PROTECTION OF PERSONAL DATA

Protection of personal data

In force as of 10/07/2018

 

INTRODUCTION


NEF-NEF (“the company” or “we”) wishes to inform you on the manner in which we collect personal datafrom and in regard to your person through our electronic shop which operates on the site http://hotel.nef-nef.gr, or through our physical stores or otherwise personally as well as through telephone orders or via email (jointly “the services of our company”) and how we use and communicate the above personal data

NEF-NEF provides this present information for the protection of personal data (hereinafter “policy for the protection of personal data“ or “policy“ or “information“) according to the general regulation of the EU 679/2016 for the protection of personal data (the “regulation“) and the applicable national legal framework, and underlining its obligation to protect your personal data.

In this policy for the protection of personal data you will find all relevant information in force, regarding the use by NEF-NEF of personal data of the users and customers, irrespective of the channel or the medium (online or in person), which is used for your transactions with us.

1. WHO IS RESPONSIBLE FOR PROTECTION AND WHOM DOES THIS PRESENT POLICY COVER

 

We are the Societe Anonyme with the registered name NEF-NEF Α.Ε., FOR INDUSTRY AND COMMERCE OF LINEN, with registered office at No 9 Dalias street, 136 77, Acharnai, Attica, with tax registration number (ΑΦΜ 999871900, Δ.Ο.Υ. ΦΑΕΕ of Athens) and we are responsible for the processing of your personal data that we collect through the services of our company in accordance with the general regulation 2016 / 679 and the applicable law.

 

You may communicate with our company at that the electronic mail address [email protected].

 

Our present policy as well as our cookies policy https://nef-nef.gr/cms/en/content/cookies-policy.aspx, is valid for all the users, including those who are using the services of our company without being registered or being members and those who have registered in or are members of a service of our company as, well as those who placed orders by telephone or via email or buy our products through the physical stores of our company or otherwise in person and/or are holders of our bonus card NEF-NEF BONUS CARD.

 

The services of our company are addressed to the general public but not addressed to children; we do not consciously collect personal data of children under the age of 16 years.

 

2. WHAT KIND OF PERSONAL DATA DO WE COLLECT FOR YOUR PERSON

 

The company collects (1) transaction and subscription data during a transaction, during your registration or during the subscription to a service of the company parentheses (2) public data and publications, which you make public through the services of our company, (3) data which you have allowed social networking media to communicate to our company, (4) data of activity when you acquire access and to ans interact with some service of our company. Specifically the company collects the following types of data from and regarding yourself:

1. Transaction and subscription data, i.e. the information you have submitted, in order to execute a transaction with the company and/or to subscribe in a service of our company, for example in order to implement a purchase either online or at a physical store, to create an account, to publish comments, to receive a newsletter and to become holder of the card NEF-NEF BONUS CARD or in order to take part in a competition. Subscription information may include by way of an example, your name, your family name, your email address, your sex, your nationality, your postal code and your date of birth.

2. Public data and publications comprising comments or content which you publish at the services of the company and your personal data which accompany such publications or content, in which may be included your nickname, a user name, comments, “likes“, status, profile information and your photograph. The public information and publications are always public which means that they are accessible to all and may appear as search results in external search engines.

3. Data from social networking media. If you acquire access or are connected with a service of our company through a service of social networking media or if you are connected to a service of our company or if you connect the service of our company to a social networking service, among the data we collect may be included your user name or password which relate to that social networking service, the information or the content which you have allowed a social networking service to communicate to us, as well as the photograph of your profile or your email address or lists of your friends, as well as a personal data you have made public in relation to the specific social networking service. When you acquire access to the services of our company through a social networking service or when you are connecting a service of our company with services through social networking, you authorize our company to collect and store and use the relevant personal data and content according to the present policy.

4. Activity data.When you acquire access and interact with the services of our company, we may collect specific information relating to those visits. For example in order to allow your connection with the services of our company, our servers receive and then record information about your computer, the device and the software of your browser, including probably your IP address, the type of your browser and information to regarding software and hardware. If you acquire access to our services from a mobile or other device, it is probable that we will collect the International Mobile Equipment Identifier (ΙΜΕΙ) of your device, assigned to such specific device, and geographical data or other transaction data for that specific device. We may also collect cookies and other surveillance technologies (such as browser cookies, pixels, beacons and Adobe flash technology, usually called Flash cookies). These technologies may be used for the collection and storage of information regarding the use by yourself of the services of our company, for example the web pages you have visited, the video and that other content you have watched, search querries you have submitted and advertisements you have seen. For more information you may look into our cookies policy https://nef-nef.gr/cms/en/content/cookies-policy.aspx.

