Privacy Policy

Privacy Policy and Cookie Policy of www.penelopesconcept.com

If you use the services of our company via our website, your personal data may be processed. As a rule, we only conduct such processing with the prior consent of the user on the legal basis of point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR), with the exception of cases in which prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.

This Privacy Statement explains which personal data are processed by us, the type of processing that is conducted, and the purpose of the processing. Furthermore, reference is made to the rights of the data subject.

Our company has implemented numerous technical and organizational measures to ensure that protection of the personal data processed via our websites is as complete as possible. Nevertheless, absolute security cannot be guaranteed since there may be security gaps in the transmission of data, and in particular in the online transmission of data.

The terms used in this Privacy Statement are based on the terms used in the EU General Data Protection Regulation (GDPR).

Name and address of the controller

The controller pursuant to the General Data Protection Regulation, other national data protection laws of the Member States of the European Union, and other data protection provisions is:

Penelope Mela

Mystra 33, Glyfada, Greece 16561

Tel.: +306981464932

Cookies

Our websites use cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. That cookie contains a string of characters (cookie ID) that enables clear identification of the browser and recognition of the user when the website is visited again.

That enables us to provide more user-friendly services to users of our website than would be possible without using cookies.

Users of our website can permanently disable cookies at any time by adjusting the settings of the used internet browser accordingly. Furthermore, already stored cookies can be deleted at any time via the relevant internet browser or other software programs.

Collection of general data and information

Our websites collect various general data and information whenever they are accessed by a data subject or automated system. Those general data and information are stored in the log files of the server. The following data may be collected:

1. browser types and versions used,
2. the operating system used,
3. the website from which a system accesses our website,
4. the subpages that the system accessing our website navigates to,
5. the date and time of access to the website,
6. the IP address,
7. the internet service provider of the system accessing the website, and
8. other similar data and information that serve to protect our information technology systems in the case of attacks.

The collection and use of the general data and information do not allow any conclusions to be drawn about the data subject. Instead, they serve the following purposes:

1. correct provision and display of the content of our website
2. optimization of the website content and advertising the website
3. ensuring the long-term functionality of our website
4. provision of the necessary information to assist law enforcement authorities in the event of a cyber-attack. The anonymous data stored in the log files are stored separately from any personal data.

Contact options via our website

Our website contains contact forms enabling users of the website to contact our company directly and quickly and to request information. If a user contacts us using such a form, the personal data entered are automatically stored by us.  The data entry form indicates which personal data are sent to us. The data are collected in order that an employee of our company or of a processor can contact or send further information to the person whose data were entered using the data entry form.

Alternatively, it is possible to contact us using the e-mail address provided. In this case, the user’s personal data that are sent by e-mail are stored for the purpose of contacting the user.

The collected data are only collected and stored for our own purposes and used for optimization of our marketing activities. The personal data may be transferred to one or more processors. The processing conducted by the processor will likewise be conducted solely for our internal use.

Rights of the data subject

If your personal data are processed and you are a data subject pursuant to the GDPR, then you may have the following rights vis-à-vis the controller:

a) Right of access

You have the right to obtain confirmation from the controller as to whether or not personal data concerning yourself are being processed by us.

Where that is the case, you have the right to obtain the following information from the controller:

1. the purposes of the processing of the personal data;
2. the categories of personal data concerned;
3. the recipients or categories of recipient to whom personal data concerning yourself have been or will be disclosed;
4. the envisaged period for which personal data concerning yourself will be stored, or, if not possible, the criteria used to determine that period;
5. the existence of the right to request from the controller rectification or erasure of personal data concerning yourself, or restriction of processing of personal data by the controller, or to object to such processing;
6. the right to lodge a complaint with a supervisory authority;
7. where the personal data are not collected from the data subject, any available information as to their source;
8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information about whether personal data concerning yourself are transferred to a third country or an international organization. You have the right to obtain information about appropriate safeguards pursuant to Article 46 GDPR with respect to such transfer of data.

