Privacy

Privacy Policy

Drafted: 20 /4/2021

  1. Introductory remarks
  2. Applicable law on the protection of natural persons with regard to the processing of personal data and on the free movement of such data is the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR) of the European Parliament and of the Council (voted on 27 April 2016 and entered into force on 25 May 2018) and the Greek Law 4624/2019, as well as the guidelines of the Hellenic Data Protection Authority.
  3. Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  4. This policy is fully compatible with the GDPR and Greek legislation (Law 4624/2019).
  5. It is clarified that our company may modify this policy, at any time and without notice. It is considered necessary to study this policy before any navigation, use or any registration of personal data.
  6. By navigating the website and using the e-shop, the user/customer accepts the content of this policy.
  1. Data Controller

The company “The Sound of Metal.”, as data controller, attaches particular importance to the protection of personal data of users/customers.  For any request, the user/customer may be addressed to us by the following means:  Tel: 2752059808, e- mail:  info@thesoundofmetal.gr.

  1. Why do we process your personal data?
  2. Visiting our website/e-shop , the user/customer is not obliged to provide us with his/her personal information, unless he/she wishes:
  3. to contact us,
  • to express his/her interest in the purchase of product(s),
  • to make transactions and payments,
  1. to create an account in our e-shop,
  2. We also collect data for the analysis of the usability, quality and marketing of our services in order to improve our products.
  3. We collect data for purposes related to the detection of cyber fraud and the security of electronic communications.
  4. Some of the collected data are necessary for the purpose of invoicing of products in accordance with the current tax legislation.
  5. We process only those personal data that are necessary for the fulfillment of the purposes of our transactions. Our company guarantees that the processed personal data remain highly confidential and will not be used for other purposes.
  1. What data can we process and on what legal ground?
  2. Name, surname, email address, phone number, address, city of residence, postcode. The above data are necessary for the preparation and processing of sales contract in accordance with article 6 par. 1 (b) GDPR. Also, the above information is necessary for the issuance of a retail receipt in accordance with article 6 par. 1 (c) GDPR. For the issuance of an invoice, in addition to the above data, the completion of the Tax Identification Number (TIN) and competent Tax Office is required.
  3. Name and/or surname, e -mail address, are collected so that we can respond to your requests either in accordance with article 6 par. 1 (c) GDPR or to provide you with product information, in accordance with article 6 par. 1 (b) GDPR.
  4. Name, surname, email address, phone number are collected to support the service “create an account”. The legal basis for this processing is first of all the user’s consent for his/her registration and the creation of an account, according to article 6 par. 1 (a) GDPR as well as the legitimate interest of our company, according to article 6 par 1 (f) GDPR, for the account’s security and the user’s identification, where and when it is required.
  5. We may also automatically receive certain information contained in the logs, such as IP address, geolocation data, day and time of the site visit, etc., for which we consider to have a legitimate interest, in accordance with Article 6 par. 1 (f) GDPR to protect the security of networks, information and services from accidental events or illegal or malicious actions (e.g. cyber fraud) related to the availability, authenticity, integrity and confidentiality of data and at the same time to provide according to article 6 par. 1 (c) GDPR, and safeguard a more secure environment for the processing of personal data.
  6. We also use cookies either to measure the statistics of our e-shop or to improve navigation and user’s experience or to promote our products. Details about Cookies (type, duration, purpose and provider etc.) can be found in the relevant policy or cookie banner. The installation of a tracker on a terminal device requires in principle the consent of the user, regardless of whether it ultimately processes personal data. Trackers who are exempted from the obligation to obtain consent are those who are considered technically necessary to make the connection to the website or to provide the internet service requested by the user himself. According to the Hellenic Data Protection Authority, no consent is required (a) for the identification and/or retention of content entered by the subscriber or user during a session on a website throughout the specific connection, such as the “shopping cart”, (b) for the connection of the subscriber or user to services that require authentication, (c) for user’s security, (d) for the implementation of the technique of load balancing in a connection to website, (e) to maintain the user’s choices regarding the presentation of the website, e.g. select language, save search history. Trackers which are installed for the purpose of online advertising or third-party trackers, such as Google Analytics for web analytics, are allowed if the user has given prior consent after being properly informed.
  7. It clarified that the company does not have in any way access to credit or debit card data. Online transactions take place in a secure bank environment.
  1. Recipients of data – Transfers
  2. In order to be able to provide our services, some of our contracted partners may have access to certain data, under strict conditions, such as encryption, contractual confidentiality clauses, etc.:
  • companies or professionals in hardware and software/cloud services ,
  1. financial service providers,
  • companies for the transport and delivery of products,
  • advertising service providers,
  1. accounting firms or offices.
  2. We demand from all the above recipients to implement organizational and technical measures to ensure the optimal level of security.
  3. Our company does not transfer personal data to third countries, i.e. outside the EU. For Cookies, see the relevant policy.
  1. Retention period
  2. In case of a purchase, customer’s personal data will be stored for a reasonable time. After the completion of the contract, i.e. after the full payment of the price of the products, our company stores customer’s personal data given for the purchase of the products for five (5) years, with the exception of certain information that for tax reasons must be maintained for longer than the above period.
  3. Data provided under the contact form, whether relating to clarifications on sales or relating to all types of customer requests, are retained for five (5) years from the last written communication.
  4. In any case, If until the end of the five (5) years legal proceedings are in progress with our company or any other affiliated company, concerning the user/customer directly or indirectly, or any administrative audit is pending, the above time of storage of data will be extended until the issuance of an irrevocable court decision or the issuance of an administrative act.
  5. To uninstall Cookies, user/customer can consult the relevant policy or cookie banner.
  6. In case of a shorter or longer data retention period provided by law, the above data retention time will be reduced or increased accordingly. For this reason, the company undertakes to review the relevant legislation at regular intervals and to revise this policy accordingly.
  1. User’s/Customer’s rights

