top of page

E-SHOP AND WEBSITE PRIVACY POLICY VAT number: 160309780 Email: info.kojewels@gmail.com SECTIONS: I. PRIVACY OF PERSONAL DATA GENERALII.E-SHOPIII.COOKIESIV.TERMINOLOGY PRIVACY OF PERSONAL DATA GENERAL website www.shop kojewels.com corresponding in our online store, is designed to meet the specific needs of each user. In order to provide you with the best possible service, it is important that you understand that you must provide us with certain information related to the processing of your order that is kept by us.The processing of personal data is carried out in accordance with the provisions of the General Regulation on the Protection of Personal Data (GDPR 2016/679), any more specific national and European legislation for certain sectors, the currently applicable Greek legislation for the protection of personal data, as well as for the protection personal data and privacy in the field of electronic communications (Law 3471/2006, as applicable) and the decisions of the Personal Data Protection Authority (PDPA). KO JEWELSconducts its business actions in accordance with privacy principles, applying ethical and responsible practices. Current legislation defines our standards for the management and protection of your Personal Data, so as to provide you with the maximum possible security. These principles, which ensure the protection of your personal information, apply to all our activities involving the collection and processing of information about individuals, including, but not limited to, research,of production, commercial activities, corporate support and data transfers. For example, this Policy applies to:

-Promotional and commercial activities: evaluating purchases regarding our products / advertising, marketing, selling, distribution and delivery of our products / communicating with our customers and other end users of our services / sponsoring and conducting events.

-Corporate support: recruiting, managing and compensating employees / conducting employee performance and talent evaluations / providing training / managing ethics and privacy issues / managing and securing our assets and infrastructure / procuring and paying for products and services / fulfilling our environmental, health and safety commitments / communicating with the media.

-This Policy applies to all natural persons whose data we process including clients, candidates and partners.

-Accordingly, every employee of the Company, and third parties who process data for our company, are responsible for understanding and complying with their obligations towards this Policy and existing laws.

-The privacy principles described below summarize the standards and basic conditions for the collection and processing of individuals' personal data by our company.

-Personal data:

a) are lawfully and legitimately processed in a transparent manner in relation to the data subject ("lawfulness, objectivity and transparency"),

b) are collected for specified, explicit and lawful purposes and are not further processed in a manner incompatible with those purposes ("purpose limitation"),

c) are appropriate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimization"),

d) are accurate and, where necessary, updated("accuracy"),

e) are kept in a form that allows the identification of the data subjects only for the period required for the purposes of the processing of the personal data; ("limitation of the storage period"),

f) are processed in a way that guarantees the appropriate security of personal data, including their protection against unauthorized or illegal processing and accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and confidentiality" ).

-Necessity - data minimization

-Before collecting, using or distributing Personal Data, we determine and record the specific, legitimate business purpose served.

 

-We determine and record the period of time for which the Personal Data is used for the specified business purposes, which is defined on a case-by-case basis depending on the nature and type of activity.

-We do not collect, use or share more Personal Data than is necessary and we do not retain Personal Data in an identifiable form for longer than is necessary for the specified business purposes.

 

-We anonymize data when operational or legal requirements make this necessary and when information about the activity or process is retained for a longer period of time.

 

-We ensure that these necessary requirements are incorporated into any assistive technologies and that third parties supporting the activity or processing are informed.

 

-Legitimacy, Objectivity and Transparency. 

 

-We do not process Personal Data in ways that are unfair to data subjects.

-We determine whether the proposed collection, use or other form of processing of Personal Data poses a risk of actual or unspecified harm to individuals, always aiming to prevent such harm.

 

-If the nature of the data, the types of people, or the activity contains an inherent risk of actual or unspecified harm, we ensure that this risk does not outweigh the corresponding benefits for those individuals.

 

-In cases where it is necessary to process Personal Data of special categories ("sensitive"), this is done only with the express consent of the individuals or as required or expressly permitted by existing laws.

