Terms of Use – Personal Data

Terms of Use - Personal Data

Data Protection Policy


Dear visitor,

Since 20.07.2020, Attica Department Stores Limited-liability Single-Member Company and Cosmobrands SA have been working together to offer you an online shopping experience without affecting the environment of the site that you are already familiar with (hereinafter and for the sake of brevity, “Cooperation”). Below are the general terms of use and data protection policy applicable to the site (A. Terms of Use for the Site), as well as the special terms of use and data protection policy  applicable to your browsing of the online store and your purchases (B. Special Terms of Use for online shopping).



A. Terms of Use for the Site

General Provisions

ATTICA DEPARTMENT STORES Limited-liability Single-Member Company (hereinafter the “Company”) operates the department store in CITY LINK Shopping Center located in Athens, at Panepistimiou 9 Str.; the department store in GOLDEN HALL Shopping Center located in Maroussi, Attiki; the department store in MEDITERRANEAN COSMOS Shopping Center located in Pylaia, Thessaloniki; the store in ATHENS MALL Shopping Center located in Maroussi, Attiki; and the department store located in the city center of Thessaloniki, at Tsimiski 48-50 Str.; as well as through the atticadps.gr website (hereinafter the "site"), offering the option of online shopping (hereinafter "shopping") under the following terms of use, which visitors / users are invited to read carefully and visit / use its pages / services only if they fully accept them. Making use of the pages / services automatically implies acceptance of these terms.

The visitors / users are responsible for their access to the services of the site and payment of any fees to third parties (e.g. internet services, charges for time spent in it). Also, they are solely responsible for their personal equipment with the necessary technological means allowing them to access its services.

For more information regarding the data protection policy, see below and in the relevant section.

Aside from the mentioned exceptions (proprietary rights of third parties, partners and entities), the entire content of the site, including images, graphics, photos, illustrations, texts, provided services, as well as all the files of this website in general are the intellectual property, registered trademarks and service marks of the Company and are protected by the relevant provisions of Greek law, European law and international conventions and treaties. Therefore, none of them, in whole or in part, may be sold, copied, modified, reproduced, reposted or uploaded, transmitted or distributed in any way. An exception is made for the one-time storage of a single copy of part of the content on a basic personal computer, for personal and neither public nor commercial use and without deleting the indication of its originating site, without any prejudice whatsoever to the relevant intellectual and industrial property rights. Users understand and accept that they may not reproduce, copy, sell, resell and / or commercially exploit, in any way, all or part of the site’s content.

Given the nature and size of the internet, under no circumstances, including negligence, shall the Company be held liable for any kind of damage to the visitors of the site’s pages, services, options and content which they proceed with on their own initiative. The content of the site is provided "exactly as is" without any warranty expressed or implied in any way. To the fullest extent and in accordance with the law, the company rejects all warranties, expressed or implied, including but not limited to those entailing merchantability and suitability for a specific purpose.

The Company shall not guarantee that the pages, services, options and content shall be provided without interruptions or errors and that the errors shall be fixed. Also, it shall not guarantee that the site or any other site or server through which they become available to the users / members shall not contain any viruses or other harmful ingredients.

The content and information contained in the site is offered to its visitors / users and to the web users community in general; the Company does not have control on the availability, the content, the data protection policy, the quality and thoroughness of services of other websites and pages to which it refers to through hyperlinks or banners. Therefore, for any problem that might occur while visiting / using them, users shall directly address the relevant websites and pages, which are fully responsible for the provision of their services. In no case shall it be concluded that the Company adopts or accepts the content or services of these sites and pages to which it refers to or that it is linked to them in any other way.

The above terms and conditions of use for the site, as well as any amendment thereof, are governed and complemented by Greek law, European Union law and relevant international treaties. In the event that any provision of the above terms becomes contrary to the law, it shall automatically cease to be valid and shall be removed from the terms herein, without any prejudice to the validity of the remaining terms. The terms herein form the entire agreement between the Company and the visitors / users of its pages and services and shall be binding only to them. No amendment to these terms shall be considered nor constitute part of this agreement unless formulated in writing and incorporated into it.

 

Newsletters - Informative Bulletins

The users entering their email in the relevant Newsletter field consent to receiving newsletters and offers pertaining to the physical Attica Department Stores and the online store.

The newsletters that the visitor / user of the website’s services receives by willfully subscribing to the mailing lists are the intellectual property of the Company and, therefore, protected by the relevant provisions of Greek law and international treaties. The Company reserves the right to not subscribe a person in the mailing lists or to erase that person from them. The Company may keep a file with the email addresses of the mailing lists subscribers in order to send them other messages of informative or financial nature, in addition to the newsletters, always with the user’s consent that is given upon registration to the site.

The Company shall not be held liable in case the newsletters are not delivered to their destination, although it shall make every effort with the ISPs (Internet Service Providers) to deliver them. Newsletters might end up in the "Spam" folder. If the user wishes to no longer receive newsletters or to unsubscribe form the newsletter mailing list, they may notify the Company through the contact form on the website or the relevant link that appears in the newsletters they receive. In any case, the user is entitled to all the rights granted to them by the General Data Protection Regulation, as listed in the special section below. The website uses a third party company for the tracking of the newsletters’ recipients, whose details are available upon request at info@atticadps.gr.

 

Use of cookies

We may use the information collected on this page, through automated means, to transfer personalized content, for market research, data analysis and system management purposes, to determine whether you have visited us in the past or you are a new visitor to the site, as well as to comply with our legal obligations, policies and procedures, including compliance with relevant industry standards and the enforcement of our Terms and Conditions. We may also use the information in other ways, for which special notice will be given at the time of collection.

Clarifications on the use of cookies

A cookie is a small string of information sent to the customer’s browser by a web server and stored on the customer computer’s hard drive. Cookies do not harm the customer's computer system and do not affect its functionality. Cookies also make browsing the web easier for the customer by saving their settings. The site uses cookies to provide specialized services and content that covers the interests of the user. The above cookies do not contain any identifiable personal information. Most browsers are set to accept cookies by default; however, usually the user has the option to set their browser to reject them. Even without cookies the customer may use most of the services of the online store.

Essential cookies: Essential cookies are strictly necessary for the proper functioning of the website, allowing you to browse and use the site’s features, such as access to secure areas, registration forms, favorites list, use of the shopping cart and for security reasons. These cookies do not read your personal identity. Without these cookies, our website cannot operate effectively.

Analytics and functionality Cookies

These cookies collect data on how visitors are using the website, which pages they most frequently visit and whether they receive error messages from websites. These cookies collect aggregated, anonymous information that does not identify visitors. They are used solely to improve the performance of a website and allow us to collect information about the use you make of our websites, including the content you select when browsing our websites, in order to measure the effectiveness and interaction between consumers and the website, as well as improve our pages over time. These cookies may be provided to us by third party providers of analytical tools, but are used only for the purposes related to our websites.

Targeting / advertising

These cookies are used to provide content that best suits the user and their interests. They can be used to send targeted advertising / offers, limit ad impressions or measure the effectiveness of an advertising campaign. We may use these cookies to remember the websites you have visited in order to determine which online marketing channels are most effective and allow us to reward external websites and affiliates who have referred you to us. For this purpose, the Company, under its cooperation with Cosmobrands and if the user consents to the Targeting - Advertising cookies, shall give notice that personal data shall also be processed by Cosmobrands.

 

Data Protection Policy

General Information

The following notice on the protection of your personal data indicates the way in which we process your personal data when you contact us or when you use any of our services.

The information is categorized. Therefore, if you wish so, you may easily select the purpose for processing of your personal data and receive the relevant information.

We shall inform you on:

-       Why we are responsible of processing your personal data;

-       What purpose we are processing it for;

-       Whether you are obliged to provide the relevant data;

-       Their storage period;

-       Whether there are other recipients of your personal data;

-       Whether we intend to transfer this data to another country, and

-       Whether we use automated decision making or profiling.

The data protection policy herein shall be reviewed regularly to make sure that it remains accurate and up-to-date.

 

Data Controller Details

ATTICA DEPARTMENT STORES LIMITED-LIABILITY SINGLE-MEMBER COMPANY is the controller  of your personal data.

There are many ways to contact us, including post office mail, phone, email, fax and electronic services.

Our postal address is:

ATTICA DEPARTMENT STORES LIMITED-LIABILITY SINGLE-MEMBER COMPANY

Amerikis 10

Athens, 10671

Syntagma

Call Center: +30 211 180 2500, Fax: +30 211 180 2514

Email : info@atticadps.gr

 

Data Protection Officer Details

Mr. Polychronis KOKKINIDIS is the Data Protection Officer for Attica Department Stores. To exercise your rights or for any other reason pertaining to data processed by Attica Department Stores included in the notice herein, you may contact him by email at dpo@atticadps.gr or through the postal address.

ATTICA DEPARTMENT STORES LIMITED-LIABILITY SINGLE-MEMBER COMPANY

Amerikis 10

Athens, 10671

Syntagma

Call Center: +30 211 180 2500 Fax : +30 211 180 2514

To the attention of the DPO

 

How we collect your personal data

Most of the personal information we process originates directly from you due to one of the following reasons:

For and through email

Marketing activities

Connecting to the department stores WiFi network

Filling in and lodging a complaint form

Sending – copying a CV

CCTV

Various accounting and procedural documents

 

Your rights regarding Personal Data

According to data protection legislation, you are entitled to rights for which we are obliged to inform you. The rights you may exercise are the following:

Right to access

At any given moment, you have the right to request that we provide you with copies of your personal data. There are some exceptions to the rule, meaning that you might not always receive all the data we process. You may find out more in articles 12 and 15 of GDPR ([1] Link to GDPR).

Right to rectification

At any given moment, you have the right to request that we rectify data that you consider inaccurate. In addition, you have the right to request that information you consider incomplete be completed. You may find out more on this right in articles 12, 15 and 19 of GDPR.

Right to erasure

In certain cases, you have the right to request that we erase your personal data. You may find out more on this right in article 17 of GDPR.

