This document constitutes the Privacy Policy of the company under the corporate name WHATAGIFT MONOPROSOPI I.K.E. (hereinafter referred to as “WHATAGIFT” or “Company”), which is based in Athens (Solonos street 12, email: info@whatagift.gr, gifted-greece.gr ) (hereinafter the “Privacy Policy”). The Company as Data Controller acknowledges and attaches particular importance to the protection of personal data. The purpose of this policy is to inform you about the collection, use, transmission, and protection of your personal data, as well as about your rights in accordance with national legislation and the General Data Protection Regulation of the EU 2016/679 (also known as GDPR).

This policy (hereinafter referred to as “Data Policy”) provides information regarding the following:

  1. Collection of personal data
  2. Data categories collected by WHATAGIFT
  3. Purposes of data processing
  4. Data access
  5. Retention of personal data
  6. Security of personal data
  7. Transfers of personal data outside the E.U.
  8. Your rights
  9. Third party websites
  10. Right to file a complaint
  11. Changes to this Policy

1. Collection of personal data

WHATAGIFT collects personal data when:

  • You visit the Company’s website.
  • You register as a user at the website.
  • You subscribe to the newsletter service.
  • You submit an order using the online store which operates at the website.
  • You contact the Company for questions or complaints, or request information about a service provided.
  • You exercise any of your rights as described in Section 8 (Your rights) of this policy.

2. Data categories collected by WHATAGIFT

The categories of personal data collected by WHATAGIFT (see Section 1 of this policy – Collection of personal data) are:

  • Name (during submitting an order, during your registration and/or when you subscribe to the newsletter service).
  • Surname (during submitting an order, during your registration and/or when you subscribe to the newsletter service).
  • Address – street, postal code, city (during submitting an order and/or during your registration).
  • E-mail address (during submitting an order, during your registration and/or when you subscribe to the newsletter service).
  • Username (during your registration).
  • Password (during your registration).
  • Information about your account, such as registration date, details of orders and payments, proof of payment of orders, or any other information associated with an account.

In addition, we collect information about the way you use our general services, such as:

  • Information related to the use of our website gifted-greece.gr. We use cookies for the operation of the website and for the collection of statistical-aggregated data related to the way the website is used by the customers-users (see Cookies Policy of the Company’s website, (gifted-greece.gr).
  • Your IP address (Internet Protocol Address), as a technical requirement for the registration of your data or your preferences in the Company’s website forms (gifted-greece.gr). The data is not used for tracking your location.

The Company acknowledges the need to protect personal data of minors, as defined by the current regulatory framework/local legislation, and therefore the Company does not intentionally collect personal data of children. The use of the website by children should always be done with the consent of their parents or guardians and under their supervision.

3. Data processing purposes

The Company collects and uses personal data only to the extent that it is necessary for the fulfilment of its processing purposes, such as:

  • To ensure your access to the website, to make the necessary transactions, to invoice you, as well as to complete the orders you submit by the online store.
  • To inform you via e-mail (provided that you have given your consent) (your e-mail address will not be used to send spam messages).
  • To comply with its regulatory and legal obligations towards public Authorities and Bodies.
  • To answer your questions or concerns (upon request submitted by you) regarding the use of Company’s services and your data.
  • To defend and ensure Company’s legal and business interests and the technical operation and functionality of its systems.

4. Data access

Only the Company’s managers, authorized employees, and certain external partners (for the technical support-administration of server databases and for pricing purposes of the provided services) have access to your data. Your personal data will be used exclusively for the provision of the Company’s services and your information will not be disclosed or sold to third parties for other purposes (see Section 3 – Data processing purposes). The Company may disclose your personal data without your consent or without informing you solely in order to comply with law requirements, court and/or administrative authorities’ decisions.

5. Retention of personal data

WHATAGIFT retains your data throughout the duration of your subscription to the newsletter, and/or for a reasonable period after the submission of your order.

After the cancellation of your subscription to the newsletter in any way and/or after the completion, withdrawal or cancellation of your order, your data is kept for a certain period in accordance with the applicable legislation framework, or for as long as is required to defend WHATAGIFT’s rights before a Court and/or any other competent Authority. The data related to the newsletter service, or the data collected for sending you promotional messages will be deleted immediately if you declare to us that you do not longer wish to receive these services.

6. Security of personal data

In WHATAGIFT we recognize the importance of protecting your data and therefore we constantly monitor and improve the technical and organizational measures for protecting your personal data from unauthorized use, accidental loss, dissemination or destruction. Every WHATAGIFT employee who has access to the information mentioned above, uses them to serve exclusively the above purposes (see Section 3 – Data processing purposes).

Also, in case an organization, another company or an external partner provides to us (or on our behalf) services that include personal data processing, we ensure that the appropriate technical and organizational measures are applied and that data is processed in accordance with the prescribed manner. These bodies cannot process your data for their own purposes and they are bound by a contract to maintain confidentiality and data protection in accordance with the national data protection legislation and the General Data Protection Regulation (GDPR).

7. Transfers of personal data outside the EU

Your personal data is not transferred outside the E.U.

8. Your rights

You can contact us, to explain you the types of data we collect, as well as the precise way in which we process them (right of be informed).

Moreover, you can at any time request a copy of your personal data (right of access).

If you believe that your data is incomplete or inaccurate, please contact us so that we can make the appropriate corrections (right of rectification).

In case you consider that your data is not subject to processing for a specific and legal purpose you can ask us to delete them after proper consultation with us (right to erasure).

You can ask us to suspend or you can oppose to the processing of your personal data for reasons relating to your particular situation (right to  restriction of processing and right to object). If you submit such a request, we will no longer process your personal data, unless we prove compelling and legitimate reasons for processing, that override your interests, rights and freedoms, or establishing, exercising or supporting legal claims.

You may request your exemption from our promotional activities or choose your exemption from only some forms of commercial communication. In case you no longer wish to receive the newsletter service via e-mail, you can unsubscribe from our lists.

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from WHATAGIFT (right to data portability).

You can ask us to satisfy any of your rights, as described above, by sending your request to the email address info@whatagift.gr. In this case, additional information for your identification may be requested.

WHATAGIFT is committed to respond to your requests within one month of their submission. However, in the event that the fulfilment of your requests becomes impossible for our Company during this period, we will reasonably inform you about our relative weakness, in order to respond to your requests no later than three months from their initial submission by you.

WHATAGIFT shares your concerns about the processing of your personal data. For any information you can contact us at info@whatagift.gr.

9. Third party websites

It is noted that this Data Policy does not extend to third party websites that may be linked to WHATAGIFT’s website (gifted-greece.gr).

10. Right to file a complaint

If you have exercised any of your rights (see Section 8 – Your rights) and you still feel that your concerns about the way in which the Company uses your data have not been satisfactorily addressed by WHATAGIFT, you have the right to file a complaint to us. You also have the right to file a complaint to the Hellenic Data Protection Authority (HDPA), Kifissias 1-3, pc 11523, Athens, Greece. You can find information on how to submit your complaint on the website of HDPA (http://www.dpa.gr).

11.  Changes to this Policy

We may from time to time change or modify this policy and we will respectively modify the revision date shown below. We recommend that you review this policy periodically, so that you can always be informed on how we process and protect your personal information.

Note:

This policy was revised on March 6, 2024.