Privacy Policy

Welcome to our e-commerce website mamagalia.gr

We would like to inform you that we take seriously issues related to the protection of your personal data. For this reason, in this policy we inform you how we process your personal data. 

1. General - Controller
The online store located at mamagalia.gr, hereafter
referred to as "Store", belongs to STEFANIA PANAGIOTA VOURAZERI hereinafter referred to as "Management company" or "we", which is based in Athens, Grammou 24-26 Vrilissia, PO Box 15235 with VAT number 147100607, DOI Cholargou Phone: 2108224403 Email: hello@mamagalia.gr

In the context of providing its services, but also for its compliance
As a managing company with its legal obligations, the Store collects certain information about its visitors and customers, which may lead to their direct or indirect identification.

According to the applicable legal framework, some of this information constitutes personal data. You, as visitors, constitute "data subjects" and we, as the Managing company, are the "controller" of your data.

Through this policy we aim to provide you with information in simple and understandable language about the data we process, the purposes and legal basis of the processing, the recipients, your rights and how you can exercise them. If you have any question about the management of your data or the
exercise your rights, please contact us.

2. Our basic principles for processing your data
We process your data in a fair and transparent manner, in accordance with the applicable legal framework, namely the General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679], Law 4624/2019, Law 3471/2006 and the relevant regulatory framework.

Simply put, this means that:
- We process your data only for purposes which are explicit, legal and defined from the outset, while we do not further process them in a manner incompatible with these purposes (purpose limitation).
- We only process the data that are suitable, relevant and necessary for the purposes we set for their processing (data minimization).
- We make every effort to ensure that your data is accurate, providing you, where appropriate, the possibility of correction/deletion (accuracy).
- We keep your data in a form that allows your identification only for a period of time that is required for the purposes we set for their processing (limitation of the storage period).
- We make every effort to safeguard the safety of 
your data, protecting it, among other things, from unauthorized or
unlawful processing and accidental loss, destruction or damage (integrity and confidentiality).
In the context of the protection of your data, the Managing company implements a series of appropriate technical and organizational measures, adopts internal security policies, trains its staff, who are committed to maintaining confidentiality and privacy, while utilizing a series of technologies that ensure security of your data (e.g. SSL certificate, encryption, certified hosting providers). Strictly adhering to the principles of information security and protection data, we regularly monitor security measures and, if deemed necessary, we adapt them to new best practices.


3. Which of your data do we process and under what conditions
As a general principle, the Store only processes your data when you actively provide it yourself (eg by placing an order or sending us an email). However, this may not apply to some data collected with the help of cookies (for more information about the use of cookies, also read our cookie policy) and to some data, which is collected automatically during the visit your.
A. Information Collected Automatically
Due to the nature and the way the internet works, as soon as you visit the Store, our server records your IP address, which constitutes personal data, even if we cannot identify you ourselves based on this information. as well as some other information, such as the date and time of your visit and the page from which your visit originated.
The legal basis for the collection and storage of data in special files (log files) is our legitimate interest, in order to ensure the security of networks, information and services from accidental events or illegal or malicious actions that endanger the availability, authenticity , the integrity and confidentiality of stored or transmitted data (e.g. control of "denial of service" attacks), but also to effectively deal with any technical problems.
This processing is in accordance with the relevant legal framework, as it does not involves serious risks to your rights and freedoms, while it is permitted, in accordance with the GDPR and national law, that this processing is based on our legitimate interest.
B. Information You Provide Us
We process personal data that you provide us in the following cases:
I. Contacting the Store via contact form or email
Data we process/ Purpose Legal Basis
a. Email address
b. Full name
(optionally)
c. Phone number
(optionally)
Important note: In your message to the Store you should
report only the information necessary for the issue you are interested in and avoid referring to your personal data or that of third parties.

We process this data in the context of serving you, in order to be able to contact you by replying to your message. Simply sending an email or submitting a form does not make you a "customer" of our company and we do not include you in our relevant database.

We process the data you provide us in the context of serving our legitimate interests (Article 6 para. 1f GDPR), in this case to serve your requests, maintain and improve the Store's communication with its prospective or existing customers.


II. Register in the Store
Data we process/ Purpose Legal Basis
a. Full name
b. Email address
c. Mobile phone number (optional)
d. Postal address (optional)
e. Date of birth (optional)

We process this data in order to fulfil our contractual obligations with you, if you wish to register as a member of the Store. Also, these details are necessary for any assurance of We process the information that we provide in order to fulfil our contractual obligations towards you or to take steps before entering into a contract, (Article 6 para. 1b GDPR). rights and our financial claims, as well as for the establishment, exercise or support of our legal claims.

Registration is not mandatory to make your purchases in the Store.

Create a member account using a third party login
The Store allows you to create a member account
using your account with a third party provider (Facebook or Google). To create an account, you must give your consent to the respective provider for the transmission of some of your information (username and email address) to the Store.
Your registration takes place through automated secure communication between the Store's system and the respective provider's platform.

