PERSONAL DATA PROTECTION STATEMENT
Effective Date - Amendments
Version 1.0, Published on 21.10.2020.
This Data Protection Statement describes -among other things- how to use, disclose and protect your personal data, the options you have regarding your personal data, as well as how you can contact us. Where in the present reference is made to the term "the Company", as such will be meant the sole proprietorship of Sofia-Maria Palamidi, with the distinctive title " COOCOOTALES ", with General Commercial Register number (no. G.E.M.I.) 155664801000 and VAT No. 126642118 - Ilioupoli Tax Office, which is based in Helliniko, at 2 Poseidonos Avenue.
The protection of your personal data is important to us. We have recently made a number of changes, which reflect the increased requirements of the EU General Data Protection Regulation (known as the "GDPR"). Our goal is to be as honest and transparent as possible about the personal data that we collect, as well as the way we process them. The company fully shares your concern regarding your personal data.
The Company markets a significant variety of products through the e - shop of www.coocootales.com. In particular, it deals with the sale of children's books, children's clothing and related items. This privacy statement explains the types of personal data processed by the Company, how it processes them and the purposes for which they are processed. In this statement you can also find out the details of the processing of personal data for specific Services that we provide, for which additional relevant information is provided. This statement applies to any of your interactions with the Company.
Personal data we collect
Personal data is data that can be used to identify a natural person.
The Company collects data from you, through its interaction with you. We take care to collect only your absolutely necessary data, which is appropriate and clear for its intended purpose.
The collection and general processing is done for various purposes, which are described below. Among these goals is our efficient operation and to provide the best experience with our products and services. Some of this data is provided directly from you when, for example, you create an account in the Company e-shop , or when you purchase a product or contact us.
We rely on various legal grounds and rights ("legal bases") for the processing of data, such as your consent, our legitimate interests, the need to enter into and execute contracts with you, as well as compliance with our legal duties for various purposes described below.
We may also obtain data from third parties. We protect the data we receive from third parties in accordance with the practices described in this statement, alongside with the possible additional restrictions imposed by the data provider. For example, when you make a purchase of our products through a third party store (e.g. Amazon) , your data may be sent to us.
When you are asked to provide personal information, you may decline. However, some of our services and products require some personal information from you so that we can respond and provide you with the product or service. If you choose not to enter data necessary for the operation and delivery of a product or service to you, you will not be able to use this product or service. Similarly, in cases where we are required by law to collect personal data or for the purpose of concluding or executing a contract with you, and you do not provide your personal data, we will not be able to enter into and execute the contract.
The data we collect may include the following:
Name and contact details. Your first and last name, email address, postal address, phone number and other similar contact information. In case you are interested in working for the Company we may collect information from your CV, such as educational information, such as studies, skills, knowledge of foreign languages, and professional experience.
Credentials. Passwords, password hints, and similar security information used to authenticate and access the account.
Payment data. Payment details, such as your payment instrument number (e.g. credit card number) and security code associated with the payment instrument. In case of cash on delivery, we may disclose to our partners (e.g. courier carriers) your contact details and/or the total amount of the transaction. When you choose to make payments via electronic cards and similar means of payment, we may disclose your details to Financial and Banking Institutions. In case of refunds (e.g. for cancelled orders), especially if the cancelled transaction was made by cash on delivery, you may be required to provide your personal information, such as your account details, to proceed with your refund.
Interactions. Data related to your use of the company’s Services. For instance, we collect notes from our conversations with you, details of any complaints or comments you make, details about purchases you made, products that were added to your cart or removed from the list of products you wish to buy (wish list), coupon redemptions, websites you visit and how and when you contact us. Interests and shopping preferences, which help us to suggest specific products and services that interest you. Traffic information of our website or other websites that you have browsed before us. Information collected by using cookies in your browser. Your social media username, if you interact with us through these channels, to help us respond to your comments, questions, and/or queries.
Videos or recordings. Recording of events and activities in buildings, retail stores and other locations of the company. If you visit a location of the company such as our facilities and / or stores or attend a company event that is being filmed, your image and voice data can be recorded.
Comments and ratings. Information you provide to us and the content of the messages you send to us, such as comments, survey data and reviews you write about a product.
Collection and processing of non-personal information
We also collect data in a format that does not automatically allow direct connection to a specific person. We have the right to collect, use, transfer and disclose non-personal information for any purpose.
How we use personal data
The company uses the data it collects to provide you with its services and products. The company uses your personal data exclusively for the purposes for which it collects it. In some cases, and only if you expressly give us your consent, we use your contact information to send promotional / informational messages. We also use the data to conduct our business activities, which includes analysing our performance, fulfilling our legal obligations, developing our workforce and conducting research. For these purposes, we combine data that we collect from different environments. When we process personal data concerning you, we do so with your consent and/or as required in order to provide you with the products you use, to conduct our business, to fulfil our contractual and legal obligations, to protect the security of the systems and our customers or to serve other legitimate interests of the company, as described in this section.