-We document the risk analysis and design any necessary mechanisms to obtain and record evidence of consent to assistive technologies.

 

-We do not process Personal Data in ways or for purposes that are not transparent.

 

-All individuals whose Personal Data is processed in accordance with this Policy shall have the right to a copy of this Policy posted online. The Data Protection Officer will provide digital and/or physical copies of this Policy upon request to the addresses listed below.

-When Personal Data is collected directly from individuals, we inform them through a prominent and easily accessible privacy notice or similar means, providing them with the following information:

- The identity and contact details of the data controller. - The purposes of the processing. 

-If the processing is based on legitimate interests of the controller, what those interests are.

- The recipients of the personal data.

-Any data transfer. 

- the period of time for which The data will be stored. 

-The existence of the right to submit a request to the controller for access and correction or deletion of personal data or restriction of processing. 

-When the processing is based on the consent of the subject, the existence of the right to withdraw his consent at any time, without prejudice to the legality of the processing based on the consent before its withdrawal.

-The right to submit a complaint to the Personal Data Protection Authority.

-The legal nature of the provision.

-The possibility of automated decision-making.

-If new legitimate business purposes are identified for Personal Data already collected, we ensure that either the new business purpose (including a substantially similar purpose) is compatible with the purpose as described in the privacy notice or other transparency mechanism previously provided to the individual; or we obtain the individual's consent to the new use of their Personal Data.

 

-We are responsible for maintaining the security and privacy of Personal Data when it is transferred to or from other organizations.

-We transfer Personal Data or allow them to be processed by third parties only if the following conditions are met, for which we are responsible.

 

-If the role of the third party is to process Personal Data on behalf of or to secure vital interests of the company, before the third party receives the Personal Data, we:

(a) we complete a legal audit to assess the privacy practices and risks associated with these third parties;

(b) we attempt to obtain written contractual guarantees from these third parties that they will process Personal Data in accordance with our company's instructions, and in accordance with this Policy.

(c) We ensure that they notify us promptly of any Security Incident and that they agree to cooperate when deemed necessary.

(d) If the role of the third party is to provide Personal Data to our company, before we obtain the Personal Data from the third party, we ensure that the requirements of Transparency are met for the collection of Personal Data from other sources and not specifically under the supervision of the company us, and we obtain guarantees through an agreement document from the third party that it does not violate any Law or the rights of any third party by providing Personal Data to our company.

(e) If the third party's role is to receive data from our company for processing that is not specifically under our company's supervision, before we deliver the data to the third party, we ensure that the third party will only use the data for the operational purposes defined by the agreement and in accordance with existing legislation.

-Data Quality, Integrity and Confidentiality. 

 

-We keep Personal Data accurate, complete and up-to-date, and consistent with its intended use.

 

-We ensure that periodic data audit mechanisms are built into assistive technologies to validate data accuracy.

 

-We ensure that Sensitive Data is validated as accurate and up-to-date before it is used, evaluated, analyzed, reported or otherwise processed, which carries the risk of injustice to individuals if inaccurate or out-of-date data is used.

-In case of change of personal data, the subject bears the responsibility to inform our company so that the necessary modifications can be made.

 

-We incorporate security safeguards to protect Personal Data and Sensitive Data.

-We have implemented a comprehensive information security program and security controls that are based on the sensitivity of the information and the magnitude of the risk of the activity, using the best practices of modern technology. Policies to protect against loss, misuse, unauthorized access, disclosure or destruction include, but are not limited to, business continuity and disaster recovery standards, identity and access management, information classification, information security incident management, network access control, physical security and risk management.

-Rights of Access, Rectification, Erasure, Portability, Restriction of Processing and Objection to Processing.

 

-You have the right to access your personal data.

