General Data Protection Regulation (GDPR)

1.) General

ZYPHIRA, with object of sale “Linen, Underwear, Home Clothing and Sewing and Embroidery” and headquarters of Sminagou Mitraki Iraklis 25, 67100, XANTHI hereinafter referred to as “The Company”, attaches great importance to the lawful processing, security and protection of your personal data, in any capacity you communicate or cooperate with us, such as potential or active customers, consumers, website visitors, employees, suppliers, traders, individuals, consumers, passengers or cooperating third parties.

This Privacy Policy also describes how we use, share and protect your personal data, the choices you have regarding your personal data, and how you can contact us. This Privacy Policy is in accordance with the terms deriving from European Regulation 679/2016 and any other relevant applicable legislation. By using our website and signing the relevant consent statement, you unreservedly accept the practices described herein, the terms of which henceforth govern our contractual relationship and are incorporated into the terms of use of each of our services.

We respect your privacy and are committed to protecting it by complying with this privacy policy (“Policy”). This Policy describes the types of information we may collect from you or that you may provide (“Personal Information”) on ZYPHIRA.gr website (“Site” or “Service”) and any of its related products and services (collectively, “Services”), and our practices for collecting, using, retaining, protecting and disclosing such Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.

This Policy is a legally binding agreement between you (“User”, “you” or “your”) and ZYPHIRA (“ZYPHIRA”, “we”, “we” or “our”). If you enter into this agreement on behalf of a business or other legal entity, you represent that you have the authority to bind that entity to this agreement, in which case the terms “user”, “you” or “your” refer to such entity. If you do not have such authorization or if you do not agree to the terms of this agreement, you must not accept this agreement and may not access and use the Site and Services. By accessing and using the Site and Services, you acknowledge that you have read, understood and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies we do not own or control, or to individuals we do not employ or manage.

2.) What is your personal data?

Your personal data includes any information on paper or electronic means that may lead, either directly or in combination with others, to your unique identification or identification as a natural person. This category includes, as appropriate, data such as name, VAT number, social security number, physical and email addresses, landline and mobile phone numbers, callers and telephone numbers, recipients of SMS/MMS messages, your bank account details, your bank/debit/credit/prepaid card details, email addresses, your internet search history (log files, cookies, etc.), and any other information allows your unique identification in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), Law 4624/2019, the applicable Greek legislation as well as the decisions of the Personal Data Protection Authority (HDPA).

3.) Automatic information collection

When you open the Website, our servers automatically record information sent by your browser. This data may include information such as the IP address of your device, browser type and version, operating system type and version, language preferences or the web page you visited before visiting the website and services, pages of the website and services you visit, the time spent on these pages, the information you search for on the Website, access times and dates, and other statistics.

The information collected automatically is used only to identify possible cases of abuse and to generate statistical information about the use and traffic of the Site and Services. This statistical information is not otherwise aggregated in such a way as to identify any particular User of the system.

4.) Collection of personal information

You may access and use the Site and Services without telling us who you are or disclosing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the features offered on the Website, you may be asked to provide certain Personal Information (for example, your name and email address).

We receive and store any information you knowingly provide when you create an account, post content, make a purchase, or fill out any forms on the Site. When required, this information may include the following:

• Account information (such as username, unique user ID, password, etc.)
• Contact information (such as email address, phone number, etc.)
• Basic personal information (such as name, country of residence, etc.)

Some of the information we collect is directly from you through the Site and Services. However, we may also collect Personal Information about you from other sources, such as public databases and joint marketing partners.

You may choose not to provide us with your Personal Data, but then you may not be able to take advantage of some of the features of the Website. Users who are unsure of the mandatory information are welcome to contact us.

5.) Use and processing of collected information

We act as responsible data controllers and data processors against the GDPR when handling Personal Information, unless we have entered into a data processing agreement with you, in which case you will be the responsible data controller and we the data processors.

Our role may also vary depending on the specific situation involving personal information. We act in our capacity as a data controller when we ask you to submit your personal information that is necessary to ensure access to and use of the website and services. In such cases, we are data controllers because we determine the purposes and means of processing Personal Information and comply with the data controllers’ obligations set out in the GDPR.

We act as a data processor in cases where you submit Personal Information through the Site and Services. We do not own, control or make decisions regarding submitted Personal Information and such Personal Information is only processed in accordance with your instructions. In such cases, the User providing Personal Information acts as a responsible data controller against the GDPR.