A condition for the use of this feature is the provision of consent
you, in order to transmit your personal data to the Store. At the time of consent, each provider provides you with information about the data that is transmitted. Your consent is given only once and remains valid until you withdraw it. You can withdraw your consent at any time and freely through your account settings with the respective provider. If you withdraw your consent, the account in the Store will be deactivated.


III. Submit an order for products
Data we process/ Purpose Legal Basis
a. Full name
b. Email address
c. Mobile/fixed
phone
d. Postal address
e. VAT number and VAT number (if an invoice is requested)
f. Occupation (if an invoice is requested)

Important note: In your notes to the Store you should
report only the necessary data for the issue you are interested in and avoid reporting personal data of your own or of third parties. We process this data in order to to fulfil our contractual obligations (delivery of products) as well as to issue legal documents in the context of our transactions with you.

Also, these elements are necessary to ensure the rights and our financial claims, as well as to establish, exercise or support legal claims. We process the information you provide to us in order to fulfil our contractual obligations or to take measures before concluding a contract (art6 para. 1b GDPR).

We are also obliged by the relevant legislation to keep records and issue documents for our transactions (legal obligation - Article 6 para. 1c GDPR).

Commercial Communication Note: Based on our legitimate interest we may notify you by telephone, post, email, SMS or any other convenient means of communication, based on contact information lawfully obtained in the context of a prior of our transactional relationship (article 11 par. 3 of Law 3471/2006) and as long as you do not express your objection to this communication.

This update may include information about our products, special or general offers, promotions of our own or in cooperation with other companies (without passing on your data to them) and competitions. also in the same context of commercial communication, we may communicate with you through messaging services such as Viber, WhatsApp, etc., for the purposes of better communication and controlling the cost of our communication. Based on our legitimate interest we may also contact you after the sale of goods and services to check whether the level of service, both ours and our partners', is what our customers expect.


IV. Sending a newsletter (Newsletter)
Data we process/ Purpose Legal Basis
a. Email address
b. Mobile phone

We use your email and/or mobile phone (SMS, applications such as Viber) to send you updates about news, offers and other matters that we think are of interest to you in relation to the Store.
You retain the ability to control our communication through the respective section on your Store profile. We process the data
which you provide us based on your consent (Article 6 para. 1a GDPR), which you have the right to revoke at any time and request the deletion of your data. Withdrawal of consent it does not affect the lawfulness of the processing based on it before its withdrawal. Any withdrawal of your consent will prevent us from communicating with you. We may also process the same contact data to inform you about offers and other commercial promotions without your prior consent you, in the context of our previous business relationship, as long as you do not tell us that you do not wish such communication (opt-out).

Important note: The accuracy of the data submitted in all
cases burden those who submit them. Find out about the
possibility to correct your data in the section of the policy concerning your rights.


4. Who has access to your data
In principle, access to your data is granted to our authorized personnel, who process your data under strict confidentiality conditions, only to the extent and in the context of the legitimate purposes for which we have informed you above.
In order to be able to provide its services, the Store transmits some of your data to partner companies. These companies (processors) process your data only for the purposes mentioned above and only on behalf and at the direction of the Managing company, with the exception of any legal obligations. When transmitting your data, all necessary technical and organizational measures are taken to ensure the best possible level of security. These companies have been selected with a key criterion, among other things, the ability to securely process your data. These companies are committed through a contract concluded with the Managing company to provide necessary guarantees for the protection of Personal Data and to take the appropriate technical and organizational measures so that the processing is lawful and to ensure the protection of your data and rights.
These companies provide us with: (a) services for the provision of web hosting (web hosting), (b) services for transporting the products to you (courier and partner courier companies), (c) services related to the presence of the Store on the Internet , such as online payments, and its marketing. For more information about the recipients of your data you can contact us.
5. What applies to social media

Facebook Page
The Store maintains an official page on the social networking platform Facebook Mama Galia which is linked to the Store through hyperlinks. You can contact us through our Facebook page in order to receive more information about our products and services through the "send message" option. In order to answer your questions, we process your Facebook username as well as other information that is publicly available through your profile (e.g. email address). The very sending of a message for the purpose of communication between us implies your consent to the above processing of your data. Access to and use of the Facebook page is subject, in addition to Facebook's own policies, to this Privacy Policy. If you choose to "LIKE" our page, this implies that you give your consent to see the news and promotions (via newsfeed) carried out by the Store through its Facebook page. If you do not wish to receive such updates, you can at any time press the "UNLIKE" option. Meta is responsible for the operation of Facebook in the European Union Platforms Ireland Limited. You can find out about the processing of your data by Facebook at the following links:
https://el-gr.facebook.com/policy.php
https://el-gr.facebook.com/business/GDPR
Instagram

The Store maintains an official page on the Instagram social networking platform mamagalia.gr, which is connected to the Store via hyperlinks. Through the Instagram platform you have the possibility to follow it. Store account and comment on its publications, providing data to be processed on the platform.
Instagram, operated in the European Union by Meta Platforms Ireland Limited, has its own cookie and data protection policies over which we have no control and are unable to influence.

