Personal Data Protection and Privacy Policy
The company under the name "COSMOS SPORT COMMERCIAL HOTEL AND TOURIST COMPANY SA", trading as "COSMOS SPORT SA", GCR No. 077109427000, based in Heraklion, tel. 2811 808808, hereinafter referred to as the "Company" as Controller attaches great importance to the lawful processing, security and protection of personal data, in any capacity whereby you contact or cooperate with us, including but not limited to, prospective or active customers, consumers, website visitors, etc.
Please read these personal data protection terms carefully (the "Policy"). By using our websites and signing the relevant consent form, you unconditionally accept the practices described herein, the terms of which hereinafter govern our contractual relationship and are incorporated into the terms of use of each of our services.
1. What are your personal data and what personal data do we collect?
Your personal data includes any information on paper or electronic media, which can lead, either directly or in combination with others, to your unique identification or identification as a natural person. This category includes data collected by our Company such as your name, TIN, physical and electronic addresses, your landline and mobile phone numbers, your purchase history, personal preferences, callers and telephone numbers called, recipients, SMS / MMS recipients, your bank / debit / prepaid cards, e-mail addresses, login and account details, including username, password, and unique user ID, identifiers of your equipment or terminals, computer, smart phone, tablet, web search history (log files, cookies, etc.).
We process in accordance with the law and protect your personal data when you contact us and / or you buy directly and / or online our products or services, when you call our numbers or short codes to provide you with information, services of added value to end user (B2C) or to receive other services, information, entertainment and information or services relating to any other activity of the company.
2. Lawful Processing - Purposes
The Company will use your information for the following lawful processing purposes (pursuant to Article 6 of the GDPR), where applicable, with your express consent that you can freely withdraw at any time, or for the performance of a contract or pre-contractual relationship with you, or for the service of our legitimate interest or for the defense of your vital interest, namely:
• To manage your calls to search for information with a view to completing your requests, purchases and orders, and to complete and execute your order.
• To respond to your requests and inquiries about our products / services as well as information and reply to your suggestions and comments on the improvement of our products and services, and to send you information about our services.
• To let you know the results of the surveys, draws and contests in which you may have participated.
• To analyse our website traffic, provide information about our websites and the services you wish us to provide and to improve your experience and provide you with information about products, services, special offers and promotions.
• To operate, improve and maintain our business, products and services.
• To help you identify technical and service problems.
• To protect the rights, assets or security of our or third parties.
• To better understand consumer behaviour and preferences. For example, we can use information on how the search and find products is used by the users of our Company’s websites, in order to better understand the best ways to organise and present product offers in the displays of our online stores
• For our internal operations and analysis such as internal management, fraud prevention, use by management, invoicing, accounting, charging and control information systems.
3. What are the principles of collection and processing and what are your rights?
This Policy aims to inform you about the terms of collection, processing and transmission of your personal data we may collect as Controllers or Processors. The Company and its trained personnel strictly apply the processing principles of the GDPR 2016/679 (lawfulness, objectivity, transparency, limitation of purpose, data minimisation, accuracy, time limitation of storage, integrity, confidentiality and accountability).
As provided by the Greek and Union legislation on the protection of personal data, you have the following rights:
• To request access to personal data, as well as for the purposes of their processing and to receive copies thereof;
• To request the correction of any inaccuracies and completion of any incomplete personal data;
• To request the erasure of personal data;
• To request the restriction of processing of personal data in cases expressly defined by law;
• To request the portability of personal data to another employer with a structured, commonly used and machine-readable format;
• To object to the processing of personal data in cases explicitly defined by law;
• Not to be subject to a decision made solely on the basis of automated processing, including profiling, which produces legal effects that affect you or significantly affect you in a similar way;
• To withdraw your consent at any time.
We invite you to exercise these rights by contacting the Data Protection Officer at: [email protected]
Finally, you have the right to lodge a complaint with the Personal Data Protection Authority. However, we would suggest that you send us any requests via the email [email protected], so that we can address your questions and work together to find solutions that will solve any problems you may have.
The communication with the Authority for any complaint / complaint can be done electronically through its web portal by filling in the corresponding electronic form depending on the type of complaint. For more information you can follow the link below:
Complaint to the Hellenic DPA | Hellenic Data Protection Authority
4. How we collect your personal data
The Company collects your personal data by accepting the terms of use of each of our services, such as:
• When you call our numbers or our short codes, when you send us an email, or fill out an application or order.
• When you contact our offices or the staff of our customer service department, and our call center, either for purchases or to express your opinion, complaints, or comments.
• When you send us the mailing address or invoice or service receipt as well as home delivery details of your order.
• When you buy a product and / or service to check your age and find out if it is legally permissible to contract validly with us or if you need the consent or signature of your parents and guardians.
• When you voluntarily subscribe to printed or electronic catalogs to receive printed, electronic or SMS information material or other marketing material or to renew your preferences or when participating in contests, questionnaires and surveys.
