Data Privacy Statement

This Privacy Statement describes – inter allia – how we use, share and protect your personal data, the choices you have regarding your personal data, and how you can contact us. Wherever the term “the Business” is used to herein, it shall be understood as the sole proprietorship under the name “TERZIS PANOS ATHANASIOU” and the distinctive title “MESSIAH CLOTHING”, based in Chania, 65 Parigoria Street, 73100, with tax registration number in Greece 120241000 and general commercial register number in Greece 144814358000.

The protection of your personal data is important to us. We aim to be as honest and transparent as possible about the personal data we collect and how we process it. Our Business fully shares your concern about your personal data.

The Business sells a significant variety of clothing and other related products, such as hairdressing capes, both in its store and in its e-shop (www.messiahclothing.gr). In order to reward our customers, a program is planned to be created through the use of a member card. This privacy statement explains the types of personal data processed by the Business, how it is processed and the purposes of processing. This statement also explains the details of our processing of personal data for specific services we provide, for which we process additional information. This statement applies to all your interactions with the Business.

PERSONAL DATA WE COLLECT

Personal data is data that can be used to identify a natural person. You may be asked to provide personal information in the context of any communication, transaction and general interaction with the Business.

We collect only your absolutely necessary data, which are necessary for the purpose served.

The collection and general processing is carried out for various purposes which are described below. Among these purposes is our efficient operation and to provide you with the best experiences with our products and services. Some of this data is provided directly by you when, for example, you create an account in the Business’s e-shop, or when you purchase a product or when you contact us.

We rely on various legal grounds and rights (“legal bases”) for processing data, such as your consent, our legitimate interests, the need to enter into and perform contracts with you, and to comply with our legal obligations, for various purposes described below.

We may also obtain data from third parties. We protect the data we obtain from third parties in accordance with the practices described in this statement, as well as any additional restrictions imposed by the data provider.

When you are asked to provide personal data, you can refuse. However, some of our services and products require some of your personal data so that we can respond and provide you with the product or service. If you choose not to enter data that is necessary to operate and provide a product or service to you, you will not be able to use that product or service. Similarly, in cases where we are required to collect personal data under a provision of law or for the purposes of entering into or performing a contract with you, and you do not provide your personal data, we will not be able to enter into and perform the contract.

The data we collect may include the following:

Name and contact details. Your first and last name, email address, postal address, telephone number and other similar contact information. If you express an interest in working for the Business we may collect information from your CV, such as educational information, such as studies, skills, knowledge of foreign languages, work experience.

Credentials. Passwords, password hints, and similar security information used for authentication and account access.

Payment data. Data for processing payments, such as the number of your payment method (e.g. credit card number), as well as the security code associated with the payment method. When you choose to make payments by cards and similar payment methods, we may disclose your data to financial and banking institutions. In the case of refunds (e.g. for cancelled orders), we may require you to disclose personal data, such as your account details, in order to process your refund.

Interactions. Data relating to your use of the Business’s services. For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you have made, products added to or removed from your basket, wishlists of products you wish to purchase, voucher redemptions, websites you visit and how and when you contact us. Shopping interests and preferences, which help us to recommend specific products and services that interest you. Traffic data from our website or other websites you have browsed before us. Information collected from the use of cookies on your browser. Your social media username if you interact with us through these channels to help us respond to your comments, questions or feedback.

Videos or recordings. Recordings of events and activities at the retail store operated by our Business. If you visit our store or attend an event of our Business that is being recorded, your image and voice data may be recorded.

Comments and ratings. Information you provide to us and the content of messages you send to us, such as comments, survey data and reviews you write about a product.

Usage and device information. All web services have access to certain data sent from your device when you browse the internet. So we also receive data from your navigation in the MESSIAH CLOTHING e-shop, such as your IP address, the type and manufacturer of your device, the type of browser and operating system, the page you visit, the page that referred you to us, and your cookies. We use this data to ensure that our services operate safely and quickly, to improve the content we provide and to evaluate the effectiveness of the e-shop for your benefit. We may also use this data in combination with data you provide to us to show you personalized content that is likely to interest you.

