Mini Cart

Privacy Policy

PRIVACY POLICY

Data privacy is of high importance for GRAFFITO ESHOP and we want to be open and transparent with our processing of your personal data.
We therefore have a policy setting out how your personal data will be processed and protected.

Who is the controller of your personal data?

The Greek company “AROMA IONIOU S.A.” (hereinafter referred to as “GRAFFITO ESHOP”) is the controller of your personal data under applicable law.
AROMA IONIOU S.A.
TAX REG. NO: 998475616
SOLONOS 36
ATHENS 10673
ΤΗΛ. 2103608936
contact e-mail for personal data issues: dataprivacy@graffito.gr

Where do we store your data?

Unless otherwise provided in this Privacy Notice, the data we collect from you is stored within the European Economic Area.

Your rights
Right to access:

You have the right to request information about the personal data we hold on you at any time. For this purpose, you can send us an e-mail to dataprivacy@graffito.gr

Right to portability:

Whenever GRAFFITO ESHOP processes your personal data by automated means based on your consent or based on an agreement, you have the right to get a copy of your data on a structured, commonly used and machine readable format. You can also request to have your data transferred to a third person. This only includes the personal data you have submitted to us.
In order to exercise the above right you can send us an e-mail at dataprivacy@graffito.gr

Right to rectification:

You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
If you have a GRAFFITO ESHOP account, you can edit your personal data under your account.
You can also send us an e-mail at dataprivacy@graffito.gr

Right to erasure:

You have the right to ask for your personal data, which are processed by GRAFFITO ESHOP, to be eased at any time, especially when:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • The processing of your data is based on your consent and you withdraw that consent
  • Your data have been illegally processed.

The above right does not exist in particular where:

  • The processing of your data is necessary to establish, exercise or defend legal rights
  • The processing of your data is necessary to comply with a legal obligation of GRAFFITO ESHOP that requires processing.
  • In any case, we will notify you whether or not your claim is satisfied and, in the event of non-satisfaction, the reasons involved in it.

In order to exercise the above right you can send us an e-mail at dataprivacy@graffito.gr

Right to object:

You have the right to object to the processing of your personal data which is based on legitimate interest of GRAFFITO ESHOP. In that case, we will not continue to process the personal data unless we can demonstrate compelling and legitimate grounds for the processing which overrides your interest and rights or to establish, exercise or defend legal rights.
In order to exercise the above right you can send us an e-mail at dataprivacy@graffito.gr

Right to object to direct marketing:

You have the right to object to the processing of your personal data for direct marketing purposes.
You can state your preference by the following means:

  • following the instruction in each marketing e-mail
  • sending an e-mail to dataprivacy@graffito.gr
Right to restriction:

You have the right to request the restriction of processing of your personal data under the following circumstances:

  • If you question the accuracy of your personal data and until GRAFFITO ESHOP verifies their accuracy.
  • If processing of your data is unlawful and you object to their erasure by asking instead restriction of their use.
  • If GRAFFITO ESHOP no longer needs your personal data for the purpose of processing, but the data is necessary to establish, exercise or defend legal rights
  • If you object to the processing of your data by GRAFFITO ESHOP which is based on legitimate interest of the latter and until the existence of GRAFFITO ESHOP’s legitimate grounds overriding your freedoms or rights has been verified.

In order to exercise the above right you can send us an e-mail at dataprivacy@graffito.gr

Right to complain with the competent data protection authority:

If you consider GRAFFITO ESHOP to process your personal data in an incorrect way, you can contact us at dataprivacy@graffito.gr or by phone at +30 210 6710207. You may also raise a complaint to the Hellenic Data Protection Authority or any other competent supervisory authority.

Updates to our Privacy Notice:

We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website.

ONLINE PURCHASE

Why do we use your personal data?

We will process your personal data to manage your purchase online at GRAFFITO ESHOP by processing your orders and returns via our online services and send you notifications of the delivery status of your items.
Your personal data is being used to identify you and to validate your legal age for shopping online and to confirm your address with external partners.

What types of personal data do we process?

We will process following categories of your personal data:

  • contact information, such as name and surname, address, e-mail address and telephone number, gender (if you choose to enter this information) and date of birth (if you choose to enter this information)
  • payment method information (such as the payment method selected, the transaction date and the amount of payment)
  • order information

If you have a GRAFFITO ESHOP account, we will also process your personal data submitted in relation to the account, such as:

  • shopping history
  • wishlist
Who has access to your personal data?

Your personal data that is forwarded to third parties is only used to provide you with the services mentioned above. As a result, recipients of your personal data may be warehouses and co-operating courier companies and our accountants/tax consultants.
In any case, only the data, which are necessary for the provision by each partner of the corresponding service for which the transmission is made, are forwarded.
Some of these recipient companies may have an independent right or obligation to process your personal data. In this case they act themselves as controllers.

What is the legal basis for processing your personal data?

The processing of your personal data is necessary for GRAFFITO ESHOP to fulfil the service of managing and delivering the order to you.

How long do we save your data?

We will keep your personal data for three years from your last purchase.

DIRECT MARKETING

Why do we use your personal data?

We will process your personal data to send you newsletters and marketing offers via e-mail and/or phone calls.

Regarding newsletters and for your personal data protection, we use Mailchimp as our marketing platform (MailChimp c/o The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308,www.mailchimp.com, MOSS No. EU 826 477 914) to whom we provide your email address with your consent according to their Terms of use and Privacy Policy

In order to optimise your experience as a GRAFFITO ESHOP user, we will provide you with relevant information, recommended products, send you reminders of products left in your shopping bag and send you offers.

What types of personal data do we process?

