Our aim is to ensure that you feel safe on our site, so your privacy and the protection of your individual rights are important to us. For this reason, we would ask you to read carefully the summary below about how our website works. You can be assured that your data will be processed in a transparent and fair manner and that we will make every effort to handle your data carefully and responsibly.
The following Privacy Policy is intended to inform you about how we use your personal data in compliance with the strict requirements of data protection legislation, including the EU General Data Protection Regulation 2016/679 (GDPR).
Contact details of the controller and the data protection officer
The controller of the processing of your personal data collected through this website is the company "Aura Crete", located in Chania, Chania, Crete, Biotechnical Park of Chania, 73200 Chania, Greece.
E-mail: info@aurakritis.gr
You can contact the data protection officer of the controller at: info@aurakritis.gr
Framework and security of processing of personal data
We collect and use your personal data to the extent necessary to provide you with a functional website and to enable you to access our content and services, for example if you register on our website, log in to an existing customer account and order products, wish to contact us via the contact form, send us your CV, etc. The security of your personal data is a high priority for us. For this reason, we take appropriate technical and organisational measures to protect your data stored by us so that we can effectively prevent any breach of security, such as its loss and misuse by third parties. Our employees who are in charge of processing in particular personal data are bound by confidentiality obligations and are obliged to comply with them. Your personal data is protected by ensuring that it is transmitted in encrypted form; for example, we use SSL (Secure Sockets Layer) to communicate with your web browser. A padlock will be displayed by your browser so that you can see when an SSL connection is being made. In order to ensure that your data is protected at all times, technical security measures are regularly reviewed and adapted to new technological standards where necessary. These protection principles also apply to companies to whom we outsource the processing of data in accordance with our instructions.
Purposes of processing and legal bases of processing according to which your personal data are processed
We collect, process and use your personal data through this website for the following purposes:
Entering into and executing contracts, e.g. processing orders for the products and services we offer through the website,
Provision of newsletters and promotional activities, e.g. in case you subscribe to our Newsletter service,
Conducting market and customer service satisfaction surveys
Service and support for customers and visitors to the website, e.g. to respond to queries or complaints you send us via the contact form,
Create an account on the website, so that you can browse parts of the website that are only accessible to visitors who have an account and order products through our online store.
We collect, process and use your personal data in accordance with the following legal bases for processing:
Article 6(1)(a) of the GDPR serves as the legal basis for the processing activities for which we obtain your consent for a specific processing purpose. For example, under this legal basis, we process your personal data to provide newsletters, carry out promotions and targeted advertising, and conduct market and customer service satisfaction surveys. More information about the consent process for these purposes can be found below.
Article 6(1)(b) of the GDPR states that personal data may be processed for the performance of a contract. For example, under this legal basis we process your personal data when you purchase a product through our online store or when you submit a request to be informed about the repair status of a product.
This provision also applies to any processing activity necessary for carrying out activities at the pre-contractual stage. For example, under this legal basis we process your personal data when you send us your application online together with your CV to work for our company.
Article 6(1)(c) of the GDPR applies where we are bound by a legal obligation requiring the processing of personal data, for example to comply with tax obligations or obligations arising from consumer protection legislation. For example, under this legal basis we process your personal data to respond to queries or complaints you send us via the contact form and also when we are required to disclose information about your transactions with us to the tax authorities.
Article 6(1)(f) of the GDPR applies in cases where we pursue overriding legitimate interests. For example, under this legal basis we process your personal data to respond to questions or complaints you have sent us via the contact form and to evaluate your CV.
Duration of storage of personal data
We process and store your personal data only for as long as it is necessary to fulfil the purpose for which we collected your data or for as long as we are required to store it by law or regulation.
Personal data that we keep in the context of the execution of a contract for the purchase of products or services through the website are stored for a maximum period of 20 years.
Personal data that you have provided to us in order to contact us for the purpose of submitting a request, complaint or query is stored in our records until we can handle the relevant issue appropriately, as well as respond to your request, complaint or query.
Furthermore, the personal data you have provided to us for the purpose of sending newsletters, promotional material, targeted advertising and market and customer service satisfaction surveys are stored by us until you decide to unsubscribe from our relevant list or withdraw your consent. In the event that you ask us to unsubscribe, we will ensure that your information is promptly removed from the relevant list.