Right to restriction of processing

In certain cases, you have the right to request that we restrict the processing of your personal data. You may find out more on this right in articles 18 and 19 of GDPR.

Right to object to processing

You have the right to object to the processing of your personal data. You may find out more on this right in article 6 of GDPR.

Right to data portability

This only applies to the information you have provided us with. You have the right to request that we transfer the information you have given us to another organization or that we give it to you. This right applies only when we process information based on your consent or a contract and the processing is automated.

Clarifications on your rights

You may exercise the above rights free of charge; we shall reply accordingly within a month from receiving your request.

For more information on your rights and in case you want to submit a request for relevant information, please contact us at dpo@atticadps.gr




Data transfer

We shall not disclose your personal data to third parties for the direct promotion of products or services, unless you have been notified and you have given your consent, where required.

We use processors, i.e., third parties who provide services to us and are involved in the processing of personal data. In these cases, your data shall be kept secure and shall only be stored by the processors for an indicated period of time, that we shall set. This means that they shall not process your personal data any further, unless we explicitly instruct them to do so, nor transfer your personal information to other third parties.

In certain cases, we are legally obliged to transfer your data. For example, following a court order or when we cooperate with other supervisory authorities while handling complaints or audits. In any case, we shall do so only if there is a legal basis for the transfer of relevant information.

Lodging a complaint

In the event you believe that we are processing your personal data illegally or unlawfully, please let us know about it, by informing us of the specific case at dpo@atticadps.gr. If our reply is not satisfying to you, then you may lodge a complaint before the Hellenic Data Protection Authority at complaints@dpa.gr.

Children’s Data

As a precaution, we do not collect their personal data. However, we are sometimes provided with children’s data when providing a service. The information in the relevant sections of this policy applies to children as well as adults.

This policy is written in plain language so that a person of at least 15 years of age may understand its main points.

 

Natural Persons’ Data Processing

Contact through email

Short Description



Email[2]  account info@atticadps.gr allows any third person to contact our business. Contact can be made for any general question regarding products (e.g., prices, availability etc.), procedures (e.g., exchange – return of a product), complaints pertaining to customer service, information about opening hours and days etc.

Natural Person Legally Responsible vis-a-vis the Authority

Retail Management

Purpose for Processing 

To be informed of and handle the issues mentioned in each mail, to continuously improve the company’s customer service.

Types of Data Subjects

Any natural person making contact through the specific email address.

Types of Personal Data

Email address and / or name and / or surname and / or telephone number and / or postal address and / or any other information the data subject may choose to share. There is no data collection form template.

Data Sources

Incoming emails.

Types of Notification Recipients

Depending on the message – subject, it may be copied to partner suppliers.

Persons making contact:

Depending on the subject of each email, its details and content shall be processed by the following departments, jointly or separately: Retail Department, Marketing Department, IT Department, Commercial Department, Customer Service & HR Department.

Time-limit for Erasure

In order to ensure accountability as well as for internal audit purposes, any information gathered from the specific personal data input source shall be kept for a period of up to two years from the last communication, after which it shall be erased. 

Processor Information

None

Link to the contract with the processor

None

Transfer to Third Country

There is no transfer to a Third Country.

Location or data storage information system

Mail Server (Microsoft Exchange)

General description of organizing and technical security measures

Equivalent to those used for the company’s mail server and the measures applicable to the PCs of the natural persons in the Departments that are making contact.  

Link to the file with detailed description of the security measures

See section 3.2 security measures

Lawfulness of processing

Under article 6 (1) (b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

 

Clothing Repair Form

Short Description

The clothing repair form is to be filled in if a piece of clothing that the client has selected needs repair (e.g., minor tailoring). The form is necessary, as it constitutes proof that the piece of clothing remains in the store for repair and the customer can pick it up at the specific or after the specific date mentioned in it. 

Legally Responsible Natural Person vis-à-vis the Authority

Retail Management

Purpose for Processing

To provide tailoring services, link the piece of clothing to the customer, record the repair information.

Types of Data Subjects

Customer having purchased an item that needs tailoring.

Types of Personal Data

Name, surname, contact number.

Data Sources

Special Form

Types of Notification Recipients – Persons making Contact

Employees in the tailor section of each store, salespersons and cashiers who process the sales transaction with the customer.

Time-limit for Erasure

Personal data gathered through the Repair Form shall be stored for a period of up to 2 years from the date the customer received the item, after which its processing shall be terminated. 

Processor Information

None

Link to the contract with the processor

None

Transfer to Third Country

There is no transfer to a Third Country.

Location or data storage information system

From the moment the item is paid for at the store’s cash register and up until the day it is ready, the form shall be attached to the item and kept within the tailor's section of each store. The cashier shall then pick it up and hand it over to the relevant corner until the customer picks it up. When the item is picked up, the form is stored by the cashier making the transaction.

General description of organizing and technical security measures

Monitoring of the tailor section area by the supervisor and locking of the area after the section closes. Also, locking of the storage area where clothes are kept until the client picks them up.

Link to the file with detailed description of the security measures

None

Lawfulness of processing

Processing is based on article 6 (1) (b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

 

Right of Purchase Form

Short Description

Pertaining to the right of a store’s customer upon return of an item, in order to use – redeem it within 6 months from its issuance.

Legally Responsible Natural Person vis-à-vis the Authority

The Store’s Accounting Department Manager

Purpose for Processing

To link the the item’s return and the right of purchase to a specific person.

Types of Data Subjects

Data Subjects

Types of Personal Data

Name, surname, telephone number and place of residence.

Data Sources

Right of Purchase Form

Types of Notification Recipients – Persons making contact

Cashiers, store’s accounting department employees.

Time-limit for Erasure

10 years from issuance or the end of the fiscal year when there is obligation for tax return statement.

Processor Information

None

Link to the contract with the processor

None

Transfer to Third Country

None

Location or data storage information system

Hard copies shall be kept in folders in the store’s accounting department. Electronic copies are linked to accounting entries and stored in the Attica revenue management system (ProfitRMS).

General description of organizing and technical security measures

Physical locking and alarm system during closed office hours; and, the company security and privacy rules are applicable to the electronic form.

Link to the file with detailed description of the security measures

As relevant section for the electronic form (3.2).

Lawfulness of processing

Processing is based on article 6 (1) (b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; and (c): processing is necessary for compliance with a legal obligation to which the controller is subject.

 

Invoicing of Natural Persons

Short Description

Pertaining to natural persons - traders who make purchases within the department stores.

Legally Responsible Natural Person vis-à-vis the Authority

The Store’s Accounting Department Manager

Purpose for Processing

As per the provisions of the Greek Accounting Standards.

Types of Data Subjects

Traders - Natural Persons

Types of Personal Data

Name, surname, Tax Identification Number, Tax Office, Head Office Address, Business name, Telephone Number.

Data Sources

Form - Invoice Form

Types of Notification Recipients – Persons making contact

Store’s Accounting Department, Statutory Auditors, Cashiers.

Time-limit for Erasure

10 years from the date the cooperation ends; or, until the period for a tax assessment by the tax administration expires; or, until final judgment in a tax administration's claim following a tax audit; or until full amortization of the claim (Ministerial Decision1026 / 12.2.2018, Article 13 (2) of Law 4174/2013(Code of Fiscal Procedure), Article 7 of Law 4308/2014.

Processor Information

None

Link to the contract with the processor

None

Transfer to Third Country

There is no transfer to a Third country.

Location or data storage information system

Hard copies shall be kept in folders in the store’s accounting department.

Electronic copies are linked to accounting entries and stored in the Attica revenue management system (ProfitRMS) and in SAP.

General description of organizing and technical security measures

Physical locking and alarm system during closed office hours; and, the company security and privacy rules are applicable to the electronic form.

Link to the file with detailed description of the security measures
[3] 

 

Attica Member

Short Description

Pertaining to a card that the interested party, should they wish to obtain one, would have to fill in a relevant application form available in selected sale points within the department stores. Upon completion of the form, the interested party obtains the physical card, while the application form is kept in a folder which, through an internal distribution process, ends up in the competent department, where the data it contains is registered.

Legally Responsible Natural Person vis-à-vis the Authority

Marketing Department

Purpose for Processing

To contact and keep the card holder up-to-date regarding various events taking place in the department stores, offers, sales etc. and promotions.

Types of Data Subjects

Customers

Types of Personal Data

Required: name, surname, mobile phone number, email.

Data Sources

Application form

Types of Notification Recipients – Persons making contact

M-STAT SA, Client IQ, employees in the Marketing and IT Departments, as well as employees of the notification recipients.

Time-limit for Erasure

Up to two (2) years from the date the card holder withdraws their consent or ceases their card membership.

Processor Information

Μ-STAT SA , Client ΙQ

Link to the contract with the processor

Archived hard copy contract.

Transfer to Third Country

No transfer.

Location or data storage information system

Electronic copies are stored in the SAP, ProfitRMS, Amplify (ClientIQ) applications.

Hard copies: storage in marketing warehouses.

General description of organizing and technical security measures

The company security and privacy rules are applicable to the electronic form.

Link to the file with detailed description of the security measures

Section 3.2

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data.

 

Promotional Coupons

Area of activity 

Department Stores Management - Retail market

Short Description

From time to time in the department stores, there are various promotional activities requiring that a special coupon is filled in each time someone wishes to participate.

Legally Responsible Natural Person vis-à-vis the Authority

Marketing Department

Purpose for Processing

To participate in contests - prize draws, and for updates, contact, promotions.

Types of Data Subjects

Customers

Types of Personal Data

Name, surname, mobile phone number, email. Depending on the requirements of each promotional activity: date of birth, address of residence, landline number, family status, gender.

Data Sources

Physical Coupon

Types of Notification Recipients – Persons making contact

M-STAT SA, Client IQ, employees in the Marketing and IT Departments, as well as the store’s staff.

