Personal Data Processing
For the purpose of this Document, the following clarifications are made:
The Company mentioned herein under the name “NATURAL DOCTOR NUTRITIONAL SUPPLEMENTS COMMERCIAL COMPANY S.A.” and distinctive title “NATURAL DOCTOR S.A.” being the proprietor and administrator of this Website https://naturaldoctor.gr is appointed as the “Data Processing Manager” and therefore, among others, collects, stores, uses, processes and transmits the personal data received within the scope of information and command execution when the subject of the personal data visits, logs-in and uses in whatever way the websites of this Company.
As the Personal Data Protection is significantly important for this website and its proprietor, this statement specifies the obligations, the manner of use, disclosure and protection of the data we gather and also the ways of solving any kind of issue arising by communicating directly with you.
1. Defined Terms
1.1. Personal Data Protection Legislation means any law concerning personal data processing, in private life and security, including, without any limitations, the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), the Directive 2002/58/EC of the European Parliament concerning “the processing of personal data and the protection of privacy in the electronic communications sector” as incorporated into national law, applied and are now in force in Greece and as amended each time or other applicable laws or international or national laws replacing the above, or regulations concerning the protection of personal data, and also relevant regulations, directives or guidelines issued by the competent administrative authorities such as the Hellenic Authority for the Protection of Personal Data.
1.2. “Data Processing Officer”, “Data Processing Operator”, “Data Subject”, “Personal Data” and “Processing” will have the meaning as described in the applicable legislation concerning Data Protection.
1.3. “Personal Data” means the whole of the personal data relating to an individual, as set forth in the applicable legislation concerning Data Protection, that are provided or are likely to be provided to the Data Operator or to become available to him for the purpose and within the framework of communication on each occasion, and/or are collected, saved or in any other way processed by the Data Processing Operator (and/or his subcontractor) on behalf of the Website, in the capacity of the processing operator within the framework of the appropriate communication and cooperation.
1.4. Services or Products: Those mentioned in the official website and are available for use or sale.
1.5. Website: It refers to “https://naturaldoctor.gr” that is the official website for the electronic purchase of food supplements.
1.6. Personal Data Processing is any and every act/operation or series of acts/operations that is performed with or without the use of automated means on personal data or on a whole of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
2. Scope of Data Processing and Data Retention (Storage Period of Personal Data)
2.1. The Processing Officer, before handing over the data to the Process Operator within the scope of the applicable laws concerning the Personal Data Protection, and for which the Processing Officer is mainly responsible and/or accountable according to the provisions of the relevant law in force concerning the Personal Data Protection (the “Processing Officer’s Personal Data”) by virtue of or in relation to the Terms and Conditions of this present document or any other Agreement, is required to have previously obtained the consent needed for the transmission of the data. The same applies in the case where the Processing Operator collects and processes in general personal data that he has directly received from the Data Subject within the scope of authorized data processing.
2.2. The website processes the Personal Data for the purpose of offering the aforementioned services. Then, the website uses these Personal Data only in cases that it is a requirement for fulfilling its obligations, pursuant to the terms and provisions prescribed by the Law.
2.3. The acts of data processing will last for such a period that is necessary to complete the Services.
2.4. The Personal Data will always be protected as Protected Confidential Information.
3. Obligation to Provide Data
The Compulsory or Optional Nature of the Data Provided by the User is marked with an Asterisk (*) next to the box/field relating to the Personal Data.
If you refuse to provide the data that are marked as compulsory (“required”) on the Website, then it will not be possible to accomplish the main purpose for collecting the required data and/or to provide the any of the other available services offered on the Website.
Providing additional data further to the ones marked as Compulsory is optional and does not result in any consequences with regard to the primary purposes of data collecting as these data are provided only for the purpose of the optimization of the quality of the services rendered by us.
4. Data Collection
We make sure to collect only the necessary Personal Data that are appropriate and specific for the intended use. These data consist of the following:
a) Data that you provide to us when you sign up and create your account on our Website and particularly data concerning your email address and login password (required data), and name, surname, mailing address, telephone number and invoicing information (such as Taxpayer’s Personal Identification Number, etc.).
b) Data concerning the payment method with regard to the transactions conducted with us.
c) Data that you provide to us when you subscribe to our newsletter or any other information material.
d) Data concerning your browsing habits so we can effectively improve your experience and transactions with us. Of course, you always have the option to choose not to share these data with us.
e) Website analytics and statistics.
g) In order to offer the best possible website experience, we collect technical information concerning your internet connection and your web-browser, and also the country code and telephone code where your computer is located, the webpages that appear while visiting our website, the advertisements you click-on and the web-searches you make.
h) The username of your social networking, if you interact with us through the social media, so to help us respond to your comments or your questions.
5. Use of Personal Data
Where applicable, we use your Data for the following purposes:
• To fulfill our contractual relationship of sale and supply of goods. Furthermore, we may maintain your data for a reasonable period of time to fulfill our contractual relationship with regard to returns of goods etc., as prescribed by the relevant legislation.
