Privacy Policy and Personal Data Protection

General Information

This privacy policy aims to provide you with information about how we process your personal data, in accordance with Article 13 of the General Data Protection Regulation 2016/679 (GDPR). Because we respect your personal data and your privacy, we declare that the protection of your personal data is our ongoing commitment. This privacy policy informs you about how we handle your personal data as a customer, prospective customer, visitor, or user of our website and provides information regarding your rights and how you are protected under Greek and European legislation. Our company is the data controller, as defined below.

Company Name: VICKO S.A. – Imports – Exports of Glassware
Address: 10 Apollonos St., Pylea, Thessaloniki
Contact details: tel. +30 2310476737, email: info@vicko.gr
Representative: Ilias Triantafyllidis

In this website, the terms "our company", "we", "our", and "us" refer to the business entity “VICKO S.A.”. Additionally, these terms may also refer to each business entity using the VICKO trademark within the context of the franchise network for the reasons explained below.

 

Joint Data Controllers

Our company cooperates with a large number of businesses, having entered into franchise agreements with them. These businesses may be sole proprietorships or companies under Greek law. The affiliated businesses participate in the operation of the online store within the franchise network, either by receiving orders and shipping VICKO products to the buyer or by displaying their product availability on the online store.

As such, each business as a franchisee may process the necessary personal data of customers, either jointly with our company or on its own behalf, for the purpose of fulfilling the sale or providing service within the scope of the sale.

For this reason, our company and its partners, as joint data controllers, are already committed to ensuring the secure and lawful processing of personal data, in compliance with the General Data Protection Regulation 2016/679. Therefore, the processing of customer data, whether by the company, the joint controller, or both, is conducted lawfully, securely, and in accordance with the GDPR.

 

General Definitions

  • Personal data refers to information that can be associated with an individual. Data is considered personal if the person it concerns can be identified directly or indirectly.
  • Sensitive personal data or special categories of data include data such as religious, ideological, political views or actions, health information, gender or biometric data, race and ethnic origin, and administrative or criminal sanctions.
  • Data processing means any activity or series of activities carried out on personal data, regardless of the method or means used (automated or not), such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, review, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, deletion, archiving, display, and destruction.
  • Data file is any structured set of personal data accessible in a way that allows the identification of the data subject.
  • Data controller is the legal entity that determines the purposes and means of processing personal data.
  • Data processor is the natural or legal person who processes personal data on behalf of the data controller.
  • Joint controller is a legal entity that determines the purposes and means of processing personal data either independently or jointly with the data controller.

 

Changes to the Privacy Statement

This version was updated on 20.6.2023 and may be subject to future changes to ensure compliance with Regulation 2016/679 on the protection of personal data. This version replaces all previous publications or notices.

We reserve the right to amend this statement and apply any changes to previously collected information in accordance with legal requirements.

If there are material changes to this statement or our practices regarding information change in the future, we will notify you by posting the changes on our website.

It is important that the personal data we hold about you is accurate and up to date. We ask that you notify us of any changes to your personal data during your relationship with us.

Our company may amend this Privacy Policy to reflect current personal data protection practices. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

 

Location of Data Processing

The company is based in Greece; therefore, all processing conducted at our facilities takes place within Greek territory. The same applies to the joint data controllers.

 

Purposes of Data Processing and Legal Basis

Our company processes personal data for business and legal purposes, as it is a commercial entity selling glassware and household goods both locally and online through its website. As part of its commercial activity, it collaborates with suppliers and customers, which necessitates the processing of relevant personal data. Additionally, the online activity of our website requires the processing of online data from interested internet users.

Moreover, due to professional needs, the company engages in advertising activity and lawfully processes data to offer promotional deals to interested parties and existing customers.

We process your data for various purposes, including:

  • To provide our products based on our sales agreement.
  • To handle your requests and keep you updated on their status.
  • To contact you with offers or promotions based on your usage (unless you have opted out).
  • To invoice your purchases or manage your outstanding balances.
  • To respond to inquiries or concerns about our products.
  • To understand how you use our services, enabling us to develop more personalized and relevant offerings.

In this context, we may collect: full name, residential address, email, landline or mobile phone number. These may be collected through various means such as signing printed or online orders, paper or electronic forms, by phone, email, in person, or through registration in promotional activities.