Time-limit for Erasure

Up to two years from the date of participation or until consent is withdrawn with regard to data processing for communication purposes, where applicable.

Processor Information

Μ-STAT SA , Client ΙQ

Link to the contract with the processor

Archived hard copy contract.

Transfer to Third Country

There is no transfer to a Third country.

Location or data storage information system

Electronic copies are stored in the Amplify (ClientIQ) application; scanned documents in FileServer. Hard copies: stored in marketing warehouses.

General description of organizing and technical security measures

The company security and privacy rules are applicable to the electronic form.

Link to the file with detailed description of the security measures

Section 3.2

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data.

 

Newsletter

Short Description

Attica Department Stores SA offers to the site’s visitors a subscription to a newsletter where they can get updated on fashion and the activities taking place in the department stores.

Legally Responsible Natural Person vis-à-vis the Authority

Marketing Department

Purpose for Processing

Updates, contact, promotions.

Types of Data Subjects

Site visitors - members

Types of Personal Data

Email, gender.

Data Sources

Data fill-in form at the site www.atticadps.gr

Types of Notification Recipients – Persons making contact

M-STAT SA, Client IQ, employees in the Marketing and IT Departments, as well as employees of the notification recipients.

Time-limit for Erasure

Up to two years from the date the holder withdraws their consent or does not wish to receive a newsletter anymore.

Processor Information

Μ-STAT SA, Client ΙQ, AtCom

Link to the contract with the processor

Archived hard copy contract.

Transfer to Third Country

There is no transfer to Third country.

Location or data storage information system

Electronic copies are stored in our Website application - Netvolution (ATCOM) and in the Amplify (ClientIQ) application.

General description of organizing and technical security measures

The company security and privacy rules are applicable.

Link to the file with detailed description of the security measures

Section 3.2

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data.

 

WiFi

Short Description

Attica Department Stores SA offers free WiFi use for up to 3 hours. Any visitor wishing to use the wifi service shall provide their email in the relevant field.

Legally Responsible Natural Person vis-à-vis the Authority

Marketing Department - IT Department

Purpose for Processing

Access to WiFi network, updates, contact.

Types of Data Subjects

Visitors, department stores employees.

Types of Personal Data

Email, gender.

Data Sources

Dedicated field in the WiFi application.

Types of Notification Recipients – Persons making contact

M-STAT SA, Client IQ, AtCom, employees in the Marketing and IT Departments, as well as employees of the notification recipients.

Time-limit for Erasure

Up to two years from the date the natural person withdraws their consent.

Processor Information

Μ-STAT SA, Client ΙQ, AtCom

Link to the contract with the processor

Hard copy contract.

Transfer to Third Country

There is no transfer to a Third country.

Location or data storage information system

Electronic copies are stored in our FreeWIFI application - Netvolution (ATCOM) and in the Amplify (ClientIQ) application.

General description of organizing and technical security measures

The company security and privacy rules are applicable to the electronic form.

Link to the file with detailed description of the security measures

Section 3.2

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data.

By filling in the required data, you consent to their processing and management, as per the terms of use and the data protection policy. I have read and agree to the terms of use and the data protection policy,

I wish to receive newsletters from Attica Department Stores Limited-liability Single-Member Company and Cosmobrands SA, responsible for the Attica online shop.

 

Contacting

By filling in he required data, you consent to their processing and management, as per the terms of use and the data protection policy. I have read and agree to the terms of use and the data protection policy, I wish to receive news about Attica and the online shop.

 

Complaint Form

Short Description

Through a special form located in the department stores, customers - visitors may express any complaints or make any comments on their experience during their visit or their transaction in the department stores.

Legally Responsible Natural Person vis-à-vis the Authority

Retail Management

Purpose for Processing

To improve customer service, respond to questions, resolve problems.

Types of Data Subjects

Visitors, consumers.

Types of Personal Data

Name, surname, telephone number, mobile phone number, email.

Data Sources

Complaint Form

Types of Notification Recipients – Persons making Contact

Retail and Store Management

Time-limit for Erasure

2 years from the date of last contact. 

Processor Information

None

Link to the contract with the processor

None

Transfer to Third Country

There is no transfer.

Location or data storage information system

In an Excel file subject to the security rules applicable to the company’s electronic records; and, in hard copy kept in lockers in the Retail Management office.

General description of organizing and technical security measures

The company security and privacy rules are applicable to the electronic form.

Lawfulness of processing

Processing is based on article 6 (1) (b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

 

Curriculum Vitae

Area of activity

Department Stores Management - Retail market

Short Description



Attica[4]  Department Stores SA offers free WiFi  use for up to 3 hours. Any visitor wishing to use the wifi service shall fill their email in the relevant field.

Legally Responsible Natural Person vis-à-vis the Authority

Marketing Department - IT Department

Purpose for Processing

Access to WiFi  network, updates, contact.

Types of Data Subjects

Visitors, department stores employees.

Types of Personal Data

Email, gender.

Data Sources

Dedicated field in the WiFi  application.

Types of Notification Recipients – Persons making contact

M-STAT SA, Client IQ, AtCom, employees in the Marketing and IT Departments, as well as employees of the notification recipients.

Time-limit for Erasure

Up to two years from the date the natural person withdraws their consent.

Processor information

Μ-STAT SA, Client ΙQ, AtCom

Link to the contract with the processor 

Hard copy contract.

Transfer to Third Country

There is no transfer to a Third country.

Location or data storage information system

Electronic copies are stored in our FreeWIFI application - Netvolution (ATCOM) and in the Amplify (ClientIQ) application.

General description of organizing and technical security measures

The company security and privacy rules are applicable to the electronic form.

Link to the file with detailed description of the security measures

Section 3.2

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data.

Annotations

Data is collected through the WiFi platform. The data is entered into the management system (netvolution) administered by Client IQ, which then enters it into the amplify system, from where marketing transfers it to mstat. The text informing the visitors is the following:

“By filling in the required data, you consent to its processing and handling, as per the terms of use and the data protection policy .

I have read and agree to the terms of use and the data protection policy,

I wish to receive Attica News.”

 

CCTV

Area of activity

Department Stores Management - Retail market

Short Description

The department stores are equipped with a CCTV system consisting of security cameras spreading throughout the area, which are controlled by screens located in a specifically configured area accessible only to authorized personnel, such as security and the management of each store.

Legally Responsible Natural Person vis-à-vis the Authority

Technical Services Department

Purpose for Processing

We use a surveillance system to protect people and goods.

Types of Data Subjects

Employees and department stores’ visitors.

Types of Personal Data

Image

Data Sources

Stores

Types of Notification Recipients – Persons making contact

Security services company, Security employees in the department stores, the department stores Management, the Technical Director.

Time-limit for erasure

Archives shall be kept for 15 days, after which they shall be erased from the server.

Processor  information

Security Services Companies.

Link to the contract with the processor 

Hard copy contracts.

Transfer to Third Country

There is no transfer.

Location or data storage information system

Specific recording servers.

General description of organizing and technical security measures

Limited passcode access.

Lawfulness of processing

Processing is necessary for the purposes of the legitimate interests pursued by the controller (article 6 (1) (f) GDPR).

Overriding legitimate interests

The subjects’ safety.

Annotations

As required by the Directive of 27/4/2016, relevant CCTV notifications have been made before the Hellenic Data Protection Authority; the department stores’ employees and visitors are informed through warning signs in the premises of each department store that CCTV is in use. Also, guidelines 3/2019 regarding the right to be informed on the processing of personal data through video surveillance services are observed and new templates have been adopted:

1.     Data controller:

ATTICA DEPARTMENT STORES S.A, Panepistimou 9, Syntagma, Athens, 2111802500

2.             Processing purposes and legal basis:

We use a surveillance system for the protection of persons and goods. Processing is necessary for the purposes of the legitimate interests we pursue as data controllers (article 6 (1) GDPR).

3.             Analysis of legitimate interests

Our legitimate interests lie in the need to protect our area and the goods in it from illegal acts, such as theft. The same is valid for the protection of life, physical integrity, health, as well as the property of our staff and third parties who are lawfully present in the surveilled area. We shall only collect image data and limit the recording to areas where we have assessed that there is an increased probability of committing an illegal act, such as theft, namely our cash registers, merchandise sale and storage areas and the entrance, without focusing on areas where the privacy of the persons whose image is captured might be excessively limited, including their right to respect of personal data.

4.             Recipients

The stored material shall be accessible only to our competent / authorized personnel charged with the area’s security. This material shall not transferred to third parties, except in the following cases: a) to competent judicial, prosecutorial and police authorities, when it includes necessary information for the investigation of a criminal act pertaining to persons or to goods owned by data controller, b) to competent judicial, prosecutorial and police authorities, when lawfully requesting data while performing their duties, and c) to the victim or the perpetrator of a criminal act, for data that might constitute evidence of the act.

5.             Storage period

We store data for up to 15 days, after which it shall be automatically erased. In the event that there is an incident during this time, we shall isolate a section of the video and store it for one (1) additional month, in order to investigate the incident and initiate legal proceedings to protect our legitimate interests; if the incident concerns a third party, we shall store the footage for up to three (3) additional months.

6.             Rights of the data subjects

Data subjects have the following rights:

·         Right to access: you have the right to know whether or not we are processing your image and, if we are, to receive a copy of it.

·         Right to restrict: you have the right to request that we restrict the processing, such as, for example, to not erase data that you consider necessary in order to found, exercise or support legal claims.

·         Right to object: you have the right to object to the processing.

·         Right to erasure: you have the right to request that we erase your data. 

You may exercise your rights by email at dpo@atticadps.gr or letter to our postal address or file your request in person at the store’s management. To review a request relating to your image, you must determine when approximately you were within range of our cameras and provide us with an image of you, in order to more easily trace your data and hide the data of pictured third parties. Alternatively, you may come to our facilities so that we show you the images in which you appear. Please note that your right to object or erase does not imply immediate data erasure or processing modification. In any case, we shall reply to your request in detail as soon as possible, within the time period set by GDPR.

