This website nvios.gr (henceforth Site) recognizes and respects the right to personal data  protection for internet users, in accordance with European Regulation 2016/679 (GDPR) and Law  4624/2019. This policy document outlines the collection and processing of user data during visits  to or use of the services provided by our website. Visitors to our website and/or users of our  services (henceforth Site) are required to carefully review the terms and conditions regarding the  protection of their personal information as outlined herein. 

  1. Who will use personal data 

Our Site collects and uses the User’s personal information in its capacity as the Data Controller. 

  1. What constitutes personal data 

Personal data includes, but is not limited to, any and all information concerning an identified or  identifiable natural person (the data subject), such as name and surname, email, tax identification  number, etc. An identifiable natural person can be identified directly or indirectly, particularly by  reference to an identifier, such as name, an identification number, location data, online identifiers  (i.e. IP address, email, etc.), or one or more factors specific to their physical, physiological, mental,  economic, cultural or social identity. 

  1. What is personal data processing 

Processing refers to any operation or series of operations performed on personal data by manual or  automated means, such as collecting, recording, organizing, structuring, storing, adapting or  altering, retrieving, using, transmitting to third parties, disclosing, aligning, combining, restricting,  erasing, and destroying data.  

  1. Personal data we collect 

Our Site collects and retains personal data that the User voluntarily provides by entering personal  information in required fields and/or through responses in specific activities conducted, in which  the User may choose to participate. This data constitutes the required minimum for the proper  functioning of the Site and the services it provides. 

In compliance to the legal obligation to safeguard and protect the personal information of our  Users and partners, the Site is committed to appropriately utilizing personal data collected online  via this Site or through communication/collaboration with any third party. 

The Site collects only the personal data provided voluntarily by our online Users. Collection  purpose may include, but is not limited to, fulfilling specific requests set by Users, keeping Users  informed about our products and services by distributing informational material (i.e. mail,  newsletters, etc.), and ensuring optimal service. If and where any additional, optional information  is necessary, Users will be informed accordingly at the time of its collection. 

The aforementioned personal data belongs to the following categories: 

  • Identification information, which includes name, surname, title, etc. If the User contacts  us via social media, this may include username.  
  • Contact information, including shipping address, delivery address, email, and telephone  number(s). 
  • Payment data, which may include information about a User’s payments and the products  they purchased from us. 
  • Online data, which may constitute IP address, browser, location, operating system, and  any additional information concerning the device used to visit our Site. 
  • Tracking data that is collected via the use of cookies and other tracking technologies such  as beacons, pixels and mobile identifiers. 

What Are Cookies? 

Cookies are small text files of information stored on the User’s browser (Chrome, Mozilla Firefox,  etc.) in any device they use (i.e. laptop, smartphone or tablet). They assist the effective function of  our Site. Cookies do not under any circumstance cause damage to Users’ computers or the files  stored on them. The information stored in cookies is used for User identification and optimization. 

Categories: 

  • Essential cookies. Necessary for the proper function of our Site, and may include adding  items to a User’s cart, and storing items in a wishlist. Without these strictly necessary  cookies, the basic operation of the Site’s e-shop is directly affected, and the User’s  personal browsing experience is diminished due to suboptimal e-commerce function.  
  • Performance cookies. Track the User’s browsing of our Site, allowing us to observe which  pages are visited more frequently, and whether they encounter any issues while  navigating. These cookies do not collect the User’s identifying information. All collected  data is aggregated, and utilized for the sole purpose of improving our Site’s functionality. 
  • Functionality cookies. Retain the User’s preferences during their visit, giving us the  opportunity to recommend suitable products and create a personalized experience, which  including seamless searching.  
  • Marketing cookies. Used to customize advertisements to each User and their specific  interests. They are also employed to send targeted ads or offers, to reduce mass,  unwanted, and irrelevant advertising messages. Additionally, they assist in measuring  the effectiveness of marketing campaigns.  
  • Analytics cookies. This subcategory of performance cookies helps us evaluate our Site’s  functionalities, in order to continuously optimize our visitor experience. More  specifically, third party vendors, including Google, may display NVIOS advertisements  on websites across the internet, and may use cookies to inform, optimize and serve ads  based on the User’s previous visit(s) to our Site. Our Site may also make use of such  cookies for remarketing purposes. In your browser settings, opt in to be notified before  each cookie download to choose whether to accept or reject it; please note that this may  limit your access to certain website features. Our Site may use Google Analytics for  display ads (e.g. remarketing, Google Display Network impression reporting,  DoubleClick Campaign Manager integration, and demographic and interest reporting).  Using the Ads Settings, visitors may opt out of Google Analytics for display advertising,  and may also customize Google Display Network ads. Here Users will find the available  opt-out options for Google Analytics. Our Site is fully compliant with the Google  AdWords Interest-based Advertizing Policy and the restrictions for sensitive categories,  and additionally utilizes Google Analytics remarketing for online advertizing. The Site  and third party vendors, including Google, use both first-party cookies (like the Google  Analytics cookie) and third-party cookies (such as DoubleClick cookie), for informing,  optimizing and serving advertisements based on Users’ previous visits to the Site, and for  generating reports on how nvios.gr ad impressions, other uses of advertizing services,  and interactions with these ad impressions and advertizing services relate to visits to the  Site. Our Site may utilize data from Google’s interest-based ads or third-party audience  data (such as age, gender, and interests) with Google Analytics. Our Site does not collect  special category data (which includes race or ethnic origin, religion or belief, sex life,  sexual orientation, political opinions, trade union membership, data concerning health,  biometric data, as well as criminal record information).
  1. Personal data collection and processing purpose 