We will process following categories of personal data

  • contact information, such as e-mail address and telephone number
  • gender (if you choose to let us know this information)

If you keep a GRAFFITO ESHOP account, we will also process your personal data submitted in relation to the account such as:

  • name
  • address
  • age
  • shopping history
  • wishlist
Who has access to your personal data?

Your personal data that is forwarded to third parties is only used to provide you with the services mentioned above. As a result, recipients of your personal data may be media agencies and technical suppliers for distribution of promotional messaging.
We never pass on, sell or swap your personal data for marketing purposes to third parties.

What is the legal basis for processing your personal data?

The processing of your personal data is based on your consent or, in the case of the purchase of products, regarding the promotional e-mails that we send you, on our legitimate interest.

Right to withdraw your consent:

You have the right to withdraw your consent at any time by sending an e-mail to dataprivacy@graffito.gr, and the right to object to the use of your personal data for direct marketing purposes.
When you do so, GRAFFITO ESHOP won’t be able to send you any further direct marketing offers or information based on your consent.
You can opt out from direct marketing by the following means:

  • following the instruction in each marketing e-mail
  • sending an e-mail to dataprivacy@graffito.gr
How long do we save your data?

We will retain your personal data for direct marketing purposes until you withdraw your consent or opt out from the use of your personal data for direct marketing purposes.

GRAFFITO ESHOP ACCOUNT

Why do we use your personal data?

We will process your personal data to manage your personal account and in order to give you a more enjoyable user experience at GRAFFITO ESHOP.
We will provide you with your order history, details around your orders, refunds and points and enable you to handle your account settings. We will also provide you with easy ways to maintain accurate and updated information such as contact details and payment information. We will also allow you to store items in your cart and wishlist.

What types of personal data do we collect?

We will always process your e-mail address and password that you submit when you sign up for GRAFFITO ESHOP account.
We will also process following categories of personal data:

  • contact information such as name and surname and e-mail address
  • address and phone (if you choose to enter this information)
  • date of birth (if you choose to enter this information)
  • gender (if you choose to enter this information)

We will process the following categories of personal data if you buy and/or return products

  • order history
  • return history
  • GRAFFITO ESHOP Rewards
  • Who has access to your personal data?

    Your personal data is forwarded to third parties only to the extent required to provide you with the services mentioned above and for that purpose.

    What is the legal basis for processing your personal data?

    The processing of your personal data for your account is based on your consent when you create your account.

    Right to withdraw your consent:

    You have the right to withdraw your consent at any time by sending an e-mail to dataprivacy@graffito.gr. When you do so, your account will cease to exist.

    How long do we save your data?

    We will keep your personal data for as long as you have an active account.
    You have the right to terminate your account at any time. If you choose to do so, we will keep your personal data only if there are any legal requirements and if there is an open dispute.
    Your account will cease to be considered active if you have not made any order for three years. After your account has become inactive your personal data will be deleted.

    CUSTOMER SERVICE

    Why do we use your personal data?

    We will process your personal data to manage queries, to handle complaints, enquiries, product return issues and technical support matters.
    We may also contact you if there is a problem with your order.

    What types of personal data do we process?

    We will process any data you provide to us, including the following categories:

    • contact information such as name and surname, address, e-mail address and telephone
    • number

    • payment information and payment history
    • order information
    • account information
    • all correspondence in the matter
    Who has access to your personal data?

    Your personal data is forwarded to third parties, such as courier companies, companies managing returns and/or warehouses, only to the extent necessary to provide you with the services mentioned above and for that purpose.

    What is the legal basis for processing your personal data?

    The processing of your personal data when you have made an order is based on a contract of sale between us, otherwise it is based on our legitimate interest.

    How long do we keep your personal data?

    We will keep your personal data for five years from the final settlement of the request, enquiry, complaint, query or other matter

    FULFILMENT OF LEGAL OBLIGATIONS

    Why do we use your personal data?

    We will use your personal data to comply with obligations in laws (including tax – accounting obligations), court rulings and decisions from authorities.

    What types of personal data do we process?

    We will process following categories of personal data as an example

    • order number
    • name and surname
    • postal address
    • transaction amount
    • transaction date
    Who has access to your personal data?

    We will share your personal data with our associates, who will assist us in fulfilling our obligations mentioned above, such as our accountants and our tax and legal advisers.

    What is the legal basis for processing your personal data?

    The above processing is necessary to fulfil our legal obligations.

    How long do we keep your personal data?

    We will keep your personal data for as long as required by applicable law to comply with our obligations mentioned above.
    PREVENTION OF MISUSE AND CRIME

    Why do we use your personal data?

    We will use your personal data to detect, prevent and deal with misuse of our services and to prevent and investigate cases of fraud and/or other criminal acts.

    What types of personal data do we process?

    We will process following categories of personal data as an example

    • contact information such as name, address, telephone number and e-mail address
    • order history and information
    • history of deliveries and returns
    • payment information
    Who has access to your personal data?

    Your personal data is forwarded to third parties only for purposes mentioned above.
    We may share your personal data with insurance companies, legal authorities and consultants, law enforcement authorities to complete investigations. Some or all of the above recipients may have an independent right or obligation to process your personal data acting in that case as controllers.

    What is the legal basis for processing your personal data?

    The processing of your personal data to prevent misuse of our services is based on our legitimate interest.

    How long do we keep your personal data?

    We will keep your data for the time we need to prevent and/or report potential fraud and other offences.

    25/5/2018



    Signup with your email to receive a
    10% discount
    for your first buy

    by signing up you give consent to receive our Newsletters and agree with our privacy policy and terms of service