COLLECTION AND USE OF NON-PERSONAL DATA

We also collect data in a form that does not automatically allow a direct link to a specific individual. We have the right to collect, use, transfer and disclose non-personal information for any purpose.

HOW WE USE PERSONAL DATA

The Business uses the data it collects to provide you with its services and products. The Business uses your personal data solely for the purposes for which it collects them. In some cases, and only if you expressly provide us with your consent, we use your contact details to send you promotional/information messages. We also use the data to conduct our business activities, which includes analysing our performance, fulfilling our legal obligations, developing our workforce and conducting research. For these purposes, we combine data that we collect from different environments. When we process personal data about you, we do so with your consent and/or because it is necessary to provide you with the products you use, to conduct our business activities, to fulfill our contractual and legal obligations, to protect the security of our systems and our customers, or to serve other legitimate interests of the Business as described in this section.

In particular, we use data:

• To provide our services, including to inform, ensure and address problems. It also includes the notification of data, when it is necessary for the provision of services or for the conduct of the requested agreements and transactions.
• To improve and develop our products.
• To personalize our products and make recommendations to you.
• For advertising and promotional purposes to you, which includes sending promotional material, sending informational material and promoting relevant offers.

The following sections describe data collection practices followed by the Business:

Create an Account. Users can create their personal account at www.messiahclothing.gr. Registration requires the completion of a form with personal information, full address, user’s contact details and a password.

Shopping through the e-shop. The Business provides its customers with the opportunity to purchase its products online through the e-shop. This possibility is provided to both registered users and non-registered visitors of our website. In order to complete an order, the following is required: the login of a registered user, which requires filling in the e-mail address (email) and personal password. Facebook login, during which our Business receives the public profile information and the user’s email address. Filling in a form with billing, payment and shipping details. In these cases, the Business processes your Data in order to fulfil its contractual relationship, to process the order of products and/or services, to provide customer service, to comply with legal obligations, to oppose, raise or exercise legal claims. If we do not collect your data when you complete the order either from our physical store or from our online store, we will not be able to process your order and comply with our legal obligations. We may need to transfer your data to third parties for the supply or delivery of the product or service you have ordered. In addition, we may retain your data for a reasonable period of time in order to fulfil our contractual obligations, such as product returns, as required by relevant legislation.

Contact. In cases where the users of our site wish to contact us, they send their message through a form, where their full name, email and phone number are also filled in. In these cases the Business uses your data to respond to the requests/questions you submit, refund requests and/or complaints. The information you share with us enables us to manage your requests and respond to you in the best possible way. We may also keep a record of your queries/requests to us so that we can better respond to any future communication. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests to provide you with the best possible service and to be able to improve our services based on your personal experience.

Competitions. In response to your wishes, the Business organizes competitions, which are mainly conducted through our website, Facebook and e-mail. Respecting your rights, we make sure that in addition to the terms and conditions we post a privacy statement for the personal data collected in the context of each competition.

Newsletters. Users who wish to be informed of news and promotions of the products of the Business, can subscribe to our Newsletter by providing us with their full name and email address. With your consent, we will use your personal data, preferences and transaction details to inform you via email, internet, telephone and/or social media about relevant products and services, including personalized offers, discounts, etc. Of course you have the possibility to withdraw this consent at any time.

Participation in bonus programmes. The Business processes your data for the purposes of your participation in bonus programs, i.e. both the processing of your participation application and the collection and redemption of points and the enjoyment of customer benefits in general, as detailed in the terms of participation of the bonus program. This enables us to offer you personalized offers that interest you.

MORE INFORMATION ON THE PURPOSES OF PROCESSING:

Protection of Rights. Protecting your account from fraud and other illegal activities: This includes using your Data to maintain, update and protect your account. We also monitor browsing activity with us to identify and quickly resolve any problems and protect the integrity of our website. All of the above is part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect possible false logins from unexpected sites. Operation of CCTV Systems: In order to protect our customers, premises, assets and partners from crime, we operate CCTV systems in our store that might record images for security. We do this based on our legitimate business interests. If case we discover any criminal activity or alleged criminal action via the use of CCTV, or in case of fraud and suspicious transactions, we will process this data for the purposes of prevention and detection of illegal actions. Our aim is to protect our customers, employees and colleagues from criminal activity. Processing payments and preventing fraudulent transactions: We do this based on our legitimate business interests. This also helps protect our customers from fraudulent activity.

