PRIVACY POLICY

Personal Data Policy

This Policy describes and explains how the personal data of visitors and registered users of the obiotique.com Website (hereinafter "Website") is used.

Natural persons who visit the Website may navigate the Website and make use of its services and content either as ordinary visitors or as registered users and the processing of their personal data due to such access is governed by this Policy.

Please read our Policy carefully to clearly understand how we collect, use, protect or process in any way your personal data.

For members of the Loyalty Program in the e-shop (www.obiotique.com), the terms and conditions and personal data policy of the Program apply in addition.

  1. Who we are - Data Controller

The Website obiotique.com includes the e-shop of the Company under the name "O-BIOTIQUE PRIVATE COMPANY" and the distinctive title "O-BIOTIQUE", with VAT: 800757312, D.O.Y. Maroussi, GEMI Number 139796101000, with the activity of "import, marketing, distribution and sale of cosmetics, food supplements and other related products aimed at improving or maintaining health and beauty" (hereinafter "Company" or "O-BIOTIQUE"). The Company's registered office is located in Maroussi, Attica, 3-5 Sorou Street, P.O. Box 15125, tel. +30 210 61 99781, e-mail: info@obiotique.com

OBIOTIQUE PRIVATE COMPANY is the Data Controller of the processing of personal data concerning you when you use our Website and the services offered through it and controls the data processing which complies with the General Data Protection Regulation 679/2016/EC (GDPR).

OBIOTIQUE PRIVATE COMPANY informs visitors/users of its Website about the following:

  1. Definitions

"General Data Protection Regulation".

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person; the data subject is an identifiable natural person; an identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

'processing' means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

'controller' means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law.

'Processor' means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

'recipient' means the natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not by a third party.

'third party' means any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and persons who, under the direct supervision of the controller or the processor, are authorised to process personal data.

"Visitor": anyone who visits and navigates the Website.

"(Registered) User": anyone who creates an account on the Website 

"Loyalty Program": anyone who enrolls in the Loyalty Program the e-shop Website (ehsop) obiotique.com

  1. How do we collect your data?

- Directly from you

We collect personal data directly from you when:

- You visit and browse our Website.

- You register/create an account on our Website and enter your data on it, such as your name, contact details, etc.

- you place an order and purchase products displayed and available on our Website either as a visitor or as a registered user.

- you manage your order on our Website after you have registered it.

- you make a withdrawal, order cancellation, product return request.

- save a product in your shopping cart to buy it at another time, or mark products as your "favorites".

- enter additional information in your account to receive personalized information about products on our Website, depending on your preferences.

- contact us by completing the relevant form on our Site, by sending an email to the Company, by post, by telephone or by any other method.

- subscribe to the newsletter form on our Website.

- By automated means when using our Website

When you use our Website, we automatically collect information, including personal data, about the pages you visit, the services you use and how you use them. This information may include information about your interactions/interactions with the Site, log and device information, IP address, dates and times of access, hardware and software information, geographic location, browser type and version and operating system, cookie data and data from similar technologies, and other information about your use of the Site. For more information on the use of cookies and similar technologies, please read our Cookies Policy.

- From third parties

When you register as a user or log in to your obiotique.com account via a third party service (Google, Facebook, Instagram), this service may transmit data to us, such as registration information and your profile on that service. This information varies and is defined by the third party service. You can customize the information transmitted through your privacy settings in your profile on these services. Please note that the Company is not responsible for the collection and processing of personal data by these services for their own purposes, which is carried out in accordance with the Privacy Policies of each service, and we recommend that you read their Policies before browsing them.

  1. What data we collect from you (Type of Personal Data)

The Personal Data we collect varies depending on your use of our Website (visitor or registered user) and may include the following:

For Visitors who complete an order:

- The full name and surname.

- the delivery address of the products

- the full name and address of the order (if different from the shipping address)

- the full billing details, such as Name, Occupation, Tax Office and VAT number (if an invoice is selected)

- a contact telephone number (mobile and/or landline)

- the e-mail address

- any information contained in your communications with us, by e-mail, via the contact form on our Website, by telephone or by post, including the communication content and metadata

- any information contained in any comments you have added to your order.

In addition to the above, the Company also collects and stores the following personal data only for registered users:

- the password you choose to log in to your account

- optionally the date of birth

- optionally a name related to the stored shipping address e.g. home, office, etc.

