PRIVACY POLICY
1. Introduction
With this Privacy Policy (hereinafter referred to as the "Policy"), our company, operating under the name "AXF SA" (hereinafter referred to as the "Company," "we," "us," "Data Controller"), respecting the privacy of users and visitors of this website (hereinafter referred to as "visitors," "you," "yours"), and ensuring the security of their personal data, provides the necessary information and updates regarding the processing of personal data and your rights as subjects of this data processing.
In order to be transparent about the methods of collecting, using, processing, and storing personal data, the Company encourages visitors to its website and all interested parties to read this Policy to acquire the following information:
2. Legislative Framework
The processing of your personal data is governed by the relevant provisions of the applicable legislation for the protection of personal data (Law 125(I)/2018), the Directives and Regulations of the European Union (particularly the General Data Protection Regulation (EE) 2016/679 - GDPR, hereinafter referred to as "GDPR"), as well as the relevant decisions, guidelines, and regulatory acts of the Office of the Commissioner for Personal Data Protection. It is subject to the legal provisions and constraints they establish.
3. Definitions
For the purposes of this Policy:
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
(3) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; For the purposes of this Policy controller is AXF CYPRUS LTD with its registered address at 93, Acropoleos Str, VASILEIA COURT, flat 202, Aradipou, 7101, Larnaca, Cyprus, and registered under the tax ID CY10378689.
(4) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
(5) ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
(6) ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
4. Personal Data Subject to Collection and Processing, and the Legality of Processing (Legal Basis and Purpose of Processing)
We collect data and information that you provide to us when you enter and navigate our Company's website, use our services (such as making purchases, contacting us, etc.), or when you submit a complaint, question, or request, with the purpose of communicating with you. Additionally, information may be gathered from third parties (natural or legal entities), such as technology companies or social media platforms.
Specifically, we collect and process, on a case-by-case basis, the following categories of your personal data in the following instances:
Data Processing |
Data categories |
Purpose | Legal Basis |
Entering the Website |
IP address, date and time of access, geographical time zone, the operating system of your terminal device and its version, your browser and its version, as well as the name of your terminal device and/or user. | for the purpose of providing personalized services to you, ensuring a secure connection, and maintaining the security and stability of our system. | legitimate interest, within the framework of making our website accessible to the general public and providing services to them. |
Registration |
name, surname, and email. |
for the purpose of creating an account and registering you as a member on our website |
a) the terms governing your registration (contractual basis) and b) our legitimate interest, within the framework of providing optimal service and offering privileges to our members. |
Order |
name, surname, email, billing and shipping address, invoice information, phone number. | for the purpose of entering into a contract with you, managing and processing your order, invoicing, complying with tax obligations, and providing customer support |
a) the contract between us and b) our legal obligations |
Newsletters |
for the purpose of sending informative newsletters regarding our offers, products, and services, as well as exclusive privileges. |
|
|
Contests Participation |
name, surname, email address, and in some cases, telephone number | for your participation in contests, winner selection, and prize delivery. |
a) the contract between us and b) our legitimate interest in fulfilling our commercial purposes and presenting our products and services |
Contact |
name, surname, email, telephone number for potential order confirmation, your message (via contact form) / email, name, and surname, your message (via email contact) / | for potential order confirmation, for communication, handling, and resolving your requests, questions, issues, or complaints, |
a) the contract between us, b) our legal obligations based on consumer law, c) our legitimate interest in serving you, and d) your consent on a case-by-case basis. |
Contact via e-mail |
e-mail, first name, last name (as needed), content of the message | Communication, handling/resolution of your request, inquiry or complaint |
a) the contract between us b) our legal obligation, based on consumer law c) our legitimate interest in serving you |
Product & Service Evaluation / Customer satisfaction surveys |
full name, phone number, contact address, e-mail address, evaluation content/feedback, transaction code, device details (Language of browser, Type of device, Browser Version, OS Version). | Submission of opinion in the context of ordering and customer service / Evaluation of services | a) legitimate interest, within the framework of serving you, evaluating the products and services provided, improving their level and quality. |
5. Processing of personal data of special categories
Our company does not process or collect "sensitive" personal data of special categories through its website. This includes data related to your racial or ethnic origin, religious or philosophical beliefs, health data, or data concerning your sex life or sexual orientation. These types of data are not necessary for us and the purposes of processing.
