Valid from 25 of May 2018*
NOTE:This policy is a translation of the Greek policy text on the corresponding page. For any ambibuity or translation error, the Greek version applies as the correct and official text.
- About this Policy
- Collection and Use of Personal Data
- Who has access to the personal data collected?
- Are the data transmitted to non-EU countries (third countries) or to international organizations?
- Third Party Links and Content
- How long will the data be kept?
- Rights and Options of Customers / Users for Personal Data
- Customer / User Obligations
- BestPharmacy.gr Security and Privacy Protection
- Contact Information
About this Policy
This Privacy and Personal Data Protection Policy sets out the basic details relating to the relationship of your personal data with BestPharmacy.gr belonging to the "PHARMACY STAVROTI LIODAKI AND CO." (hereinafter the "Company"). This Policy applies to all services of the Company and BestPharmacy.gr and the terms governing the use of these services are set out on the page Terms and Conditions of Use.
The Company and BestPharmacy.gr are committed to protecting the personal data of visitors, users and customers and comply with the relevant provisions on the protection of personal data (Law 2472/1997 to protect the individual from the processing of personal data), as well as the European Union's General Data Protection Regulation EU 2016/679 (GDPR), as applicable from time to time.
In accordance with the above regulations and legislation, the Company, in its capacity as data controller, informs the natural person who is a visitor, a user and/or a customer (hereinafter, irrespective of gender or status, referred to as 'Customer') that it and/or third parties, for and on its behalf, will process personal data relating to it in the context of a commercial relationship for products or services of BestPharmacy.gr and/or the Company.
The purpose of this Policy is to:
- Ensure that it is understandable which personal data BestPharmacy.gr collects, the reasons why it uses them and who has access to them.
- Explain how the Company uses the personal data provided by its Customers/Visitors of BestPharmacy.gr.
- Explain the rights and choices of visitors/Customers of BestPharmacy.gr in relation to the personal data collected.
- Explain how the privacy and security of visitors/Customers of BestPharmacy.gr is protected.
For further clarifications on the terms used in this Policy or questions about Privacy and Personal Data Protection contact BestPharmacy.gr and the Company, either via email to [email protected] or [email protected], or to the contact details mentioned on the website of BestPharmacy.gr.
Alternatively, if the Customer, User or Visitor does not agree with the content of this Policy, he/she shall not use the services of BestPharmacy.gr and the Company and shall not visit its websites. Acceptance and compliance with the Terms and Conditions of Use is mandatory for the use of any service of the BestPharmacy.gr and the Company.
Collection and Use of Personal Data
In more detail the collection and use of personal data by BestPharmacy.gr is done in the following cases:
1. Personal Account Registration and Customer Identification Data
|What data do we collect?||Account Registration and Customer Identification Data: email address, full name, middle/father's name, gender, title, home/billing addresses and optional date of birth, Tax Registration Number and company details (in the case of corporate invoicing).|
|Where do we collect them from?||Identity data are voluntarily provided by the Customer or a person acting on his behalf, or by payment providers (Banks, PayPal), and/or from publicly accessible sources, including social networks on an internet sites.|
|Why are they collected and how are they used?||The data are collected and used to identify the Customer and communicate with him/her in any case of transactional, pre-contractual or contractual relationship with him (e.g., for the registration of an order or the delivery of products) and/or for the fulfilment of the Company's contractual and/or legal obligations (e.g., issuance of sale invoices/receipts).|
2. Personal contact data
|What data do we collect?||Contact data: postal and e-mail addresses, landline or mobile phones and/or contact details via social networks (e.g., Facebook, Messenger, Viber etc.).|
|Where do we collect them from?||Contact data is voluntarily provided by the Customer or a person acting on his behalf, or by payment providers (Banks, PayPal), or from Shipping Companies (DHL, ELTA Courier, TNT, ACS, etc.), and/or from publicly accessible sources, including social networks on an online websites.|
|Why are they collected and how are they used?||The data is collected and used to communicate with the Customer for the purpose of selling and delivering products of the Company, the provision of advice and purchase proposals and communication with him in any case of a transactional, pre-contractual or contractual relationship with him and/or for the fulfilment of contractual and/or legal obligations of the Company.|
3. Personal data for service agreements, sales contracts and service history
|What data do we collect?||Service contract data, as well as sales and service history data: include identity and communication data (as above), shipping and billing addresses by order, payment methods, date, time and location of order and/or contact, messages and updates to/from the Customer regarding the order or service, description of products or services, quantities, invoicing and changes in each order, and history of previous services/orders.|
