We treat your personal data with responsibility and we believe that it should be collected and processed only when absolutely necessary. Therefore, the website www.macherie.gr is designed with the appropriate operational and internal systems and complies with the following European data protection legislation: EU General Data Protection Regulation 679/2016 (GDPR).
1. What is considered Personal Data?
Personal Data is any information that relates to you, or it may be attributed to you, in a manner that it can identify you. Such data is, for example, your name, surname, father’s name, address, postal code, city, country, county/region, telephone number, mobile phone number, fax number, as well as your email address, username, password, etc. Additionally, personal data also include some technical data relating to you, such as your IP address.
2. Personal Data collected by MACHERIE and purposes of processing
Like most websites, by browsing at www.macherie.gr, registering yourself as a Member of our Online Store, signing up for the Newsletter Service, submitting a purchase order to our Online Store, our website collects and processes personal data and information about you, either through cookies or directly from you.
The collection and processing of your personal data and information relating to you takes place for purposes directly related to the services you request and we offer you and/or for the purposes for which you have given us your consent and always in accordance with the applicable laws and provisions on the protection of personal data. We preserve your personal data for as long as it is necessary to provide you with our products and services, and we keep some of them after you close your Accounts or de-register from our e-shop in accordance with our legal obligations.
We are also using Google Analytics (GA) to track our users’ activity. We use this data in order to determine the number of people using our website, to obtain a better understanding of the way they come across and use our website and to track their actions in it.
Although GA records data such as your geographic location, your device, your browser and your operating system, none of this information identifies you or makes you personally known to us. GA also records your computer’s IP address, which could be used for your identification, but Google does not provide us with this information. We consider Google a third party recipient, as we are going to explain below.
Particularly, Macherie collects and processes the below personal data and information relating to you:
2.1 Browsing the website – Cookies
In order to browse the website/online store it is not necessary to sign up and consequently to directly provide us with your personal data or other information relating to you. However, while navigating the Macherie website and transacting with us through our services, our Company collects personal information and other information about you through our own (First Party Cookies) or third parties’ with whom we partner Cookies (Third Party Cookies), which data and information is used by our Company for advertising and promotional purposes, statistical purposes, market research purposes, for the purpose of optimizing our products and services, profiling, as well as measuring the effectiveness of the website, improving and upgrading its content, adapting to the demand and needs of users, and to measure the effectiveness of Macherie presentation and promotion in third party websites.
In addition, the data is used by us to log in to your Account, to retrieve the products stored in your cart, to log in to your Account without having to open a new account every time you want to make a purchase at our store, to identify problems on our server, etc.
Cookies are small text files that are installed on your computer or on your device temporarily and are transmitted to our server when you visit the Macheriewebsite through your preferred browser. No Cookie file used on the Website collects any information or obtains knowledge of any document or file from your computer.
The data collected by cookies for the above purposes may include the type of browser you are using, the type of your computer, your operating system, online service providers, the sites you visit, and the links to third party websites which you may follow through our Website, the products and advertisements you see, the IP address of your computer, your User Name, User ID & Password, general demographic information about you, such as gender, age, place of residence and your other shopping habits and online behaviors.
2.2. Member Registration - Opening an Account
During the registration process, Macherie collects the personal data that Users voluntarily provide upon their registration as Members of our Online Store, in order to create an Account. In particular, in this case we collect your email address and password, name, surname, address, postal code, city. Your personal data is used by our Company in order to create an Account, through which you can view your transaction history, while you are simultaneously giving your consent by granting this information to the Company to keep your password, in order to allow your access to your Account each time you sign in with your password.
If you are under 16 years old, you MUST have your parents' consent before signing up to www.macherie.gr.
2.3. Newsletter service subscription
We will not send you any Newsletter for any advertising or product promoting purposes, unless you choose to subscribe to our Newsletter service. If you subscribe to this service, Macherie will collect your email address and send you informational material about the Macherie Online Store products, product offers, gift cards, gift coupons and points, product advertisements, commercial collaborations, other Online Stores of the Company etc.
