Privacy Policy
Costos informs that, for the purposes of conducting its business activities, it processes personal data of its customers. The processing is always carried out in accordance with the applicable national legislation and the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR).
The GDPR establishes the new regulatory framework within the European Union (EU) in the examined field. Its purpose is to set conditions for the processing of personal data to protect the rights and freedoms of natural persons, particularly the right to the protection of personal data.
Note also that Costos does not store sensitive personal data related to financial transactions of its users (e.g., credit/debit card numbers and CVC codes).
For any issues regarding the processing of personal data, you can contact us at 231 032 0059 and at info@e-costos.gr.
“What categories of personal data do we process?”
We process the personal data you provide us, namely: Full Name, Postal Address, Postal Code, Region, City, Country, Landline Phone Number, Email Address, VAT Number (ΑΦΜ), Tax Office (ΔΟΥ), Profession. Processing is carried out only when we have a lawful basis to do so.
The lawful grounds for processing your personal data.
Lawful grounds for processing your personal data include:
(a) Providing the services that you assign to us and wish to receive from us, such as purchasing products, and consequently fulfilling our contractual obligations in this regard.
(b) Compliance with an obligation imposed by law, such as regulatory compliance for tax purposes.
(c) The consent you provide under specific conditions set by the legal framework, in order to receive updates about products, services, offers, etc., from Costos or third-party collaborating companies that process personal data in accordance with the applicable legal framework at any given time.
Age Declaration Form
By providing your consent, you declare responsibly that you are over 16 years of age. If you are under 16 years old, you may only use our website with the participation and approval of a parent or guardian.
How and why do we use your personal data?
- Account Creation
Personal data is collected when you create an account on https://e-costos.gr/, a website managed by Costos. When creating an account, you may be asked for additional information; however, the minimum required for the conclusion and execution of the contract will be marked as mandatory fields.
For account creation, the following personal information is required: Full Name, Postal Address, Postal Code, Prefecture, City, Area, Country, Landline Phone, and your Email Address. You will then need to set your personal password. To complete your registration, you must read the terms of use, select the “I Agree” checkbox, and complete the text for the verification of your registration.
Your registration is complete. Your username is now your email address, and your password is your personal password.
The user should not share their personal password with third parties, nor should they store it in electronic or printed form, to prevent any unauthorized use. In case the passwords are disclosed to a third party, the user is obliged to immediately inform Costos.
In case of data leakage, Costos bears no responsibility unless it has been previously informed of the unauthorized use of this information.
- Order Execution
Personal data is also collected when you place an order on our e-shop, https://e-costos.gr/. To complete your order and create an account, you may be asked for additional information, but it will be the minimum required for the conclusion and execution of the contract. These fields will be marked as mandatory. The information in this account will be used to complete the order, and you will need to provide some additional details, such as payment method information, an alternative shipping address (optional), and billing information (Tax ID, Tax Office, Profession, Company Name), where necessary.
As part of completing your order, some of this data is transferred to our partner companies. Consequently, it is shared with shipping companies for the transportation and delivery of your goods. These shipping companies may contact you for clarifications and to update you on the delivery of your products. Additionally, data is transmitted to payment providers (banks and interbank systems, PayPal) during the payment process. On our part, we utilize high-security systems to prevent leakage of information from malicious systems.
- Sending Informational and Promotional Material/Corporate News
During your visit to our website, https://e-costos.gr/, you have the option to fill out a contact form where you can provide your email address for the purpose of subscribing to our newsletter.
The data collected from our website may be used to contact you for promotional and advertising purposes, to inform you about products and offers that may interest you, via email, provided that you have given your consent, under the specific conditions set by the legal framework.
- Personalized Promotion
Within the legal framework of Costos’ legitimate interest in generating purchasing interest for its products and services, we may process information publicly available on search engines and social media platforms (such as Google, LinkedIn, Facebook, Twitter, Instagram, Youtube). This processing aims at personalized promotion and informing potential customers via telephone and/or email for commercial purposes. The legal basis for this is your voluntary publication of information on search engines and your registration on social media platforms, where such actions are considered explicit consent according to the settings of the applications you manage.
The legal bases for the aforementioned processing are both the performance of our contractual obligations (GDPR Article 6(1)(b)) and our legitimate interest (GDPR Article 6(1)(f)) as a company.
- Exporting Statistical Data
Your personal data may be used with Google Analytics. Google Analytics is used to record website traffic on our site and to extract useful statistical information for our customer base.
- Customer Satisfaction Survey – Reviews – Ratings
The data we collect from our website is used for your participation in a Customer Satisfaction Survey, provided you have given your consent, under specific conditions set by the legal framework. The Customer Satisfaction Survey is conducted through a rating, review, or email feedback for any of the products of https://e-costos.gr/ or our services, and account maintenance is necessary.
