|VERSION||DATE||DESCRIPTION OF MODIFICATIONS|
DOCUMENT’S GENERAL INFORMATION
|Summary||This policy sets out the framework of compliance of the business ………………. in accordance with the applicable personal data protection law|
- The privacy of our customers’ personal data and their protection is of paramount importance to us. We want you to feel happy and secure while visiting our website and consider applying the data protection as customer-oriented quality feature.
The Regulation requires the provision of information to the data subject, in order for data to be processed, be done in a concise, transparent, intelligible and easily accessible form.
For this reason:
- Our website concerns the sale of jewellery, watches and other related items. The transactions and the navigation within our website are carried out by using a secure server with 256-bit SSL Encryption Standard.
- The minor users of https://www.nataliantefajewellery.com have access to its services only with the consent of parents and/or guardians. Where the abovementioned conditions are not satisfied, these minors shall abstain from any effort to make use of its services, pages and content as a whole. If we notice that minors use our website and e-shop (e.g. product order), the minors’ personal data shall be deleted immediately and the transaction (e.g. sale) shall be
- What is the Personal Data and which of it do we collect?
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). Anonymous information is not meant as such.
Our website collects personal data when you a) register with us, b) fill in the contact form, c) sign up for our newsletter, d) use/order our products and/or services, e) visit our pages and/or log in to our marketing/advertising programmes, d) participate in competitions. The personal data collected is the minimum required for the completion of the above actions and it is identification data or communication data with you.
The following types of personal data, such as information related to your computer, your visit to our website and your activity, may be collected for the correct establishment of the connection, the convenient use of our website and the security of the system (e.g. IP address, date and time of access, type and version of browser, operating system and pages you preferred, etc.). Of course, the use of personal data shall be made, only if permitted by law.
We DO NOT collect special categories of your personal data, i.e. data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of a trade union, such as genetic data, biometric data for the undeniable identification of a person, data relating to health or data relating to the sexual life of a natural person or sexual orientation” (Article 9 (1) of the GDPR) or data relating to criminal convictions and offences (Article 10 of the GDPR). If you do not allow us to collect your personal data for the purposes listed here, we may not be able to provide you with our services in the best possible way.
- How and why do we use your personal data?
The use of your personal data is necessary for the performance of a contract to which you are a party, i.e. when you buy a product from our e-shop (sale, pricing, shipping of products, management of complaints) and for the compliance with our legal obligation, i.e. we archive data for accounting and tax purposes in accordance with Article 6 (1) (b), (c) and (f) of the GDPR. Moreover, we use your personal data for the management of our website, the provision of statistical information related to you to third parties, without, however, the recipients being able to identify you, and for the maintenance of the website and the linked security applications in order to prevent fraud.
- Advertising – Marketing
As long as you have given your explicit consent and depending on the personal data you provided, we create your use profile according to your personal interests and we will send you advertising sports relating to our activity (or to activities of carefully selected third-party businesses) via e-mail, SMS, Viber, etc. The legal basis for the processing of personal data is that laid down in Article 6 (1) (a) and (f) of the GDPR. You are able to stop receiving our newsletters at any time either by using the respective link to unsubscribe at the end of the message or by contacting the customer service centre or by sending e-mail at firstname.lastname@example.org
As long as you have given your explicit consent and depending on the personal data you provided, we create your use profile according to your personal interests and we will send you newsletters via e-mail, which shall provide information about the products, offers, competitions, etc. The legal basis for the processing of personal data is that laid down in Article 6 (1) (a) of the GDPR. You are able to stop receiving our newsletters at any time either by using the respective link to unsubscribe at the end of the message or by contacting the customer service centre or by sending e-mail at email@example.com
Cookies are small text files that a website stores on your computer or mobile device when you visit the site.
- First-party cookies are cookies set by the website you visit. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.
- Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser.
Cookies can also be used to establish anonymised statistics about the browsing experience on our website.
The website of “www.nataliantefajewellery.com” mostly uses first-party cookies. These are cookies set and controlled by “www.nataliantefajewellery.com”and the manager of the website you visit. However, to view some of our pages, you will have to accept cookies from external organisations.
The 3 types of first-party cookie we use are to:
- store visitor preferences
- make our website operational
- gather analytics data (about user behaviour)
Visitor preferences cookies
These are set by us and only we and the manager of the website you visit can read them. They remember:
- if you have already replied to our survey pop-up (about how helpful the site content was) – so you will not be asked again
There are some cookies that we have to include in order for certain web pages to function. For this reason, they do not require your consent. In particular:
- technical cookies – these are required by certain IT systems.
