The SA company under the trade name ZYMARIDIS Μ. Wood Well S.A. activated in the field of imports – exports and trade of furniture, seated in Greece, 170 Iera Odos str, Municipality of Aigaleo, Attica, TIN: 099362780, Tax Office for Commercial Companies of Athens (FAE), in compliance with the applicable national legislation on the protection of natural persons against personal data processing and the new EU Regulation no. 2016/679 of the European Parliament and the Council, in its capacity as “controller”, hereby wants to inform the visitors of the company official website www.woodwell.gr, the users of the B2B platform and its clients regarding the categories of the personal data collected through the internet and, within the framework of its service provision, the goals that are pursued through such processing and the rights of the natural persons (“data subjects”).
The protection of privacy, personal information and data of all persons visiting our website is one of our top priorities, entitling them to enjoy all our services under maximum security.
Under this ongoing effort, we shall hereby explain the nature and the methods of personal data processing, as well as your rights, so that, if you agree so, to state your agreement and then become enabled to use our services.
Personal data include every piece of information related to you as natural persons, either making use of the B2B (business to business) services as our professional clients or visiting our website or wishing to send a question by using the “Communication Form” hereof, which may lead to your identification.
1. Which is the legal basis for the protection of your personal data that you should be aware of?
1.1 You are hereby advised that under the applicable national and european legislation, the processing of your personal data is legal, provided that at least one of the following conditions are met:
- if you have agreed to the processing of your personal data for one or more purposes;
- if the processing is required for the performance of a contract whereto you are a party (for example, a labor contract, a sales contract, an order);
- if the processing is necessary for our Company’s compliance with a legal obligation;
- if the processing is required for protecting your or another natural person’s vital interests;
- if the processing is required for the legitimate interests that we pursue (for example, you are a customer of our Company, the processing is carried out for direct promotion purposes, information is sent to group companies for administrative purposes), unless your interests, your fundamental rights or your freedoms calling for the protection of your personal data prevail over them.
1.2 You are hereby advised that when the processing is performed upon your consent, the following conditions should be met:
- Your consent has been freely provided.
- Your consent has to be explicit, clear and simple and to be provided before the processing takes place.
- The request for your consent, if provided under a written statement related to other issues as well, should be submitted in a manner that it is strictly discrete from other issues, in an understandable and easily accessible form, using clear and simple wording (opt-in).
- You should have been prior informed that you are entitled to withdraw your consent and that the controller shall provide you with easy access to such withdrawal (opt-out).
1.3 Our Company shall always process the natural persons’ data legally, in compliance with the aforementioned legal bases of processing, as the case may be, bearing in mind that the data to be collected should always be proper, relevant and limited to the purposes for which they are subject to processing (the principle of “data minimization”). We do not collect any personal data on a proactive basis.
2. Which are the categories of personal data that we collect and which are the processing purposes that we pursue?
2.1 Our clients’ data: While placing an order and a related order form is being filled in and signed, our Company shall inform its clients that the personal data required for the Company, e.g. full name, shipping address, tax identification number, tax office, email, contact number, shall be processed for the purposes of placing an order and performing a sales contract whereto they are parties, as well as for their own service (for example, after sales service, spare part replacement, etc.). [In this case, the legal basis for the processing of data is the purpose of performing the contract and pursuing our legitimate interests, except where such interests are overridden by the interests or fundamental rights of you as data subject – article 9 par. 1 (b) and (f) of the General Regulation (EU) no. 2016/679].
2.2 B2B platform users’ data (wholesale clients): When subscribing to the B2B platform and using its services under an access code that the Company provides you, you shall freely provide your personal data (e.g, company and/or personal business, details shipping address, VAT and Tax Office, email, contact number, access code), the processing of which is required both for navigating through the platform and for enjoying the services provided thereunder, as well as for placing an order and next our Company executing such order. Moreover, when accessing the platform and before using the services provided thereunder, our Company asks you to accept the Confidentiality and Data Protection Terms by checking on a related icon. In case you do not wish to accept these terms, you shall not be entitled to access the application. Yet, if you wish to revoke acceptance of these terms, you are requested to activate the related option or send an email to dataprotection @ woodwell.gr, asking for the deletion of the access code that you have been provided with and/or for terminating the processing of your personal data in the future. [In this case, the legal basis for the protection of your rights is: a) your legal consent for navigating through the platform, b) the purpose of performing the contract (if an order has been placed) as well as the pursuance of legitimate interests without your fundamental rights being affected or overridden – article 6, par. 1 a, b and f of the General Regulation (EU) no. 2016/679].