b) Right to rectification

You have the right to require the controller to rectify or complete processed personal data concerning yourself if such data are incorrect or incomplete. The controller shall rectify the data without undue delay.

c) Right to restriction of processing

You have the right to obtain restriction of processing of personal data concerning yourself in the following cases:

1. the accuracy of personal data concerning yourself is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims, or
4. if you have objected to processing pursuant to Article 21(1) GDPR and verification is pending as to whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning yourself has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the aforementioned conditions, you shall be informed by the controller before the restriction of processing is lifted.

d) Right to erasure

Obligation to erase data

You have the right to obtain from the controller the erasure of personal data concerning yourself without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

1. personal data concerning yourself are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. you withdraw your consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
3. you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. personal data concerning yourself have been unlawfully processed.
5. personal data concerning yourself have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6. personal data concerning yourself have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Informing third parties

Where the controller has made personal data concerning yourself public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Derogations

The right to erasure does not apply to the extent that processing is necessary

1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise, or defense of legal claims.

e) Right to be informed

If you have obtained rectification, deletion or restriction of processing from the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform you about those recipients if you request it.

f) Right to data portability

You have the right to receive the personal data concerning yourself which you have provided to a controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

1. the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, or on a contract pursuant to point (b) of Article 6(1) GDPR, and
2. the processing is carried out by automated means.

In exercising that right, you also have the right to have personal data concerning yourself transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by exercise of that right.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process personal data concerning yourself unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data concerning yourself are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, personal data concerning yourself shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

h) Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

i) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. Thatdoesnotapplyif the decision

1. is necessary for entering into, or performance of, a contract between you and a data controller,
2. is authorized by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
3. is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

Note: our company does not conduct automated decision-making using personal data.

j) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning yourself infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Privacy in job application processes

Application documents may be submitted electronically via our website. We will solely collect and process the submitted personal data for the purpose of conducting the application process. If our company appoints the applicant, the personal data will be stored for administration of the employment. If the applicant is not appointed, the submitted documents and data will be deleted 6 months after notification of the rejection.

Privacy policy concerning deployment and use of social media elements

Components of various social media, such as Facebook, Google+, LinkedIn, YouTube, Twitter and Instagram, are integrated into our website.

If a user accesses one of our websites with such an integrated social media element, that component allows the display of components retrieved from the server of the operator of the social media components.

Furthermore, once the user visits our websites, a direct connection is created via the social media components between your browser and the server of the operator of the social media components. Each time our website or subpages of our website are accessed, the operator receives information about which specific websites and subpages are visited by the user with the corresponding IP address.  Please note that we are not informed of the content of the transmitted data and the use of such data by the operator.

Once the user clicks on a link to one of the social media components, the subpage of the operator of the social media components opens in a new browser window and shows content of the controller. Please note that the websites linked to by the social media components are not operated by us, so this Privacy Statement does not apply to those websites. Furthermore, for the afore­mentioned reason, we cannot assume any liability for the protection of personal data when accessing such websites.

For further information on the privacy policies of the integrated social media components, please see

Facebook: https://www.facebook.com/policy.php

LinkedIn: https://www.linkedin.com/legal/privacy-policy

YouTube: https://policies.google.com/privacy?hl=en

Twitter: https://twitter.com/privacy?lang=en

Instagram: https://www.instagram.com/about/legal/privacy/

Privacy policy concerning the deployment and use of Google Analytics (with anonymization)

The Google Analytics data traffic analysis service (with anonymization) is integrated into our website.

The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics collects and analyzes data about user behavior on specific websites. Such data include visits to websites and their subpages, the length of time spent on the website, and the website from which the user accessed the website that uses Google Analytics.

The purpose of web analysis using Google Analytics is to optimize our website and to perform a cost/benefit analysis for online advertising.

Google Analytics uses cookies (see the section on “Cookies”) that are stored on the user’s computer and that enable analysis of the user’s use of our website. In general, the data stored in the cookie are transmitted to a Google server and stored there.