• To Create a User Account: The website processes your Data to offer you the account functions and facilitate your buying process.
• To Communicate: The Website uses your Data to respond to your claims and/or questions, claims to return goods and/or any complaints you may have. The information you share with us enable us to process your claims and respond accordingly at the best possible manner. We may also maintain a file with your questions and claims addressed to us in order to respond effectively to any future communication. This is done on the basis of our contractual obligations towards you, our legal obligations and also our legitimate interests in order to achieve the best possible standards of offered services and to be able to improve our services according to your own preferences.
• To send advertising and informative materials (newsletter) concerning offers. With your consent, we will use your Personal Data, your preferences and your transaction data to keep you informed through email, internet, telephone and/or social media for relevant products and services including customized and personalized offers, etc. Of course, you have the right to withdraw and revoke the said consent whenever you wish.
• For the development and improvement of our products and services offered to you. This is done on the basis of our legitimate business interests.
• For the protection of your account from frauds and other illegal activities. This includes the use of your Data for the maintenance, update and protection of your account. We also monitor your browsing habits when you visit our website in order to identify and swiftly resolve any problems and secure and protect the integrity of our website. All the above are part of our legitimate interests.
• For the processing of payments and the prevention of fraudulent transactions. This is done on the basis of our legitimate business interests. This is also to our customers benefit protecting them of frauds.
• To comply with our contractual obligations towards you or with the provisions of the law or with court orders and decisions.
• To communicate with you for matters prescribed by the law or are required for your information on changes of the offered services. For example, information concerning privacy notifications, notifications for recall of products and other required legal information concerning your orders. These notifications concerning services will not include advertising material and no prior consent is required when communicated through email or text message (SMS). If we do not use your personal data for the above purposes, then we will not be able to conform with our legal obligations.
• Finally, you are notified that the processing of your Personal Data is carried out by either authorized personnel of the Website or by information systems and electronic devices of the Website, and in special cases by third parties, that have been contractually bound that they are responsible for keeping such information confidential and protected (Confidentiality Clause), who carry out works that are necessary for the achievement of the purposes strictly concerning the use of our Websites, the services offered, and the sale of products and/or services through our Websites.
6. Lawful Grounds of Processing
The lawful grounds of processing your personal data are:
• The legislation for the protection of personal data that defines the various reasons for a Website to collect and process your personal data in which the terms and conditions of our contractual relationship are included.
• Your consent when and where required, for example, when you choose to subscribe to our newsletter. During the process of collection of your personal data, you will be always notified which data are required for a specific service.
• The obligations of the website as prescribed by the law in force (e.g., fiscal and taxation legislation, legislation concerning electronic commerce, et.al.).
• The legitimate interest of our Website. In certain cases, we collect your personal data in such a righteous manner that is anticipated as part of the operation of our company and does not substantially affect your rights, your liberties or your interests.
7. Data Recipients
Only the required authorized website personnel or the website administrator have access to your Personal Data and who are bound by confidentiality clause.
8. Data Disclosure
Data Disclosure by the Website:
The Website may share your personal data with:
• Third-party providers who process personal data for and on behalf of the website, for example (indicatively mentioned) for credit card and payment data processing, storage, management and maintenance of our data, email distribution list, research and analysis, management of promotional activities, and also for the management of specific services and data. When we use third-party providers, we bind them with agreements that obligate them to apply the appropriate technical and organizational measures for the protection of your personal data.
• Other third-party bodies and agencies, to the extent required for the following purposes: (I) compliance with court decision or provisions of the law in force upon relevant request of an official authority of the Greek State, (II) prevention of illegal uses of the website or breach of the Terms and Conditions of Use and our policies, (III) our protection from third-party claims, and (IV) fraud prevention and criminal actions investigation (e.g., counterfeiting).
• Other third parties that you yourselves have given your consent to.
Data Disclosure by you:
• When you use specific social media features on the website, you can create a public profile that may contain various information such as your username, your avatar or your profile picture and your address. You may also make shared use of content with your friends or a broader public, including information concerning your interaction with the Website. You are encouraged to use the tools offered for the management of shared information in the website’s social media so to control the information that is available using the social media features.
9. Third Party Policy for Data Processing
• We provide only the information that is required for the execution of their specific services.
• They can use your personal data only for the precise purposes set forth in the contract that we have signed with them.
• We have a close cooperation with them to ensure that your privacy is respected and protected at any given moment.
• If we cease to use their services, any and all data in their possession will be deleted or anonymized.
Aiming to improve your experience as a Website user, the following companies appear on our website and can process your personal data as part of their contractual obligations with us:
● Facebook ● Google ● LinkedIn ● Instagram
10. Data Assurance
The Operators who process data for and on our behalf have agreed upon and are bound for the following:
• To conform with the confidentiality clause,
• To not send any data to third parties without the permission of the Website,
• To take all the necessary safety measures,
• To conform with the legal framework concerning the protection of personal data and particularly the Regulation 979/2016/EU (aka GDPR).