2.3 Website visitors’ data
2.3.1 Automated data collection – IP addresses: While visiting – navigating through our website and when you have an email correspondence with us, the IP address of your device shall be automatically collected for technical purposes, which shall indicate that you have been connected as a visitor, the date and time of access, your name and URL and your browser.
As a general rule, we use technical data to the extent that is ne3cessary for technical reasons, for safeguarding proper functioning and protection of our website against hackers and abuse, whilst these data are used in aliased or anonymous format for statistical purposes.
These data shall be stored for 12 months and as soon as such period lapses, they shall be automatically deleted. Moreover, since you have consented on positioning services for your browser, we can receive information on your location in order to provide you with personalized services which may be of your interest based on your geographical position. Positioning data shall be deleted as soon as you stop using our website. In case you disagree with these terms, please stop your navigation through our website [The legal basis for processing article 6, par. 1 f of the General Regulation (EU) no. 2016/679], namely the pursuance of out legitimate interests without your fundamental rights being affected or overridden].
2.3.2 Automated data collection – Cookies: Our Company website uses small files containing information (cookies), stored by the user/visitor’s browser at his computer or/and any device in general that is used for accessing this website. Cookies improve the website’s function and facilitate visitors’ navigation through such website, given that each time a user is connected to the website, the website shall retrieve such information and provide the user with related information. Cookies involve a clear combination of letters/digits set by the browser that you use. These cookies shall be stored in your computer temporarily and they shall be transferred to our server only when you visit our website. We mostly use session cookies which are not stored in your hard disc and are deleted when your browser is closed or following long period of inactiveness.
You may check and delete the cookies stored in your computer and check on how they are treated through your browser settings.
For further information on the cookies forms used by our Company, please refer to the “Cookies Policy” terms. However, when you visit our website, there will be a pop-up window requesting your consent for having the cookies installed to your device, as well as for you to agree on the Cookies Policy terms. [The legal basis for processing your personal data is article 6 par. 1 a of the General Regulation (EU) no. 2016/679 – your legitimate consent].
2.4 Contact form/ Communication via emails or phone calls: If you want to contact our Company by filling in the contact form provided by our website or via emails or phone calls, you shall have to provide us with some personal data, such as your full name, address, email, contact number. Of course, these data shall be processed for your own service, namely for being able to investigate your request and reply to you and for no other purpose. These data shall be stored for three months. However, while submitting the contact form you will be requested to consent on these confidentiality and data protection terms [The legal basis for processing your data is our Company’s legitimate interest in combination with your service, as well as your legitimate consent – article 1, par. 1 a and f of the General Regulation (EU) no. 2016/679].
2.5 Newsletters, brochures, catalogues: The Company may use your contact details (for example, full name, email, address) in order to send you brochures, product catalogues and newsletters in relation to new products, discounts or new services, only if you have given your explicit and free consent in this regard. The Company is bound to request your consent (for example, via a related email) before proceeding to any of the aforementioned actions, whereby you will be asked to give consent for receiving the aforementioned newsletters, brochures, catalogues and for having your personal data processed. Moreover, you will be also advised that you are at any time entitled to withdraw your consent. Should you withdraw your consent, our Company, without undue delay, shall stop processing your personal data on these grounds. However, the legality of the processing based on your consent given up to that point shall not be affected.
2.6 Social Media Icons: Our website provides social media plugins (for example, the “Like” Facebook icon). Integration of these plugins is performed through addthis.com, undertaken by Clearsprings Technologies, Inc. (8000 Westpark Drive, Suite 625, McLean, VA 22102, USA).
For confidentiality protection purposes, as soon as our website opens, we use a technical solution for social plugins integration which prevents your data (for example, your IP address) from being transferred to addthis or to social media, such as Facebook. Social plugins are activated only when they are clicked for the first time. As a result, your internet browser retrieves your plugins from addthis servers and presents them as part of our website. Under this combination, information (such as your IP address) shall be forwarded to addthis in the USA and to social media, such as Facebook. Furthermore, addthis.com may save cookies or the so-called “webbeacons” to your computer.
Only when you click the social plugins twice, you shall be able to fully use the “Invite a friend” button (for example “Like”). If you have a social account and click the related social plugin, the social media provider may be able to connect the information related to your visit to our website with your account information. As a result, contact the social media that you use for any further information on such functions. Detailed information on the addthis.com function as to the confidentiality policy of addthis.com is available at www.addthis.com/privacy.
Please become familiar with the personal settings of your browser in relation to how you can manage cookies and webbeacons. This information may be provided by your browser manufacturer. Moreover, third providers offer the so-called “browser extensions” and plugins by which you may regulate how your browser shall manage the cookies and your personal information.