6.) Lawful processing

The company will use your information for the following legitimate processing purposes (pursuant to Article 6 GDPR), as the case may be, with your explicit consent that you can freely withdraw at any time, or for the performance of a contract or pre-contractual relationship with you, or to serve our legitimate interest or to defend your vital interest, namely:

• To manage your calls to search for information in order to complete your requests, purchases and orders.
• To respond to your requests and queries regarding our products/services as well as information and response to your suggestions and comments on improving our products and services.
• To analyze our website traffic and improve your experience as well as to provide you with information about products, services, special offers and promotions.
• For our internal operations and analysis such as internal management, fraud prevention, use by management, invoicing, accounting, billing and control information systems.

The provision of Data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or be optional.

If you refuse to provide the information considered mandatory, it may, for example, make it impossible for the Company to fulfill the sales contract or provide the other services available on its Websites.

7.) What are the principles of collection and processing?

This Privacy Policy aims to inform you about the terms of collection, processing and transmission of your personal data that we may collect as Data Controllers. The company and its staff apply the ten Processing Principles of GDPR 2016/679 (lawfulness, objectivity, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability). The Company protects and safeguards your eight Rights regarding the use of your Personal Data (information, access, rectification, deletion, restriction of processing, portability, objection and non-automated decision-making based on profile, as specified in Greek law). The above apply without any discrimination and apply to all processing we carry out and to all services we provide independently.

8.) Cookies Policy

In accordance with the European Directive e-Privacy 2009/136/EC (which will be replaced by the ePrivacy Regulation) and the Instructions of the Hellenic Data Protection Authority dated 25.2.2020, our website accepts the use of “cookies”. These are online tools for collecting and analyzing information from social networking platforms or third-party partner websites in order to measure traffic, improve the operation, content and overall appearance of our website and adapt it to the needs of our customers.

When using our website, your personal data is processed by third parties, such as social networks and search engines, e.g. Google Analytics, Facebook social Plug-ins, etc., without any involvement, influence or control on the part of the Company and are transmitted either within or outside the European Economic Area (27 EU Member States plus Iceland, Liechtenstein and Norway), for which these third parties are solely responsible. If you do not want third parties, such as Google, Facebook, Twitter, to receive information from your browser, when you visit the Company’s websites, you can opt out of the terms provided by the respective Usage Policy on the website of each such third party. Although most browsers automatically accept the use of cookies, you can always change the settings on your computer, choosing not to accept cookies, or being asked to accept each of them separately. However, you should be aware that this will limit the range of browsing possibilities available to you on each website and the user experience.

Our website and services use “cookies” to help you personalize your online experience. A cookie is a text file placed on your hard drive by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Your cookies are uniquely assigned and can only be read by a web server in the domain that issued the cookie to you. If you choose to decline cookies, you may not be able to fully test the features of the Site and Services. You can learn more about cookies and how they work in this guide.

We may use cookies to collect, store, and track information for security and personalization, to operate the Site and Services, and for statistical purposes. Please note that you have the option to accept or reject cookies. Most web browsers automatically accept cookies by default, but you can modify your browser settings to reject cookies if you prefer.

9.) Transmission of your data to third parties

As a rule, our Company does not transmit your personal data to third parties, except when we act as intermediaries and to the extent that this is required to complete your order and fulfill requests regarding the services provided by us. Such third parties may be official state and supervisory bodies (e.g. prosecuting and prosecutorial authorities, cybercrime prosecution, Hellenic Data Protection Authority, EETT), when we are called upon to comply with the law and prevent unlawful actions against us and our customers (e.g. telephone fraud, insult, personality insult, etc.). The third parties may also be accounting and law firms.

In our Company we choose reliable providers and we try to place contractual restrictions on third parties who receive your personal data to ensure their lawful use. However, we cannot guarantee that they will not use or disclose this data without your permission. For this reason, we recommend that you carefully review the privacy practices of any third-party providers/suppliers whose products or services you purchase through our websites.

In order to process your data, we may need to transfer your information to other countries, including countries primarily within and exceptionally outside the European Economic Area (EEA), based on EU adequacy decisions, binding corporate rules, standard contracts and approved codes of conduct.

Access to your Data has the absolutely necessary staff of the Company, which is committed to maintaining confidentiality, and the companies cooperating with us or third party service providers, which process your Data as Processors on our behalf and in accordance with our orders.

10.) How is your Data shared?

Data Sharing by our Company

The Company shares your Data with:

• Third-party service providers who process personal data on behalf of the Company, for example (indicatively mentioned) for credit card and payment processing, transfers and deliveries, hosting, management and maintenance of our data, email distribution, research and analysis, management of promotions, as well as management of certain services and data. When we use third-party service providers, we enter into agreements that oblige them to implement appropriate technical and organizational measures to protect your personal data.
• Other third parties, to the extent necessary for the following purposes: (i) compliance at the request of an organ of the Greek State, a court decision or applicable law, (ii) prevent unlawful uses of our Sites and Apps or violations of the Terms of Use of our Sites and Apps and our policies; (iii) our own protection against third party claims; and (iv) contributing to the prevention or investigation of fraud (e.g. counterfeiting).
• other third parties to whom you yourself have given your consent.

