Divine Seed’s Policy for the Processing of Personal Data
I. Collection and processing of personal data
DIVINE SEEDS SINGLE MEMBER PRIVATE COMPANY (hereinafter "Company"), which is based in Agia Paraskevi, Attica, 70 Karaiskaki Street, GR-15341 with Tax Identification Number 801337801, GEMI number 154679701000, may process personal data of users of its website, customers/ natural persons (existing and future) and any other natural person in any capacity in the context of selling its products to customers and carrying out its activities. The collection and processing of personal data by the Company is performed in full compliance with the General Data Protection Regulation 2016/679 of the European Parliament and Council ("General Regulation"), which has entered into force on 25-05-2018, and with the current national legislation, in particular with law 4624/2019. The Company processes only the personal data that are necessary for the fulfillment of the respective processing purpose in a legal, legitimate and transparent way, taking every security measure to protect the data, inter alia, from unauthorized access, illegal use or disclosure. This text is a brief presentation of the Company’s privacy policy.
ΙΙ. Data Controller
Data Controller is the Company, namely the company with the name DIVINE SEEDS SINGLE MEMBER PRIVATE COMPANY, in Agia Paraskevi, Attica, 70 Karaiskaki street with Tax Identification Number 801337801, GEMI number 154679701000. For any information regarding the processing of your personal data you can contact the Data Controller by email at info@divineseeds.gr.
III. Where do we collect the data we process
The Company processes personal data that you or your legal representatives have disclosed to us or will disclose to us as prospective and / or existing customers, suppliers, external service providers. The personal data that you provide to the Company must be complete and accurate and updated by you immediately in any case of change. These data can also be collected electronically, through the Company’s website, during the creation of a user account and throughout the use of the Company’s website. Also, your personal data may be collected by e-mails that you send to the Company as well as when purchasing products from the Company's electronic platform.
IV. Which data are processed
The Company processes the data that the user enters, on the Company's website or sends by e-mail such as name, surname, tax registration number, contact number, e-mail address, postal address, gender. In addition, personal data collected automatically during the user's browsing on the Company's website (IP address, date and time of visit, location data, login and identification details, username, password, cookies, browser type and version, redirection website, Company’s websites visited by the user, responses to any surveys) are also processed.
V. Purposes of processing
The processing of the above personal data is done for the following purposes: • To communicate with users at their request and to respond to their requests. • For the service of the transactions of the customers / users through the website of the Company and their communication with a competent representative of the Company • For entering into and performing contracts of the Company with its customers. • For the provision of personalized services and products to you • For the creation of statistics in relation to the frequency of visits to the Company's website and the profile of the customers in order to improve the services provided. • For the compliance of the Company with its legal obligations (tax, insurance, regulatory, etc.), such as the transmission of data to competent tax, audit and supervisory authorities.
VI. Legal basis for processing
Unless otherwise specified, the legal basis for the processing of the above data is one of the following: (a) the processing of data is performed with the consent of the subject for one or more specific purposes, (b) the processing is necessary in order to take measures at the request of the data subject before the execution of the contract or for its performance, when the data subject is a contracting party, (c) the processing is necessary for the compliance of the Company with tits legal obligations.
VII. Recipients of the data under processing
The Company is obliged or, where applicable, may disclose personal data to third parties, natural or legal persons, public authorities or other bodies, such as: (a) to employees of its business and operational units, within the scope of their responsibilities, (b) to third parties, natural or legal persons, acting on its request or on its behalf, subject to professional secrecy and the duty of confidentiality, such as: - companies supplying, developing and supporting information systems and applications, including Internet hosting companies (e.g. cloud providers), - database management companies, - risk management companies, - postal service providers, - lawyers, law firms, notaries and court bailiffs, accredited mediators and mediation centers, experts. In case the Company entrusts the processing of personal data of the Data Subject (User / Customer) to third parties, acting on its request and on its behalf, they must act and fully comply with the instructions of the Company and the applicable legal framework for the protection of personal data.
