E-shop www.behomestores.com belongs to the company “J&M HOME IDIOTIKI KEFALAIOUCHIKI ETAIREIA” (distinctive title J&M HOME), with registered offices in the Municipality of Athens Attica Greece, 7 K. Daskalaki St., P.C. 11526, taxpayer identification number (TIN) & VAT number EL 800876675, tel. No: 00302106029511, e-mail: [email protected].
The Company has taken the appropriate measures which ensure that processing of your personal data complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the applicable Greek Laws (Law 4624/2019). Especially, Behomestores adopts internal policies and implement measures which meet the principles of data protection by design and data protection by default.
We collect your personal data either directly from you, or through affiliated companies. We collect your data through this Website and / or in other ways (social media, contests, cookies, analytics tools, etc.).
SCOPE AND AIM
(1) ‘personal data’ or ‘data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
(3) ‘data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;
(4) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
(5) ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
(6) ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
(7) ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
(8) ‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51 G.D.P.R.
(9) ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
(10) ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
OUR PRINCIPLES RELATING TO PROCESSING OF YOUR PERSONAL DATA
On this Website we process your personal data lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’). We collect your personal data for specified, explicit and legitimate purposes. Your data are not further processed in a manner that is incompatible with those purposes (‘purpose limitation’). Furthermore, your personal data that we process are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’). Your personal data are also accurate and, where necessary, kept up to date. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’). Your personal data are kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’). Your personal data are processed in a manner that ensures appropriate security of them, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
For any processing of personal data for the following purposes, J&M HOME IDIOTIKI KEFALAIOUCHIKI ETAIREIA is the Data Controller (e-mail: [email protected]). The Data Controller determines the purposes and means of the processing of your personal data.
PERSONAL DATA WE COLLECT AND PROCESS - LAWFULNESS OF PROCESSING - PURPOSES - RETENTION PERIOD
In order to purchase our products, we will ask you to provide us with personal information such as: your first name, your last name, your address (street, city, region, postal code), phone number, company name and your e-mail address. These data are collected electronically through the relevant data entry form. You may choose to create an account based on the data you fill in during the checkout process. We will also collect/process your order payment information. We do not process your credit / debit card details that you enter in the electronic environment of collaborating payment service providers. Processing of your data is necessary for the performance of our contract to which you are party (invoicing, shipping etc.). We will disclose your data to collaborating courier companies. We will store your personal data for as long as the law stipulates from the end of your last purchase from Behomestores. In the same context, we may also process your personal data in order to take steps at your request, prior to entering into a contract. We may as well use your e-mail address to send you improvements and / or updates of our products specs / services and information about the delivery of the Products.
We will process your e-mail address to create a personal account for you. If you retain an account we also process 1) your wishlist and your previous orders for your convenience, 2) your Products’ reviews as a User and 3) the points you earn through the Behomestores reward system as well as the ones you redeem. We process these reward points you collect in order to offer you the equivalent discount. We will store these data for as long as you retain your account (lawful base: consent). If your account remains inactive and there is no other legal basis for the processing of your personal data, or any obligation to retain them, they will be deleted two years after your last login on the Website. You can ask Behomestores to keep your data indefinitely so that it is not deleted in case of inactivity. In case of deletion of your account by the Company, your personal data will be kept for one month after the deletion of the account (unless there is another legal reason or obligation to maintain them) and you will be notified so that you can ask the Company to provide you with a copy of your data, then they will be permanently deleted. If you request the deletion of your account, your data will be deleted immediately.
When Visitors submit a review for the Products we process their name, e-mail, rating and information included in their review (lawful base: consent). When Users submit a review for our Products we process their rating and information included in their review (lawful base: consent). We process these data in order to inform Visitors about the quality of our Products. We retain your reviews for as long as we retail the Products you have reviewed.
We retain the products you recently saw while browsing the Website for your convenience and until you close your browser (lawful base: Cookies consent).