By selecting the aforementioned social media icons you consent on all the above.
2.7 Processing – Security of personal data : The security of your personal data is one of our primary goals. As a result, we protect your data stored through technical and organizational techniques, so that we can properly prevent any loss or misuse performed by third parties. In particular, our employees, being competent to process your personal data, are engaged to abide by confidentiality requirements. For your protection, your personal data is transferred in an encrypted form. For example, we apply the TLS system = Transport Layer Security for protecting communication through your browser. This is recognizable by a lock reflected by the browser when you enter a TLS connection. For enjoying a long-term protection of your data, technical security measures are under regular review, and, if necessary, they are adapted to the applicable and current technological standards.
3. Storage periods: Personal data shall be solely kept until the processing purposes for which we had collected the same have been attained. You are advised on these purposes, and, in any case, this period shall not extend beyond 12 months, unless it is necessary to have your personal data kept under the applicable tax and administrative legislation (national and European) or for defending the Company’s rights before court authorities.
4. Automated processing and profiling: Your personal data shall not be subject to further processing in a means that is not compatible with the aforementioned purposes. Neither are they taken into account for profiling and decision-making purposes based on automated processing.
5. Receivers: No personal data shall be transferred to third parties or third countries, save for cases where such disclosure is necessary for the Company’s compliance with legitimate obligations, resulting from the national or European legislation or for exercising the Company’s legitimate rights and claims.
6. Binding effect: All terms hereof in relation to legal processing of personal data are binding both for our Company (the “controller”) and for every employee who may process personal data while executing his duties towards the Company and under the Company’s supervision.
7. Your rights: As a data subject, your rights as to the processing of your personal data are as follows:
- Being informed on who, why and how processes your personal data (“obligation to provide transparent information”;
- To access the data you are related with and to receive copies thereof;
- To seek for the correction of any inaccurate or incorrect personal data or completion thereof;
- To seek for the deletion of personal data (“the right to be forgotten”), when this data are no longer required for the processing purpose for which they had been collected or subject to processing or if the related consent has been withdrawn and there is no other legal basis for processing or if you do not consent to processing or if processing is illegal. However, be advised that we reserve the right not to comply with your request for having your data deleted if for example: there is a legitimate obligation which calls for processing based on the national or European law, whereto our Company is subject, or data should be kept for enabling to justify, raise or support our legitimate claims;
- To oppose to processing of your data for promotion purposes or any other purpose related to your status;
- In specific cases, to file a request for having your data processing limited (for example, when you question the accuracy of your data, while there is a pending issue as to whether our legitimate purposes for processing overrule yours, etc.);
- To receive your data in a format recognizable by a device and forward the same to another controller (“right to data portability”), under the provisions set by the applicable legislation (for example, being technically feasible, processing being carried out by the use of automated means, etc.);
- To file a request so that any decision made on automated processing, being related to you and affecting you, to be made by natural persons and not by computers (our Company does not perform decision-making based on automated processing).
8. Filing a request in relation to your data processing: For exercising your rights in relation to your personal data processing, please contact our Company as follows: via email at dataprotection @ woodwell.gr or via the contact form available at www.woodwell.gr. You are hereby advised that you may exercise your rights at no cost, unless your request is manifestly unfounded or exaggerated (especially as a result of its repetitive nature), so, in that case, our Company may reject any further continuation of the issue. Our Company shall be obliged to reply to your request without undue delay and within one month at the latest. It may also request from you to provide further details for identification purposes. Should our Company fail to satisfy your request, you will be relatedly informed on the grounds of such rejection, and in any case, without prejudice to any administrative or judicial proceeding, you may lodge a complaint before the competent Authority.
9. Organizational measures: Our Company applies suitable technical and organizing security measures by design and by default, in order to safeguard the security of your personal data and comply with the applicable law. These measures shall be reviewed and updated whenever necessary. Out Company collects solely such personal data that are required for the purpose of processing, as the case may be (“the principle of data minimization”), while it undertakes to keep your data accurate and updated and delete the same with safety when they are no longer required for the purpose of its processing. Our Company has taken all the necessary technical and organizational measures for ensuring its compliance with the General Data Protection Regulation (GDPR).
10. Children: In any case, our website does not address to minors under 16 years old.
11. Revision of this statement: Our Company reserves the right to amend this Statement whenever it deems necessary in order to ensure compliance with the provisions of the applicable (national and European) legislation, reporting the date of amendment. To this end, you are kindly requested to carefully read the terms of the statement and check the date of last revision.