7.             Right to lodge a complaint

If you consider that the processing of your personal data is in violation of Regulation (EU) 2016/679, you have the right to lodge a complaint with a supervisory authority.

The competent supervisory authority for Greece is the Hellenic Data Protection Authority, Kifissias 1-3, 11523 Athens, https://www.dpa.gr/, tel. 2106475600.

 

TAX FREE

Short Description

This process pertains to VAT refund to non EU citizens. In order for the customer of a third country (non EU) to receive a VAT refund, they shall proceed to the transaction in a dedicated area of the department store, where sharing personal data shall be necessary for the purposes of the transaction.

Legally Responsible Natural Person vis-à-vis the Authority

Retail Management

Purpose for Processing

VAT refund services

Types of Data Subjects

Customers - non EU citizens

Types of Personal Data

Passport number through which the necessary data is collected.

Data Sources

Special form, as presented in the annex[5]  below.

Types of Notification Recipients – Persons making contact

Global Blue, staff charged with tax free services (cashiers, accounting).

Time-limit for erasure

10 years from the date of transaction / issuance; or, until the period for a tax assessment by the tax administration expires; or, until final judgment in a tax administration's claim following a tax audit; or until full amortization of the claim (Ministerial Decision1026 / 12.2.2018, Article 13 (2) of Law 4174/2013(Code of Fiscal Procedure), Article 7 of Law 4308/2014).

Processor information

Global Blue

Link to the contract with the processor 

Hard copy contract.

Transfer to Third Country

There is no transfer.

Location or data storage information system

An electronic form is stored in the SAP and Profit MRS application.

General description of organizing and technical security measures

Hard copy: storage in an accounting storage area. Electronic form dtored in the SAP and Profit MRS application.

Lawfulness of processing

Processing is based on article 6 (1) (b):processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; and (c): processing is necessary for compliance with a legal obligation to which the controller is subject.

Annotations

Tax free services are provided on the basis of a signed agreement.

 

Miscellaneous Procedural Documents / Downpayment form

Short Description

If a customer wishes to buy an item which they cannot pay in full, they may pay 20%-30% of the price as downpayment and reserve the item for a short period of time. The amount payed and some details are outlined in a form attached to the item to be purchased, for reservation and identification purposes.

Legally Responsible Natural Person vis-à-vis the Authority

Retail Management

Purpose for Processing

Item reservation and identification on behalf of the customer.

Types of Data Subjects

Customers

Types of Personal Data

Name, surname, telephone number, address of residence.

Types of Notification Recipients – Persons making contact

Cashiers, salespersons, employees of the store’s accounting department.

Time-limit for erasure

10 years from the date of issuance.

Transfer to Third Country

There is no transfer.

 

Miscellaneous Procedural Documents / Locker form

Short Description

Our department stores offer Locker services that allow customers to leave their personal items, at their own risk, in a dedicated area with a lock and the customer holding on to its key, so that they feel comfortable while shopping.

Legally Responsible Natural Person vis-à-vis the Authority

Retail Management

Purpose for Processing

Safe keeping of personal belongings.

Types of Data Subjects

Customers

Types of Personal Data

Name, surname, telephone number, email.

Data sources

Special form

Types of Notification Recipients – Persons making contact

Cashiers, store’s management.

Time-limit for erasure

Data is erased the moment the customer collects their belongings.

Processor information

None

Link to the contract with the processor 

None

Transfer to Third Country

There is no transfer.

Location or data storage information system

In the cash register area next to locker facilities.

General description of organizing and technical security measures

Limited access only to personnel working in the specific cash register.

Lawfulness of processing

Processing is based on article 6 (1) (b):processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Annotations

Name and Surname ____________________________________________________________

Telephone number ________________________________      Email   ____________________

I authorize ATTICA DEPARTMENT STORES SA, its responsible employees and third partner companies to use the above personal data, which I consent to provide, for the purposes of the locker service. I am aware of my right to request access, rectification, erasure of my personal data, restriction of processing, to object to processing and request data portability. The above data shall be stored by Attica Department Stores Limited-liability Single-Member Company for the time period necessary to fulfill the above purposes. In the event that I have not collected my personal belongings after the store’s opening hours, I hereby authorize Attica Department Stores to open my locker and remove my items; I acknowledge that, if I do not collect my items within 15 days from the day I used the locker services, Attica Department Stores Limited-liability Single-Member Company shall not be liable for their condition or loss. For further information or clarification regarding the General Data Protection Regulation, you may contact us at 211 180 2500, dpo@atticadps.gr. Any complaints regarding violation of the above may be lodged before the Hellenic Data Protection Authority, tel. 2106475600, Kifissias Av. 1, Athens, 11523, complaints@dpa.gr. Data Protection Officer, Mr. Polychronis Kokkinidis, 6974 380 953.

Date _____________________              Signature




Call Το Shop – Purchases through bank deposit - Home Deliveries

Area of activity

Department Stores Management – Retail Market

Short Description

1.     Call To Shop is for customers who are not able to visit one of the physical Attica department stores. For customer service purposes, the customer may place an order by telephone at 2119900000 and express an interest in purchasing one or more items. Payment methods are: money deposit in an Attica Department Stores bank account or cash on delivery. The order shall be delivered by the cooperating courier company or the company’s drivers.

2.     Money deposits in an Attica Department Stores bank account shall also take place in case the customer wishes to pay in cash for any amount over 500 Euro and proof of transaction is required, according to Law[6] …………..

3.     Lastly, in order to provide swift services and for the client’s convenience, home delivery service is available to customers shopping at the store who wish to have their purchases delivered at home.

Legally Responsible Natural Person vis-à-vis the Authority

Retail Management

Purpose for Processing

1. Customer service - facilitating the customer in placing and completing an order remotely.

2. Performance of a contract for home delivery of items purchased by the customer, a legal obligation.

Types of Personal Data

Name and surname of the customer and the recipient, telephone number of the customer and the recipient, delivery address, customer’s email, customer’s bank account number.

Data sources

Contact with customer through telephone or email, book / “DELIVERY ORDER FORM”.

Types of Notification Recipients – Persons making contact

Customer service department, main cash register, accounting department, courier company, customers.

Time-limit for erasure

1. For customers having been served through email, their data shall remain in a dedicated folder in the incoming customer service email account for up to 2 years from the date of purchase after which it is erased.

2. The book of “DELIVERY ORDER” shall be kept in a locked cabinet at the main cash register for up to 2 years from the date of purchase after which it shall be destroyed.

Processor  information

None

Link to the contract with the processor 

None

Transfer to Third Country

There is no transfer.

Location or data storage information system

1. Email, if the service has been provided electronically.

2. The book of “DELIVERY ORDER” is kept in a locked cabinet at the main cash register.

General description of organizing and technical security measures

Limited access only to the store’s management, cashiers and Customer Service.

Lawfulness of processing

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

 

Β.  Special Terms of Use for Online Shopping from the Attica Department Stores e-Shop

1. Introduction

Atticadps.gr/eshop is an e-shop for products and services through the Internet (hereinafter referred to as “e-shop” or “website” or “webpage”) created and operated by COSMOBRANDS LIMITED LIABILITY TRADE COMPANY FOR COSMETIC HEALTHY FOODS AND BABY CARE PRODUCTS, headquartered in Athens, Amerikis street number 10, legally represented, with Tax Identification Number 800398464, Tax Office of F.A.E Athinon, General Electronic Commercial Registry number 120195201000, contact email eshop@atticadps.gr, customer service call center for the e-shop 2111883079, cooperating with Attica Department Stores SA (hereinafter for the sake of brevity referred to as “Cosmobrands”). The following terms and conditions shall apply to any use of the e-shop bearing the Attica trade mark at the electronic address https://atticadps.gr/eshop. Any user entering and transacting or using the e-shop services (hereinafter, for the sake of brevity, referred to as “visitor” or “user” or “customer” depending on whether they are merely visiting the e-shop or placing an order and purchasing products and services) is considered to consent to and unreservedly accept the following terms detailed herein without any exception. If a user does not agree with these terms, then it is their responsibility to refrain from visiting, using the website and also proceeding to any transaction or using the e-shop services. However, any action from the user at atticadps.gr/eshop, such as, indicatively, browsing the website or subscribing to the Cosmobrands newsletter or purchasing any products, is considered as unreservedly accepting the Terms of Use herein.

Cosmobrands reserves the right to unconditionally amend or revise the terms and conditions of use and transactions for atticadps.gr/eshop, whenever deemed necessary, while assuming the obligation to inform consumers on any change within the e-shop page. Any amendment shall take effect on the day they are posted in the website herein. It is clarified that any change in the Terms of Use herein does not include purchase orders the customer has already placed in our e-shop prior to the amendments entering into force as per the above. Using atticadps.gr/eshop after the above amendments is considered as accepting the Terms of Use, as amended. Any contract through the e-shop is drawn up in Greek.

2. Provided information and Products

Cosmobrands is committed to the accuracy, truthfulness and thoroughness of the information provided at atticadps.gr/eshop, pertaining to the Company’s identity and the services provided through the e-shop. Cosmobrands, acting in good faith, shall not be liable nor bound by data entries made by mistake / oversight, by common experience, and shall be entitled to rectify it whenever noticed. The above guarantees are contingent upon relevant technical or typographical errors which cannot be predicted or have occurred unintentionally or due to interruptions in the operation of the website herein or due to force majeure.

3. Limitation of liability

In the context of its transactions through atticadps.gr/eshop, Cosmobrands shall not be responsible nor liable for the compensation of any damage or loss that might occur from order cancellations, non performance or delay in their performance, for any reason. While it does not guarantee the availability of the products displayed at atticadps.gr/eshop, it informs the interested customer based on the relevant information on availability and, in case this information changes, promptly informs the customers on the lack of availability, bearing no further responsibility. Atticadps.gr/eshop has taken all necessary technical and other measures in order to promptly update the available quantity of our products; however, it expressly reserves its rights regarding the veracity of the available quantities of products at atticadps.gr/eshop, as the update might be complete within one (1) hour from the moment of change.