5. Information from other sources. We may complement the information we collect with information from other sources, such as publicly available information regarding your activity in the Internet and outside the Internet from social networking services and the commercially available sources.

 

We do not collect:

Financial information from payment services providers. In some cases we may use a payment service which is not connected with our company in order to give you the possibility to acquire a product or to make payments (“payment services“). In the event you wish to acquire a product or make a payment through a payment service, you will be transferred to a web page of the payment service. Any information you may give to the payments service, will be subject to the confidentiality policy of the payment service and not this present policy. We do not have any control and we are not responsible for any use, from the part of the payment service, of information collected through any payment service.

 

Sensitive information: We ask that you do not send us or reveal sensitive personal data (such as Social Security numbers, information regarding your race or nationality or a political views, religion or other beliefs, health, criminal record, participation in in trade unions) through the services of our company or in any other manner.

Connected services

 

Finally the services of our company may be connected with sites including social networking sites, which are managed by noncooperating companies and that may supply advertisements or offer content, functionality, games, information, contests or applications which are developed and are kept by non-connected companies. Our company is not responsible for the confidentiality practices of non-connected companies and as soon as you leave the services of our company or click on an advertisement you must check the applicable policy of this other service.

 

3. HOW WE USE YOUR PERSONAL DATA

 

We use the personal your personal data that we collected from and in relation to your person:

1. In order to provide the services of our company·

2. In order to measure, analyze and improve the services of our company·

3. And in order to improve your experience through the services of our company (through the Internet and outside the Internet) providing content which you may consider relevant and interesting.

4. In order to allow you to comment on the content and participate in web games, contests and then bonus programs.

5. In order to provide customer service and answer your questions·

6. In order to protect the rights of our company and others. For example there may be cases in which our company is using your personal data, including cases where the company bona fide considers that the processing is necessary for (i) the protection, the imposition or the defense of legal rights, the security or the property of the company or the company’s employees, representatives, providers, beneficiaries of rights and suppliers (including the application of agreements and terms of use), (ii) the protection of the security of the confidentiality and the security of the users of our company’s services are oof the general public, (iii) the protection of the company as well as other involved third parties such as suppliers of our company from fraud or for the purpose of risk management.

7. For the purpose of compliance with applicable laws or legal proceedings or/and in order to be able to respond to demands from competent government agencies·

8. For the completion of a corporate transaction such as a proposed or a actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of the whole or part of the activities, assets, or stocks of the company (including any bankruptcy or similar proceeding). For example if the company participates in a merger or transfer of the total or a substantial part of its activity, the company may disclose and transfer your personal data to the party or parties participating in the transaction or part of such transaction.

9. In order to allow the operation of social transactions – if you connect an account of a social networking service with services of our company, we may share the users name, the photograph and your “likes” as well as your activity and comments with the other users of the services of our company and with your friends who relate to the social networking service. We may also share the same personal data with the provider of social networking services·

10. Subject to your prior consent, in order to send you by your email, SMS, telephone, chat and through social networking) offers, promotional activity, advertising material and other commercial announcements regarding the services of our company. The newsletter of our company falls under this category·

11. Subject to your prior consent, in order to analyze behavior, habits, consumer trends and send you commercial announcements which are adapted to your interests and needs through communication services.

 

We may use anonymous data or data which do not identify you personally, not even indirectly (i.e. statistics) for any purpose or communicate those to third parties.

 

4. ON WHICH LEGAL BASIS WE CAN PROCESS YOUR PERSONAL DATA

 

The processing of your personal data for the purposes:

1. Section 3, “a” to “f”) of the present policy is essential for providing the requested services and from that aspect it is obligatory because otherwise we would not be in a position to provide the services

2. Section 3, point Z of this policy, is requested according to applicable laws and as a result it is on obligatory.

3. Section 3. point “h” of this policy is implemented on the grounds of our legal interest and that of our counterpart to pursue such economic activity. This interest is sufficiently balanced with your own interest, given that the processing of data will be done within the absolutely necessary limits for exercising such economic activity. This activity of processing data is not obligatory therefore you may object at any time as described in Section 11 of the present policy.

 

On the contrary the processing of your personal data for the remaining purposes:

- Is at your discretion, but without your consent it is impossible to connect an account of a social networking service with the services of our company, which means that you will have to connect to the services of our company using a different mechanism.

- Section 3 points i and k, are at your discretion, but without your consent it is impossible for our company to provide third parties with general commercial announcements of our company or services, stock products or announcements of such parties based on your interests and needs and to provide you with services under the same tradename.

You may revoke your consent at any time as regards the processing of your personal data for the purposes of Section 3 points * to “k”, by sending a notice to the email address appearing in Section 11 hereunder.

