Privacy Policy

1.1 Welcome to the privacy statement of A. Stefanidou and Sia O.E- Zini Boutique. We respect your privacy policy and we are committed to protect your privacy. This privacy statement informs you about how we look after your personal data as a customer, potential customer, visitor or user of the website and provides information about your privacy rights and how you are protected by the law. We are responsible for the collection, management and processing of your personal data.

1.2 For any clarification regarding this privacy statement, including any requests for your legal rights, please contact us at the following contact details.

Our Full details are:

Full name of legal person: A. Stefanidou and Sia O.E ‘’Zini Boutique’’

E-mail: [email protected] or [email protected]

Adress: Tsimiski 79, 54622, Thessaloniki, Greece

You reserve the right to complain at any time to your country’s supervisory authority about data protection issues. In Greece, this authority is the Hellenic Authority for the Protection of Personal Data and you can find relevant details through the following link: www.dpa.gr . However, we would appreciate if we were given the opportunity to address your concerns before you approach the Data Protection Authority, so please contact us first, using the contact details listed above.

2. Changed to the privacy statement and your obligation to notify us of changes.

This version was updated on May 30rd, 2018. You can contact us for older versions. This statement replaces all pervious disclosures we may have made in the past regarding our information practices. We reserve the right to change this statement and to make any changes to the information previously collected, in accordance with the law. If there are significant changes to this statement or our information practices change in the future, we will notify you by posting our changes on our website.

It is important that the personal data we keep about you is accurate and valid. We hereby request that you inform us in the event that your personal data changes during your relationship with us.

3. Categories of information we collect

We reserve the right to collect, process, store and transfer different types of personal data about you, which we have grouped as followed:

• Identity data includes first name, surname, username or similar ID.
• Contact details include billing address, delivery address, email address and phone numbers.
• Financial data includes bank account and payment card details.
• Transaction data includes payments to and from you and other items of products and services you purchased from us.
• Technical data includes the Internet Protocol (IP) address, login details, browser type and version, time zone and location, additional browser types and versions, operating system and platform and other technology on the devices used to access this site.
• Profile data includes your username and password, purchases or orders made by you, your interests, preferences, comments and responses to inquiries.
• Usage data includes information about how you use our website, products and services.
• Marketing and communications data includes your preferences regarding receiving promotional material from us and third parties and your preferences for your communication with us.

4. How we collect your information

We collect personal data about you every time you use the company's services (whether the services are provided directly by us or by other companies acting on our behalf), when you visit one of our stores, when you use our websites or when you use our call centres.

5.Why we process your information

We will process your personal data only when the law allows it. Generally, we will use your data only:

• In case we have to execute the contract that we are preparing to conclude or have already concluded with you
• Where necessary for our legitimate interests (or the interests of a third party) and your interests and fundamental rights do not prevail over those interests.
• In case we have to comply with a legal or a regulatory obligation.
• When you have given us your explicit consent to do so.

Generally, we don’t rely on your consent as the legal basis for the processing of your personal data except in cases where we send you promotional updates or when we process specific categories of personal data. You reserve the right to withdraw your consent to send promotional updates at any time by contacting us by using the contact details referred to in paragraph 1 above.

6. Purposes for which we will use your personal data

We describe below all the ways in which we intend to use your personal data and on what legal bases we base our actions. We also describe, depending on the situation, what our legal interests are.

We reserve the right to process your personal data for more than one legal reason depending on the specific purpose for which we use your data. You can contact us in case you need clarifications for the specific legal reason on which we rely in order to process your personal data while in the following table we describe more than one reason.

7. Change of Purpose
We will use your personal data only for the purposes for which we collect it, unless we reasonably believe that we will need to use it for another purpose and that reason is compatible with the original purpose. If you would like to receive an explanation as to whether the editing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for irrelevant purpose, we will inform you to explain the legal basis that allowed us to do so.

8. Third party connections
Our website can include links for third party connections,  distinct embedded web pages (microsite), adds-on and applications. If you wish to enable these links, you grand the right to third parties to collect or share data about you. We don't control third party websites and we are not responsible for their own privacy statements, while in the case of additional services provided to you by third parties through the booking process, you should be aware that Zini Boutique may be the one performing the processing on behalf of these third parties. Therefore, whenever you use these links or microsite or when you leave our site, we suggest that you read the privacy statement of these third parties.

9. Cookies, web beacons and other similar technologies

Our website uses "cookie" and "web beacon" technologies. We use cookies and web beacons to be able to distinguish you from other visitors, to record your IP address and the way you use our website and to identify the website from which you connected to our website. This information is used to fulfill our obligations as defined by contracts with our business partners, but also to help us provide you with better services, improving the design of our website, as well as our products, services and promotions. In no other way do we record information about how you use other sites. Non-personal data or anonymized / pseudonymized information obtained through cookies and web beacons may be shared or received by our service providers.

