Privacy Policy

PRIVACY POLICY AND PERSONAL DATA PROTECTION

PLANETARIUM OF THESSALONIKI

1. Information for Personal Data Processing

The protection of the personal data of customers and collaborators is of primary importance for the company PLANETARIUM of Thessaloniki.

For this reason, the appropriate technical and organizational measures are taken to protect the personal data we process and to ensure that their processing, whether done by the company itself or by third parties processing personal data on its behalf, is always carried out in accordance with the applicable legal obligations.

This Privacy and Personal Data Protection Policy applies to the services our company provides to customers, to communication with any interested party, and to the website www.planitario.gr and its online services.

2. What is GDPR?

The General Data Protection Regulation (GDPR) 2016/679 (EU) is the regulatory framework of the European Union regarding personal data. Its purpose is to establish the conditions for the processing of personal data and the protection of the rights and freedoms of every natural person, especially the right to the protection of personal data.

According to article 4 of the GDPR, personal data is any information that can be used for your identification, communication and transaction with you. In particular, such data includes your name, address, email, phone number and other information when combined with your personal information.

3. The company PLANETARIUM of Thessaloniki as responsible for processing

The company PLANETARIUM of Thessaloniki, under the brand-name “Dimitrios Tsampouras & Co”, based at 15-17 Antoni Tritsi str., 57001, Pylaia, Thessaloniki, with Tax Identification Number 081956280, collects and processes personal data of its collaborators, suppliers, employees and customers in the context of its business activities, in accordance with applicable Greek law and the GDPR.

Therefore, the company PLANETARIUM of Thessaloniki acts as controller in accordance with article 4 par. 7 of the GDPR.

Email: [email protected]

Tel: +302310541826

4. Which personal data do we process?

We process your personal data only for legal purposes, provided that one of the conditions of article 6 par. 1 of the GDPR is met. The website is designed so that users can navigate it without revealing their identity and personal data, unless they choose to do so.

In order to conduct our business activities and cooperate with you, it is necessary to collect and process part of your personal data so that we can provide our services and sufficiently cover your needs.

4.1 Customer’s personal data

- The company collects and processes customers’ personal data such as name/surname, father’s name, phone number, email, address, identity card number, Tax Identification Number, orders, invoices, payment receipts and similar information in order to complete customer orders.

- Customers may also subscribe to the newsletter in order to receive updates on new products, services, offers and actions of PLANETARIUM of Thessaloniki.

- The legal bases include contractual necessity, consent and the company’s legitimate interest.

4.2 Personal data from the use of online services on our website

- In order to optimize our website, we monitor its performance.

- During navigation, we may automatically collect information about your computer and visit, your network and provider, your activity on the website, the date and time of browsing, time spent on the site, visited links, your IP address, the operating system of your device and your browser software.

- In addition, the e-shop is used to serve customers and complete transactions efficiently.

4.3 Personal data that the company collects and processes for staff

- The company’s staff is trained and informed about obligations regarding personal data protection and professional secrecy.

- When job openings arise, CVs of candidate employees are collected and processed. Such data may include name, identity details, age, marital status, address, phone number, email, CV, degrees, certifications, work experience, requested position and interview notes.

- These data are generally kept for one year, after which CVs are destroyed and, when necessary, re-collected according to the company’s needs.

- If a candidate is hired, additional data may be collected, including tax, insurance, payroll and contractual information, as required for legal and contractual obligations.

4.4 Personal data of our cooperators/suppliers

The company may collect and process data of cooperators and suppliers, such as name, email, phone number, address, Tax Identification Number, identity card number, AMKA, IBAN, business cards, invoices, vouchers, contracts and records relevant to the cooperation, in order to communicate, direct and supervise collaboration effectively.

4.5 Personal data from video surveillance

- Security cameras and CCTV primarily aim to prevent criminal acts and secondarily to keep records that help identify risks and protect people and property.

- Cameras are placed so that only necessary data is collected and no more than required for the processing purpose.

- Video surveillance is not used for employee monitoring during working time, but for entrance-exit control and monitoring of areas such as parking, cash desk and warehouse.

5. Personal data processing basic principles

- Personal data processing is done in a lawful, transparent and fair way.