In the context of good faith and fair practice, the Company shall not be obliged to accept a purchase order and enter into a sale of products and / or services which, due to a typographical or clerical error, appear at atticadps.gr/eshop with an incorrect price, i.e., less or greater than the one applicable for that period. If, in an order, such a pricing error is found only in part of the ordered products, then the order shall be valid and properly performed for the other products, while deemed incomplete for the products in which the error was found, unless all items in the order are related, or intended to be used as a whole and operate as a unit and the Customer states that partial fulfillment of the order does not serve their needs or interests, in which case the Company shall cancel the entire order.

The e-shop provides the content (for example, information, names, photos, images), the products and services available through the website “exactly as they are”. Under no circumstances shall the Company  hold any civil or criminal liability for any damage (direct, special or consequential, which indicatively and not restrictively, alternatively or / and cumulatively, consists in loss of profit, data, monetary satisfaction etc.) that an e-shop visitor or a third party might suffer for reasons related to the operation or not and / or the use of the website and / or the inability to provide services and / or products and / or information available in it and / or to any unauthorized third party interference with products and / or services and / or information available through it.

4. Product availability

The customer is informed of product availability through indications on the page for each product or service at atticadps.gr/eshop. More specifically, for each non available product the link “BUY / ADD TO CART” is inactive, while the message “Out of stock” appears instead. Cosmobrands reserves its rights regarding the availability of its products if these are not available at the time of order. In that case, Cosmobrands reserves the right to not accept the specific purchase order and, therefore, to not make the sale. Any payment shall be returned to the customer without undue delay, in the same method the customer chose to pay for their order. The following are exceptional cases of availability:

-      Products marked SALE -X% or WEB ONLY SALE: the prices are valid while stock lasts. Purchase orders for these products are carried out by strict order of priority.

-      SAMPLES: samples are distributed for free by the Company to the customer with any purchase order for beauty products, as a purchase reward. More specifically, the customer, depending on the value of their order, may select a specific quantity of samples which shall be added to the order free of charge. These samples are subject to strict order of priority in the performance of purchase orders, as they are available in limited quantities and the Company reserves its rights regarding their availability if these are not available at the time of purchase.

The Company reserves its right to inform the customer of any occurring reasons rendering the product non available or for possible (new) times of delivery if there is cause for late delivery. In that case, if deemed that the delay makes the transaction unprofitable for the customer, the customer may unilaterally cancel the purchase order with a written statement (by email to eshop@atticadps.gr). In the event that the order is cancelled and the sales agreement is therefore terminated, the Company shall return the full amount paid by the customer without undue delay.

The availability of products offered for sale through the e-shop might differ from the availability of products offered for sale through the physical stores. Therefore, there are products that might be available for purchase from physical stores and not from atticadps.gr/eshop, and vice versa.  This is due to the limited availability of these products. Web Exclusive products offered for sale only through the e-shop make for an exceptional case, where purchase orders are carried out by strict order of priority.

5. Intellectual property rights

The full content of the e-shop, including trade signs, trademarks, images, graphics, photos, illustrations, texts etc., is either the intellectual property of Cosmobrands and protected by the relevant Greek and European law and international treaties or the intellectual property of third parties that Cosmobrands is licensed to use exclusively for its own needs and the operation of the e-shop. It is prohibited to copy, transfer or create derivative work based on this content or mislead the public regarding the true provider of the e-shop. Any reproduction, republishing, uploading, announcement, dissemination or transmission or any other use of the content in any way or means for commercial or other purposes is permitted only upon prior written consent by Cosmobrands or any other copyright beneficial owner. Any names, images, logos and insignia listed and describing atticadps.gr/eshop bearing the trademark atticadps.gr/eshop or the products or services of Cosmobrands or third parties constitute the property of Cosmobrands or third parties respectively and are protected by the relevant trademark laws. Their use in atticadps.gr/eshop does not in any case grant to third parties any license or right to use them.

6. User Registration

User registration in atticadps.gr/eshop is optional. Each customer registers only once. The customer, using the unique combination of Email Address ("EMAIL") and a chosen and entered Password, is able to:

-      See the content of their shopping cart (“My Cart”). The Cart displays the products that the customer has selected to order. The customer may place purchase orders for products, review or edit them (deletion of items, change of quantities) at any time until completion of the order.

-      Complete their order and pay by selecting one of the payment methods available at atticadps.gr/eshop.

-      See their previous orders,

-      Edit the Customer information in their Account.

User registration and participation is complimentary, personal, non-transferable and unassignable. The user is responsible for the information they provide to the Company and the website is based solely on their statements regarding their personal information. Any details entered during registration shall be complete, truthful and up to date. In case a legal entity is registered as a user, the name of the contact person as well as the full business name of the legal entity must be mentioned. In case any information changes, the user is obliged to immediately inform atticadps.gr/eshop about the new information so that it always remains complete and truthful.

Any personal data entered by the user during their registration is processed by the Company for the sole purpose of (a) creating an account at atticadps.gr/eshop, (b) contacting the user regarding their transactions (for example, to make sure that there is a way to contact the user, to complete, send and deliver their order, to make a full and secure financial transaction) and (c) updating, advertising and promoting the Company’s products and services, including its cooperation with third parties. The terms and Provisions of the Data Protection Policy are applicable to the collection and processing of personal data.

By registering as per the above, the user gives their explicit consent to the collection and processing of their data under these Terms of Use and Data Protection Policy, which Terms and Policies they declare to have read, understood and accepted fully and unreservedly. The user may at any time withdraw their consent for the collection and processing of their personal data they provided to us as per the above, and delete themselves as a user, by sending a relevant email to eshop@atticadps.gr. The user may at any time access their data, or may also at any time request the immediate deletion or rectification of their data, the temporary non-use of their data by atticadps.gr/eshop, their restriction or non-transmission, following the same email procedure as above. Personal data shall not be disclosed to any third party and shall be managed exclusively by the company for specific purposes.

7. Newsletters - informative bulletins

Users entering their email address at atticadps.gr/eshop agree to receive newsletters & offers regarding both the attica department stores e-shop and the physical attica department stores.

The newsletters the website visitor / user receives upon willfully subscribing in the mailing lists are the intellectual property of the Company and are, therefore, protected by the relevant provisions of the Greek law and international treaties. Cosmobrands reserves the right to not subscribe a person to its mailing lists or to delete a person from them. Cosmobrands may keep a file with the recipients’ emails in order to also mail messages of informative or financial nature apart from newsletters, always with the user’s consent which is given upon registration to the site.

Atticadps.gr/eshop is not responsible if the newsletters are not delivered to their destination, although it makes every effort with ISPs (Internet Service Providers) for their delivery. Newsletters may end up in the "Spam" folder. In the event that the user wishes to no longer receive newsletters or to unsubscribe from the site's newsletter system altogether, they may notify Cosmobrands using the site's contact form or the corresponding link in the received newsletters. The website uses a provider (3rd party company) for tracking newsletter recipients.

8. Online shopping process

The visitor may use the categories found in the site’s main MENU, browse them and find the product they are looking for. The user may also use the product search function through which they may find products based on their search terms. The user may then add the products to the Cart from the product page by clicking on the link "ADD TO CART". The visitor may see their cart by clicking on the link "My cart" located at the top right of the website, while they may use the delete link from the cart to remove products from the cart before completing the order.

To complete an order, the user of atticadps.gr/eshop has the following options, (a) to create an account through "User Registration" as detailed above (b) to continue as a "Visitor". To complete the purchase the user must click on the link "ORDER CONFIRMATION" and they shall then receive an email with the code number and the details of the purchase order. If the user selects the "Credit, Debit or Prepaid Card" payment method, as soon as they click on the link "ORDER CONFIRMATION" they shall be automatically transferred to the Eurobank Bank environment to pay for the products and they shall then receive an email with the code number and the details of the purchase order.

8α. Pricing Policy

The listed final prices of the products include VAT. Atticadps.gr/eshop reserves the right to change the prices without prior notice to the customer. Regardless of price fluctuations, the customer shall always pay for the price listed on the product at the time of completion of the purchase order.

9. Payment methods

α/ Cash on Delivery

Payment of the order is made by the customer to the employee of the courier company upon delivery at the customer's address. The customer shall pay the amount for the order in cash. The fee for payment by cash on delivery is 1.90 Euro (VAT included).

β/ Payment with credit, debit or prepaid card

Cosmobrands accepts credit, debit and / or prepaid Visa and MasterCard cards. To ensure total security of electronic transactions through credit and debit cards, these shall be made through the secure system of Eurobank Bank, which is based on the international company for protection of transactions (GLOBE SSL). As soon as the customer completes the purchase order, they shall be automatically transferred to the secure environment of Eurobank Bank. On this page, the customer shall fill in all the required fields (card number, expiration date, CCV2 / CVC2, cardholder’s name). The customer's card details are processed exclusively for the completion of the transaction, i.e., full payment for the products purchased by the customer from atticadps.gr/eshop. The processing of personal data is governed by the Data Protection Policy and the Cookies Policy of atticadps.gr/eshop.

10. Delivery methods

Orders are shipped exclusively by courier. When registering the order, the customer selects the postal address to which they wish the order to be sent, in the section "SHIPPING ADDRESS".

Once the purchase order is completed, an email shall be automatically sent to the customer with the details of their order.

It is not possible to ship orders outside of Greece.

It is not possible to pick up orders from the attica physical stores.

11. Shipping costs

Free shipping: For orders of beauty products exclusively, of a total price of forty five (45) euro or more, the customer is not charged with shipping costs.

For orders that include fashion products (and beauty products) of a total price of three hundred (300) euro or more, the customer is not charged with shipping costs.

