What are you looking for?

Privacy Policy & GDPR

Who we are

Our website address is: https://adelinejewelry.gr/

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

DEFINITIONS

  • Personal Data: Any information that relates to and describes a person, such as: identification details (name, age, residence, occupation, marital status, job, financial situation, etc.). The person (natural person) to whom the data refers is called the Data Subject.
  • Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
  • Data Controller: The natural or legal person who determines the purposes and means of processing Personal Data, which in this case is the “Company”.
  • Data Processor: The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller.
  • Processing of Personal Data: Any operation or set of operations which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Third Party: Any natural or legal person other than the Data Subject, the Data Controller, the Data Processor, and the persons who, under the direct authority of the Data Controller or the Data Processor, are authorized to process personal data.

PRINCIPLES OF DATA PROCESSING

Our Company is committed to adhering to the following principles of Personal Data processing (Article 5 GDPR):

  • Lawfulness, Fairness, and Transparency.
  • Purpose Limitation: Personal data are collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Personal data are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy/Quality of Data: Personal data are accurate and, where necessary, kept up to date.
  • Storage Limitation: Personal data are kept no longer than necessary or as required by law.
  • Integrity and Confidentiality: Ensure security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  • Accountability Principle.

COLLECTION OF PERSONAL DATA

The Company collects information about its customers, among other things, in the following cases:

  • When customers contact us directly or visit the Company’s premises, for information about the services offered by our Company and subsequently for the service they choose.
  • If personal data are transferred to our website by companies, partners, or other third parties.

The Company also occasionally collects data from third parties that may legally transfer information about its customers to it or whose records we may legally access, such as external partners, credit and fraud prevention information providers, lawyers, public services (administrative, tax, judicial, regulatory authorities, insurance funds), or other public or private entities. The Company processes personal data for the purposes described in this Policy. The following categories of data about the Company’s customers may be collected and further processed, as described in this Policy:

  • Contact and Identification Information (e.g., Name, Address, City, Postal Code, Country, phone number, email, ID number, VAT number, passport, date of birth, etc.).
  • Payment Information (e.g., IBAN/Account Number, preferred payment method, etc.).
  • Customer History (as applicable, data concerning previous service provision by a third party to the customer to whom the Company provides its services).

ENSURING THE SECURITY OF PERSONAL DATA

The company ensures that personal data are processed by adhering to policies and procedures according to the purposes of processing. For example, the following security measures are used to protect personal data from misuse or any other form of unauthorized processing:

  • Access to personal data is limited to a specific number of authorized individuals for specific purposes.
  • The staff of the relevant departments involved in providing services to you is bound by confidentiality clauses, with graded and limited access only to the necessary data for completing the service provision.
  • Sensitive data are stored on computers with authorized access. Also, in printed form, they are locked in cabinets accessible only to authorized persons.
  • The Company selects reliable partners, who are contractually bound, according to Article 28, paragraph 4 of GDPR, to the same obligations regarding personal data protection. We also reserve the right to audit them (Article 28, paragraph 3, point h of GDPR).
  • The information systems used for data processing are technically isolated from other systems to prevent unauthorized access, such as through illegal access (hacking).
  • Additionally, access to these information systems is continuously monitored to detect and prevent illegal use at an early stage.

COOKIES

Like most websites, we use cookies and similar technologies when you access and browse https://adelinejewelry.gr.

Balancing our obligation to protect your data and the needs of https://adelinejewelry.gr, we use these technologies sparingly, aiming to make your browsing comfortable and effective and to obtain certain anonymized information regarding your visits. Cookies are small text files stored on your computer’s hard drive or another electronic device you use to access the website. Cookies are unique to each web browser (e.g., Google Chrome, Mozilla Firefox, etc.) and contain anonymized information about the websites you visit and the devices you use. By continuing to use https://adelinejewelry.gr without changing your settings, you agree to the use of cookies.

There are four main types of cookies, and here we show you how and why we use them:

  1. Cookies that ensure the use of the page – these cookies allow you to navigate our site and use our functionality, such as “Add to cart”!
  2. Cookies that measure navigation statistics – these cookies allow us to measure and analyze how our users use our site so that we can improve its functionality and your shopping experience.
  3. User preference cookies – when you browse or shop on https://adelinejewelry.gr, these cookies will remember your preferences (like your size or which products you viewed), making your browsing experience as good as possible and tailored to your needs.
  4. Targeting or advertising cookies – these cookies are used to show you ads as close as possible to your preferences – but not only that. Through these, we ensure that we do not show you ads continuously, but we can limit the number of times you see them, so we do not tire you out and have more effective campaigns.