- Personal data are collected only for specified, clear and lawful purposes.

- The collection of personal data is sufficient and relevant.

- Personal data are accurate and kept up to date.

- Inaccurate data are changed or deleted.

- Personal data are confidential and stored securely.

- Personal data are not shared with third parties unless necessary and agreed for service provision.

6. Disclosure of personal data

6.1 To employees or external cooperators

Employees and external cooperators, such as transport and courier companies, may access only the personal data that are absolutely necessary for the execution of their duties, always under confidentiality obligations and contractual safeguards.

6.2 Other third parties according to the law

Necessary personal data may be shared in order to comply with the law, mandatory legal procedures or to protect the legal rights and security of the company.

6.3 Other third parties for the implementation of services

In some cases, customers’ personal data must be shared for the smooth operation of online services such as data center or hosting services.

6.4 Other third parties with your consent

Apart from the disclosures described above, the company may share personal data with third parties when explicit consent has been provided.

6.5 Non-EEA recipients

Personal data are stored on servers located within the EEA.

If transfer outside the EEA is required, the company states that it uses appropriate safeguards for such transfers.

The page also refers to Privacy Shield and Standard Contractual Clauses as relevant transfer mechanisms in the text currently published.

7. Data retention period

- When processing is required by the applicable legal framework, personal data are stored for the period defined by those provisions.

- When processing is based on a contract, the retention period of customers’ and employees’ personal data can be up to 20 years for potential legal claims.

- Data subject to tax regulations may be stored and retained for up to 10 years since the cancellation of your account in the company’s system.

8. Personal data protection

The company implements appropriate technical and organizational measures to ensure secure personal data processing and to prevent accidental loss or destruction, unauthorized or illegal access, use, modification or disclosure.

These measures are taken both at the design stage of processing systems and by default, so that only the necessary personal data are processed for each purpose.

At the same time, the open nature of the internet does not allow an absolute guarantee that unauthorized third parties will never gain access to personal data.

9. Actions to be taken in case of personal data violation

In case of a personal data violation that may pose a risk to the rights and freedoms of data subjects, the company undertakes to report the event to the Hellenic Data Protection Authority within 72 hours from the time the breach was found and, where necessary, also to the affected natural person.

10. Transactions via e-shop

With respect to transactions via the company’s e-shop, all appropriate measures are taken for data protection in the context of customer service and transaction processing.

The page states that an opt-in form of consent has been added for collection and processing of personal data in the context of order execution and transaction completion.

For existing customers, the company states that the ongoing transactional relationship may continue on the basis of legitimate interest.

Customers may withdraw consent and request the termination of processing and storage, including promotional communications, at any time.

11. Your rights

11.1 Right to information

You have the right to be informed about the identity and contact details of the controller or representatives, the purposes and legal basis of the processing, and the recipients or categories of recipients of the personal data.

11.2 Right of access

You have the right to know and verify the legality of the processing and to request copies of your personal data that are being processed.

11.3 Right to rectification

You have the right to read, modify and update your personal data upon request to the company responsible for the processing.

11.4 Right to erasure

You have the right to request the erasure of your personal data where the legal conditions for this right are met.

11.5 Right to restriction of processing

You have the right to request restriction of your personal data processing in the cases described on the page.

11.6 Right to object

You have the right to object to your personal data processing, especially where processing is based on legitimate interest or for direct promotional purposes.

11.7 Right to data portability

You have the right to request and receive your personal data free of charge in a format that allows access, use and processing through commonly used methods, and, where technically possible, to request transfer to another controller.

11.8 Right to withdraw your consent

You are free to withdraw your explicit consent whenever the processing of your personal data is based on that consent.

Email: [email protected]

Tel: 2310541826

11.9 Right to lodge a complaint with Hellenic Data Protection Authority

In case of personal data violation, you have the right to lodge a complaint with the Hellenic Data Protection Authority.

Tel: +30 210 6475600

Fax: +30 210 6475628

Email: [email protected]

12. Third-party websites

Our website may contain links to other websites that do not belong to the company and are not controlled by us.

The company is not responsible for the privacy policy of such websites, for the validity of their content, or for the use of cookies and the data collected by those third-party controllers.