Commercial transactions. We use data for the purpose of executing transactions. For example, we process payment information to provide customers with product subscriptions and use contact information to deliver products they purchase from the e-shop.

Reports and business activities. We use data to analyze our business. This allows us to make informed decisions and generate reports on the performance of our business activities.

Legal compliance. We process data for law compliance purposes. For example, we use the age of our customers to ensure that we meet our obligations to protect children’s personal data. We also process contact details and credentials to help customers exercise their data protection rights.

WHY WE SHARE PERSONAL DATA

We share your personal data upon your consent or as it is required, for the completion of any transaction or for the supply of any service you asked for or authorize us for. When you provide us with payment data, we will share your payment data with Bank Institutions or other similar entities that process payment transactions or provide other financial services, and for the prevention of fraud and for credit risk mitigation.

In addition, we share your personal data with our partners, affiliates and co-operators.  We also share our data with our suppliers or colleagues working for us, for the purposes as described in the current statement. In these cases, our colleagues shall comply with our personal data protection policy and safety requirements, and they are not allowed to use the personal data received from us for any other purpose.

Finally, we will reserve, obtain access in, transfer, transmit and retain personal data, including their content, when we have reasons to believe in-good faith that it is necessary for our compliance to valid legal procedure, which may also originate from national police forces or other state agencies.

 The Business shares your Data with: (a) third party service providers processing personal data on behalf of the Business, for example (non-exhaustive) for the process of credit cards and payments, transfers and deliveries, hosting, management and maintenance of our database, email distribution, research and analysis, promotion management of the brand and services, Google, Facebook, as well as the management of certain services and data. When we use third party providers we conclude agreements obliging them to apply all the necessary technical and organizational measures for the protection of your personal data, (b) other third bodies to the extent needed for the following purposes: (i) compliance with a state request, court decision or applicable law, (ii) prevention of unlawful use of websites and apps or breach of the Terms and Conditions of our website and apps and policies, (iii) our protection from third party claims, (iv) contribution for the prevention or investigation of fraud (e.g. counterfeiting), (c) to other third parties when you have provided your consent.

To provide our services and products, among others, we use the following companies, who will process your Personal Data as part of their contracts with us: LETS Digital Growth Services, ELTA Courier, Hellenic Post (ELTA), Google, Facebook, Instagram.

To the companies above, as well as to any other third party with whom we share your data:

• We provide only the necessary information for the performance of their specific services.
• They may use your data only for the designated exact purposes laid down in our agreement with them.
• We closely work with them in order to ensure that your confidentiality is respected at any time.
• If we do not use their services any longer, all of your retaining data shall be deleted or anonymized.

Data controllers on our behalf have been contractually agreed and bind with the Company:

• Treat your personal Data as strictly confidential.
• Not to transfer personal data to third parties without the permission of our Company.
• To impose and maintain appropriate safety measures.
• To comply with the legal framework concerning the protection of personal data, and especially with the Regulation 979/2016/EU (GDPR)

Moreover, when using certain Social Media components on our website, you may create a public profile, which will include information such as, username, profile photo and city. You may also make join use of your content with your friends or the general public, including information for your interaction with the company.

YOUR RIGHTS, ACCESS AND CONTROL OF YOUR PERSONAL DATA.

