PREAMBLE
ΟThe Website www.ashley.com.gr  (hereinafter “the Website”) is managed by the societe anonyme company under the name “MANIMA S.A.” and the distinctive title “MANIMA”, which is based in Halandri, Attica, Kifisias, No. 216, with VAT 801478241 and No. G.E.MI. (General Commercial Registry) 157665801000 (hereinafter “the Company”). The Website is the Company’s online store (e-shop), through which the Company’s customers and internet users have the opportunity to be informed about the products offered by the Company, to make their purchases online, as well as to create a user account that will facilitate their purchases. For the sale of the products and the provision of the Company’s services through this online store it is necessary to collect and process the information of visitors/registered users of the Website. The Company’s primary concern is that all its actions are conducted in accordance with the principles of privacy protection, respect for human value, protection of personal data and confidentiality of communications. This Privacy Policy for Personal Data Protection describes the Company’s standards for the management and protection of personal data by or on its behalf and applies to any activity conducted through the Website, which is related to the processing of information concerning natural person.
DEFINITIONS
For the purposes of the present, the following shall be understood as:
  • ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • ‘Special categories of personal data’ personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
  • Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • ‘Anonymisation’means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject.
  • ‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • ‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • ‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • ‘Existing legislation’ means the provisions of any existing Greek, Union or other legislation in which we subject to and which set out issues of personal data protection, in particular the General Data Protection Regulation (GDPR) 2016/679 EU and L. 4624/2019 (Government Gazette A’ 137/29.8.2019)
CONTROLLER

For any processing of personal data conducted in the context of the use of the Website, solely for the purposes and in the manner set out in this Policy, the Controller shall be deemed to be the Company.

