“We” are M.B. ELEON Single Member Private Company, trading under the name “M.B. ELEON”, incorporated under the laws of Greece, under general commercial registration nr. 149896901000 and VAT nr.: EL801134917, headquartered at 6, Agiou Ioannou St., 15233 Halandri, Greece, email: email@example.com , phone nr. +302108088545.
Regarding your personal data, we act as a “Data Controller”, according to GDPR Article 4 (7).
“You” are any person accessing or using our website or contacting us by any other means, also defined as a “Data Subject” according GDPR to Article 4 (1).
“Our Website” is https://ootopia.gr, including our e-shop.
We shall be responsible for and shall be able to demonstrate compliance with the GDPR principles. Your personal data shall be:
PURPOSES AND LAWFULNESS OF PROCESSING
We may collect and process your personal data subject to at least one the following legal bases and associated purposes:
(a) you have explicitly provided us with consent to process your personal data in order to create a user account on our website, to order a product through our e-shop, to participate in a contest or for other specific purposes,
(b) processing is necessary for the preparation or performance of a contract between us, as when you enter and save your details prior to confirming you order or when you actually buy a product through our e-shop,
(c) processing is necessary for compliance with a legal obligation to which we are subject to, such as our obligation to record your contact details on our receipt or invoice for tax compliance purposes,
(d) processing is necessary in order to protect your or any other natural person’s vital interests, such as the integrity and security of your account and your stored personal data,
(e) processing is necessary for the purposes of legitimate interests pursued by us or by a third party. Such legitimate interests are the smooth and secure operation of our website, direct marketing, after-sales customer support and the improvement of products and services.
In any case, we shall keep requested personal data at the minimum possible level. Depending on the data processing purpose, your denial to provide requested personal data may prevent us from fulfilling a statutory, pre-contractual or contractual requirement.
PERSONAL DATA PROCESSING
We shall collect and process your personal data only after you provide us with your explicit consent while using our website and e-shop or when you are contacting us for any other reason. We will ask you for your personal data in the following cases:
DURATION OF PERSONAL DATA STORAGE
We will retain your personal data for the period required to fulfill the processing purposes mentioned above, or until you explicitly request from us to delete your personal data from our database, subject to the limitations prescribed in Article 17 of the GDPR. In the case where personal data processing is based on your consent, the data shall be retained until we receive your withdrawal from such consent and there is no other legal base or statutory limitation preventing us from deleting your data. Certain data (e.g., order data) may be kept anonymously or pseudonymized for the purposes of statistical analysis.
Note that we may retain your personal data until the end of a claim limitation period or until any disputed claims are resolved before mediation panels or courts. We may also retain your personal data for as long as this may be required by tax or other applicable legislation.
According to Articles 15 to 22 of the GDPR and Articles 33 to 35 of applicable Greek Law 4624/2019, you have certain rights as a data processing subject. You have the right to withdraw your consent for personal data processing anytime. You have the rights to request from us access to and rectification or erasure of your personal data. You have the right to request from us to restrict processing concerning yourself as a data subject, the right to object to your personal data being processed for the purposes of legitimate interests pursued by us or by a third party, including profiling, as well as the right to data portability, where possible. You also have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects on you or affects you significantly in a similar way. These rights can be exercised subject to limitations prescribed in the legal provisions mentioned above.
In addition, you have the right to lodge a complaint with the competent data protection authority. Our supervisory authority is Hellenic Data Protection Authority www.dpa.gr.
PERSONAL DATA TRANSFERS
As part of our operations and in order to fulfill our contractual obligations, we contract web hosting, payments and delivery service providers who may have to process your personal data according to our instructions. We cooperate only with data processors who are contractually bound to provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of GDPR and will ensure the protection of your personal data rights.
Your personal data are stored on hosting servers located in countries which ensure an adequate level of data protection, as defined in Article 45 of the GDPR.
We do not assume or accept any responsibility whatsoever for processing of any personal data you may provide to third parties through links provided on our website. Such parties are independent Data Controllers and so we strongly advise you to study their Privacy Policies prior to granting them with access to any of your personal data.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks involved for your personal data, in accordance with GDPR requirements.
Your information is processed only by authorized and qualified staff and associates which are bound by confidentiality and data protection agreements with us.
Your user account is personal and non-transferable. It is your duty to safeguard and not to disclose your user login credentials to anyone else.