- order history

- frequency of visits

- products in your shopping cart or favourites list

- participation in promotions and means of communication for receiving messages

Also, when sent via SMS/viber/email etc. to the registered user updates on changes to the terms of use of obiotique.com with a hyperlink (link), it is possible to record the IP address of his electronic device (mobile, tablet, computer etc.) to prove that the registered user has received the update.

Special category data

Please be informed that we do not require special categories of personal data (e.g. health data) for the services of our Website. However, if we detect or you point out to us the existence of such data on our Website or in our communications, we assure you that we will promptly delete it unless we need to retain it to support our rights.

Third party address data

In the event that a delivery of products or services is requested to a third party other than the visitor or registered user, the latter acknowledges that he/she will be fully responsible for informing and obtaining the full consent of the person he/she designates as recipient for the disclosure of his/her personal data to OBIOTIQUE for the sole purpose of delivering to him/her the relevant products and assumes full responsibility for any claims of that person against the Company.

Bank card details

The credit card details used by the visitor or registered user are not stored in the Company's storage media during the transaction, but are directly registered in a secure environment of the partner company VIVA that has undertaken the routing of the cards.

  1. How and for what purpose do we use your data?

We use the personal data we collect when you browse our Website or create an account etc. to provide our services, to improve and develop our Website and our online store (eshop), to create and maintain a reliable and safer environment and to comply with our legal obligations. In particular, we use your data:

- To enable you to access and browse our Website.

- To enable the operation of our Website and to enable you to purchase our products through the Website either as a regular visitor or, after creating an account, as a registered user.

- To provide access to services on our Site for registered users only, such as viewing order history, marking products as "favorites", etc.

- To enable you to save a product in your shopping cart if you wish to purchase it at another time.

- To enable you to send your orders to the addresses you select.

- To enable you, alternatively, to pick up your orders from BoxNow's automatic pick-up machines (Lockers).

- To enable you to monitor the status of your order at any time.

- To be able to contact us via the contact form on our Website, by email, telephone or post.

- To enable us to respond to visitor and user service requests.

- To send receipts, invoices and collect payments from you.

- To send you notices and other communications related to your account.

- To receive, if you wish, personalized information about our Site products based on your preferences as a registered User.

- To send you promotional, marketing, advertising and other information about our products and/or services.

- To ensure that we enforce our Terms of Use and other policies.

- To comply with our legal obligations.

- To detect and prevent fraud, spam, abuse, security incidents and other harmful activities and to conduct security investigations and risk assessments.

- To improve our services and enhance your user experience, for purposes of testing, troubleshooting and improving the functionality and quality of our online services, and generally to optimize and customize our Site to your needs, making it easier to use.

O-BIOTIQUE declares that your data will only be used for the purposes stated above. No other use of your data will be made without your prior notification and, where required, your express consent. If we reasonably consider that we need to use your data for another purpose, it will be a purpose relevant and compatible with the purpose for which the data was originally collected. In addition, before we use the data for an alternative purpose, we will also take into account, inter alia, any relationship between the purposes for which the data were collected and the purposes of the further processing envisaged, the context in which the data were collected, the nature of the data, the likely consequences of the envisaged further processing for the data subjects and the existence of appropriate safeguards.

 

  1. What legal bases do we rely on for processing your data?

O-BIOTIQUE relies on the following legal bases for the processing of user data:

- Contract performance (Article 6.1.b GDPR): in order to achieve the purpose of the performance of the distance selling contract or to take measures at the request of the user prior to the conclusion of the contract, and in particular to enable the visitor/user to complete his/her orders on obiotique.com, it is necessary to process the personal data provided by him/her when registering and entering his/her order in the order registration form and to record and monitor his/her transactions. The purpose of this basic processing of data is for each user, the completion of the specific order, the communication and sending of informative messages concerning the stages of the processing of the order, the provision of clarifications related to the order and in general the analysis and information on purchases he has made, the delivery of the order to the place of his choice, the confirmation and identification in any necessary case and the information on the existing stock in obiotique.com by product and store, the management of the order, the management of the order and the processing of the data.

- Legitimate interests (Article 6.1.f GDPR). We also consider that our legitimate interests include the appearance and promotion of our Website, our products and services in social media and other IT services, giving also the opportunity to other users of these networks to participate in promotional activities, as well as to declare that they like our page and to post comments on our products.

