Privacy Policy (cont.) III

Greek Glass

Privacy Policy (cont.) III

1.               How We Protect Your Information

 

1.1            We store all the Data submitted by you through the Website at a secure database. Your payment processing information is collected by Stripe and shipping information is collected by Shipstation and Big Cartel on our behalf in order for us to provide the Website Services.

 

1.2            We are concerned with protecting your privacy and Data, but we cannot ensure or warrant the security of any Data you transmit or guarantee that your Data may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards.

 

1.3            No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Data, we cannot guarantee its absolute security. If you have any questions about security of the Website, you can contact us at [email protected].

 

1.4            Any Data supplied by you will be retained by us and will be accessible by our employees, any service providers engaged by us and third parties.

 

2.               Compliance with the GDPR

 

2.1            For users based in the EU, the Website shall make all reasonable efforts to ensure that it complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 of the EU regarding the collection, use, and retention of Data from the Users based in Member States of the EU. The Website shall make all reasonable efforts to adhere to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.

 

2.2            The Rights of Users: You may exercise certain rights regarding your Data processed by us. In particular, users based in the EU may do the following:

 

2.3            Right of confirmation: You shall have the right granted by the EU legislator to obtain from us the confirmation as to whether or not personal data concerning you are being processed.

 

2.4            Right of Access: You shall have the right granted by the EU legislator to obtain from us free information about your personal data stored at any time and a copy of this information. Furthermore, the EU directives and regulations grant you access to the following information:

 

2.4.1       the purposes of the processing;

 

2.4.2       the categories of personal data concerned;

 

2.4.3       the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

 

2.4.4       where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

 

2.4.5       the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

 

2.4.6       the existence of the right to lodge a complaint with a supervisory authority;

 

2.4.7       where the personal data are not collected from you, any available information as to its source;

 

2.4.8       the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and envisaged consequences of such processing for you.

 

2.5            Furthermore, you shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer.

 

2.6            Right to rectification: You shall have the right granted by the EU legislator to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

2.7            Right to erasure (Right to be forgotten): You shall have the right granted by the EU legislator to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies as long as the processing is not necessary:

 

2.7.1       The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

 

2.7.2       You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR and where there is no other legal ground for the processing.

 

2.7.3       You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21(2) of the GDPR.

 

2.7.4       The personal data have been unlawfully processed.

 

2.7.5       The personal data must be erased for compliance with a legal obligation in EU or a Member State law to which we are subject.

 

2.7.6       The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

 

2.7.7       Where we have made personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we, while taking account of available technology and the cost of implementation, shall take reasonable steps including technical measures to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. We will arrange the necessary measures in individual cases.

 

2.8            Right of restriction of processing: You shall have the right granted by the EU legislator to obtain from us restriction of processing where one of the following applies:

 

2.8.1       The accuracy of the personal data is contested by the data subject for a period enabling us to verify the accuracy of the personal data.

 

2.8.2       The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

 

2.8.3       We no longer need the personal data for the purposes of the processing but we are required by the data subject for the establishment, exercise or defence of legal claims.

 

2.8.4       You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override those of yours.

 

If one of the aforementioned conditions is met and you wish to request the restriction of the processing of personal data stored by us, you may at any time contact us.

 

2.9            Right to data portability: You shall have the right granted by the EU legislator to receive the personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format. You shall have the right to transmit those data to another data controller without hindrance from us to which the personal data have been provided as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Go to continued privacy policy