PERSONAL DATA PROTECTION POLICY

chalosgems.com informs you that, for the best and most complete service to you through the services we offer you in our online store, it processes your personal data, in accordance with the provisions of the GDPR Regulation (GDPR 679/2016) and the applicable Greek legislation, under the following guidelines:
You only provide us with your standard data, which concerns the smooth completion of the purchase and delivery of your order and to personalize and improve your service.
To ensure the confidentiality of data transfer, we use the SSL encryption protocol (Key Length = 2048). The system has been certified by the company Let’s Encrypt Oak 2023, which specializes in transaction security issues.

1. THE INFORMATION WE REQUEST FROM YOU

a. Personal data
Each visitor can browse the online store chalosgems.com without providing any personal information.

We will need personal data (name, address, telephone number, your e-mail and a password) only when you order products.

b. Document data
In the event that you wish to receive a purchase invoice, please contact us at [email protected] and provide us with the company name, VAT number, Tax ID and address of its headquarters.

In summary, we only ask for as much information as we need so that you can enjoy a unique shopping experience: consistent delivery of the products you ordered, secure payment of your order and personalized service based on your needs and preferences.

c. Cookie policy
In order to offer personalized service, most large companies use alphanumeric identification files, so-called cookies. Cookies are divided into permanent and session:
Permanent cookies remain on your hard drive after you have finished your visit, remembering a wide range of data that is used for the next visit.
Session cookies are used only to recognize that you are entering the site, so that you do not have to be asked for a password on all pages that include transaction data. These are deleted immediately after you leave the site. chalosgems.com uses session cookies: so that we do not constantly ask you for a password when you visit our various pages, we need to recognize you when you enter our online store.
In addition, during each visit to our website, data such as the browser used, the visitor’s IP address or information about the products viewed are automatically collected for reasons of better service, statistical or technical reasons.

2. PURPOSE OF MANAGING AND PROCESSING THE DATA AND INFORMATION THAT YOU HAVE ENCOURAGED US.

We use the data you have entrusted to us to offer you a unique shopping experience, in the following ways:

• To become a member of chalosgems.com (As a member you have access to your past and current orders). Also to receive updates in categories of your interest.
• To deliver orders that you have purchased online to your location.
• To enable you to confirm your orders.
• To be able to answer possible questions and inquiries in the customer service department.
• To send you special offers and updates on new products.

Under no circumstances do we share your personal information with third parties, without falling within the requirements of the law, as described in detail below. Under no circumstances do we sell or rent your personal data to third parties. This information is used exclusively by chalosgems.com to continuously improve your service. If in the future we see that sharing some of your information with a third party can significantly benefit your purchases, it will only be done after your approval.

3. YOUR RIGHTS AND PREFERENCES:

GIVING YOU CHOICE AND CONTROL
As you may know, the new General Data Protection Regulation, or GDPR, gives individuals certain rights in relation to their personal data. To comply with the provisions of this law, we have implemented additional transparency features to help users exercise these rights. Subject to availability and limitations under applicable law, the rights granted to citizens are as follows:
• Right of access – you have the right to be informed and request access to your personal data that we process
• Right of rectification – you have the right to request that we modify or update your personal data if it is inaccurate or incomplete
• Right to erasure – you have the right to request that we delete your personal data
• Right to restriction – you have the right to request that we temporarily or permanently stop processing all or some of your personal data
• Right to object – you have the right to object at any time to our processing of your personal data, based on reasons relating to your personal situation
• Right to data portability – you have the right to request a copy of your personal data in electronic format and to transmit these personal data to a third party service and
• Right not to be subject to automated decision-making – you have the right not to be subject to a decision based solely on automated decision-making, such as profiling, where the decision produces legal effects concerning you or has other significant effects on you.
If you have any questions about your privacy, your rights or how you can exercise them, please contact the Data Controller at the contact details provided on our website. We will respond to your request within a reasonable time, and in any case within one (1) month, after verifying your identity. If you are dissatisfied with the way we use your personal data, you can also contact and file a complaint with the Personal Data Protection Authority.
You also have the ability through our website to control the use of your personal data, in the following way:
By going to “My account” and then to “Personal member information” you can access any information you have entrusted to us (right of access), you can make changes to your information or even request its deletion and generally raise any objections to the processing of data concerning you.
An automated copy of the user’s Personal Data held by the “COMPANY” can be obtained from here. Data that must be stored due to legal, institutional or contractual obligations to maintain commercial documents will remain in a secure environment for the entire period required by law.
Finally, personal security is the password you provide when you become a member of chalosgems.com. In order to present any of your personal information, the user’s email and password must first be provided. For this reason, these data must be carefully guarded to prevent them from falling into the hands of third parties.

4. LEGAL BASIS FOR PROCESSING.
To process your personal data, we rely on certain legal bases, for example when you access our Website, we need your personal data to perform the contract between us (contact details). We also rely on other legal bases, such as our reasonable rights as a business, compliance with a legal obligation or the protection of our vital interests.

5. DATA RETENTION AND DELETION.
We retain your personal data only for as long as is necessary to provide you with our services, as well as for legal, tax and essential business purposes, such as to maintain the performance of our service, make data-driven business decisions about new features, comply with our legal obligations and resolve disputes.
If you request it, we will delete your personal data so that it is no longer possible to identify you, unless the law allows us to do otherwise or requires us to retain certain personal data, including in cases such as the following:
• If there is an unresolved issue regarding your account, a claim or dispute that has not been resolved, we will retain the necessary personal data until the issue is resolved
• If we are required to retain your personal data for legal, tax, audit and accounting purposes, we will retain the necessary personal data for the period required by applicable law, and/or

• Where necessary for our legitimate business interests, such as preventing fraud or maintaining the security of our users.

6. SENDING NEWSLETTERS.
The “COMPANY” collects and processes e-mail addresses that users voluntarily provide after having previously accepted the Terms of Use of the website.
To send newsletters, we only use the information you have provided to us, namely your email and name, if you have registered it. We also retain your IP address. All procedures are in accordance with the GDPR and your files are protected in accordance with the Personal Data Protection Policy that we apply.
The purpose of the processing is, exclusively, to send users newsletters, offers, etc. of the “COMPANY”. The “COMPANY” processes this data until the user declares that he no longer wishes to receive newsletters and requests his deletion from the (NEWSLETTER).