Personal data is collected solely when provided voluntarily by the User, for example, in person or  via email communication, by signing up as a customer of the Company’s products or services, or by  participating in various activities/contests on social media and/or as a User of this Site.  The use of products and services provided by our Site, including online ordering of our products  and services, necessitates opening a line of communication with the User. Therefore, it is necessary  that, upon registering on our Site, Users provide accurate personal data as requested. By  registering for the services provided by our Site, Users also consent to the storage and use of their  personal data in accordance with this Statement. The purpose of collecting, using and processing  the User’s personal data is the following: 

  • Providing services and products requested through the Site, for which the use and/or  processing of a User’s personal data is required, e.g. online orders, and the subsequent  fulfillment of contractual obligations, including executing, delivering, and invoicing  orders under optimal conditions and in the most efficient manner. 
  • Providing personalized services and facilitating the ordering process, for User  convenience and/or for ensuring that our Site’s content is presented in the most effective  manner to the User and their device. The User’s consent constitutes the legal basis for  personal data processing for the aforementioned purpose (Article 6(1) GDPR and Article  9(2) GDPR).  
  • Additionally, but solely with the User’s optional consent that serves as legal basis for data  processing under Article 6(1)(a) of the GDPR: the promotion of products and services  offered by the Company, via the Site in particular, and the collection of informational  marketing material (direct marketing) by the Company. 
  • Users’ data may, in any case, be subject to processing, even without their consent, for the  purposes of compliance with laws, regulations, and EU legislation (Article 6(1)(c) of the  GDPR), for collecting statistical data regarding the Site’s use and its proper function  (Article 6(1)(f) of the GDPR), and for establishing or defending legal claims in the  interest of the Company. Personal data is inserted in the Company’s information system,  in full compliance with data protection legislation including security and confidentiality  protocols. The processing of such data adheres to principles of good practice, legality,  and transparency. Data is stored for as long as is strictly necessary to achieve the  purposes for which it was collected. In any case, the criterion used to determine this  period is based on compliance with legal timeframes and the principles of data  minimization, storage limitation, and proper record management. All data from Users  shall be processed either by manual or automated means to ensure, in all cases, an  appropriate level of security and confidentiality. Personal data shall not be utilized for  other purposes other than those outlined in this Statement, unless the Site obtains the  User’s prior consent or unless required or permitted by law. The Company collects  sensitive personal data only when Users voluntarily offer such information, or when the  collection of such information is required or permitted by law. We advise Users to refrain  from providing sensitive data unless it is necessary for the purpose of providing personal  data or unless you expressly consent to the use of such data through this Statement. The  Company may request Users to provide certain personal data for sending informational  messages about its products and services and/or related offers and announcements. We  may also seek User permission for specific uses of personal data, which Users may  consent to or reject. If Users wish to receive specific services or communications, such as  an electronic newsletter, they have the ability to unsubscribe from relevant recipient lists  at any time by following the instructions included in each communication. If a User  decides to unsubscribe from a specific service or communication, the Site will remove  their data as soon as possible, although some time and/or additional information may be  required to process your request. 
  1. Individuals with access to personal data and transfer of personal data

Personal data is processed through manual and electronic means in accordance with procedures  and practices related to the aforementioned purposes. Access to such date is granted to the  personnel of the Data Controller authorized to process personal data and their supervisors.  Specifically, this includes employees of the following categories: technical staff, IT staff,  administrative personnel, product managers, as well as other personnel required to process  personal data as part of their duties.  

The Company does not transfer personal data to third parties. In certain cases, the Company may  share personal data with various companies or service providers that it is in collaboration with, in  order to fulfill your requests, or with natural or legal persons tasked with data processing, provided  that the User is informed in advance and your prior consent is obtained. The persons with access to  such data are obligated to maintain its confidentiality.  

Personal data may also be disclosed in non-EU countries (henceforth third countries) to:  a) institutions, authorities, and public bodies for institutional purposes,  

  1. b) to professionals, independent consultants (operating individually or collectively) and other  third parties or providers that offer the Data Controller commercial, professional or  technical services necessary for the Site’s operation (e.g. IT services and cloud computing)  for the aforementioned purposed, and to assist the Company in providing requested  services, and  
  2. c) to third parties in the event of mergers, acquisitions, business or branch transfers, audits or  other exceptional transactions.  

The aforementioned recipients are provided only with the necessary data for their respective duties  and are duly obligated to process it solely for the purposes outlined above and in compliance with  data protection laws. Personal data may also be disclosed to other lawful recipients identified from  time to time by applicable laws.  

