, resolving issues, evaluating complaints and requests | a. This processing is based on the performance of a contract of sale of the goods you purchase from us and the fulfilment of our contractual obligations in this context or the taking of pre-contractual measures at the request of the User (Article 6 (1) (b) GDPR), b. The processing is necessary for our Company to comply with legal obligations (Article 6 (1) (c) GDPR) c. The processing is necessary for our legitimate interests in the context of improving the quality of service, evaluating products and services, and maintaining satisfied customers | |
| 5. Product and service evaluation / Customer satisfaction surveys: | |||
| Your first name, last name, e-mail address, telephone number, transaction code, or other order identifiers and the information contained in and relating to the evaluation, | Providing an opinion on ordering and customer service, as well as evaluating our services and products, expressing this opinion, managing sales, improving the quality of products and services, maintaining the customer base | The processing is necessary for our legitimate interests in the context of evaluating our products and services, improving the quality of service, and maintaining a high level of customer satisfaction. | |
| 6. User navigation when accessing the Website | |||
| The Internet Protocol (IP) address, date and time of access, time zone, operating system and its version, browser, and its version, as well as the name of the User’s device | Ensuring the stability of the connection between the User and the Website, preventing and avoiding malicious activities, ensuring the smooth and proper functioning of the Website, providing the services offered on the Website, improving the User’s experience | The processing is necessary for our legitimate interests in the context of providing a secure Website and e-shop and generally providing reliable and stable services to Users. | |
NECESSITY AND CONSEQUENCES OF NOT PROVIDING DATA
The personal data collected and processed are necessary for the fulfilment and operation of the business relationship between us, the fulfilment of our contractual obligations towards you, and the fulfilment of the Company’s legal obligations, as derived from the applicable legal framework. Accordingly, any failure to provide them would result in our default and make it impossible for us to enter into any sales contract or provide any other services, as the case may be.
DATA RETENTION PERIOD
The Company undertakes to keep the data you have provided us with during your registration on the Website and/or when placing an order and your transaction history with the online store in absolute confidentiality. Your personal data are retained for the necessary period in the case of processing and until the fulfillment of the respective purpose, subject to provisions of the respective applicable legislation that require or allow retention for a further or shorter period.
In determining the periods, we consider criteria such as the nature of the processing and the data, the legal basis and purpose of the processing or any legal obligations requiring retention for a certain period, as well as the rational management of our records and contacts. In addition, we retain your personal data where necessary to assert or defend against legal claims until the end of the relevant retention period or until the final settlement of such claims.
In particular, the data you have entered to create an Account will be retained for the entire period that your account is active and for five (5) years from the date of termination of your registration, for whatever reason. Also, for five (5) years, we retain personal data collected during the pre-contractual stage or in the case of an order that was not achieved.
The data collected in the context of an order, will be kept for a period of five (5) years, which may be extended up to twenty (20) years or beyond when required or permitted by law. This extension may occur in cases such as an audit (or indication of an audit) by the competent authorities for tax purposes, at the request of a public authority or government body, in the event of legal claims and to defend the interests of our Company or in response to your exercise of data rights.
In addition, the data and personal information of Users who make contact in any way (by filling in a form or sending an e-mail) for any reason will be kept until the completion of the service or the processing of the specific request or complaint.
Finally, the data of Users who have subscribed to receive our newsletters and promotional information from the Company, is retained for as long as they remain on newsletter recipients list. If the User withdraws consent to receive the newsletters or objects to the processing, their email will be deleted from the list of recipients, and the receipt of newsletters will cease. In any case, after the relevant period or in as many instances as requested and achievable, your data will be deleted in a secure and non-recoverable manner.
RECIPIENTS OF YOUR DATA
Access to your data is restricted to authorized individuals involved in its processing in compliance with legal obligations and subject to stringent confidentiality measures. In addition, to facilitate the aforementioned processing objectives, the Company may disclose or transmit the data provided by you to affiliated entities to third-party service providers or partners entrusted with the execution of specific tasks (“processors”). Contractual clauses and adequate safeguards govern the processing of data to implement appropriate technical and organizational measures as required by Legislation. Such entities encompass but are not confined to, technology service providers responsible for safeguarding the security of our electronic systems, advertising firms, and entities collaborating with us to administer corporate and customer reward programs, as well as those conducting customer satisfaction surveys in conjunction with the Company to ensure the seamless operation of the Website.
In particular, to implement and execute the respective sales contract through our online store, your necessary data are transmitted to affiliated companies to which the execution of part of the contract has been entrusted, such as logistics, transport, order management, etc.
Recipients of the data are, among others, the following:
Metrilo, the platform for the processing, storage and management of cookies and registrations on the Website where your data will be stored.
External business advisors (such as external lawyers and auditors).
External entities relating to marketing and advertising activities.
Woo Commerce, where your data will be stored in WordPress upon registration.
Stripe and EpsilonNet, for the payment processes, the issue of tax documents, and information listed above.