Sharing Data from you

• When you use certain social media elements on our Sites or Apps, you may create a public profile that includes information such as username, profile picture and city. You may also share content with your friends or the general public, including information about your interaction with the Company. We encourage you to use the tools we provide to manage sharing on the Company’s social media in order to control the information you make available through the Company’s social media elements.

11.) What is the policy we apply with third party Data Processors in accordance with the above:

• We only provide the information they need to perform their specific services.
• They may use your Data only for the exact purposes we specify in our contract with them.
• We work closely with them to ensure that your privacy is respected and protected at all times.
• If we stop using their services, any of the data they hold will be deleted or made anonymous.

To improve your customer experience on our Sites and Apps, we use the following companies, which will process your Personal Data as part of their contracts with us:

Facebook

Google

Mailchimp

Instagram

ACS

In case you wish to receive more information about the disclosure of your Data to third parties, please contact us by email at info@ZYPHIRA.gr

12.) How do we ensure that Data Processors respect your Data?

The Data Processors on our behalf have agreed and are contractually bound with the Company:

• maintain confidentiality,
• not to send your Data to third parties without the Company’s permission,
• take appropriate security measures,
• comply with the legal framework for the protection of personal data and in particular Regulation 979/2016 / EU (otherwise GDPR).

13.) Security of your personal data

In any case, we take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of your data. We aim to ensure that your personal information is transferred, stored and processed in accordance with appropriate international security standards and procedures. At the Company we have trained and responsible staff, while we recognize the importance of protecting privacy and all your personal information. For this purpose, we have appropriate security policies and we use the appropriate technical and operational tools, such as anonymization, pseudonymization, data encryption, tokenisation, use of firewalls, establishment of access levels, authorized employees, staff training, periodic audits, compliance with international security and business continuity standards.

Any partner of ours who has access to the above information, uses it to serve exclusively the above purposes. We share the information you give us exclusively in the ways described in this Policy and in accordance with your explicit and specific consent per type of processing, which you can at any time and freely withdraw by contacting us.

14.)Data Transfer

The personal data we collect (or process) in the context of our Websites and Apps will be stored within the European Union. However, some of the recipients of the Data with whom the Company shares your Personal Data may be located in countries other than the one in which the initial collection of your Personal Data took place. The laws in these countries may not provide the same level of data protection as the country that originally provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, including the USA, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.

We take steps to comply with applicable legal requirements to transfer personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries enjoys adequate protection in accordance with data protection rules. These include signing the Contractual Clauses, certifying that the recipient has adopted European binding rules or adheres to the EU-U.S. and Swiss-U.S. Privacy Shield.

15.) How long do we keep your Data?

We retain your Personal Data as long as necessary to fulfill the purposes set out in this Privacy Policy (unless a longer retention period is required by applicable law). In general, this means that we will retain your Personal Data for as long as you have an account with our Company. With regard to your Personal Data related to product purchases, we retain this data for a longer period in order to comply with our legal obligations (such as tax and commercial legislation and for warranty purposes where applicable). At the end of this retention period, your data will be completely or anonymously deleted, for example by aggregating with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of Customer Data retention periods:

• 
  Orders
  
  

  
  When you place an order, we will retain the personal data you have given us for five years so that we can comply with our legal and contractual obligations.

• 
  Guarantees
  
  

  
  If your order included a warranty, the relevant Personal Data will be retained until the end of the warranty period.

• 
  Newsletter
  
  

  
  Your declaration of consent to send a newsletter is kept for as long as the newsletter is sent to you by the Company and in any case not more than six months from the cessation of its sending.

16.) Display targeted ads

If you have given us written consent, we may use your personal data together with other information we have collected, after human intervention by our commercial department, to display advertisements related to your obvious preferences, on our website or on another website.

However, we do not use automated tools to track and evaluate your consumer profile and general preferences with other personal information (such as your email address) to display advertisements or send you personalized information. In addition, we do not share your personal information with third parties so that they can send you relevant advertisements, unless you have explicitly consented in writing to them. If you wish us to stop sending you updates or offers, you can use the unsubscribe link at the end of each email you may have received from us (unsubscribe).

17.) Is your Data safe?

We are committed to safeguarding your Personal Data.

Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to secure and protect your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum safety.