If you choose to be a member of out email newsletter service, the email address you submit will be forwarded to MailChimp, which provides us with marketing services. We consider MailChimp to be a third party processor, as noted below. The email address you submit will not be stored in the database within our website or on any of our computer systems.
Your email address will remain in the MailChimp database for as long as we continue to use MailChimp's email marketing services or until you explicitly request its removal from the mailing list.
In case you do not wish to receive the Macherie newsletter and promotional material, you may request to be removed from the list of newsletter recipients at any time, either following the “unsubscribe” link in the Newsletter or by sending a request at the address: email@example.com. From the emails sent via the Newsletter service, our Company records the rates of opening the messages you receive from us as well as the number of clicks and the content of the emails through cookies, when you click.
If you are under 16 years old, you MUST have your parents' consent before signing up for our email newsletter service.
2.4. Purchase of Products from the Macherie Online Store
2.5. Payment by credit card
If you choose to use a credit card for the payment of the product(s) you purchase from Macherie, you must for this reason provide us with the card type and card number, expiration date and CCV, by filling all the relevant blanks on the secure order form. We accept credit cards (Visa and Mastercard). Card transactions on our Online Store are protected by the most effective online protection systems (RSA Encryption), which guarantee a safe transaction environment to the majority of the world’s largest businesses. Macherie processes your card details only for completing the transaction, with the payment for the purchase of products from our Online Store. Your card number is not automatically stored; therefore for every purchase on our Online Store that you wish to pay for by credit card, you must re-submit your card details. Your credit card details are being safely processed by the payment service provider at its own responsibility, according to the details below.
2.6. Signing up through Facebook, Instagram
You can sign up to our website or place an order through your Facebook or Instagram account. In this case, Macherie will ask you to grant us an authorization to have access to the information you have provided to Facebook or Instagram and declared you want to be public. By choosing to grant this authorization, you consent to Macherie having access to your Facebook or Instagram Account details, which are public, in order to create a profile for you, for the purposes of targeted product advertisement based on your profile and for statistical purposes.
3. Legal basis for processing your data
As already described, we never process your data, unless the processing is necessary, and based either 1) on the performance of a sales contract between our company and you as a customer, or 2) on our legitimate interests in maintaining our relationship with you as our customers, or 3) on your consent, regarding mainly advertisement purposes about our Company's activity and products
Particularly, our Company will not, under any circumstances, collect more personal information than necessary for the purpose for which it collects it , nor will it disclose your data to any third parties, unless this is absolutely necessary for the fulfillment of a service, the provision of which you have requested and is related to the sale contract between us (e.g. product delivery) or unless the processing by a third party is necessary for the purposes of our legitimate interests (e.g. performing credit control) or if you have previously given your consent, and/or when the law requires it (e.g. for execution of a court decision, public prosecutor’s order, etc.).
Also, our Company does not sell, lease or transfer your personal data to third parties, except when obligated to do so by law, and does not collect or process personal data of underage children, unless it has the express consent of their parents.
4. Retention Period
Your data will be retained in our database only for as long as we have a contractual or legitimate right or it is necessary for us to keep it according to legal and tax provisions. Since we cannot determine this in advance, the retention period may differ from User to User.
Of course, all the data we retain about you will be deleted if you choose to delete your Account from the Macherie website or if you ask us to do so, unless we have to retain all or some of them for a longer period of time (for example, with regard to sales receipts for tax purposes) or to safeguard your vital interests (e.g. health related reasons).
5. Recipients of your data
Macherie may transfer the personal data it collects about you to third parties under the present terms, but always under conditions that fully ensure that your personal data is safely transferred, according to a prior written agreement of Macherie with these recipients. They are always carefully selected by us and should comply with the relevant legislation. In addition, your data may be transferred to countries within the European Economic Area, where all security requirements are met. In case we need to transfer your data outside of the EEA, this will only be done in accordance with international safety requirements and with a view to maximizing your data protection. The records we retain may be communicated to the competent judicial, police and other administrative authorities upon their lawful request and in accordance with applicable laws.
In particular, we may transfer your data mainly at the following cases:
• To Google, as outlined above, especially for the use of the Google Analytics service.