11. Data Transfer
We take measures to comply with the current legal requirements for the transfer of personal data to recipients outside the European Economic Area or Switzerland and who cannot guarantee an efficient protection level. We use various measures to make sure that your personal data that are transferred to these countries are effectively protected in accordance with the data protection regulations and directives. These measures consist of signing Contractual Clauses, certification that the recipient has adopted the European Binding Corporate Rules or abides by the Privacy Shield frameworks between EU – USA and Switzerland – USA.
12. Data Retention Period
At the end of the said retention period your data will be fully deleted or anonymized, i.e., a data processing technique will be used that removes or modifies personally identifiable information and this results in anonymized data that cannot be associated with any one individual for statistical analysis and operational planning purposes.
13. Data Safety
We are committed to safeguard your personal data.
Understanding the importance of your personal data safety, we employ all necessary procedures and technical measures so that data is protected from any random and unauthorized processes such as unauthorized access, alteration, destruction, or revelation. We use the most modern up-to-date and advanced methods and techniques to ensure the best possible protection and safety.
Our website uses the most modern and secure protocols so to keep the online business transactions safe. This means that all the data you provide us are encrypted including your name and address and so the said data cannot be decrypted or altered when transmitted via the internet.
Furthermore, the identification data used when entering our website are two: the Username and the Password. Each time you enter your identification details you are granted access to your personal account. This particular procedure is carried out in a safe manner using encryption during transmission via the internet and transfer to the servers. In the same way, you are given the option to change your password whenever and as frequent as you want. Upon registering the desired password, this password is encrypted and stored in the website systems. For this reason, you are the one and only person that knows your password and you are exclusively responsible for maintaining the password’s secrecy from disclosure to any other third party.
The said measures are reviewed and modified accordingly when needed.
14. Your Rights
You have the right to access your personal data.
This means that you have the right to get information from us if we process your data. If we process your data, you can ask us to provide you information for the purpose of processing, the data categories we store, the individuals or entities we send the data, the length of period your data are stored, the use or not of automated decision making, and also you can exercise your rights with regard to the correction of your data, the erasure of your data, the restrictions in data processing, and the filing of a complaint with the Data Protection Authority.
You have the right to correct inaccurate data.
If you notice that there is a mistake in your data you can file an application for data correction (e.g., correction of name or change of address).
You have the right to oblivion – erasure – forgetting.
You can ask us to erase your data if they are no more needed for the intended purposes mentioned above or you may wish to revoke your consent if this is the only legitimate way.
You have the right to data portability.
You can ask us and receive from us in a readable format the data you have provided us or ask us to forward them to another Data Processing Officer or Data Controller.
You have the right to data processing termination.
You can ask us to limit your personal data processing for such a period that the examination of your objections regarding data processing is pending.
You have the right to object and revoke or withdraw consent in reference to data processing.
You can oppose to the processing of your data, and we will terminate your personal data processing if there are no other imperative and legitimate reasons that prevail against your right. If you have given your consent for the collection, processing and use of your personal data, you may revoke your consent any time in the future.
15. Exercising Your Rights
You can exercise the aforementioned rights by submitting your request to the email address firstname.lastname@example.org with subject title “Exercising My Rights” and we will consider it and respond as soon as possible.
In the case you want to have the data in your user account corrected, you can sign-in and perform any correction or alteration with no prior submission of request.
16. Responding to Requests
We are obliged to answer your requests without delay and in any case within one month of receipt. In cases where a request is too complex or too many requests are made, you will be informed within the month whether this deadline needs to be extended by two months.
17. Applicable Law
The applicable law is the Greek Law as set forth in the General Data Protection Regulation 979/2016/EU (aka GDPR) and generally in the current National/Domestic and European Legislation and Regulation Framework for the protection of personal data.
Any dispute arising from or with regard to the protection of your personal data is subject to resolution by referring it to mediation and arbitration as prescribed by the European Mediation & Arbitration Organization. In the case that the said dispute or part of the said dispute is not resolved through mediation and arbitration, then the unresolved dispute or the part of it is exclusively, finally and irrevocably resolved by the Court of Arbitration that has the subject-matter jurisdiction to hear the case and conduct the arbitration pursuant to the Arbitration Regulations of the European Mediation & Arbitration Organization.
In the event of questioning the above, the Courts of the City of Athens having jurisdiction over the matter are the only competent courts to adjudicate the case.
18. Legal Measures in case of Violation of Rights by the Website
You have the right to file a complaint with the Data Protection Authority (mailing address: 1-3 Kifisias Ave., Athens GR-11523, Tel. No.: 210-6475600, web: www.dpa.gr, email: email@example.com) if you think that the processing of your personal data violates the national laws and regulations concerning the personal data protection.