We use these purely for internal research on how we can improve the service we provide for all our users.
The cookies simply assess how you interact with our website – as an anonymous user (the data gathered does not identify you personally).
Also, this data is not shared with any third parties or used for any other purpose. The anonymised statistics could be shared with contractors working on communication projects under contractual agreement with “www.nataliantefajewellery.com”.
However, you are free to refuse these types of cookies – either via the cookie banner you will see on the first page you visit or via “……………analytics” service.
Some of our pages display content from external providers, e.g. Facebook, Linkedin and Twitter. To view this third-party content, you first have to accept their specific terms and conditions. This includes their cookie policies, which we have no control over.
But if you do not view this content, no third-party cookies are installed on your device.
- Third-party providers for the website of “www.nataliantefajewellery.com”
How can you manage cookies?
You can manage/delete cookies as you wish – for details, see aboutcookies.org
Removing cookies from your device
You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited.
Be aware though that you may also lose some saved information (e.g. saved login details, site preferences).
Exemption from the obligation to notify and obtain consent from the subscriber or user
As an exception from the obligation to notify and obtain consent, Article 4 (5) of Law 3471/2006 stipulates that the installation of cookies is permitted when “the sole purpose of which is the conveyance of information through an electronic communications network, or which is necessary for the provision of information society services explicitly requested by the user or subscriber”.
The exempt “cookies” are those which are necessary for the connection to the website or the provision of the internet service.
More specifically, the categories of “cookies” that fall within the above exemption, while the user’s consent is not required, are as follows:
- “Cookies” that are necessary for the identification and/or retention of the content that the subscriber or user inserts during a session on a webpage for the entire duration of the particular session. For example, such cookies are necessary for the completion of an electronic form by the user or the registration of the purchases made by the user through an e-shop (e.g. by selecting the button “add to the cart”). “Persistent cookies” fall within the same category; they are installed for the same purpose and last for some hours.
- “Cookies” that are necessary for the authentication of the subscriber or user to services that require authentication (e.g. during the carrying-out of an online bank transaction).
- “Cookies” installed in order to serve the purpose of the subscriber’s or user’s security, for example “cookies” that track repeated failed attempts to log in to a user’s account on a particular webpage.
- “Cookies” with multimedia content, such as flash player “cookies”, during the session on a webpage. Such cookies are for example the “cookies” installed by viewing a video on the website that the user has visited.
- “Cookies” that are necessary for the realisation of the technique of load balancing in a connection to a webpage of the internet.
- “Cookies” that “remember” the choices of the subscriber or the user concerning the presentation of the webpage (e.g. “cookies” concerning the choice of a language or the presentation of search results on a website).
- “Cookies” installed through plug-ins on social networking webpages and enable sharing of the content between the authenticated members that have already logged in.
You can set most modern browsers to prevent any cookies being placed on your device. However, in this case, you may then have to manually adjust some preferences every time you visit a site/page. Moreover, some services and functionalities may not work properly at all (e.g. profile logging-in).
Analytically, the cookies used by “www.nataliantefajewellery.com” are as follows:
|PHPSESSID||This is a session cookie. It is used to identify a unique session on this website.||nataliantefajewellery.com||Session||Functional|
|redux_current_tab||To store current tab.||nataliantefajewellery.com||7 days||Functional|
|tk_ai||To store a unique user ID||nataliantefajewellery.com||Session||Statistics
|wordpress_logged_in_[hash]||These are session cookies set for a user who is logged in||nataliantefajewellery.com||Session||Functional|
|wp-settings-[UID]||WordPress also sets a few wp-settings-[UID] cookies. The number on the end is the individual user ID from the user’s database table. These cookies are used to customise the view of the admin interface, and possibly also the main website interface. These cookies are set to expire 1 year after your last visit.||nataliantefajewellery.com||session||Functional|
|yith_wcwl_session_<COOKIEHASH>||This cookie is used by the PHP encryption language to allow SESSION variables to be stored on the web server. Essential for website access||nataliantefajewellery.com||365 days||Functional|
- As a rule, the transfer of your data to third parties is excluded.