If a review contains abusive content, offensive comments, personal information, negative advertising, etc., https://e-costos.gr/ reserves the right to refuse its publication. User reviews and comments reflect the personal opinions and views of the users themselves and do not necessarily represent the views of https://e-costos.gr/, which cannot be held responsible for any of these opinions.
- Personalized Information (Profiling)
In order to provide you with the best possible experience, the personal data collected from our website may be used for sending personalized updates, provided you have given your consent under specific conditions set by the legal framework. Personalization based on your needs and preferences (profiling) is derived from the information we gather from your personal data, such as profession, residential area, etc., or based on the results of Customer Satisfaction Surveys and your purchasing behaviors.
Where are your data disclosed?
Costos transfers the personal data provided by individuals to third-party companies that provide automation services for the purpose of mass email delivery.
Additionally, as part of completing an order on our e-shop, some of this data is transferred to partner companies. Consequently, it is transmitted to shipping companies for the purpose of transporting and delivering your goods. These shipping companies may contact you to request clarification and inform you about the delivery of your products.
Furthermore, this data is accessible to information systems support and marketing companies of the e-shop, where Costos ensures their protection with strict confidentiality agreements and continuous monitoring of the appropriate organizational measures taken by these companies.
Finally, the data is transferred during the payment process to payment providers. On our part, we employ high-security systems to prevent leakage of information from malicious systems.
The storage period
The retention period of the data is determined based on the following specific criteria depending on the case:
When processing is required by provisions of the current legal framework, your personal data will be stored for as long as the relevant provisions dictate.
When processing is based on a contract, your personal data will be stored for as long as necessary for the performance of the contract and for the establishment, exercise, or defense of legal claims arising from the contract.
For marketing purposes, your personal data will be retained until you withdraw your consent. You may withdraw your consent at any time, and such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal
To withdraw your consent, you can contact us at 231 032 0059 or email us at info@e-costos.gr.
Personal Data Security
Costos implements appropriate technical and organizational measures aimed at the secure processing of personal data and the prevention of accidental loss or destruction, as well as unauthorized or unlawful access, use, modification, or disclosure. However, due to the nature of the internet and its openness to anyone, it cannot guarantee that unauthorized third parties will never be able to breach these implemented technical and organizational measures, gaining access and potentially using personal data for unauthorized or unlawful purposes.
What are your rights regarding your personal data?
Every natural person whose data is processed by Costos enjoys the following rights:
Right of access:
You have the right to be aware of and verify the legality of the processing. Therefore, you have the right to access the data and obtain supplementary information regarding their processing.
Right to rectification:
You have the right to study, correct, update, or modify your personal data.
The right to erasure (right to be forgotten):
You have the right to request the deletion of your personal data when we process it based on your consent or to protect our legitimate interests. In all other cases (such as when there is a contract, a legal obligation to process personal data, or for reasons of public interest), this right is subject to specific limitations or may not apply depending on the circumstances.
The right to restriction of processing:
You have the right to request restriction of processing of your personal data in the following cases: (a) when you contest the accuracy of your personal data, and processing is restricted until the accuracy is verified, (b) when you oppose the deletion of personal data and request the restriction of their use instead, (c) when the personal data are no longer needed for the purposes of processing, but are necessary for the establishment, exercise, or defense of legal claims, and (d) when you object to processing pending verification whether our legitimate grounds override your objections to the processing.
Right to object to processing:
You have the right to object at any time to the processing of your personal data in cases where, as described above, it is necessary for the purposes of legitimate interests pursued by us as data controllers, as well as in processing for direct marketing purposes and consumer profiling.
The right to data portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and process them using commonly used processing methods. Additionally, where technically feasible, you have the right to request that we transmit your data directly to another controller. This right applies to data that you have provided to us and that is processed by automated means based on your consent or in performance of a relevant contract.
Right to Withdraw Consent:
Finally, Costos informs you that where processing is based on your consent, you have the right to freely withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise the above rights, please contact us at 231 032 0059 or email us at info@e-costos.gr.
Cookies
The Costos website uses cookies because without them it would be impossible for some basic services to function. These include order status, multiple user choices, storing items in the cart or list, recognizing and facilitating frequent users, as well as improving the content of the website.
Cookies do not cause harm to users’ computers or the files stored on them. Additionally, they are automatically deleted when you exit the website.
Learn more about Cookies at www.cookiecentral.com.
Complaint to the Hellenic Data Protection Authority (HDPA)
You have the right to file a complaint with the Hellenic Data Protection Authority (HDPA): Telephone Center: +30 210 6475600, Fax: +30 210 6475628, Email: contact@dpa.gr.
The applicable law – Jurisdiction of Courts
https://e-costos.gr/ reserves the right to modify or renew its terms and conditions of transactions. All transactions conducted through our website https://e-costos.gr/ are governed by International and European law, which regulates matters related to electronic commerce, as well as by the Law on Consumer Protection (Law 2251/1994), which regulates issues concerning distance sales. The exclusive competent courts for any dispute arising from the use of the website and transactions conducted through it are the courts of Thessaloniki.