VIII. Transfer of data to third countries (outside the EU) or to international organizations
The Company transfers your personal data to third countries (for example, USA, Canada) if it is necessary for the performance of its work / provision of services, or its compliance with the applicable laws or regulations. In this case, the transfer shall be carried out in accordance with European legislation on transfer outside the European Economic Area (EEA) and shall take place only if those countries have an adequate level of protection of personal data in accordance with Articles 45 and 46 of the GDPR or if explicit consent of the Data Subject is provided for this purpose (Article 49 of the GDPR), after being previously informed about the purposes of the specific transfer and processing.
IX. The right to withdraw consent
In case a user provided his/her consent for the processing of specific personal data by the Company, he/she has the right to withdraw his/her consent at any time, with future effect. The withdrawal of consent does not affect the lawfulness of the processing based on it before it was withdrawn. In case of withdrawal of the consent, the Company may further process the personal data, if there is another legal basis for the processing.
X. Cookies policy
Cookies are pieces of information downloaded on your computer while browsing a site. They are created when a user's internet browser loads a particular website. Depending on their function, they are used to facilitate your visit to the Company's website, the proper operation of the website as well as for advertising purposes. The cookies policy posted on our website describes in detail the cookies we use and their purpose. We also follow Shopify's cookies policy, found at https://www.shopify.com/legal/cookies.
XI. The period for which the personal data will be stored
In case a user account is created on the Company's website, the personal data will be kept for a period of up to one (1) year from the deletion of the specific user account from the Company's website. However, in the event that the user has entered into contracts with the Company, the Company stores and processes personal data in accordance with the terms of the contract, and for as long as provided by the applicable legal and regulatory framework. If, after the expiration of the above period, legal proceedings are pending, the storage period of the data will be extended until the dispute pending before the courts is resolved in any way.
XII. Respect and exercise of rights regarding your personal data
The rights of data subjects are the following:
(a) Right of access, Right to be informed if the Company processes data and which data are processed, what are the purposes of the processing and who are their recipients / categories of recipients.
(b) Right of rectification, Right to apply for rectification of inaccuracies and completion of incomplete data, providing the necessary documentation.
(c) Right of erasure, Right to apply for erasure of your personal data, subject to the provisions of applicable law.
(d) Right of restriction of processing, Right to apply for restriction of the processing of personal data, in accordance with the provisions of the applicable legislation.
(e) Right to object to processing Right to object at any time to the processing of personal data when this is based on article 6 par. 1 item e) or f) of the General Regulation, and which will be satisfied unless the Company demonstrates that there are mandatory and legitimate reasons for their processing, which take precedence over the rights and freedoms of the subject or for the establishment, exercise or support of its legal claims.
(f) Right to portability, The right of the data subject to receive data that he/she has given with his/her consent or which were necessary for the execution of the contract, in a structured, commonly used and machine-readable format, or to request their direct transfer from the Company to another provider if this is technically feasible and free of charge. The exercise of this right does not imply the erasure of the data from the records of the Company, provided that their storage is necessary for its compliance with its legal obligations or the protection of its legal interests.
(g) Right not to be subject to decisions based solely on automated processing Data subjects have the right to request their exclusion from decisions based on automated processing, including profiling.
In order to exercise the above rights, data subjects may contact the Company by e-mail at info@divineseeds.gr. The Company will make every effort to respond to your requests during the exercise of your above rights within thirty (30) days of their submission. This deadline may be extended by sixty (60) days if deemed necessary, taking into account the complexity of the request and the total number of requests. In this case, you will be informed about the extension within (30) days from the submission of the request. The Company's refusal or unjustified delay in satisfying the requests of the data subjects during the exercise of their rights provides the right to appeal to the Personal Data Protection Authority, 1-3 Kifissias avenue, PC 11523, Athens, tel .: + 30- 210 6475600, website: www.dpa.gr, e-mail: contact@dpa.gr as the competent supervisory authority for the implementation of the General Data Protection Regulation. In any case, the right to submit a complaint to the above Authority is reserved, if the data subject considers that their processing is performed in violation of the applicable legislation.
XIII. Amendment - Update
The Company might update, complete and/or amend the present policy within the applicable legal and regulatory framework, which will be always available updated at the official website www.divineseeds.gr and at the registered office of the Company.