WHAT PERSONAL DATA THE COMPANY COLLECTS AND PROCESSES THROUGH ITS WEBSITE
1. Information collected directly from data subjects
In case of an online purchase, the Company processes the personal data of the visitor/user of the Website, as stated by him/her at the time of the creation of his account and/or in his/her order, in the registration form, in order to complete his/her specific order through the online store. Each customer of the online store can complete an online order and declare his personal data either as asimple visitor or as aregistered user of the website. In particular, the categories and type of personal data that each user should provide (whether acting as a visitor or as a registered user) in order to carry out any transaction through the Company’s online store and complete product orders are as follows:
  • Identification details: Name and Surname, date of birth
  • Contact details: landline and mobile number, email address
  • Billing address
  • Delivery address (in case it is different from billing address); Please note that in case of requesting delivery of products or services to a third party, other than a visitor or registered user, the latter acknowledges that will have full responsibility for the information and full consent of the person, who he/she designates as the recipient, for the disclosure of his/her personal data to the Company for the sole purpose of delivery to him/her of the relevant products, and assumes full responsibility for any claims of this person against the Company.
  • Invoicing details (in case an invoice is requested): Company name, registered office, VAT number, Tax office.
In relation to registered users, the Company collects and processes in addition to the above, the following personal data:
  • Order history
  • Frequency of visits to the Website
  • The content in the “Shopping Cart” or/and “Wishlist”
  • Participation in promotions
The details of credit/debit card of visitors/registered users are not stored nor kept in a Company file, but are recorded directly in a secure environment of Stripe that is responsible for routing the cards. In case the visitor/user of the Website wishes through it to express his interest to contact the Company, either to send any query or request or to schedule an appointment in a physical store of the Company, he is asked to fill in the corresponding contact form, during the submission of which the Website collects and processes the following personal data of the visitor / user:
  • Name and Surname
  • Address of residence/headquarters/establishment
  • Email address
  • Telephone
  • Message (free text of the interested party)
2. Information collected automatically during the visit and interaction of users/visitors of the Website
Simply browsing the Website does not require the visitor to provide/enter personal data. However, by just visiting and browsing the Website, certain information may be collected automatically, which may lead to identification of the subjects, directly or indirectly, such as:
  • The Internet Protocol (IP) address of the visitor / user’s computer
  • Browser type and operating system
  • The websites visited by users / visitors immediately before and after their visit to the Company’s Website
  • Connection speed and information about software programs installed on the computer
  • Basic server connection information
  • Information collected through HTML cookies, Flash cookies, web beacons and other similar technologies (see section Cookies).
LAWFUL BASIS FOR PROCESSING The Company process the personal data of the visitors/ users of the Website transparently in accordance with the principles of legality, proportionality, confidentiality and integrity, limitation of purpose and accuracy, the specific retention time of the data, and data minimization. The legal basis for processing the personal data οf the subjects per case may be in particular:
  • The consent.
  • The necessity to process data in the context of performing a contractual obligation or at the pre-contractual stage.
  • The necessity to process data in the context of safeguarding Company’s legal interests.
  • The necessity to process data in compliance with the Company’s legal obligation.
  • The necessity to process data in order to perform the obligations and exercise specific rights of the Company’s or of the subjects or to fulfill a duty carried out in the public interest.
  • The necessity to process data to protect the vital interests of the subjects.
  • The necessity to process data for the foundation, exercise or support of rights and legal claims.
  • The necessity for the export of statistical data.
PURPOSE OF PROCESSING Processing purposes are always based on a legitimate processing basis and vary according to the category of data. Specifically, the Company processes the personal data of visitors/users of the Website for the following purposes:
  • To identify users in the context of creating an account (user account) and when providing them with access to the Website as registered users.
  • For the execution of the sales contract from a distance, i.e. for the completion of the order, the communication and the sending of information regarding the stages of processing the order, the provision of clarifications regarding the order, the delivery of the order to the customer’s place of choice.
  • For the communication with the visitors / users of the Website and the management of their requests / queries, whether they are related to issues of personal data protection or to the quality of their service or to the products offered by the Company.
  • For the regular infomation of the visitor and / or the registered user via e-mail, whose contact details were legally obtained by the Company, in the context of the transaction with the visitor and / or registered user, according to article 11 par. 3 of Law 3471/2006 and if the visitor and / or the registered user does not oppose this communication. This information may include information about its products and / or offers and / or contests, communication for conducting research and other promotional activities of the Company.
  • For the compliance of the Company with legal obligations, e.g. indicative of the tax legislation or for the possible cooperation of the Company with Judicial, Administrative and Regulatory authorities.
  • To improve and develop the features and functions of the Website, including the conduct of research and studies, as well as tests to address website malfunctions or to personalize its content and functions, so that they are tailored to the interests and preferences of the users.
  • To export statistical data, after anonymizing the data.
  • To protect visitors / users from malicious actions and maintain the security and integrity of the Website.
MINORS Protecting the safety and privacy of minors is very important to the Company. By accepting the Terms of Use of the Website, the User declares that he/she is an adult over 18 years of age or, if he/she is under 18 years of age, that he/she has obtained the necessary consent from the person/persons having parental responsibility and that he/she will provide the information of him/her if so requested. In any case that the Company finds that it has unknowingly collected any personal information directly from a minor under the age of 15, without verifiable parental consent, it will delete the information from its database as soon as possible, with reservation about the exceptions provided in the Law.
LAWFUL BASIS FOR PROCESSING
The Company process the personal data of the visitors/ users of the Website transparently in accordance with the principles of legality, proportionality, confidentiality and integrity, limitation of purpose and accuracy, the specific retention time of the data, and data minimization. The legal basis for processing the personal data οf the subjects per case may be in particular:
  • The consent.
  • The necessity to process data in the context of performing a contractual obligation or at the pre-contractual stage.
  • The necessity to process data in the context of safeguarding Company’s legal interests.
  • The necessity to process data in compliance with the Company’s legal obligation.
  • The necessity to process data in order to perform the obligations and exercise specific rights of the Company’s or of the subjects or to fulfill a duty carried out in the public interest.
  • The necessity to process data to protect the vital interests of the subjects.
  • The necessity to process data for the foundation, exercise or support of rights and legal claims.
  • The necessity for the export of statistical data.
PURPOSE OF PROCESSING
Processing purposes are always based on a legitimate processing basis and vary according to the category of data. Specifically, the Company processes the personal data of visitors/users of the Website for the following purposes:
  • To identify users in the context of creating an account (user account) and when providing them with access to the Website as registered users.
  • For the execution of the sales contract from a distance, i.e. for the completion of the order, the communication and the sending of information regarding the stages of processing the order, the provision of clarifications regarding the order, the delivery of the order to the customer’s place of choice.
  • For the communication with the visitors / users of the Website and the management of their requests / queries, whether they are related to issues of personal data protection or to the quality of their service or to the products offered by the Company.
  • For the regular infomation of the visitor and / or the registered user via e-mail, whose contact details were legally obtained by the Company, in the context of the transaction with the visitor and / or registered user, according to article 11 par. 3 of Law 3471/2006 and if the visitor and / or the registered user does not oppose this communication. This information may include information about its products and / or offers and / or contests, communication for conducting research and other promotional activities of the Company.
  • For the compliance of the Company with legal obligations, e.g. indicative of the tax legislation or for the possible cooperation of the Company with Judicial, Administrative and Regulatory authorities.
  • To improve and develop the features and functions of the Website, including the conduct of research and studies, as well as tests to address website malfunctions or to personalize its content and functions, so that they are tailored to the interests and preferences of the users.
  • To export statistical data, after anonymizing the data.
  • To protect visitors / users from malicious actions and maintain the security and integrity of the Website.
MINORS