In particular, we use the data:
- For the supply of our products, which includes updating, securing and troubleshooting. It also includes the notification of data, when it is necessary to provide the service or to execute the requested transactions.
- To improve and develop our products.
- To personalize our products and make recommendations to you.
- For the purpose of advertising and promotion, which includes the sending of promotional material, information material, newsletters and the display of relevant offers.
The following sections describe the data collection practices followed by the company:
Create an Account. Users can create their personal account on our website. Registration requires the completion of a form with personal information, full address, user contact information and a password.
Shopping through the online store (e-shop). The company provides its customers with the opportunity to purchase its products online through the online store. This feature is provided to both registered users and unregistered visitors of our site. To complete an order, the following is required: the login of a registered user, which requires the completion of the e-mail address (email) and a personal password. The connection via Facebook , during which our company receives the information of the public profile and the email address of the user. Filling in a form with invoicing, payment and shipping details. In these cases, the company processes your Data in order to fulfil its contractual relationship, to order products and/or services, to provide customer service, to comply with legal obligations, to dispute, raise or enforce legal requirements. If we do not collect your Data upon completion of the order from our online store, we will not be able to process your order and comply with our legal obligations. Your Data may need to be transferred to third parties for the supply or delivery of the product or service you have ordered. In addition, we may retain your Data for a reasonable period of time in order to meet our contractual obligations, such as product returns, as required by law.
Contact. In cases where the users of our page wish to contact us, they send their message through a form, where they also fill in their name, email and phone number. In these cases, the company uses your Data to respond to requests / inquiries you submit, refund requests and/or complaints. The information you share with us, enables us to manage your requests and respond to you in the best possible way. We may also maintain a record of your inquiries/requests to us in order to better respond to any future communication. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in order to provide you with the best possible service and to be able to improve our services based on your personal experience.
Competitions. Responding to your wishes, the company may organize competitions, either through our website, or through Facebook and e-mail. Respecting your rights, we additionally take care of the conditions to post a statement of protection of personal data collected during each competition.
Newsletters . Users who wish to be informed about the news and offers of the company's goods, can subscribe to our Newsletter by providing us with their e-mail address. In an attempt to personalize the update, users may be asked to select interest categories before completing their registration. With your consent, we will use your personal data, preferences and transaction details to inform you via email , internet, telephone and/or social media about relevant products and services, including personalized offers, discounts etc. Of course, you have the option to revoke this consent at any time.
More information on the processing purposes:
Protection of Rights. Protect your account from fraud and other illegal activities: This includes using your Data to maintain, update and protect your account. We also monitor browsing activity to quickly identify and resolve issues and protect the integrity of our website. All of the above are part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect possible false inputs from unexpected locations.
Processing payments and preventing fraudulent transactions: We do this based on our legitimate business interests. This also helps protect our customers from fraud.
Commercial Transactions. We use data for transaction purposes. For example, we process payment information to provide customers with product subscriptions and use contact information to deliver the products they purchase from our e-shop.
Reports and business activities. We use data to analyse our activities. This allows us to make informed decisions and generate reports on the performance of our business.
Legal compliance. We process data for compliance purposes. For example, we use the age of our clients to ensure that we meet our obligations to protect children's personal data. We also process contact information and credentials to help customers exercise their data protection rights.
Why we share personal data
We share your personal data with your consent or as required, to complete any transaction or to provide any product you have requested or authorized. When providing payment data to make a purchase, we will share the payment data with banks and other entities that process payment transactions or provide other financial services, both to prevent fraud and to reduce credit risk.
Finally, we will guard, access, transmit, disclose, and maintain personal data, including their content, when we believe in good faith that this is necessary to comply with applicable law or to comply with a valid legal procedure, which may also come from the police or other government agencies.
(d) Other third parties when you have provided your consent.
To the above companies, as well as to any other with whom we share your data:
- We provide only the information needed to perform their specific services.
- They may use your Data only for the exact purposes set out in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of the data they hold will be deleted or made anonymous.
Data controllers on our behalf have contractually agreed with the company to:
- Treat your personal Data as strictly confidential,
- not send your Data to third parties without the permission of the company,
- take appropriate safety measures,
- comply with the legal framework for the protection of personal data and in particular Regulation 979/2016/EU (otherwise known as GDPR).
Also, when you use certain social media components on our Websites, you can create a public profile that includes information such as username, profile picture and city. You can also share content with your friends or the general public, including information about how you interact with the company.