The General Data Protection Regulation provides a series of rights and choices, which we are bind to fulfill. Based on this, you may ask us:

• To inform you regarding the data we keep in relation to you and how we process them. If you wish, we may provide you with a copy of your Data without any additional charge (Right to Access)
• To rectify inaccuracies and/or mistakes, to complete incomplete data or to update your data (Right to Rectification)
• To erase your data, as long as there are no legitimate grounds for the processing (Right to erasure or ‘right to be forgotten’)
• To restrict the processing when a) the accuracy of the personal data is contested, b) you consider the processing as unlawful (but you do not wish the erasure of your data), c) when your data are no longer necessary for the purposes of the processing, d) for the time period pending the verification whether the legitimate grounds of the controller override those of the data subject.
• To object at any time for your own personal reasons, to the processing of data, especially for direct marketing and profiling reasons. Your objection may relate to your compliance with a decision we made by automated means. In the latter case, you may ask us to allow you to intervene (Right to objection – Automated individual decision-making)
• To provide your personal data in a structured, commonly used (usually machine-readable) format and have the right to transmit those data to another controller, if this is technically possible (Right to Data Portability)
• To do not process any longer your personal data, providing you the possibility to freely revoke your consent, which has been given to us.

You can address your requests to the contact form of www.messiahclothing.gr or to the email address messiahclothing.greece@gmail.com

Our Business will meet all your requests within one month. In extremely rare cases, where it is almost impossible for us to satisfy your rights, we will inform you immediately, explaining the reasons for our inability to do so.

COOKIES AND SIMILAR TECHNOLOGIES

Cookies are small text files that are placed on your device to store data and can be retrieved by a web server on the domain that placed the cookie. We use cookies and similar technologies to store and respect your preferences and settings, to provide you with the ability to log in, to fight fraud, to analyze the performance of our products, and for other legitimate purposes as described below. The e-shop www.messiahclothing.gr has the ability to use cookies as part of the facilitation and operation of services through its website, making the browsing experience more user-friendly. Cookies are small files (text files) that are sent and stored on the computer used by the user, allowing websites such as www.messiahclothing.gr to operate smoothly and without technical abnormalities, to collect multiple user choices, to identify frequent users, to facilitate their access to it and for statistical purposes, in order to determine the areas where the services of the online store are useful, popular or for marketing purposes. We use cookies to provide you with information and to process your orders. You should bear in mind that cookies are absolutely necessary for the proper and uninterrupted operation of the e-shop. The information stored in our website cookies is exclusively used by the e-shop and by partner companies such as Google for statistical purposes. Our website provides further configuration options for every cookie. Furthermore, the users can configure their server to not receive cookies, either in total or on a case-by-case basis, or choose to have them automatically deleted when leaving the website.

The Business uses cookies and similar technologies for different proposes depending the environment or product, such as:

• Preferences and settings. We use cookies to store preferences and settings on your device, and to improve your experience. By storing your preferences in a cookie, such as your preferred language, you don’t have to set your preferences repeatedly. If you choose to opt out of interest-based ads, we will store your preference to opt out in a cookie on your device.
  • Connection and authentication. We use cookies to verify your identity. When you log in to a website using your personal user account, we store a unique ID number and login time in an encrypted cookie on your device. This cookie allows you to move from one page of the site to another without having to log in again on each page.
  • Storage of provided information on a website.  We use cookies to store the information you have shared. When you provide information to Business, such as when you add products to a shopping bag on Business’s website, we store the data in a cookie so that we can remember the information.
  • Comments. The Business may use a cookie so that you can provide comments on a website.
  • Analysis (Performance Cookies).  We may use our own and third party cookies and other identifiers to collect usage and performance data. For example, we use cookies to count the number of unique visitors to a website or service and to develop other statistics about the functionality of our products. In any case, you reserve the right to disable the use of cookies for performance purposes at any time by selecting the “Cookie Settings” option in the pop-up window that appears when you browse our websites. In this case you may experience delays in your browsing of our website. Further, you can configure your server to not receive cookies, either in total or on a case-by-case basis, or choose to have them automatically deleted when you exit the website.
  • Advertising. We may use our own and third-party cookies and other identifiers to provide personalized advertising relevant to you, your preferences and interests. In any case, you reserve the right to disable the use of cookies for advertising purposes at any time by selecting the “Cookie Settings” option in the pop-up window that appears when you browse our websites. In this case, you will cease to receive advertisements related to your preferences.

Most browsers automatically accept cookies, but provide controls that allow you to block or delete them. Consult your browser’s privacy statement or help documentation for instructions on how to block or delete cookies in other browsers.