|Where do we collect them from?||The data are voluntarily provided by the Customer when posting an order on the BestPharmacy.gr website or by contacting the Customer (telephone, email, message, etc.) with the Company's staff or associates.|
|Why are they collected and how are they used?||The data are collected and used for the provision of services, orders and contracts requested by the Customer, and the support, promotion and pursuance of the trading relationship with him and/or the provision of services to him. Also, these data are necessary for the Company's compliance with the obligations imposed by the applicable legislative and regulatory framework and supervisory requirements, as well as the decisions of authorities or courts. Order history is collected to provide customer with easy reordering of products, as well as to let the Company know if and when differentiated services can be provided to the Customer (e.g., providing a reward to returning Customers (loyalty) or those who purchase specific products that may be on sale, etc.).|
4. Personal data for confirmation and management of payments
|What data do we collect?||Data for payment confirmation and management: include in addition to identity, communication and sales or service contract data (as above) the data provided by the payment provider (e.g., Bank or PayPal) to BestPharmacy.gr, which depend on the payment method chosen. For example, payment by credit card provides a part of the card number (not the entire number), expiration date, email address, date, time, and IP address from which the payment or refund was made. PayPal provides the email of the account that made the payment and the name and address of the account holder. For Cash-on-Delivery (COD) Payments, Customer contact details are provided and if/when the payment was completed.|
|Where do we collect them from?||Payment confirmation and management data are collected and they are provided at the customer's behest by payment service providers such as Banks (e.g., Alpha Bank, Piraeus Bank and National Bank that clear credit/debit cards and certify deposits or remittances to the Company's accounts), but also providers of electronic payment services (e.g., PayPal, Viva Payments) who clear and certify payments to the Company. For payments with COD the data are provided by the responsible Transport Company (e.g., DHL, ELTA Courier, TNT, ACS etc.).|
|Why are they collected and how are they used?||These data are collected for the certification and management of payments as well as for the detection of fraud or other malicious and/or illegal transactions in connection with the Company's transactions (payments, refunds, etc.). Also these data are necessary for the compliance of the Company with the obligations imposed by the applicable legislative and regulatory framework and supervisory requirements, as well as with the decisions of authorities or courts.|
5. Personal data and information about Customer/Visitor interactions with the Company's services or staff
|What data do we collect?||Data and information exchanged during Customer/visitor interactions with the services and/or staff of the BestPharmacy.gr, which may include personal data in their content. The content of any entries, messages or communication, the sources, recipients and the date/time of submission, sent by e-mail, or registered through the Company's websites, may be collected. (e.g., through contact form, comments, gift messages, evaluations, etc.), or made by telephone, or made on third-party websites or applications or services on the internet (e.g., social media) and may relate to:
|Where do we collect them from?||The data are voluntarily provided by the Customer when registering or processing an order on the website of BestPharmacy.gr or through communication of the Customer (telephone, email, message, etc.) with the Company's staff, as well as the associated Shipping Companies (e.g., DHL, ELTA Courier, TNT, ACS) responsible for the delivery of the orders. Also, some data on the products and their use may be collected by the manufacturers of the products. Finally, some data are provided by the Customer through third-party services used to control and/or improve the Company's services (e.g. E-satisfaction, Skroutz ratings, Bestprice.gr, Google Maps-MyBusiness etc.).|
|Why are they collected and how are they used?||These data are collected to process customer's requests, fulfill and improve customer service of BestPharmacy.gr, as well as to confirm the good transactional behavior of the Customer with a view to providing differentiated services to the Customer (e.g., providing a reward). Also, these data are necessary to defend the rights and legal interests of the Company and to protect its personnel and property, such as indicatively, the protection of the Company's safety and security procedures, the prevention of crimes, the detection and the collection of evidence of delinquent behavior (fraud incidents, etc.) or other unlawful or malicious acts relating to the Company.|
6, Personal data relating to the access or use of the websites of BestPharmacy.gr
|What data do we collect?||Data relating to the access or use of BestPharmacy.gr websites and may include for each access or use: the Internet protocol address (IP address), type of network connection (e.g., Wi-Fi, 3G) and service provider or electronic route from the server, information indicated by the browser and user's/visitor's computer (such as unique device identifier, device characteristics, web browser type), device operating system, languages accepted by the browser, or other data provided through the devices used by the Customer as location identification data), as well as internet navigation data (cookies / session ID).