Accordingly, the company is not responsible for damage or problems arising from navigation on those websites and it remains up to you whether or not to visit them.

13. Children

By giving your consent, you declare that you are older than 15 years. If you are younger than 15 years, you may navigate the website and use its services only with the participation and permission of parents or guardians.

14. Privacy policy update

The website is constantly updated and expanded both functionally and in terms of new products and services. Consequently, this privacy policy is also updated, and readers are encouraged to review it at regular intervals.

Cookie policy

While browsing this website, the company may collect identification data using appropriate technologies such as cookies and/or Internet Protocol (IP) address tracking.

Cookies are small text portions that are sent to the browser through which the user visited a website. Their use helps the website memorize information related to the user’s visits, such as preferred language, search preferences, number of visitors, and easier access to certain services.

You can control and/or delete cookies according to your preferences. Disabling cookies may affect usability and the operation of certain services.

The page also notes that links to other websites are outside the company’s control and are not governed by this privacy statement.

List of cookies we collect

Functional cookies — Essential for store operation

COOKIE Name COOKIE Description
PHPSESSID Identifies your current session on the server. Essential for the basic operation of the store.
form_key A security key that protects forms against unauthorized submissions (CSRF protection).
CUSTOMER An encrypted version of your customer ID in the store.
store The store view or language you have selected.
CURRENCY Your preferred currency for displaying prices.
PERSISTENT_SHOPPING_CART Retains your shopping cart contents even after you have logged out.
USER_ALLOWED_SAVE_COOKIE Records whether you have consented to the use of cookies on our store.
X-Magento-Vary Used to differentiate cached content versions depending on user context (e.g. logged in vs. guest).
private_content_version Manages the version of personalised content shown to you, such as your cart and wishlist.
section_data_ids Tracks which page sections need to refresh their data (e.g. the number of items in the cart).
section_data_clean Used to clear outdated cached section data from the browser.
mage-cache-sessid An active session marker used by the store's cache system.
mage-cache-storage Stores cache data locally in the browser for faster page loading.
mage-cache-storage-section-invalidation Tracks which cache sections have been invalidated and need to be refreshed.
mage-messages Temporarily stores system messages such as order confirmations and form errors.
product_data_storage Stores product data locally to speed up information display without additional server requests.
recently_viewed_product Stores the products you have recently viewed for display in the relevant section.
recently_viewed_product_previous Stores the previous list of recently viewed products for comparison during page refresh.
recently_compared_product Stores the products you have recently compared using the comparison feature.
recently_compared_product_previous Stores the previous list of compared products for comparison during page refresh.


Technical cookies — Security & performance (Cloudflare)

COOKIE Name COOKIE Description
__cf_bm Set by Cloudflare to detect and mitigate automated (bot) traffic. Duration: 30 minutes.
cf_clearance Set by Cloudflare after a user successfully passes a security challenge. Duration: 1 day.


Analytics cookies — Traffic analysis (Google Analytics)

COOKIE Name COOKIE Description
_ga Main Google Analytics 4 cookie. Used to distinguish unique visitors. Duration: 2 years.
_ga_XXXXXXXXXX Google Analytics 4 session cookie. Maintains the state of the current visit. Duration: 2 years.
_gid Used by Google Analytics to identify visitors within a 24-hour period. Duration: 24 hours.


Marketing cookies — Advertising (Meta / Facebook)

COOKIE Name COOKIE Description
_fbp Set by the Meta (Facebook) Pixel to identify visitors and track conversions from ads. Duration: 3 months.
_fbc Stores the fbclid parameter when you visit the store via a Facebook or Instagram ad. Used for conversion attribution. Duration: 3 months.


Marketing cookies — Advertising (TikTok)

COOKIE Name COOKIE Description
ttcsid Set by the TikTok Pixel to track visits and conversions from TikTok ads. Duration: 3 months.
ttcsid_[ID] A variant of ttcsid linked to a specific TikTok Pixel. Used for conversion attribution. Duration: 3 months.


Email marketing cookies (Brevo)

COOKIE Name COOKIE Description
sib_cuid Set by the Brevo (formerly Sendinblue) email marketing platform. Used to identify unique visitors in the context of email campaigns and automations. Duration: 6 months.