1. General
This Privacy Policy applies to the online store of the Company with legal representative Charikleia Roumpaki, with registered office at 128 Ethnikis Antistasis Street, Heraklion Crete 71500, tel. 2810 881387, and email address info@eneleo.com
The Company manages the online store/website (hereinafter referred to as “website”, or “eshop”) www.eneleo.com and processes your personal data, in accordance with Regulation (EU) 2016/679 (General) Data Protection Regulation and Greek law 4624/2019.
If you completed the “Declaration of consent to consent to personal data processing ” we store the information you provide in the sales contract as well as information related to the use of our services, (categories of services, frequency of service use) so that we can be informed about your experience as our customer and to provide you with personalized services and advertising communications that match your needs and preferences.
If you complete the “Withdraw consent to consent to personal data processing” we do not store or process your personal data in any way. In the case of consent, your personal data refers to any information that allows, either alone or in combination with others, your unique identification, according to the provisions of the Regulation, the applicable Greek legislation and the decisions of the Greek Personal Data Protection Authority, as well as the directives and decisions of the relevant European regulatory bodies.
For example, we collect the following categories of Personal Data
- Registration on the Company’s website, Contact and identity data (name, email) account login details (credentials)
- Order submission, Identity data (name and surname), account login data (credentials), transaction/purchase data, (billing address, place of delivery, value and time of purchases, card type, payment method), contact data (phone number, email ), other financial and tax data (payment method, card type, transaction value, credit, refunds, receipt details)
- Participation in an online survey/competition, on a case-by-case basis according to the terms of each survey/competition
- Communication with the Company, Information or comments that you communicate to us electronically or by telephone, e.g. for the products you use
- Subscription to the Company’s newsletter, Contact data (e-mail), mobile phone number
- Navigation on the Company’s website, Technical Data (Internet Protocol (IP) address, operating system), Analytics Data (statistical/pseudonymous data collected through cookies, see Cookies Policy
During the payment process, we do not collect, process, record or store payment information during this transaction, eg credit card numbers, etc. This information is provided directly and exclusively to the respective electronic payment service provider.
The Company’s online store is not designed for children and we do not knowingly collect personal information of children/minors under the age of 18. If you are under the age of 18, please do not use our website and do not provide any information to us (ie: do not create an account in our online store, do not provide your e-mail to subscribe to our newsletter, do not make any purchases and do not give any personal information to us, including your name, address, or contact details etc).
2. Collection and processing of personal data
The various types of personal data processing are listed below. The processing of data by the Company may or may not be by automated means. We process your personal data for
2a. Execution of the contract
- to check your application and conclude the relevant contract
- for issuing and sending proof of service, purchase and sale documents
- for the provision of products and services in accordance with the terms of the contract between us
- for any communication required in the context of the execution of the contract between us
2b. Execution of order
When submitting your order, communication about your order, and we process them for the purpose of sending and delivering products, processing, managing and monitoring your order and providing updates on its progress as well as for the management and processing of your payments, and the security of our financial transaction.
(Identity data (name), Account login data (credentials), Transaction/purchase data (billing address, delivery location, value, purchase time, card type, payment method), Contact data (phone number, e-mail), Finance data (payment method, card type, transaction value, credit, refunds), Tax data (receipt data))
2c. Account Creation and Management
Create and maintain an account in our e-shop.
(Identity data (first name, last name), Contact data (e-mail and/or mobile phone), Account login data (credentials), Favorite product data, Order history data, Comments)
2d. Promotion/Advertising
- promotion of products and services
- participation in various promotional actions of the Company.
2e. Legal Obligations – Claims
- defending our legal rights before judicial or other Authorities
- fulfillment of our compliance obligations to domestic and foreign supervisory authorities, such as e.g. to the Personal Data Protection Authority
- processing issues that will arise during our cooperation with the National Medicines Organizations or other supervisory Organizations of the health service providers
2f. Where the legal basis for processing your data is our company’s legitimate interest, you can object to the processing by contacting the Company at info@eneleo.com
2g. Where consent is required for commercial communication (e.g. for sending the Company’s Newsletter), you can choose to receive this communication at the e-mail address you provide us. In the event that you give us consent to be contacted without specifying an e-mail (e.g. at the stage of creating an account), we will use the contact e-mail you gave us during registration.
2h. In any case where you withdraw your consent, the withdrawal is valid for the future.
2i. Some of your personal data may be processed on the basis of our legitimate interest and our Company’s compliance with its legal obligation for other purposes, such as when we receive documents, requests, orders, writs, warrants, etc. from third-party legal authorities or bodies, such as supervisory, prosecutorial, judicial, tax authorities, for the investigation of crimes and your protection against fraud or fighting any form of crime and infringement of legal goods.
2j. During the quality control of our products when you submit your comments no profiling is done but this data is collected and used separately for communication per case of your contact method with us.