According to the General Data Protection Regulation, user/customer has the following rights:

  1. Right to access: Know if and to what extent his/her personal data are being processed in any way, in particular the purposes of the processing, the categories of data we process, the recipients of his/her data, the retention period as well as the existence of automated decision making (Article 15 GDPR).
  2. Right to rectification: Request the rectification and/or completion of his/her personal data; so that they are complete and accurate (Article 16 GDPR).
  3. Right to restriction: Request the restriction of the processing under the conditions of article 18 GDPR. However, our Company has the right to refuse his/her request for restriction of the processing of his/her personal data if the processing of the data is necessary for the establishment, exercise or support of our legal rights or the fulfillment of our legal obligations.
  4. Right to objection: Object to any further processing of his/her personal data (Article 21 GDPR), unless we prove that there are compelling and legitimate reasons for this processing or retention is necessary for the exercise of our legal claims.
  5. Right to erasure (“right to be forgotten”): Request the deletion of his/her personal data from our records under the conditions of Article 17 GDPR. Our Company has, in any case, the right to refuse his/her request for erasure, if this processing is necessary for the establishment, exercise or support of our legal rights or the fulfillment of our legal obligations.
  6. Right to portability: Request the transfer of his/her data from our Company to any other controller (Article 20 GDPR). The right to portability does not imply the erasure of personal data.
  7. Right to complain: File a complaint to the Hellenic Data Protection Authority (www.dpa.gr), if his/her rights are violated in any way. To exercise his/her rights, he/she can contact the Controller in writing, via phone or via e-mail.
  8. For any of the above requests or any other relevant information about his/her personal data, user/customer can contact directly with our Company.
  9. Our Company, fully respecting his/her rights, will make efforts to respond to his/her request within thirty (30) days of the submission. This deadline may be extended for an additional sixty (60) days, if this is deemed necessary taking into account the complexity of the request and the number of requests. Our Company, in any case, will contact him/her about the extension of the response deadline within thirty (30) days. Exercising his/her rights does not require any costs. However, in the event that his/her requests are manifestly unfounded, excessive or repetitive, we have the right to either impose him/her a reasonable fee or to refuse to respond to his/her request(s).
  10. Data security
  11. Our company implements strict security procedures in order to protect user’s/customer’s data from damage, destruction or disclosure and to avoid unauthorized access to them.
  12. When the data are to be transferred to our recipients, we demand that similar measures be taken to fully protect user’s/customer’s information.
  13. Links

The Website contains links to third party pages (Links). The provision of the links does not imply endorsement of their content. The company does not bear any responsibility for the availability or content of these websites or any liability for any damages resulting from the use of their content. These links mainly concern our corporate pages on social media (Facebook , Instagram etc.). The links are provided solely for the convenience of the user. In any case, the user browses these sites at his/her own risk. Prior to any registration of personal data, it is always recommended to study the legal notices of each one platform.

© 2022, All rights reserved