These data are anonymous usage and traffic statistics, but alone or in combination with customer actions and/or unique identifiers, can be used to identify and create Customer profiles.
|Where do we collect them from?||Data relating to access or use of the website of BestPharmacy.gr collected from the Company's servers, or computers used by the staff and partners of BestPharmacy.gr, and/or by devices or applications used by the Visitor / Customer himself, or by Internet service providers (e.g., Google, Cloudflare, Facebook), and/or from publicly accessible sources, including social networks and search engines.|
|Why are they collected and how are they used?||Access and use data are necessary to protect the rights and legal interests of the Company and to protect its personnel and property, such as indicatively, ensuring the Company's security procedures, preventing crimes, detecting and collecting evidence of delinquent behavior (incidents of fraud, data leakage, etc.), or other unlawful or malicious acts relating to the Company. Anonymous usage and traffic statistics can be used to customize and improve its websites and services, dealing with fraud, security or technical problems and possibly for adapting the discount policy, sales processes, advertising messages and/or promotions of BestPharmacy.gr.|
7. Personal data necessary for the delivery or return of products from/to the Customer
|What data do we collect?||Data necessary for the delivery or return of products from/to the Customer by Shipping companies and may include identity data or information or documents from/to Customs or Tax Authorities of Greece or another country.|
|Where do we collect them from?||The data are provided by the Customer during his communication (telephone, emails, messages, etc.) with the company's staff, by Customs or Tax Authorities of Greece or another country, as well as by the cooperating Shipping Companies (e.g., DHL, ELTA Courier, TNT, ACS) that are responsible for the order delivery.|
|Why are they collected and how are they used?||The data are used for the provision of the Services, fulfillment of orders and contracts requested by the Customer, to support, promote and perform the transactional relationship with him and/or to provide Services to him. Also, these data are necessary for the compliance of the Company with the obligations imposed by the applicable legislative and regulatory framework and supervisory requirements, as well as with the decisions of authorities or courts.|
8. Personal data related to promotions for the Customer
|What data do we collect?||Data related to promotions for the Customer: this is contact data (email addresses, telephone numbers and/or postal addresses), which can be combined with existing Customer identification, communication and sales history data.
Visitors / Customers have the option, when registering with the services of BestPharmacy.gr, if they wish, to request to receive newsletters about products and offers of the e-shop.
If the Customer does not give his consent, communication for promotional reasons is not performed or is terminated.
|Where do we collect them from?||These data are provided by the Customer (with his consent) or by social networks that have a marketing profile of the Customer. The Customer's combined identification, communication and sales history data are provided from the sources listed above.|
|Why are they collected and how are they used?||Promotional data are collected with the Customer's consent and is used to: (1)to promote the Company's products and services, and/or its partner companies, through offers, messages and informational actions to the Customer. (2)in conjunction with customer-specific identification, communication and sales history data to create customized Customer-specific offers.
If the Customer does not give or withdraw (at any time) his consent, communication with him for promotional reasons is terminated. This can be done through the relevant links in the informational messages or if he visits the contact form of BestPharmacy.gr, where he can indicate his or her wish.