Use Cookies
We use cookies on our website. For more information, please refer to our Cookies Policy.
Providing information about our products and services, special offers and other messages such as newsletters
We use your data to send information you request about our products, services and other special offers to the email address you provide to us. This will only be done with your prior consent or where permitted by law. Consent to the above provision is governed by Article 6(1)(a) and Article 7 of the GDPR.
Sign up for newsletters, promotions and market and customer service satisfaction surveys on our website
You can subscribe to receive newsletters, promotions and market and customer service satisfaction surveys at no charge. When you register for the newsletter, promotions and market surveys, the data in the data entry form will be sent to us, i.e. at least your e-mail address and/or mobile phone number.
Registration is carried out using a "consent" process, through which you will receive an email upon registration. This confirmation is necessary in order to prevent anyone from registering email addresses that do not belong to them. Your consent to the processing of your personal data for these purposes is deemed to have been obtained by confirming your registration.
Sign up for newsletters and promotions in our stores.
If you register to receive information by email or sms in our store, we will store your email address in order to provide you only with information specific to your region about our products and services.
Providing information on the sale of products and services
If you purchase products or services from our website, we may send you information about our other similar products and services by email to the email address you provide even without your prior consent. In these cases, however, you will be able to unsubscribe from our newsletter mailing list by clicking on the link provided in each email.
Postal deliveries
We may also use your data to send you updates about our products, services and special offers by post without your prior consent. In these cases too, you can request that we no longer send you informative material by sending us a request to that effect.
We want you to find the emails we send you enjoyable to read, so we try to include only information that you may find interesting. Accordingly, where you have given us your explicit consent to make targeted advertisements based on your interests, we calculate and store the open and click-through rates you make when you are logged into your user profile. This information includes information about whether and when you open our emails, what content of those emails you click on and when, and about whether and why the emails we send you may not be received by you. In addition, we use this data for statistical purposes, which you can find out about by reading our Cookie Policy.
Of course, you can unsubscribe at any time to stop receiving such emails and information material by traditional mail, i.e. to withdraw your consent for the future. For this action, a corresponding unsubscribe link is provided in each email and newsletter. You can also contact us to withdraw your consent and unsubscribe at any time:
- via email: info@aurakritis.gr
You cannot unsubscribe from certain informational messages that are necessary for the performance of contracts and the operation of our website, including service-related emails (e.g. registration confirmations, customer service information) or information regarding purchases (e.g. order confirmations, contract documents, payment processing). You will receive these notifications to the contact information you provide.
Processing of personal data during communication, registration and submission of visitor orders
Contact
When you contact us by telephone, email or through the contact form, the information you provide will be stored by us in order to answer your questions under Article 6(1)(b), (c) and (f) of the GDPR, i.e. to perform the contract between us, to comply with our legal obligations and to deal appropriately with your requests, complaints and queries in accordance with our legitimate interests. The communication will be recorded in order to enable proof of communication in accordance with applicable law. The data collected in relation to the above will be deleted by us after such discussion has been completed and after the issue in question has been finally resolved.
Registration for the completion of online (online) Purchasing
When you purchase products or services on our website, we give you the opportunity to register on our website by providing personal data. This data is entered in a data entry form and is sent to us and stored by us. The registration is carried out for the performance of a contract or the carrying out of activities at the pre-contractual stage and is therefore based on Article 6(1)(b) of the GDPR.
For the conclusion and performance of contracts, we ask for contact details as appropriate, for example name, delivery address, billing address, e-mail address and information about the payment method you choose. We also use your data to maintain our customer data in accordance with the requirements of applicable legislation, where only data that is relevant is stored.
Visitor orders
You can submit orders as a guest. If you choose this way of ordering, you do not need to register before submitting your order. Please note that you will need to re-enter your data when submitting any future orders.
We collect, process and use the data you provide us with on visitor orders for the purpose of performing the contract in accordance with Article 6(1)(b) of the GDPR. We store the information you provide us with for the duration of the processing and execution of your order. Your data will then be deleted unless you decide to activate your customer account within a period of 14 days from the day of your order. The data we are required to store under our legal obligations regarding data retention will be kept for a maximum period of 20 years.
