PRIVACY POLICY

Information for Personal Data Processing

The protection of the personal data of customers and collaborators is of primary importance for the company PLANETARIUM of Thessaloniki. For this reason, the appropriate technical and organizational measures are taken to protect the personal data we process and to ensure that their processing done by the company itself, as well as by third parties who process personal data on its behalf, is always done in accordance with the legal obligations.

The present Privacy and Personal Data Protection Policy applies to: services our company provides to customers, to the communication to any interested party, and to the website www.planitario.gr and its online services.

What is GDPR?

The General Data Protection Regulation (GDPR) 2016/679 (EU) is the new regulatory framework of the European Union (EU) on personal data. The object of this law is to establish the conditions for the processing of personal data, the protection of the rights and freedoms of every natural person and in particular, the right to the protection of personal data.

In accordance with the definition given in article 4 of the GDPR, personal data is defined as the information that can be used for your identification, communication and transaction with you. In particular, your personal data is your: name/surname, address, email, phone number, and other information when combined with your personal information.

The company PLANETARIUM of Thessaloniki as responsible for processing

The company PLANETARIUM of Thessaloniki as responsible for the personal data processing, under the brand-name “Dimitrios Tsampouras & Co”, based at 15-17 Antoni Tritsi str., 57001, Pylaia, Thessaloniki, with Tax Identification Number 081956280, collects and processes personal data of its collaborators, suppliers, employees and customers, in order to conduct its business activities, in accordance with applicable Greek law and European General Data Protection Regulation 2016/679 for the protection of natural persons with regard to the processing of personal data and for the free transmission of such data, as in force. Therefore, the company PLANETARIUM of Thessaloniki acts as responsible for data processing, in accordance with article 4 par. 7 of the GDPR.

If any issue arises related to the processing of your personal data, you can contact the Department of Personal Data Protection of the company PLANETARIUM of Thessaloniki:

Email: [email protected]

Tel: +302310541826

Which personal data do we process?

We process your personal data only for legal purposes, provided that one of the conditions of article 6 par. 1 of the GDPR is met. The website www.planitario.gr is designed so that users can navigate it without revealing their identity and personal data, unless they want to do so. To conduct our business activities and cooperate with you, it is necessary to collect and process part of your personal data, in order to provide our services and to cover your needs, sufficiently. More specifically:

4.1. Customer’s personal data

The company PLANETARIUM of Thessaloniki collects and processes customers’ personal data such as name/surname, father's name, phone number, email, address, identity card number, Tax Identification Number, orders, invoices, payment receipts, etc. in order to complete the orders of its customers.
After informing our customers in detail on how their personal data processing is done, we give them the opportunity to subscribe to our mailing list (Newsletter) to receive updates on new products and services, offers and actions of PLANETARIUM of Thessaloniki.

The legal bases for the above data processing, are: the fulfillment of our contractual obligations (GDPR article 6 par. 1b), your explicit and free consent (GDPR article 6 par. 1a) and the legal interest of the company PLANETARIUM of Thessaloniki (GDPR article 6 par.1f).

Personal data from the use of online services on our website

In order to optimize our website to better serve your needs, we monitor its performance. During your navigation, we automatically collect the following information about: your computer and your visit, the network and its provider through which you have access to the internet, your activity on our website, the date and time of browsing our website, how much time you spent there and which links were visited, your IP address, the operating system of your PC, as well as your browser software.
Additionally, we use our e-shop to serve our customers and complete transactions efficiently through our online store.

The legal bases for the above processing, are: your explicit and free consent (GDPR article 6 par. 1a) and the legal interest of the company PLANETARIUM of Thessaloniki for the processing of your personal data in order for the company to operate and grow smoothly and efficiently (GDPR article 6 par.1f).

Personal data that the company PLANETARIUM of Thessaloniki collects and processes for the staff

The company’s staff is well trained and informed about its obligations on customers’ personal data protection, as well as the professional secrecy. There is always a contractual relationship between the company and its employees, maintaining the necessary commitments of cconfidentiality and of taking appropriate organizational and technical measures to protect the personal data of customers.