We process your personal data when you contact us in any way, in order to answer your questions/requests. When you seek for information about our products / services, we process your Personal Data in order to take steps at your request, prior to entering into a contract. We may also process these data for the performance of our contract. Unless you are already a customer of Behomestores, we will store your personal data for six months from the last time you have contacted us.
Where Behomestores obtains from its customers their e-mail address, in the context of the sale of a product or a service, we may use these e-mail address for direct marketing of our similar products or services. We give you the opportunity to object, free of charge and in an easy way, to such use of your e-mail address, on each message, in case you have not initially refused such use (soft-opt in).
Furthermore, Behomestores may process your e-mail to send you Newsletters on the basis of your consent. In this case, we will store your personal data for as long as you wish to receive Newsletters from us. Newsletters are free of charge e-mails with advertising content, promotions, events, discounts, special offers, contests etc. You may unsubscribe from our mail list at any time. In this case we will store your e-mail to an unsubscribe list to fulfil our legal obligation.
We also, collect your Personal Data (profile name, comments, reviews, contact details, messages) that you share with us when visiting our pages / profiles / channels on social media platforms (Facebook / Instagram / Google Maps etc.). This information is processed when you contact us, make a request or interact in another way with us, through our social media pages, so as to respond or communicate with you in any way. Your personal data will be retained for as long as you remain a fan / follower / member / subscriber of our pages / profiles. By using the above-mentioned services (social media) you acknowledge that your interaction (like, comment, message) with our pages / profiles / channels etc. gives us the right to process your personal data on the basis of your consent. We may also process this information for marketing purposes (e.g. send you information about a contest or a product).
We collect your personal data (name and contact details), when you participate in contests, on the basis of your consent. We may collect this information from your social media profile, if you participate in the contest through a social media platform, or from another source if the contest is not hosted on a social media platform. We will process this information to run the contest and communicate with the winners (winners’ address will be also collected). Then we will erase your data, unless there is another (e.g. consent) lawful base for keeping them.
We may also process your personal data, if processing is necessary for the purposes of the legitimate interests pursued by the Controller (statistical analysis, market research, security reasons), or for direct marketing. Any processing of your Personal Data in this context will be carried out in accordance with the GDPR and the applicable Greek Law.
We will collect and process your declaration of withdrawal. The withdrawal forms will be retained without any time limitation in order to check whether you are abusively exercising your right to withdraw from a contract with our Company (lawful base: contract, legitimate interest).
The Company cooperates with advertising / promotional companies, statistical analysis companies, suppliers and service providers who process personal data on our behalf. We disclose to our partners your personal data, solely for the processing purposes referred to in this Policy (lawful base: legitimate interests or consent).
Behomestores and third parties may store Cookies on your device and process information collected through Cookies’ use. For more information (e.g. purposes, lawfulness, retention period etc.) read the Cookies Policy.
We process Customers’ IP to match the orders with the Customers as well as to check if multiple orders have been placed over the same IP address and to avoid fraud and fake orders (e.g. when the area to which the IP corresponds differs from the delivery area of the order). (lawful base: legitimate interest). We will store your IP for 6 months after your last purchase.
We collect and process your personal data only for legal purposes, as the above mentioned. We may process your personal data for purposes other than those for which your personal data were initially collected, only where the processing is compatible with the purposes for which your personal data were initially collected. E.g. we may contact you via e-mail to inform you about the Website’ s function. We may also process your personal data, if processing is necessary for compliance with a legal obligation to which the Company is subject.
The time that your Personal Data may be retained by the Company is also determined by our legal obligations in the applicable Legislation (tax etc.). If you have not fulfilled any payment obligations, or if there is a dispute, pursuant to our contract, we may keep your personal data for as long as Greek laws stipulate.
PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA – CHILDREN’ S DATA
We do not collect or process special categories of Data. You shall refrain from sending to the Company special categories of Data. The Company shall not be liable for any damage incurred to you or a third party due to an illegal act or omission performed by you, regarding special categories of Data.