Your Rights, Access and Control of your Personal Data __________________________________________
The General Data Protection Regulation provides a number of rights and options that we are committed to satisfy. Based on this, you may ask us to:
- inform you about the data we hold about you and how we process it. If you wish, we will provide you with a copy at your own expense. (Right to access)
- rectify inaccuracies or errors, fill in gaps or update your data. (Right to rectification)
- erase data, if we do not keep them for a specific, legal and declared purpose. (Right to erasure or Right to be forgotten)
- suspend processing a) when questioning the accuracy of the data, b) if you consider the processing illegal (but do not wish to delete it), c) when the data is not necessary for the purpose of processing and d) for as long as it is disputed if the reasons why we are processing your data outweigh the ones you invoke to stop.
- oppose at any time for reasons relating to the processing of personal data which we carry out for the purposes of direct marketing or profiling. The objection may concern your compliance with a decision that we have taken through automated means. In the latter case, you can ask us to allow you to intervene. (Right to objection - Automated individual decision making)
- provide you with your data in a specific format (usually machine-readable) or transfer it directly to another controller at your suggestion, if, of course, this is technically possible. (Right to Data portability).
- not to process your data from now on, giving you the opportunity to freely revoke the consent you have given us.
You can send your requests to firstname.lastname@example.org.
Our company will satisfy all your requests within one (1) month. In extremely rare cases, where the satisfaction of your rights is almost impossible for us, we will inform you immediately explaining the reasons for our relevant inability.
Cookies and similar technologies
Most browsers automatically accept cookies, but provide controls that allow you to block or delete them. Consult your browser's privacy statement or help documentation to find instructions on how to block or delete cookies in other browsers.
Some features of the company's products depend on cookies. If you choose to block cookies, you will not be able to access or use any of these features.
Other important privacy information
Additional information is available below about the protection of personal data, such as how we protect your data, and how long we retain your data.
Security of personal data
The Company is committed to safeguarding your personal data. We use various security technologies and procedures to protect your personal data from unauthorized access, use or disclosure. For example, we store the personal data you provide on computer systems to which access is restricted and located in controlled facilities. We use a number of technical and organizational measures to protect your personal data. Our company complies with the current personal data protection legal framework, including the legislation of data breach notification. Our website uses payment security protocols of financial institutions or/and other similar legal entities (e.g. EveryPay, PayPal) for secure online commercial transactions. This encrypts your credit card information so that it cannot be decrypted or altered when transferred over the Internet. Additionally, for account identification we use two different kinds of data: Username and Password. Each time you enter your details, you are given access to your personal account. This process is achieved safely during their transfer to the Internet and the Company's servers. To the same standards, you are allowed to change your password as often as you wish. After entering the desired password, the new password is coded and stored in the systems of the company and affiliated companies, such as the companies that undertake the maintenance of our systems. For this reason, you are the only one who knows your password and you are solely responsible for maintaining the confidentiality of the password from third parties.
These measures are reviewed and amended as necessary.
Where we store and process personal data
We do not transmit personal data outside the European Union.
Retention of personal data by us
The company retains personal data for as long as is necessary to supply the products and process the transactions you have requested or for other lawful purposes, such as compliance with its legal obligations, dispute resolution and enforcement of its contracts. Because these needs may vary for different types of data, the context of our interaction with you, or your use of our products, actual retention periods may differ significantly.
Some examples of customer data retention periods:
Orders. When you place an order, we will retain the personal information you have given us for at least five years so that we can comply with our legal and contractual obligations.
Guarantees. If your order included a warranty, the relevant personal data will be retained at least until the end of the warranty period.
Newsletters. Your statement of consent for sending a newsletter is kept for as long as a newsletter is sent to you by the company and in any case not more than six months from the cessation of sending it.
Collection of children’s personal data
We comply with the law and do not allow children to register on the Websites when they have not reached the age limit set by the current legislation. We will ask for the consent of the parents of the children who participate in the events of the company. Even with parental consent, we will not knowingly ask children below this age limit to provide more data than necessary to supply the product.
Parents can change or revoke their previous consent options, as well as check, edit or delete the personal data of children for whom they have granted consent or approval.
Changes in the current personal data privacy statement
We update this privacy statement when necessary to ensure greater transparency or responsiveness to:
- Comments from customers, regulatory authorities, industry representatives or other stakeholders.
- Changes in our products.
- Changes to our data processing operations or policies.
When we publish changes to this statement, we will modify the "last updated" date at the beginning of the privacy statement. If there are substantial changes to the statement, such as a change in the purpose of the processing of personal data other than for the purpose for which it was originally collected, we will notify you either by posting a notice in a visible place before the changes are made or by sending you directly this notification. We encourage you to read this statement at regular intervals to find out how the company protects your information.
Way of communication
If you have any concerns, complaints or questions about privacy that you would like to address to the Data Protection Officer of the company, please contact us by sending your message to email@example.com. We will answer questions or concerns within 30 days. You may also report a consideration or submit a complaint to a data protection authority or other official and competent regulatory authorities.