Protecting the safety and privacy of minors is very important to the Company. By accepting the Terms of Use of the Website, the User declares that he/she is an adult over 18 years of age or, if he/she is under 18 years of age, that he/she has obtained the necessary consent from the person/persons having parental responsibility and that he/she will provide the information of him/her if so requested. In any case that the Company finds that it has unknowingly collected any personal information directly from a minor under the age of 15, without verifiable parental consent, it will delete the information from its database as soon as possible, with reservation about the exceptions provided in the Law.

TRANSMISSION OF PERSONAL DATA
The Company may transmit the personal data of the visitors/users of the Website to third parties in the following cases:
  • To third-party companies, which undertake to perform a certain processing for the Company. In this case the Company performs specific processing activities, ensuring that the processing is carried out in accordance with the applicable legal framework and that the personal data of the subjects are processed safely, and that the subjects can freely and unhindered exercise their rights.
  • To Judicial and Prosecution authorities in the exercise of their duties ex officio or at the request of a third party claiming a legitimate interest and in accordance with the legal procedures.
  • To other institutions of the Greek State, which, according to their statutes, have such a right and authority.
TRANSMISSIONS TO THIRD COUNTRIES

The personal data of the visitors/users may be transmitted to non-EU recipients, only if the appropriate safeguards are complied with, in accordance with existing legislation, so as not to undermine the level of protection of natural persons ensured in the European Union from the GDPR.

DATA RETENTION TIME

All personal data that Company processes are kept for a predetermined and limited period, depending on the purpose of processing, at the end of which such personal data is deleted from the Company’s databases. Under no circumstances will the data be deleted as long as there is a connection with the natural persons (e.g. through an active user account) and for the period during which any legal claims may arise (e.g. 5-year limitation period of claims on tort action).