When a new job position opens, the company PLANETARIUM of Thessaloniki collects CVs of the candidate employees. At this stage, the candidates’ personal data are collected and processed. Such data are: the candidate’s name/surname, identity card components, age, marital status, address, phone number, email, CV, degrees, certifications, work experience, requested job, interview notes etc. The company PLANETARIUM of Thessaloniki ensures that each candidate’s personal data are kept safe and secure. These data are kept for a year, after which, the CVs are destroyed and when necessary, are re-collected according to the company’s needs.

The legal bases for the above processing, are: the GDPR article 6 par. 1a (candidate’s consent in sending CV), the GDPR article 6 par. 1f for the legal interest of the company PLANETARIUM of Thessaloniki for the CV collection in order to fill open job positions, as well as the GDPR recital 44 for the collection and processing of CVs in order to conclude a contract with some of them (pre-contractual phase).

Once the company PLANETARIUM of Thessaloniki decides to hire a candidate employee, collects and processes personal data such as: name/surname, identity card components, age, marital status, address, phone number, email, CV, degrees, certifications, work experience, requested job, health certificates, sick leave, Tax Identification Number, social security number (AMKA), insurance number (AM IKA), International Bank Account Number (IBAN), employment contract, as well as payroll data. The above data are required for the fulfillment of contractual and legal obligations of the company PLANETARIUM of Thessaloniki.

The legal bases for the above processing, are: the execution of our legal obligations (for example compliance with tax, insurance and labor legal obligations) (GDPR article 6 par. 1c) and the legal interest of the company PLANETARIUM of Thessaloniki (GDPR article 6 par. 1f).

Personal data of our cooperators/suppliers

We collect and process personal data that belong to our cooperators/suppliers (e.g., website administrators, accountants, lawyers, security technicians etc.) such us: name/surname, email, phone number, address, Tax Identification Number, identity card number, social security number (AMKA), International Bank Account Number (IBAN), Business Cards, invoices, vouchers, contracts etc. In addition, we keep meeting history and record of categorization, evaluation and development of our cooperators/suppliers, as well as any audit reports they submit to us. The above data are necessary in order for us to be able to communicate, direct and supervise our partners, always aiming to our excellent cooperation and our customers’ satisfaction.

The legal bases for the above processing, are: the execution of the contractual obligations of the company towards cooperators and suppliers (GDPR article 6 par. 1b), the execution of our legal obligations (for example compliance with tax, insurance and labor legal obligations as set by law) (GDPR article 6, par. 1c) and the legal interest of the company PLANETARIUM of Thessaloniki (GDPR article 6 par. 1f).

Personal data from video surveillance

Our security cameras and closed-circuit television cameras (CCTV) primarily aim to prevent criminal acts and secondarily, to keep record that help us to draw safe conclusions in order to recognize the dangers from which we must protect ourselves and our property. The cameras that belong to the company PLANETARIUM of Thessaloniki are installed in such locations, so that the collected data is just the necessary for the purpose of the processing and not more than this, and that the fundamental customers’ rights are not affected. In addition, the company PLANETARIUM of Thessaloniki is responsible to inform in a visible and understandable way (e.g., by a sign) the customers before their entry into the scope of the video surveillance system, that they are going to enter a place that is monitored by cameras. The video surveillance system is not used in order to monitor employees during working time, but instead, it is used for entrance-exit monitoring, and generally, to monitor the company's facilities (such as the car park, the cash desk and the warehouse). Personal data collected by video surveillance system will not be used to the detriment of customers and/or employees, without prior inform them for the monitoring methods and the use of such collected data.

Personal data processing basic principles

Personal data processing is done in legal, transparent and fair way.
Personal data are collected only for specified, clear and lawful purposes.
The collection of personal data is sufficient and relevant.
Personal data are accurate and up to date.
Personal data which are not accurate, are being changed or deleted.
Personal data are confidential and stored in security.
Personal data are not shared with third parties, unless it is necessary in order for services to be offered, after agreement.

