Privacy and policy
The Company created this website with the sole purpose of serving its customers. In order to achieve the best service, the Visitor / User / Customer must provide the Company with specific information regarding the processing of his order and which are protected by it.
This Privacy Statement and the attached Terms and Conditions of Use of this website describe the method of data collection from the website www.spell-cosmetics.com, the use of this data by the Company and the terms and conditions of use of this website. This Privacy Statement refers exclusively to the personal data that the Visitor / User / Customer provides to the Company during the orders it submits to this website. "Personal data" is defined as any information relating to an identified or identifiable natural person ("data subject"). Anonymous information is not meant as such.
The Company collects only the following information about users: (1) information provided by the Visitor / User / Customer during registration as a customer, (2) information provided by the Visitor / User / Customer in order to execute the order from the online store and (3) information that the Visitor / User / Customer gives her when she submits a question or request through the contact form that exists on the website.
Upon registration as a Customer, the Visitor / User / Customer provides the Company with the following information: First Name, Last Name, Last Name (for legal entities), Telephone, Email Address, Address (Street, City, Postal Code).
When filling in any order form on the website of the online store, the Visitor / User / Customer is asked for the name, address (Street, City, Postal Code), his email address (Email), his phone number and the method of payment of the order. In addition, more specific information may be requested, such as shipping - delivery details of an order, invoicing details (VAT number and competent Tax Office) or details about the offer requested. The Company makes use of the information provided by the Visitor / User / Customer during the electronic sending of the form, in order to communicate with him regarding (i) the delivery of the order at his place, (ii) for confirmation and identification customer in any necessary case, (iii) for new or alternative products offered by the online store.
When submitting a request or inquiry through the contact form of the online store, the Visitor / User / Customer provides the Company with the following information: Name, Surname, Telephone and Email Address, contact subject, while optionally can also fill in the text frame.
The Company undertakes to comply with all relevant laws of the European Union and Greece regarding the protection of personal data for the protection of the rights and freedoms of persons whose information is collected or processed in accordance with the General Data Protection Regulation (General Data Protection Regulation). GDPR, EU2016 / 679).
The Company recognizes the importance of security for personally identifiable data and applies administrative and organizational safeguards to protect it from loss, misuse and unauthorized processing or modification. It is noted, however, that it is inherently impossible to guarantee that third parties will never be able to violate the Company's methods of protection or use its information for inappropriate purposes or that transmission errors will not occur and therefore the Company limits any its responsibility for such a loss. The Company restricts access to identifiable personal data to those employees and external partners who work for us and on its behalf, who need access to fulfill the task assigned to them. The Company maintains sufficient physical, electronic and procedural guarantees that comply with all applicable laws that protect the personal data of Visitors / Users / Customers and its systems. It also has active control procedures for possible breach of personal data and in such a case will immediately inform the Visitor / User / Customer, as well as the competent supervisory authority.
In addition to the right to revoke the consent granted by the Visitor / User / Customer, he also has the following rights, provided that the respective legal conditions are met: right of access to his own personal data stored by the Company in accordance with Article 15 GIP , right to correct incorrect or incorrect data in accordance with Article 16 GIPD, right to delete its data stored by the Company in accordance with Article 17 GIPD, right to restrict the processing of its data in accordance with Article 18 GIPD, right to data portability pursuant to Article 20 of the ICCPR, right of objection pursuant to Article 21 of the ICCPR. In detail, the above rights of the Visitor / User / Customer are as follows:
- Right of access according to article 15 GKPD: The Visitor / User / Customer has the right to be informed upon request and free of charge, according to article 15 paragraph 1 GKPD, about the personal data stored by the Company for his person. This includes in particular: the purposes of the processing of personal data, the relevant categories of personal data processed by the Company, the recipients or the categories of recipients to whom the personal data concerning it are disclosed or will be disclosed, if possible, the period for which the personal data will be stored or, where this is not possible, the criteria for determining that period, the existence of a right of request to the controller for the correction or deletion of personal data or the restriction of the processing of personal data the data subject or the right to object to such processing, the right to lodge a complaint with a supervisory authority, where personal data are not collected by the data subject, any available information about their origin, decision-making, including the profiling provided for in Article 22 (1) and (4) of the GBER and, at least in such cases, important information on the logic followed and the significance and intended of the data. When personal data is transmitted to a third country or to an international organization, the data subject has the right to be informed of the appropriate guarantees in accordance with Article 46 of the GBER on the transmission.
- Right of correction according to article 16 GKPD: The Visitor / User / Customer has the right to demand from the Company without unjustified delay the correction of inaccurate personal data concerning him. Given the purposes of the processing, it has the right to request the completion of incomplete personal data, including through a supplementary declaration.
- Right of deletion according to article 17 GKPD: The Visitor / User / Customer has the right to request from the Company the deletion of personal data without undue delay, if one of the following reasons is valid: personal data are no longer necessary in relation to for the purposes for which it was collected or otherwise processed, withdraws its consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GBER legal basis for processing, opposes processing in accordance with Article 21 (1) or paragraph 2 of the GBER and there are no compelling and legal grounds for processing in accordance with Article 21 (2) of the GBER, personal data have been processed personal data must be deleted in order to comply with a legal obligation, personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) GIP.
- Right to restrict processing in accordance with Article 18 of the GIP: The Visitor / User / Customer has the right to ask us to restrict processing when one of the following conditions applies: disputes the accuracy of personal data, processing is illegal and requests instead of deletion the restriction of the use of personal data, the controller no longer needs the personal data for the purposes of processing, but this data is required by the data subject to establish, exercise or support legal claims , or has objections to the processing in accordance with Article 21 (1) of the GIP, pending verification as to whether the legitimate reason of the controller overrides the reason of the data subject.
- Right to data portability according to article 20 GCP: The Visitor / User / Customer has the right to receive the personal data concerning him, and which he has provided to the Company in a structured, commonly used and machine readable format, and the right to transmit such data to another controller without objection from the Company, when: the processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or in a contract in accordance with Article 6 (1) (b) GCC and processing is carried out by automated means. When exercising the right to data portability, the Visitor / User / Customer has the right to request the transfer of personal data directly from the Company to another controller, if this is technically possible.
- Right of objection under Article 21 of the GIP: Subject to the provisions of Article 21 (1) of the GIP, the Visitor / User / Customer may object to the processing of data for other reasons arising from the specificity of the situation. The above general right of objection applies to all data processing purposes described in these data protection terms, which are processed under Article 6 (1) (f) GIP. Unlike the special right of objection concerning the processing of data for advertising purposes, the Company has an obligation according to the GCP to apply this general right of objection only if the Visitor / User / Customer states reasons of paramount importance, e.g. a potential risk to life or health.