-This means that you have the right to be informed by us if we are processing your Data. If we process your Data, you can ask to be informed about the purpose of the processing, the type of your Data we keep, to whom we give it, how long we store it, whether automated decision-making takes place, but also about your other rights, such as correction, deletion of data, restriction of processing and filing a complaint with the Personal Data Protection Authority.

 

-You have the right to correct inaccurate personal data.

-If you find that there is an error in your Data you can submit a request to us to correct it (eg correct a name or update a change of address).

 

-You have a right to erasure/right to be forgotten.

 

-You can ask us to delete your data if it is no longer necessary for the aforementioned processing purposes.

-You have the right to portability of your Data.

 

-You can ask us to receive the Data you have provided in human readable form or ask us to transfer it to another controller.

 

-You have the right to restrict processing.

 

-You can ask us to restrict the processing of your Data pending the consideration of your objections to the processing.

-You have the right to object to the processing of your Data.

 

-You can object to the processing of your Data or withdraw your consent and we will stop processing your Data, unless there are other compelling and legitimate reasons that override your right.

-To exercise your rights you can send us a relevant request, describing the right you wish to exercise either to the postal address of Asklipio 1 Company with the indication "Exercise of the right of access/correction/deletion/restriction/objection", or to the e-mail address info.kojewels@gmail.com entitled "Exercise of right of access/rectification/deletion/restriction/objection", with a description of your request and we will make sure to look into it and reply to you as soon as possible.

-We respond to your requests free of charge without delay, and in any case within (1) one month of receiving your request. However, if your request is complex or there are a large number of your requests, we will inform you within the month if we need to obtain an extension of another (2) two months, within which we will respond to you.

-If your requests are manifestly unfounded or excessive in particular due to their repetitive nature, KO JEWELS may impose a reasonable fee, taking into account the administrative costs of providing the information or carrying out the requested action, or refuse to proceed with the request. You have the right to file a complaint with the Personal Data Protection Authority (Kifisias 1-3 postal address, Athens / www.dpa.gr), if you consider that the processing of your Personal Data violates the applicable national and regulatory legal framework for the protection of personal data.

 

-THE E-SHOP.

-The primary concern of ko jewels is to list the terms that govern the rights and obligations of the ko jewels e-shop, but also to inform you of your own rights and obligations when browsing our online store.

 

-You can browse our online store without providing any personal information. But in order to place an order, we will ask you for your name, the address to which the products sold will be shipped, your phone number and your email.

-In the ko jewels e-shop you have the option to choose whether your purchase will be made with a retail sales receipt or an invoice. An invoice is issued to companies and self-employed professionals as long as they have filled in: Company name, Activity object, VAT number. and D.O.Y.

 

-By registering your e-mail address, you accept that all communications necessary to complete your order will be made to your stated e-mail address. Your details are saved so you don't have to re-enter them the next time you place an order, and you always have access to them when you log in.

-The administrator of the website may process part or all of the information you have entered, in order to improve the services - information provided.

 

-ko jewels employees who have access to your personal data are specific and unauthorized persons are prohibited from accessing it.

-ko jewels and the ko jewels e-shop, strictly following the principles of personal data protection provided for by the relevant laws and international conventions, will not make any unfair use of your data without your prior approval.

 

-ko jewels e-shop in no way discloses, publicizes, sells, exchanges the personal details and information you entrust to us. Exceptionally, your personal information may be made public by the company, always following the procedure prescribed by law when this is imposed by a Public Authority, Court, etc.

-You can modify the personal information you have provided to us at any time.

 

-You retain the right to information or to object to the further processing of your data in accordance with the current legislation on the protection of personal data.

 

-For permanent deletion of your data or for any information or question regarding your personal data protection policy, please contact the relevant department at the email address: info.kojewels@gmail.com

-We recognize the issue of data and transaction security as a matter of major importance and for this reason we take all necessary measures to ensure it.

 

-All information related to your personal information and transactions is secure and confidential.