 

Also, the Company reserves the right, for information purposes, to communicate with the visitor and/or the registered user by telephone, mail, e-mail, mobile phone message (SMS) or any other appropriate means of communication to his/her contact details, which were legally acquired in the context of our previous business relationship (article 11§3 of Law 3471/2006) and if the visitor/user does not object to this communication. This information may include information about its products and/or offers and/or competitions, communication for conducting surveys to improve the products and services provided to its users as well as other promotional activities and serving similar purposes. Also, the Company may communicate with the visitor and/or registered user through messaging services such as WhatsApp, Viber, etc., for the purpose of better communication and control of the cost thereof.

- Legal obligation (Article 6.1.c GDPR): processing is necessary to comply with a legal obligation to which the Company is subject (such as tax legislation, or lawful requests of law enforcement).

- Consent (Article 6.1.a GDPR): the processing is carried out after obtaining your consent to the processing of your personal data for one or more specific purposes, such as, but not limited to, in order to receive our newsletter with promotional material from us, in case you are a simple visitor to our Website and there is no previous business relationship between us. Where we have obtained your consent for a specific processing, you have the right to withdraw your consent at any time, without such withdrawal affecting the processing that has taken place up to that point.

  1. Who has access to your data (Data recipients)

For the data necessary to serve each of the above processing purposes and within the scope of the responsibilities of each recipient, the recipients of the user's data may be:

- The competent employees and executives of O-BIOTIQUE.

- The company which provides customer management services for the physical and online stores (CRM services) of O-BIOTIQUE and which has undertaken, among other things, the registration, updating, updating and maintenance of the database of members' data as the processor on behalf of OBIOTIQUE and in accordance with its instructions and recorded instructions and/or any other company which in the future provides OBIOTIQUE with the same services in replacement of or in cooperation with the aforementioned company.

- External partners who provide customer support services, market research, legal services, accounting services and/or fraud detection and prevention services, including anti-fraud control services, internet services, order storage and management, call centre services, (postal) delivery or groupage services, product installation services and sales data analysis services, order pick-up services from pick-up points, marketing services, which are subject to

- payment services from the partner payment institution, for the realisation, management and settlement of payments for purchases and for the completion of any refund requests in the event of withdrawal or cancellation of the order.

In addition, we may transfer your data:

- to the extent we are required to do so by law‧

- in connection with any ongoing or future court/legal proceedings‧

- in order for O-BIOTIQUE to safeguard , exercise or protect the rights, property or safety of O-BIOTIQUE and Users of the Website (including, without limitation, to enforce our Terms of Use).

When registering, accessing and/or processing the Visitor's and Registered User's personal data, OBIOTIQUE's employees and invitees are committed to fully comply with the provisions of the European General Data Protection Regulation 2016/679 as well as with the applicable Greek legislation on personal data protection. O-BIOTIQUE requires its employees, the maintainers of its Website, as well as its third party partners to take all necessary technical and organizational measures (including appropriate policies and procedures to prevent the disclosure of the personal data of its visitors/registered users that they process and possess and implement procedures for the management and processing of personal data in a lawful manner and protect them in accordance with the GDPR).

For sending communication via SMS and OTT messaging services (such as WhatsApp, Viber, etc.) O-BIOTIQUE makes use of the notified mobile phone numbers that it lawfully processes. For more information on the processing of your data by these services and applications, please refer to the respective terms and privacy policies applied by the respective OTT service providers and mobile operators.

  1. Where do we store your data and where do we transfer it?

Your data is stored securely on servers and computer systems within the EU. To achieve O-BIOTIQUE's purposes, the personal data collected is processed within the European Economic Area (EEA). However, we may use providers, for certain online services, located outside the EEA. In the event that we need to transfer data to a third country, O-BIOTIQUE will take appropriate measures (safeguards), such as ensuring that the transfer takes place in a country that enjoys an adequacy decision or will apply standard contractual clauses, to ensure an adequate level of data protection and the lawfulness of the processing.

  1. Retention period for Personal Data

We will only retain your data for as long as necessary to enable us to use and provide you with our services, comply with applicable laws, resolve disputes with any parties and in any way necessary to enable us to conduct our business, including the detection and prevention of fraud or other unlawful activities.