Visitors to our website are required to refrain from providing, disclosing, or submitting personal data of special categories concerning themselves or third parties. In the event that such data is discovered, it will be immediately and securely deleted in a manner that cannot be recovered. The company is not responsible for any provision or processing of such data that occurs due to the actions or omissions of visitors, in violation of the aforementioned obligation.
6. Data concerning minors
For the purposes of this Policy, minors are considered individuals who have not reached the age of eighteen (18) years. Our Company does not process personal data of minors through the websites. Our online store is not intended for individuals who have not reached the age of eighteen (18) years. Therefore, our company does not process personal data from minors.
In case we become aware that a minor has provided or disclosed their data to us, without the consent of their legal representative, Company reserves the right, to delete the relevant data. If you become aware that a minor has provided their data without the consent of their legal representative, please contact us immediately. If we become aware that personal data we process belongs to a minor without the consent of their parent or guardian, the company will take appropriate measures to immediately delete such data and prevent similar incidents in the future.
7. Recipients of personal data
The company does not disclose personal data to third parties (natural or legal persons) unless required or permitted by law.
The following entities may process personal data gathered in the course of our relationship, including order placement, execution, and delivery; support during order search and execution; and responses to inquiries.
(a) Authorized and appropriately trained personnel of our company who are subject to confidentiality and non-disclosure agreements
(b) In some cases, our partners to whom the company assigns the execution of specific tasks on its behalf (data processors), in accordance with Article 28 of the GDPR, have agreed to implement adequate measures in accordance with the relevant provisions of the GDPR (Articles 28, 32). This may include, but is not limited to, third parties for the shipment of orders, third-party technical companies involved in website management and service provision, application support companies, and promotional service providers (e.g., sending newsletters, conducting customer surveys to evaluate the company's services).
(c) Public authorities and bodies, such as public services and agencies, independent regulatory authorities, police, competent authorities, prosecutors, and other administrative services, when required by the applicable legislative framework.
In these circumstances, we take all necessary steps to ensure that these recipients are subject to confidentiality obligations and implement sufficient security measures to safeguard your personal data.
8. Data Retention
At our company, we understand the importance of safeguarding the privacy and security of your personal data. Our commitment is to retain your data only for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable legal and regulatory requirements. The specific retention period may vary depending on the type of data and the relevant laws.
In general, we retain your personal data, both in physical and/or electronic form, for the duration of your contractual relationship with our company and any individual contractual obligations. The maximum retention period is set at 20 years from the date of collection, or for the duration necessary to achieve the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
When determining the retention period, we take into account the following factors:
(a) The nature and sensitivity of the personal data.
(b) The purposes for which the data was collected and processed.
(c) Any legal, accounting, or reporting obligations that necessitate data retention.
(d) Our legitimate business interests, including maintaining accurate records and improving our services.
Upon the expiry of the retention period, we will securely delete or anonymize your personal data in compliance with applicable laws and regulations.
Please note that certain circumstances may require us to retain your personal data for an extended period, such as to fulfill legal obligations or protect our legitimate interests in case of a legal claim or dispute.
If you have any queries regarding our data retention practices or if you require specific information about the retention period for a particular type of personal data, please contact us using the details provided in the "Contact Us" section of this Privacy Policy.