-ko jewels e-shop protects its members from any interception of information with the SSL-256 bit encryption method and digital certification from Shopify Inc. Encryption applies to all stages and all transaction procedures and sending personal data-elements to and from the ko jewels e-shop. Debit/credit card payments are made on the partner Bank's website, so your card details are entered directly into its secure systems.

COOKIES Like most sites on the internet, ko jewels e-shop uses cookies so that we have access to certain information and offer you functional services every time you browse with a web browser in our online store.Cookies are alphanumeric files (text) that are transferred to the storage space of your navigation device through the internet. They do not damage your devices or the files stored on them and most of them are deleted when you leave our site.There are two types of cookies: session cookies and persistent cookies.Session cookies are deleted once you leave the website. Persistent cookies remain on your computer until they expire or are deleted by you.Session cookies and persistent cookies can be divided into four categories. These cookies do not recognise your individual identity. Without these cookies, we would not be able to offer effective operation of the website.Functionality cookies These cookies allow the website to remember your choices when you log in so that we can provide you with improved and personalised features. The information these cookies collect is anonymous and it is not possible to track your browsing activity on other websites.Performance / Analytics Cookies These cookies collect aggregate and anonymous information about how visitors use our website, for example, which pages they visit most often and whether they receive error messages.They do not identify a visitor and are used solely to improve the performance of our website.Targeting / Advertising Cookies. For more information on how to manage cookies in your browser, please refer to the following links (addresses and content may be subject to change) Firefox | Chrome | Safari | Internet Explorer/ Microsoft Edge. However, before you choose to prevent their installation, you should be aware that cookies are absolutely necessary in order for our website to function properly and seamlessly, to ensure you a top-notch browsing experience.All privacy rules as mentioned above also apply to how cookies work.All privacy rules as mentioned above also apply to how cookies work. TOROLOGYTerms you should be aware of: 

Anonymization. The alteration, severance, elimination or other restriction or transformation of Personal Data so as to make it impossible to use it to identify, locate or contact the individual.  

Legislation. All laws, rules, regulations and advisory opinion orders that have the force of law. 

Personal Data. All data about an identified or unidentified individual, including data that identifies the individual or that could be used to locate, track or communicate with the individual. Personal Data includes equally direct identification information such as name, identification number or job title, and indirect identification information such as date of birth, telephone number and also encoded data.  

Privacy Incident. A violation or breach of this Policy or a privacy or data protection law. The determination of whether a privacy incident has occurred and whether it has physical substance will be made by the Data Protection Officer and the Legal/Compliance Department. 

Processing. The carrying out of any process or series of processes on data about people, with or without automated means, including, but not limited to , the collection, recording, organization, storage, access, adaptation, transformation, retrieval, use, evaluation, analysis, reporting, reporting, distribution, disclosure, transmission, dissemination, disposal, stacking, interception, deletion, or destruction.

Security incident. Access by an unauthorised person to Personal Data or disclosure to an unauthorised person of Personal Data or our reasonable suspicion that this has occurred. Access to Personal Data by or on behalf of our Company without the intent to violate this Policy is not a Security Incident, provided that such Personal Data was then used and disclosed only as permitted by this Policy.  

Sensitive Data. Any type of data about people that contains an inherent risk of potential harm to individuals, including data that is defined by law as sensitive, including, but not limited to, data related to health, heredity, race, national origin, religion, political or philosophical beliefs or convictions, criminal history, precise geographic location information, bank or other financial account numbers, government-issued identification numbers, minors, sexually  

Third Person. Any entity, organization or person that is not owned by our company, or for whom our company has no controlling interest, or who does not work for our company. Except as expressly set out in this Policy, no division of our company is required to meet the requirements of a Third Party under this Policy, as all subsidiaries and divisions are required to process data about people in accordance with this Policy.

 Changes to this Policy This Policy may be revised from time to time in accordance with the requirements of existing legislation. Whenever this Policy is physically changed, a notice will be posted on our website.

 

 

bottom of page