RIGHTS OF DATA SUBJECTS
Data subjects always reserve the right to be informed about the processing of their personal data (right of access) and to request and receive more information about the processing performed. In addition, with reservation to the exceptions provided by law, they have the right to request, at any time:
  • Access in the personal data that the Company keeps.
  • Rectification of the personal data.
  • Erasure (‘right to be forgotten’) of the personal data provided to the Company.
  • Restriction of processing personal data.
  • Personal data portability.
  • Objection to the processing of the personal data.
  • Withdrawal of their consent (in cases where the processing is based on consent).
The Company provides the possibility to the registered users of the Website to view, correct / fill in their personal data through their personal account. In any case, to exercise any of the aforementioned rights, the subjects can submit their requests to the email address: [email protected] If a subject exercises one or more of the aforementioned rights of rectification, erasure and restriction of processing of his/her personal data, such request will also be transmitted to any third party recipient, to whom the personal data may have been transmitted in the context of the aforementioned processing purposes. In case a subject exercises any of the aforementioned rights, the Company will respond within one (1) month, from the receipt and identification of the relevant request. This period may be extended by two (2) months, if necessary, taking into account the complexity of the request and the number of requests. In this case the Company will provide the subject with notice of such extension within one (1) month of receipt of the request, as well as the reasons for the delay. In case the subjects consider that their personal data have been affected in any way, they may contact the National Data Protection Authority in the websitewww.dpa.gr.
COOKIES
What are cookies? Cookies are small data files, which a website can install and store on the computer or mobile terminal device (tablet, smartphone, laptop) of visitors. Thanks to cookies, the website remembers the actions of visitors during navigation. The use of cookies as trackers is supported by various browsers, the so-called browsers, such as Google Chrome, Internet Explorer, Mozilla Firefox, Safari, Opera. If they wish, website visitors can disable them, so that they are not accepted or even delete them afterwards. Functions of cookies Depending on their type, cookies perform functions such as measuring page traffic, recording the number of visitors, language, time of entry, geographical origin, device identifiers (e.g. operating system, screen resolution), keywords used by users/visitors, login attempts, etc. Some cookies are personal data and some are not. Some cookies are technically necessary, while others serve commercial and advertising purposes. Types of cookies There are different types of cookies, operational, technical, user identification, advertising, etc. First party cookies are set by the website/page visited by users and are only readable by this website/page. If the website uses external third-party services, then also their own cookies, so-called third-party cookies (Google Analytics, Facebook, etc.) are installed on the users’ device. Persistent cookies are those that are stored on the users’ computer and are not automatically deleted once users close their browser. Non- persistent or session cookies are those that are deleted once users close their browser. Every time you visit our website, you will be asked to accept or reject cookies. If you consciously choose to accept them, our website will remember your preferences (such as username, language) for a certain period of time. This way you will not have to re-enter them when you browse our site during the same visit. Legal regime for the use and storage of cookies The installation and use of “cookies” are specifically regulated by law (Art.4 par.5 of Law 3471/2006 which incorporated the European Directive 2002/58/EC ePrivacy), which is expected to be replaced by a Regulation (ePrivacy Regulation), so there may be changes to the present policy. Each website is allowed to install such cookie only if users provide their explicit consent (in accordance with the terms of GDPR 2016/679) by means of an opt-in action (opt-in), after being informed about this installation, its usefulness, the consequences of refusal for the user experience, the purpose of the processing, the exercise of the right of access and any recipients of the data. This consent may be given through appropriate settings in the web browser or through another application. For this purpose, the following information is provided. How do we use cookies? Our website may use the following cookies:
  • Strictly necessary cookies Strictly necessary cookies are essential for the proper function of our website, allowing users to browse and use its features. These cookies do not recognize the individual identity of users. Without these cookies, we cannot offer effective operation of our website. In addition, these cookies allow our website to remember users’ choices in order to provide improved and personalized features.
  • Functionality cookies (Preferences cookies) These cookies allow websites to remember user’s choices such as username, language or region, in order to provide enhanced and personalized features. The information collected by these cookies can be made anonymous and it is not possible to track browsing activity on other websites. If visitors do not accept these cookies, the performance and functionality of the websites may be affected and their access to its content may be limited.
  • Performance cookies (Statistics cookies) These cookies collect information about how visitors use our website. For example, which pages they visit most often and whether they receive error messages from websites. These cookies collect aggregate, anonymous information that does not identify a visitor. They are used solely to improve the performance of a website.
  • Marketing cookies These cookies are used to provide content that best suits visitors and their interests. They may be used to send targeted advertising/offers, limit advertising impressions or measure the effectiveness of an advertising campaign. These cookies may be used to remember the websites that users have visited in order to determine which online marketing channels are most effective.
  • Unclassified cookies Unclassified cookies are cookies that are in the process of being classified, together with the providers of individual cookies.
Third party providers Our website displays content from external providers, such as Google, Analytics, Facebook, Instagram, etc. In order to view third-party content, users must first accept the terms and conditions set by the external providers themselves. These include the third party’s cookie collection policy, which is beyond our control. However, if users do not view the content in question, no third-party cookies are installed on their device. Obtaining Visitor’s Consent The mandatory acceptance of cookies is not a condition of entry to our website. Visitors can freely navigate by checking and accepting or not the cookies, either ours or those of third parties, whose use policy is determined solely by them, without our involvement and legal responsibility. Next to the accept button of each cookie category there is a link that leads to the present cookie policy of our website, in which each user can read all the necessary information that will make it easier for him/her to decide whether or not to consent to accept cookies. Deactivating the trackers is as easy as accepting them, with the same number of clicks. Checking and deleting cookies You can control and/or delete cookies according to your wishes. You can enable, disable or completely delete cookies through the setting options in your browser. For example, in Chrome, you can click on the Chrome menu and then select Settings / Privacy / Content Settings and change the cookie settings according to your preferences. If you choose to disable cookies, certain parts of the website may not function adequately. More information about the types of cookies and how you can control or delete cookies is available at http://www.allaboutcookies.org.
MODIFICATION OF PRESENT POLICY
This Privacy Policy may be revised occasionally, in accordance with the requirements of the applicable law. In case of revision of this Policy, a relevant notice will be posted on the Website. Date of Validity 15.11.2021