Additionally, during user registration in our online store, we securely collect usernames and passwords, and possibly tax (TIN) and banking (credit card number) data to ensure safe and efficient order processing. Note that we do not process card data ourselves; it is entered in encrypted form on the cooperating bank’s website.

 

Legal Basis for Processing

Our company collects and processes your personal data based on your consent, provided you have been previously informed by this policy about the type of data, its purpose, the extent of processing, and the recipients. Your consent may be withdrawn at any time. See the “Your Rights” section for more information.

However, as detailed below, processing may also be based on other legal grounds beyond consent, such as performance of a contract, support of our company’s legitimate interests, or compliance with legal obligations.

 

 Contract Performance

Our company processes customer personal data to perform the sales contract, requiring processing of identity and contact details (e.g., full name, phone number, physical and email address) to complete sales and keep customers informed. We also process data provided by the interested party to enter into a contract and manage their requests. The registered user’s username and password and banking data (in an encrypted bank environment) are collected to complete the purchase.

 

Compliance with a Legal Obligation

We may process your personal data to comply with mandatory legal obligations, including, for example, accounting and tax requirements. For instance, we must collect tax information (TIN) necessary for issuing receipts or invoices, depending on the case.

 

Consent

For subscription to our newsletter (whether by a customer or not), explicit consent is required. The same applies to phone notifications about offers to prospective or current customers. Your consent can be withdrawn at any time.

 

Support of Legitimate Interests

As a private professional entity, our company may lawfully process data of customers or interested parties for marketing purposes, provided it respects individual rights and maintains a balance between its advertising efforts and your data protection.

We collect your personal data when:

  • We provide our products or services to you.
  • You register for an account by completing and signing the relevant form.
  • You subscribe to services such as newsletters.
  • You request information, submit questions or complaints.
  • You participate in surveys or competitions.

 

Cookies

Our company’s websites use cookies. Some are essential for the technical operation of the site, while others are used for statistical analysis or advertising targeting. For more information, please refer to our Cookie Policy.

 

Recipients

Personal data may be shared with our advertising partners with your consent.
They are also obligatorily disclosed to the competent tax authorities.

 

Data Transfers to Third Countries

Our company does not transfer data outside the European Union.

 

Data Retention Period

We retain personal data only for as long as necessary. We apply a strict review and retention policy to avoid keeping data longer than required. Data needed for tax and accounting purposes is retained for the legally required period, i.e., at least 10 years.

If you have given consent for direct marketing messages, we will retain your data until you notify us or revoke your consent.

 

Data Subject Rights

As a data subject, you have the following rights:

  • Right of access to your personal data and information on its processing (Art. 15 GDPR).
  • Right to rectification of inaccurate or incomplete data (Art. 16 GDPR).
  • Right to erasure of your personal data, subject to legal retention obligations (Art. 17 GDPR).
  • Right to restriction of processing under certain conditions (Art. 18 GDPR).
  • Right to data portability under conditions (Art. 20 GDPR).
  • Right to object to processing based on legitimate interest or public interest grounds (Art. 21 GDPR).

 

Clarification

You will not be charged for accessing your personal data or exercising any other rights. However, we reserve the right to charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply in such cases.

 

Withdrawal of Consent

You may withdraw your consent at any time where processing is based on it. This does not affect the lawfulness of processing before withdrawal. If you withdraw consent, we may not be able to provide you certain services. We will inform you at the time of withdrawal.

 

Obligation to Provide Data

Providing the necessary data for product sale and order updates is required to fulfill the contract. Providing tax/accounting data is a legal obligation. If a customer or interested party does not provide this data, we cannot process a sale or communicate offers, and tax law would be violated, possibly resulting in sanctions.

 

Targeted Advertising

Our company, as part of its advertising activity, sends informational emails (newsletters) and conducts phone-based promotional updates upon consent, without engaging in targeted advertising or profiling.

 

Complaint Submission

Any request regarding your personal data and rights must be addressed in writing to our company at info@vicko.gr. The designated Data Protection Officer is Mr. Georgios Papadopoulos. A special form for exercising access rights is available at our offices. If the company refuses or delays without justification, you may file a complaint with the Hellenic Data Protection Authority, the competent supervisory authority for GDPR enforcement. For more information, visit www.dpa.gr. For any queries, we encourage you to first contact us so we can address your concerns before you approach the Authority.