Disclosure of personal data

It is possible that, for specific purposes, the company PLANETARIUM of Thessaloniki may transmit the personal data provided by natural persons to third parties, in the following cases.

6.1 To employees or external cooperators

Our employees and external cooperators are experienced professionals and they are well-informed about confidentiality obligations related to customers’ personal data. The company’s PLANETARIUM of Thessaloniki employees and external cooperators (e.g., transport and courier companies) can access only the personal data of our customers, which is absolutely necessary in order for them to execute their duties. The company PLANETARIUM of Thessaloniki always keeps a contractual relationship with its employees/external cooperators, maintaining the necessary commitments of confidentiality and taking the appropriate organizational and technical measures to protect the personal data of its customers.

Other third parties according to the law

We may share the necessary personal data of our customers in order to comply with the law or with a mandatory legal procedure (e.g., tax purposes), or in order to protect the legal rights and the security of the company PLANETAURIUM of Thessaloniki.

Other third parties, for the implementation of the services offered by PLANETARIUM of Thessaloniki

In some cases, the customers’ personal data is necessary to be shared, for the smooth operation of some online services (e.g., data center, hosting etc.). In any case, there will be a special reference to the relevant service contract.

Other third parties with your consent

In addition to the disclosures described in the section Privacy Policy, we may share your personal data to third parties, provided you have given us your explicit consent.

Non- EEA recipients

The personal data you provide to our company, will be stored on servers which are located within European Economic Area (EEA). We will not transfer your data outside the European Economic Area, unless you are a non-EEA user. In this case, it is possible that your data will be transferred, in order for the products you bought to be delivered and for the payment/returns to be processed or to send you promotional information, in case you have subscribed to our mailing list. Our company will take all necessary measures to ensure that the processing of your personal data is done securely and according to this Privacy Policy and to the legislation, when it is done outside the EEA. In case United Kingdom is no longer member of EEA, the references in this paragraph to the EEA shall mean the EEA and the United Kingdom.

In case your data is or may be transferred to countries such as USA, then the transfer is made in accordance with the principles of the so-called EU–US Privacy Shield, in order to ensure that the personal data of the people involved are sufficiently protected. Otherwise, in case it is necessary for your data to be transferred to other countries, outside the EU, the transfer is made in accordance with the so-called Standard Contractual Clauses (SCC), i.e., in accordance with appropriate provisions in legal texts for the personal data protection, which are transferred to such countries, where there is no adequate protection security level.

Data retention period

The data retention period -depending on each case- is decided based on the following criteria:

When data processing is required as an obligation by provisions of the applicable legal framework, customers’ personal data will be stored for a period defined by the relevant provisions.
When data processing is done in accordance with a contract, the retention period of customers’ and employees’ personal data can be up to 20 years, for the possibility of projecting ancillary claims of them, which are subject of the 20-year limitation period, as well as for the possibility of exercising, supporting and establishing of legal claims of the subjects to us and vice versa.

As set by law, your data that are subject to tax regulations will be stored and retained for a period up to 10 years since the cancellation of your account in our system. After this period, your data are deleted without prior notice.

Personal data protection

The company PLANETARIUM of Thessaloniki implements appropriate technical and organizational measures, aiming at the secure personal data processing and at the prevention of accidental loss or destruction, unauthorized or/and illegal access to, use, modification or disclosure of personal data. These technical and organizational measures are taken both during the design of processing media (e.g., encryption of the company’s server’s and computers’ data etc.), and by default, so that only the necessary for each purpose personal data are processed (data minimization principle). In addition to these measures, the company PLANETARIUM of Thessaloniki is constantly searching for new methods in order to protect the personal data that are collected and processed. In any case, the internet operation and the fact that it’s open to anyone, does not allow us to guarantee that third-parties who are unauthorized will never violate these technical and organizational measures, getting access and probably using personal data for unauthorized or/and illegal purposes.

