2. Data Controller
3. Personal Data that we collect about you
3.1 Personal Data types
When you visit our webpages without registering or placing any purchase order, the data collected about you are device (device ID, operating system or other identifiers) and connection (time, date and duration of visiting, IP address etc.) data.
Upon your registration to our website and the placement of purchase orders, in addition to the aforementioned data, HEEL collects and maintains about you the following data:
- Name, Surname
- Username and password
- E-mail address
- Telephone number
- Residence and delivery (if different) address for the dispatch of the goods ordered
- Payment means
- Purchase order background and «basket» of preferences
- Year of Birth
- Other personal data which you willing provide through the contact form that is available in our website or by e-mail, and in general when you visit our website or HEEL social media account, such as, indicatively, comments, valuations or complaints.
Further, it is likely that we have obtained your name and e-mail address because an acquaintance of yours has decided to offer you as a gift the e-Gift Card that is offered by our e-shop. In this case, prior to any further action, we shall send you an introductory e-mail asking you to confirm whether you are actually the beneficiary of the e-Gift Card, as well as to register to the present website in order to sue it.
Finally, subject to granting us your consent, it is possible that we retain and publish at the present website certain personal data of yours, such as, indicatively, any pictures of yours that you may have sent us for publishing in order to take advantage of the discounts and other privileges offered by Heel to its members.
3.2 Required & optional data
The data that are absolutely necessary for your registration and placing purchase orders through our e-shop are marked with an asterisk [*]. If you do not wish to provide them, you will not be able to register and place orders. On the contrary, any fields that are not marked as compulsory are optional and there is no consequence if you do not fill them in. If you chose to provide us this information, you help us improve the services we offer.
HEEL may process your data through either automated or non-automated (manually-handled) means, in paper and electronic format, ensuring in each case the adequate level of safety and confidentiality that is required by the applicable legislation.
4. Minors’ data
HEEL does not knowingly collect data about individuals of less than eighteen (18) years of age. Individuals of less than eighteen (18) years of age may use the services of our e-shop only with the prior consent of their parents or legal guardian. If your child has submitted any personal data that you wish to be removed, please contact us as described above.
5. Purposes for which we retain your data and legal basis
HEEL collects and processes the aforementioned types of data insofar this is absolutely necessary for the pursued purposes and such purposes are legitimate and previously specified. The purposes for which we collect and use your data and the legal basis of such processing are listed in the below table:
|(a)||Management/Administration & Delivery of Purchase Orders||To process your purchase order through our e-chop.||Performance of HEEL’s contractual obligations arising from the sales agreements entered into through our e-shop (article 6 par. 1 (b) GDPR)|
|(b)||Customer Service, Complaint Handling, Quality Control||When you contact HEEL to get information or submit complaints, we store and retain the information you provide us.For example, if you communicate with us, we retain the reason of contact, the number of purchase order that was not delivered properly etc. In that way we respond to you faster and more efficiently.||Performance of HEEL’s contractual obligations arising from the sales agreements entered into through our e-shop (article 6 par. 1 (b) GDPR)Accomplishment of HEEL’s legitimate interest in providing quality services article 6 par. 1 (f) GDPR)|
|(c)||Marketing and Sales Promotion Activities||We process your personal data for the purpose of marketing and promoting our products and services, for instance:(i) with your optional consent, in order to send you email alerts about offers, promotional activities and market researches, as well as newsletters about our new collections, or(ii) during your participation in HELL contests.You have the right to object to the above processing of your data for marketing purposes each time you receive an e-mail from us. Further, you may contact HEEL in the aforementioned ways, in case you wish to revoke your consent to the processing of your data for marketing purposes or to receive additional information.In addition, in order to continuously improve your navigation throughout our webpages, the services rendered and the advertisements published in our website, we collect statistical metric data, which, however, cannot be linked with your or a specific profile.||Consent (άρθρο 6 par. 1 (a) ΓΚΠΔ)Accomplishment of HEEL’s legitimate interest in providing quality services article 6 par. 1 (f) GDPR)|
|(d)||Data Security & Safeguard of Legitimate Interests||The processing of certain types of personal data is necessary, even without your consent, in order for us to protect the security and integrity of your data and our information technology systems, as well as to protect HEEL’s legitimate rights and interests and defend in judicial procedures.For example, in order to protect our systems and services, we need to collect personal data that help us identify potential malicious threats and mitigate the relevant risks.||Compliance with HEEL’s legal obligation to protect your personal data (article 6 par. 1 (c) GDPR)Accomplishment of HEEL’s legitimate interest in providing quality services (article 6 par. 1 (f) GDPR)|
6. How and for how long we retain your data
In general, your personal data are stored only to the extent required for the accomplishment of the above purposes taking into account the data minimization and limitation of retention principles.
