PROTECTION OF PERSONAL DATATHE WEBSITEwww.shopkojewels.com CORRESPONDING TO OURONLINE STORE, IS DESIGNED TO MEET THE SPECIFICNEEDS OF EACH USER. In order to achieve your bestservice, it is important that you, our client, understand thatyou must provide us with specific information regarding theprocessing of your order and which is protected by us.Theprocessing of personal data is carried out in accordancewith the provisions of the General Data ProtectionRegulation (GDPR 2016/679), any specific national andEuropean legislation for certain areas, the applicableGreek legislation for the protection of personal data, as wellas for the protection of personal data and privacy in theelectronic communications sector (N. The ko jewelsconducts its business activities in accordance with theprinciples of privacy, applying ethical and responsiblepractices. The applicable legislation defines our standardsfor the management and protection of your Personal Data,so as to provide you with maximum security. Theseprinciples that ensure the protection of your personalinformation apply to all kinds of our activities that includethe collection and processing of information aboutindividuals, including, but not limited to, research,production, commercial activities, corporate support anddata transfers. Indicatively, this Policy applies to:

Promotional and commercial activities : evaluation of thepurchases on our products / advertising, marketing, sale,distribution and delivery of our products / communicationwith our customers and other end users of our services /sponsorship and conducting events

Enterprise Support: hiring, managing and compensatingemployees / conducting assessments of performance andtalents of employees / providing education / managingissues about ethics and privacy / managing and securingour assets and infrastructure / procurement and paymentfor products and services / fulfilling our commitmentsregarding environment, health and safety / communicationwith the media.

This Policy applies to all individuals whose data weprocess, including customers, candidates, and partners. Accordingly, each employee of the Company, and thirdpersons who process data for our company, areresponsible for understanding and respecting theirobligations towards this Policy and existing laws.Theprivacy principles described below, summarize thestandards and basic conditions for the collection andprocessing of personal data of individuals by ourcompany.Personal data:(a) are processed lawfully andfairly in a transparent manner in relation to the data subject(“legality, objectivity and transparency”),(b) are collectedfor specified, explicit and legitimate purposes and are notfurther processed in a manner incompatible with thosepurposes (“purpose limitation”),(c) are appropriate,relevant and limited to for the purposes for which they areprocessed (‘data minimization’),(d) accurate and, wherenecessary, updated (‘accuracy’),(e) kept in a form thatpermits the identification of data subjects only for the timenecessary for the purposes of the processing of personaldata· (‘storage period restriction’),(f) processed in amanner that guarantees the appropriate security ofpersonal data, including their protection againstunauthorized or unlawful processing and accidental loss,destruction or damage, using appropriate technical ororganizational measures (‘integrity and confidentiality’).Necessity - minimization of data

Prior to the collection, use or distribution of Personal Data,we define and record the specific, legitimate businesspurpose served.

We define and record the period for which Personal Data isused for the specified business purposes, which is definedon a case-by-case basis according to the nature and typeof activity.

We do not collect, use or share more Personal Data than isnecessary and we do not retain Personal Data in arecognizable format for longer than is necessary for thespecified business purposes.

We anonymize data when operational and legalrequirements make this necessary as well as when 

information about the activity or process is withheld for alonger period. 

We ensure that these necessary requirements areintegrated into any assistive technologies and that thirdparties supporting the activity or processing have beeninformed. 

Legality, Objectivity and Transparency

 We do not process Personal Data in ways that are unfair todata subjects.

We determine whether the proposed collection, use orother form of processing of Personal Data constitutes a riskfor actual or undetermined damage to individuals, alwaysaiming at their prevention.

If the nature of the data, the types of people or the activitycontain an inherent risk of actual or gross harm, we shallensure that this risk does not outweigh the correspondingbenefits for those persons.

In cases where it is necessary to process Personal Data ofspecial categories ("sensitive"), this is done only with theexplicit consent of the individuals or as required orexpressly permitted by existing laws.

We record risk analysis and plan any necessarymechanisms for obtaining and recording evidence ofconsent in assistive technologies.

We do not process Personal Data in ways or purposes thatare not transparent. 

All individuals whose Personal Data are processed inaccordance with this Policy shall have the right to a copy ofthis Policy, posted on the internet. The Data ProtectionOfficer will provide digital and/or physical copies of thisPolicy upon request at the addresses listed below.

When Personal Data is collected directly from individuals,we inform them through a visible and easily accessibleprivacy notice or by similar means, providing them with thefollowing information:

-the identity and contact details of the controller

-the purposes of the processing 

- if the processing is based on the legitimate interests ofthe controller, what those interests are.

-the recipients of the personal data 

-any transmission of data 

-how long the data will be stored

-the existence of the right to request the controller toaccess and rectify or erase personal data or to restrictprocessing 

- where the processing is based on the consent of thesubject, the existence of the right to withdraw his consentat any time, without prejudice to the lawfulness of theprocessing based on the consent prior to its withdrawal 

-the right to lodge a complaint with the Data ProtectionAuthority 

-the legal nature of the benefit

- the possibility of automated decision-making;

If new reasonable corporate purposes for Personal Dataalready collected are identified, we ensure that either thenew corporate purpose (including a substantially similarpurpose) is compatible with the purpose as described inthe privacy notice or other transparency mechanismpreviously provided to the individual, or we obtain theindividual's consent for the new use of his Personal Data.

We are responsible for maintaining the privacy of PersonalData when it is transferred from or to other organizations-businesses.

 We transfer Personal Data or allow them to be processedby third parties only if the following conditions are met, forthe assurance of which we are responsible.

If the role of the third person is to process Personal Data onbehalf of or to secure vital interests of the company, beforethe third person receives the Personal Data, we:

 (a) we complete the legal review to assess the privacypractices and risks related to these third parties; 

(b) we attempt to obtain guarantees through writtenagreement from these third parties that they will processPersonal Data in accordance with our company'sinstructions, and in accordance with this Policy.

(c) We ensure that they inform us promptly of any SecurityIncident and agree to cooperate when necessary. 

(d) If the role of the third party is to provide Personal Datato our company, before we acquire the Personal Data fromthe third party, we ensure that the Transparencyrequirements are met for the collection of Personal Datafrom other sources and not specifically under thesupervision of our company, and we obtain guaranteesthrough a letter of agreement from the third party that itdoes not violate any Law or the rights of any third party byproviding Personal Data to our company.

 (e) If the role of the third party is to receive from ourcompany data for processing that is not specifically underthe supervision of our company, before we hand over thedata to the third party, we ensure that the third party willuse the data only for the business purposes defined by theagreement and in accordance with existing legislation.

Data Quality, Integrity and Confidentiality

 

We keep Personal Data accurate, complete and up todate, and in accordance with their desired use. 

We ensure that periodic data check mechanisms areintegrated into supportive technologies to validate dataaccuracy.

We ensure that Sensitive Data is validated as accurate andup-to-date before its use, evaluation, analysis, reporting orother processing, which risks injustice for individuals ifinaccurate or out-of-date data is used.

In the event of a change in personal data, the subject isresponsible for informing our company so that thenecessary changes can be made.

We incorporate safeguards to protect Personal Data andSensitive Data. 

We have implemented a comprehensive informationsecurity program and security checks based on thesensitivity of information and the magnitude of risk ofactivity, using the best practices of modern technology.Loss, misuse, unauthorized access, disclosure ordestruction protection policies include, but are not limitedto, business continuity and disaster recovery standards,identity and access management, informationclassification, information security incident management,network access control, physical security, and riskmanagement.