A cookie is a small data file that is placed on your computer's hard drive when you visit a website. A session cookie expires as soon as you complete your session (i.e. when you close your browser). A "permanent cookie" stores information on the hard disk so that when you complete the session and return to the same site at a later time, the cookie information is still available. A web beacon is a small piece of code that represents a clear graphic image and is used in conjunction with a cookie.

When you visit our website, we reserve the right to use both a session cookie and a permanent cookie. This cookie is set by Zini Boutique and may contain information (such as a unique user ID) that is used to record your use of our website and in some cases to record your email address. Your email address is only stored in this cookie. The web beacon allows us to record specific types of information about actions taken when visiting a website, such as a visitor's cookie number, time, date, duration and number of page views, a description of the page on which the web beacon and the details of the product or service purchased by the user are placed.

We may also use Flash cookies or other similar technologies. A Flash cookie is a small data file placed on a computer using Adobe Flash technology that may already be installed on your computer or downloaded by you to your computer. We use these technologies to personalize and enrich your experience on our site, to facilitate processes, to personalize and save your settings. Flash cookies can help our website visitors to set, for example, their preferences regarding the upload size of a video file. They help us improve our websites by figuring out which points are of most interest to customers. We do not use Flash cookies for promotions or behavioral ads. Flash cookies are different from browser cookies and the cookie management tools provided by your browser do not remove Flash cookies. If you turn off Flash cookies or other similar technologies, you may not have access to specific features and services that make your experience on the site more efficient and enjoyable.

You can disable cookies at any time through the browser options, but if you do, we will not be able to record your purchases or allow you to make a purchase from our website. In addition, we will not be able to identify you as a registered user so that you can access your account information.

10. Child’s Privacy

We do not knowingly collect any information from any person under the age of 15. Our website, products and services are exclusively for people who are at least 15 years old or older.

If you are under the age of 15, do not use or provide any information on this site or any or all of its features, do not register on the site, do not make any purchases through the site and do not give any information about yourself to us, including your name, address, phone number or email address.

If we find that we have collected personal data from a child under the age of 15, we will delete this information, unless consent or authorization has been given by the child's guardian.

If you think we may have information from or about a child under 15, please contact us.

11. Who else has access to your information

For your convenience, we reserve the right to share your personal data with service providers who provide support services to us or who assist us in promoting our products and services. Service providers are third parties providing services on our behalf. They undertake through a contract not to use your information in any other way than to help us provide you with the products and services provided by Zini Boutique.

In particular, in order to facilitate the regulation of your purchases, we often need to share your personal data with third parties. We reserve the right to disclose your personal data to a third party to whom we reserve the right to choose to sell, transfer or merge parts of our business or assets. Alternatively, we reserve the right to acquire or merge with other companies. In the event of a change in our business, the new owners have the right to use your personal data in the same manner as set forth in this privacy statement.

We also reserve the right to disclose your personal data to a third party when you ask us to do so or when we deem it required by law.

12. Countries who have access to our information

Our servers, which store and protect your information, are located within the European Economic Area (EEA). Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection for them, ensuring that one of the following protection measures is implemented:

• We will only transmit your personal data to countries that the European Commission considers to provide an adequate level of protection for personal data. For more information, see European Commission: Adequacy of personal data protection in non-EU countries
• Where we use specific service providers, we reserve the right to use specific contracts approved by the European Union, which provide personal data with the same protection as in Europe. For more information, see European Commission: Model contracts for the transfer of personal data to third countries.
• Where we use providers based in the United States, we reserve the right to transmit data to them if they participate in the Protection Shield which requires them to provide similar protection for personal data shared between Europe and the United States. For more information, see European Commission: EU-US Protection Shield

Contact us for any clarification on the specific mechanism used by us when transmitting your personal data outside the European Economic Area.

13. Data protection

We have put in place appropriate protection measures (including encryption, anonymization and / or pseudonymization procedures where necessary) to prevent the unintentional loss, alteration, disclosure and use or access of your personal data in an unauthorized manner. In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who need to be aware of it in order to perform their professional duties. Your personal data will be processed exclusively in accordance with our instructions and we are committed to complying with the relevant terms of confidentiality.

We have put in place procedures to deal with any suspected breach of personal data and we will notify you and any competent authority of any breach when required by law to do so.

14. Retention of your information

We will retain your personal data only as necessary in order to fulfill the purposes for which we collected it, including the fulfillment of any legal or accounting obligation or reporting obligation.

