Privacy Policy
(and information on the processing of personal data)
The company under the name Spitiko and with the distinctive title “”Spitiko Bakery”” (hereinafter “”the Company”” or “”we”” or “”us””) is the Data Controller.
Protecting your fundamental right against the processing of your personal data is a top priority for us. The Company processes your personal data in compliance with the General Data Protection Regulation [GDPR] and any other relevant applicable national and European legislation.
Purpose of this policy
The purpose of this policy is to inform you about:
→ the collection, storage, use, disclosure and general processing of your personal data when you visit, register or use the Company’s website, as well as when you interact with its physical stores,
→ the purposes of processing, as well as how your personal data is processed,
→ the duration of the retention of your personal data,
→ the measures we take to protect your personal data, and
→ the rights you have as a personal data subject and the procedures for exercising those rights.
Definitions
The following meaning has been assigned to the following terms, within the meaning of this policy and in accordance with the GDPR:
→ “”personal data””: any information relating to an identified or identifiable (**) natural person (hereinafter “”personal data”” or “”personal data”” or “”data””. Personal data is information that identifies or can identify you, such as your full name, postal address, e-mail address, contact telephone number, tax identification number, etc.
→ “”processing””: any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
→ “”controller””: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, in this case the Company.
→ “”processor””: the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, in this case the Company.
→ “”recipient””: the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not a third party.
→ “”consent””: any freely given, freely given, specific, explicit and informed indication of intent by which you, as a data subject, signify your agreement, by a statement or by a clear affirmative action, to the processing of your personal data.
→ “”personal data breach”” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed.
→ “”website””: the website (site) spitikobakery.com is the website of the Company, where the online store for the presentation and sale of the Company’s products and services is located (hereinafter referred to as the “”website”” or “”online store”” or “”website””).
→ “”social networks””: the pages that the Company maintains on social networks (Facebook, Instagram) where you can become a member if you wish.
Principles of data processing
We ensure the lawful processing of your personal data. In particular, we process your personal data in accordance with the principles:
→ lawfulness, objectivity and transparency,
→ purpose limitation of the purpose of the processing,
→ data minimisation → data minimisation,
→ data accuracy → data minimisation, data minimisation, data minimisation, data minimisation, → data accuracy,
→ limitation of the period of data storage; and → limitation of the period of data storage; and → minimisation of the use of data; → minimisation of the use of data; → minimisation of the use of data; and → limitation of the period of data storage.
→ data integrity and confidentiality,
We ensure at all times the effective protection of your personal data by taking all necessary and appropriate technical and organisational measures.
Protection of minors
Our website is intended for adults. Underage users can access our services only with the consent of their parents or guardians and are not required to submit their personal information. In case of submission of such information by minors, the website administrators will delete the relevant information. In case of submission of false personal data during membership registration, the Company shall not be liable.
“Retention period of your personal data
Your personal data is processed and retained only for the period of time necessary to fulfil the purpose for which it is collected and processed, unless a longer period of data retention is required by applicable law.
Indicatively:
We retain your personal data for as long as you maintain a user account in our online store. If you cancel/erase your account without having made a purchase, the personal data relating to your registration on our website will be deleted within a reasonable period of time and in any case within three (3) months of the cancellation of your account.
Your personal data relating to product purchases will be retained for five (5) years from your last purchase. It may be retained for a longer period of time if required to comply with legal obligations imposed by law, such as tax laws, commercial laws, etc. In the event of legal claims, the data will be retained until a final court decision is issued.
Personal data that we process with your consent (e.g. for informational, advertising, product promotion purposes) will be kept until your consent is withdrawn. Your consent is retained for as long as newsletters are sent and up to six (6) months after the newsletters are no longer sent.
Upon expiry of the necessary storage period, your personal data will be completely deleted or anonymized, i.e. aggregated with other data so that it can be used in an unidentifiable manner for statistical analysis and business planning.
The data collected through the use of cookies are only retained during the user’s access (user session).
CVs/recruitment applications to the Company are retained for six (6) months from the date the position is filled/or the CV is sent, unless you grant your consent for their retention for a longer period in order to be informed of any new vacancies.
Image data from the operation of the video surveillance (CCTV) system and cameras in our physical stores will be destroyed in fifteen (15) working days, provided that no event occurs as a result of the images being stored or the real-time recording.
“Account User Identification
The information used to identify you as an account user and access your personal account (“”My Account””) on our website/ e-shop is:
(a) your login password or email address (username or email)
(b) your personal secret security code (password).
By entering the above data, the security of your personal data is ensured through encryption during their transfer to the Internet and the Company’s servers.