 

5. WHICH ARE THE MEANS FOR PROCESSING YOUR PERSONAL DATA

 

Your personal data may be processed in printed form, by automated or electronic means, as well as by non automated means, including the post or electronic mail, or telephone (i.e. automated telephone calls, SMS, MMS), fax and any other medium (i.e. websites, mobile telephony applications and are protected by suitable security measures, taking into account the latest technology, the implementation cost and the nature, the field, the framework and the scope of processing as well as different probabilities and the seriousness of risk concerning the rights and the freedoms of persons. Specifically the company uses appropriate administrative, technical measures, measures regarding the personnel, physical measures to the end of protecting personal data which are kept by the company from loss, theft, unauthorized use, dissemination or amendment.

 

6. WHO REQUIRES ACCESS TO YOUR PERSONAL DATA

 

The company may communicate your personal data for the purposes of Section 3 above to the following categories of recipients who are within the European Union or outside the European Union, with the limits of the provisions of Section 7 hereunder

 

a. To third party service providers who are charged with the performance of processing activities and whenever it is required by applicable laws, are duly appointed for performing the processing (i.e cloud services providers, service providers who facilitate or support the services of the company, by way of an example without limitation companies that provide technology services IT services suppliers, suppliers of transport and delivery services and customer service, marketing and advertising, experts, advisers, lawyers, companies which resulted from eventual mergers, or splits or other and corporate transformations and

b. Competent authorities for the purpose of compliance with applicable legislation. Persons appointed by the company to perform data processing services, including IT service providers marketing and advertising service providers, i.e. measuring visitor satisfaction and customer satisfaction, statistical analysis, re-targeting, analysis for personalized promotional activity. You can ask the company for a complete listing of those providing data processing services at the address posted in Section 11 of this present policy

 

7. TRANSFER OF YOUR PERSONAL DATA ABROAD

 

Some of the service providers processing the data mentioned in Section 6, are located within the European Economic Area (EEA), in which case your personal data can be transferred to countries within or around outside of the EEA and in particular the United States of America (USA). Some providers the USA are “Privacy Shield Certified”; you can check this certification at the following link

https://www.privacyshield.gov/welcome. The European Commission recognizes that certain countries outside the EEA offer a sufficient data protection level according to EEA standards. The complete list of these countries can be found at the link https://ec.europa.eu/info/law/law-topic/data-protection_en . For transfers from the EEA to countries which are not considered safe by the European Commission, we have set appropriate safeguards, for the protection of your personal data and the transfer your personal data in accordance with the applicable data protection laws, such as standard contractual clauses which have been approved by the European Union according to articles 45 ands 46 of the GDPR, the content you can check at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

 

In any case you have the right to request a copy of the above measures and more information regarding your personal data, by communicating with the company at the address posted in Section 11 of this policy.

 

8. WHICH ARE YOUR RIGHT REGARDING YOUR PERSONAL DATA

 

You may exercise your following rights at any time

 

Under the Data Protection legislation, data subjects have the following rights with regards to their personal information:

- the right to be informed about the collection and the use of their personal data

- the right to access personal data and supplementary information

- the right to have inaccurate personal data rectified, or completed if it is incomplete

- the right to erasure (to be forgotten) in certain circumstances

- the right to restrict processing in certain circumstances

- the right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services

- the right to object to processing in certain circumstances

- rights in relation to automated decision making and profiling

- the right to withdraw consent at any time (where relevant)

- the right to complain to the Personal Data Protection Authority


The right to be informed

You have the right to certain information about the processing activities that affect you. A Privacy Notice or Privacy Statement is made available at the point the data is collected. The Company also publishes its Personal Information Charter on the internet.

 

The right of access

The Company, as the data controller, must provide you with:

- confirmation that your data is being processed

- access to your personal data

- other supplementary information

 

The right to rectification

You can ask the Company to correct any personal information it holds about you to ensure your data is accurate. You may also ask the Company to complete incomplete data held about yourself.

 

The right to erasure/be forgotten

You have the right to (under certain circumstances) ask for your personal data to be erased where:

- your personal data is no longer necessary in relation to the purpose for which it was collected/processed

- you withdraw your consent or object to the processing and there is no overriding legitimate interest to continue processing

- you object to the processing and there are no overriding legitimate grounds for the processing

- you object to the processing and your personal data was processed for direct marketing purposes

- your personal data was unlawfully processed or should be erased to comply with a legal obligation

The Company can refuse to erase your personal data where it is processed:

- to comply with a legal obligation or for the performance of a task of public interest

- for the exercise or defence of legal claims

- for purposes relating to public health, archiving in the public interest, scientific/historic research or statistics

If your data has been disclosed to a third party, the Company will ask them to erase that data, unless this proves impossible or involves disproportionate effort. You may ask who those third parties are and the Company will inform you accordingly.