DATA RECIPIENTS

The personal data collected by our website may be transferred to third parties, provided that the legality of the transfer is justified. Further, provided that the legality of the transfer is justified, personal data may be disclosed to the following categories of recipients:

  • Company employees or partners who may process the personal data of the customers of adelinejewelry.gr under its instructions.
  • Collaborating companies within their respective responsibilities.
  • External partners, who are contractually bound, according to Article 28, paragraph 4 of GDPR, with the same obligations regarding personal data protection.
  • Any supervisory authority, as required by the applicable supervisory framework.
  • Any public or judicial authority, as required by law or by judicial decision.

The Company uses various service providers, who cooperate in providing the services mentioned. Although the transmission of data via the internet or a website cannot be completely protected from cyberattacks, both the Company and our partners work to maintain physical, electronic, and procedural safeguards to protect our customers’ data.

PURPOSE OF DATA PROCESSING AND LEGAL BASIS FOR DATA PROCESSING

The processing of personal data is based on one of the legal bases mentioned in Article 6, paragraph 1 of GDPR. The legal basis on which each use of your data is based is specified for each processing purpose.

  • Provision of Services: Personal data deemed necessary for the provision of product marketing services (Article 9, paragraph 2a GDPR).
  • Legitimate Interests: e.g., to improve our services, prevent and detect fraud against us (Article 6, paragraph 1f GDPR).
  • Legal Obligations: For compliance with our legal obligations to police, regulatory, tax, accounting, auditors, judicial authorities, and services (Article 6, paragraph 1c GDPR). The provision of personal data, as mentioned above, is a legal obligation that depends on the specific request.
  • Processing of Special Categories of Data: According to Article 9, paragraphs 1 and 2 of GDPR, the processing of special categories of data is only permitted in the specific cases defined by law, among which is the provision of consent (Article 9, paragraph 2a GDPR).

The Company stores personal data for as long as required by the corresponding processing purpose and any other permissible related purpose. Data are retained for the duration of the service provision and, after its termination, for as long as provided by applicable law. Specifically, for data processed by the Company based on customer consent (e.g., for marketing purposes), these are kept from the receipt of the relevant consent until it is revoked. The Company restricts access to customer data to persons who need to use them for the specific purpose.

DATA SUBJECT RIGHTS AND EXERCISING THEIR RIGHTS

As Data Subjects, you have the right to request access to your personal data, rectification/deletion of your personal data, restriction of processing, the right to object to processing, and/or to exercise your right to data portability. If data processing is based on your consent, as Data Subjects, you can withdraw your consent at any time, with future effect. In detail, as Data Subjects, you have the right:

  • Access: The right to be informed about the processing of Data by the Company and the right to access them.
  • Rectification: The right to request correction or completion of your data if they are inaccurate or incomplete.
  • Erasure: The right to request the deletion of your data. This right can be satisfied by the Company if:
    • The data are no longer necessary for the purposes for which they were collected.
    • There is no other legal basis for processing, other than consent.
    • As Data Subjects, you exercise the right to object (see below under “f”).
    • The data were processed contrary to applicable legal provisions.
    • The data must be deleted to comply with a legal obligation. The Company reserves the right to refuse to satisfy the above right if data processing is necessary for compliance with a legal obligation of adelinejewelry.gr, for reasons of public interest, or for the establishment, exercise, or defense of legal claims (Article 17, paragraph 3 GDPR).
  • Restriction of Processing: The right of Data Subjects to mark the data to restrict their processing.
  • Portability: The right to receive the Data Subject’s data in a structured, commonly used, and machine-readable format and to request their transmission to another person who will process them (as indicated by the Data Subject).
  • Objection: The right of the Data Subject to object at any time to the processing of their data, including profiling.

VERIFICATION OF DATA SUBJECT IDENTITY

The Data Protection Officer must verify the identity of each Data Subject making an access request to ensure that information is given only to the person entitled to it. If the identity of the applicant has not already been provided, the person receiving the request will request two forms of identification, one of which must be a photo ID and the other proof of address. If the applicant is not the person to whom the data refer, written confirmation with a notarized signature is required, stating that the applicant is authorized to act on behalf of the Data Subject.

COUNTRY OF DATA PROCESSING

The personal data of the customers of adelinejewelry.gr are processed within the European Economic Area (EEA). In case a survey for providing services is required outside the EEA, it will be conducted upon the explicit consent of the Data Subjects (Article 49, paragraph 4a GDPR).

POLICY UPDATES

This Policy is revised when there is a significant change. The revision will be available on the website and at the Company’s reception. Any dispute arising from this Policy is subject to the jurisdiction of the Courts of Athens.