Shipping rates:

For orders of beauty products exclusively of a total price of less than forty five (45) euro, the customer is charged with shipping costs of 2.50 euro (VAT included) per order for shipping throughout Greece. For orders that include fashion products, shipping costs vary from € 2.50 to € 7.80 depending on the volume of the order. Exceptionally, the shipping rate for orders that include suitcases is set at 14.70 euro. The exact shipping costs for your order are displayed in Checkout.

Once the purchase order is completed, an email shall be automatically sent with the details of the order.

Order cancellation - Returns policy

The user may cancel the order within one (1) hour of its completion (a) by sending an email to eshop@atticadps.gr featuring "Order Cancellation" in the subject line, mentioning the code number of the order in the body of the email or (b) by calling the e-shop customer service Call Center: 2111883079.

The return of products or goods at the expenses of atticadps.gr/eshop shall be accepted in all cases where the order was incorrectly performed by atticadps.gr/eshop (error in receiving the order, invoicing or shipping). In that case, the customer shall not accept delivery of the product / goods in the first place. Products / goods shall be returned in excellent condition, sealed, full, unused and undamaged. Products shall be returned in their original packaging.

In case of any defect in any product, the customer may notify the company either by phone (2111883079) or by email (eshop@atticadps.gr) and refer to the defect of the product. Any return of merchandise shall be completed within fourteen (14) calendar days from the date of receipt and shall be done through the courier company cooperating with atticadps.gr/eshop at the customer's expenses, based on the existing pricing policy. If the product is indeed found to be defective, the customer may request either a refund (including shipping costs) or a product replacement (also including shipping costs).

Product replacement

In case a non defective product is replaced, the customer shall be charged with the following:

-      Return fee: 3 euro

-      Cash on delivery fee for the new parcel: 1.90 euro

-      Shipping costs for the new parcel:

o      2.50 euro if the price difference between the returned and the new beauty products is less than 45 euro / free of charge if the difference is of 45 euro or more.

o     From 2.50 euro to 14.70 euro depending on the volume of the order if the price difference between the returned and the new fashion products is less than 120 euro / free of charge if the difference is of 120 euro or more.

Refunds

In this case the customer shall be charged with a refund fee of 3 euro, which shall not be payed to the courier at the time of delivery but shall be automatically deducted from the amount they shall receive back, for the value of the returned product or products.

A non defective product may be returned if (a) the customer fills in the return form and ships it along with the product to atticadps.gr/eshop through the courier company cooperating with Cosmobrands. Any return of merchandise shall be completed within fourteen (14) calendar days from the date of receipt and (b) packaging is not affected and is at its original state. In this case, the customer is charged with shipping costs. No changes or returns shall be accepted for products sold in Bazaar operations.

Returns shall be shipped exclusively to "COSMOBRANDS, 19th km. Athens - Markopoulo Avenue, 19002, Paiania, Attica". Returns shall not be accepted at any other address of the company nor at any Attica physical store.

13. Changes to the Service

Atticadps.gr/eshop reserves the right to modify the provided services or suspend their provision temporarily or permanently, with or without prior notice. Whenever a Customer uses the services of the e-shop, it is considered that they have unreservedly accepted the terms of use herein and that they unreservedly acknowledge that atticadps.gr/eshop shall not be liable to the customer for any change, suspension or interruption of service.

14. Products and information - Cosmobrands liability

Cosmobrands shall not be liable for any damage caused to the Customer by any exchange of information, while using the services of atticadps.gr/eshop, due to loss or delay or non-receipt or alteration of data.

Any information regarding the products of atticadps.gr/eshop shall not constitute and shall not replace any medical advice and any advice by any health professional in general. Any information accompanying the products is provided for informational purposes only.

Cosmobrands shall always act in good faith and in accordance with the law and the Special Terms of Use herein. Therefore, the Company has taken and shall continue to take all the necessary technical or other measures and make every effort for (a) the website and atticadps.gr/eshop to operate smoothly and properly without problems, interruptions, delays, errors or mistakes, (b) the data / information entered and transmitted through the website herein to not be compromised and to be protected with backup, since the website’s security systems are subject to restrictions, (c) the technology used by the Company or the Servers through which atticadps.gr/eshop is made available to Users to not contain viruses or other harmful components or software programs; however, atticadps.gr/eshop SHALL NOT PROVIDE RELATED GUARANTEES for all of the above and shall not be obliged to compensate the user for any damage resulting from the above reasons.

In addition, Cosmobrands shall provide no guarantee on (a) the suitability, effectiveness, adequacy of its products regarding the intended by the user purpose and (b) the correct and proper performance of the transaction obligations of the website’s other users and services.

Atticadps.gr/eshop shall make every reasonable effort for the maintenance and availability of its content. It shall not be liable for any kind of damage (direct, consequential, by omission, contractual or other) resulting from the users’ inability to access it, the discontinuation of all or part of it, the delay, non-delivery, interruption or poor quality in the reception of services or loss of their content, the existence of any kind of errors. It shall not be liable for any technical problems that may occur when users attempt to access the site and while accessing it and are related to the operation or the compatibility of their own equipment with the use of the website. Also, it shall not be liable for acts or omissions of third parties and especially of third party unauthorized interference with products and / or services and / or information available through it.

In addition to everything expressly provided herein, Cosmobrands shall hold no civil, criminal, or other liability to you and / or any third party that has been granted rights by you, in the event that any of the latter, while using the services and / or products of the e-shop herein suffers direct, indirect, incidental, consequential financial or other damage, loss of profits due to: (a) mistakes, omissions, technical issues, glitches or malfunctions of communication Networks, the Internet, the website, the Internet Service Providers, (b) the permanent or temporary discontinuation of operation of the website or of certain services and / or the discontinuation of certain products through the e-shop, (c) events, situations, activities, acts and / or omissions of the website or third parties including other Users for which it does not provide any guarantees and does not have any obligation in accordance with the provisions herein, (d) information and other content that may be published and communicated by third parties.

Atticadps.gr/eshop reserves the right to alter the delivery time for products in case of force majeure.

Atticadps.gr/eshop may include links to other websites. Under no circumstances should this be considered as endorsing or accepting the content or services of other websites which may be connected through links and it expressly rejects any liability for any content, data protection policy, quality of content and services. In addition, it shall not be liable for any unavailability in these websites, their data protection policy, as well as the quality and completeness of their information and services. The website shall not control or proceed to any precautionary check over the content and information published and disclosed by third parties and shall not be liable for it.

In the event of damage to the user by the information and services it provides, Cosmobrands shall only be liable for fraud and gross negligence.

15. Customer Obligations

Any Customer of atticadps.gr/eshop is required to:

-      Not use the e-shop website to perform any act that might result in a criminal prosecution or the initiation of any civil or administrative proceedings against the e-shop, for acts indicatively but not exclusively described in the Penal Code, Special Criminal Laws, Telecommunications Legislation, Personal Data Protection Legislation as well as in the relevant provisions or directives of the European Union or the Hellenic Telecommunications and Post Commission, the Hellenic Data Protection Authority and any other Public or Administrative Authority and Service.

-      Not infringe on any intellectual property of the Company or third parties in any way or form.

-      Strictly comply with the applicable Terms of Use of the e-shop as well as the applicable data protection regulations for the e-shop’s subscribers and / or visitors of its websites.

-      Provide complete and accurate personal information while registering as a customer.

-      Update their personal registration details to reflect, at all times, their current personal information. In case an inaccuracy is found in the Customer's registration information, atticadps.gr/eshop may deactivate the customer's account immediately and notify them of it.

-      Keep confidential and not disclose to third parties their password to the e-shop services. Also, to IMMEDIATELY inform atticadps.gr/eshop by email at eshop@atticadps.gr regarding any unauthorized use of their username and password. Atticadps.gr/eshop shall not be liable for any unauthorized use of the customer’s password, if not previously informed about it.

-      Confirm that they have logged out of their personal account at the end of each session.

-      Provide correct and accurate Payment and Delivery Information for any purchase order placed on atticadps.gr/eshop

It is prohibited to use the website and the e-shop in order to mail in any way or form, publish or transmit any content that is illegal, threatening, offensive, defamatory, immoral, vulgar, obscene, reinforcing or expressing racial, ethnic or other discriminations, that may cause damage to third parties in any way.

Any action or omission that (a) infringes on any patent, trademark, trade secret, copyright or other proprietary rights of both the Company and third parties, (b) contains viruses or other software that might cause interruption, damage, destruction or obstruction to the operation of any software or cause damage to the reputation and respectability of the Company, its Partners and Affiliate Companies and / or other users / Members / customers, or might violate the website / e-shop users’ personal or other data is prohibited.

In addition, it is prohibited:

(a) To access or attempt to access any information and data (including personal data) circulated through the Website for which there is no authorization or authority to use.

(b) To access atticadps.gr/eshop in order to create or produce a product or service in competition with the products / services of the Company.

(c) To facilitate third parties, in any way and by any means, to gain access to the data provided to atticadps.gr/eshop by its users.

(d) To proceed to any form of Software piracy, hacking and / or tapping, copying, analogue / digital recording and mechanical reproduction, distribution, transfer, downloading, processing, resale, creation of derivative work of data (including personal data) and information, including the website’s content and material (photos, graphics, texts, etc.).

16. SSL Security Protocol

Atticadps.gr/eshop is equipped with SSL (Secure Socket Layers) Security Protocol for data encryption. The size of the key used is 2048 bit.

 

Electronic Dispute Resolution

E-shop atticadps.gr/eshop is in full compliance with out-of-court resolution processes for domestic and cross-border disputes regarding sales contracts drawn up with each of its users / customers, as described in Joint Ministerial Decision 70330/2015, which includes provisions that fully align the Greek legislation with Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC and adopts additional national measures for the implementation of Regulation 524/2013 of the European Parliament and of the Council of 21 May 2013 on online dispute resolution for consumer disputes,

The Online Dispute Resolution platform is directly linked to the competent Alternative Dispute Resolution (ADR) bodies that process the complaints. In Greece, the competent bodies are A) the Independent Authority "Hellenic Consumers’ Ombudsman" and B) the Hellenic Ombudsman for Banking - Investment Services.

