Privacy Policy

With its present policy “CIAOFASHION (hereinafter the “Company” or “we” or “our”), which is based at Anogeion 20, 18453, Nikaia – Athens, determines and discloses the conditions under which, operating as the law designates as “Processor”, collects, stores, uses and generally processes your personal data, which it collects when you visit, register or use its website (hereinafter the “Website”), as well as when you deal with the physical her store.
This Privacy Policy also describes how we use, share and protect your personal data, the options you have regarding your personal data, as well as how you can contact us. This Protection Policy is in accordance with the conditions arising from Regulation (EU) 679/2016 and any other relevant applicable legislation.

1. A few words about the Company’s Website
The website www.ciaofashion.gr is the website of the Company, where the online store for the presentation and sale of its products is located.

2. What is Personal Data?
The term “personal data” refers to any information that concerns an identified or identifiable natural person, i.e. information of natural persons, such as name, postal address, e-mail address, telephone number, etc., which identify or can identify the your identity, hereinafter “Personal Data or Data”.

3. What is Personal Data Processing?
Any act or series of acts carried out with or without the use of automated means, on personal data or sets of personal data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

4. Is it mandatory to provide your Personal Data?
Providing the Data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or may be optional.
The mandatory or optional nature of the provision of Data is indicated by an asterisk (*) next to mandatory personal data.
If you refuse to provide the information marked as mandatory on the Website, it will be impossible to achieve the main purpose for which the specific Data is collected, and it may, for example, make it impossible for the Company to fulfill the sales contract available on its website.
The provision of additional Data to the Company, beyond those marked as mandatory, is optional and has no consequences regarding the main purposes of Data collection, since its provision serves exclusively to optimize the quality of the services provided by us.

5. What Personal Data do we collect about you?
We take care to collect only your absolutely necessary Personal Data, which is appropriate and clear for the intended purpose. This Data includes the following:
a. Data that you provide to us when you register and create a user account on the Website, via the Internet or your mobile or through your personal contact with our stores or with our sellers and specific data such as electronic address (e-mail) * and login password (as mandatory) and first name, last name, postal address, phone number (as optional):
b. Data and information you provide to us through transactions between us (purchases, orders, etc.) and communication between us (through our physical store, our online store, our sellers, telephone, email or through any other way/means).
c. Data related to the payment method for the transactions you carry out with us.
d. Data you provide to us when you subscribe to our newsletter.
e. Data about the products that you usually choose in preference, in order to recommend products or services of your interest and to further improve your shopping experience with us. Of course, you always have the option not to share such information with us.
f. Traffic data of our website.
g. Information collected from the use of cookies in your browser. Learn more about how cookies are used here.
h. In order to provide the best possible website experience, we collect technical information about your internet connection and browser, as well as the country and telephone code where your computer is located, the web pages displayed during your visit, advertisements which you click on and any search terms you used.
i. Your social media username, if you interact with us through these channels, to help us respond to your comments or questions.