Registered user's personal data is retained for as long as you maintain your account until you request its deletion or the deletion of your account. Once a year O-BIOTIQUE will ask the registered user to confirm the accuracy of the data it maintains and to update it if there are any changes. The registered user may at any time change or correct his/her data by logging into his/her account on obiotique.com (login) with his/her username and password.

- Especially with regard to data concerning ordinary visitors of our Website, personal data will be kept in the files of O-BIOTIQUE for 60 days from the delivery or completion of the specific order and their processing will be exclusively related to the execution of the distance selling contract.

However, some necessary personal data concerning the realization of the transaction as well as the information on the processing of their data may remain as information for both the visitor and the registered user, in order to enable the Company to comply with tax legislation, to comply with any current or future legal procedures, to document and exercise the Company's legal rights, as well as to ensure the proof of the legality of the processing of their data a

The data and comments collected due to your contact with O-BIOTIQUE either through the contact form on obiotique.com, by email or by telephone, are kept by the Company's Customer Service Department and are anonymized for nine (9) months from the date of contact.

  1. How we protect your data (Technical and Organizational Protection Measures)

OBIOTIQUE, its processors on its behalf and its employees/assistants are contractually committed to implement appropriate technical and organisational measures to protect personal data as far as possible against accidental or unlawful destruction or loss, alteration, unlawful disclosure or access and generally against unlawful processing (including remote access) as well as to ensure the possibility of restoring the availability and access to such data. These measures shall aim to ensure a level of security appropriate to the risk to which the data in question may be exposed, taking into account the nature and sensitivity of the data, the evolution of technology, the cost of implementation and the nature, scope, context and purposes of any specific processing, while implementing procedures for the regular testing, assessment and evaluation of the effectiveness of these technical and organisational measures. In any case, OBIOTIQUE, its processors on its behalf and its contractors/assistants are contractually bound to maintain the confidentiality of personal data and not to disclose or allow access to them to any third party without the prior notification of the data subject, except in the cases expressly provided for by law.

  1. Rights of the data subject

Each visitor or registered user, as a data subject, may at any time exercise his/her rights as provided for in the General Data Protection Regulation 679/2016 EU and in particular Articles 12 to 23 thereof and national legislation. In particular, you have the following data:

- Request access to the personal data concerning you that we hold. You can request a copy of your data and we will provide you with it free of charge. If you request further copies, you may be charged a reasonable fee for administrative costs.

- Request that we correct any inaccurate data relating to you and, taking into account the purposes of the processing, complete any incomplete data relating to you. In any case, please note that when you provide us with your data, you guarantee that it is true and accurate and you undertake to inform us of any change or modification thereof.

- Request that we delete all your data to the extent that they are no longer necessary for the purpose for which they were collected and we process them, as explained above, or when we are no longer legally allowed to process them. Please note that, in this case, we will only retain non-personal data and information for statistical and technical purposes. We will also retain certain payment data, if applicable in your case, for as long as we are required to do so by applicable tax law and/or our contractual obligations to service providers.

- Request that we cease or limit the processing of your data, which implies that in some cases you may ask us to suspend the processing of data for a period of time or to keep it longer than necessary.

- Where the processing of your data is based on our legitimate interest, you will also have the right to object to the processing of your data.

- Request portability of your data. The right only applies to information that you have provided to us yourself, if we process information based on your consent or in contracting conversations and the processing is automated.

- To lodge a complaint with the competent data protection authority, in particular with the Greek Data Protection Authority (Kifissia 1-3, P.K. 115 23, Athens, tel. 210 6475600, on the special form of the Hellenic Data Protection Authority at https://www.dpa.gr/el/syndesi/polites/kataggelia), if you consider that the processing of your data is not lawful.

- To the extent that the legal basis for the processing of your data is consent, you have the right to withdraw this consent at any time. The withdrawal will not affect the lawfulness of the processing prior to the withdrawal.

- You may also request at any time that we do not process your personal data for marketing purposes and that you cease to receive any further communication about submitting an evaluation.

