Who we are – Controller of personal data processing
Our company, under the trademark name “Alati Matthaiou”, which is located in BIPE Lamias is the controller of personal data processing.
The company complies with the General Personal Data Protection Regulation (Regulation 2016/679/EE) of the European Union for the protection of natural persons against personal data processing. The company undertakes the commitment to protect the personal data of visitors / customers of the e-commerce store or physical store and follow the legislative framework in force and in accordance with any changes to the applicable personal data protection legislation.
What types of personal data are collected and why
We do not keep or ask from the user / customer / visitor data that are identified as sensitive personal data such as data concerning health, political views etc.
Personal data is collected only if the person is willing to provide it. The ways of collection are mentioned below.
Read about the Cookies Policy in the related section: Cookies Policy
Forms of communication
If you contact us through our form of communication or leave a comment for a product, you will be asked to fill in your personal details like name/surname, phone number and email.
Phone / Online orders
When placing an order, you will be asked to fill in your personal data which are necessary for the completion of the order like name/ surname, address, phone number, email, tax code – trademark name – Tax Office (if the customer is a legal person). After the submission of the order the company collects the order history of each user. Under no circumstance can data, identified as sensitive personal data by the legislative framework, be collected.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
Although we do not share any of your personal data with third parties, for the completion of your order you are advised to offer your personal information (name / surname, address, phone number) to the courier companies in order to transfer the products you have bought to your place.
How long we retain your data
Your personal data collected for the completion of your order and the issue of legal tax voucher details are kept as long as required for the completion of your order and the response for any legal tax demands.
The data collected by the forms of communication, are not saved in our servers but are directed to our company email which is checked and read by authorized staff. They are kept for one month for the purposes and solely for the provision of each service and we do not use them for any promotional services.
How we protect your personal details
Our server is hosted in a secure data center. In collaboration with a web hosting company we provide a 24-hour monitoring for any purpose. There is also a specially regulated firewall and protective software against attacks.
Both the data processing of your details form the emails and the server control of our website are carried out by only one terminal computer located at the company’s facilities and the managers of our company exclusively.
What is the process against personal data violation
In the event of violation of communication privacy, which can lead to disclosure of personal data, within 72 hours from the acknowledgement of the event, we inform the responsible supervising authorities and the particular natural persons.
Although we are a company of no more than 250 people and we carry out an occasional processing of personal data or legal data we are obliged to keep a record of personal data processing. Our services aim at adults. In our website we do neither check the identity of the person nor do we consider our website harmful to teenagers. However if a teenager gains access to our website or signs up, we clearly consider that this action was under parental or guardian permission.
We are not obliged to recruit a controller of personal data processing DPO, since
- we are not a public service
- personal data processing is not our basic activity
- sensitive or legal data processing is not our basic activity
Risk evaluation for the processing of personal data
The word ‘risk’ is used by ISO standards to ‘quantify’ the possibility of appearance and severity of serious risks. The risk in our case is the violation of personal data privacy, meaning their disclosure and its severity is mentioned in the natural persons involved.
Taking into account the small amount of people and their personal data that we process in both our website and our physical store and the security control applied the possibility of risk is insignificant.
What are your rights
Every individual whose personal data is collected and processed have the rights above:
- right to be informed
- right of access
- right to rectification
- right to erasure/to be forgotten
- right to restrict processing
- right to data portability
- right to object
- right to automated decision making and profiling
- right to submit any form of complaint to supervising authorities
The person of interest has the right to have access to information concerning their personal data, object to their applicability in future promotional act, ask and ensure their partial or total erasure from the company’s files, ask rectification, be informed about the time and place of their initial accumulation by the company and finally, be informed about the applied methods of protection of personal data.
If you are an account holder / customer to this website or have left a comment you can ask for an export of your personal data file. You can also ask for the erasure of all your personal data. This does not include data that we are obliged to retain for administrative, tax, legal or protection purposes.
For any further information do not hesitate to contact us.