Actions to be taken in case of violation of customer’s personal data

In case of personal data violation, when this violation may pose a risk to our customer’s rights and freedom, the company PLANETARIUM of Thessaloniki undertakes to report the event to the Hellenic Data Protection Authority within 72 hours since the time the data violation event was found. If it is necessary, the company will also report the event to the natural person to whom the data belong.

Transactions via e-shop

Regarding the transactions via the company’s e-shop -with a large volume of e-mails and orders- all the appropriate for your data protection measures are taken. These data are disclosed and processed in the context of customer service and the processing of transactions. We have added opt-in form of your consent, as existing customers, as a condition for the collection and processing of your personal data in the context of the execution of your order and the completion of the relevant transaction. As for existing customers who have made transactions with our e-shop, these continue to be valid, although you may haven’t given your consent, because in this case the company’s legal interest to keep a transactional relationship with you is preferred. However, in any case -even you are existing or potential customer- if you wish to terminate our transactional relationship, and consequently to stop your data processing and storage, as well as stop receiving promotional material, you have the right to withdraw your consent (opt-out), at any time.

In any case, we take all the appropriate technical and organizational measures to protect and efficiently store your personal data, for as long as we have access to process these data, in the context of the order execution and the completion of the relevant transaction.

Your rights

Every natural person whose personal data are being processed by the company PLANETARIUM of Thessaloniki, has the following rights:

11.1. Right to information

You have the right to be informed about our or our representatives’ identity and contact details, about the purposes of the collected data processing, as well as the legal basis for the processing, recipients or categories of recipients of the personal data. In the context of the principle of transparency, which governs our company’s operation, you have the right to contact us asking for further information on how your personal data are being processed and how to exercise your rights by submitting the relevant requests. These requests will be immediately be answered, within a month since receiving the request, in any case. If it’s necessary, this period of time may last up to two months, depending on the complexity and the number of the requests.

Right of access

You have the right to be aware of and verify the legality of the data processing and to request copies of your personal data thar are being processed. Thus, you have the right to access these data and receive further information on processing. You can also access more specific information relative to the content and the way of exercising your rights.

Right to rectification

You have the right to read, modify and update your personal data, upon request to the company which is responsible for the data processing. As a company, we must respond to your request, within reasonable period of time. In case of possible delay of response, you must be notified for the reason that causes the delay.

Right to erasure

You have the right to request for erasure of your personal data when we process it with your consent or in order to protect the company’s legal interest. In any other case (e.g., when there is a contract, obligation to personal data processing imposed by law, public interest), this right is subject to specific limitations or does not exist at all, depending on the case (e.g., we have the right to refuse the erasure of your personal data aiming to the establishment, exercising or supporting our legal claims).

Right to restriction of processing

You have the right to request restriction of your personal data processing in the following cases: (a) when you dispute the accuracy of the personal data and until verification, (b) when you oppose the erasure of your personal data and instead of it, you request the restriction of the use of such data, (c) when the personal data is not necessary for processing purposes, however is needed for the establishment, exercise and support of legal claims, and (d) when you oppose the processing and until it is verified that there are legitimate reasons that concern us and prevail over the reasons why you oppose the processing.

Right to object

At any time, you have the right to object to your personal data processing, in cases when, as described above, it is necessary for purposes of legal interests we pursue as controllers, as well as to the processing for direct promotional purposes. Specifically, you have the right to object in every decision made solely based on automated processing, including profiling, which produces legal results that concern you, or significantly affects you. Exceptionally, you may object to the automated decision making that concerns you, when this decision is either necessary for the conclusion or performance of the contract, we have entered into with you, or is based on your explicit consent.

Right to data portability

You have the right to request and receive your personal data free of charge in a form that allows you to access, use and process it, through commonly used processing methods. Additionally, provided that it is technically possible, you have the right to request the transfer of your personal data directly to another controller. This right concerns the data you have provided to our company and its processing is done automatically given your consent or in execution of a relevant contract to you.

Right to withdraw your consent

You are free and have the right to withdraw your explicit consent, in case when the processing of your personal data is based on this consent, without affect to the legality of the processing based on your consent, before revoking it.