The above rights can be exercised as follows:

For the right of access, partial or total deletion and correction/completion of personal data, O-BIOTIQUE provides the opportunity for registered users of obiotique.com to view, correct/complete their personal data through their personal account on obiotique.com (menu "My Data") or to request access, partial or total deletion and correction of their data by e-mail to info@obiotique.com

Visitors to obiotique.com can exercise the above rights by sending an email to info@obiotique.com

The control of commercial communication by OBIOTIQUE in one or all data and communication channels (email, SMS on mobile phone or Viber on mobile phone) can be managed by visitors/registered users via email at info@obiotique.com

For the right of portability of personal data, OBIOTIQUE provides the possibility (only to registered users of obiotique.com) to receive their personal data and/or to transmit them to another controller in a structured, commonly used and machine-readable format, indicated by the competent supervisory authority, by submitting a request to info@obiotique.com

In the event of the exercise of any of the above-mentioned rights, O-BIOTIQUE will take all possible measures to comply with the request within (1) one month of its submission. In this case, the data subject shall be informed that the minimum necessary of his/her personal data will be kept, in order to safeguard its legitimate interests. It is clarified that in order for the exercise of the above rights to be considered valid, the identification of the requester may be required, in order to ensure that the personal data for which any of the above actions are requested actually belong to the natural person requesting the specific action.

The deletion of a registered user of obiotique.com can be done either through his personal account on obiotique.com (menu "My details" in the field "Account deletion request") or by submitting a request to the e-mail address at info@obiotique.com.

  1. Third party links

The obiotique.com Website may contain links to third party websites and applications. Clicking on these links or activating these links may allow third parties to collect or share data about the user. OBIOTIQUE does not control these third party sites and is not responsible for their privacy statements and the processing of personal data carried out by them. In case the visitor leaves the obiotique.com Website O-BIOTIQUE recommends reading the privacy statement on any website visited. The appearance of such third-party websites and applications on the obiotique.com Website is based on OBIOTIQUE's legitimate interest in seeking to improve its services and to develop its business and the interaction of its Website with relevant online platforms and services.

13.

O-BIOTIQUE has an active presence on social media to better promote the products and services of the Website.

For this purpose, we have:

- an official Facebook page

- Instagram account

- Instagram account on our Facebook page and a LinkedIn account

You can choose to visit them through links present on our Website that lead to the websites of the above social media. Please note that O-BIOTIQUE is not responsible for the collection and processing of personal data carried out by these websites for their own purposes, which is carried out in accordance with the Privacy Policies of each website and we recommend that you read their Policies before browsing them.

Similarly, you may choose to follow the relevant social plugins/buttons displayed on our Website. We use such plugins to make our Website more functional and only for your convenience.

We consider it in our legitimate interest to appear on these social networks and to try to promote our products and services. If you indicate your preference for our page (e.g. you have "liked" our page) or followed us ("follow") on an online social networking service, this means, in accordance with the practices of the respective social networks, that you will see messages, advertisements or material posted by us on our page on the respective social network and that we will be aware of your public profile on the respective service. If you ask a question through the relevant page or make a post, it will be visible to all "friends" and "followers" of our presence on the relevant social network and we may use the features of that network to respond to you. If you send us personal or direct messages (PM or DM) you should be aware that what is contained in them may be read, on a case-by-case basis, by both OBIOTIQUE employees and third parties to whom we have entrusted the management of our presence in electronic social networks. You should not post on our relevant pages or send us messages with offensive or illegal content and you should not share with us personal data of third parties for which you do not have valid consent. You should also not post on our relevant pages or use these means of communication to send us any sensitive (special category) data or data of minors, because we cannot ensure security and restriction of access. Any posting or private message that does not comply with these restrictions will be deleted, and the user's details may be given to the competent authorities if the posting or private message also constitutes a wrongful act.

  1. Minors

We do not address our services to, transact with, or knowingly collect information about Users under the age of 18. If you are under the age of 18, you may not use our Site at any time and in any manner. Since it is not yet technically feasible to effectively verify a User's age at any time, if we become aware that Personal Data has been collected, through the Website, from children under the age of 18 and without verifiable parental consent, we will promptly delete all relevant information. This deletion is without prejudice to the need to respect the data in the event of the establishment, exercise or support of our legal claims, or the provision of consent by a guardian.

  1. Contact us

For any other information regarding this Policy and the way we process your personal data, any data subject may contact the Data Protection Officer of O-BIOTIQUE PRIVATE COMPANY at the e-mail dpo@obiotique.com, and at the telephone line +30 210 619978.

You can also contact us at:

- by mail, at the following address:  3-5 Sorou Str, Maroussi 15125

- at the contact form on our website,

- by email by sending an email to info@obiotique.com

 

 

Date of entry into force: 1/1/2024