Instructions for the Online Dispute Resolution process can be found at the following link: https://webgate.ec.europa.eu/odr/main/?event=main.home.show.

 

Data Protection Policy

Data processing is done in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), any specific national and European legislation for certain sectors, the current Greek legislation on data protection as well as the protection of personal data and privacy in the field of online communications (Law 3471/2006, as applicable) and the decisions of the Hellenic Data Protection Authority (HDPA).

1. General Information

Through atticadps.gr/eshop, COSMOBRANDS may collect the necessary data in order to create a personal account that you may use to place purchase orders and receive updates by email.

Data collected by Cosmobrands is gathered, processed and stored in confidentiality by COSMOBRANS SA (Amerikis 10, 10671 Athens) as the data controller, in accordance with the applicable data protection provisions as per the General Data Protection Regulation (EU 2016/679), and in cooperation with Attica Department Stores SA, the domain and server of which Cosmobrands is using in order to provide e-shop services and the online shopping experience.

Any collected personal data shall never be disclosed to third parties (with the exception and in the context of the Cooperation with Attica Department Stores SA or wherever provided for by law and the Competent Authorities, as well as any stipulation of paragraph 4 herein) and the data’s personal nature shall be preserved. COSMOBRANDS shall store files with this data exclusively for communication and statistical purposes, to improve the provided services and manage its customer base.

2. Your rights and your options

If you have created an Account at atticadps.gr/eshop, which, within the framework of the Cooperation, is hosted on a server of Attica Department Stores SA, you may access or rectify your personal information by logging in to your Account using the email and password you set when you created your Account.

In any case, we offer you options regarding the personal data we collect from you, such as the use we make of the data and the way we communicate with you. To update your preferences, ask that we remove your data from our mailing lists or submit a request, or exercise your Rights as set forth by the Regulation and listed below, please reach out to us by contacting the Data Protection Officer for Cosmobrands (Mr. Polychronis Kokkinidis, mob.: 6974380953, tel: 2111802500, email: dpo@cosmobrands.gr), or by post (Amerikis 10, Athens, PC 10671).

More specifically, you have the following rights:

2.1 Email Opt-Out

At any given moment, you may request that we don’t email you advertising material, by clicking on the unsubscribe link included in the advertising emails you receive from us or by contacting us as above.

2.2 Post office mail Opt-Out

You may request that COSMOBRANDS stops post office mailing you, by following the instructions that might be included in a specific promotional activity. Also, you may request that we not be allowed to send you advertising materials by post, by contacting us as above.

2.3 Withdrawal of consent

You may withdraw any consent you have given us or object at any time to the processing of your personal data for legitimate reasons. We shall adjust to your preferences within a reasonable period of time. In certain cases, withdrawing your consent regarding the use or disclosure of your personal data might mean that you shall not be able to use some of our products or services.

2.4 Data review, update and rectification

Without prejudice to the applicable law, you have the right to request access and receive details on the personal data we keep on you, to update and rectify inaccuracies in your personal data, and to request that they be blocked or erased, depending on the case. The right to access to personal data may, in certain cases, be restricted by local legislation requirements.

2.5. Data transfers

We may transfer any personal data we collect from you to countries other than the country where the data was initially collected. These countries might not have the same data protection laws as the country in which you originally provided the information. Minors have access to the website only with the consent of their legal representatives or guardians.

3. Data processing by Cosmobrands

3.1 Data collection methods

When you register on the Website, we collect your personal data, using the form available in the section "My Account". In this way and with your consent, Cosmobrands collects your name, surname, email address, gender, date of birth.

If you wish that we make suggestions on products, product categories & brands, which meet your needs and preferences, you may - only if you wish - fill in the section "My Personal Profile", and willfully provide us with the following information: Skin features, Everyday habits, Interests regarding facial features, hair & makeup, favorite product categories, favorite brands.

When placing a purchase order, we collect personal data using the form available in the "Create a Customer Account" section as defined in the General Terms and Conditions. In this context, based on the rights and obligations deriving from the contractual relationship between us and its implementation as well as from statutory obligations, in addition to the data collected during your registration, we collect: your address (for delivery and invoicing, in case they differ). your phone number (landline and mobile phone) and information on the selected payment method (credit card number, credit card holder).

Lastly, when you request to view pages on the Website, the COSMOBRANDS servers automatically recognize your computer's IP address (the numeric web address assigned to each computer on a network. The form of the IP address is as follows: XXX.XXX.XXX. XXX).

The data we collect that is necessary for us to respond to your searches or your order, is marked with an asterisk on the data collection forms. In case you do not fill in the required data we shall not be able to complete our transaction.

We may get your personal data from various sources. We may collect this information when you share it with us at a cash register or our store, on our Website, on our social media platforms, or at any of our events. When you visit this Page, we also collect certain information through automated means, using technologies such as cookies, web server logs and web beacons.

3.2 Objectives

The personal data we collect from you every time you visit the Website or place an order is necessary for the overall handling of your order by COSMOBRANDS and its provider agents. Handling includes detecting online fraud as well as fraud involving current means of payment, preventing and handling payment (non-payment) incidents and preserving COSMOBRANDS rights related to its business activity.

Furthermore, this data may be used to inform you about products and services provided by COSMOBRANDS, as well as its offers or promotional activities.

n addition, we reserve the right to freely collect and publish general statistics in the visitors’ profiles of our Website, without disclosing specific information such as the name and address of these visitors. We may collect statistics required to interpret the use of our Website by visitors (frequency of views from various other Websites, sales statistics and origin of Website visitors, etc.).

Any data regarding the profile of our visitors shall be stored only by COSMOBRANDS, as per the Greek law.

Lastly, COSMOBRANDS may email you commercial offers regarding products or services, promotions or advertising activities, unless you state your refusal by contacting us using the above contact information referred to in Paragraph 2.

3.3 Data processing

Your data shall be stored for a period of time corresponding to the Company’s operation and the fulfillment of the above objectives.

3.4 Data recipients

In principle, the natural persons employed by COSMOBRABDS shall be the data recipients for the performance of the above objectives; more specifically access shall be granted to the responsible employees of the following departments: MARKETING, E-COMMERCE, IT, CUSTOMER SERVICE. Moreover, in the context of this processing for the realization of the above objectives, COSMOBRANDS shall utilize the services of third parties, to whom the data will be disclosed and who will process them on behalf of COSMOBRANDS. Any interested party may be informed on the services of third parties and their details by contacting the Data Protection Officer as listed below.

In addition, we may disclose information on you (i) if we are required to do so by law or legal proceedings, (ii) to law enforcement or other government officials, or (iii) when we deem that disclosure is necessary or appropriate to prevent bodily harm or financial loss, or in collaboration with an investigation into a suspected or actually fraudulent or unlawful activity. Also, we reserve the right to transfer you personal data if all or part of our business or assets is sold or transferred. Should such a sale or transfer occur, we shall make reasonable efforts to direct the transferee to use the personal information you have provided us with in a way consistent with our Data Protection policy. After such a sale or transfer, you may contact the entity where your personal data will be transferred for any relevant questions.

3.5 Data security and confidentiality

COSMOBRANDS has made and shall continue to make significant efforts to take all precautionary measures in order to maintain the confidentiality and security of personal data and to prevent their distortion, damage, destruction, and accessibility by unauthorized third parties. Technical and organizational security measures include state-of-the-art technology. However, the company cannot control the risk associated with the operation of the Internet and, therefore, draws your attention to the potential risks associated with its use and operation.

3.6 Use of personal data

Without prejudice to paragraph 3.4, COSMOBRANDS shall not transfer or disclose in any way your personal data and information to its subsidiaries, third parties and commercial or business partners without prior notice. In the event that COSMOBRANDS is compelled by law or by a court order to disclose the personal data of its members, it shall accordingly notify its members, if possible (unless COSMOBRANDS deems that it is not obliged to do so). Considering the level of technology related to the telecommunications sector, COSMOBRANDS shall not guarantee the confidentiality and the verification of authenticity for emails that the visitor sends or receives from COSMOBRANDS. We store your data for a period corresponding to the operation of the company and the fulfillment of the above objectives, which is limited to five years starting from the time of your last interaction with us, unless we are required by law to store the data for a longer period of time, or if it is required in the context of court proceedings.

We may use the information you provide us with for purposes of sales promotions, marketing and communication in collaboration with platforms such as Google, Facebook, etc., such as offers, discounts, new products, advertising material etc., as well as to improve customer services and for purposes that cannot be foreseen herein for which we shall specifically notify you.

3.7 Data collected through automated means

When you visit this page, we collect specific data through automated means, using technologies such as cookies, web server logs and web beacons.

We may use third party web analytics services on this page, our social media pages, or our mobile applications. The service providers who manage these services use technologies such as cookies, web server logs and web beacons to help us analyze how visitors use the page. Any data collected through these means (including the IP address) shall be disclosed to these service providers, who use this information to evaluate the use of the website.

3.8 Targeted advertising

We may also outsource our ads to third party ad networks that collect IP addresses and other data through the use of cookies, web server logs and web beacons on our websites, emails and third party websites. They use this data to place ads for products and services tailored to your interests (including companies not controlled by us). You may see these ads on our and other websites. This process also helps us manage and monitor the effectiveness of our advertising activities.

3.9 How we use the data we collect through automated means

We may use the information collected through automated means on this page to transmit personalized content, for market research, data analysis and systems management purposes, in order to determine whether you have visited us in the past or you are a new visitor to the site, as well as to comply with our legal obligations, policies and procedures, including compliance with relevant industry standards and the enforcement of our Terms and Conditions. We may also use the information in other ways, for which special notice shall be given at the time of collection.

3.10 Data collection sources

3.10.1. E-shop credit cards

Short Description

Upon completing a purchase, the customer may select a credit card as payment method.

Purpose for Processing

Proof of valid transaction with the customer upon request by the cooperating Bank (Eurobank).

