The General Data Protection Regulation (GDPR) is the European Regulation 2016/679 adopted on 27.04.2016 and effective from 25.05.2018 for all members of the European Union in order to improve the protection of individuals with regard to the processing of their personal data.
Definitions as mentioned in GDPR:
Ι) Definitions of article 4 :
Personal data means any information relating to an identified or identifiable natural person (‘data subject’), an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
Filing system means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
Main establishment means:
a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;
Representative means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to , represents the controller or processor with regard to their respective obligations under the Regulation;
Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
Group of undertakings means a controlling undertaking and its controlled undertakings;
Binding corporate rules means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;
Supervisory authority concerned means a supervisory authority which is concerned by the processing of personal data because:
a) the controller or processor is established on the territory of the Member State of that supervisory authority;
b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
c) a complaint has been lodged with that supervisory authority;
Cross-border processing means either: i) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or ii) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State
Relevant and reasoned objection means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;
International organisation means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.
ΙΙ) Subject of Personal Data : means every national or foreign person identified or identifiable to whom the information (personal data) relates and which contacts the Company for various reasons. These include Company’s employees and sole proprietorships. It does not include natural persons who represent legal entities in their relations with the Company
ΙΙΙ) Data Controller : means a natural or legal person, a public authority, a service or another body which, alone or jointly with others, defines the purposes and the manner in which personal data are processed.
ΙV) Data Protection Officer : means the person appointed by the Company with the responsibilities stated in GDPR
This privacy statement demonstrates our commitment to ensure your right to privacy is protected. This statement outlines our practices for handling personal information. We comply with the principles of the General Data Protection Regulation when dealing with all data received by visitors to the website, our online store at www.royalpunkproject.com and our customers.
It is understood that privacy shall be maintained. The same key principles governing standard transactions shall apply to e-commerce. All information transferred by the user/member to the Company is confidential and the Company has taken all necessary measures so that it is used to the extent necessary to provide services. The Company shall not disclose customer or transaction data, unless you have provided a written authorization or if such is mandated by a court order or a decision by any other public authority. In case where the Company uses third parties to support its systems, it shall make sure privacy is secured. You may request any data kept about you, as well as their correction in case you are able to establish the existence of an error. For your safety, you should also treat all information provided through the service as confidential and private and not proceed to their disclosure to third parties.
The Company acknowledges the significance of Your Personal Data Safety, as well as that of your online transactions and takes all necessary measures to ensure maximum security. All information related to personal data and transactions is safe and private. The Company’s e-shop safety is achieved as follows: A user ID is used to identify you, your email and your password, which, when entered, give you access to your personal data with absolute security.
You have the option to change your Password and E-mail whenever you wish. The only person having access to your data is you through these codes and you are solely responsible for maintain secrecy and privacy against third parties. In case of loss or leak, you should promptly notify us, otherwise the Company’s e-shop shall not be held liable for unauthorized use of the password. We recommend, for safety reasons, you regularly change your password and avoid using the same and easily detected codes (e.g. date of birth). In addition, we recommend that you use not only letters and numbers, but also symbols to create a password. Visa or PayPal card payment is a completely secure payment method for our customers. The Company shall never become aware of your card or account information. To pay the order, you shall be redirected to the ………….. Bank website or PayPal website accordingly without any contact in any case with data and details of your credit/debit card. This information shall be transferred by you using encrypted connection to ………………. Bank or PayPal through their safe transaction systems.
What we collect
The Company only collects data provided directly to us from visitors who have completed a Contact Form or have created an account :
When you complete a Contact form or create an account, we collect the following information:
· Your email address
· Your password
You do not need to have an account to see the products in our online store, however you can choose to create an account in order to use some of our services - the wishlist or make purchases.
If you want to buy products, you will also be asked for a mobile phone number and the shipping address of the products.
Finally, you can choose to share with us data such as your gender and age to help us export statistics to the audience we are targeting, and to be able to wish you Happy Birthday, most likely with a gift.
What we do with the information we gather
· We require this information to identify the user that registers on our website.