Miscellaneous
Under Article 6(1)(c) and (f) of the GDPR, we use and store your personal data and technical information if necessary to prevent or investigate misuse or other illegal behaviour on our website, e.g. to maintain data security in case of attacks on our information technology systems. In addition, we may take the above actions pursuant to orders from public authorities or courts, to the extent that we are required to do so by law, and also in order to protect our rights and interests and to afford us the opportunity for legal defence.
Transfer of personal data to third parties
When transferring your personal data, we ensure that the level of security is always as high as possible, and for this reason your data is only transferred to service providers and partner companies that are carefully selected in advance and bound by contractual obligations to observe strict measures to protect your personal data. We also only transfer your data to persons established within the European Union and the European Economic Area and therefore subject to strict EU data protection legislation or bound by an equivalent security standard.
Transfers between affiliates of the Enterprise
We transfer your personal data relating to the fulfilment of deliveries and services on our website to affiliated companies of the company within Greece for the purpose of storing them in central databases and for purposes relating to the internal billing and accounting of the company. This is mainly necessary to enable you to use all our services. If you wish to collect your order from a retail store, the store you have chosen will be informed of your order and will process it. If you contact a retailer or our customer service hotline in case of questions, complaints or returns, the retailer and the hotline will also have access to your order data in order to be able to deal with your problem.
Transmission to partner service providers
To operate and optimise our website, we employ various service providers to operate on our behalf, e.g. to provide central IT services, host our website, process payments and ship products, install equipment, or deliver newsletters. We disclose information necessary for the respective purposes to these service partners (e.g., name, address).
Some of these companies act on our behalf in the processing and fulfillment of orders and are therefore permitted to use the data provided solely in accordance with our instructions. In this case, we are legally responsible to ensure that these companies to whom we outsource the provision of services take appropriate data protection measures. For this reason, we agree on specific data protection measures with these companies and monitor these measures on a regular basis.
Contrary to the requirements on outsourcing, we transfer data to third parties in the following cases, where the third parties are themselves responsible for processing the data in question:
With regard to the dispatch of the goods, the data are transmitted to logistics companies or the postal service provider specified in the order.
With regard to the payment of the goods ordered, the data are transmitted to the provider who undertakes the payment or to a financial bank specified in the order. Where a credit card is used as a means of payment, a transaction-based security check will be carried out with the help of the provider responsible for making the payment, in order to prevent credit card fraud.
With regard to payment, we do not collect or store any information related to the payment, such as credit card numbers or account details. This information is sent exclusively and directly to the provider processing the payment. If a credit card is used as a payment method, the exception is a "false card number". In order to avoid having to re-enter your credit card details for each payment, a false card number is stored in your customer account. The false card number simply facilitates payment for the products and services on our site that you order through your customer account and is not identical to your credit card number.
Transmission to other third parties
Finally, we may transfer your data to third parties or government bodies under applicable data protection laws if we are legally obliged to do so (e.g. under a public authority or court order) or if we have a right to do so (e.g. because it is necessary for the investigation of criminal activity or to assert and exercise our rights and interests).
Your rights
Of course, you have rights concerning the processing of your data, which we inform you of below. If you wish to exercise any of the following rights, all you have to do is contact us. You may use the following contact details without incurring any additional costs beyond those charged to you by your communications provider to exercise your rights below and to send us any queries you may have about this Privacy Policy:
By email: info@aurakritis.gr
For your security, we reserve the right to obtain further information necessary to confirm your identity when we respond to an existing request. In addition, if identification is not possible, we reserve the right to refuse to respond to your request.
Right of access
You have the right to request information from us about your personal data that we store and process.
Right to rectification
You have the right to request the immediate rectification and/or completion of your personal data that we store and process.
Right to restrict processing
You have the right to request the restriction of the processing of your personal data stored and processed by us if you question the accuracy of the data, if the processing is unlawful and if the data is no longer necessary to us, but you do not wish the data to be deleted and you require the data for the establishment, exercise or support of your legal rights, or if you have notified your objection to the processing and you expect