In order to withdraw your consent, you should contact the Department of Personal Data Protection of the company PLANETARIUM of Thessaloniki:

Email: [email protected]

Tel: 2310541826

Right to lodge a complaint with Hellenic Data Protection Authority

In case of your personal data violation, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr):

Tel: +30 210 6475600

Fax: +30 210 6475628

Email: [email protected]

Third-party websites

Our website may contain links to other websites, which don’t belong to the company PLANETARIUM of Thessaloniki and are not controlled by us. However, we believe that these websites are useful or interesting to the visitors of our website. In this case, we are neither responsible for the privacy policy or the validity of the content of such websites nor for the use of cookies and the data that are being collected by the third-party website controllers. Therefore, we are not responsible for any damage or problem arises by navigating these websites and finally, in case you don’t absolutely trust a website which is included in our website, it’s up to you to decide whether or not to visit it.

Children

By giving your consent, you responsibly declare that you are older than 15 years and therefore, according to the Greek law 4624/2019, you are considered as a minor. If you are younger than 15 years, you may navigate our website and use our services only with the participation and the permission of parents or guardians.

Privacy policy update

The website https://www.planitario.gr is constantly updated and expanded both functionally and in terms of new products and services. Consequently, this privacy policy is also constantly updated. We highly recommend you to read this section at regular intervals of time, in order to stay informed about changes related to the privacy policy.

Cookie policy

While browsing this website, the company, by using appropriate technologies such as cookies or/and Internet Protocol (IP) address tracking, may collect users’ identification data. Cookies are small text portions that are sent to the browser through which the user visited a website. The use of cookies facilitates the website to memorize information related to the user’s visits, such as preferred language, memorizing of your preferences in terms of secure search, calculating the number of the visitors or facilitates the subscription to our services.

How to control cookies

You can control and/or delete cookies according to your preferences. Details on this topic can be found at: https://www.aboutcookies.org/. You can delete all the cookies that currently exist on your computer, as well as change the settings of your browser, so cookies are not allowed. However, in this case, you may need to adjust some preferences each time you visit a website. The user can use any website without allowing the installation of cookies, but that may affect its usability and the operation of specific services.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at: [email protected]

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

You may request details of personal information which we hold about you. If you would like a copy of the information held on you, please write to us email us at: [email protected]

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.

List of cookies we collect

The table below lists the cookies we collect and what information they store.

COOKIE name	COOKIE Description
CART	The association with your shopping cart.
CATEGORY_INFO	Stores the category info on the page, that allows to display pages more quickly.
COMPARE	The items that you have in the Compare Products list.
CURRENCY	Your preferred currency
CUSTOMER	An encrypted version of your customer id with the store.
CUSTOMER_AUTH	An indicator if you are currently logged into the store.
CUSTOMER_INFO	An encrypted version of the customer group you belong to.
CUSTOMER_SEGMENT_IDS	Stores the Customer Segment ID
EXTERNAL_NO_CACHE	A flag, which indicates whether caching is disabled or not.
FRONTEND	You sesssion ID on the server.
GUEST-VIEW	Allows guests to edit their orders.
LAST_CATEGORY	The last category you visited.
LAST_PRODUCT	The most recent product you have viewed.
NEWMESSAGE	Indicates whether a new message has been received.
NO_CACHE	Indicates whether it is allowed to use cache.
PERSISTENT_SHOPPING_CART	A link to information about your cart and viewing history if you have asked the site.
POLL	The ID of any polls you have recently voted in.
POLLN	Information on what polls you have voted on.
RECENTLYCOMPARED	The items that you have recently compared.
STF	Information on products you have emailed to friends.
STORE	The store view or language you have selected.
USER_ALLOWED_SAVE_COOKIE	Indicates whether a customer allowed to use cookies.
VIEWED_PRODUCT_IDS	The products that you have recently viewed.
WISHLIST	An encrypted list of products added to your Wishlist.
WISHLIST_CNT	The number of items in your Wishlist.