6. How do we use your Personal Data?
On a case-by-case basis We use your Data::

  • To complete orders for products and services: The Company processes your Data in order to fulfill its contractual relationship, process the order for products and/or services, provide customer service, comply with legal obligations, refute, raise or exercise legal requirements. If we do not collect your Data at the time of order completion (via our brick-and-mortar store, live or telephone service from our salespeople, or through our online store), we will not be able to process your order and comply with our legal obligations. We point out that it may be necessary to transfer your Data to third parties for the delivery of the product or service you have ordered (For information on how we share personal data with third parties, see terms 9, 10, 11 and below 12).
  • In addition, we may retain your Data for a reasonable period of time in order to fulfill our contractual obligations, for example product returns, as required by relevant consumer protection legislation, as well as to comply with our legal obligations regarding more specific legislation that applies at any time (tax, etc.)
  • To Create a User Account: The Company processes your Data in order to provide you with account functions and to facilitate the purchase of products.
    For Communication: The Company uses your Data to respond to your requests/questions, refund requests and/or any complaints. The information you share with us enables us to manage your requests and respond to you in the best possible way. We may also keep a record of your queries/requests to us to better respond to any future communications. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests to provide you with the best possible service and to be able to improve our services based on your own personal experience.
  • To Send a newsletter / offers: With your consent, we will use your Personal Data, preferences and transaction details to inform you via e-mail, internet, phone and/or social media networking for relevant products and services including personalized / personalized offers etc. Of course you have the possibility to withdraw this consent at any time.
  • For Web Push Notifications: Depending on your navigation, you may receive, with your prior consent, notifications about our offers, news, your wish list and your shopping cart. Of course you have the possibility to withdraw this consent at any time.
  • For Participation in a reward program: The Company may process your Data for the needs of your participation in a reward program, i.e. both the examination of your application for participation, as well as the collection and redemption of points and in general the enjoyment of customer privileges, as these will be analyzed in the terms of participation in the reward program. This is how we are able to offer you personalized offers that interest you. Of course, you can choose whether to take advantage of them.
  • For the Development and Improvement of the products and services we provide you. This is based on our legitimate business interests.
  • Because we want to offer you offers and suggestions that are more relevant to your interests and needs.
  • To ensure that you are always shown the most interesting content on our Website, we will use the Data you have provided us by giving us your consent to receive notifications about our Website – your consent to placing cookies on your device. For example, we may display a list of products you have recently viewed or offer you recommendations based on your purchase history and any other Data you have shared with us.
  • To send you research and evaluation requests so that we can improve our services. These messages will not contain advertising content and do not require prior consent when sent by email or text message (SMS). We have a legitimate interest in doing so as it helps our products or services to be more relevant to you. Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences in your online account.
  • To protect your account from fraud and other illegal activities: This includes using your Data to maintain, update and protect your account. We also monitor browsing activity with us to quickly identify and resolve any issues and protect the integrity of our website. All of the above are part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect potential fraudulent logins from unexpected locations.
  • To process payments and prevent fraudulent transactions: We do this based on our legitimate business interests and it also helps protect our customers from fraud.
  • To comply with our contractual obligations to you or in accordance with the provisions of the law or in execution of court decisions.
  • To send you communications that are required by law or that are necessary to inform you of changes to the services we provide to you. For example, updates on these privacy notices, product recall notices and legally required information about your orders. These service messages will not contain advertising content and do not require prior consent when sent by email or text message (SMS). If we do not use your personal data for these purposes, we cannot comply with our legal obligations.

We inform you, finally, that the processing of your Data is carried out either by the specially authorized staff of the Company or through IT systems and electronic devices by the Company and exceptionally by third parties, who, having contractually committed to maintaining confidentiality and protecting of your Data, carry out work necessary to achieve the purposes strictly related to the use of our Website, its services and the sale of products through our Websites. Information on this can be found below in terms 9 and 10.

Regarding the use of Cookies by our Company, please be informed here: (Cookies Policy)

7. What is the legal basis for processing your Data by the Company?
data protection legislation which sets out various reasons why a company may collect and process your personal data, including the terms of our contractual relationship
your consent where required. For example when you choose to receive newsletters. When collecting your personal data, we will always inform you which data is necessary in relation to a particular service.
the obligations of the Company arising from the law (e.g. tax legislation, e-commerce legislation, etc.)
the legal interest of our Company. In certain cases, we collect your Data in a way that can reasonably be expected as part of the operation of our business and that does not materially affect your rights, freedom or interests.

8. Who are the recipients of your Data?
Access to your Data is granted to the authorized personnel of the Company, which is limited to the strictly necessary persons and who are bound by confidentiality and the companies cooperating with us or third party service providers who process your Data as Processors on our behalf , according to our orders and based on a special agreement for the processing of your data.