The www.ZYPHIRA.gr website uses the TLS 1.2 protocol for secure online commercial transactions. This encrypts all Data you provide, including your credit card number, name and address, so that it cannot be decrypted or changed during transfer over the Internet.

In addition, the information used to identify you as an account user is two: the Username and the Personal Secret Security Code (Password). Each time you enter your details, you are granted access to your personal account. This process is achieved securely through encryption during their transfer to the internet and the Company’s servers. According to the same standards, you are given the opportunity to change your Personal Security Code (Password) as often as you wish. After entering the desired code, the new code is encoded and stored in the Company’s systems. For this reason, the only person who knows your password is yourself and you are solely responsible for maintaining the secrecy of the password from third parties.

Those measures shall be reviewed and amended as necessary.

18.) Unsolicited commercial communication

Our Company does not allow the use of our website or our services for the transmission of mass or unsolicited commercial emails (spam). Furthermore, we do not allow the sending of messages to and from our customers that use or contain invalid or falsified headers, invalid or non-existent domain names, techniques to hide the origin of each message, false or misleading information or violate the terms of use of websites. We do not allow in any way, the collection of email addresses or general information of our customers and subscribers through our website or services. We do not allow or authorize any attempt to use our services in a way that could damage, disable, burden any part of our services or interfere with anyone wishing to lawfully use our services.

If we believe that any unauthorized or improper use is being made of any of our services, we may, without notice, in our sole discretion, take appropriate steps to block messages from a particular domain, email server, or IP address. We may delete any account that uses our services that, in our sole discretion, transmits or links to the transmission of any messages that violate this policy.

19.) What are your rights?

You have the right to access your Personal Data.

This means that you have the right to be informed by us if we process your Data. If we process your Data, you can ask to be informed about the purpose of processing, the type of your Data we keep, to whom we give it, how long we store it, whether automated decision-making takes place, but also about your other rights, such as rectification, deletion of data, restriction of processing and filing a complaint with the Personal Data Protection Authority.

You have the right to correct inaccurate personal data.

If you find that there is an error in your Data, you can submit a request to correct it (e.g. name correction or address change update).

You have the right to erasure/right to be forgotten.

You can ask us to delete your data if it is no longer necessary for the above-mentioned processing purposes or you wish to revoke your data if this is the only legal basis.

You have the right to portability of your Data.

You can ask us to receive in a readable form the Data you have provided or ask us to transmit it to another controller.

You have the right to restrict processing.

You may ask us to restrict the processing of your Data for as long as your processing objections are pending.

You have the right to object and withdraw consent to the processing of your Data.

You may object to the processing of your Data and we will stop processing your Data unless there are other compelling and legitimate reasons that prevail over your right. If you have given your consent to the collection, processing and use of your personal data, you can withdraw your consent at any time with effect for the future:

• Choosing not to receive Marketing Communications.

You can choose not to receive marketing communications by changing your email and sms records by clicking the unsubscribe link or by following the instructions included in the message.

• Alternatively you can contact us using the contact details we give you in clause 17 below.

Where we rely on our legitimate interest: In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons related to your personal situation. We must then do so if we do not believe that we have a legitimate compelling reason to continue processing your Personal Data.

20.) How can you exercise your rights?

In order to exercise your rights, you can submit a relevant request to info@ZYPHIRA.gr email address entitled “Exercise of Right” and we will examine it and respond to you as soon as possible.

21.) Where can you appeal if we violate applicable law on the protection of your Personal Data?

You have the right to lodge a complaint with the Personal Data Protection Authority (postal address Kifisias 1-3, P.C. 115 23, Athens, tel. 210. 6475600, e-mail address contact@dpa.gr), if you consider that the processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data.

22.) Validity of Privacy Policy and Personal Data Protection

We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will post on our website the update of this before the changes take effect and we will notify you in any appropriate way.

We encourage you to read, at regular intervals, this Policy to know how your Data is protected.

23.) Bestprice analytics

Our company, in order to improve the services it provides, has integrated the BestPrice 360 Analytics tool into this website, in the context of extracting statistics and performance data from the participation of its online store in the corresponding www.bestprice.gr product price comparison platform, in which it participates. BestPrice Analytics 360 allows the transmission to the BestPrice.gr of exclusively anonymous data about the movement of users on this website (visit or order and purchase of products) in order to extract the corresponding statistical results and to improve marketing actions.

24.) Accept this policy

You acknowledge that you have read this Policy and agree to all of its terms and conditions. By accessing and using the Site and Services and submitting your information, you agree to be bound by this Policy. If you do not agree to comply with the terms of this Policy, you are not authorized to access or use the Site and Services.

Last updated: 01/10/2023