A detailed list of those processing on behalf of our Company is available on request.
Recipients of your data may include competent government or judicial authorities, as well as other entities, when necessary for our compliance, to prevent unlawful use of the Website or violation of the Terms of Use, or to protect us against third-party claims, to document, exercise, defend or respond to legal claims, or when illegal activity is detected (including compliance with the Terms of Use and the Policy) or if such transfer is deemed necessary for (e.g., physical injury).
Furthermore, we may transfer your personal data to a subsidiary or a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any part of the Company’s business, assets or stock, including, but not limited to, in connection with any bankruptcy or similar proceeding, provided that any such entity to which we transfer your personal data will not be permitted to process your personal data in a manner different from that described in this Privacy Policy without notifying you and, if required by applicable law, obtaining your consent.
Finally, please note that we do not transfer your data to third (non-EU) countries or international organizations that do not provide adequate safeguards with regard to the protection of personal data in accordance with Art. 45 GDPR, unless the applicable legal framework requires the transfer or you have been informed and expressly consented in advance and expressly to such transfer, where needed.
USER RIGHTS
The User retains the rights provided by the Legislation for the subject of data processing, and in particular, the right of access to your data, the right to rectification, erasure (right to be forgotten), and portability, the right to restriction of and object to the processing, the right not be subject to a decision based solely on automated processing, and the right to withdraw the consent already given at any time and for those cases where the processing is based on consent.
The satisfaction of the above rights is subject to the reservations and limitations of the Legislation. The withdrawal of consent does not affect the lawfulness of the processing based on it prior to its withdrawal. In particular, for sending newsletters and information bulletins, and Users have the right to request the termination of newsletters or receive updates of promotional and marketing actions. However, it is indicated that sending emails whose content is related to the servicing of the sales contract is not affected by the above withdrawal of consent. Specifically, these messages are sent to fulfill the Company’s contractual and legal obligations, as these derive from consumer protection law, and Users will continue to receive them as part of the necessary information required by the applicable legal framework.
To exercise your rights, you may send us an e-mail (to the email [email protected]) or a postal letter to our headquarters address.
In the event of a request to exercise your rights we will make every effort to respond within a reasonable period of one (1) month after review and evaluation,. This period may be extended for a further two (2) months if necessary and justified by the circumstances (e.g., the complexity of the request). In any case, the reasons for the delay will be given in writing to the subject.
In addition, and to ensure the confidentiality and integrity of your data and information, when you exercise any of the rights, you will be asked to verify your identity employing a valid legal identification document (e.g., identity card, etc.). In this way, we protect the data subject and ensure the authenticity of the request in question.
If you believe that your rights are being infringed in any way, you may submit a complaint to the competent Supervisory Authority (Data Protection Authority, Kifissia ave. 1 – 3, P.C. 115 23, Athens, +30 2106475600, [email protected]).
DATA SECURITY
We take all necessary technical and organizational measures, adapted to each case, to protect your personal data from possible loss, destruction or unauthorized access or alteration by third parties.
In this effort, we have considered the latest developments in the field of data security, the cost of implementing the measures, as well as the nature, scope, context, and purposes of the processing of your data per the Law (Art. 32 GDPR).
We apply encryption and pseudonymisation measures, measures to ensure the confidentiality, integrity, availability, and reliability of the processing systems and services continuously, access control policy, ensuring that only authorized users can access the data, conducting regular security checks. We also regularly train our staff on best security practices and the protection of personal data.
FINAL PROVISIONS
This Privacy Policy may be updated at any time and without prior notice to ensure compliance with the requirements of the Legislation. Any updates will be communicated by publishing the revised Policy on the Website. In the event of significant changes, Users who have provided their email addresses may be notified by email.. Users are encouraged to review the Policy to stay informed about the latest version, which is one published on the Website.
This Policy and any amendments to it are governed by and construed in accordance with laws of Greece. Any disputes arising from or relating to the Policy shall be submitted to the courts of Athens.
If any provision of the Policy is found to be invalid or unenforceable it will not affect the remaining terms, which will remain in full force and effect.
The Website is intended solely for adults (individual over the age of 18). Product orders are only permitted for adults. If you are under 18 years of age, please refrain from browsing the Website unless you have received permission from your parent or guardian. Our Company does not collect minors’ personal data, except with their parents’ express consent.
The company commits to not collecting sensitive personal data, as defined in the legislation. This includes information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, genetic and biometric identification, sexual life, or sexual orientation. The company takes all necessary measures to ensure that such data is not provided by users. In the event that such data is mistakenly submitted, the company will promptly delete it and refrain from further processing, except as required by law and Article 9 of GDPR.
When providing data voluntarily, such as when sending emails, users should only provide information necessary for their specific request for assistance. Providing data about a third party is not allowed unless the user has obtained explicit written consent from the individual to whom the data belongs.
Date of publication and validity: 03/10/2024