 

The right to restrict processing

You have the right to restrict the processing of personal data held by the Company where:

- you have contested its accuracy

- you have objected to the processing and the Company is considering whether they have a legitimate ground which overrides this

- processing is unlawful

- the Company no longer needs the data but you require it to establish, exercise or defend a legal claim

The right to data portability

The right to data portability allows individuals to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This enables you to obtain and reuse your personal data across different services.
The right to data portability only applies:

- to personal data that an individual has personally provided to the Company

- where the processing is based on consent or the performance of a contract

- where processing is carried by automated means (i.e. excluding paper files)

The right to object

You have the right to object to processing of your personal data in certain circumstances and have an absolute right to stop your data being used for direct marketing.
You can also object if the processing is for:

- a task carried out in the public interest

- the exercise of official authority vested in the Company

- Company’s legitimate interests (or those of a third party)

However, in these circumstances the right to object is not absolute and you must give specific reasons why you are objecting to the processing of your data.
Please be aware that the Company would be able to continue processing your personal data if:

- we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual

- the processing is for the establishment, exercise or defence of legal claims

 

Rights relating to automated decision making and profiling

Automated decision-making takes place when an electronic system uses personal information to make decisions without human intervention.
The Company could use automated decision-making in the following circumstances:

- where where it is necessary to perform the contract and appropriate measures are in place to safeguard your rights

At present, there are no fully automated decision making or profiling systems in use within Company. This means that this right does not currently apply to any processing activities.

 

We remind you that even after the cancellation of your account or if you ask us to delete your personal data, copies of certain information from your account may remain visible in some cases where, for example, you have communicated information to social networking media, or other services or for example, when the maintenance of such copies is essential for compliance to legal obligations or for purposes of legal defense. Due to the nature of provisional storage technology, your account may not be immediately non-accessible by others. There is also a possibility that we maintain information in backup copies regarding your account in our servers for a certain period of time after the cancellation or your request for deletion, for the purpose of compliance with applicable law

 

We also give you several options regarding the use and revelation of your personal data for marketing purposes. You can revoke your consent in what regards

 

The reception of electronic announcements from us If you do not want to receive email messages from us, relating to marketing you can be exempt from receiving email messages relating to marketing, by following the instructions for canceling your registration to our newsletter or simply by changing your preferences in that profile preferences tools if you have registered or if you are a user. You can also send a request to the address which is posted in Section 11 of this policy. In any case the company may continue to send you administrative announcements regarding the delivery of the company services.

 

The dissemination of your personal data to business associates for their own marketing purposes. If you prefer that we do not communicate your personal data on a continuous basis to business associates for immediate marketing purposes, you may be exempt from such communication either by simply changing your preference in the preference pane of your profile or if you are a registered user through the consent administration tool which is available at that site, if you are not registered or a user, by sending a request at the address posted in section 11 of this policy.

 

In all the above cases, you may communicate with us and we may ask you for more information which is essential for the correct completion of your request.

 

9. FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA

 

We will keep your personal data, only for the period, which is necessary for the implementation of the purposes for which the data has been collected as described in this present policy. In any case the following periods of maintenance will apply, regarding the processing of your personal data for the purposes mentioned below:

- The data collected there for the purposes mentioned in section 3, points (a) to (f) of this present policy, are maintained during the provision of the services of the company, plus the period within which they become statute barred, according to the applicable law after the end of the services of the company. The data which are collected for the purposes of section 3 point (g) of this present policy are kept for the time which is necessary for you to connect to the services of the company through a social network.

- The data collected there for the purposes mentioned in section 3, points (i) to (k) of this present policy for marketing purposes and for compilation of a profile, will be kept by the company from the moment you give your consent until the time you will withdraw your consent. If you withdraw your consent, your personal data will not be used anymore for the above purposes, however they may continue to be kept by the company, specifically as required for the protection of risks of the company which are connected with potential responsibility in regard with the processing, except if further clarifications are provided by the supervising authority.

 

At the end of the maintenance. Your personal data that will be canceled or anonymised or destroyed.

 

10. UPDATES OF THE PRESENT POLICY

 

The company may amend or update the present policy for any reason (including, by way of indication, changes in the applicable law and that the interpretation of decisions, opinions or orders, regarding the applicable law)

 

You may look up the policy applicability date, on the top of the present policy, to find when such policy was latest amended. Any changes of the present policy will be communicated beforehand by publication of the revised policy at the site of the company www.nef-nef.gr

 

11. COMMUNICATE WITH US

 

In the event you have questions regarding the present information, communicate with us at the following email address [email protected]