• When you visit our websites through which we collect, with your explicit consent, through cookies information from your terminal device, such as your Internet Protocol (IP) address, the operating system you are using, the type and version of your browser etc.
• When we receive documents, requests, orders, receipts, warrants, etc. of third parties, such as supervisory, prosecutorial, judicial, tax authorities, for the investigation of crimes and your protection against fraud or to combat all forms of crime and the prevention of infringement of legal goods (protected intellectual works, software, music).
5. Minimisation, storage and erasure of your data
The Company will always ask you for the minimum legally required personal data to connect with our electronic platforms and services, to purchase products / services, to communicate through websites with other users or to take part in contests and promotions.
Our Company retains your personal data only for as long as is required by the contractual terms of each service, in conjunction with the applicable legislation, based on the respective processing purpose, and then anonymizes and destroys them. This means that we will retain your personal data for a period of five (5) years.
You can ask us and be informed on what data we collect about you and correct or delete such data by filling in a relevant application that we have available, unless their retention is required by law for tax, probative or judicial purposes and for the prosecution of illegal acts.
6. Transfer of your data to third parties
As a rule, our Company does not transfer personal data to third parties, except to the extent necessary to complete your order and to fulfill requests regarding the services provided by us.
Such third parties may be official state and supervisory bodies or when we are called upon to comply with the law and prevent illegal actions against us and against our customers (e.g. telecommunications fraud, insult, insult of personality, etc.). The third parties may also be telecommunications companies, TV stations, cloud providers, courier companies, third party service providers that process personal data on behalf of our Company.
In order to offer you Klarna's payment methods, we may transmit personal data during checkout such as contact and transaction data with Klarna, in order for Klarna to assess whether you meet the conditions for its payment methods and to provide you with specialized methods payments. Your personal data is processed in accordance with Klarna's privacy policy.
In our Company we select reliable providers and we try to put contractual restrictions on third parties who receive your personal data, in order to ensure their lawful use. In order to process your data, we may need to transfer your information to other countries, including countries mainly within and exceptionally outside the European Economic Area (EEA), on the basis of EU competence decisions, corporate binding rules, standard contracts and approved codes of conduct.
7. Security of your personal data
In any case, we take the appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of your data. Our goal is to ensure that your personal information are transferred, stored and processed in accordance with appropriate international standards and security procedures. At the Company we have trained and responsible staff, while we recognise the importance of protecting privacy and all your personal information. To this end, we have appropriate security policies and use appropriate technical and operational tools such as data encryption, tokenization, use of firewalls, setting of access levels, authorised employees, staff training, periodic checks, compliance with international security standards and business continuity.
Any partner who has access to the above information, uses such information to serve exclusively the above purposes. We share the information you give us exclusively with the ways described in this Policy and according to your explicit and specific consent by type of processing which you may at any time and freely withdraw by contacting us.
8. Targeted advertising
If you have given us your written consent, we may use your personal data along with other information that we have collected, after human intervention by our commercial department, in order to display ads related to your obvious preferences, on our website or on another website.
If you want us to stop sending you updates or offers, you can use the unsubscribe link at the end of each email you received (unsubscribe).
Furthermore, if you have a SportsFactory account, you can choose not to receive marketing communications of our Company by modifying your options in the section "show or change your profile" of our websites. You can also choose not to receive marketing communications by requesting your deletion from the email and sms lists according to our instructions.
Alternatively you can contact us by using the contact details in the "Questions and Comments" section below.
9. Links to third party websites
The websites of our Company may contain links that lead to other websites of third parties, independent bodies, such as, for example, payment service providers, etc. which are operated and maintained exclusively by them, and which we do not control, as mentioned above. Therefore, we bear absolutely no responsibility for the content, actions or policies of these websites. We kindly ask you to read the relevant data protection policies on the websites you visit, as they may differ significantly from ours.
10. Children
We comply with the legislation and we do not allow children, without the consent of their parents / guardians, to subscribe to the websites and applications managed by our Company, when they are below the legal age limit of their country of residence.
11. Non-requested commercial communication
The Company does not allow the use of our website or our services for the transmission of mass or unwanted commercial emails (spam). Furthermore, we do not allow the sending of messages to and from our customers which use or contain invalid or falsified headings, invalid or non-existent domain names, techniques of concealment of the origin of each message, false or misleading information or violate the terms of use of websites. We do not allow in any way the collection of e-mail addresses, or general information of our customers and subscribers, through our website or our services. We do not allow or authorise any attempt to use our services in a way that could harm, deactivate, burden any part of our services or hinder anyone who wishes to use our services lawfully.
12. Contact for questions or comments
We are at your disposal for any questions, comments and concerns you may have regarding our Policy and practices. In this context, you can contact the Consumer Service at email [email protected], or the Data Protection Officer at [email protected]
13. Validity, Security Policy and Personal Data Protection
This Policy was published by the Company on 30/7/2021 and is subject to periodic improvement and revision.