Only adults can use the Website’ s services. Therefore, we do not collect or process children’s Data. The Company will erase any children’s Data that you disclose to us through the Website. The Company shall not be liable for any and all damages arising from any use of the Website by a child.
We may ask you to give your consent to the processing of personal data relating to you. This may include ticking a box while browsing through different webpages of the Website. Ticking that box, is a clear affirmative action, which is considered as a freely given, specific, informed and unambiguous indication of your agreement to the processing of your personal data for the above-mentioned purposes, when we process your data based on your consent. You may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before your withdrawal.
We will provide you all the information you need to express your prior agreement (consent) to the processing of personal data relating to you, if processing is based on your consent.
If you refuse to disclose your Personal Data to our Company, we will not be able to provide you with our products / services.
RECIPIENTS & PROCESSORS
We may need to disclose your Personal Data to authorized recipients for (i) the maintenance / repair of our equipment (PCs, servers, hardware) that support the operation of the Website, and (ii) the development of the Website.
Where processing is to be carried out on behalf of the Company, we use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of your rights. Some of the processors that we use: i) PayPal, ii) Google Inc. (Analytics), iii) Mailchimp, iv) National Bank of Greece, v) Woocommerce.
TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY
A transfer of personal data to a third country may take place where the Commission has decided that the third country ensures an adequate level of protection. In the absence of a decision we may transfer personal data to a third country only if the processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Otherwise, we will transfer your data to a third country only under GDPR conditions (data subject’ s consent, contract, vital interests etc.).
On Behomestores we protect your personal data and we always respect your rights and freedoms.
As Data Subject you have the right to be informed on the processing of your personal data, the right of access to your personal data and to information relevant to processing, the right of rectification of your personal data , the right to erasure of your personal data, the right to restriction of processing, the right to data portability, the right to object to the processing of your personal data, the right not to be subject to a decision based solely on automated processing, including profiling and the right to withdraw your consent at any time.
To be informed about or exercise the above rights, you need to apply by writing to the Company “J&M HOME IDIOTIKI KEFALAIOUCHIKI ETAIREIA”, with registered offices in the Municipality of Athens Attica Greece, 7 K. Daskalaki St., P.C. 11526, or via e-mail: [email protected]. You may also use the Website’s services to rectify/complete your data. We are ready to handle your request with respect to your rights and privacy. Otherwise, you could lodge a complaint to a supervisory authority (www.dpa.gr – tel: 0030 210 6475600, [email protected]), if the Data Controller does not take action on your request.
We take all efforts to facilitate the exercise of Data Subjects’ rights. We will not refuse to act on any request of yours for exercising your rights, which are described above, unless we are not in a position to identify the Data Subject.
We will respond in writing to such requests from you, without undue delay and in any event within one month of receipt of your request. In this case we will provide you with information on action taken on behalf of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
We will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
Otherwise, if we do not intend to act on your request, we will inform you without delay and at the latest within one month of receipt of the request, of the reasons for not taking action.
Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or (b) refuse to act on the request.
STORAGE & SECURITY OF PERSONAL DATA
Personal data collected through Behomestores, are stored at the Company’s computer systems and at the Website’s server in European Union, at Google Data Center (google analytics) or at other Processors’ data centers.
Your Personal data are generally kept in electronic form. We may also keep in a physical record documents containing personal data when necessary (tax information, invoices, original forms of withdrawal, etc.). Behomestores uses SSL certificate.
Our Company shall not be liable for any damage caused by risks appearing in online systems of Banks, entities advertised in this website or collaborating courier companies etc., even if users are referred to said websites by hyperlinks, banners etc. placed on Behomestores. Liability for the content, information, visitors’ safety and protection of their personal data, as well as the quality of services provided is born solely by owners, managers and administrators of said websites, which users visit at their own risk.