2k. We will keep your personal data for as long as you maintain your relationship with the Company and/or for as long as it is necessary to fulfill the processing purposes described above. Your personal data are deleted immediately after the purposes for which they are kept have been fulfilled (e.g. if you maintain an Account, if you purchase a product from our store, if you participate in competitions that we organize, for tax purposes, etc.), while some data (eg order data) may be kept anonymous or pseudonymised for statistical analysis purposes. As long as their purpose has not been fulfilled, the data remains in the e-shop base until you request its deletion (e.g. in the case of a request to delete your account), unless their retention is imposed based on a legal obligation (e.g. tax purposes) or to support a legal right of our Company.
3. Your rights
At any time you have the right to
3.1 Request access to your personal data and in particular, you can receive information regarding which data we process, the purposes for which we process it, the categories of recipients to whom it is sent, the planned storage period, its origin, if not we have collected from you, as well as receive information about the existence of any automated decision-making process, including profile analysis.
3.2 Request correction of your personal data if it is inaccurate or incomplete.
3.3 Request the deletion of your personal data, unless the processing of such data is necessary for the fulfillment of a legal obligation, for reasons of public interest including any kind of our obligations to the supervisory authorities of health service providers or for our exercise or defense against legal claims.
3.4 Request restriction of the processing of your personal data only for specific purposes.
3.5 Portability of your data. That is, to receive your personal data that you have provided in a structured, commonly used format, or to request that it be transferred to another person.
3.6 To revoke at any time your consent to the processing of your personal data in writing either by registered letter that you will send to the company’s headquarters or by a statement that you will send to the company’s e-mail info@eneleo.com. In this case, their processing by us will be stopped, without this affecting the legality of any processing until the withdrawal of your consent.
4. Recipients of your data
4a. In the context of the proper operation of the e-shop and for the fulfillment of its contractual obligations, our Company cooperates with third-party companies/authorities who gain access only to the data that is absolutely necessary for them. The transmission of your personal data is carried out with the highest possible level of security. In the case of third-party companies, they are bound by a contract for the security of your personal data, and specifically for the confidentiality of your data and the non-use of it beyond the purposes of the specific contract concerning the Company’s activity. Indicatively, we mention as third companies or authorities that may gain access to your personal data:
- Service providers (hosting of our databases, creation and technical support of the Website, transport and delivery of products, payments and refunds, provision of accounting and legal services, implementation of marketing and communication actions, optimization of our products and services, operational and computerized organization of website, customer service from a partner company within the EU)
- Public, police, administrative or judicial authorities (When this is required by law or by a decision of a competent court or Authority or by another competent body/organization (e.g. in the case of a legal order, official order or official preliminary examination)
4b. The Company generally maintains your personal data on servers located within the European Economic Area (EEA). The Company may sell or buy stores, subsidiaries or business units as part of its development. In these transactions, information about visitors to the Website remains subject to the commitments made under this Policy. After any sale or transfer, you will be able to contact the entity to which your personal data will be transferred with any questions regarding its processing.
5. Data security
5a. The Company takes all the necessary technical and organizational security measures to protect and ensure the privacy of your personal data (such as SSL, Web Application Firewall (WAF), Security Operation Center (SOC) for WAF monitoring, Origin Lock on IP of WAF, Updated Magento and other industry standards for the online and offline security of your personal data). If you have any questions about the security of your data, you can send us an email at info@eneleo.com
5b. To carry out the processing, the Company selects persons with corresponding professional qualifications who provide sufficient guarantees in terms of technical knowledge and personal integrity for the observance of confidentiality. The Company, through the corresponding contractual commitments and its partners, takes all the necessary security measures to protect and ensure the privacy, confidentiality and integrity of personal data. In any case, the security of those in the platform environment is subject to events that escape its sphere of influence, as well as errors due to technical or other weakness of the network that is not controlled by the Company or reasons of force majeure or unforeseen events.
5c. In order to assist you in the above, you must not disclose your Account information to third parties.
6. Security of Transactions
All payments made using a card are processed through the “Nexi e-Commerce” electronic payment platform of Nexi Payments Greece S.A. and uses TLS 1.2 encryption with 128-bit encryption protocol (Secure Sockets Layer – SSL). Encryption is a way of encoding information until it reaches its intended recipient, who will be able to decode it using the appropriate key.
7. Changes to this Policy
Given that the needs of e-shop visitors and our Company evolve, we reserve the right to modify this Policy at our discretion. Amendments to this Policy become effective from the date they are posted on this Website. We therefore recommend that you visit this section of the Website frequently in order to be constantly informed of any changes. Our right to process your personal data is reflected in the Personal Data Protection Policy that applies from time to time.
In case, however, you want any clarification or information regarding the changes or you have any disagreement, reservation or question related to them (changes), you can contact us. We note that any information/clarification provided to you in accordance with the above regarding possible changes to this Policy, does not constitute a replacement, substitution or any modification of this Policy.
Contact details: For any issue related to this Policy and the processing of your personal data, you can contact the Company
- By e-mail to the e-mail address info@eneleo.com
- With telephone service at tel. 2810 881387, Monday to Friday 9.00-17.00
- By mail to Charikleia Roumpaki, ENELEO CRETE, 128 Ethnikis Antistanis, Heraklion Crete 71500
Finally, if you believe that your rights have been violated, you have the right to appeal to the Personal Data Protection Authority.