Links to other websites
Our website may contain links to websites of interest. If you use these links to leave our site, you should note that we do not have any controls over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites as they are not governed by this privacy statement.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Our Customer Data
What we collect
The Company only collects customer data provided directly to us. The personal data we hold on our system includes:
· Your first and surname
· Your company name and address
· Your email address
· Your telephone number
What we do with the information we gather
· We require your information to process your orders and manage your account
· If you agree, we will email you updates on our products and services which we think may be of interest to you. You can stop receiving our marketing information at any time
· From your account settings you can choose whether you want to receive our newsletters with new collections, offers and other promotions.
We are committed to ensuring that your personal information is secure. We have implemented physical, electronic and administrative procedures to ensure and protect the information we collect on and offline.
· We never sell, rent or exchange mailing lists containing your personal information to third parties without your consent or are required by law to do so.
· We only hold personal data for as long as necessary. Once data is no longer needed it is deleted from our files in line with legal requirements.
Third Party Partners
Personal Data processed by the Company are not disclosed or forwarded to third parties outside of the above frameworks of activity, its employees within their scope of competence and any other necessary under the law as well as to natural persons or companies providing services to the Company (including, but not limited to, accountants, agents, carriers, lawyers, IT services, insurers, legal services, tax, customs and other public services), who act on behalf of the Subjects of Personal Data and on the basis of the written instructions of the Company and may not use data to their benefit or disclose it to third parties. We only share data with partners that comply with the General Data Protection Regulation.
In particular, the personal data collected by the Company pursuant to Article 5 of the GDPR:
(a) shall be processed lawfully in a transparent manner in relation to the Subject of personal data ('legitimacy, objectivity and transparency'),
b) are collected for specific, explicit and legitimate purposes and are not further processed in a manner inconsistent with these purposes.
(c) are appropriate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimization"),
d) are accurate and, where necessary, updated and all reasonable measures are taken to immediately delete or correct the personal data which are inaccurate in relation to the purposes of the processing ("accuracy"),
(e) are retained in a form which permits the identification of the Subjects of personal data only for the time required for processing purposes.
(f) are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ('integrity and confidentiality').
Controlling your personal information
If you believe that any information we are holding on you is incorrect or incomplete, please contact us and we will correct any information found to be incorrect.
Rights of Subjects of Personal Data
i) Right of information
ii) Right of access
iii) Right of rectification
iv) Right to erasure (“right to be forgotten”)
v) Right to restriction of process
vi) Right to data portability
vii) Right to object
Protection of information
The Company protects the information it has and processes pursuant to the Regulation as regards:
(a) their integrity, ie the prevention of any deterioration, loss or destruction (b) their confidentiality, ie to prevent any leakage to unauthorized persons (c) their availability, ie the possibility of using and accessing them, where necessary, without barriers, while applying for their protection: (i) organizational measures; (ii) physical security measures; (iii) reasonable access security measures (iv) communication security measures; (v) operational safety measures; (vi) security of supply provisions. The company's website has SSL Security Certificate and the server of the company's website uses TLS and SSL encrypted protocols that provide absolute security in internet communication.
Violations of Personal Data & Cooperation with the Supervisory Authority
The Company applies defined procedures to identify and record events that compromise the confidentiality of Personal Data subjects. In particular, for Personal Data leak events, immediate notification to the Data Protection Authority is provided in accordance with Regulation 679/2016.
The continuous updating and awareness of the personnel of the Company regarding the protection of Personal Data is part of the training and briefing of the Company’s staff. The Company is responsible for evaluating and reviewing the performance of its procedures, policies and measures to protect personal data in order to continually improve its protection and security.
The Company for Risk Management in the Processing of Personal Data acts:
1. Detection and risk analysis
2. Risk assessment and treatment
3. Monitoring and control
It should be noted that in the context of risk management, a risk assessment of the basic objectives concerning the protection of personal data is carried out in terms of integrity, confidentiality and availability.
If you wish to delete your account please send us an e-mail at email@example.com