Who has access to the personal data collected?
- The staff and partners of BestPharmacy.gr have access to all the above data, which they process and use for the purposes mentioned in each data category above. Also, the staff and partners of the company "Stavroti Liodaki - Michail Flouris G.P.", with which the Company has a contract for the provision of e-shop management services, have access to all the above data, bound by a confidentiality agreement with the Company.
- The Company's partners who provide technical support services of hardware and/or software, as well as management services of the online store and websites (indicatively Lavipharm, Existanze, etc.), may have access to a subset of the above data through their access to software and websites, but have committed to the confidentiality of this data to the Company and are allowed to process and use them exclusively for the purposes referred to in each data category above.
- The cooperating Transport Companies (e.g., DHL, ELTA Courier, TNT, ACS) responsible for each delivery of orders, have access to the data (1) of Account Registration and Customer Identification, (3) contract for the provision of services, sales and service history and (7) data necessary for the delivery or return of the products from / to the Customer, for the shipments of orders concerning each one of them, for the purpose of carrying out the transfer and delivery of the order to the Customer. They may also have partial access to data (5) exchanged during Customer/Visitor interactions with the services and/or staff of BestPharmacy.gr, if this is necessary for the delivery of each order they have undertaken.
- The services used to communicate with the Customer (e.g. sending messages, phone calls and SMS), such as indicatively email providers (Google, Sendgrid, Moosend, Mailchimp), SMS providers, telephone providers (Cosmote, Forthnet, Vodafone, Yuboto, Viva) and social media/messaging services (Google, Facebook, Instagram, Twitter, Whatsup, Viber, etc.), through which BestPharmacy.gr interacts with the Customer, may have access to a subset of the above data (1 - 8), provided that the content of the messages to the Customer may contain some of this information. A prerequisite for this is the commitment of communication providers to the confidentiality of messages and communications passing through their network, in accordance with the relevant legislation.
- Payment providers (Banks, PayPal, Viva, etc.) are selected by the Customer for the payment of services to the Company and have access to the data (1) of Account Registration and Customer Identification, (2) communication, (3) service contract, sales and service history, (4) payment certification and control, as well as partial access to certain data (5) exchanged during Customer/Visitor interactions with the services and/or staff of BestPharmacy.gr, if this is necessary for the certification and management of payments, as well as for the detection of fraud or other malicious and/or illegal transactions in connection with the Company's transactions (payments, refunds, etc.).
- The services used to control and/or improve the Company's services (e.g. E-satisfaction, Skroutz, Bestprice.gr, Google Maps, etc.) have access to a subset of communication data (2) and (5) are exchanged during Customer/Visitor interactions with BestPharmacy.gr.
- The staff and partners of BestPharmacy.gr have access to the data (6) of access and use of the server and the websites of BestPharmacy.gr.
Anonymous usage and traffic statistics belong to BestPharmacy.gr and are kept on servers owned by it or possibly third-party partner analytics service providers (Google, Cloudflare, Facebook, Moosend, etc.) who have ensured the confidentiality of such data. BestPharmacy.gr provides information to its suppliers or cooperating persons or companies on the above anonymous statistics as well as on statistical sales statements, but which do not contain personal information that may lead to the identification of individuals.
Are data transmitted to non-EU countries (third countries) or to an international organizations?
The Company may transmit its Customer's personal data to non-EU countries (third countries) in the following cases:
- If the European Commission has adopted an act on the adequate protection of personal data in that country or in that international organization (e.g., Switzerland, USA - Privacy Shield etc.).
- If the Customer has been informed and has given his express consent to the Company and the other conditions of the legislative framework are met.
- If the transfer is necessary for the execution of a contract, such as where the transfer is necessary for the execution of payment orders to a bank account of a third-country credit institution, or in the case of a transfer to execute an order for the preparation of a transaction.
- If the transfer is necessary to establish, exercise or support legal claims or to defend the Rights of the Company.