Certain features of the Business’s products depend on cookies. If you choose to block cookies, you will not be able to access or use some of these features.

OTHER IMPORTANT INFORMATION

Additional information on personal data protection is available below, such as, for example, how we safeguard your data, and how long we keep your data.

PERSONAL DATA SECURITY

The Business is committed to safeguarding your personal data. We use various security technologies and procedures to protect your personal data from unauthorized access, use or disclosure. For example, we store the personal information you provide on computer systems to which access is restricted and located in controlled facilities. We use a variety of technical and organizational measures to protect your personal data. The Business complies with applicable privacy laws, including breach notification laws. The e-shop’s website uses the SSL protocol, and/or other transaction security protocols of financial institutions and/or other legal entities treated as such (e.g. Viva Wallet) for secure online commercial transactions. In this way, e.g. your credit card data is encrypted, so that it cannot be decrypted or altered during its transfer on the Internet. In addition, the data used to identify you as an account user are two: the Username and the Personal Secret Security Code (Password). Each time you enter your details, you are granted access to your personal account. This process is achieved securely during their transfer to the Internet and the Business’s servers. Following the same standards, you are given the opportunity to change your Personal Secret Security Code (Password) as often as you wish. After entering the desired password, the new password is encrypted and stored in the systems of the Business and cooperating third parties, such as the companies that undertake the maintenance of our systems. For this reason, the only person who knows your password is you and you are solely responsible for maintaining the secrecy of the password from third parties.

These measures shall be reviewed and amended when necessary.

WHERE WE STORE AND PROCESS PERSONAL DATA

Your data is only transferred to entities located within the European Economic Area and therefore subject to strict EU legislation on the protection of personal data or to entities outside the European Economic Area that have your consent and/or the necessary certifications and commitments to comply with relevant European security standards. For example, pursuant to Article 45 GDPR, the European Commission has determined that there is an adequate level of data protection in the U.S., provided that the recipient of the data participates in the EU-U.S. Data Privacy Framework and has a relevant certification.

DATA RETENTION

The Business retains personal data for as long as your account is kept active and for as long as necessary to provide the products and process the transactions you have requested or for other lawful purposes, such as complying with its legal obligations, resolving disputes and enforcing its contracts. Because these needs may vary for different types of data, the context of our interaction with you or your use of our products, actual retention periods may vary significantly.

Some examples of customer data retention periods:

Newsletters. Your declaration of consent for sending the newsletter is kept for as long as the newsletter is sent to you by the Business and in any case not more than 30 days after you express your intention to stop sending it.

Guarantees. If your order included a guarantee, the relevant personal data will be kept at least until the end of the guarantee period.

CHILDREN’S DATA

We comply with the law and do not allow children to register on the site when they are under the age limit set by the applicable legislation. We will seek parental consent for children participating in the Business’s experiences and events. Even if parental consent is given, we will not knowingly ask children under this age limit to provide more data than is required to provide the product.

Parents may change or revoke previous consent options, as well as review, edit or delete personal data of children for which they have provided consent or authorization.

CHANGES IN THE CURRENT PERSONAL DATA PRIVACY STATEMENT

We update this privacy statement when necessary, to ensure more transparency or in response to:

• Comments from customers, regulators, industry representatives or other stakeholders.
  • Changes to our products.
  • Changes to our data processing activities or policies.

When we publish changes to this statement, we will change the publication date indicated at the beginning of the privacy statement. If there are material changes to the statement, such as a change in the purposes of processing personal data that differs from the purpose for which it was originally collected, we will notify you either by posting a prominent notice prior to implementing those changes or by sending you that notice directly. We encourage you to periodically read this statement to know how the Business is protecting your information.

This privacy statement is written in Greek and English. In case of doubt about the true meaning of the text, the Greek version shall prevail.

CONTACT US If you have any concern, complaint or question regarding the protection of personal data that you wish to address to the Business’s Data Protection Officer, please contact us by sending an email to messiahclothing.greece@gmail.com. We will respond to questions or concerns within 30 days. You may also raise a concern or file a complaint with a data protection authority or other official body with relevant jurisdiction.