Exceptionally, data is processed by processors on our order. These are carefully selected, controlled by us and are contractually bound in accordance with Article 28 of the GDPR. In addition, we may be required to send extracts of your request to counterparties (e.g. suppliers for requests relating to products) for the purpose of processing your request. These may be auditors and professional consultants (lawyers, accountants, bankers) and/or companies involved in the transport of products, professional service providers, such as marketing, advertising, support, optimisation, web hosting, payment control services, electronic crime prosecution and consumer protection services, and anti-fraud services for cases of malware, social media if you choose to link your account to these with our website. If your personal data is required in an individual case, we will notify you to obtain your consent. We are NOT transferring your personal data to recipients outside the European Union.
- Payment information
Your credit card number does not appear on our website as long as you choose this method of payment; it only stores the data necessary for the certification of each transaction by the following systems. The online store of the business accepts all Visa, MasterCard, American Express and Citibank credit cards. If you select a credit card as your preferred payment method, this procedure shall be carried out and completed through our trusted collaborator-banking institution providing all guarantees of security regarding online transactions. The clearance of credit card data is performed via two different banking systems: a) the system of Eurobank, and b) the system of the Authorised Payment Institution VivaPayments using the Redirect Checkout method, which ensures optimal security of transactions.
All stages of card charging process are certified in accordance with PCI-DSS, the globally recognised, obligatory standard for the certification of online transactions.
- Ensuring Privacy of Data Transfer
To ensure privacy of customers’ credit card data transfer, VivaPayments uses the EV SSL-128bit encryption protocol. The system has been implemented in partnership with Thawte, which specialises in transaction security issues. Based on this protocol, confidential data is stored only in encrypted form on the system, without a direct internet connection, and is transferred in encrypted form to cooperating banks.
- Controlled Access
The access to systems of banking institutions and VivaPayments are controlled by firewalls, which prohibit the access to systems and databases containing confidential data. To ensure maximum data protection, as imposed by PCI-DSS standard, banking institutions and VivaPayments use state-of-the-art systems to detect malware attacks (Intrusion Detection and Denial of Service Protection Systems). With regard to physical access, VivaPayments locates all its infrastructures in a certified Rackspace PCI-DSS data centre (Level 1 Certified Services Provider) in Great Britain, which is supervised online 24 hours a day, 7 days a week by Obrela Securities Industries. All systems have followed the strict hardening procedure in accordance with PCI-DSS standards.
- 1 Security of your personal data
We have effectively implemented both appropriate technical and organisational measures designed to implement data protection principles and to incorporate the necessary safeguards into the processing process so that the GDPR requirements are met and your rights are protected. We have also implemented appropriate technical and organisational measures to ensure that, by definition, only the personal data needed for the purpose of processing is processed. We have active procedures for controlling potential personal data breaches, and, in that case, we will immediately notify you as well as the competent supervisory authority.
- How long do we keep your personal information?
The computers and programmes we use are created in such a way to minimise the use of personal information and identification data. Such data is processed only to the extent necessary to achieve the purposes stated in this policy and will be stored for as long as it is strictly necessary to achieve the specific purposes pursued. In any case, the criterion used to determine the storage period is based on compliance with the deadlines allowed by law and the principles of minimising data, limiting the storage or rational management of our records.
- Learn your rights under the GDPR
If you are a resident of the European Union, you have the following simple wording:
- The right to information about how we use your personal information.
- The right of access, i.e. you can request a copy of the personal data we hold for you.
- The right of correction, i.e. to correct your personal data, which may be incomplete or inaccurate.
- The right to delete (the right to “oblivion”), that is to say, in certain cases, ask us to delete your personal data we hold (unless there is a legal reason to ban it)
- The right to restrict the processing of your personal data.
- The right to the portability of your data, that is to request a copy of your personal data in a common file format and forward the data to another company.
- The right to object to the processing of your personal data, e.g. for direct marketing purposes.
- The right not to subject the data subject to a decision taken solely on the basis of automated processing, including profile training, which produces legal effects affecting you or significantly affecting you in a similar way.
- The right of complaint to the competent data protection supervisory authority in the member state where you have your habitual residence or your place of work.
The above rights are subject to specific regulations on when you can practice them. You do not have to pay to access your personal data (or to exercise any of your rights), unless your request is unreasonable, repetitive or excessive, so we may refuse to comply. Please note that we may request some additional information to confirm your identity when requesting access to your rights or the exercise of any other right of yours and this as a security measure that your personal data will not be disclosed to others. We will respond to each request within one (1) month, if we need more time due to complexity or number of requests, we will inform you.
Please verify at regular intervals any amendments thereto.
- Data controller