We delete your personal data following your request or if your account remains inactive for a period of three (3) years. Before we delete your account, you will receive a separate notification in the email address you have provided us. In addition, there are certain, mandatorily applicable, minimum retention periods that are provided by the applicable national legislation. For instance, tax and accounting data must be kept for a minimum period of five (5) years. Therefore, notwithstanding your request to have your data deleted, it is likely that we must retain certain data to comply with our legal obligations and defend ourselves in judicial procedures. In the latter case, data concerning your purchases may be retained for a period of at least five (5) years as of the date they took place. In the aforementioned cases, the data will not be used for any other purposes.
Heel takes appropriate technical and organisational measures to protect itself against the risk of theft or accidental loss of your personal data, illegal or unauthorised use of, or access to them. For instance, your personal data are stored in secure servers, located in protected and control-accessed facilities.
8. With whom we share your data
Your data are processed from those employees of HEEL who have a need to access them in the frame of their duties for achieving the intended purposes.
Further, your data are transferred to third-party associates – external providers of services, such as couriers (for the delivery of orders), accountants, email and post, information technology, cloud computing, web hosting, portable devices’ applications, data analysis and payment processing services providers etc. Your data may also be transferred to affiliated entities or third parties in the frame of a corporate acquisition or transformation.
The above data recipients acquire access only to those data that are necessary for the envisaged operations and are bound to process them in accordance with the applicable legislation. All data recipients must comply with their data protection obligations and appropriately evidence the level of security they provide.
9. Transfer of data outside EU
Your data are retained with EU and EEA. Nonetheless, your data may be transferred to those countries outside EU and the EEA where certain HEEL’s associates – services providers are located or from where they provide services to HEEL. The transfer of your data outside EU shall in any event take place as prescribed by the GDPR, such as for example, with the user’s consent, on the basis of the standard contractual clauses that have been approved by the European Commission, by selecting counterparties that participate in international programs for the free circulation of data (e.g. EU-USA ΕΕ-ΗΠΑ Privacy Shield) or when they are transferred to countries that have been declared as safe destinations by the European Commission. Regardless of whether a services provider is based in EU/EEA or a third country, every services provider shall enter into a written data processing agreement with us.
10. Your rights
You have the right to be specifically informed, free of charge, about your personal data processed by HEEL, including your right to inspect their content, origin, accuracy, location and to ask copies thereof (access right). Further, you have the right to:
(a) request the correction and updating of your data;
(b) in those cases provided by the law, request restriction of their processing;
(c) request the deletion of your data;
(d) request the transfer of your personal data in a machine-readable form,
(e) revoke your consent to their future processing, such as n the frame of markting and slaes promotion activities,
(f) lodge a complaint to the supervisory authority (Data Protection Authority, 1-3, Kifisias Avenue, P.C. 115 23, Athens, Call Center: 30-210 6475600)
11.2 Cookies categories
Cookies are unique for each web browsing software and contain anonymous information concerning the webpages you visit and the devices used. In general, they perform multiple functions, such they facilitate your navigation from one webpage to the other, store your preferences and generally improve your online experience. Cookies are distinguished to several categories based on their intended purpose and way of operation. Our website uses the following types of cookies:
(a) Absolutely necessary cookies: They are necessary for navigating through our webpages, as well as for the use if their functions. Without them, the proper function of our webpage is not guaranteed (e.g. Script uploading).
(b) Functionality cookies: They allow a webpage to store information that is already submitted (username, language selection, or location from which a website is accessed) and improve the ability of a visitor to enjoy personalized navigation. These cookies collect anonymized information and do not allow the monitoring of navigation to other webpages.
(c) Efficiency cookies: They collect information about the use of a webpage, without storing personally identifiable information about a user. Collected information is used exclusively for improving the website’s performance.
(d) Marketing-related cookies: They are used, often with the use of third parties, for the provision of targeted advertising, customized based on the visitor’s interests. They are also used to limit the frequency an advertisement appears, as well as for measuring the effectiveness of a marketing campaign. Such information may be shared with third parties (e.g. advertising agencies).
11.3 Cookies configuration: You can configure your internet browser in such a way that you can be notified about the installation of cookies and decide individually, whether to accept or reject them on a general or a case-by-case basis. If you do not wish HEEL to collect and analyse data from your visits to our website, you can reject cookies upon your first visit to our webpage through the special banner that will appear on your screen) or at any other time. If you do not accept the installation of cookies it is possible that the functionality of our website or a given application will be reduced.
13. Link to other websites
14. Final Provisions