9. How is your Data shared?
Disclosure of Data by our Company
The Company shares your Data with:
Third party service providers who process personal data on behalf of the Company, for example (but not limited to) credit card and payment processing, transfers and deliveries, hosting, management and maintenance of our data, e-mail distribution, research and analysis, promotional management actions, as well as management of certain services and elements. When we use third party service providers we enter into agreements obliging them to implement appropriate technical and organizational measures to protect your personal data.
Other third parties, to the extent required for the following purposes: (i) compliance at the request of a Greek State body, court order or applicable law, (ii) prevention of illegal uses of our Websites and Applications or violations of the Website Terms of Use Our Sites and Apps and our policies, (iii) our own protection against third-party claims, and (iv) helping to prevent or investigate cases of fraud (eg, counterfeiting).
Other third parties to whom you yourself have given your consent.
Sharing of Data by you
When you use your social media information on our Sites or Apps, you may create a public profile that includes information such as your username, profile picture, and city. You may also share content with your friends or the general public, including information about your interaction with the Company. We encourage you to use the tools we provide to manage Company social media sharing to control the information you make available through Company social media assets.

10. What is the policy we apply with the third party Processors of your Data in accordance with the above:
We provide only the information needed to perform their specific services.
They can only use your Data for the exact purposes we set out in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of the data they hold will be deleted or anonymized.
To improve your experience as a customer on our Sites and Apps, we use the following companies, who will process your Personal Data as part of their contracts with us:

Facebook
Google
YouTube
Instagram

11. How do we ensure that Processors respect your Data?
Those performing the processing on our behalf have agreed and contractually committed to the Company:
to maintain confidentiality,
not to send your Data to third parties without the Company’s permission,
to take appropriate technical and organizational security measures,
to comply with the legal framework for the protection of personal data and in particular Regulation (EU) 979/2016 (otherwise GDPR).

12. Data Transfer
The personal data we collect (or process) within the framework of the Website will be stored within the European Union. However, some of the Data recipients with whom the Company shares your Personal Data may be located in countries other than the one in which your Personal Data was originally collected. The legislation in those countries may not provide the same level of data protection compared to the country that originally provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, including the US, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.
We take measures to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries is adequately protected under data protection rules. These include signing the Contractual Clauses, certifying that the recipient has adopted the European binding rules

13. How long do we keep your Data?
We retain your Personal Data for as long as necessary to fulfill the purposes set out in this Privacy Policy (unless a longer retention period is required by applicable law). Generally this means that we will keep your Personal Data for as long as you have an account with our Company. In relation to your Personal Data relating to product purchases, we retain this data for a longer period in order to comply with our legal obligations (such as tax and commercial law and for warranty purposes where applicable). At the end of this retention period, your data will be completely deleted or anonymized, for example by aggregating with other data, so that it can be used in a de-identified way for statistical analysis and business planning.
Some examples of Customer Data retention periods:
Orders
From the completion of an order, we retain the personal data you have given us for five years so that we can comply with our legal and contractual obligations.
Guarantees
If your order included a warranty, the relevant Personal Data will be retained until the end of the warranty period.
Newsletter
Your declaration of consent for the sending of a newsletter is kept for as long as the newsletter is sent to you by the Company, and in any case no longer than six months from the cessation of its sending.

14. Is your Data secure?
We are committed to safeguarding your Personal Data.
Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to secure and protect your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum security.
The website www.ciaofashion.gr uses the security protocol, for secure online commercial transactions. This encrypts all Data you provide, including your credit card number, name and address, so that it cannot be decrypted or changed in transit over the Internet.
In addition, the information used to identify you as an account user is two: the Login Code (Username) and the Personal Secret Security Code (Password). Each time you register your details, you are given access to your personal account. This specific process is achieved safely through encryption during their transfer to the internet and the Company’s servers. By the same standards, you are given the possibility to change your Personal Secret Security Code (Password) as often as you wish. After entering the desired code, the new code is coded and stored in the Company’s systems. For this reason, the only person who knows your password is yourself and you are solely responsible for keeping the password confidential from third parties.
These measures are reviewed and amended when and where deemed necessary.