9. Technical and Organizational Measures
The Company takes all necessary technical and organizational measures to safeguard technological and physical security, in accordance with the applicable legislation (Art. 32 of the GDPR). We implement encryption and security measures for electronic transactions wherever feasible (user interaction with the website and product purchases), technical controls and management of technical and logical errors, a policy and corresponding procedures for graded access to infrastructure and personal data, a secure remote access process, regular updates to service delivery infrastructure as well as electronic security infrastructure, implementation of periodic assessments and grading of potential threats, installation of applications and infrastructure to prevent malicious activities of any kind, a comprehensive business continuity plan based on secure backup procedures, installation of closed-circuit video surveillance systems (only in physical facility installations where required by law), and physical security infrastructure.
Our Company continuously evaluates, and enhances the desired level of information security, taking additional measures on a regular basis to address new threats and associated risks, as well as adopting new factors for further risk mitigation in line with the management's intentions.
In general, we demonstrate due diligence in ensuring the integrity, confidentiality, and availability of personal data to the extent possible. We remain prepared to respond effectively and promptly to any potential data breaches. To this end, we have adopted, update, and implement appropriate internal policies and procedures in accordance with best practices and international standards.
Furthermore, the Company maintains an updated record of processing activities, including the required information as stipulated in Article 30 of the GDPR, and has appointed a Data Protection Officer (DPO) in accordance with Articles 37 and onwards of the GDPR.
10. Cookies
To ensure the proper functioning of this website, we utilize cookies. For more information on these cookies, you may consult our Company's Cookie Policy, which is available on our website.
11. Social Media
Our Company ensures its presence on social media platforms such as Facebook, Twitter, Instagram, LinkedIn, and YouTube. In conjunction with our entire Policy, in this section our Company provides users with necessary information regarding the processing of their personal data through social media.
Through social media, the Company frequently offers you the chance to leave comments, send messages, and stay updated on our latest news, among other activities. In all of these instances, both our Company and the relevant operator of each social media platform (e.g., Facebook, Instagram, etc.) act as Joint Data Controllers, as defined in Article 26 of the GDPR, for the processing of your personal data.
Therefore, it's not always possible to have full knowledge of the type of data processed by the operators of each social media platform, but we make every effort to configure our pages on social media and act in accordance with the possibilities we have from the operators to ensure the processing of your personal data in compliance with the current legal framework.
To receive more information regarding the processing of your personal data by the operators of social media platforms and to further inform yourself, you can refer to the following, as appropriate:
(a) Facebook: www.facebook.com/privacy/explanation
(b) Instagram: help.instagram.com/519522125107875
(c) Twitter: twitter.com/en/privacy
(d) LinkedIn: www.linkedin.com/legal/privacy-policy
(e) YouTube: www.youtube.com/yt/about/policies/
When you interact with us through social media using the aforementioned methods, the purposes of processing your personal data are primarily to serve you (where this is possible, e.g., sending messages or posting comments).
In cases where you engage with us through the aforementioned means, the legal basis for processing is our legitimate interest, within the context of serving you and resolving any requests, issues, or concerns you present to us (Article 6, Paragraph 1, Point f of the GDPR).
12. Marketing communications
We may send promotional communications to customers who have expressly opted-in by selecting the relevant preference during site visits or order completions. Such communications may include:
(a) SMS/text messages and Viber messages containing offers, product updates, loyalty programs, and company news/updates.
(b) Email and mobile app newsletters with similar promotional information.
The legal basis for processing personal data in this way is consent under Article 6(1)(a) of the GDPR. By opting-in, customers agree we and any third party service providers may contact them via the selected means.
Customers always maintain full control over whether they wish to receive such communications. Each promotional message will include straightforward and prominent instructions for unsubscribing at any time, which upon action will remove the customer from all related marketing lists.
Alternatively, customers can modify their preferences or withdraw consent by contacting us through the methods listed at the end of this policy. We aim to respect privacy preferences and make opting-out or modifying contact choices as simple and clear a process as initially opting-in.
Our communications will be relevant to the services and customer experience. However, please do not hesitate to contact us if you have any other questions regarding this processing of personal data for optional marketing purposes.