To determine the appropriate period of retention of personal data, we consider the quantity, nature and sensitivity of personal data, the potential risk of damage from unauthorized use or disclosure of your personal data, the purposes for which we process your data personal, if we are able to fulfill these purposes by other means and the applicable legal obligations.

Details of the retention periods of different categories of your personal data are available in our retention policy which you may request by contacting us.

In some cases, you have the right to ask us to delete your data: see the deletion request section below for more information. In some cases, we reserve the right to anonymize your personal data (so that they may not be associated with your person) for research or statistical purposes and in this case, we reserve the right to use this information indefinitely without further notice.

15. Your Rights

You have the right to:

1. Request access to your personal data ("underlying data access request"). This enables you to obtain a copy of the personal data we hold about you and to confirm that we are processing it in accordance with the law.
2. Request a correction of the personal data we hold about you. This enables you to correct incomplete or inaccurate data we hold about you, although we reserve the right to ask you to validate the accuracy of the new data you provide to us.
3. Request the deletion of your personal data. This allows you to ask us to delete or remove personal data when there is no reasonable reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data in cases where you have successfully exercised your right to object to the processing (see below), when we may have processed the information incorrectly or when we need to delete your personal data so that to comply with local regulations. However, as you know, we may not always be able to comply with your request for deletion for specific legal reasons and we will notify you, if necessary, of your request.
4. Oppose the processing of your personal data when we rely on our legitimate interest (or the legitimate interest of a third party) and in this case you have reason to wish to oppose the processing based on it, as you believe it affects your fundamental rights and freedoms. You also have the right to object when we process your personal data for immediate promotions.
5. Request a restriction on the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following cases: (a) if you wish to confirm the accuracy of the data, (b) when your use of the data is unfair but you do not delete them from us, (c) when you wish to keep your data even if we do not request it, if it is necessary for you to validate, exercise or defend legal claims, or (d) you have objected to our use of your data but must confirm if we have compelling legal reasons to do so.
6. Request the transfer of your personal data to you or a third party. We will provide you, or any third party you indicate, with your personal data in a structured common form of engineering legibility. This right only applies to automated information for which you have given your consent to use it in cases where we have used the information to enter into a contract with you
7. Withdraw your consent at any time in the event that our processing of your personal data is based on your consent. However, this is not something that can affect the legal processing that took place before you withdrew your consent. If you withdraw your consent, we may not be able to provide specific products or services to you. We will notify you in such a case upon withdrawal of your consent.

If you wish to exercise any of the rights described above, please contact us.

16. No fee is usually required

You will not have to pay a fee or fee to access your personal data (or to exercise any of your other rights). However, we reserve the right to charge a reasonable fee if your request is manifestly unfounded, repetitive or abusive. Alternatively, we reserve the right to refuse to comply with your request in these cases.

17. What we might need from you

We reserve the right to request specific information from you in order to verify your identity and to safeguard your right to access your personal data (or to exercise any of your other rights). This is a protection measure that ensures that personal data is not disclosed to any person who is not entitled to receive it. We also reserve the right to contact you for more information about your request, in order to reduce the response time.

18. Response time limit

We try to respond to all legitimate requests within a month. We may need more than a month to respond to your request. if your request is particularly complex or you have submitted a number of requests. In this case, we will notify you in order to inform you about it.

Definitions

Personal data is information that can be related to a person. The data are considered personal if the person concerned can be identified, directly or indirectly. Relevant examples are the person's name, ID number, date of birth, location data and contact details. Data from which identification information has been removed (anonymous data) is not included.

Sensitive personal data or specific categories of data are data such as: religious, ideological, political views or practices, information on health, gender or biometrics, race and ethnic origin, administrative or criminal records or sanctions.

Profile formation is any form of automated processing of personal data by which personal data is used to evaluate specific personal characteristics associated with a person.

A data subject is a natural person with whom personal data is linked.

Data processing / processing is any activity, act or series of operations carried out on personal data or sets thereof, regardless of the process and means (automated or not) applied, such as collection, registration, organization, structure, the storage, adaptation or alteration, retrieval, retrieval of information, use, revision, disclosure by transmission, dissemination or any other form of disposal, association or combination, interconnection, exclusion, deletion, archiving, viewing and destroying personal data.

A data file is any structured set of personal data that is accessible in such a way that it is possible to identify that person from the data. Disclosure means the ability to make personal data accessible.

Conducting an impact assessment on data protection is a systematic process for identifying, assessing and documenting risks and the impact of personal data processing activities on the rights of individuals. The processor is the legal person that decides on the purpose and means of processing personal data. The processor is the natural or legal person who processes personal data on behalf of the data controller.