15. What are your rights?
You have the right to access your Personal Data.
This means that you have the right to be informed by us if we are processing your Data. If we process your Data, you can ask to be informed about the purpose of the processing, the type of your Data that we keep, to whom we give it, how long we store it, whether automated decision-making takes place, but also about your other rights, such as correction, deletion of data, restriction of processing and filing a complaint with the Personal Data Protection Authority.
You have the right to correct inaccurate personal data.
If you find that there is an error in your Data you can submit a request to us to correct it (eg correct a name or update a change of address).
You have the right to erasure / the right to be forgotten.
You can ask us to delete your data if it is no longer necessary for the aforementioned processing purposes or you wish to withdraw your consent.
You have the right to portability of your Data.
You can request to receive the Data you have provided in readable form or ask us to pass it on to another controller.
You have the right to restrict processing.
You may request that we restrict the processing of your Data pending the consideration of your objections to the processing.

You have the right to object and withdraw consent to the processing of your Data.
You can object to the processing of your Data and we will stop processing the Data, unless there are other compelling and legitimate reasons that override your right. If you have given your consent to the collection, processing and use of your personal data, you can withdraw your consent at any time with future effect:
 Opting out of receiving Marketing Communications
You can opt out of receiving marketing communications by changing your email records by clicking the unsubscribe link or by following the instructions included in the message.
Alternatively you can contact us using the contact details we give you in term 17 below.
In case we rely on our legitimate interest: In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons related to your personal situation. We must then do so unless we believe we have a compelling legitimate reason to continue processing your Personal Data.

16. How can you exercise your rights?
To exercise your rights, you can submit a relevant request to the email address info@ciaofashion.gr with the title “Exercise of Right” and we will examine it and answer you as soon as possible.
Exceptionally:
if you wish to correct your Data in your user account, you can log in to it and make any correction/change without requiring the submission of a Request.
if you wish to withdraw your consent to send a newsletter, you can do so by selecting the link “To delete from the “newsletter mailing list” click here” located at the bottom of each newsletter.
if you wish not to receive web push notifications from the Company, you can disable the option from your browser settings.
Identity check
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorized a third party to make a request on your behalf, we will ask them to demonstrate that they have your permission to act for this purpose.

17. When do we respond to your Requests?
We respond to your Requests free of charge without delay, and in any case within (1) one month of receiving your request. However, if your Request is complex or there are a large number of your Requests, we will inform you within the month if we need to obtain an extension of another (2) two months within which we will respond to you.

18. What is the applicable law when we process your Data?
Applicable Law is Greek Law, as formulated in accordance with the General Regulation for the Protection of Personal Data 2016/679/EU, Law 4624/2019 (as applicable) and in general the current national and European legislative and regulatory framework for the privacy.
Any dispute arising out of or related to the protection of your Personal Data shall be subject to arbitration in accordance with the Mediation Regulation of the European Mediation and Arbitration Organization (EOMIA). In the event that the dispute or part thereof is not resolved through mediation, the dispute or the unresolved part thereof shall be resolved exclusively, finally and irrevocably by an arbitral tribunal, appointed and conducting the arbitration in accordance with the EODID Arbitration Rules.

19. Where can you go if we breach the applicable law for the protection of your Personal Data?
You have the right to file a complaint with the Personal Data Protection Authority if you believe that the processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data.
Personal Data Protection Authority, Postal address: Kifissias 1-3, PO Box 115 23, Athens, tel.: 210. 6475600, e-mail address (e-mail): contact@dpa.gr

20. How will you be informed of any changes to this Policy?
We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will post an update to this on our website before the changes take effect and we will notify you as soon as possible.
We encourage you to read this Policy periodically to know how your Data is protected. This privacy policy was last modified 20/12/2022.