Although we take all necessary measures to safeguard your personal data, you as an account user must also follow the required security measures. Since only the user knows the security code (password) to access his/her personal account, you are solely responsible for ensuring the secrecy of this code so that it cannot be used by third parties. We recommend that you use the facility provided on our website to regularly change your security code. Also, in case you use a shared computer, make sure that you log out of your account.
“As a data subject you have the following rights:
Right to information: the right to full, transparent, easily accessible and understandable information about the processing of your personal data.
Right of access: the right to obtain confirmation from the Company as to whether or not the personal data concerning you are being processed, and if so, the right of access to the data and information processed.
In any case, as long as you maintain a user account you can log in to it and make any correction/change without having to submit a request.
Right of deletion: Right to demand that the Company proceed without undue delay to erase your personal data concerning you, provided that the specific conditions provided for by the GDPR are met (Article 17 GDPR).
Right to restrict processing: Right to obtain from the Company the restriction of processing, provided that the specific conditions provided for by the GDPR are met (Article 18 GDPR).
Right to obtain from the Company the restriction of processing, provided that the specific conditions provided for by the GDPR are met (Article 18 GDPR).
Right to object: the right to object, at any time, to the processing of personal data concerning you on grounds relating to your particular situation. In this case, the Company will no longer process the personal data, unless it demonstrates compelling legitimate grounds for the processing of such data which override your interests, rights and personal freedoms or for the establishment, exercise or defence of legal claims by the Company.
“Right to data portability: if the processing is carried out by automated means, the right to receive the personal data concerning you, which you have provided to the Company, in a structured, commonly used and machine-readable format, as well as the right to transmit, if technically feasible, such data to another controller without objection from the Company.
Withdrawal of your consent: Where the processing of your personal data is based on your prior consent, you may at any time revoke your consent with prospective effect (i.e. the revocation of consent acts only for the future and does not affect the lawfulness of the processing based on your consent during the period until its revocation). As long as you maintain a usage account on our website, you can withdraw your consent to no longer receive communications from us for advertising, information and promotional purposes (newsletters) by sending an e-mail to info@spitikobakery.com
Right of termination: If you consider that your personal data concerning you have been processed in a way that violates the GDPR and the principles set out herein, you have the right to lodge a complaint with the Data Protection Authority (www.dpa.gr).
“Exercising your rights
In the context of exercising the above rights, the Company undertakes to satisfy these rights as soon as possible and in any case within one (1) month from the receipt of your written request. This period may be extended by two (2) more months, if necessary, due to the complexity or number of requests. In this case, you will receive notification from us of such extension within one month of receipt of the request, as well as the reasons for the delay.
If the request is submitted by electronic means, the information will be provided, if possible, by electronic means.
If we do not act on your request, we will inform you, without delay and at the latest within one month of receipt of the request, of the reasons why we have not acted and of the possibility of lodging a complaint with a supervisory authority and pursuing a judicial remedy.
In case of a request, we will ask you to verify your identity. In the event that you authorise a third party to make a request on your behalf, we will require written authorisation from you for that action.
“Cookies
Our website may use cookies to:
→ optimal functionality of the website
→ the improvement of the visitor/user’s experience while browsing the website,
→ the measurement of website traffic
→ improving the overall quality of the Company’s products and services, for statistical and promotional purposes (marketing)
Delete cookies
You can delete the cookies stored on your computer, for example:
→ in Internet Explorer (version 11), you must delete the cookie files (instructions on how to do this can be found at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11).
→ in Firefox (version 36), you can delete the cookies by selecting “”Tools””, “”Options”” and “”Privacy””, then selecting “”Use custom settings for history”” from the drop-down menu, selecting “”Show Cookies”” and then selecting “”Remove All Cookies”” and then selecting “”Remove All Cookies”” and
→ in Chrome (version 41), you can clear cookies by selecting “”Customise and control”” then “”Settings””, “”Show advanced settings”” and “”Clear browsing data”” and then selecting “”Cookies and other site and plug-in data”” from the drop-down menu before selecting “”Clear browsing data””.
Deleting all cookies will have a negative impact on your use of the website and you will not be able to use all of its features.
“Automated decision making/Profiling
We do not perform automated decision-making or profiling.
Links
The spiticovacery website contains links to other websites. This privacy policy applies only to data collected by our own website/site and we have no responsibility for the privacy practices of those websites.
Policy update
This policy was last modified on 2 November 2020.
From time to time this policy will be amended and updated when and as required by applicable national and European legislation, without prior notice to users. We therefore recommend that you check this page periodically for any revisions to this policy.
Your use of our website/e-shop indicates your unconditional acceptance of the terms of this privacy policy.