Google Analytics is used on our website with the “anonymizelp” extension for anonymization. That anonymization function truncates the IP address of the user accessing the website once the user is recognized to be within the European Union or another signatory state to the Agreement on the European Economic Area. The IP address transmitted by your browser in the scope of Google Analytics is not merged with other data held by Google.

The data transmitted to Google are used on our behalf to analyze the use of our website, to compile website activity reports, and to perform further services related to website use and internet use. Any data transmitted by us that are linked with cookies, user identification (e.g. user ID), or advertising IDs are automatically erased after 14 months. The data are automatically erased once a month following expiry of their retention period.

For further information on the terms of service and privacy policy of Google Analytics, please see

https://www.google.com/analytics/terms/gb.html (Great Britain)

https://www.google.com/analytics/terms/us.html (United States of America)

https://policies.google.com/?hl=en

You may prevent the storage of cookies by adjusting your browser settings accordingly; however please note that if you do so you will not be able to use the full functionality of this website. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected by Google and processing of such data by Google by downloading and installing the following add-on:

https://tools.google.com/dlpage/gaoptout?hl=en

Opt-out cookies will prevent your data from being collected when you visit this website in future. To prevent collection by Google Analytics on multiple devices, you need to opt out on all systems used.

SPAM protection

This type of service analyzes the traffic of this Website, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages and contents recognized as SPAM.

GOOGLE RECAPTCHA (GOOGLE INC.)

Google reCAPTCHA is a SPAM protection service provided by Google Inc.
Use of the reCAPTCHA system is subject to Google’s privacy policy and terms of use.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy. Subject adhering to the Privacy Shield.

Cookie Policy

 Our Cookie Policy aims to describe the types of cookies used by the website www.penelopesconcept.com (here in after “Website“), the purposes of the cookies installed and the methods by which Users can select or disable the cookies present on the Website and benefit from the services offered.

We use cookies to make use of our Website easier and more intuitive. Data acquired by cookies is used to make future browsing experiences more pleasant and efficient.

WHAT ARE COOKIES?

Cookies are tiny strings of text which websites visited send to the User’s terminal (usually the web browser), where they are memorised and subsequently retransmitted to the same website the next time the User visits.

The term cookie refers to cookies themselves and all similar technologies.

Cookies are used to access online services more rapidly and to improve the User’s navigation experience by monitoring sessions, memorising Users’ information, loading content faster etc.

TYPES OF COOKIES

Cookies may be:

First-party cookies: these are cookies owned and used by the Website, which allow Users to navigate more efficiently and/or to monitor their activity;

Third-party cookies: these are cookies set by a different website to the one being visited, to allow Users to navigate more efficiently and/or to monitor their activity.

Furthermore, there are different types of cookies:

• Technical and Analytical Cookies: these are cookies related to activities which are strictly necessary for the function of the website and the delivery of services (e.g. session cookies for login), cookies used for the saving of preferences and optimisation (e.g. cookies that save the basket or the choice of language/currency etc), analytical cookies which collect information in anonymous, aggregated form.

Technical cookies include:

• Session or Navigation Cookies: these are used to track the User’s online activity. They guarantee normal navigation and use of the Website, for example by allowing faster navigation, purchases or authentication for access to reserved areas, and they are necessary for the correct functioning of the site.
• Functional Cookies: these allow the User to navigate according to a series of selected criteria (e.g. language, products chosen etc), in order to improve the service provided;
• Analytical Cookies: these are used to collect information about use of the Website. The Data Controller uses such information for statistical analysis, to improve the Website and to simplify its use, as well as to monitor its correct functioning. This type of cookie collects anonymous information about Users’ activity on the Website, the ways in which they arrived at the Website and pages visited. Cookies in this category are sent by the Website itself or by third-party domains. Analytical cookies may be:
  • First-party analytical cookies: these are governed by the regulations for technical cookies when used directly by the owner of the Website without carrying out User profiling but solely to acquire anonymous aggregate information regarding the number of Users and the way in which they visit the Website for statistical purposes or to improve the Website;
  • Third-party analytical cookies: these are made available by third parties and are treated as technical cookies if the third parties do not carry out User profiling, by the use of instruments which reduce the identifying potential of cookies (e.g. by masking a considerable portion of the IP address) and do not cross-reference data collected with other data already held.