General information about social media

According to decisions of the Court of the European Union, the Management company, as the manager of a page through which it processes personal data of visitors on social media (Facebook, Instagram) can be considered jointly responsible for the processing with the respective provider (Facebook) , Instagram). This relationship concerns exclusively the operations of processing the visitor's data through the page, such as for example the indication of like on a publication. This processing is based on the visitor's consent, as detailed above. The Managing company takes all appropriate technical and organizational measures for the security of data processing through social media, such as limiting the persons who have access to its management
of each page. The Managing company is only responsible for the way and means of processing your data for the purposes it sets (communication, information and promotional actions) and to the extent that it exercises control over your data. On the contrary, it bears no responsibility for the way or the means by which the respective social networking platform processes your data. The terms of use of each social media where your comments are submitted will normally apply. In any case, we urge you to be very careful about the content you send to our pages in the networking media, especially when you provide your personal data or that of third parties, while you should confirm that the page you are communicating with is indeed the official one.


Comments on social media

The Management company encourages the submission of comments by users on the posts and/or pages it maintains on social media, in the context of an open dialogue with respect for different opinions.
The Management company has no general obligation to control the content submitted by the users of these media, however it makes efforts to ensure a safe online environment.
Therefore, the Store administrators reserve the right to remove
any type of content deemed to violate its terms of use, such as content that is abusive, vulgar, pornographic, threatening, advertising or that violates intellectual property rights or contains a false statement as to the user's identity, while maintaining the ability to block users who submit.
In the event that you believe that user content hosted on the Admin company's social media pages violates or otherwise violates our terms of use, please contact the administrators immediately.


6. Where and for how long we store your data


Your data is stored in the Store's information system, which is hosted in a data center located within the European Economic Area. In any case, appropriate organizational and technical measures are always applied to avoid any violation thereof.
The data is stored exclusively and only for a period of time, which is necessary for the respective processing purpose. For example, if you have purchased products from the Store, we are required to keep the relevant documents for a period of five (5) years.


7. What are your rights in relation to your data and how do you exercise them


Based on the relevant legal framework (see in particular Articles 12-22 GDPR) you have a number of rights in relation to the processing of your data by the Managing Company.


Specifically, you have the right to:
1. Submit a request to find out if we are processing data and, if so, which ones (right of access);
2. Request their correction or completion when they are incomplete
(right of rectification),
3. To request, under conditions, their deletion (right to deletion),
4. To request, under conditions, the restriction of their processing (right to restriction of processing),
5. Object, under certain conditions, to their processing on our behalf (right to object), especially with regard to the processing related to commercial promotion (e.g. sending a newsletter),
6. Request the data you have provided to us in a structured, common format
used and machine-readable format (right to
data portability), if this is considered technically feasible.
7. In the event of a data breach, which may put your rights and freedoms at high risk and if it does not fall under one of the exceptions provided for in the GDPR and the applicable national legislation, the Management company undertakes obligation to notify you of the breach without undue delay. Compliance with the legal framework for data processing and, in this context, the exercise of your rights, is a priority for us. For this reason, we have the right to request the provision of additional information, which is necessary to confirm your identity, before exercising your rights.
In principle, the Management company is obliged to respond to your request immediately and within one (1) month at the latest. If deemed necessary, taking into account the complexity of the request and the number of requests, this deadline can be extended by two (2) more months. In any case, the Management company will inform you as soon as possible and, in any case within one (1) month from the submission of your request, about its progress and the reason for any delay in satisfying it. Through the Store, registered members are provided with the ability to control their personal information through their account settings.

For example, as a registered member you can correct your details, add addresses, get a copy of your data, to
anonymize your information and request the deletion of your account.

In the event that your requests are manifestly unfounded or excessive or are submitted in an abusive manner, in particular due to their repeated nature, the Management company may either impose a reasonable fee, taking into account the administrative costs of providing the information or announcement or performing the requested action, or refuse to proceed at your request.
In case you consider that the Managing company does not comply with the legislation on personal data protection, you have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr, Kifissias 1-3, P.O. 115 23, Athens ).


8. Hyperlinks to third party websites
With the help of appropriate hyperlinks within the Store, access to third-party websites is provided. The placement of
of these hyperlinks has been made with the sole purpose of facilitating visitors during their internet browsing. It is in no way an indication of acceptance or approval of the content of the hyperlinked websites.

Access by using the provided links to the respective website takes place solely at your own risk and we encourage you to carefully read the data protection policy of each website you visit.

9. Minors
The Store addresses its services exclusively to people over 18 years of age. In case of data submission to the Store, it is assumed that the visitor is over 18 years old or, if he is under 18 years old, that he has received the necessary consent from the person(s) having parental responsibility and that he/she will provide his/her information, provided requested by the Management company. Since it is not technically possible to effectively check the age of the Store's visitors, we undertake, in the event that the submission of personal information concerning minors is reported, to delete all relevant information. This deletion is valid subject to the need for compliance
of the data in case of establishment, exercise or support of our legal claims or the fulfillment of a legal obligation.

10. Policy Changes and Updates
This policy may be modified at any time without notice
prior notice. Guided by the principle of transparency, we are committed to informing you of any significant change in our policy. In any case, however, you should periodically check our policy, as the use of our services implies your acceptance of it.