• To Mailchimp, as outlined above, especially for the Newsletter service.
Both of these entities are based in the USA and are in agreement with the transnational agreement known as EU-US Privacy Shield.
• To Advertising companies and advertising services providers in general: Macherie does not disclose personal data without your consent. However, Macherie may share with third-party advertising agencies statistical information with regard to the products purchased, demographic data, data regarding the technical characteristics of the portable devices used to access our Online Store etc., which cannot in any case identify you. .
• To third parties who provide Macherie with Online Store maintenance technical services, such as developers, data analysts, vendors and data security providers, strictly for the purpose of providing their services to us.
• To service providers that host our customers database, perform its technical support and management.
• To data security providers.
• To credit institutions for accessing our platform and completing your order directly from these credit institutions, as we have already described.
• To our company’s successors: If Macherie undergoes a business change such as merger, joint venture, acquisition by another company, or sale of all or part of its assets, it may transfer all user information and data, including personal information, to the successor organization. If significant changes are made to Macherie’s privacy practices as a result of such a business transition, Macherie will inform you before transferring your personal data.
Macherie informs you that the above categories of recipients of your personal data and information are processing the data on our behalf and therefore as such they do not process any data beyond the above transfer purposes and always act in accordance with our explicit instructions.
In any case, Macherie’s employees who have access to your personal data and information are properly trained, while unauthorized access to your data is prohibited.
6. Your rights
We provide you with the ability to exercise all of your informational rights under the GDPR in relation to your personal data that we hold and process, namely, the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing, prevent direct marketing and request transmission of personal data in a common digital format (e.g., pdf) to themselves or another organization. You also have the right to file a complaint to the competent authority.
In any case you wish to exercise any of your rights with regard to any personal data which we retain, you may contact Macherie in writing at the email address firstname.lastname@example.org. You can submit a request to us to obtain free access to your data, however, depending on the volume of data the Macherie retains about you, we may charge you for the cost incurred by our Company to provide information about your data or any other information that we hold about you.
7. Security of your Data
Once Macherie receives your data, the procedures and security measures in place to prevent unauthorized access to them are activated.
General Controls: Controls are implemented on workstations (automatic locking, regular updates, configuration, physical security, etc.) to reduce the possibility to exploit software properties (operating systems, business applications etc.) to adversely affect personal data.
Electronic Data Storage: Some of your personal information will be stored in the database of this website. This data is stored pseudonimized meaning that the data requires additional processing using a separately stored “key” before it can be used to identify a person. Pseudonymization is another requirement of GDPR that we have implemented on this website.
File transfer: All web traffic (file transfer) between this website and your browser is encrypted and transferred via the 128-bit SSL protocol. Encryption is essentially a way of encoding the information until it reaches its intended recipient, who will be able to decode it using the appropriate key.
Card Details: We do not store the details of the cards that you use online. Your card details are not visible to Macherie, because you are automatically transferred to a safe banking environment to complete your order. You should also take all possible steps to prevent third parties from accessing your account, such as not disclosing your password.
We will report any unlawful breach of the database of this website or of our database to all interested parties, as well as the authorities within 72 hours of the violation, according to the provisions of GDPR.
Email: The data sent to us via email is protected through the SMTP (Simple Mail Transfer Protocol). Our SMTP servers are protected by a TLS security protocol (sometimes known as SSL), meaning that email content is encrypted using 256-bit SHA-2 encryption before being sent over the Internet. The content of the email is decrypted by our local computers and devices. Additionally, our e-mail platform is hosted by Microsoft using Office 365, which is fully compatible with GDPR.
9. Contact us
Before you navigate the Website or make any transactions with us, such as subscribing to the Newsletter Service, creating a Member Account or purchasing from our Online Store, we invite you to review this Policy and to make sure that you agree to the terms and conditions under which we collect and process your personal data.
However, if you wish any clarification or information regarding the terms of this Policy, or if you have any complaint or question, you may contact our Company at the telephone number 210 2897400 or send an email at email@example.com.
Request to Submit a Personal Data Report (Article 15 GDPR) | Application for the deletion of Personal Data (Article 17 GDPR)