Technical cookies only require the issue of a Cookie Policy, with no requirement for consent. Disabling or deleting these cookies via the web browser settings may compromise optimum navigation of this Website.

• Profiling Cookies: these are used to monitor Users’ web browsing and create a profile of their habits:
  • First-party profiling cookies: these are installed by the Controller to create a User profile in order to send advertising messages in line with the preferences shown during web browsing. Since these cookies are particularly invasive of the User’s private sphere, current legislation requires the User to be provided with appropriate information regarding their use, and to give consent.
  • Third-party profiling cookies: these are used by third parties which access information openly – i.e. not in anonymous or aggregate form – and cross-reference it with other data already in their possession. This Website does not have direct control over individual third-party cookies. Users are therefore invited to check the cookie policy on the third party’s website.

Use of these cookies requires prior consent by the User.

This Website does not use Profiling Cookies.

INSTALLED COOKIES

Cookies used on this website are:

• technical and analytical cookiesnecessary for the functioning of the Website, for aggregated statistical analysis, to simplify and improve use of the Website and to save  navigation preferences and optimise the User’s experience;
• third-party cookieswhich may carry out User tracking and profiling even without the Controller’s knowledge. For more information, Users are advised to carefully read the privacy policies of the individual services listed below.

DURATION OF COOKIES

The duration of cookies is dictated by their expiry date or by a specific action such as closing the browser used when they were installed. Cookies may be:

• temporary or session: these are used to store temporary information and allow actions carried out during a specific session to be linked; they are removed by the computer when the browser is closed;
• persistent: these are used to archive information, for example username and password, so that the User does not have to enter these every time they visit a specific website. These cookies are memorised by the computer even after the browser is closed.

Users can change their preferences at any time.

DECLARATION OF CONSENT

For cookies that require consent, on the first visit to the Website the User is automatically shown a banner containing a link to this complete policy and a request for their consent to the use of cookies.

Consent may be changed or withdrawn at any time.

HOW TO DISABLE COOKIES

Users can manage their cookie preferences directly from their browser and prevent third parties from installing cookies.

Furthermore, using the browser settings it is possible to remove cookies installed in the past, including any cookies which may have saved the User’s consent to the installation of cookies by this Website. If all cookies are disabled, the function of this Website may be compromised.

Users can find information and exercise their right to object to tracking cookies in their browser at the following addresses:

• Internet Explorer: http://windows.microsoft.com/internet-explorer/delete-manage-cookies
• Google Chrome: https://support.google.com/chrome/answer/95647
• Mozilla Firefox: https://support.mozilla.org/kb/enable-and-disable-cookies-website-preferences
• Opera: https://www.opera.com/help/tutorials/security/privacy/
• Apple Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471

Users can also delete cookies by requesting an opt-out directly from third parties via the website http://www.youronlinechoices.com/, which allows them to manage tracking preferences from most advertising tools.

To manage settings for Flash cookies, click on the following link https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

 

Rights of the User

Users may exercise certain rights regarding Personal Data pertaining to them and processed by the Data Controller. Specifically, the User has the right to:

• withdraw consent at any time;
• object to the processing of their Personal Data;
• access their Data;
• verify and request correction;
• obtain a limitation on processing;
• obtain the deletion or removal of their Personal Data;
• receive their Personal Data or transfer it to another Data Controller;
• make a compliant to the Data Protection authority and/or take legal action.

To exercise their rights, Users should address their request to the addresses of the Data Controller indicated in this document. Requests are made free of charge and handled by the Data Controller as quickly as possible and in any case within a period not exceeding 30 days.