13. Profiling
We may send you personalized emails about our products and promotions when you opt-in by selecting the relevant preference box.
"Personalized communication" means targeted recommendations and customized content based on your inferred preferences and interests. To create a profile for this purpose, we analyze the personal data directly provided by you, including identifying information, purchase history and participation in programs.
We use profiling and data analytics techniques to determine your likely needs and preferences. This involves automated processing including the organization, analysis, and prediction of personal aspects relating to your economic situation, personal preferences, and interests. As the sole basis for automated decision-making, including profiling, these techniques allow tailoring communication that is relevant to you as an individual.
You have the right under GDPR Article 22 to request human review of any automated processing, object to profiling that may have a legal or similarly significant effect, and access profiling results concerning your personal situation.
We take technical and organizational security measures to safeguard your data, including implementing role-based access controls and encrypting sensitive profile attributes in transit and at rest. You may request access, rectification or deletion of any inaccurate personal data at any time.
Please let me know if you require any clarification or have additional questions about our approach to profiling and ensuring transparency of processing activities involving your personal information. Our goal is to respect your rights, choices and privacy in all data handling practices.
14. Rights of the Individual
You have a number of rights with respect to your personal data under GDPR:
(a) Right of access - You can request details on whether your data is being processed, and receive copies of that data.
(b) Right to rectification - You can have inaccurate or incomplete data corrected or added to.
(c) Right to erasure (right to be forgotten) - Under certain conditions you can request erasure of your data.
(d) Right to restrict processing - You can request limits on how your data is handled.
(e) Right to data portability - You can transfer your data to another controller.
(f) Right to object - You can object to processing of your data for marketing or profiling.
(g) Rights related to automated decision making - You have rights around decisions made solely by automated means that impact you.
Any request concerning your personal data and the exercise of your rights, according to the current legislative framework for the protection of personal data, should be submitted in writing. Please fill out the Rights Exercise Form available on our website and email it at [email protected]. Requests are generally free but may incur administrative costs if excessive or repetitive.
Informally, the role of the Data Protection Officer is purely advisory and involves mediating between our Company and the data subjects.
Our Company is committed to making every possible effort to carry out the necessary actions within a period of thirty (30) days from receipt of each request, unless the work regarding its satisfaction is characterized by specificities and/or complexities, based on which the Company reserves the right to extend the completion period up to sixty (60) additional days. Certainly, in this case the data subject will be informed of the above extension within the thirty (30) day period.
You also have the right to lodge a complaint with the Hellenic Data Protection Authority if you feel your data rights have been infringed. Contact details are available at www.dpa.gr or by phone at +30 210 6475600.
15. Company Statements
(a) Disclaimer of Liability: The Company makes no representations or warranties about the accuracy, completeness, or suitability for any purpose of the information and related graphics published on this website. Such information and materials may contain inaccuracies or errors, and are subject to change without notice.
The Company shall not be liable for any damages arising from the visitor's use of or inability to use the website or reliance on any information provided on the website. The visitor is solely responsible for taking precautions, such as using virus checking software, to protect their own systems and data from viruses and other Internet security risks.
(b) Policy Updates and Notifications: This Privacy Policy may be updated from time to time to reflect changes in our practices and services. The Company will post notice of material revisions on this page and indicate the date of the last update at the top of the policy. Continued use of our services after any changes come into effect constitutes your acceptance of the modified Privacy Policy.
The Company makes no representations or warranties about the accuracy, completeness, or suitability for any purpose of the information and related graphics published on this website. Such information and materials may contain inaccuracies or errors, and are subject to change without notice.
(c) Scope of consent: By accessing this website, the visitor acknowledges and consents to the collection, use and disclosure of personal information by the Company as described in this Privacy Policy. This consent is given solely for the purposes stated herein and extends only to the Company, unless otherwise stated.
The Company will not use or share any of the visitor's personal information collected through this website for any other purpose without first obtaining the visitor's consent, unless otherwise permitted by applicable law.
Last update: October 2023