- If there is an obligation to do so by a provision of law or a transnational or international convention.
Third Party Links and Content
The BestPharmacy.gr may display third-party ads and other content with links to third-party websites. The Company cannot check or control or be held responsible for the privacy practices and content of third parties. If the Customer/User clicks on an ad or link of a third party, he must be aware that he is leaving the BestPharmacy.gr websites and any personal data he provides will not be covered by this Policy. In this case he must read the privacy policies of third parties to learn how they collect and process his personal data.
Retention of data
The personal data of the Customer described above are retained for as long as is necessary for the provision of the Company's services, as well as for legitimate and substantive business purposes, such as maintaining the performance of the BestPharmacy.gr services, making business decisions, protecting the Company's personnel and property, and for the compliance with legal obligations and dispute resolution. This period shall not exceed eight (8) years from the collection of the data, unless the data relate specifically to the following cases:
- Data for Customer Account Registration and Identification, Communication, Service Contract and Service History shall be retained for as long as the Customer maintains an account in the BestPharmacy.gr.
- Data for Customer identification, communication, service contract, service history and payment certification and management are retained for legal, tax, audit and accounting purposes, for the period required by applicable legislation, which is not less than five (5) years from their collection. Where a shorter or longer period of data retention is provided by law or regulation, the above data-time shall be reduced or increased accordingly.
- If there is an unresolved problem with the Customer's account or a pending in the contractual or transactional relationship with the Customer, the Company will retain the necessary personal data until the problem or pending matter is resolved.
- If necessary, for the protection of the Rights and Legal Interests of the Company and the protection of its personnel and property, such as indicatively, the safeguarding of the Company's security procedures, the prevention of crimes, the detection and the possibility of collecting evidence of delinquent behavior (incidents of fraud, etc.) or other illegal or malicious acts concerning the Company, the data may be retained for more than eight (8) years.
- Anonymous usage and traffic statistics that do not contain Customer personal data, may be retained for as long as necessary for legitimate and substantial business purposes of the Company, such as the adaptation and improvement of the websites and services of BestPharmacy.gr.
Customers / Users Rights and Options for Personal Data
The European Union Regulation called the General Data Protection Regulation or GDPR provides citizens certain rights in relation to their personal data. According to the provisions of this law, BestPharmacy.gr allows its Customers/Users to exercise the following rights:
- Right of access - the Customer has the right to know what personal data concerning him/her are kept and processed by the Company as well as their origin.
- Right of correction - the Customer has the right to request the modification or update of his personal data, if they are inaccurate or incomplete.
- Right of restriction - the Customer has the right to request the restriction of the processing of his data.
- Right of erasure - the Customer has the right to request the erasure of his personal data.
- Right to object - Customer has the right to object to the processing of your personal data for the purposes of direct marketing and/or promotion of products or services.
For the exercise of the above rights, the Customer may contact BestPharmacy.gr:
- By e-mail to [email protected] or [email protected]
- By phone using the numbers +30 281 810 8100 or +30 2810 20 10 20.
- In the contact details listed on the website of BestPharmacy.gr, or by completing the contact form of the website.
The Company will make every effort to reply to the Customer within thirty (30) days of the submission of his/her request, which may be extended for an additional sixty (60) days if required at the discretion of the Company, taking into account the complexity of the request and the number of requests. The Company will inform the Customer in any case of an extension of the thirty (30) day period, as well as the reasons for the extension.
If the Company does not act on the Customer's request, it shall inform him without delay and at the latest within thirty (30) days of receipt of the request, of the reasons why it did not act and of the possibility of filing a complaint and filing an appeal before a court.
The above service is provided free of charge. However, in the event that the Customer's requests are manifestly unfounded, excessive or repeated, the Company may either impose a reasonable fee on the Customer by informing him relevantly, or refuse to respond to such requests.