Except as outlined above, personal data shall not be disclosed to third parties, whether natural or  legal persons, that are not appointed to perform commercial, professional or technical duties by the  Data Controller, nor shall it be disseminated. Recipients of such data shall process it, as applicable,  either as Data Controllers, as Data Processors, or as persons authorized to process personal data  solely for the aforementioned purposes and in compliance with applicable data protection laws.  Regarding personal data transfer outside the European Union, as well as to countries whose laws  do not guarantee the same level of data protection as provided by EU legislation, the Data  Controller informs that such transfers shall be conducted in accordance with methods permitted by  the GDPR. These methods may include, for example, the User’s prior consent, the use of standard  contractual clauses approved by the European Commission, selecting parties participating in  international programs for the free flow of data, or transferring data to countries deemed secure by  the European Commission. 

  1. User rights regarding personal data 

If Users wish, they may request at any time to be further informed about the collection, retention,  recipients, and the purpose of retention and processing of personal data by the Company, as well as  to request its modification, correction or deletion. Such requests can be submitted by sending an  email to info@nvios.gr from the contact email address they have provided. Additionally, Users also  have the right to review which information the Company retains, and, in general to exercise any  right stipulated in data protection legislation.  

The personal data that a User provides to us via our Site, either during registration or at a later  stage, is collected, used and processed in accordance with applicable provisions on the data  protection laws, specifically the provisions of Law 2472/1997 and Law 3471/2006, as in force, as  well as the new European General Data Protection Regulation (EU) 2016/679 and Directive 95/46/ EC on the protection of personal data.

In accordance with the provisions of Articles 15 to 22 of the GDPR, Users reserve the follows rights  upon request: 

  • Right to access: To be informed about the personal data we retain. 
  • Right to rectification: To request the correction of their personal data. 
  • Right to completion: To request the supplementation of their personal data, provided  that such data is necessary for the purposes of data processing. 
  • Right to erasure: To request the deletion of personal data. Certain data will only be  deleted after a defined retention period, for example, because we are legally obligated to  retain such data in some cases or because the data is required to fulfill our contractual  obligations to our Users. 
  • Right to restriction of personal data: In certain cases provided by law, we may restrict  data processing upon User request. Further processing of restricted data occurs only to a  very limited extent. 
  • Right to withdraw consent: For Users to withdraw consent at any time. 
  • Right to object: To object to the future processing of User data at any time, if such  processing is based on one of the legal justifications outlined in Article 6 1(e) and 1(f) of  Regulation (EU) 2016/679. Should a User object, we will cease data processing unless  there are compelling legitimate grounds for further processing. The processing of your  data for advertising purposes does not constitute a legitimate ground. 
  1. Data protection 

The Company implements specific technical and organizational security procedures to protect  personal data and information from loss, misuse, alteration or destruction. Our partners that  support the Site’s operation and digital infrastructure, also comply with these provisions. The  Company ensures that the collaborating entities adhere to the GDPR policy but assumes no liability  for any unauthorized actions they may take regarding personal data. 

  1. Links to other websites 

The present Privacy Policy applies only to the Site specified above (i.e. www.nvios.gr). While our  Site may contain links to third party websites, the Company neither accesses nor uses tracking  systems such as cookies, web beacons, or other user tracking technologies that may be active in  such third party websites. Additionally, the Company does not control the content and material  they publish, or their methods of personal data processing. For this reason, the Company expressly  disclaims any liability for such matters. Users must review the privacy policy of such third party  websites and gather information concerning terms and conditions and the procedures used in data  processing. 

  1. How data is stored and for how long 

In accordance with Article 5(1)(c) of the GDPR, the computers and software used by the Company  are designed to minimize the use of personal and identifying information. Such data is processed  only to the extent necessary for fulfilling the contractual obligations to our Users outlined in the  present Policy, and shall only be stored for as long as is deemed strictly necessary to accomplish  these objectives. In any case, the determining criteria for this storage period are based on  compliance with the timeframes permitted by law and the principles of data minimization, storage  limitation, and rational record management.

  1. Resolution of complaints and grievances 

In accordance with the General Data Protection Regulation (GDPR), the Company is committed to  resolving complaints or grievances concerning the collection or use of personal data. If a User  believes that their rights of data protection are being infringed in any way, they may file a  complaint with the Hellenic Data Protection Authority (Kifisias Avenue 1-3, 11523 Athens Greece,  www.dpa.gr).  

  1. Revisions to the statement 

The Company reserves the right to periodically modify or revise the present Statement at its sole  discretion. In the event of modifications, the Company shall record the date of alteration or  revision within this Statement, and the updated Statement shall apply from that date onward. We  encourage Users to regularly review this Statement to observe for any changes in how their  personal data is handled. 

  1. Lingering Doubts 

We sincerely hope that this Privacy Policy has provided our Users with a comprehensive and clear  outline of how we process their personal data. However, if they still have any concerns or  additional questions they would like to address to us, we would be delighted to assist.