Types of Data Subjects

E-shop customers

Types of Personal Data

Required: Name, surname, address, contact number.

Data sources

Digital material

Lawfulness of processing

Processing is necessary for the performance of a contract or / and for compliance with a legal obligation to which the controller is subject.

Persons making contact

Data register

Transfer to Third country

Data is not transferred to a third country.

Time-limit for erasure

5 years from the date of last contact - transaction with the natural person.

 

3.10.2. E-shop invoicing

Short Description

For the pricing of purchase orders a receipt is issued, which shall be delivered to the customer along with their order.

Purpose for Processing

Invoicing of natural persons.

Types of Data Subjects

E-shop customers

Types of Personal Data

Required: Name, surname, address, contact number, Tax Identification Number, Tax Office.

Data sources

Form and / or digital material.

Lawfulness of processing

Processing is based on article 6 (1) (b), processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; and (c): processing is necessary for compliance with a legal obligation to which the controller is subject.

Types of notification recipients

E-shop warehouse, Accounting Department, E-Commerce Department

Persons making contact

E-shop warehouse, Accounting Department, E-Commerce Department

Transfer to Third country

Data is not transferred to a third country.

Time-limit for erasure

At least 5 years from the end of the fiscal year when there is obligation for tax return statement; or, until the period for a tax assessment by the tax administration expires; or, until final judgment in a tax administration's claim following a tax audit; or until full amortization of the claim.

 

3.10.3 E-shop member

Short Description

Through the www.atticadps.gr/eshop website, visitors may become atticadps.gr/eshop members, in order to create a personal account and fully benefit from the e-shop functions and services.

Purpose for Processing

For the customer / visitor to create a personal account in the e-shop and fully benefit from the e-shop functions and tools (order history, order status, receiving updates, personal profile with preferences, wishlist).

Types of Data Subjects

E-shop visitors and customers.

Types of Personal Data

Required: Name, surname, email, gender, date of birth (day and month).

Data sources

E-shop special form

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data.

Types of notification recipients

E-Commerce Department, currently cooperating third companies that are active in the field of e-commerce and digital marketing; details on these companies are available upon request at eshop@atticadps.gr.

Persons making contact

E-Commerce Department, people responsible on the part of the partners.

Transfer to Third country

Yes. For more information you may contact eshop@atticadps.gr.

Time-limit for erasure

2 years from the date the customer unsubscribed or withdrew their consent.





3.10.5[7]  Order handling

Short  Description

Through the webpage www.atticadps.gr/eshop, visitors may enter a purchase order electronically, edit it or even cancel it.

Purpose for Processing

Entering, processing, possibly exchanging products, shipping to customers, possibly canceling a purchase order.

A customer possibly returning an order.

Types of Data Subjects

E-shop customers.

Types of Personal Data

Required: Name, surname, address, contact number.

For invoicing: business name, area of activity, Tax Office, Tax Identification Number.

In case of (full or partial) return of the order, when payment has been made upon delivery and there must be a refund to the customer, the refund is made to a bank account. For this purpose the following information is requested: Name & Surname of the Beneficiary, Bank, Bank Account Number, IBAN

Data sources

E-shop special form.

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data.

Types of notification recipients

E-Commerce Department, e-shop warehouse, Accounting Department, and other third partners in the logistics chain; details on these partners are available upon request at eshop@atticadps.gr.

Persons making contact

E-Commerce Department, e-shop warehouse, people responsible on the part of any other third companies.

Transfer to Third country

Yes. For more information you may contact eshop@atticadps.gr.

Time-limit for erasure

2 years from the date of transaction.

 

3.10.6. Contacting though email (eshop@atticadps.gr)

Short Description

The email account eshop@atticadps.gr allows any third party to contact our business. Contacting may pertain to a general question on products (for example, prices, availability etc.), processes (for example, return - exchange of a product), complaints regarding customer service, information on opening days and hours etc.

Purpose for processing

To update and manage the issues described in each email, in order to continuously improve the company’s customer service.

Types of Data Subjects

Any natural person contacting us through this specific email.

Types of Personal Data

Email or / and name or/ and surname or/ and telephone number or / and postal address or / and any other details the data subject may choose to share. There is no data collection form template.

Types of notification recipients

Depending on the message - subject, it may be copied to cooperating suppliers.

Depending on each email’s subject, its data and content are processed by the following addresses separately or in collaboration: E-Commerce Department, IT Agency.

Time-limit for erasure

In order to ensure accountability as well as for internal audit purposes, any information gathered from the specific personal data input source shall be stored for a period of one year from the last communication, after which it shall be erased. 

Third countries or International Organizations where data shall be transferred

None.

 

Attica e-shop users wishing to contact us by email or the contact form at atticadps.gr/eshop, shall receive in their email the following automated reply:

"Thank you for the email you sent us at eshop@atticadps.gr. The details appearing in the mail you sent us shall be visible to its recipients, staff members of COSMOBRANDS SA. (Amerikis 10, Athens, TIN 800398464) who are responsible for the processing of its content, the competent IT staff of ATTICA DEPARTMENT STORES SA (Panepistimiou 9, Athens, TIN 999400954), the servers and domain of which we contractually use to offer e-shop services; this information shall be used to process the message, information or complaint contained therein and / or to answer any question mentioned in it, for as long as necessary in order to fulfill the above purposes, after which they shall be deleted. Throughout the above interaction, you may request access to, rectification or erasure of the personal data contained in the specific email or restriction of their processing, object to their processing or request their portability, as well as withdraw the consent given herein, freely and at any given moment. COSMOBRANDS A.E. Is hereby notifying you that Mr, Polychronis Kokkinidis is the appointed Data Protection Officer (mobile: 6974380953 tel: 2111802500, e-mail: dpo@cosmobrands.gr), who you may contact in case you have any questions or need clarifications regarding this reply or the General Data Protection Regulation. You may also contact eshop@atticadps.gr or 2111883079 in case you wish to exercise your rights, as above, regarding your personal data that we store and process with your consent. For details about the data protection policy, see here[8] . Complaints regarding violation of the above shall be lodged before the Hellenic Data Protection Authority, tel. 2106475600, Kifissias Ave. 1, Athens 11523, complaints@dpa.gr

 

3.10.7. Atticadps.gr/eshop Contact Form

Short Description

The atticadps.gr/eshop contact form allows any third party to contact our business. Contacting may pertain to a general question on products (for example, prices, availability etc.), processes (for example, return - exchange of a product), complaints regarding customer service.

Purpose for processing

To contact visitors or customers on beauty tips, product search, product availability, product or order return, order cancellation, other questions.

Types of Data Subjects

E-shop visitors and customers.

Types of Personal Data

Required: Name, Surname, Contact number, Email.

Data sources

Special e-shop form

Lawfulness of processing

Processing is necessary for the performance of a contract or / and for compliance with a legal obligation to which the controller is subject.

Types of notification recipients

E-Commerce Department, IT Agency (for more details you may contact eshop@atticadps.gr).

Persons making contact

E-Commerce Department, IT Agency (for more details you may contact eshop@atticadps.gr).

Transfer to Third country

Yes. For more information you may contact eshop@atticadps.gr.

Time-limit for erasure

12 months from the date of last contact.

 

3.10.8. Inhouse Contact by phone

Short Description

Pertaining to the possibility of any third party to contact our business Inhouse by phone. The call may pertain to a general question on products (for example, prices, availability etc.), processes (for example, return - exchange of a product), complaints regarding customer service.

Purpose for processing

To contact visitors or customers, if they wish so, in order to resolve any issues regarding purchase orders, product availability, product details, return of a product or an order, entering an order or other issues that might arise.

Types of Data Subjects

E-shop visitors and customers.

Types of Personal Data

Required: Name, Surname, Contact number, Email.

Data sources

Phone call

Lawfulness of processing

Processing is necessary for the performance of a contract.

Types of notification recipients

E-Commerce Department

Persons making contact

E-Commerce Department

Transfer to Third country

Data is not transferred to a third country.

Time-limit for erasure

12 months from the date of contact.

 

3.10.9. ICAP contact by phone

Short Description

Pertaining to the possibility of any third party to contact our business by phone. The call may pertain to a general question on products (for example, prices, availability etc.), processes (for example, return - exchange of a product), complaints regarding customer service.

Purpose for processing

To answer incoming customer phone calls, who are calling to ask questions, receive information or place a purchase order.

Outcoming calls to e-shop customers and visitors, upon their request, to handle a request they may have.

Types of Data Subjects

E-shop visitors and customers.

Types of Personal Data

Required: Name, Surname, Contact number, Recording of calls.

For invoicing: business name, area of activity, Tax Office, Tax Identification Number.

Data sources

Phone call

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data. Processing is necessary for the performance of a contract.

Types of notification recipients

Call Center (ICAP)

Persons making contact

Call Center (ICAP) employees, E-Commerce Department.

Transfer to Third country

Data is not transferred to a third country.

Time-limit for erasure

12 months from the date of contact.

 

3.10.10.Customer Support by Suppliers

Short Description

Pertaining to contacting suppliers regarding issues that arise, upon the customer’s request.

Legally Responsible Natural Person vis-à-vis the Authority

Marketing Department

Purpose for processing

Contact between the suppliers’ Call Centers (so far, ESTEE LAUDER GROUP, GR. SARANTIS, L'OREAL LUXE, FF COSMETICS) and e-shop customers, in order to manage issues arising with the brands that are represented by the suppliers, upon the customer’s request.

Types of Data Subjects

E-shop customers

Types of Personal Data

Required: Name, Surname, Contact number.

Data sources

Email and / or Phone call.

Lawfulness of processing

Processing is based on article 6 (1) (a): the data subject has given consent to the processing of his or her personal data.

Types of notification recipients

Suppliers’ Call Center (Customer Support).

Persons making contact

Supplier’s Communication Manager, Suppliers’ Customer Support, COSMOBRANDS SA E-Commerce Department.

Transfer to Third country

Data is not transferred to a third country.

Time-limit for erasure

12 months from the date of contact.