Important points on the exercise of rights:
- The satisfaction of requests for restriction, erasure and objection, if they relate to data necessary for the performance of the services of BestPharmacy.gr or the continuation and operation of the contract with the Company, regardless of whether they were granted by the Customer or acquired from another source, entails the Customer's automatic termination of the relevant contract or contracts, in accordance with their relevant terms or the inability to examine the subject's request.
- The Company has in any case the right to refuse the request to restrict the processing or erasure of the Customer's data if the processing or retention of the data is necessary for the foundation, exercise or support of its legitimate interest, its legal rights or its compliance with its legal obligations, according to what is mentioned above in the replies "Why are they collected and how are they used?".
- The exercise of these rights acts for the future and does not concern data processing that has been already carried out.
- The Customer has the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr), which is the supervisory authority responsible for the protection of the fundamental rights and freedoms of natural persons with regard to the processing concerning them, provided that it considers that its rights are infringed in any way.
Customer / User Obligations
Customers/Users accept and agree that any data submitted to BestPharmacy.gr is complete, correct, true, accurate and valid and that if any changes are made, they are obliged to inform the BestPharmacy.gr so that these data are kept complete, correct, true, accurate and valid.
The Customer/User must take certain personal security measures, such as the password entered by the user when they become a member of BestPharmacy.gr. BestPharmacy.gr recommends that users, for security reasons, change their password regularly, avoid using the same and easily detectable passwords, and do not disclose their password to third parties.
Registered members of BestPharmacy.gr remain solely responsible for all actions carried out under the personal password, username and their account in general, and agree to immediately notify the BestPharmacy.gr for any unauthorized use of their account and any detected and/or suspected security breach. Members are also solely responsible for the careful use of their account and their logout/exit from their account at the end of each session. BestPharmacy.gr is not responsible for any damage resulting from the inability of members to respect and follow this clause. Finally, since non-authorized third parties may be able to read users' messages/emails sent online, users are advised not to send by e-mail or other unsafe means information that they wish to remain confidential.
Cookies are small data files stored on the visitor/user's computer through the Internet in order to offer services such as those mentioned previously. Cookies do not damage users' computers or the files stored on them. In the browser settings the visitor/user can choose to block their browser from accepting new cookies or to be asked each time a new cookie is about to be installed on its hard drive. However, the visitor/user should be aware that if they choose to block cookies from being saved to the hard disk it will not be able to use some services of BestPharmacy.gr.
Security of BestPharmacy.gr and Privacy Protection
BestPharmacy.gr is committed to protecting its users information and makes every reasonable effort to safeguard their personal data using the latest and most advanced technological methods and following strict security measures, which, at the Company's discretion, may be altered or amended. However, users should take into account that no system is ever completely secure, and also that sending confidential information via e-mail or electronic messages is not secure, as it carries risks of third parties or unauthorized persons reading the information.
To ensure the protection of user's personal data, BestPharmacy.gr implements security policies and practices, that include the following:
- Encryption technology for sensitive data transferred over the Internet from servers to the user's computer, as well as digital certificate technology for Internet addresses used by the online Store. These technologies are based on the (Secure Sockets Layer) SSL and TLS (Transport Layer Security) protocols that are designed to provide security when transmitting sensitive data online. These protocols are widely used for secure online purchases and financial transactions over the Internet, as they encrypt data exchanged between two devices, establishing a secure connection between them over the Internet.
- Strong security on the Company's servers, in accordance with best security practices for protection against unauthorized access.
- Save registered Customer passwords in encrypted format.
- Encrypting backups saved on external systems with a strong encryption algorithm and key.
If you have any questions about the terms used in this Policy or about the Privacy and Personal Data Policy please contact BestPharmacy.gr and the Company, either by email to [email protected] or [email protected] or using the contact details mentioned on the website of BestPharmacy.gr.
BestPharmacy.gr reserves the right to modify and/or update its Privacy and Personal Data Policy.
When significant changes are made to this Policy, visible notice will be provided as appropriate, e.g., by overtly sharing within the website or by sending emails before or after changes. Users / Customers should ensure that they are informed by reading the notification.